@socketsecurity/lib 6.0.9 → 6.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (335) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/README.md +8 -9
  3. package/dist/abort/signal.d.ts +1 -1
  4. package/dist/abort/signal.js +1 -1
  5. package/dist/ai/agent-context.d.mts +1 -1
  6. package/dist/ai/agent-context.js +3 -2
  7. package/dist/ai/backends.d.mts +3 -3
  8. package/dist/ai/backends.js +2 -2
  9. package/dist/ai/billing-context.d.mts +74 -0
  10. package/dist/ai/billing-context.js +129 -0
  11. package/dist/ai/credentials.d.mts +39 -5
  12. package/dist/ai/credentials.js +61 -6
  13. package/dist/ai/discover.d.mts +4 -0
  14. package/dist/ai/discover.js +4 -0
  15. package/dist/ai/exec.d.mts +1 -1
  16. package/dist/ai/exec.js +1 -1
  17. package/dist/ai/http.d.mts +8 -8
  18. package/dist/ai/http.js +6 -6
  19. package/dist/ai/profiles.d.mts +9 -10
  20. package/dist/ai/profiles.js +0 -5
  21. package/dist/ai/role.d.mts +58 -0
  22. package/dist/ai/role.js +96 -0
  23. package/dist/ai/route-heuristic.d.mts +177 -0
  24. package/dist/ai/route-heuristic.js +194 -0
  25. package/dist/ai/route.d.mts +10 -9
  26. package/dist/ai/route.js +14 -13
  27. package/dist/ai/spawn.d.mts +2 -1
  28. package/dist/ai/spawn.js +25 -2
  29. package/dist/ai/subagent-status.d.mts +2 -0
  30. package/dist/ai/subagent-status.js +2 -0
  31. package/dist/ai/tier.d.mts +1 -1
  32. package/dist/ai/types.d.mts +9 -2
  33. package/dist/ai/worktree.d.mts +1 -1
  34. package/dist/ai/worktree.js +3 -2
  35. package/dist/argv/parse.d.ts +2 -0
  36. package/dist/argv/parse.js +2 -0
  37. package/dist/bin/_internal.d.ts +1 -1
  38. package/dist/bin/_internal.js +1 -1
  39. package/dist/bin/prim.cjs +446 -300
  40. package/dist/bin/shadow.js +2 -1
  41. package/dist/bin/which.d.ts +28 -3
  42. package/dist/bin/which.js +45 -3
  43. package/dist/cacache/_internal.d.ts +10 -2
  44. package/dist/cacache/_internal.js +6 -10
  45. package/dist/cache/ttl/_internal.d.ts +33 -0
  46. package/dist/cache/ttl/_internal.js +68 -0
  47. package/dist/cache/ttl/browser.d.ts +56 -0
  48. package/dist/cache/ttl/browser.js +257 -0
  49. package/dist/cache/ttl/store.js +10 -33
  50. package/dist/cache/ttl/types.d.ts +46 -3
  51. package/dist/checks/primordials-defaults.d.ts +5 -5
  52. package/dist/checks/primordials-defaults.js +5 -5
  53. package/dist/checks/primordials.d.ts +1 -1
  54. package/dist/checks/primordials.js +25 -17
  55. package/dist/cli/check-primordials.d.ts +6 -1
  56. package/dist/cli/check-primordials.js +14 -5
  57. package/dist/cli/check.js +1 -1
  58. package/dist/cli/socket-lib.d.ts +1 -1
  59. package/dist/cli/socket-lib.js +3 -3
  60. package/dist/colors/socket-palette.d.ts +1 -1
  61. package/dist/compression/brotli.d.ts +6 -2
  62. package/dist/compression/brotli.js +4 -0
  63. package/dist/compression/gzip.d.ts +6 -2
  64. package/dist/compression/gzip.js +6 -1
  65. package/dist/config/layers.d.ts +4 -4
  66. package/dist/config/layers.js +4 -4
  67. package/dist/constants/agents.d.ts +3 -0
  68. package/dist/constants/agents.js +3 -0
  69. package/dist/constants/node.d.ts +14 -0
  70. package/dist/constants/node.js +14 -0
  71. package/dist/constants/package-default-node-range.js +1 -5
  72. package/dist/constants/packages.d.ts +5 -0
  73. package/dist/constants/packages.js +5 -0
  74. package/dist/constants/platform.d.ts +1 -1
  75. package/dist/constants/platform.js +1 -1
  76. package/dist/constants/socket.js +1 -1
  77. package/dist/constants/typescript.d.ts +5 -0
  78. package/dist/constants/typescript.js +5 -0
  79. package/dist/debug/_internal.d.ts +22 -7
  80. package/dist/debug/_internal.js +33 -15
  81. package/dist/debug/namespace.js +11 -8
  82. package/dist/debug/output.d.ts +12 -1
  83. package/dist/debug/output.js +33 -16
  84. package/dist/dlx/binary-resolution.js +7 -4
  85. package/dist/eco/npm/npm/parse-lockfile.js +2 -1
  86. package/dist/eco/npm/vlt/exec.d.ts +1 -1
  87. package/dist/eco/npm/vlt/exec.js +1 -1
  88. package/dist/env/agents.d.ts +6 -0
  89. package/dist/env/agents.js +29 -0
  90. package/dist/env/flags.d.ts +12 -0
  91. package/dist/env/flags.js +23 -0
  92. package/dist/env/github-status.js +2 -2
  93. package/dist/env/providers.d.ts +6 -0
  94. package/dist/env/providers.js +23 -0
  95. package/dist/env/proxy.js +1 -1
  96. package/dist/env/rewire.d.ts +32 -0
  97. package/dist/env/rewire.js +55 -23
  98. package/dist/env/runtimes.d.ts +9 -0
  99. package/dist/env/runtimes.js +53 -0
  100. package/dist/env/socket-cli.d.ts +5 -2
  101. package/dist/env/socket-cli.js +6 -3
  102. package/dist/errors/predicates.d.ts +3 -2
  103. package/dist/errors/predicates.js +5 -3
  104. package/dist/errors/stack.js +2 -1
  105. package/dist/events/exit/_internal.d.ts +1 -23
  106. package/dist/external/@npmcli/package-json.js +179 -88
  107. package/dist/external/@npmcli/promise-spawn.js +2 -2
  108. package/dist/external/@sinclair/typebox/value.js +5 -4
  109. package/dist/external/@socketregistry/yocto-spinner.js +3 -3
  110. package/dist/external/adm-zip.d.ts +82 -0
  111. package/dist/external/adm-zip.js +2 -2
  112. package/dist/external/cacache.d.ts +87 -0
  113. package/dist/external/debug.d.ts +22 -0
  114. package/dist/external/debug.js +11 -4
  115. package/dist/external/del.d.ts +1 -0
  116. package/dist/external/external-pack.d.ts +12 -0
  117. package/dist/external/external-pack.js +41 -34
  118. package/dist/external/fast-glob.d.ts +8 -0
  119. package/dist/external/fast-sort.d.ts +1 -0
  120. package/dist/external/get-east-asian-width.d.ts +5 -0
  121. package/dist/external/get-east-asian-width.js +8 -1
  122. package/dist/external/has-flag.d.ts +1 -0
  123. package/dist/external/inquirer-pack.d.ts +18 -0
  124. package/dist/external/libnpmexec.d.ts +35 -0
  125. package/dist/external/libnpmpack.d.ts +1 -0
  126. package/dist/external/make-fetch-happen.d.ts +13 -0
  127. package/dist/external/normalize-package-data.d.ts +4 -0
  128. package/dist/external/npm-core.d.ts +14 -0
  129. package/dist/external/npm-pack.d.ts +24 -0
  130. package/dist/external/npm-pack.js +1551 -1867
  131. package/dist/external/npm-package-arg.d.ts +4 -0
  132. package/dist/external/p-map.js +8 -1
  133. package/dist/external/pacote.d.ts +15 -0
  134. package/dist/external/pico-pack.d.ts +16 -0
  135. package/dist/external/pico-pack.js +38 -23
  136. package/dist/external/picomatch.d.ts +96 -0
  137. package/dist/external/pony-cause.d.ts +14 -0
  138. package/dist/external/semver.d.ts +60 -0
  139. package/dist/external/semver.js +1459 -4
  140. package/dist/external/shell-quote.d.ts +51 -0
  141. package/dist/external/shell-quote.js +55 -15
  142. package/dist/external/signal-exit.d.ts +1 -0
  143. package/dist/external/spdx-correct.d.ts +4 -0
  144. package/dist/external/spdx-expression-parse.d.ts +4 -0
  145. package/dist/external/spdx-pack.d.ts +10 -0
  146. package/dist/external/std-env.d.ts +284 -0
  147. package/dist/external/std-env.js +323 -0
  148. package/dist/external/streaming-iterables.d.ts +11 -0
  149. package/dist/external/supports-color.d.ts +1 -0
  150. package/dist/external/tar-fs.d.ts +31 -0
  151. package/dist/external/validate-npm-package-name.d.ts +4 -0
  152. package/dist/external/which.d.ts +25 -0
  153. package/dist/external/which.js +2 -2
  154. package/dist/external/yargs-parser.d.ts +2 -0
  155. package/dist/external/yargs-parser.js +11 -3
  156. package/dist/external/yoctocolors-cjs.d.ts +51 -0
  157. package/dist/external-tools/bazel/asset-names.d.ts +1 -1
  158. package/dist/external-tools/bazel/from-download.d.ts +1 -1
  159. package/dist/external-tools/bazel/resolve.d.ts +3 -0
  160. package/dist/external-tools/bazel/resolve.js +3 -0
  161. package/dist/external-tools/cdxgen/asset-names.d.ts +5 -5
  162. package/dist/external-tools/cdxgen/asset-names.js +3 -3
  163. package/dist/external-tools/cdxgen/from-download.d.ts +2 -2
  164. package/dist/external-tools/cdxgen/from-download.js +1 -1
  165. package/dist/external-tools/cdxgen/resolve.d.ts +4 -1
  166. package/dist/external-tools/cdxgen/resolve.js +4 -1
  167. package/dist/external-tools/cdxgen/types.d.ts +1 -1
  168. package/dist/external-tools/from-download.d.ts +2 -2
  169. package/dist/external-tools/from-download.js +1 -1
  170. package/dist/external-tools/janus/asset-names.d.ts +4 -1
  171. package/dist/external-tools/janus/asset-names.js +3 -0
  172. package/dist/external-tools/janus/from-download.d.ts +3 -3
  173. package/dist/external-tools/janus/from-download.js +2 -2
  174. package/dist/external-tools/janus/resolve.d.ts +3 -0
  175. package/dist/external-tools/janus/resolve.js +3 -0
  176. package/dist/external-tools/jre/asset-names.d.ts +3 -1
  177. package/dist/external-tools/jre/asset-names.js +2 -0
  178. package/dist/external-tools/jre/from-download.d.ts +1 -1
  179. package/dist/external-tools/manifest.d.ts +5 -3
  180. package/dist/external-tools/manifest.js +4 -2
  181. package/dist/external-tools/opengrep/asset-names.d.ts +1 -1
  182. package/dist/external-tools/opengrep/resolve.d.ts +3 -0
  183. package/dist/external-tools/opengrep/resolve.js +3 -0
  184. package/dist/external-tools/python/asset-names.d.ts +3 -1
  185. package/dist/external-tools/python/asset-names.js +7 -3
  186. package/dist/external-tools/python/pin.js +3 -1
  187. package/dist/external-tools/python/resolve.d.ts +3 -0
  188. package/dist/external-tools/python/resolve.js +3 -0
  189. package/dist/external-tools/sbt/resolve.d.ts +3 -0
  190. package/dist/external-tools/sbt/resolve.js +3 -0
  191. package/dist/external-tools/skillspector/from-uv.d.ts +1 -1
  192. package/dist/external-tools/synp/resolve.d.ts +3 -0
  193. package/dist/external-tools/synp/resolve.js +3 -0
  194. package/dist/external-tools/trivy/asset-names.d.ts +1 -1
  195. package/dist/external-tools/trivy/resolve.d.ts +3 -0
  196. package/dist/external-tools/trivy/resolve.js +3 -0
  197. package/dist/external-tools/trufflehog/asset-names.d.ts +4 -1
  198. package/dist/external-tools/trufflehog/asset-names.js +3 -0
  199. package/dist/external-tools/trufflehog/from-download.d.ts +1 -1
  200. package/dist/external-tools/trufflehog/resolve.d.ts +3 -0
  201. package/dist/external-tools/trufflehog/resolve.js +3 -0
  202. package/dist/external-tools/uv/asset-names.d.ts +1 -1
  203. package/dist/external-tools/uv/resolve.d.ts +3 -0
  204. package/dist/external-tools/uv/resolve.js +3 -0
  205. package/dist/fleet/repo-config.d.ts +8 -6
  206. package/dist/fleet/repo-config.js +8 -6
  207. package/dist/fs/_internal.d.ts +1 -1
  208. package/dist/fs/_internal.js +1 -1
  209. package/dist/fs/access.d.ts +2 -0
  210. package/dist/fs/access.js +2 -0
  211. package/dist/fs/allowed-dirs-cache.js +5 -3
  212. package/dist/fs/find.js +1 -2
  213. package/dist/fs/inspect.d.ts +2 -2
  214. package/dist/fs/read-file.js +3 -4
  215. package/dist/fs/safe.js +1 -1
  216. package/dist/git/_internal.js +5 -1
  217. package/dist/github/commit.d.ts +92 -0
  218. package/dist/github/commit.js +113 -0
  219. package/dist/github/ghsa.js +1 -1
  220. package/dist/github/refs-graphql.js +1 -1
  221. package/dist/github/request.js +1 -1
  222. package/dist/github/token.d.ts +5 -2
  223. package/dist/github/token.js +6 -4
  224. package/dist/github/workflow-runs.d.ts +107 -0
  225. package/dist/github/workflow-runs.js +98 -0
  226. package/dist/http-request/_internal.d.ts +1 -1
  227. package/dist/http-request/browser.d.ts +6 -0
  228. package/dist/http-request/browser.js +3 -2
  229. package/dist/http-request/download.js +2 -0
  230. package/dist/http-request/headers.d.ts +1 -1
  231. package/dist/http-request/headers.js +1 -1
  232. package/dist/http-request/request-attempt.js +6 -3
  233. package/dist/http-request/request-types.d.ts +10 -1
  234. package/dist/http-request/request.js +2 -2
  235. package/dist/http-request/user-agent.d.ts +23 -2
  236. package/dist/http-request/user-agent.js +48 -6
  237. package/dist/integrity.d.ts +3 -1
  238. package/dist/integrity.js +3 -1
  239. package/dist/json/format.js +4 -1
  240. package/dist/logger/_internal.d.ts +13 -15
  241. package/dist/logger/_internal.js +21 -21
  242. package/dist/logger/colors.d.ts +9 -3
  243. package/dist/logger/colors.js +6 -13
  244. package/dist/logger/console-methods.js +2 -2
  245. package/dist/logger/console.d.ts +1 -0
  246. package/dist/logger/console.js +9 -9
  247. package/dist/logger/node.js +2 -1
  248. package/dist/native-messaging/install.js +1 -1
  249. package/dist/native-messaging/rate-limit.d.ts +4 -1
  250. package/dist/native-messaging/rate-limit.js +4 -1
  251. package/dist/node/events.d.ts +3 -0
  252. package/dist/node/events.js +3 -0
  253. package/dist/node/fs.d.ts +1 -1
  254. package/dist/node/timers-promises.d.ts +3 -0
  255. package/dist/node/timers-promises.js +3 -0
  256. package/dist/node/url.d.ts +3 -0
  257. package/dist/node/url.js +3 -0
  258. package/dist/npm/meta-cache.d.ts +183 -0
  259. package/dist/npm/meta-cache.js +318 -0
  260. package/dist/npm/meta-slice.d.ts +27 -0
  261. package/dist/npm/meta-slice.js +68 -0
  262. package/dist/npm/meta-types.d.ts +282 -0
  263. package/dist/npm/meta-types.js +2 -0
  264. package/dist/npm/meta.d.ts +125 -0
  265. package/dist/npm/meta.js +347 -0
  266. package/dist/npm/registry.d.ts +212 -0
  267. package/dist/npm/registry.js +284 -0
  268. package/dist/objects/getters.d.ts +1 -1
  269. package/dist/objects/getters.js +1 -1
  270. package/dist/packages/manifest.js +6 -7
  271. package/dist/packages/metadata-extensions.js +2 -4
  272. package/dist/packages/provenance.d.ts +8 -0
  273. package/dist/packages/provenance.js +8 -0
  274. package/dist/packages/tarball.js +1 -2
  275. package/dist/packages/validation.d.ts +0 -10
  276. package/dist/packages/validation.js +0 -14
  277. package/dist/paths/exts.d.ts +30 -0
  278. package/dist/paths/exts.js +30 -0
  279. package/dist/paths/filenames.d.ts +6 -0
  280. package/dist/paths/filenames.js +6 -0
  281. package/dist/paths/globs.d.ts +6 -0
  282. package/dist/paths/globs.js +6 -0
  283. package/dist/paths/resolve.js +19 -14
  284. package/dist/paths/socket.d.ts +8 -8
  285. package/dist/paths/socket.js +8 -8
  286. package/dist/perf/report.js +4 -2
  287. package/dist/pkg-ext/data.js +0 -2
  288. package/dist/primordials/globals.d.ts +1 -1
  289. package/dist/primordials/globals.js +1 -1
  290. package/dist/primordials/headers.d.ts +13 -1
  291. package/dist/primordials/headers.js +13 -1
  292. package/dist/primordials/process.d.ts +1 -1
  293. package/dist/primordials/process.js +1 -1
  294. package/dist/primordials/url.d.ts +18 -0
  295. package/dist/primordials/url.js +18 -0
  296. package/dist/process/spawn/child.js +3 -5
  297. package/dist/promises/_internal.d.ts +1 -1
  298. package/dist/promises/_internal.js +1 -2
  299. package/dist/promises/options.js +3 -3
  300. package/dist/releases/socket-btm-binary-naming.js +12 -1
  301. package/dist/secrets/_internal.d.ts +1 -1
  302. package/dist/secrets/_internal.js +1 -1
  303. package/dist/secrets/find.d.ts +2 -2
  304. package/dist/secrets/find.js +2 -2
  305. package/dist/secrets/keychain.d.ts +10 -1
  306. package/dist/secrets/keychain.js +10 -1
  307. package/dist/secrets/socket-api-token.d.ts +1 -1
  308. package/dist/secrets/socket-api-token.js +1 -1
  309. package/dist/secrets/types.d.ts +1 -1
  310. package/dist/smol/http.d.ts +2 -0
  311. package/dist/smol/http.js +2 -0
  312. package/dist/smol/https.d.ts +2 -0
  313. package/dist/smol/https.js +2 -0
  314. package/dist/sorts/_internal.d.ts +2 -3
  315. package/dist/sorts/_internal.js +1 -3
  316. package/dist/spinner/format.js +2 -4
  317. package/dist/stdio/footer.js +8 -7
  318. package/dist/stdio/prompts.d.ts +8 -15
  319. package/dist/stdio/prompts.js +18 -29
  320. package/dist/strings/predicates.d.ts +2 -2
  321. package/dist/strings/search.js +1 -1
  322. package/dist/strings/types.d.ts +4 -0
  323. package/dist/strings/width.d.ts +1 -0
  324. package/dist/strings/width.js +17 -8
  325. package/dist/themes/context.d.ts +13 -0
  326. package/dist/themes/context.js +23 -8
  327. package/dist/versions/_internal.d.ts +43 -13
  328. package/dist/versions/_internal.js +27 -15
  329. package/dist/versions/compare.d.ts +16 -10
  330. package/dist/versions/compare.js +36 -16
  331. package/dist/versions/parse.js +1 -1
  332. package/dist/versions/range.js +3 -2
  333. package/dist/words/pluralize.js +4 -1
  334. package/llms.txt +63 -750
  335. package/package.json +200 -35
package/dist/fs/find.js CHANGED
@@ -20,7 +20,6 @@ node_process = require_runtime.__toESM(node_process);
20
20
  * visiting root itself, so a match at e.g. `/.foo` was never found. The
21
21
  * current shape visits root, then breaks.
22
22
  */
23
- const abortSignal = require_process_abort.getAbortSignal();
24
23
  /**
25
24
  * Find a file or directory by traversing up parent directories. Searches from
26
25
  * the starting directory upward to the filesystem root. Useful for finding
@@ -44,7 +43,7 @@ const abortSignal = require_process_abort.getAbortSignal();
44
43
  * @returns Normalized absolute path if found, undefined otherwise
45
44
  */
46
45
  async function findUp(name, options) {
47
- const { cwd = node_process.default.cwd(), signal = abortSignal } = {
46
+ const { cwd = node_process.default.cwd(), signal = require_process_abort.getAbortSignal() } = {
48
47
  __proto__: null,
49
48
  ...options
50
49
  };
@@ -94,7 +94,7 @@ export declare function isSymlinkSync(filepath: PathLike): boolean;
94
94
  *
95
95
  * @returns Promise resolving to Stats object, or undefined on error
96
96
  */
97
- export declare function safeStat(filepath: PathLike): Promise<import("fs").Stats | undefined>;
97
+ export declare function safeStat(filepath: PathLike): Promise<import("node:fs").Stats | undefined>;
98
98
  /**
99
99
  * Safely get file stats synchronously, returning undefined on error. Useful for
100
100
  * checking file existence and properties without error handling. Returns
@@ -114,4 +114,4 @@ export declare function safeStat(filepath: PathLike): Promise<import("fs").Stats
114
114
  *
115
115
  * @returns Stats object, or undefined on error
116
116
  */
117
- export declare function safeStatSync(filepath: PathLike): import("fs").BigIntStats | import("fs").Stats | undefined;
117
+ export declare function safeStatSync(filepath: PathLike): import("node:fs").BigIntStats | import("node:fs").Stats | undefined;
@@ -15,7 +15,6 @@ const require_fs_encoding = require('./encoding.js');
15
15
  * the default and any string encoding return a string. The runtime fast-path
16
16
  * normalizes encoding once and forwards untouched options to `node:fs`.
17
17
  */
18
- const abortSignal = require_process_abort.getAbortSignal();
19
18
  /**
20
19
  * Read a file as binary data asynchronously. Returns a Buffer without encoding
21
20
  * the contents. Useful for reading images, archives, or other binary formats.
@@ -37,7 +36,7 @@ const abortSignal = require_process_abort.getAbortSignal();
37
36
  async function readFileBinary(filepath, options) {
38
37
  const opts = typeof options === "string" ? { encoding: options } : options;
39
38
  return await require_node_fs.getNodeFs().promises.readFile(filepath, {
40
- signal: abortSignal,
39
+ signal: require_process_abort.getAbortSignal(),
41
40
  ...opts,
42
41
  encoding: void 0
43
42
  });
@@ -88,7 +87,7 @@ function readFileBinarySync(filepath, options) {
88
87
  async function readFileUtf8(filepath, options) {
89
88
  const opts = typeof options === "string" ? { encoding: options } : options;
90
89
  return await require_node_fs.getNodeFs().promises.readFile(filepath, {
91
- signal: abortSignal,
90
+ signal: require_process_abort.getAbortSignal(),
92
91
  ...opts,
93
92
  encoding: "utf8"
94
93
  });
@@ -138,7 +137,7 @@ async function safeReadFile(filepath, options) {
138
137
  try {
139
138
  return await fs.promises.readFile(filepath, {
140
139
  __proto__: null,
141
- signal: abortSignal,
140
+ signal: require_process_abort.getAbortSignal(),
142
141
  ...readOpts,
143
142
  encoding
144
143
  });
package/dist/fs/safe.js CHANGED
@@ -184,7 +184,7 @@ function safeDeleteSync(filepath, options) {
184
184
  lastError = e;
185
185
  if (attempt < maxRetries) {
186
186
  const waitMs = delay;
187
- require_primordials_array.AtomicsWait(new require_primordials_array.Int32ArrayCtor(new require_primordials_globals.SharedArrayBufferCtor(4)), 0, 0, waitMs);
187
+ if (require_primordials_globals.SharedArrayBufferCtor !== void 0) require_primordials_array.AtomicsWait(new require_primordials_array.Int32ArrayCtor(new require_primordials_globals.SharedArrayBufferCtor(4)), 0, 0, waitMs);
188
188
  delay *= 2;
189
189
  }
190
190
  }
@@ -251,7 +251,11 @@ function stableKey(value) {
251
251
  return require_primordials_json.JSONStringify(value, (_key, val) => {
252
252
  if (val && typeof val === "object" && !require_primordials_array.ArrayIsArray(val)) {
253
253
  const sorted = {};
254
- for (const k of require_primordials_object.ObjectKeys(val).toSorted()) sorted[k] = val[k];
254
+ const sortedKeys = require_primordials_object.ObjectKeys(val).toSorted();
255
+ for (let i = 0, { length } = sortedKeys; i < length; i += 1) {
256
+ const k = sortedKeys[i];
257
+ sorted[k] = val[k];
258
+ }
255
259
  return sorted;
256
260
  }
257
261
  return val;
@@ -0,0 +1,92 @@
1
+ /**
2
+ * @file Create a SIGNED commit on a branch via the GitHub git-objects API
3
+ * (blob -> tree -> commit -> ref PATCH). Commits created through the API are
4
+ * web-flow-verified ("Verified" / signed) without a local GPG or SSH signing
5
+ * key — the only way CI can land a commit on a branch whose protection
6
+ * requires signed commits. Built on `github/request` (`fetchGitHub`) and the
7
+ * `github/token` resolver for auth/retry/error consistency.
8
+ */
9
+ /**
10
+ * A single file to include in the signed commit.
11
+ */
12
+ export interface CommitFile {
13
+ /**
14
+ * UTF-8 text contents to write at `path`.
15
+ */
16
+ readonly content: string;
17
+ /**
18
+ * Repo-relative path, POSIX separators (e.g. 'package.json').
19
+ */
20
+ readonly path: string;
21
+ }
22
+ /**
23
+ * Options for `createSignedCommit`.
24
+ */
25
+ export interface CreateSignedCommitOptions {
26
+ /**
27
+ * Override the API origin (GitHub Enterprise or tests). Defaults to
28
+ * https://api.github.com.
29
+ */
30
+ readonly apiUrl?: string | undefined;
31
+ /**
32
+ * SHA of the tree to layer the new files onto (usually `HEAD^{tree}`).
33
+ */
34
+ readonly baseTreeSha: string;
35
+ /**
36
+ * Branch to advance (e.g. 'main').
37
+ */
38
+ readonly branch: string;
39
+ /**
40
+ * Files to write in the commit.
41
+ */
42
+ readonly files: readonly CommitFile[];
43
+ /**
44
+ * Commit message.
45
+ */
46
+ readonly message: string;
47
+ /**
48
+ * Parent commit SHA (usually `HEAD`).
49
+ */
50
+ readonly parentSha: string;
51
+ /**
52
+ * Repo in "owner/name" form.
53
+ */
54
+ readonly repo: string;
55
+ /**
56
+ * GitHub token. Falls back to env / git config via `getGitHubToken()`.
57
+ */
58
+ readonly token?: string | undefined;
59
+ }
60
+ export declare function buildHeaders(token: string): Record<string, string>;
61
+ /**
62
+ * Create a signed commit on a branch via the GitHub git-objects API (blob ->
63
+ * tree -> commit -> ref PATCH). Returns the new commit SHA. Commits created
64
+ * through the API are web-flow-verified ("Verified") without a local signing
65
+ * key — the only way CI can land signed commits on protected branches.
66
+ *
67
+ * @example
68
+ * ;```ts
69
+ * const sha = await createSignedCommit({
70
+ * repo: 'owner/repo',
71
+ * branch: 'main',
72
+ * parentSha: 'abc123',
73
+ * baseTreeSha: 'def456',
74
+ * message: 'chore: bump version to 1.2.0',
75
+ * files: [
76
+ * { path: 'package.json', content: '{"version":"1.2.0"}' },
77
+ * { path: 'CHANGELOG.md', content: '# Changelog\n' },
78
+ * ],
79
+ * token: process.env['GITHUB_TOKEN'],
80
+ * })
81
+ * ```
82
+ *
83
+ * @param options - Commit options including repo, branch, parent SHA, base tree
84
+ * SHA, files, message, and optional token/API URL override.
85
+ *
86
+ * @returns The new (verified) commit SHA.
87
+ *
88
+ * @throws {Error} When any GitHub git-objects API call fails.
89
+ */
90
+ export declare function createSignedCommit(options: CreateSignedCommitOptions): Promise<string>;
91
+ export declare function patch(url: string, headers: Record<string, string>, body: unknown): Promise<void>;
92
+ export declare function post<T>(url: string, headers: Record<string, string>, body: unknown): Promise<T>;
@@ -0,0 +1,113 @@
1
+ "use strict";
2
+ /* Socket Lib - Built with rolldown */
3
+ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
4
+ const require_primordials_json = require('../primordials/json.js');
5
+ const require_http_request_request = require('../http-request/request.js');
6
+ const require_github_token = require('./token.js');
7
+ const require_github_constants = require('./constants.js');
8
+
9
+ //#region src/github/commit.ts
10
+ /**
11
+ * @file Create a SIGNED commit on a branch via the GitHub git-objects API
12
+ * (blob -> tree -> commit -> ref PATCH). Commits created through the API are
13
+ * web-flow-verified ("Verified" / signed) without a local GPG or SSH signing
14
+ * key — the only way CI can land a commit on a branch whose protection
15
+ * requires signed commits. Built on `github/request` (`fetchGitHub`) and the
16
+ * `github/token` resolver for auth/retry/error consistency.
17
+ */
18
+ function buildHeaders(token) {
19
+ return {
20
+ accept: "application/vnd.github+json",
21
+ authorization: `Bearer ${token}`,
22
+ "content-type": "application/json",
23
+ "x-github-api-version": "2022-11-28"
24
+ };
25
+ }
26
+ /**
27
+ * Create a signed commit on a branch via the GitHub git-objects API (blob ->
28
+ * tree -> commit -> ref PATCH). Returns the new commit SHA. Commits created
29
+ * through the API are web-flow-verified ("Verified") without a local signing
30
+ * key — the only way CI can land signed commits on protected branches.
31
+ *
32
+ * @example
33
+ * ;```ts
34
+ * const sha = await createSignedCommit({
35
+ * repo: 'owner/repo',
36
+ * branch: 'main',
37
+ * parentSha: 'abc123',
38
+ * baseTreeSha: 'def456',
39
+ * message: 'chore: bump version to 1.2.0',
40
+ * files: [
41
+ * { path: 'package.json', content: '{"version":"1.2.0"}' },
42
+ * { path: 'CHANGELOG.md', content: '# Changelog\n' },
43
+ * ],
44
+ * token: process.env['GITHUB_TOKEN'],
45
+ * })
46
+ * ```
47
+ *
48
+ * @param options - Commit options including repo, branch, parent SHA, base tree
49
+ * SHA, files, message, and optional token/API URL override.
50
+ *
51
+ * @returns The new (verified) commit SHA.
52
+ *
53
+ * @throws {Error} When any GitHub git-objects API call fails.
54
+ */
55
+ async function createSignedCommit(options) {
56
+ const opts = {
57
+ __proto__: null,
58
+ ...options
59
+ };
60
+ const token = opts.token ?? require_github_token.getGitHubToken() ?? "";
61
+ const git = `${opts.apiUrl ?? "https://api.github.com"}/repos/${opts.repo}/git`;
62
+ const headers = buildHeaders(token);
63
+ const treeEntries = [];
64
+ for (let i = 0, { length } = opts.files; i < length; i += 1) {
65
+ const file = opts.files[i];
66
+ const blob = await post(`${git}/blobs`, headers, {
67
+ content: Buffer.from(file.content, "utf8").toString("base64"),
68
+ encoding: "base64"
69
+ });
70
+ treeEntries.push({
71
+ mode: "100644",
72
+ path: file.path,
73
+ sha: blob.sha,
74
+ type: "blob"
75
+ });
76
+ }
77
+ const newTree = await post(`${git}/trees`, headers, {
78
+ base_tree: opts.baseTreeSha,
79
+ tree: treeEntries
80
+ });
81
+ const commit = await post(`${git}/commits`, headers, {
82
+ message: opts.message,
83
+ parents: [opts.parentSha],
84
+ tree: newTree.sha
85
+ });
86
+ await patch(`${git}/refs/heads/${opts.branch}`, headers, { sha: commit.sha });
87
+ return commit.sha;
88
+ }
89
+ async function patch(url, headers, body) {
90
+ const response = await require_http_request_request.httpRequest(url, {
91
+ body: require_primordials_json.JSONStringify(body),
92
+ headers,
93
+ method: "PATCH",
94
+ timeout: 3e4
95
+ });
96
+ if (!response.ok) throw new Error(`GitHub API PATCH ${url} failed — status ${response.status}: ${response.statusText}`);
97
+ }
98
+ async function post(url, headers, body) {
99
+ const response = await require_http_request_request.httpRequest(url, {
100
+ body: require_primordials_json.JSONStringify(body),
101
+ headers,
102
+ method: "POST",
103
+ timeout: 3e4
104
+ });
105
+ if (!response.ok) throw new Error(`GitHub API POST ${url} failed — status ${response.status}: ${response.statusText}`);
106
+ return response.json();
107
+ }
108
+
109
+ //#endregion
110
+ exports.buildHeaders = buildHeaders;
111
+ exports.createSignedCommit = createSignedCommit;
112
+ exports.patch = patch;
113
+ exports.post = post;
@@ -5,9 +5,9 @@ const require_runtime = require('../_virtual/_rolldown/runtime.js');
5
5
  const require_primordials_error = require('../primordials/error.js');
6
6
  const require_primordials_json = require('../primordials/json.js');
7
7
  const require_http_request_request = require('../http-request/request.js');
8
+ const require_github_token = require('./token.js');
8
9
  const require_github_constants = require('./constants.js');
9
10
  const require_github_errors = require('./errors.js');
10
- const require_github_token = require('./token.js');
11
11
  const require_github_request = require('./request.js');
12
12
  const require_github_refs_cache = require('./refs-cache.js');
13
13
  let node_process = require("node:process");
@@ -3,8 +3,8 @@
3
3
  Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
4
4
  const require_primordials_json = require('../primordials/json.js');
5
5
  const require_http_request_request = require('../http-request/request.js');
6
- const require_github_constants = require('./constants.js');
7
6
  const require_github_token = require('./token.js');
7
+ const require_github_constants = require('./constants.js');
8
8
 
9
9
  //#region src/github/refs-graphql.ts
10
10
  /**
@@ -7,8 +7,8 @@ const require_primordials_json = require('../primordials/json.js');
7
7
  const require_errors_message = require('../errors/message.js');
8
8
  const require_http_request_request = require('../http-request/request.js');
9
9
  const require_env_github_status = require('../env/github-status.js');
10
- const require_github_errors = require('./errors.js');
11
10
  const require_github_token = require('./token.js');
11
+ const require_github_errors = require('./errors.js');
12
12
 
13
13
  //#region src/github/request.ts
14
14
  /**
@@ -14,7 +14,10 @@ import type { SpawnOptions } from '../process/spawn/types';
14
14
  *
15
15
  * 1. `GITHUB_TOKEN` - Standard GitHub token variable
16
16
  * 2. `GH_TOKEN` - Alternative GitHub CLI token variable
17
- * 3. `SOCKET_CLI_GITHUB_TOKEN` - Socket-specific token variable
17
+ *
18
+ * The Socket-CLI-specific `SOCKET_CLI_GITHUB_TOKEN` is intentionally NOT read
19
+ * here — that variable is the CLI's concern (`getSocketCliGithubToken`), so
20
+ * this generic resolver stays limited to the standard GitHub token names.
18
21
  *
19
22
  * @example
20
23
  * ;```ts
@@ -60,7 +63,7 @@ export declare function getGitHubTokenFromGitConfig(options?: SpawnOptions | und
60
63
  *
61
64
  * Priority order:
62
65
  *
63
- * 1. Environment variables (GITHUB_TOKEN, GH_TOKEN, SOCKET_CLI_GITHUB_TOKEN)
66
+ * 1. Environment variables (GITHUB_TOKEN, GH_TOKEN)
64
67
  * 2. Git config (github.token)
65
68
  *
66
69
  * @example
@@ -3,7 +3,6 @@
3
3
  Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
4
4
  const require_process_spawn_child = require('../process/spawn/child.js');
5
5
  const require_env_github = require('../env/github.js');
6
- const require_env_socket_cli = require('../env/socket-cli.js');
7
6
 
8
7
  //#region src/github/token.ts
9
8
  /**
@@ -21,7 +20,10 @@ const require_env_socket_cli = require('../env/socket-cli.js');
21
20
  *
22
21
  * 1. `GITHUB_TOKEN` - Standard GitHub token variable
23
22
  * 2. `GH_TOKEN` - Alternative GitHub CLI token variable
24
- * 3. `SOCKET_CLI_GITHUB_TOKEN` - Socket-specific token variable
23
+ *
24
+ * The Socket-CLI-specific `SOCKET_CLI_GITHUB_TOKEN` is intentionally NOT read
25
+ * here — that variable is the CLI's concern (`getSocketCliGithubToken`), so
26
+ * this generic resolver stays limited to the standard GitHub token names.
25
27
  *
26
28
  * @example
27
29
  * ;```ts
@@ -34,7 +36,7 @@ const require_env_socket_cli = require('../env/socket-cli.js');
34
36
  * @returns The first available GitHub token, or `undefined` if none found
35
37
  */
36
38
  function getGitHubToken() {
37
- return require_env_github.getGithubToken() || require_env_github.getGhToken() || require_env_socket_cli.getSocketCliGithubToken() || void 0;
39
+ return require_env_github.getGithubToken() || require_env_github.getGhToken() || void 0;
38
40
  }
39
41
  /**
40
42
  * Get GitHub authentication token from git config. Reads the `github.token`
@@ -79,7 +81,7 @@ async function getGitHubTokenFromGitConfig(options) {
79
81
  *
80
82
  * Priority order:
81
83
  *
82
- * 1. Environment variables (GITHUB_TOKEN, GH_TOKEN, SOCKET_CLI_GITHUB_TOKEN)
84
+ * 1. Environment variables (GITHUB_TOKEN, GH_TOKEN)
83
85
  * 2. Git config (github.token)
84
86
  *
85
87
  * @example
@@ -0,0 +1,107 @@
1
+ /**
2
+ * @file Look up a GitHub Actions workflow run for a commit and classify its
3
+ * verdict — the "is CI green on this SHA?" primitive behind gated releases
4
+ * (bump/tag/publish only after the pre-release commit's CI passes). Built on
5
+ * the shared `fetchGitHub` REST client, so it inherits token resolution +
6
+ * rate-limit handling and needs no `gh` CLI. The pure helpers
7
+ * (`classifyRunVerdict`, `buildWorkflowRunsUrl`, `selectLatestRun`) hold the
8
+ * logic; `getRunForCommit` / `waitForRun` are the thin I/O wrappers.
9
+ */
10
+ /**
11
+ * Build the GitHub REST URL that lists the runs of `workflow` for `sha`,
12
+ * newest first, capped to one. Pure.
13
+ */
14
+ export declare function buildWorkflowRunsUrl(query: WorkflowRunQuery): string;
15
+ /**
16
+ * A workflow run's terminal verdict, normalized from GitHub's `status` +
17
+ * `conclusion` pair. `pending` = the run has not completed yet.
18
+ */
19
+ export type WorkflowRunVerdict = 'green' | 'pending' | 'red';
20
+ /**
21
+ * A GitHub Actions workflow run, narrowed to the fields a release gate needs.
22
+ * `conclusion` is `undefined` until the run reaches `status === 'completed'`.
23
+ */
24
+ export interface WorkflowRun {
25
+ conclusion: string | undefined;
26
+ htmlUrl: string | undefined;
27
+ id: number;
28
+ status: string;
29
+ }
30
+ /**
31
+ * One entry in the `GET .../runs` response, as GitHub returns it (snake_case,
32
+ * `conclusion` nullable until completion).
33
+ */
34
+ export interface WorkflowRunApiEntry {
35
+ conclusion?: string | null | undefined;
36
+ html_url?: string | undefined;
37
+ id: number;
38
+ status: string;
39
+ }
40
+ /**
41
+ * The `GET /repos/{owner}/{repo}/actions/workflows/{workflow}/runs` response
42
+ * shape, narrowed to `workflow_runs`.
43
+ */
44
+ export interface WorkflowRunsApiResponse {
45
+ workflow_runs?: WorkflowRunApiEntry[] | undefined;
46
+ }
47
+ /**
48
+ * Identifies the workflow run to resolve: a repo, a commit SHA, and the
49
+ * workflow to scope to.
50
+ */
51
+ export interface WorkflowRunQuery {
52
+ owner: string;
53
+ repo: string;
54
+ sha: string;
55
+ token?: string | undefined;
56
+ /**
57
+ * Workflow file name (e.g. `ci.yml`) or numeric workflow id. Scopes the
58
+ * lookup so a repo with many workflows resolves the intended run.
59
+ */
60
+ workflow: string;
61
+ }
62
+ /**
63
+ * Options for `waitForRun`: a `WorkflowRunQuery` plus polling bounds.
64
+ */
65
+ export interface WaitForRunOptions extends WorkflowRunQuery {
66
+ /**
67
+ * Maximum number of polls before giving up and returning the last verdict
68
+ * (usually `pending`). Default 120 (~10 min at the default interval).
69
+ */
70
+ maxAttempts?: number | undefined;
71
+ /**
72
+ * Milliseconds between polls. Default 5000. Pass `0` in tests.
73
+ */
74
+ pollIntervalMs?: number | undefined;
75
+ }
76
+ /**
77
+ * The result of `waitForRun`: the final verdict and the last run observed
78
+ * (`undefined` when no run ever appeared for the SHA).
79
+ */
80
+ export interface WaitForRunResult {
81
+ run: WorkflowRun | undefined;
82
+ verdict: WorkflowRunVerdict;
83
+ }
84
+ /**
85
+ * Classify a run's `status` + `conclusion` into a release verdict. Pure — a run
86
+ * that has not `completed` is `pending`; a completed run is `green` only when
87
+ * it `succeeded`, otherwise `red` (failure, cancelled, timed_out, …).
88
+ */
89
+ export declare function classifyRunVerdict(status: string | undefined, conclusion: string | undefined): WorkflowRunVerdict;
90
+ /**
91
+ * Fetch the newest workflow run for `sha`, or `undefined` when none has been
92
+ * created yet (CI may not have triggered at read time).
93
+ */
94
+ export declare function getRunForCommit(query: WorkflowRunQuery): Promise<WorkflowRun | undefined>;
95
+ /**
96
+ * Pick the newest run from a `GET .../runs` response and normalize it to a
97
+ * `WorkflowRun` (nullable `conclusion` → `undefined`). Returns `undefined` when
98
+ * no run exists for the SHA. Pure.
99
+ */
100
+ export declare function selectLatestRun(response: WorkflowRunsApiResponse): WorkflowRun | undefined;
101
+ /**
102
+ * Poll the workflow run for `sha` until it completes (or the attempt budget is
103
+ * spent), returning the final verdict and the last run seen. A `red` or `green`
104
+ * verdict resolves immediately; `pending` (no run yet, or still running) keeps
105
+ * polling every `pollIntervalMs` up to `maxAttempts`.
106
+ */
107
+ export declare function waitForRun(options: WaitForRunOptions): Promise<WaitForRunResult>;
@@ -0,0 +1,98 @@
1
+ "use strict";
2
+ /* Socket Lib - Built with rolldown */
3
+ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
4
+ const require_github_request = require('./request.js');
5
+ const require_promises_timers = require('../promises/timers.js');
6
+
7
+ //#region src/github/workflow-runs.ts
8
+ /**
9
+ * @file Look up a GitHub Actions workflow run for a commit and classify its
10
+ * verdict — the "is CI green on this SHA?" primitive behind gated releases
11
+ * (bump/tag/publish only after the pre-release commit's CI passes). Built on
12
+ * the shared `fetchGitHub` REST client, so it inherits token resolution +
13
+ * rate-limit handling and needs no `gh` CLI. The pure helpers
14
+ * (`classifyRunVerdict`, `buildWorkflowRunsUrl`, `selectLatestRun`) hold the
15
+ * logic; `getRunForCommit` / `waitForRun` are the thin I/O wrappers.
16
+ */
17
+ /**
18
+ * Build the GitHub REST URL that lists the runs of `workflow` for `sha`,
19
+ * newest first, capped to one. Pure.
20
+ */
21
+ function buildWorkflowRunsUrl(query) {
22
+ const { owner, repo, sha, workflow } = {
23
+ __proto__: null,
24
+ ...query
25
+ };
26
+ return `https://api.github.com/repos/${owner}/${repo}/actions/workflows/${workflow}/runs?head_sha=${sha}&per_page=1`;
27
+ }
28
+ /**
29
+ * Classify a run's `status` + `conclusion` into a release verdict. Pure — a run
30
+ * that has not `completed` is `pending`; a completed run is `green` only when
31
+ * it `succeeded`, otherwise `red` (failure, cancelled, timed_out, …).
32
+ */
33
+ function classifyRunVerdict(status, conclusion) {
34
+ if (status !== "completed") return "pending";
35
+ return conclusion === "success" ? "green" : "red";
36
+ }
37
+ /**
38
+ * Fetch the newest workflow run for `sha`, or `undefined` when none has been
39
+ * created yet (CI may not have triggered at read time).
40
+ */
41
+ async function getRunForCommit(query) {
42
+ const opts = {
43
+ __proto__: null,
44
+ ...query
45
+ };
46
+ return selectLatestRun(await require_github_request.fetchGitHub(buildWorkflowRunsUrl(opts), opts.token ? { token: opts.token } : void 0));
47
+ }
48
+ /**
49
+ * Pick the newest run from a `GET .../runs` response and normalize it to a
50
+ * `WorkflowRun` (nullable `conclusion` → `undefined`). Returns `undefined` when
51
+ * no run exists for the SHA. Pure.
52
+ */
53
+ function selectLatestRun(response) {
54
+ const raw = {
55
+ __proto__: null,
56
+ ...response
57
+ }.workflow_runs?.[0];
58
+ if (!raw) return;
59
+ return {
60
+ conclusion: raw.conclusion ?? void 0,
61
+ htmlUrl: raw.html_url ?? void 0,
62
+ id: raw.id,
63
+ status: raw.status
64
+ };
65
+ }
66
+ /**
67
+ * Poll the workflow run for `sha` until it completes (or the attempt budget is
68
+ * spent), returning the final verdict and the last run seen. A `red` or `green`
69
+ * verdict resolves immediately; `pending` (no run yet, or still running) keeps
70
+ * polling every `pollIntervalMs` up to `maxAttempts`.
71
+ */
72
+ async function waitForRun(options) {
73
+ const opts = {
74
+ __proto__: null,
75
+ ...options
76
+ };
77
+ const maxAttempts = opts.maxAttempts ?? 120;
78
+ const pollIntervalMs = opts.pollIntervalMs ?? 5e3;
79
+ let run;
80
+ let verdict = "pending";
81
+ for (let attempt = 0; attempt < maxAttempts; attempt += 1) {
82
+ run = await getRunForCommit(opts);
83
+ verdict = classifyRunVerdict(run?.status, run?.conclusion);
84
+ if (verdict !== "pending") break;
85
+ if (attempt < maxAttempts - 1) await require_promises_timers.sleep(pollIntervalMs);
86
+ }
87
+ return {
88
+ run,
89
+ verdict
90
+ };
91
+ }
92
+
93
+ //#endregion
94
+ exports.buildWorkflowRunsUrl = buildWorkflowRunsUrl;
95
+ exports.classifyRunVerdict = classifyRunVerdict;
96
+ exports.getRunForCommit = getRunForCommit;
97
+ exports.selectLatestRun = selectLatestRun;
98
+ exports.waitForRun = waitForRun;
@@ -2,7 +2,7 @@
2
2
  * @file Private lazy loaders for the Node.js modules used by the
3
3
  * `http-request/*` leaves. The `_` prefix keeps this module out of the
4
4
  * generated package.json `exports` map (the `dist/**\/_*` ignore pattern in
5
- * `scripts/post-build/make-package-exports.mts` filters it out), so it is not
5
+ * `scripts/fleet/make-package-exports.mts` filters it out), so it is not
6
6
  * part of the public surface — it exists only as a re-export shim so existing
7
7
  * siblings keep working unchanged. New code should import the canonical
8
8
  * helpers directly:
@@ -110,6 +110,12 @@ export interface BrowserHttpRequestOptions {
110
110
  * Defaults to 250ms.
111
111
  */
112
112
  retryDelay?: number | undefined;
113
+ /**
114
+ * Maximum delay (ms) for a single backoff wait. Caps the exponential growth
115
+ * (`retryDelay` * 2^attempt) so a high `retries` count can't produce
116
+ * multi-minute waits. Defaults to 30000ms.
117
+ */
118
+ retryDelayMax?: number | undefined;
113
119
  /**
114
120
  * Abort signal forwarded to fetch. Combined with `timeout` via
115
121
  * AbortController when both are present.
@@ -174,11 +174,12 @@ async function httpRequest(url, options) {
174
174
  const opts = options ?? {};
175
175
  const maxAttempts = (opts.retries ?? 0) + 1;
176
176
  const baseDelay = opts.retryDelay ?? 250;
177
+ const maxDelay = opts.retryDelayMax ?? 3e4;
177
178
  let lastError;
178
179
  for (let i = 0; i < maxAttempts; i++) try {
179
180
  const response = await attempt(url, opts);
180
181
  if (response.status >= 500 && i + 1 < maxAttempts) {
181
- await sleep(baseDelay * require_primordials_math.MathPow(2, i));
182
+ await sleep(require_primordials_math.MathMin(baseDelay * require_primordials_math.MathPow(2, i), maxDelay));
182
183
  continue;
183
184
  }
184
185
  if (opts.throwOnError && !response.ok) throw new HttpResponseError(response);
@@ -187,7 +188,7 @@ async function httpRequest(url, options) {
187
188
  lastError = err;
188
189
  if (err instanceof HttpResponseError) throw err;
189
190
  if (i + 1 < maxAttempts) {
190
- await sleep(baseDelay * require_primordials_math.MathPow(2, i));
191
+ await sleep(require_primordials_math.MathMin(baseDelay * require_primordials_math.MathPow(2, i), maxDelay));
191
192
  continue;
192
193
  }
193
194
  }
@@ -168,6 +168,8 @@ async function httpDownloadAttempt(url, destPath, options) {
168
168
  })();
169
169
  };
170
170
  fileStream.on("error", (error) => {
171
+ res.unpipe(fileStream);
172
+ res.destroy();
171
173
  fileStream.destroy();
172
174
  cleanupPartial();
173
175
  reject(new require_primordials_error.ErrorCtor(`Failed to write file: ${error.message}`, { cause: error }));
@@ -13,7 +13,7 @@
13
13
  * Build an HTTP Basic `Authorization` header value from a Socket API token.
14
14
  *
15
15
  * The Socket API uses the token as the username with an empty password, so the
16
- * credential pair is `<token>:`. Centralized here so every fleet caller emits
16
+ * credential pair is `<token>:`. Centralized here so every Socket caller emits
17
17
  * the identical shape instead of hand-rolling `btoa(\`${token}:`)`.
18
18
  *
19
19
  * @example