@socketsecurity/lib 6.0.9 → 6.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/README.md +8 -9
- package/dist/abort/signal.d.ts +1 -1
- package/dist/abort/signal.js +1 -1
- package/dist/ai/agent-context.d.mts +1 -1
- package/dist/ai/agent-context.js +3 -2
- package/dist/ai/backends.d.mts +3 -3
- package/dist/ai/backends.js +2 -2
- package/dist/ai/billing-context.d.mts +74 -0
- package/dist/ai/billing-context.js +129 -0
- package/dist/ai/credentials.d.mts +39 -5
- package/dist/ai/credentials.js +61 -6
- package/dist/ai/discover.d.mts +4 -0
- package/dist/ai/discover.js +4 -0
- package/dist/ai/exec.d.mts +1 -1
- package/dist/ai/exec.js +1 -1
- package/dist/ai/http.d.mts +8 -8
- package/dist/ai/http.js +6 -6
- package/dist/ai/profiles.d.mts +9 -10
- package/dist/ai/profiles.js +0 -5
- package/dist/ai/role.d.mts +58 -0
- package/dist/ai/role.js +96 -0
- package/dist/ai/route-heuristic.d.mts +177 -0
- package/dist/ai/route-heuristic.js +194 -0
- package/dist/ai/route.d.mts +10 -9
- package/dist/ai/route.js +14 -13
- package/dist/ai/spawn.d.mts +2 -1
- package/dist/ai/spawn.js +25 -2
- package/dist/ai/subagent-status.d.mts +2 -0
- package/dist/ai/subagent-status.js +2 -0
- package/dist/ai/tier.d.mts +1 -1
- package/dist/ai/types.d.mts +9 -2
- package/dist/ai/worktree.d.mts +1 -1
- package/dist/ai/worktree.js +3 -2
- package/dist/argv/parse.d.ts +2 -0
- package/dist/argv/parse.js +2 -0
- package/dist/bin/_internal.d.ts +1 -1
- package/dist/bin/_internal.js +1 -1
- package/dist/bin/prim.cjs +446 -300
- package/dist/bin/shadow.js +2 -1
- package/dist/bin/which.d.ts +28 -3
- package/dist/bin/which.js +45 -3
- package/dist/cacache/_internal.d.ts +10 -2
- package/dist/cacache/_internal.js +6 -10
- package/dist/cache/ttl/_internal.d.ts +33 -0
- package/dist/cache/ttl/_internal.js +68 -0
- package/dist/cache/ttl/browser.d.ts +56 -0
- package/dist/cache/ttl/browser.js +257 -0
- package/dist/cache/ttl/store.js +10 -33
- package/dist/cache/ttl/types.d.ts +46 -3
- package/dist/checks/primordials-defaults.d.ts +5 -5
- package/dist/checks/primordials-defaults.js +5 -5
- package/dist/checks/primordials.d.ts +1 -1
- package/dist/checks/primordials.js +25 -17
- package/dist/cli/check-primordials.d.ts +6 -1
- package/dist/cli/check-primordials.js +14 -5
- package/dist/cli/check.js +1 -1
- package/dist/cli/socket-lib.d.ts +1 -1
- package/dist/cli/socket-lib.js +3 -3
- package/dist/colors/socket-palette.d.ts +1 -1
- package/dist/compression/brotli.d.ts +6 -2
- package/dist/compression/brotli.js +4 -0
- package/dist/compression/gzip.d.ts +6 -2
- package/dist/compression/gzip.js +6 -1
- package/dist/config/layers.d.ts +4 -4
- package/dist/config/layers.js +4 -4
- package/dist/constants/agents.d.ts +3 -0
- package/dist/constants/agents.js +3 -0
- package/dist/constants/node.d.ts +14 -0
- package/dist/constants/node.js +14 -0
- package/dist/constants/package-default-node-range.js +1 -5
- package/dist/constants/packages.d.ts +5 -0
- package/dist/constants/packages.js +5 -0
- package/dist/constants/platform.d.ts +1 -1
- package/dist/constants/platform.js +1 -1
- package/dist/constants/socket.js +1 -1
- package/dist/constants/typescript.d.ts +5 -0
- package/dist/constants/typescript.js +5 -0
- package/dist/debug/_internal.d.ts +22 -7
- package/dist/debug/_internal.js +33 -15
- package/dist/debug/namespace.js +11 -8
- package/dist/debug/output.d.ts +12 -1
- package/dist/debug/output.js +33 -16
- package/dist/dlx/binary-resolution.js +7 -4
- package/dist/eco/npm/npm/parse-lockfile.js +2 -1
- package/dist/eco/npm/vlt/exec.d.ts +1 -1
- package/dist/eco/npm/vlt/exec.js +1 -1
- package/dist/env/agents.d.ts +6 -0
- package/dist/env/agents.js +29 -0
- package/dist/env/flags.d.ts +12 -0
- package/dist/env/flags.js +23 -0
- package/dist/env/github-status.js +2 -2
- package/dist/env/providers.d.ts +6 -0
- package/dist/env/providers.js +23 -0
- package/dist/env/proxy.js +1 -1
- package/dist/env/rewire.d.ts +32 -0
- package/dist/env/rewire.js +55 -23
- package/dist/env/runtimes.d.ts +9 -0
- package/dist/env/runtimes.js +53 -0
- package/dist/env/socket-cli.d.ts +5 -2
- package/dist/env/socket-cli.js +6 -3
- package/dist/errors/predicates.d.ts +3 -2
- package/dist/errors/predicates.js +5 -3
- package/dist/errors/stack.js +2 -1
- package/dist/events/exit/_internal.d.ts +1 -23
- package/dist/external/@npmcli/package-json.js +179 -88
- package/dist/external/@npmcli/promise-spawn.js +2 -2
- package/dist/external/@sinclair/typebox/value.js +5 -4
- package/dist/external/@socketregistry/yocto-spinner.js +3 -3
- package/dist/external/adm-zip.d.ts +82 -0
- package/dist/external/adm-zip.js +2 -2
- package/dist/external/cacache.d.ts +87 -0
- package/dist/external/debug.d.ts +22 -0
- package/dist/external/debug.js +11 -4
- package/dist/external/del.d.ts +1 -0
- package/dist/external/external-pack.d.ts +12 -0
- package/dist/external/external-pack.js +41 -34
- package/dist/external/fast-glob.d.ts +8 -0
- package/dist/external/fast-sort.d.ts +1 -0
- package/dist/external/get-east-asian-width.d.ts +5 -0
- package/dist/external/get-east-asian-width.js +8 -1
- package/dist/external/has-flag.d.ts +1 -0
- package/dist/external/inquirer-pack.d.ts +18 -0
- package/dist/external/libnpmexec.d.ts +35 -0
- package/dist/external/libnpmpack.d.ts +1 -0
- package/dist/external/make-fetch-happen.d.ts +13 -0
- package/dist/external/normalize-package-data.d.ts +4 -0
- package/dist/external/npm-core.d.ts +14 -0
- package/dist/external/npm-pack.d.ts +24 -0
- package/dist/external/npm-pack.js +1551 -1867
- package/dist/external/npm-package-arg.d.ts +4 -0
- package/dist/external/p-map.js +8 -1
- package/dist/external/pacote.d.ts +15 -0
- package/dist/external/pico-pack.d.ts +16 -0
- package/dist/external/pico-pack.js +38 -23
- package/dist/external/picomatch.d.ts +96 -0
- package/dist/external/pony-cause.d.ts +14 -0
- package/dist/external/semver.d.ts +60 -0
- package/dist/external/semver.js +1459 -4
- package/dist/external/shell-quote.d.ts +51 -0
- package/dist/external/shell-quote.js +55 -15
- package/dist/external/signal-exit.d.ts +1 -0
- package/dist/external/spdx-correct.d.ts +4 -0
- package/dist/external/spdx-expression-parse.d.ts +4 -0
- package/dist/external/spdx-pack.d.ts +10 -0
- package/dist/external/std-env.d.ts +284 -0
- package/dist/external/std-env.js +323 -0
- package/dist/external/streaming-iterables.d.ts +11 -0
- package/dist/external/supports-color.d.ts +1 -0
- package/dist/external/tar-fs.d.ts +31 -0
- package/dist/external/validate-npm-package-name.d.ts +4 -0
- package/dist/external/which.d.ts +25 -0
- package/dist/external/which.js +2 -2
- package/dist/external/yargs-parser.d.ts +2 -0
- package/dist/external/yargs-parser.js +11 -3
- package/dist/external/yoctocolors-cjs.d.ts +51 -0
- package/dist/external-tools/bazel/asset-names.d.ts +1 -1
- package/dist/external-tools/bazel/from-download.d.ts +1 -1
- package/dist/external-tools/bazel/resolve.d.ts +3 -0
- package/dist/external-tools/bazel/resolve.js +3 -0
- package/dist/external-tools/cdxgen/asset-names.d.ts +5 -5
- package/dist/external-tools/cdxgen/asset-names.js +3 -3
- package/dist/external-tools/cdxgen/from-download.d.ts +2 -2
- package/dist/external-tools/cdxgen/from-download.js +1 -1
- package/dist/external-tools/cdxgen/resolve.d.ts +4 -1
- package/dist/external-tools/cdxgen/resolve.js +4 -1
- package/dist/external-tools/cdxgen/types.d.ts +1 -1
- package/dist/external-tools/from-download.d.ts +2 -2
- package/dist/external-tools/from-download.js +1 -1
- package/dist/external-tools/janus/asset-names.d.ts +4 -1
- package/dist/external-tools/janus/asset-names.js +3 -0
- package/dist/external-tools/janus/from-download.d.ts +3 -3
- package/dist/external-tools/janus/from-download.js +2 -2
- package/dist/external-tools/janus/resolve.d.ts +3 -0
- package/dist/external-tools/janus/resolve.js +3 -0
- package/dist/external-tools/jre/asset-names.d.ts +3 -1
- package/dist/external-tools/jre/asset-names.js +2 -0
- package/dist/external-tools/jre/from-download.d.ts +1 -1
- package/dist/external-tools/manifest.d.ts +5 -3
- package/dist/external-tools/manifest.js +4 -2
- package/dist/external-tools/opengrep/asset-names.d.ts +1 -1
- package/dist/external-tools/opengrep/resolve.d.ts +3 -0
- package/dist/external-tools/opengrep/resolve.js +3 -0
- package/dist/external-tools/python/asset-names.d.ts +3 -1
- package/dist/external-tools/python/asset-names.js +7 -3
- package/dist/external-tools/python/pin.js +3 -1
- package/dist/external-tools/python/resolve.d.ts +3 -0
- package/dist/external-tools/python/resolve.js +3 -0
- package/dist/external-tools/sbt/resolve.d.ts +3 -0
- package/dist/external-tools/sbt/resolve.js +3 -0
- package/dist/external-tools/skillspector/from-uv.d.ts +1 -1
- package/dist/external-tools/synp/resolve.d.ts +3 -0
- package/dist/external-tools/synp/resolve.js +3 -0
- package/dist/external-tools/trivy/asset-names.d.ts +1 -1
- package/dist/external-tools/trivy/resolve.d.ts +3 -0
- package/dist/external-tools/trivy/resolve.js +3 -0
- package/dist/external-tools/trufflehog/asset-names.d.ts +4 -1
- package/dist/external-tools/trufflehog/asset-names.js +3 -0
- package/dist/external-tools/trufflehog/from-download.d.ts +1 -1
- package/dist/external-tools/trufflehog/resolve.d.ts +3 -0
- package/dist/external-tools/trufflehog/resolve.js +3 -0
- package/dist/external-tools/uv/asset-names.d.ts +1 -1
- package/dist/external-tools/uv/resolve.d.ts +3 -0
- package/dist/external-tools/uv/resolve.js +3 -0
- package/dist/fleet/repo-config.d.ts +8 -6
- package/dist/fleet/repo-config.js +8 -6
- package/dist/fs/_internal.d.ts +1 -1
- package/dist/fs/_internal.js +1 -1
- package/dist/fs/access.d.ts +2 -0
- package/dist/fs/access.js +2 -0
- package/dist/fs/allowed-dirs-cache.js +5 -3
- package/dist/fs/find.js +1 -2
- package/dist/fs/inspect.d.ts +2 -2
- package/dist/fs/read-file.js +3 -4
- package/dist/fs/safe.js +1 -1
- package/dist/git/_internal.js +5 -1
- package/dist/github/commit.d.ts +92 -0
- package/dist/github/commit.js +113 -0
- package/dist/github/ghsa.js +1 -1
- package/dist/github/refs-graphql.js +1 -1
- package/dist/github/request.js +1 -1
- package/dist/github/token.d.ts +5 -2
- package/dist/github/token.js +6 -4
- package/dist/github/workflow-runs.d.ts +107 -0
- package/dist/github/workflow-runs.js +98 -0
- package/dist/http-request/_internal.d.ts +1 -1
- package/dist/http-request/browser.d.ts +6 -0
- package/dist/http-request/browser.js +3 -2
- package/dist/http-request/download.js +2 -0
- package/dist/http-request/headers.d.ts +1 -1
- package/dist/http-request/headers.js +1 -1
- package/dist/http-request/request-attempt.js +6 -3
- package/dist/http-request/request-types.d.ts +10 -1
- package/dist/http-request/request.js +2 -2
- package/dist/http-request/user-agent.d.ts +23 -2
- package/dist/http-request/user-agent.js +48 -6
- package/dist/integrity.d.ts +3 -1
- package/dist/integrity.js +3 -1
- package/dist/json/format.js +4 -1
- package/dist/logger/_internal.d.ts +13 -15
- package/dist/logger/_internal.js +21 -21
- package/dist/logger/colors.d.ts +9 -3
- package/dist/logger/colors.js +6 -13
- package/dist/logger/console-methods.js +2 -2
- package/dist/logger/console.d.ts +1 -0
- package/dist/logger/console.js +9 -9
- package/dist/logger/node.js +2 -1
- package/dist/native-messaging/install.js +1 -1
- package/dist/native-messaging/rate-limit.d.ts +4 -1
- package/dist/native-messaging/rate-limit.js +4 -1
- package/dist/node/events.d.ts +3 -0
- package/dist/node/events.js +3 -0
- package/dist/node/fs.d.ts +1 -1
- package/dist/node/timers-promises.d.ts +3 -0
- package/dist/node/timers-promises.js +3 -0
- package/dist/node/url.d.ts +3 -0
- package/dist/node/url.js +3 -0
- package/dist/npm/meta-cache.d.ts +183 -0
- package/dist/npm/meta-cache.js +318 -0
- package/dist/npm/meta-slice.d.ts +27 -0
- package/dist/npm/meta-slice.js +68 -0
- package/dist/npm/meta-types.d.ts +282 -0
- package/dist/npm/meta-types.js +2 -0
- package/dist/npm/meta.d.ts +125 -0
- package/dist/npm/meta.js +347 -0
- package/dist/npm/registry.d.ts +212 -0
- package/dist/npm/registry.js +284 -0
- package/dist/objects/getters.d.ts +1 -1
- package/dist/objects/getters.js +1 -1
- package/dist/packages/manifest.js +6 -7
- package/dist/packages/metadata-extensions.js +2 -4
- package/dist/packages/provenance.d.ts +8 -0
- package/dist/packages/provenance.js +8 -0
- package/dist/packages/tarball.js +1 -2
- package/dist/packages/validation.d.ts +0 -10
- package/dist/packages/validation.js +0 -14
- package/dist/paths/exts.d.ts +30 -0
- package/dist/paths/exts.js +30 -0
- package/dist/paths/filenames.d.ts +6 -0
- package/dist/paths/filenames.js +6 -0
- package/dist/paths/globs.d.ts +6 -0
- package/dist/paths/globs.js +6 -0
- package/dist/paths/resolve.js +19 -14
- package/dist/paths/socket.d.ts +8 -8
- package/dist/paths/socket.js +8 -8
- package/dist/perf/report.js +4 -2
- package/dist/pkg-ext/data.js +0 -2
- package/dist/primordials/globals.d.ts +1 -1
- package/dist/primordials/globals.js +1 -1
- package/dist/primordials/headers.d.ts +13 -1
- package/dist/primordials/headers.js +13 -1
- package/dist/primordials/process.d.ts +1 -1
- package/dist/primordials/process.js +1 -1
- package/dist/primordials/url.d.ts +18 -0
- package/dist/primordials/url.js +18 -0
- package/dist/process/spawn/child.js +3 -5
- package/dist/promises/_internal.d.ts +1 -1
- package/dist/promises/_internal.js +1 -2
- package/dist/promises/options.js +3 -3
- package/dist/releases/socket-btm-binary-naming.js +12 -1
- package/dist/secrets/_internal.d.ts +1 -1
- package/dist/secrets/_internal.js +1 -1
- package/dist/secrets/find.d.ts +2 -2
- package/dist/secrets/find.js +2 -2
- package/dist/secrets/keychain.d.ts +10 -1
- package/dist/secrets/keychain.js +10 -1
- package/dist/secrets/socket-api-token.d.ts +1 -1
- package/dist/secrets/socket-api-token.js +1 -1
- package/dist/secrets/types.d.ts +1 -1
- package/dist/smol/http.d.ts +2 -0
- package/dist/smol/http.js +2 -0
- package/dist/smol/https.d.ts +2 -0
- package/dist/smol/https.js +2 -0
- package/dist/sorts/_internal.d.ts +2 -3
- package/dist/sorts/_internal.js +1 -3
- package/dist/spinner/format.js +2 -4
- package/dist/stdio/footer.js +8 -7
- package/dist/stdio/prompts.d.ts +8 -15
- package/dist/stdio/prompts.js +18 -29
- package/dist/strings/predicates.d.ts +2 -2
- package/dist/strings/search.js +1 -1
- package/dist/strings/types.d.ts +4 -0
- package/dist/strings/width.d.ts +1 -0
- package/dist/strings/width.js +17 -8
- package/dist/themes/context.d.ts +13 -0
- package/dist/themes/context.js +23 -8
- package/dist/versions/_internal.d.ts +43 -13
- package/dist/versions/_internal.js +27 -15
- package/dist/versions/compare.d.ts +16 -10
- package/dist/versions/compare.js +36 -16
- package/dist/versions/parse.js +1 -1
- package/dist/versions/range.js +3 -2
- package/dist/words/pluralize.js +4 -1
- package/llms.txt +63 -750
- package/package.json +200 -35
|
@@ -24,7 +24,7 @@ const RETRY_AFTER_INT_RE = /^\d+$/;
|
|
|
24
24
|
* Build an HTTP Basic `Authorization` header value from a Socket API token.
|
|
25
25
|
*
|
|
26
26
|
* The Socket API uses the token as the username with an empty password, so the
|
|
27
|
-
* credential pair is `<token>:`. Centralized here so every
|
|
27
|
+
* credential pair is `<token>:`. Centralized here so every Socket caller emits
|
|
28
28
|
* the identical shape instead of hand-rolling `btoa(\`${token}:`)`.
|
|
29
29
|
*
|
|
30
30
|
* @example
|
|
@@ -118,7 +118,7 @@ async function httpRequestAttempt(url, options) {
|
|
|
118
118
|
let redirectHeaders = headers;
|
|
119
119
|
if (new require_primordials_url.URLCtor(url).origin !== redirectParsed.origin) {
|
|
120
120
|
redirectHeaders = { __proto__: null };
|
|
121
|
-
const stripped = new Set([
|
|
121
|
+
const stripped = /* @__PURE__ */ new Set([
|
|
122
122
|
"authorization",
|
|
123
123
|
"cookie",
|
|
124
124
|
"proxy-authenticate",
|
|
@@ -173,7 +173,9 @@ async function httpRequestAttempt(url, options) {
|
|
|
173
173
|
if (maxResponseSize && totalBytes > maxResponseSize) {
|
|
174
174
|
res.destroy();
|
|
175
175
|
request.destroy();
|
|
176
|
-
|
|
176
|
+
const sizeMB = (totalBytes / (1024 * 1024)).toFixed(2);
|
|
177
|
+
const maxMB = (maxResponseSize / (1024 * 1024)).toFixed(2);
|
|
178
|
+
rejectOnce(new require_primordials_error.ErrorCtor(`Response exceeds maximum size limit (${sizeMB}MB > ${maxMB}MB)`));
|
|
177
179
|
return;
|
|
178
180
|
}
|
|
179
181
|
chunks.push(chunk);
|
|
@@ -213,7 +215,8 @@ async function httpRequestAttempt(url, options) {
|
|
|
213
215
|
});
|
|
214
216
|
});
|
|
215
217
|
request.on("error", (error) => {
|
|
216
|
-
|
|
218
|
+
const message = require_http_request_errors.enrichErrorMessage(url, method, error);
|
|
219
|
+
rejectOnce(new require_primordials_error.ErrorCtor(message, { cause: error }));
|
|
217
220
|
});
|
|
218
221
|
request.on("timeout", () => {
|
|
219
222
|
request.destroy();
|
|
@@ -199,7 +199,7 @@ export interface HttpRequestOptions {
|
|
|
199
199
|
onRetry?: ((attempt: number, error: unknown, delay: number) => boolean | number | undefined) | undefined;
|
|
200
200
|
/**
|
|
201
201
|
* Number of retry attempts for failed requests. Uses exponential backoff:
|
|
202
|
-
* delay = `retryDelay` * 2^attempt.
|
|
202
|
+
* delay = min(`retryDelay` * 2^attempt, `retryDelayMax`).
|
|
203
203
|
*
|
|
204
204
|
* @default 0
|
|
205
205
|
*/
|
|
@@ -211,6 +211,15 @@ export interface HttpRequestOptions {
|
|
|
211
211
|
* @default 1000
|
|
212
212
|
*/
|
|
213
213
|
retryDelay?: number | undefined;
|
|
214
|
+
/**
|
|
215
|
+
* Maximum delay in milliseconds for a single backoff wait. Caps the
|
|
216
|
+
* exponential growth (`retryDelay` * 2^attempt) so a high `retries` count
|
|
217
|
+
* can't produce multi-minute waits. An explicit `onRetry`-returned delay is
|
|
218
|
+
* not capped — that is the caller's deliberate choice.
|
|
219
|
+
*
|
|
220
|
+
* @default 30000
|
|
221
|
+
*/
|
|
222
|
+
retryDelayMax?: number | undefined;
|
|
214
223
|
/**
|
|
215
224
|
* AbortSignal forwarded to the underlying `http.request` / `https.request`
|
|
216
225
|
* call. Supported in Node 22+ via `node:http` request options. When both
|
|
@@ -65,7 +65,7 @@ let node_timers_promises = require("node:timers/promises");
|
|
|
65
65
|
* non-retryable error happens.
|
|
66
66
|
*/
|
|
67
67
|
async function httpRequest(url, options) {
|
|
68
|
-
const { body, ca, followRedirects = true, headers = {}, hooks, maxRedirects = 5, maxResponseSize, method = "GET", onRetry, retries = 0, retryDelay = 1e3, signal, stream = false, throwOnError = false, timeout = 3e4 } = {
|
|
68
|
+
const { body, ca, followRedirects = true, headers = {}, hooks, maxRedirects = 5, maxResponseSize, method = "GET", onRetry, retries = 0, retryDelay = 1e3, retryDelayMax = 3e4, signal, stream = false, throwOnError = false, timeout = 3e4 } = {
|
|
69
69
|
__proto__: null,
|
|
70
70
|
...options
|
|
71
71
|
};
|
|
@@ -104,7 +104,7 @@ async function httpRequest(url, options) {
|
|
|
104
104
|
lastError = e;
|
|
105
105
|
if (attempt === retries) break;
|
|
106
106
|
if (signal?.aborted) break;
|
|
107
|
-
const delayMs = retryDelay * 2 ** attempt;
|
|
107
|
+
const delayMs = require_primordials_math.MathMin(retryDelay * 2 ** attempt, retryDelayMax);
|
|
108
108
|
if (onRetry) {
|
|
109
109
|
const retryResult = onRetry(attempt + 1, e, delayMs);
|
|
110
110
|
if (retryResult === false) break;
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Three-token format aligned with socket-cli's `getCliUserAgent` and
|
|
4
4
|
* coana-tech-cli's `configureAxiosUserAgent`: `<slug>/<version>
|
|
5
5
|
* node/<node-version> <platform>/<arch>` e.g. `socketsecurity-lib/6.0.0
|
|
6
|
-
* node/v22.10.0 darwin/arm64` Downstream callers (sdxgen SEA binary,
|
|
6
|
+
* node/v22.10.0 darwin/arm64` Downstream callers (sdxgen SEA binary, Socket
|
|
7
7
|
* CLIs, etc.) can identify themselves via the `SOCKET_CALLER_USER_AGENT` env
|
|
8
8
|
* var, which is appended to the lib's own UA so the server still sees the lib
|
|
9
9
|
* identifier. @example import { getSocketCallerUserAgent } from
|
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
*
|
|
17
17
|
* Used directly by socket-lib's own outbound requests (via
|
|
18
18
|
* `getSocketCallerUserAgent`) and exported for sibling packages (socket-cli,
|
|
19
|
-
* socket-sdk-js) so
|
|
19
|
+
* socket-sdk-js) so Socket emits one canonical UA shape.
|
|
20
20
|
*
|
|
21
21
|
* @example
|
|
22
22
|
* ;```typescript
|
|
@@ -31,6 +31,18 @@ export declare function buildUserAgent(pkg: {
|
|
|
31
31
|
name: string;
|
|
32
32
|
version: string;
|
|
33
33
|
}, caller?: string | undefined): string;
|
|
34
|
+
/**
|
|
35
|
+
* Chain User-Agent fragments into a breadcrumb trail, ordered identity → hop
|
|
36
|
+
* (the immediate agent first, each forwarded caller after) so it reads
|
|
37
|
+
* left-to-right and a server's UA parser buckets by the immediate agent. Each
|
|
38
|
+
* fragment is sanitized; empties are dropped; an immediately-repeated fragment
|
|
39
|
+
* is collapsed so re-proxying doesn't stutter the same hop twice.
|
|
40
|
+
*
|
|
41
|
+
* @example
|
|
42
|
+
* chainUserAgents(['socketsecurity-firewall-api-proxy/0.0.0', 'vlt/1.2.3'])
|
|
43
|
+
* // 'socketsecurity-firewall-api-proxy/0.0.0 vlt/1.2.3'
|
|
44
|
+
*/
|
|
45
|
+
export declare function chainUserAgents(parts: ReadonlyArray<string | undefined>): string;
|
|
34
46
|
/**
|
|
35
47
|
* User-Agent header for socket-lib's own outbound HTTP requests.
|
|
36
48
|
*
|
|
@@ -53,3 +65,12 @@ export declare function buildUserAgent(pkg: {
|
|
|
53
65
|
* ```
|
|
54
66
|
*/
|
|
55
67
|
export declare function getSocketCallerUserAgent(): string;
|
|
68
|
+
/**
|
|
69
|
+
* Sanitize a single User-Agent fragment for safe inclusion in an outgoing HTTP
|
|
70
|
+
* header. A caller identifier (`SOCKET_CALLER_USER_AGENT`, or a UA a proxy
|
|
71
|
+
* forwards on behalf of its client) is untrusted, so strip control chars (C0
|
|
72
|
+
* incl. CR/LF — the header- and log-injection vector — DEL, and C1), collapse
|
|
73
|
+
* internal whitespace to one space, trim, and cap length. Returns '' for
|
|
74
|
+
* nullish / blank / all-control input.
|
|
75
|
+
*/
|
|
76
|
+
export declare function sanitizeUserAgent(value: string | undefined): string;
|
|
@@ -2,7 +2,9 @@
|
|
|
2
2
|
/* Socket Lib - Built with rolldown */
|
|
3
3
|
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
4
4
|
const require_runtime = require('../_virtual/_rolldown/runtime.js');
|
|
5
|
+
const require_primordials_string = require('../primordials/string.js');
|
|
5
6
|
const require_env_rewire = require('../env/rewire.js');
|
|
7
|
+
const require_primordials_array = require('../primordials/array.js');
|
|
6
8
|
const require_constants_socket = require('../constants/socket.js');
|
|
7
9
|
const require_packages_specs = require('../packages/specs.js');
|
|
8
10
|
let node_process = require("node:process");
|
|
@@ -14,20 +16,22 @@ node_process = require_runtime.__toESM(node_process);
|
|
|
14
16
|
* Three-token format aligned with socket-cli's `getCliUserAgent` and
|
|
15
17
|
* coana-tech-cli's `configureAxiosUserAgent`: `<slug>/<version>
|
|
16
18
|
* node/<node-version> <platform>/<arch>` e.g. `socketsecurity-lib/6.0.0
|
|
17
|
-
* node/v22.10.0 darwin/arm64` Downstream callers (sdxgen SEA binary,
|
|
19
|
+
* node/v22.10.0 darwin/arm64` Downstream callers (sdxgen SEA binary, Socket
|
|
18
20
|
* CLIs, etc.) can identify themselves via the `SOCKET_CALLER_USER_AGENT` env
|
|
19
21
|
* var, which is appended to the lib's own UA so the server still sees the lib
|
|
20
22
|
* identifier. @example import { getSocketCallerUserAgent } from
|
|
21
23
|
* '@socketsecurity/lib/http-request/user-agent'
|
|
22
24
|
* request.setHeader('User-Agent', getSocketCallerUserAgent())
|
|
23
25
|
*/
|
|
26
|
+
const MAX_USER_AGENT_LENGTH = 256;
|
|
27
|
+
let cachedBaseUserAgent;
|
|
24
28
|
/**
|
|
25
29
|
* Compose a three-token User-Agent string from a `{ name, version }` pair,
|
|
26
30
|
* optionally appending a caller-supplied identifier.
|
|
27
31
|
*
|
|
28
32
|
* Used directly by socket-lib's own outbound requests (via
|
|
29
33
|
* `getSocketCallerUserAgent`) and exported for sibling packages (socket-cli,
|
|
30
|
-
* socket-sdk-js) so
|
|
34
|
+
* socket-sdk-js) so Socket emits one canonical UA shape.
|
|
31
35
|
*
|
|
32
36
|
* @example
|
|
33
37
|
* ;```typescript
|
|
@@ -40,9 +44,27 @@ node_process = require_runtime.__toESM(node_process);
|
|
|
40
44
|
*/
|
|
41
45
|
function buildUserAgent(pkg, caller) {
|
|
42
46
|
const base = `${require_packages_specs.pkgNameToSlug(pkg.name)}/${pkg.version} node/${node_process.default.version} ${node_process.default.platform}/${node_process.default.arch}`;
|
|
43
|
-
return caller ?
|
|
47
|
+
return caller ? chainUserAgents([base, caller]) : base;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Chain User-Agent fragments into a breadcrumb trail, ordered identity → hop
|
|
51
|
+
* (the immediate agent first, each forwarded caller after) so it reads
|
|
52
|
+
* left-to-right and a server's UA parser buckets by the immediate agent. Each
|
|
53
|
+
* fragment is sanitized; empties are dropped; an immediately-repeated fragment
|
|
54
|
+
* is collapsed so re-proxying doesn't stutter the same hop twice.
|
|
55
|
+
*
|
|
56
|
+
* @example
|
|
57
|
+
* chainUserAgents(['socketsecurity-firewall-api-proxy/0.0.0', 'vlt/1.2.3'])
|
|
58
|
+
* // 'socketsecurity-firewall-api-proxy/0.0.0 vlt/1.2.3'
|
|
59
|
+
*/
|
|
60
|
+
function chainUserAgents(parts) {
|
|
61
|
+
const trail = [];
|
|
62
|
+
for (let i = 0, { length } = parts; i < length; i += 1) {
|
|
63
|
+
const clean = sanitizeUserAgent(parts[i]);
|
|
64
|
+
if (clean && trail[trail.length - 1] !== clean) require_primordials_array.ArrayPrototypePush(trail, clean);
|
|
65
|
+
}
|
|
66
|
+
return require_primordials_array.ArrayPrototypeJoin(trail, " ");
|
|
44
67
|
}
|
|
45
|
-
let cachedBaseUserAgent;
|
|
46
68
|
/**
|
|
47
69
|
* User-Agent header for socket-lib's own outbound HTTP requests.
|
|
48
70
|
*
|
|
@@ -70,9 +92,29 @@ function getSocketCallerUserAgent() {
|
|
|
70
92
|
version: require_constants_socket.SOCKET_LIB_VERSION
|
|
71
93
|
});
|
|
72
94
|
const caller = require_env_rewire.getEnvValue("SOCKET_CALLER_USER_AGENT");
|
|
73
|
-
return
|
|
95
|
+
return chainUserAgents([cachedBaseUserAgent, caller]);
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Sanitize a single User-Agent fragment for safe inclusion in an outgoing HTTP
|
|
99
|
+
* header. A caller identifier (`SOCKET_CALLER_USER_AGENT`, or a UA a proxy
|
|
100
|
+
* forwards on behalf of its client) is untrusted, so strip control chars (C0
|
|
101
|
+
* incl. CR/LF — the header- and log-injection vector — DEL, and C1), collapse
|
|
102
|
+
* internal whitespace to one space, trim, and cap length. Returns '' for
|
|
103
|
+
* nullish / blank / all-control input.
|
|
104
|
+
*/
|
|
105
|
+
function sanitizeUserAgent(value) {
|
|
106
|
+
if (!value) return "";
|
|
107
|
+
let cleaned = "";
|
|
108
|
+
for (let i = 0, { length } = value; i < length; i += 1) {
|
|
109
|
+
const code = require_primordials_string.StringPrototypeCharCodeAt(value, i);
|
|
110
|
+
cleaned += code < 32 || code >= 127 && code <= 159 ? " " : require_primordials_string.StringPrototypeCharAt(value, i);
|
|
111
|
+
}
|
|
112
|
+
cleaned = require_primordials_string.StringPrototypeTrim(require_primordials_string.StringPrototypeReplace(cleaned, /\s+/g, " "));
|
|
113
|
+
return cleaned.length > MAX_USER_AGENT_LENGTH ? require_primordials_string.StringPrototypeTrim(require_primordials_string.StringPrototypeSlice(cleaned, 0, MAX_USER_AGENT_LENGTH)) : cleaned;
|
|
74
114
|
}
|
|
75
115
|
|
|
76
116
|
//#endregion
|
|
77
117
|
exports.buildUserAgent = buildUserAgent;
|
|
78
|
-
exports.
|
|
118
|
+
exports.chainUserAgents = chainUserAgents;
|
|
119
|
+
exports.getSocketCallerUserAgent = getSocketCallerUserAgent;
|
|
120
|
+
exports.sanitizeUserAgent = sanitizeUserAgent;
|
package/dist/integrity.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* SRI-blessed hash algorithms. The W3C set; the prefix is part of the wire
|
|
3
|
-
* format, not a
|
|
3
|
+
* format, not a Socket convention.
|
|
4
4
|
*/
|
|
5
5
|
export type HashAlgorithm = 'sha256' | 'sha384' | 'sha512';
|
|
6
6
|
/**
|
|
@@ -209,5 +209,7 @@ export declare class HashMismatchError extends Error {
|
|
|
209
209
|
/**
|
|
210
210
|
* @deprecated Renamed to {@link HashMismatchError}. Alias kept for callers that
|
|
211
211
|
* catch the old name.
|
|
212
|
+
*
|
|
213
|
+
* @unused No internal or Socket consumers (exercised only by its unit tests).
|
|
212
214
|
*/
|
|
213
215
|
export declare const DlxHashMismatchError: typeof HashMismatchError;
|
package/dist/integrity.js
CHANGED
|
@@ -127,7 +127,7 @@ function equalHashes(a, b) {
|
|
|
127
127
|
function integrityToChecksum(input) {
|
|
128
128
|
if (isChecksum(input)) return input;
|
|
129
129
|
const parsed = parseIntegrity(input);
|
|
130
|
-
if (parsed.algorithm !== "sha256") throw new require_primordials_error.TypeErrorCtor(`integrityToChecksum: ${parsed.algorithm} integrity has no 64-hex-char checksum form — checksums are sha256-only by
|
|
130
|
+
if (parsed.algorithm !== "sha256") throw new require_primordials_error.TypeErrorCtor(`integrityToChecksum: ${parsed.algorithm} integrity has no 64-hex-char checksum form — checksums are sha256-only by Socket convention. Use parseHash(x).hex for any algorithm.`);
|
|
131
131
|
return require_primordials_buffer.BufferPrototypeToString(require_primordials_buffer.BufferFrom(parsed.body, "base64"), "hex");
|
|
132
132
|
}
|
|
133
133
|
/**
|
|
@@ -277,6 +277,8 @@ var HashMismatchError = class extends Error {
|
|
|
277
277
|
/**
|
|
278
278
|
* @deprecated Renamed to {@link HashMismatchError}. Alias kept for callers that
|
|
279
279
|
* catch the old name.
|
|
280
|
+
*
|
|
281
|
+
* @unused No internal or Socket consumers (exercised only by its unit tests).
|
|
280
282
|
*/
|
|
281
283
|
const DlxHashMismatchError = HashMismatchError;
|
|
282
284
|
|
package/dist/json/format.js
CHANGED
|
@@ -166,7 +166,10 @@ function shouldSave(currentContent, originalContent, originalFileContent, option
|
|
|
166
166
|
function sortKeys(obj) {
|
|
167
167
|
const sorted = { __proto__: null };
|
|
168
168
|
const keys = require_primordials_object.ObjectKeys(obj).toSorted();
|
|
169
|
-
for (
|
|
169
|
+
for (let i = 0, { length } = keys; i < length; i += 1) {
|
|
170
|
+
const key = keys[i];
|
|
171
|
+
sorted[key] = obj[key];
|
|
172
|
+
}
|
|
170
173
|
return sorted;
|
|
171
174
|
}
|
|
172
175
|
/**
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* public `Logger` surface) and `logger/console-init` (which mutates
|
|
4
4
|
* `Logger.prototype` to mirror `globalConsole`). The `_` prefix keeps this
|
|
5
5
|
* module out of the generated package.json `exports` map (the `dist/**\/_*`
|
|
6
|
-
* ignore pattern in `scripts/
|
|
6
|
+
* ignore pattern in `scripts/fleet/make-package-exports.mts` filters it
|
|
7
7
|
* out), so it is not part of the public surface — it exists only to give the
|
|
8
8
|
* two leaves above a common owner for the WeakMap-backed lazy-init state. Why
|
|
9
9
|
* two WeakMaps instead of `#privateField` slots:
|
|
@@ -43,22 +43,20 @@ export declare const consolePropAttributes: {
|
|
|
43
43
|
export declare const maxIndentation = 1000;
|
|
44
44
|
/**
|
|
45
45
|
* Pre-bound copies of the console methods that need their original `this` to
|
|
46
|
-
* function (e.g., `console.error.bind(globalConsole)`).
|
|
47
|
-
* boundFn]` so `console-init.ts` can apply them onto the per-instance
|
|
48
|
-
* without re-binding on every call.
|
|
46
|
+
* function (e.g., `console.error.bind(globalConsole)`). Returns `[name,
|
|
47
|
+
* boundFn]` pairs so `console-init.ts` can apply them onto the per-instance
|
|
48
|
+
* Console without re-binding on every call.
|
|
49
49
|
*
|
|
50
|
-
*
|
|
51
|
-
*
|
|
52
|
-
*
|
|
53
|
-
*
|
|
54
|
-
*
|
|
55
|
-
* https://github.com/nodejs/node/blob/v24.0.1/lib/internal/console/constructor.js#L230-L265
|
|
56
|
-
* - `group` / `groupCollapsed` / `groupEnd` are explicitly skipped because Node
|
|
57
|
-
* 20 with `--frozen-intrinsics` makes `Symbol(kGroupIndent)` read-only, which
|
|
58
|
-
* the Logger's own group methods avoid by tracking indentation at the prefix
|
|
59
|
-
* layer.
|
|
50
|
+
* Built LAZILY (memoized) rather than at module-eval: `fn.bind(globalConsole)`
|
|
51
|
+
* of a native console method produces a bound function wrapping a native C++
|
|
52
|
+
* function pointer, which serializes as an unresolvable external reference and
|
|
53
|
+
* aborts V8 --build-snapshot. Deferring construction to first Console build
|
|
54
|
+
* keeps the bind-once/reuse win while leaving module import snapshot-safe.
|
|
60
55
|
*/
|
|
61
|
-
export declare
|
|
56
|
+
export declare function getBoundConsoleEntries(): Array<[
|
|
57
|
+
string,
|
|
58
|
+
(...args: unknown[]) => unknown
|
|
59
|
+
]>;
|
|
62
60
|
/**
|
|
63
61
|
* WeakMap storing the Console instance for each Logger.
|
|
64
62
|
*
|
package/dist/logger/_internal.js
CHANGED
|
@@ -9,7 +9,7 @@ const require_primordials_map_set = require('../primordials/map-set.js');
|
|
|
9
9
|
* public `Logger` surface) and `logger/console-init` (which mutates
|
|
10
10
|
* `Logger.prototype` to mirror `globalConsole`). The `_` prefix keeps this
|
|
11
11
|
* module out of the generated package.json `exports` map (the `dist/**\/_*`
|
|
12
|
-
* ignore pattern in `scripts/
|
|
12
|
+
* ignore pattern in `scripts/fleet/make-package-exports.mts` filters it
|
|
13
13
|
* out), so it is not part of the public surface — it exists only to give the
|
|
14
14
|
* two leaves above a common owner for the WeakMap-backed lazy-init state. Why
|
|
15
15
|
* two WeakMaps instead of `#privateField` slots:
|
|
@@ -47,24 +47,7 @@ const consolePropAttributes = {
|
|
|
47
47
|
* huge `n` can't allocate a multi-megabyte string.
|
|
48
48
|
*/
|
|
49
49
|
const maxIndentation = 1e3;
|
|
50
|
-
|
|
51
|
-
* Pre-bound copies of the console methods that need their original `this` to
|
|
52
|
-
* function (e.g., `console.error.bind(globalConsole)`). Mapping `[name,
|
|
53
|
-
* boundFn]` so `console-init.ts` can apply them onto the per-instance Console
|
|
54
|
-
* without re-binding on every call.
|
|
55
|
-
*
|
|
56
|
-
* Notes from the upstream Node implementation:
|
|
57
|
-
*
|
|
58
|
-
* - `_stderrErrorHandler` / `_stdoutErrorHandler` are `kBindProperties`
|
|
59
|
-
* properties — they live on the per-instance Console and need their `this`
|
|
60
|
-
* set to `globalConsole`.
|
|
61
|
-
* https://github.com/nodejs/node/blob/v24.0.1/lib/internal/console/constructor.js#L230-L265
|
|
62
|
-
* - `group` / `groupCollapsed` / `groupEnd` are explicitly skipped because Node
|
|
63
|
-
* 20 with `--frozen-intrinsics` makes `Symbol(kGroupIndent)` read-only, which
|
|
64
|
-
* the Logger's own group methods avoid by tracking indentation at the prefix
|
|
65
|
-
* layer.
|
|
66
|
-
*/
|
|
67
|
-
const boundConsoleEntries = [
|
|
50
|
+
const boundConsoleMethodNames = [
|
|
68
51
|
"_stderrErrorHandler",
|
|
69
52
|
"_stdoutErrorHandler",
|
|
70
53
|
"assert",
|
|
@@ -84,7 +67,24 @@ const boundConsoleEntries = [
|
|
|
84
67
|
"timeLog",
|
|
85
68
|
"trace",
|
|
86
69
|
"warn"
|
|
87
|
-
]
|
|
70
|
+
];
|
|
71
|
+
let boundConsoleEntries;
|
|
72
|
+
/**
|
|
73
|
+
* Pre-bound copies of the console methods that need their original `this` to
|
|
74
|
+
* function (e.g., `console.error.bind(globalConsole)`). Returns `[name,
|
|
75
|
+
* boundFn]` pairs so `console-init.ts` can apply them onto the per-instance
|
|
76
|
+
* Console without re-binding on every call.
|
|
77
|
+
*
|
|
78
|
+
* Built LAZILY (memoized) rather than at module-eval: `fn.bind(globalConsole)`
|
|
79
|
+
* of a native console method produces a bound function wrapping a native C++
|
|
80
|
+
* function pointer, which serializes as an unresolvable external reference and
|
|
81
|
+
* aborts V8 --build-snapshot. Deferring construction to first Console build
|
|
82
|
+
* keeps the bind-once/reuse win while leaving module import snapshot-safe.
|
|
83
|
+
*/
|
|
84
|
+
function getBoundConsoleEntries() {
|
|
85
|
+
if (boundConsoleEntries === void 0) boundConsoleEntries = boundConsoleMethodNames.filter((n) => typeof globalConsole[n] === "function").map((n) => [n, globalConsole[n].bind(globalConsole)]);
|
|
86
|
+
return boundConsoleEntries;
|
|
87
|
+
}
|
|
88
88
|
/**
|
|
89
89
|
* WeakMap storing the Console instance for each Logger.
|
|
90
90
|
*
|
|
@@ -108,8 +108,8 @@ const privateConsole = new require_primordials_map_set.WeakMapCtor();
|
|
|
108
108
|
const privateConstructorArgs = new require_primordials_map_set.WeakMapCtor();
|
|
109
109
|
|
|
110
110
|
//#endregion
|
|
111
|
-
exports.boundConsoleEntries = boundConsoleEntries;
|
|
112
111
|
exports.consolePropAttributes = consolePropAttributes;
|
|
112
|
+
exports.getBoundConsoleEntries = getBoundConsoleEntries;
|
|
113
113
|
exports.globalConsole = globalConsole;
|
|
114
114
|
exports.maxIndentation = maxIndentation;
|
|
115
115
|
exports.privateConsole = privateConsole;
|
package/dist/logger/colors.d.ts
CHANGED
|
@@ -3,8 +3,13 @@
|
|
|
3
3
|
* `yoctocolors-cjs` palette so the logger can accept either a named color
|
|
4
4
|
* (`'green'`) or an explicit RGB tuple (`[255, 0, 0]`); RGB tuples are
|
|
5
5
|
* emitted via the 24-bit `[38;2;...m` escape because `yoctocolors-cjs`
|
|
6
|
-
* doesn't ship an `rgb()` helper.
|
|
6
|
+
* doesn't ship an `rgb()` helper. The vendored palette re-exports from the
|
|
7
|
+
* external-pack mega-bundle, whose module top-level evaluates every packed
|
|
8
|
+
* package — so it is required lazily on first color application (Logger
|
|
9
|
+
* construction at the earliest), keeping `logger/*` importers
|
|
10
|
+
* browser-load-safe and cheap at module init.
|
|
7
11
|
*/
|
|
12
|
+
import type yoctocolorsCjs from '../external/yoctocolors-cjs';
|
|
8
13
|
import type { ColorValue } from '../colors/types';
|
|
9
14
|
/**
|
|
10
15
|
* Apply a color to text using yoctocolors. Handles both named colors and RGB
|
|
@@ -12,6 +17,7 @@ import type { ColorValue } from '../colors/types';
|
|
|
12
17
|
*/
|
|
13
18
|
export declare function applyColor(text: string, color: ColorValue): string;
|
|
14
19
|
/**
|
|
15
|
-
* Get the yoctocolors module for terminal colors.
|
|
20
|
+
* Get the yoctocolors module for terminal colors. Required lazily on first
|
|
21
|
+
* call — see the @file note on the external-pack top-level.
|
|
16
22
|
*/
|
|
17
|
-
export declare function getYoctocolors():
|
|
23
|
+
export declare function getYoctocolors(): typeof yoctocolorsCjs;
|
package/dist/logger/colors.js
CHANGED
|
@@ -1,35 +1,28 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
/* Socket Lib - Built with rolldown */
|
|
3
3
|
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
4
|
-
const require_runtime = require('../_virtual/_rolldown/runtime.js');
|
|
5
|
-
let src_external_yoctocolors_cjs = require("../external/yoctocolors-cjs");
|
|
6
|
-
src_external_yoctocolors_cjs = require_runtime.__toESM(src_external_yoctocolors_cjs);
|
|
7
4
|
|
|
8
5
|
//#region src/logger/colors.ts
|
|
9
|
-
|
|
10
|
-
* @file Color application helpers for `logger/*` modules. Wraps the vendored
|
|
11
|
-
* `yoctocolors-cjs` palette so the logger can accept either a named color
|
|
12
|
-
* (`'green'`) or an explicit RGB tuple (`[255, 0, 0]`); RGB tuples are
|
|
13
|
-
* emitted via the 24-bit `[38;2;...m` escape because `yoctocolors-cjs`
|
|
14
|
-
* doesn't ship an `rgb()` helper.
|
|
15
|
-
*/
|
|
6
|
+
let cachedYoctocolors;
|
|
16
7
|
/**
|
|
17
8
|
* Apply a color to text using yoctocolors. Handles both named colors and RGB
|
|
18
9
|
* tuples.
|
|
19
10
|
*/
|
|
20
11
|
function applyColor(text, color) {
|
|
21
12
|
if (typeof color === "string") {
|
|
22
|
-
const formatter =
|
|
13
|
+
const formatter = getYoctocolors()[color];
|
|
23
14
|
return formatter ? formatter(text) : text;
|
|
24
15
|
}
|
|
25
16
|
const { 0: r, 1: g, 2: b } = color;
|
|
26
17
|
return `\u001B[38;2;${r};${g};${b}m${text}\u001B[39m`;
|
|
27
18
|
}
|
|
28
19
|
/**
|
|
29
|
-
* Get the yoctocolors module for terminal colors.
|
|
20
|
+
* Get the yoctocolors module for terminal colors. Required lazily on first
|
|
21
|
+
* call — see the @file note on the external-pack top-level.
|
|
30
22
|
*/
|
|
31
23
|
function getYoctocolors() {
|
|
32
|
-
|
|
24
|
+
if (cachedYoctocolors === void 0) cachedYoctocolors = require("../external/yoctocolors-cjs");
|
|
25
|
+
return cachedYoctocolors;
|
|
33
26
|
}
|
|
34
27
|
|
|
35
28
|
//#endregion
|
|
@@ -29,7 +29,7 @@ const require_logger_symbols = require('./symbols.js');
|
|
|
29
29
|
* @param message - Optional message and additional arguments to log.
|
|
30
30
|
*/
|
|
31
31
|
function assertMethod(logger, con, value, message) {
|
|
32
|
-
con.assert(value, message[0], ...message.slice(1));
|
|
32
|
+
con.assert(Boolean(value), message[0], ...message.slice(1));
|
|
33
33
|
logger[require_logger_symbols.lastWasBlankSymbol](false);
|
|
34
34
|
return value ? logger : logger[require_logger_symbols.incLogCallCountSymbol]();
|
|
35
35
|
}
|
|
@@ -89,7 +89,7 @@ function dirxmlMethod(logger, con, data) {
|
|
|
89
89
|
* @param properties - Optional array of property names to include.
|
|
90
90
|
*/
|
|
91
91
|
function tableMethod(logger, con, tabularData, properties) {
|
|
92
|
-
con.table(tabularData, properties);
|
|
92
|
+
con.table(tabularData, properties ? [...properties] : void 0);
|
|
93
93
|
logger[require_logger_symbols.lastWasBlankSymbol](false);
|
|
94
94
|
return logger[require_logger_symbols.incLogCallCountSymbol]();
|
|
95
95
|
}
|
package/dist/logger/console.d.ts
CHANGED
|
@@ -19,6 +19,7 @@
|
|
|
19
19
|
* `ensurePrototypeInitialized` actually runs, both modules are fully
|
|
20
20
|
* evaluated. Same pattern as `fs/path-cache` ↔ `fs/_internal`.
|
|
21
21
|
*/
|
|
22
|
+
import type { Console } from 'node:console';
|
|
22
23
|
import { Logger } from './node';
|
|
23
24
|
/**
|
|
24
25
|
* Construct a new Console instance.
|
package/dist/logger/console.js
CHANGED
|
@@ -7,8 +7,8 @@ const require_primordials_reflect = require('../primordials/reflect.js');
|
|
|
7
7
|
const require_logger__internal = require('./_internal.js');
|
|
8
8
|
const require_logger_symbols = require('./symbols.js');
|
|
9
9
|
const require_logger_node = require('./node.js');
|
|
10
|
-
let
|
|
11
|
-
|
|
10
|
+
let process = require("process");
|
|
11
|
+
process = require_runtime.__toESM(process);
|
|
12
12
|
|
|
13
13
|
//#region src/logger/console.ts
|
|
14
14
|
/**
|
|
@@ -39,7 +39,7 @@ let prototypeInitialized = false;
|
|
|
39
39
|
*/
|
|
40
40
|
function constructConsole(...args) {
|
|
41
41
|
/* c8 ignore next - Lazy-init second-call branch; module-singleton. */
|
|
42
|
-
if (cachedConsole === void 0) cachedConsole = (/* @__PURE__ */ require("
|
|
42
|
+
if (cachedConsole === void 0) cachedConsole = (/* @__PURE__ */ require("console")).Console;
|
|
43
43
|
return require_primordials_reflect.ReflectConstruct(cachedConsole, args);
|
|
44
44
|
}
|
|
45
45
|
/**
|
|
@@ -70,10 +70,10 @@ function ensurePrototypeInitialized() {
|
|
|
70
70
|
if (ctorArgs.length) con = constructConsole(...ctorArgs);
|
|
71
71
|
else {
|
|
72
72
|
con = constructConsole({
|
|
73
|
-
stdout:
|
|
74
|
-
stderr:
|
|
73
|
+
stdout: process.default.stdout,
|
|
74
|
+
stderr: process.default.stderr
|
|
75
75
|
});
|
|
76
|
-
for (const { 0: k, 1: method } of require_logger__internal.
|
|
76
|
+
for (const { 0: k, 1: method } of require_logger__internal.getBoundConsoleEntries()) con[k] = method;
|
|
77
77
|
}
|
|
78
78
|
require_logger__internal.privateConsole.set(this, con);
|
|
79
79
|
}
|
|
@@ -109,10 +109,10 @@ function resolveConsole(logger) {
|
|
|
109
109
|
if (ctorArgs.length) con = constructConsole(...ctorArgs);
|
|
110
110
|
else {
|
|
111
111
|
con = constructConsole({
|
|
112
|
-
stdout:
|
|
113
|
-
stderr:
|
|
112
|
+
stdout: process.default.stdout,
|
|
113
|
+
stderr: process.default.stderr
|
|
114
114
|
});
|
|
115
|
-
for (const { 0: key, 1: method } of require_logger__internal.
|
|
115
|
+
for (const { 0: key, 1: method } of require_logger__internal.getBoundConsoleEntries()) con[key] = method;
|
|
116
116
|
}
|
|
117
117
|
require_logger__internal.privateConsole.set(logger, con);
|
|
118
118
|
require_logger__internal.privateConstructorArgs.delete(logger);
|
package/dist/logger/node.js
CHANGED
|
@@ -106,7 +106,8 @@ var Logger = class Logger {
|
|
|
106
106
|
else root.#stdoutLastWasBlank = value;
|
|
107
107
|
}
|
|
108
108
|
#streamChild(stream) {
|
|
109
|
-
const
|
|
109
|
+
const ctorArgs = require_logger__internal.privateConstructorArgs.get(this) ?? [];
|
|
110
|
+
const instance = new Logger(...ctorArgs);
|
|
110
111
|
instance.#parent = this;
|
|
111
112
|
instance.#boundStream = stream;
|
|
112
113
|
instance.#options = {
|
|
@@ -9,11 +9,11 @@ const require_env_windows = require('../env/windows.js');
|
|
|
9
9
|
const require_constants_node = require('../constants/node.js');
|
|
10
10
|
const require_env_node_version_managers = require('../env/node-version-managers.js');
|
|
11
11
|
let node_fs = require("node:fs");
|
|
12
|
+
let node_url = require("node:url");
|
|
12
13
|
let node_process = require("node:process");
|
|
13
14
|
node_process = require_runtime.__toESM(node_process);
|
|
14
15
|
let node_path = require("node:path");
|
|
15
16
|
node_path = require_runtime.__toESM(node_path);
|
|
16
|
-
let node_url = require("node:url");
|
|
17
17
|
let _socketsecurity_lib_stable_process_spawn_child = require("@socketsecurity/lib-stable/process/spawn/child");
|
|
18
18
|
|
|
19
19
|
//#region src/native-messaging/install.ts
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
* That's exactly what we want: an attacker who can force Chrome to relaunch
|
|
15
15
|
* has bigger problems than rate-limiting. Shape patterned after pilcrow's
|
|
16
16
|
* `ratelimit/limit.go` — minimal, in-memory, LRU-evicts at `maxKeys`. The
|
|
17
|
-
*
|
|
17
|
+
* Socket's `socket-lib` already has a TTL-cache module but it's overkill for
|
|
18
18
|
* this one use case; a 50-line bucket is easier to audit.
|
|
19
19
|
*/
|
|
20
20
|
export interface TokenBucketOptions {
|
|
@@ -45,6 +45,9 @@ export interface BucketEntry {
|
|
|
45
45
|
older: BucketEntry | undefined;
|
|
46
46
|
key: string;
|
|
47
47
|
}
|
|
48
|
+
/**
|
|
49
|
+
* @unused No internal or Socket consumers (exercised only by its unit tests).
|
|
50
|
+
*/
|
|
48
51
|
export declare class TokenBucketLimiter {
|
|
49
52
|
#private;
|
|
50
53
|
constructor(options: TokenBucketOptions);
|
|
@@ -20,9 +20,12 @@ const require_primordials_error = require('../primordials/error.js');
|
|
|
20
20
|
* That's exactly what we want: an attacker who can force Chrome to relaunch
|
|
21
21
|
* has bigger problems than rate-limiting. Shape patterned after pilcrow's
|
|
22
22
|
* `ratelimit/limit.go` — minimal, in-memory, LRU-evicts at `maxKeys`. The
|
|
23
|
-
*
|
|
23
|
+
* Socket's `socket-lib` already has a TTL-cache module but it's overkill for
|
|
24
24
|
* this one use case; a 50-line bucket is easier to audit.
|
|
25
25
|
*/
|
|
26
|
+
/**
|
|
27
|
+
* @unused No internal or Socket consumers (exercised only by its unit tests).
|
|
28
|
+
*/
|
|
26
29
|
var TokenBucketLimiter = class {
|
|
27
30
|
#capacity;
|
|
28
31
|
#refillIntervalMs;
|
package/dist/node/events.d.ts
CHANGED
package/dist/node/events.js
CHANGED
|
@@ -5,6 +5,9 @@ const require_constants_runtime = require('../constants/runtime.js');
|
|
|
5
5
|
|
|
6
6
|
//#region src/node/events.ts
|
|
7
7
|
let events;
|
|
8
|
+
/**
|
|
9
|
+
* @unused No internal or Socket consumers (exercised only by its unit tests).
|
|
10
|
+
*/
|
|
8
11
|
function getNodeEvents() {
|
|
9
12
|
if (!require_constants_runtime.IS_NODE) return;
|
|
10
13
|
return events ??= /*@__PURE__*/ require("events");
|
package/dist/node/fs.d.ts
CHANGED
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
* load-time snapshot. Two surfaces: `getNodeFs()` returns the module object
|
|
13
13
|
* with LATE method lookup (spy-able — the test seam); the `fs<Method>` consts
|
|
14
14
|
* (`fsExistsSync`, `fsReadFileSync`, …) are method references FROZEN at load
|
|
15
|
-
* (tamper-proof against a method swap, not spy-able), for
|
|
15
|
+
* (tamper-proof against a method swap, not spy-able), for Socket's hot fs
|
|
16
16
|
* calls. Both stay browser-safe behind IS_NODE + `/*@__PURE__*\/`.
|
|
17
17
|
*/
|
|
18
18
|
import type * as NodeFs from 'node:fs';
|
|
@@ -3,4 +3,7 @@
|
|
|
3
3
|
* rationale shared across all `node/*.ts` lazy-loaders.
|
|
4
4
|
*/
|
|
5
5
|
import type * as NodeTimersPromises from 'node:timers/promises';
|
|
6
|
+
/**
|
|
7
|
+
* @unused No internal or Socket consumers (exercised only by its unit tests).
|
|
8
|
+
*/
|
|
6
9
|
export declare function getNodeTimersPromises(): typeof NodeTimersPromises;
|