@socketsecurity/lib 6.0.9 → 6.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (335) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/README.md +8 -9
  3. package/dist/abort/signal.d.ts +1 -1
  4. package/dist/abort/signal.js +1 -1
  5. package/dist/ai/agent-context.d.mts +1 -1
  6. package/dist/ai/agent-context.js +3 -2
  7. package/dist/ai/backends.d.mts +3 -3
  8. package/dist/ai/backends.js +2 -2
  9. package/dist/ai/billing-context.d.mts +74 -0
  10. package/dist/ai/billing-context.js +129 -0
  11. package/dist/ai/credentials.d.mts +39 -5
  12. package/dist/ai/credentials.js +61 -6
  13. package/dist/ai/discover.d.mts +4 -0
  14. package/dist/ai/discover.js +4 -0
  15. package/dist/ai/exec.d.mts +1 -1
  16. package/dist/ai/exec.js +1 -1
  17. package/dist/ai/http.d.mts +8 -8
  18. package/dist/ai/http.js +6 -6
  19. package/dist/ai/profiles.d.mts +9 -10
  20. package/dist/ai/profiles.js +0 -5
  21. package/dist/ai/role.d.mts +58 -0
  22. package/dist/ai/role.js +96 -0
  23. package/dist/ai/route-heuristic.d.mts +177 -0
  24. package/dist/ai/route-heuristic.js +194 -0
  25. package/dist/ai/route.d.mts +10 -9
  26. package/dist/ai/route.js +14 -13
  27. package/dist/ai/spawn.d.mts +2 -1
  28. package/dist/ai/spawn.js +25 -2
  29. package/dist/ai/subagent-status.d.mts +2 -0
  30. package/dist/ai/subagent-status.js +2 -0
  31. package/dist/ai/tier.d.mts +1 -1
  32. package/dist/ai/types.d.mts +9 -2
  33. package/dist/ai/worktree.d.mts +1 -1
  34. package/dist/ai/worktree.js +3 -2
  35. package/dist/argv/parse.d.ts +2 -0
  36. package/dist/argv/parse.js +2 -0
  37. package/dist/bin/_internal.d.ts +1 -1
  38. package/dist/bin/_internal.js +1 -1
  39. package/dist/bin/prim.cjs +446 -300
  40. package/dist/bin/shadow.js +2 -1
  41. package/dist/bin/which.d.ts +28 -3
  42. package/dist/bin/which.js +45 -3
  43. package/dist/cacache/_internal.d.ts +10 -2
  44. package/dist/cacache/_internal.js +6 -10
  45. package/dist/cache/ttl/_internal.d.ts +33 -0
  46. package/dist/cache/ttl/_internal.js +68 -0
  47. package/dist/cache/ttl/browser.d.ts +56 -0
  48. package/dist/cache/ttl/browser.js +257 -0
  49. package/dist/cache/ttl/store.js +10 -33
  50. package/dist/cache/ttl/types.d.ts +46 -3
  51. package/dist/checks/primordials-defaults.d.ts +5 -5
  52. package/dist/checks/primordials-defaults.js +5 -5
  53. package/dist/checks/primordials.d.ts +1 -1
  54. package/dist/checks/primordials.js +25 -17
  55. package/dist/cli/check-primordials.d.ts +6 -1
  56. package/dist/cli/check-primordials.js +14 -5
  57. package/dist/cli/check.js +1 -1
  58. package/dist/cli/socket-lib.d.ts +1 -1
  59. package/dist/cli/socket-lib.js +3 -3
  60. package/dist/colors/socket-palette.d.ts +1 -1
  61. package/dist/compression/brotli.d.ts +6 -2
  62. package/dist/compression/brotli.js +4 -0
  63. package/dist/compression/gzip.d.ts +6 -2
  64. package/dist/compression/gzip.js +6 -1
  65. package/dist/config/layers.d.ts +4 -4
  66. package/dist/config/layers.js +4 -4
  67. package/dist/constants/agents.d.ts +3 -0
  68. package/dist/constants/agents.js +3 -0
  69. package/dist/constants/node.d.ts +14 -0
  70. package/dist/constants/node.js +14 -0
  71. package/dist/constants/package-default-node-range.js +1 -5
  72. package/dist/constants/packages.d.ts +5 -0
  73. package/dist/constants/packages.js +5 -0
  74. package/dist/constants/platform.d.ts +1 -1
  75. package/dist/constants/platform.js +1 -1
  76. package/dist/constants/socket.js +1 -1
  77. package/dist/constants/typescript.d.ts +5 -0
  78. package/dist/constants/typescript.js +5 -0
  79. package/dist/debug/_internal.d.ts +22 -7
  80. package/dist/debug/_internal.js +33 -15
  81. package/dist/debug/namespace.js +11 -8
  82. package/dist/debug/output.d.ts +12 -1
  83. package/dist/debug/output.js +33 -16
  84. package/dist/dlx/binary-resolution.js +7 -4
  85. package/dist/eco/npm/npm/parse-lockfile.js +2 -1
  86. package/dist/eco/npm/vlt/exec.d.ts +1 -1
  87. package/dist/eco/npm/vlt/exec.js +1 -1
  88. package/dist/env/agents.d.ts +6 -0
  89. package/dist/env/agents.js +29 -0
  90. package/dist/env/flags.d.ts +12 -0
  91. package/dist/env/flags.js +23 -0
  92. package/dist/env/github-status.js +2 -2
  93. package/dist/env/providers.d.ts +6 -0
  94. package/dist/env/providers.js +23 -0
  95. package/dist/env/proxy.js +1 -1
  96. package/dist/env/rewire.d.ts +32 -0
  97. package/dist/env/rewire.js +55 -23
  98. package/dist/env/runtimes.d.ts +9 -0
  99. package/dist/env/runtimes.js +53 -0
  100. package/dist/env/socket-cli.d.ts +5 -2
  101. package/dist/env/socket-cli.js +6 -3
  102. package/dist/errors/predicates.d.ts +3 -2
  103. package/dist/errors/predicates.js +5 -3
  104. package/dist/errors/stack.js +2 -1
  105. package/dist/events/exit/_internal.d.ts +1 -23
  106. package/dist/external/@npmcli/package-json.js +179 -88
  107. package/dist/external/@npmcli/promise-spawn.js +2 -2
  108. package/dist/external/@sinclair/typebox/value.js +5 -4
  109. package/dist/external/@socketregistry/yocto-spinner.js +3 -3
  110. package/dist/external/adm-zip.d.ts +82 -0
  111. package/dist/external/adm-zip.js +2 -2
  112. package/dist/external/cacache.d.ts +87 -0
  113. package/dist/external/debug.d.ts +22 -0
  114. package/dist/external/debug.js +11 -4
  115. package/dist/external/del.d.ts +1 -0
  116. package/dist/external/external-pack.d.ts +12 -0
  117. package/dist/external/external-pack.js +41 -34
  118. package/dist/external/fast-glob.d.ts +8 -0
  119. package/dist/external/fast-sort.d.ts +1 -0
  120. package/dist/external/get-east-asian-width.d.ts +5 -0
  121. package/dist/external/get-east-asian-width.js +8 -1
  122. package/dist/external/has-flag.d.ts +1 -0
  123. package/dist/external/inquirer-pack.d.ts +18 -0
  124. package/dist/external/libnpmexec.d.ts +35 -0
  125. package/dist/external/libnpmpack.d.ts +1 -0
  126. package/dist/external/make-fetch-happen.d.ts +13 -0
  127. package/dist/external/normalize-package-data.d.ts +4 -0
  128. package/dist/external/npm-core.d.ts +14 -0
  129. package/dist/external/npm-pack.d.ts +24 -0
  130. package/dist/external/npm-pack.js +1551 -1867
  131. package/dist/external/npm-package-arg.d.ts +4 -0
  132. package/dist/external/p-map.js +8 -1
  133. package/dist/external/pacote.d.ts +15 -0
  134. package/dist/external/pico-pack.d.ts +16 -0
  135. package/dist/external/pico-pack.js +38 -23
  136. package/dist/external/picomatch.d.ts +96 -0
  137. package/dist/external/pony-cause.d.ts +14 -0
  138. package/dist/external/semver.d.ts +60 -0
  139. package/dist/external/semver.js +1459 -4
  140. package/dist/external/shell-quote.d.ts +51 -0
  141. package/dist/external/shell-quote.js +55 -15
  142. package/dist/external/signal-exit.d.ts +1 -0
  143. package/dist/external/spdx-correct.d.ts +4 -0
  144. package/dist/external/spdx-expression-parse.d.ts +4 -0
  145. package/dist/external/spdx-pack.d.ts +10 -0
  146. package/dist/external/std-env.d.ts +284 -0
  147. package/dist/external/std-env.js +323 -0
  148. package/dist/external/streaming-iterables.d.ts +11 -0
  149. package/dist/external/supports-color.d.ts +1 -0
  150. package/dist/external/tar-fs.d.ts +31 -0
  151. package/dist/external/validate-npm-package-name.d.ts +4 -0
  152. package/dist/external/which.d.ts +25 -0
  153. package/dist/external/which.js +2 -2
  154. package/dist/external/yargs-parser.d.ts +2 -0
  155. package/dist/external/yargs-parser.js +11 -3
  156. package/dist/external/yoctocolors-cjs.d.ts +51 -0
  157. package/dist/external-tools/bazel/asset-names.d.ts +1 -1
  158. package/dist/external-tools/bazel/from-download.d.ts +1 -1
  159. package/dist/external-tools/bazel/resolve.d.ts +3 -0
  160. package/dist/external-tools/bazel/resolve.js +3 -0
  161. package/dist/external-tools/cdxgen/asset-names.d.ts +5 -5
  162. package/dist/external-tools/cdxgen/asset-names.js +3 -3
  163. package/dist/external-tools/cdxgen/from-download.d.ts +2 -2
  164. package/dist/external-tools/cdxgen/from-download.js +1 -1
  165. package/dist/external-tools/cdxgen/resolve.d.ts +4 -1
  166. package/dist/external-tools/cdxgen/resolve.js +4 -1
  167. package/dist/external-tools/cdxgen/types.d.ts +1 -1
  168. package/dist/external-tools/from-download.d.ts +2 -2
  169. package/dist/external-tools/from-download.js +1 -1
  170. package/dist/external-tools/janus/asset-names.d.ts +4 -1
  171. package/dist/external-tools/janus/asset-names.js +3 -0
  172. package/dist/external-tools/janus/from-download.d.ts +3 -3
  173. package/dist/external-tools/janus/from-download.js +2 -2
  174. package/dist/external-tools/janus/resolve.d.ts +3 -0
  175. package/dist/external-tools/janus/resolve.js +3 -0
  176. package/dist/external-tools/jre/asset-names.d.ts +3 -1
  177. package/dist/external-tools/jre/asset-names.js +2 -0
  178. package/dist/external-tools/jre/from-download.d.ts +1 -1
  179. package/dist/external-tools/manifest.d.ts +5 -3
  180. package/dist/external-tools/manifest.js +4 -2
  181. package/dist/external-tools/opengrep/asset-names.d.ts +1 -1
  182. package/dist/external-tools/opengrep/resolve.d.ts +3 -0
  183. package/dist/external-tools/opengrep/resolve.js +3 -0
  184. package/dist/external-tools/python/asset-names.d.ts +3 -1
  185. package/dist/external-tools/python/asset-names.js +7 -3
  186. package/dist/external-tools/python/pin.js +3 -1
  187. package/dist/external-tools/python/resolve.d.ts +3 -0
  188. package/dist/external-tools/python/resolve.js +3 -0
  189. package/dist/external-tools/sbt/resolve.d.ts +3 -0
  190. package/dist/external-tools/sbt/resolve.js +3 -0
  191. package/dist/external-tools/skillspector/from-uv.d.ts +1 -1
  192. package/dist/external-tools/synp/resolve.d.ts +3 -0
  193. package/dist/external-tools/synp/resolve.js +3 -0
  194. package/dist/external-tools/trivy/asset-names.d.ts +1 -1
  195. package/dist/external-tools/trivy/resolve.d.ts +3 -0
  196. package/dist/external-tools/trivy/resolve.js +3 -0
  197. package/dist/external-tools/trufflehog/asset-names.d.ts +4 -1
  198. package/dist/external-tools/trufflehog/asset-names.js +3 -0
  199. package/dist/external-tools/trufflehog/from-download.d.ts +1 -1
  200. package/dist/external-tools/trufflehog/resolve.d.ts +3 -0
  201. package/dist/external-tools/trufflehog/resolve.js +3 -0
  202. package/dist/external-tools/uv/asset-names.d.ts +1 -1
  203. package/dist/external-tools/uv/resolve.d.ts +3 -0
  204. package/dist/external-tools/uv/resolve.js +3 -0
  205. package/dist/fleet/repo-config.d.ts +8 -6
  206. package/dist/fleet/repo-config.js +8 -6
  207. package/dist/fs/_internal.d.ts +1 -1
  208. package/dist/fs/_internal.js +1 -1
  209. package/dist/fs/access.d.ts +2 -0
  210. package/dist/fs/access.js +2 -0
  211. package/dist/fs/allowed-dirs-cache.js +5 -3
  212. package/dist/fs/find.js +1 -2
  213. package/dist/fs/inspect.d.ts +2 -2
  214. package/dist/fs/read-file.js +3 -4
  215. package/dist/fs/safe.js +1 -1
  216. package/dist/git/_internal.js +5 -1
  217. package/dist/github/commit.d.ts +92 -0
  218. package/dist/github/commit.js +113 -0
  219. package/dist/github/ghsa.js +1 -1
  220. package/dist/github/refs-graphql.js +1 -1
  221. package/dist/github/request.js +1 -1
  222. package/dist/github/token.d.ts +5 -2
  223. package/dist/github/token.js +6 -4
  224. package/dist/github/workflow-runs.d.ts +107 -0
  225. package/dist/github/workflow-runs.js +98 -0
  226. package/dist/http-request/_internal.d.ts +1 -1
  227. package/dist/http-request/browser.d.ts +6 -0
  228. package/dist/http-request/browser.js +3 -2
  229. package/dist/http-request/download.js +2 -0
  230. package/dist/http-request/headers.d.ts +1 -1
  231. package/dist/http-request/headers.js +1 -1
  232. package/dist/http-request/request-attempt.js +6 -3
  233. package/dist/http-request/request-types.d.ts +10 -1
  234. package/dist/http-request/request.js +2 -2
  235. package/dist/http-request/user-agent.d.ts +23 -2
  236. package/dist/http-request/user-agent.js +48 -6
  237. package/dist/integrity.d.ts +3 -1
  238. package/dist/integrity.js +3 -1
  239. package/dist/json/format.js +4 -1
  240. package/dist/logger/_internal.d.ts +13 -15
  241. package/dist/logger/_internal.js +21 -21
  242. package/dist/logger/colors.d.ts +9 -3
  243. package/dist/logger/colors.js +6 -13
  244. package/dist/logger/console-methods.js +2 -2
  245. package/dist/logger/console.d.ts +1 -0
  246. package/dist/logger/console.js +9 -9
  247. package/dist/logger/node.js +2 -1
  248. package/dist/native-messaging/install.js +1 -1
  249. package/dist/native-messaging/rate-limit.d.ts +4 -1
  250. package/dist/native-messaging/rate-limit.js +4 -1
  251. package/dist/node/events.d.ts +3 -0
  252. package/dist/node/events.js +3 -0
  253. package/dist/node/fs.d.ts +1 -1
  254. package/dist/node/timers-promises.d.ts +3 -0
  255. package/dist/node/timers-promises.js +3 -0
  256. package/dist/node/url.d.ts +3 -0
  257. package/dist/node/url.js +3 -0
  258. package/dist/npm/meta-cache.d.ts +183 -0
  259. package/dist/npm/meta-cache.js +318 -0
  260. package/dist/npm/meta-slice.d.ts +27 -0
  261. package/dist/npm/meta-slice.js +68 -0
  262. package/dist/npm/meta-types.d.ts +282 -0
  263. package/dist/npm/meta-types.js +2 -0
  264. package/dist/npm/meta.d.ts +125 -0
  265. package/dist/npm/meta.js +347 -0
  266. package/dist/npm/registry.d.ts +212 -0
  267. package/dist/npm/registry.js +284 -0
  268. package/dist/objects/getters.d.ts +1 -1
  269. package/dist/objects/getters.js +1 -1
  270. package/dist/packages/manifest.js +6 -7
  271. package/dist/packages/metadata-extensions.js +2 -4
  272. package/dist/packages/provenance.d.ts +8 -0
  273. package/dist/packages/provenance.js +8 -0
  274. package/dist/packages/tarball.js +1 -2
  275. package/dist/packages/validation.d.ts +0 -10
  276. package/dist/packages/validation.js +0 -14
  277. package/dist/paths/exts.d.ts +30 -0
  278. package/dist/paths/exts.js +30 -0
  279. package/dist/paths/filenames.d.ts +6 -0
  280. package/dist/paths/filenames.js +6 -0
  281. package/dist/paths/globs.d.ts +6 -0
  282. package/dist/paths/globs.js +6 -0
  283. package/dist/paths/resolve.js +19 -14
  284. package/dist/paths/socket.d.ts +8 -8
  285. package/dist/paths/socket.js +8 -8
  286. package/dist/perf/report.js +4 -2
  287. package/dist/pkg-ext/data.js +0 -2
  288. package/dist/primordials/globals.d.ts +1 -1
  289. package/dist/primordials/globals.js +1 -1
  290. package/dist/primordials/headers.d.ts +13 -1
  291. package/dist/primordials/headers.js +13 -1
  292. package/dist/primordials/process.d.ts +1 -1
  293. package/dist/primordials/process.js +1 -1
  294. package/dist/primordials/url.d.ts +18 -0
  295. package/dist/primordials/url.js +18 -0
  296. package/dist/process/spawn/child.js +3 -5
  297. package/dist/promises/_internal.d.ts +1 -1
  298. package/dist/promises/_internal.js +1 -2
  299. package/dist/promises/options.js +3 -3
  300. package/dist/releases/socket-btm-binary-naming.js +12 -1
  301. package/dist/secrets/_internal.d.ts +1 -1
  302. package/dist/secrets/_internal.js +1 -1
  303. package/dist/secrets/find.d.ts +2 -2
  304. package/dist/secrets/find.js +2 -2
  305. package/dist/secrets/keychain.d.ts +10 -1
  306. package/dist/secrets/keychain.js +10 -1
  307. package/dist/secrets/socket-api-token.d.ts +1 -1
  308. package/dist/secrets/socket-api-token.js +1 -1
  309. package/dist/secrets/types.d.ts +1 -1
  310. package/dist/smol/http.d.ts +2 -0
  311. package/dist/smol/http.js +2 -0
  312. package/dist/smol/https.d.ts +2 -0
  313. package/dist/smol/https.js +2 -0
  314. package/dist/sorts/_internal.d.ts +2 -3
  315. package/dist/sorts/_internal.js +1 -3
  316. package/dist/spinner/format.js +2 -4
  317. package/dist/stdio/footer.js +8 -7
  318. package/dist/stdio/prompts.d.ts +8 -15
  319. package/dist/stdio/prompts.js +18 -29
  320. package/dist/strings/predicates.d.ts +2 -2
  321. package/dist/strings/search.js +1 -1
  322. package/dist/strings/types.d.ts +4 -0
  323. package/dist/strings/width.d.ts +1 -0
  324. package/dist/strings/width.js +17 -8
  325. package/dist/themes/context.d.ts +13 -0
  326. package/dist/themes/context.js +23 -8
  327. package/dist/versions/_internal.d.ts +43 -13
  328. package/dist/versions/_internal.js +27 -15
  329. package/dist/versions/compare.d.ts +16 -10
  330. package/dist/versions/compare.js +36 -16
  331. package/dist/versions/parse.js +1 -1
  332. package/dist/versions/range.js +3 -2
  333. package/dist/words/pluralize.js +4 -1
  334. package/llms.txt +63 -750
  335. package/package.json +200 -35
@@ -24,7 +24,7 @@ const RETRY_AFTER_INT_RE = /^\d+$/;
24
24
  * Build an HTTP Basic `Authorization` header value from a Socket API token.
25
25
  *
26
26
  * The Socket API uses the token as the username with an empty password, so the
27
- * credential pair is `<token>:`. Centralized here so every fleet caller emits
27
+ * credential pair is `<token>:`. Centralized here so every Socket caller emits
28
28
  * the identical shape instead of hand-rolling `btoa(\`${token}:`)`.
29
29
  *
30
30
  * @example
@@ -118,7 +118,7 @@ async function httpRequestAttempt(url, options) {
118
118
  let redirectHeaders = headers;
119
119
  if (new require_primordials_url.URLCtor(url).origin !== redirectParsed.origin) {
120
120
  redirectHeaders = { __proto__: null };
121
- const stripped = new Set([
121
+ const stripped = /* @__PURE__ */ new Set([
122
122
  "authorization",
123
123
  "cookie",
124
124
  "proxy-authenticate",
@@ -173,7 +173,9 @@ async function httpRequestAttempt(url, options) {
173
173
  if (maxResponseSize && totalBytes > maxResponseSize) {
174
174
  res.destroy();
175
175
  request.destroy();
176
- rejectOnce(new require_primordials_error.ErrorCtor(`Response exceeds maximum size limit (${(totalBytes / (1024 * 1024)).toFixed(2)}MB > ${(maxResponseSize / (1024 * 1024)).toFixed(2)}MB)`));
176
+ const sizeMB = (totalBytes / (1024 * 1024)).toFixed(2);
177
+ const maxMB = (maxResponseSize / (1024 * 1024)).toFixed(2);
178
+ rejectOnce(new require_primordials_error.ErrorCtor(`Response exceeds maximum size limit (${sizeMB}MB > ${maxMB}MB)`));
177
179
  return;
178
180
  }
179
181
  chunks.push(chunk);
@@ -213,7 +215,8 @@ async function httpRequestAttempt(url, options) {
213
215
  });
214
216
  });
215
217
  request.on("error", (error) => {
216
- rejectOnce(new require_primordials_error.ErrorCtor(require_http_request_errors.enrichErrorMessage(url, method, error), { cause: error }));
218
+ const message = require_http_request_errors.enrichErrorMessage(url, method, error);
219
+ rejectOnce(new require_primordials_error.ErrorCtor(message, { cause: error }));
217
220
  });
218
221
  request.on("timeout", () => {
219
222
  request.destroy();
@@ -199,7 +199,7 @@ export interface HttpRequestOptions {
199
199
  onRetry?: ((attempt: number, error: unknown, delay: number) => boolean | number | undefined) | undefined;
200
200
  /**
201
201
  * Number of retry attempts for failed requests. Uses exponential backoff:
202
- * delay = `retryDelay` * 2^attempt.
202
+ * delay = min(`retryDelay` * 2^attempt, `retryDelayMax`).
203
203
  *
204
204
  * @default 0
205
205
  */
@@ -211,6 +211,15 @@ export interface HttpRequestOptions {
211
211
  * @default 1000
212
212
  */
213
213
  retryDelay?: number | undefined;
214
+ /**
215
+ * Maximum delay in milliseconds for a single backoff wait. Caps the
216
+ * exponential growth (`retryDelay` * 2^attempt) so a high `retries` count
217
+ * can't produce multi-minute waits. An explicit `onRetry`-returned delay is
218
+ * not capped — that is the caller's deliberate choice.
219
+ *
220
+ * @default 30000
221
+ */
222
+ retryDelayMax?: number | undefined;
214
223
  /**
215
224
  * AbortSignal forwarded to the underlying `http.request` / `https.request`
216
225
  * call. Supported in Node 22+ via `node:http` request options. When both
@@ -65,7 +65,7 @@ let node_timers_promises = require("node:timers/promises");
65
65
  * non-retryable error happens.
66
66
  */
67
67
  async function httpRequest(url, options) {
68
- const { body, ca, followRedirects = true, headers = {}, hooks, maxRedirects = 5, maxResponseSize, method = "GET", onRetry, retries = 0, retryDelay = 1e3, signal, stream = false, throwOnError = false, timeout = 3e4 } = {
68
+ const { body, ca, followRedirects = true, headers = {}, hooks, maxRedirects = 5, maxResponseSize, method = "GET", onRetry, retries = 0, retryDelay = 1e3, retryDelayMax = 3e4, signal, stream = false, throwOnError = false, timeout = 3e4 } = {
69
69
  __proto__: null,
70
70
  ...options
71
71
  };
@@ -104,7 +104,7 @@ async function httpRequest(url, options) {
104
104
  lastError = e;
105
105
  if (attempt === retries) break;
106
106
  if (signal?.aborted) break;
107
- const delayMs = retryDelay * 2 ** attempt;
107
+ const delayMs = require_primordials_math.MathMin(retryDelay * 2 ** attempt, retryDelayMax);
108
108
  if (onRetry) {
109
109
  const retryResult = onRetry(attempt + 1, e, delayMs);
110
110
  if (retryResult === false) break;
@@ -3,7 +3,7 @@
3
3
  * Three-token format aligned with socket-cli's `getCliUserAgent` and
4
4
  * coana-tech-cli's `configureAxiosUserAgent`: `<slug>/<version>
5
5
  * node/<node-version> <platform>/<arch>` e.g. `socketsecurity-lib/6.0.0
6
- * node/v22.10.0 darwin/arm64` Downstream callers (sdxgen SEA binary, fleet
6
+ * node/v22.10.0 darwin/arm64` Downstream callers (sdxgen SEA binary, Socket
7
7
  * CLIs, etc.) can identify themselves via the `SOCKET_CALLER_USER_AGENT` env
8
8
  * var, which is appended to the lib's own UA so the server still sees the lib
9
9
  * identifier. @example import { getSocketCallerUserAgent } from
@@ -16,7 +16,7 @@
16
16
  *
17
17
  * Used directly by socket-lib's own outbound requests (via
18
18
  * `getSocketCallerUserAgent`) and exported for sibling packages (socket-cli,
19
- * socket-sdk-js) so the fleet emits one canonical UA shape.
19
+ * socket-sdk-js) so Socket emits one canonical UA shape.
20
20
  *
21
21
  * @example
22
22
  * ;```typescript
@@ -31,6 +31,18 @@ export declare function buildUserAgent(pkg: {
31
31
  name: string;
32
32
  version: string;
33
33
  }, caller?: string | undefined): string;
34
+ /**
35
+ * Chain User-Agent fragments into a breadcrumb trail, ordered identity → hop
36
+ * (the immediate agent first, each forwarded caller after) so it reads
37
+ * left-to-right and a server's UA parser buckets by the immediate agent. Each
38
+ * fragment is sanitized; empties are dropped; an immediately-repeated fragment
39
+ * is collapsed so re-proxying doesn't stutter the same hop twice.
40
+ *
41
+ * @example
42
+ * chainUserAgents(['socketsecurity-firewall-api-proxy/0.0.0', 'vlt/1.2.3'])
43
+ * // 'socketsecurity-firewall-api-proxy/0.0.0 vlt/1.2.3'
44
+ */
45
+ export declare function chainUserAgents(parts: ReadonlyArray<string | undefined>): string;
34
46
  /**
35
47
  * User-Agent header for socket-lib's own outbound HTTP requests.
36
48
  *
@@ -53,3 +65,12 @@ export declare function buildUserAgent(pkg: {
53
65
  * ```
54
66
  */
55
67
  export declare function getSocketCallerUserAgent(): string;
68
+ /**
69
+ * Sanitize a single User-Agent fragment for safe inclusion in an outgoing HTTP
70
+ * header. A caller identifier (`SOCKET_CALLER_USER_AGENT`, or a UA a proxy
71
+ * forwards on behalf of its client) is untrusted, so strip control chars (C0
72
+ * incl. CR/LF — the header- and log-injection vector — DEL, and C1), collapse
73
+ * internal whitespace to one space, trim, and cap length. Returns '' for
74
+ * nullish / blank / all-control input.
75
+ */
76
+ export declare function sanitizeUserAgent(value: string | undefined): string;
@@ -2,7 +2,9 @@
2
2
  /* Socket Lib - Built with rolldown */
3
3
  Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
4
4
  const require_runtime = require('../_virtual/_rolldown/runtime.js');
5
+ const require_primordials_string = require('../primordials/string.js');
5
6
  const require_env_rewire = require('../env/rewire.js');
7
+ const require_primordials_array = require('../primordials/array.js');
6
8
  const require_constants_socket = require('../constants/socket.js');
7
9
  const require_packages_specs = require('../packages/specs.js');
8
10
  let node_process = require("node:process");
@@ -14,20 +16,22 @@ node_process = require_runtime.__toESM(node_process);
14
16
  * Three-token format aligned with socket-cli's `getCliUserAgent` and
15
17
  * coana-tech-cli's `configureAxiosUserAgent`: `<slug>/<version>
16
18
  * node/<node-version> <platform>/<arch>` e.g. `socketsecurity-lib/6.0.0
17
- * node/v22.10.0 darwin/arm64` Downstream callers (sdxgen SEA binary, fleet
19
+ * node/v22.10.0 darwin/arm64` Downstream callers (sdxgen SEA binary, Socket
18
20
  * CLIs, etc.) can identify themselves via the `SOCKET_CALLER_USER_AGENT` env
19
21
  * var, which is appended to the lib's own UA so the server still sees the lib
20
22
  * identifier. @example import { getSocketCallerUserAgent } from
21
23
  * '@socketsecurity/lib/http-request/user-agent'
22
24
  * request.setHeader('User-Agent', getSocketCallerUserAgent())
23
25
  */
26
+ const MAX_USER_AGENT_LENGTH = 256;
27
+ let cachedBaseUserAgent;
24
28
  /**
25
29
  * Compose a three-token User-Agent string from a `{ name, version }` pair,
26
30
  * optionally appending a caller-supplied identifier.
27
31
  *
28
32
  * Used directly by socket-lib's own outbound requests (via
29
33
  * `getSocketCallerUserAgent`) and exported for sibling packages (socket-cli,
30
- * socket-sdk-js) so the fleet emits one canonical UA shape.
34
+ * socket-sdk-js) so Socket emits one canonical UA shape.
31
35
  *
32
36
  * @example
33
37
  * ;```typescript
@@ -40,9 +44,27 @@ node_process = require_runtime.__toESM(node_process);
40
44
  */
41
45
  function buildUserAgent(pkg, caller) {
42
46
  const base = `${require_packages_specs.pkgNameToSlug(pkg.name)}/${pkg.version} node/${node_process.default.version} ${node_process.default.platform}/${node_process.default.arch}`;
43
- return caller ? `${base} ${caller}` : base;
47
+ return caller ? chainUserAgents([base, caller]) : base;
48
+ }
49
+ /**
50
+ * Chain User-Agent fragments into a breadcrumb trail, ordered identity → hop
51
+ * (the immediate agent first, each forwarded caller after) so it reads
52
+ * left-to-right and a server's UA parser buckets by the immediate agent. Each
53
+ * fragment is sanitized; empties are dropped; an immediately-repeated fragment
54
+ * is collapsed so re-proxying doesn't stutter the same hop twice.
55
+ *
56
+ * @example
57
+ * chainUserAgents(['socketsecurity-firewall-api-proxy/0.0.0', 'vlt/1.2.3'])
58
+ * // 'socketsecurity-firewall-api-proxy/0.0.0 vlt/1.2.3'
59
+ */
60
+ function chainUserAgents(parts) {
61
+ const trail = [];
62
+ for (let i = 0, { length } = parts; i < length; i += 1) {
63
+ const clean = sanitizeUserAgent(parts[i]);
64
+ if (clean && trail[trail.length - 1] !== clean) require_primordials_array.ArrayPrototypePush(trail, clean);
65
+ }
66
+ return require_primordials_array.ArrayPrototypeJoin(trail, " ");
44
67
  }
45
- let cachedBaseUserAgent;
46
68
  /**
47
69
  * User-Agent header for socket-lib's own outbound HTTP requests.
48
70
  *
@@ -70,9 +92,29 @@ function getSocketCallerUserAgent() {
70
92
  version: require_constants_socket.SOCKET_LIB_VERSION
71
93
  });
72
94
  const caller = require_env_rewire.getEnvValue("SOCKET_CALLER_USER_AGENT");
73
- return caller?.trim() ? `${cachedBaseUserAgent} ${caller}` : cachedBaseUserAgent;
95
+ return chainUserAgents([cachedBaseUserAgent, caller]);
96
+ }
97
+ /**
98
+ * Sanitize a single User-Agent fragment for safe inclusion in an outgoing HTTP
99
+ * header. A caller identifier (`SOCKET_CALLER_USER_AGENT`, or a UA a proxy
100
+ * forwards on behalf of its client) is untrusted, so strip control chars (C0
101
+ * incl. CR/LF — the header- and log-injection vector — DEL, and C1), collapse
102
+ * internal whitespace to one space, trim, and cap length. Returns '' for
103
+ * nullish / blank / all-control input.
104
+ */
105
+ function sanitizeUserAgent(value) {
106
+ if (!value) return "";
107
+ let cleaned = "";
108
+ for (let i = 0, { length } = value; i < length; i += 1) {
109
+ const code = require_primordials_string.StringPrototypeCharCodeAt(value, i);
110
+ cleaned += code < 32 || code >= 127 && code <= 159 ? " " : require_primordials_string.StringPrototypeCharAt(value, i);
111
+ }
112
+ cleaned = require_primordials_string.StringPrototypeTrim(require_primordials_string.StringPrototypeReplace(cleaned, /\s+/g, " "));
113
+ return cleaned.length > MAX_USER_AGENT_LENGTH ? require_primordials_string.StringPrototypeTrim(require_primordials_string.StringPrototypeSlice(cleaned, 0, MAX_USER_AGENT_LENGTH)) : cleaned;
74
114
  }
75
115
 
76
116
  //#endregion
77
117
  exports.buildUserAgent = buildUserAgent;
78
- exports.getSocketCallerUserAgent = getSocketCallerUserAgent;
118
+ exports.chainUserAgents = chainUserAgents;
119
+ exports.getSocketCallerUserAgent = getSocketCallerUserAgent;
120
+ exports.sanitizeUserAgent = sanitizeUserAgent;
@@ -1,6 +1,6 @@
1
1
  /**
2
2
  * SRI-blessed hash algorithms. The W3C set; the prefix is part of the wire
3
- * format, not a fleet convention.
3
+ * format, not a Socket convention.
4
4
  */
5
5
  export type HashAlgorithm = 'sha256' | 'sha384' | 'sha512';
6
6
  /**
@@ -209,5 +209,7 @@ export declare class HashMismatchError extends Error {
209
209
  /**
210
210
  * @deprecated Renamed to {@link HashMismatchError}. Alias kept for callers that
211
211
  * catch the old name.
212
+ *
213
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
212
214
  */
213
215
  export declare const DlxHashMismatchError: typeof HashMismatchError;
package/dist/integrity.js CHANGED
@@ -127,7 +127,7 @@ function equalHashes(a, b) {
127
127
  function integrityToChecksum(input) {
128
128
  if (isChecksum(input)) return input;
129
129
  const parsed = parseIntegrity(input);
130
- if (parsed.algorithm !== "sha256") throw new require_primordials_error.TypeErrorCtor(`integrityToChecksum: ${parsed.algorithm} integrity has no 64-hex-char checksum form — checksums are sha256-only by fleet convention. Use parseHash(x).hex for any algorithm.`);
130
+ if (parsed.algorithm !== "sha256") throw new require_primordials_error.TypeErrorCtor(`integrityToChecksum: ${parsed.algorithm} integrity has no 64-hex-char checksum form — checksums are sha256-only by Socket convention. Use parseHash(x).hex for any algorithm.`);
131
131
  return require_primordials_buffer.BufferPrototypeToString(require_primordials_buffer.BufferFrom(parsed.body, "base64"), "hex");
132
132
  }
133
133
  /**
@@ -277,6 +277,8 @@ var HashMismatchError = class extends Error {
277
277
  /**
278
278
  * @deprecated Renamed to {@link HashMismatchError}. Alias kept for callers that
279
279
  * catch the old name.
280
+ *
281
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
280
282
  */
281
283
  const DlxHashMismatchError = HashMismatchError;
282
284
 
@@ -166,7 +166,10 @@ function shouldSave(currentContent, originalContent, originalFileContent, option
166
166
  function sortKeys(obj) {
167
167
  const sorted = { __proto__: null };
168
168
  const keys = require_primordials_object.ObjectKeys(obj).toSorted();
169
- for (const key of keys) sorted[key] = obj[key];
169
+ for (let i = 0, { length } = keys; i < length; i += 1) {
170
+ const key = keys[i];
171
+ sorted[key] = obj[key];
172
+ }
170
173
  return sorted;
171
174
  }
172
175
  /**
@@ -3,7 +3,7 @@
3
3
  * public `Logger` surface) and `logger/console-init` (which mutates
4
4
  * `Logger.prototype` to mirror `globalConsole`). The `_` prefix keeps this
5
5
  * module out of the generated package.json `exports` map (the `dist/**\/_*`
6
- * ignore pattern in `scripts/post-build/make-package-exports.mts` filters it
6
+ * ignore pattern in `scripts/fleet/make-package-exports.mts` filters it
7
7
  * out), so it is not part of the public surface — it exists only to give the
8
8
  * two leaves above a common owner for the WeakMap-backed lazy-init state. Why
9
9
  * two WeakMaps instead of `#privateField` slots:
@@ -43,22 +43,20 @@ export declare const consolePropAttributes: {
43
43
  export declare const maxIndentation = 1000;
44
44
  /**
45
45
  * Pre-bound copies of the console methods that need their original `this` to
46
- * function (e.g., `console.error.bind(globalConsole)`). Mapping `[name,
47
- * boundFn]` so `console-init.ts` can apply them onto the per-instance Console
48
- * without re-binding on every call.
46
+ * function (e.g., `console.error.bind(globalConsole)`). Returns `[name,
47
+ * boundFn]` pairs so `console-init.ts` can apply them onto the per-instance
48
+ * Console without re-binding on every call.
49
49
  *
50
- * Notes from the upstream Node implementation:
51
- *
52
- * - `_stderrErrorHandler` / `_stdoutErrorHandler` are `kBindProperties`
53
- * properties they live on the per-instance Console and need their `this`
54
- * set to `globalConsole`.
55
- * https://github.com/nodejs/node/blob/v24.0.1/lib/internal/console/constructor.js#L230-L265
56
- * - `group` / `groupCollapsed` / `groupEnd` are explicitly skipped because Node
57
- * 20 with `--frozen-intrinsics` makes `Symbol(kGroupIndent)` read-only, which
58
- * the Logger's own group methods avoid by tracking indentation at the prefix
59
- * layer.
50
+ * Built LAZILY (memoized) rather than at module-eval: `fn.bind(globalConsole)`
51
+ * of a native console method produces a bound function wrapping a native C++
52
+ * function pointer, which serializes as an unresolvable external reference and
53
+ * aborts V8 --build-snapshot. Deferring construction to first Console build
54
+ * keeps the bind-once/reuse win while leaving module import snapshot-safe.
60
55
  */
61
- export declare const boundConsoleEntries: [string, (...args: unknown[]) => unknown][];
56
+ export declare function getBoundConsoleEntries(): Array<[
57
+ string,
58
+ (...args: unknown[]) => unknown
59
+ ]>;
62
60
  /**
63
61
  * WeakMap storing the Console instance for each Logger.
64
62
  *
@@ -9,7 +9,7 @@ const require_primordials_map_set = require('../primordials/map-set.js');
9
9
  * public `Logger` surface) and `logger/console-init` (which mutates
10
10
  * `Logger.prototype` to mirror `globalConsole`). The `_` prefix keeps this
11
11
  * module out of the generated package.json `exports` map (the `dist/**\/_*`
12
- * ignore pattern in `scripts/post-build/make-package-exports.mts` filters it
12
+ * ignore pattern in `scripts/fleet/make-package-exports.mts` filters it
13
13
  * out), so it is not part of the public surface — it exists only to give the
14
14
  * two leaves above a common owner for the WeakMap-backed lazy-init state. Why
15
15
  * two WeakMaps instead of `#privateField` slots:
@@ -47,24 +47,7 @@ const consolePropAttributes = {
47
47
  * huge `n` can't allocate a multi-megabyte string.
48
48
  */
49
49
  const maxIndentation = 1e3;
50
- /**
51
- * Pre-bound copies of the console methods that need their original `this` to
52
- * function (e.g., `console.error.bind(globalConsole)`). Mapping `[name,
53
- * boundFn]` so `console-init.ts` can apply them onto the per-instance Console
54
- * without re-binding on every call.
55
- *
56
- * Notes from the upstream Node implementation:
57
- *
58
- * - `_stderrErrorHandler` / `_stdoutErrorHandler` are `kBindProperties`
59
- * properties — they live on the per-instance Console and need their `this`
60
- * set to `globalConsole`.
61
- * https://github.com/nodejs/node/blob/v24.0.1/lib/internal/console/constructor.js#L230-L265
62
- * - `group` / `groupCollapsed` / `groupEnd` are explicitly skipped because Node
63
- * 20 with `--frozen-intrinsics` makes `Symbol(kGroupIndent)` read-only, which
64
- * the Logger's own group methods avoid by tracking indentation at the prefix
65
- * layer.
66
- */
67
- const boundConsoleEntries = [
50
+ const boundConsoleMethodNames = [
68
51
  "_stderrErrorHandler",
69
52
  "_stdoutErrorHandler",
70
53
  "assert",
@@ -84,7 +67,24 @@ const boundConsoleEntries = [
84
67
  "timeLog",
85
68
  "trace",
86
69
  "warn"
87
- ].filter((n) => typeof globalConsole[n] === "function").map((n) => [n, globalConsole[n].bind(globalConsole)]);
70
+ ];
71
+ let boundConsoleEntries;
72
+ /**
73
+ * Pre-bound copies of the console methods that need their original `this` to
74
+ * function (e.g., `console.error.bind(globalConsole)`). Returns `[name,
75
+ * boundFn]` pairs so `console-init.ts` can apply them onto the per-instance
76
+ * Console without re-binding on every call.
77
+ *
78
+ * Built LAZILY (memoized) rather than at module-eval: `fn.bind(globalConsole)`
79
+ * of a native console method produces a bound function wrapping a native C++
80
+ * function pointer, which serializes as an unresolvable external reference and
81
+ * aborts V8 --build-snapshot. Deferring construction to first Console build
82
+ * keeps the bind-once/reuse win while leaving module import snapshot-safe.
83
+ */
84
+ function getBoundConsoleEntries() {
85
+ if (boundConsoleEntries === void 0) boundConsoleEntries = boundConsoleMethodNames.filter((n) => typeof globalConsole[n] === "function").map((n) => [n, globalConsole[n].bind(globalConsole)]);
86
+ return boundConsoleEntries;
87
+ }
88
88
  /**
89
89
  * WeakMap storing the Console instance for each Logger.
90
90
  *
@@ -108,8 +108,8 @@ const privateConsole = new require_primordials_map_set.WeakMapCtor();
108
108
  const privateConstructorArgs = new require_primordials_map_set.WeakMapCtor();
109
109
 
110
110
  //#endregion
111
- exports.boundConsoleEntries = boundConsoleEntries;
112
111
  exports.consolePropAttributes = consolePropAttributes;
112
+ exports.getBoundConsoleEntries = getBoundConsoleEntries;
113
113
  exports.globalConsole = globalConsole;
114
114
  exports.maxIndentation = maxIndentation;
115
115
  exports.privateConsole = privateConsole;
@@ -3,8 +3,13 @@
3
3
  * `yoctocolors-cjs` palette so the logger can accept either a named color
4
4
  * (`'green'`) or an explicit RGB tuple (`[255, 0, 0]`); RGB tuples are
5
5
  * emitted via the 24-bit `[38;2;...m` escape because `yoctocolors-cjs`
6
- * doesn't ship an `rgb()` helper.
6
+ * doesn't ship an `rgb()` helper. The vendored palette re-exports from the
7
+ * external-pack mega-bundle, whose module top-level evaluates every packed
8
+ * package — so it is required lazily on first color application (Logger
9
+ * construction at the earliest), keeping `logger/*` importers
10
+ * browser-load-safe and cheap at module init.
7
11
  */
12
+ import type yoctocolorsCjs from '../external/yoctocolors-cjs';
8
13
  import type { ColorValue } from '../colors/types';
9
14
  /**
10
15
  * Apply a color to text using yoctocolors. Handles both named colors and RGB
@@ -12,6 +17,7 @@ import type { ColorValue } from '../colors/types';
12
17
  */
13
18
  export declare function applyColor(text: string, color: ColorValue): string;
14
19
  /**
15
- * Get the yoctocolors module for terminal colors.
20
+ * Get the yoctocolors module for terminal colors. Required lazily on first
21
+ * call — see the @file note on the external-pack top-level.
16
22
  */
17
- export declare function getYoctocolors(): import("../external/yoctocolors-cjs").YoctoColors;
23
+ export declare function getYoctocolors(): typeof yoctocolorsCjs;
@@ -1,35 +1,28 @@
1
1
  "use strict";
2
2
  /* Socket Lib - Built with rolldown */
3
3
  Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
4
- const require_runtime = require('../_virtual/_rolldown/runtime.js');
5
- let src_external_yoctocolors_cjs = require("../external/yoctocolors-cjs");
6
- src_external_yoctocolors_cjs = require_runtime.__toESM(src_external_yoctocolors_cjs);
7
4
 
8
5
  //#region src/logger/colors.ts
9
- /**
10
- * @file Color application helpers for `logger/*` modules. Wraps the vendored
11
- * `yoctocolors-cjs` palette so the logger can accept either a named color
12
- * (`'green'`) or an explicit RGB tuple (`[255, 0, 0]`); RGB tuples are
13
- * emitted via the 24-bit `[38;2;...m` escape because `yoctocolors-cjs`
14
- * doesn't ship an `rgb()` helper.
15
- */
6
+ let cachedYoctocolors;
16
7
  /**
17
8
  * Apply a color to text using yoctocolors. Handles both named colors and RGB
18
9
  * tuples.
19
10
  */
20
11
  function applyColor(text, color) {
21
12
  if (typeof color === "string") {
22
- const formatter = src_external_yoctocolors_cjs.default[color];
13
+ const formatter = getYoctocolors()[color];
23
14
  return formatter ? formatter(text) : text;
24
15
  }
25
16
  const { 0: r, 1: g, 2: b } = color;
26
17
  return `\u001B[38;2;${r};${g};${b}m${text}\u001B[39m`;
27
18
  }
28
19
  /**
29
- * Get the yoctocolors module for terminal colors.
20
+ * Get the yoctocolors module for terminal colors. Required lazily on first
21
+ * call — see the @file note on the external-pack top-level.
30
22
  */
31
23
  function getYoctocolors() {
32
- return src_external_yoctocolors_cjs.default;
24
+ if (cachedYoctocolors === void 0) cachedYoctocolors = require("../external/yoctocolors-cjs");
25
+ return cachedYoctocolors;
33
26
  }
34
27
 
35
28
  //#endregion
@@ -29,7 +29,7 @@ const require_logger_symbols = require('./symbols.js');
29
29
  * @param message - Optional message and additional arguments to log.
30
30
  */
31
31
  function assertMethod(logger, con, value, message) {
32
- con.assert(value, message[0], ...message.slice(1));
32
+ con.assert(Boolean(value), message[0], ...message.slice(1));
33
33
  logger[require_logger_symbols.lastWasBlankSymbol](false);
34
34
  return value ? logger : logger[require_logger_symbols.incLogCallCountSymbol]();
35
35
  }
@@ -89,7 +89,7 @@ function dirxmlMethod(logger, con, data) {
89
89
  * @param properties - Optional array of property names to include.
90
90
  */
91
91
  function tableMethod(logger, con, tabularData, properties) {
92
- con.table(tabularData, properties);
92
+ con.table(tabularData, properties ? [...properties] : void 0);
93
93
  logger[require_logger_symbols.lastWasBlankSymbol](false);
94
94
  return logger[require_logger_symbols.incLogCallCountSymbol]();
95
95
  }
@@ -19,6 +19,7 @@
19
19
  * `ensurePrototypeInitialized` actually runs, both modules are fully
20
20
  * evaluated. Same pattern as `fs/path-cache` ↔ `fs/_internal`.
21
21
  */
22
+ import type { Console } from 'node:console';
22
23
  import { Logger } from './node';
23
24
  /**
24
25
  * Construct a new Console instance.
@@ -7,8 +7,8 @@ const require_primordials_reflect = require('../primordials/reflect.js');
7
7
  const require_logger__internal = require('./_internal.js');
8
8
  const require_logger_symbols = require('./symbols.js');
9
9
  const require_logger_node = require('./node.js');
10
- let node_process = require("node:process");
11
- node_process = require_runtime.__toESM(node_process);
10
+ let process = require("process");
11
+ process = require_runtime.__toESM(process);
12
12
 
13
13
  //#region src/logger/console.ts
14
14
  /**
@@ -39,7 +39,7 @@ let prototypeInitialized = false;
39
39
  */
40
40
  function constructConsole(...args) {
41
41
  /* c8 ignore next - Lazy-init second-call branch; module-singleton. */
42
- if (cachedConsole === void 0) cachedConsole = (/* @__PURE__ */ require("node:console")).Console;
42
+ if (cachedConsole === void 0) cachedConsole = (/* @__PURE__ */ require("console")).Console;
43
43
  return require_primordials_reflect.ReflectConstruct(cachedConsole, args);
44
44
  }
45
45
  /**
@@ -70,10 +70,10 @@ function ensurePrototypeInitialized() {
70
70
  if (ctorArgs.length) con = constructConsole(...ctorArgs);
71
71
  else {
72
72
  con = constructConsole({
73
- stdout: node_process.default.stdout,
74
- stderr: node_process.default.stderr
73
+ stdout: process.default.stdout,
74
+ stderr: process.default.stderr
75
75
  });
76
- for (const { 0: k, 1: method } of require_logger__internal.boundConsoleEntries) con[k] = method;
76
+ for (const { 0: k, 1: method } of require_logger__internal.getBoundConsoleEntries()) con[k] = method;
77
77
  }
78
78
  require_logger__internal.privateConsole.set(this, con);
79
79
  }
@@ -109,10 +109,10 @@ function resolveConsole(logger) {
109
109
  if (ctorArgs.length) con = constructConsole(...ctorArgs);
110
110
  else {
111
111
  con = constructConsole({
112
- stdout: node_process.default.stdout,
113
- stderr: node_process.default.stderr
112
+ stdout: process.default.stdout,
113
+ stderr: process.default.stderr
114
114
  });
115
- for (const { 0: key, 1: method } of require_logger__internal.boundConsoleEntries) con[key] = method;
115
+ for (const { 0: key, 1: method } of require_logger__internal.getBoundConsoleEntries()) con[key] = method;
116
116
  }
117
117
  require_logger__internal.privateConsole.set(logger, con);
118
118
  require_logger__internal.privateConstructorArgs.delete(logger);
@@ -106,7 +106,8 @@ var Logger = class Logger {
106
106
  else root.#stdoutLastWasBlank = value;
107
107
  }
108
108
  #streamChild(stream) {
109
- const instance = new Logger(...require_logger__internal.privateConstructorArgs.get(this) ?? []);
109
+ const ctorArgs = require_logger__internal.privateConstructorArgs.get(this) ?? [];
110
+ const instance = new Logger(...ctorArgs);
110
111
  instance.#parent = this;
111
112
  instance.#boundStream = stream;
112
113
  instance.#options = {
@@ -9,11 +9,11 @@ const require_env_windows = require('../env/windows.js');
9
9
  const require_constants_node = require('../constants/node.js');
10
10
  const require_env_node_version_managers = require('../env/node-version-managers.js');
11
11
  let node_fs = require("node:fs");
12
+ let node_url = require("node:url");
12
13
  let node_process = require("node:process");
13
14
  node_process = require_runtime.__toESM(node_process);
14
15
  let node_path = require("node:path");
15
16
  node_path = require_runtime.__toESM(node_path);
16
- let node_url = require("node:url");
17
17
  let _socketsecurity_lib_stable_process_spawn_child = require("@socketsecurity/lib-stable/process/spawn/child");
18
18
 
19
19
  //#region src/native-messaging/install.ts
@@ -14,7 +14,7 @@
14
14
  * That's exactly what we want: an attacker who can force Chrome to relaunch
15
15
  * has bigger problems than rate-limiting. Shape patterned after pilcrow's
16
16
  * `ratelimit/limit.go` — minimal, in-memory, LRU-evicts at `maxKeys`. The
17
- * fleet's `socket-lib` already has a TTL-cache module but it's overkill for
17
+ * Socket's `socket-lib` already has a TTL-cache module but it's overkill for
18
18
  * this one use case; a 50-line bucket is easier to audit.
19
19
  */
20
20
  export interface TokenBucketOptions {
@@ -45,6 +45,9 @@ export interface BucketEntry {
45
45
  older: BucketEntry | undefined;
46
46
  key: string;
47
47
  }
48
+ /**
49
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
50
+ */
48
51
  export declare class TokenBucketLimiter {
49
52
  #private;
50
53
  constructor(options: TokenBucketOptions);
@@ -20,9 +20,12 @@ const require_primordials_error = require('../primordials/error.js');
20
20
  * That's exactly what we want: an attacker who can force Chrome to relaunch
21
21
  * has bigger problems than rate-limiting. Shape patterned after pilcrow's
22
22
  * `ratelimit/limit.go` — minimal, in-memory, LRU-evicts at `maxKeys`. The
23
- * fleet's `socket-lib` already has a TTL-cache module but it's overkill for
23
+ * Socket's `socket-lib` already has a TTL-cache module but it's overkill for
24
24
  * this one use case; a 50-line bucket is easier to audit.
25
25
  */
26
+ /**
27
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
28
+ */
26
29
  var TokenBucketLimiter = class {
27
30
  #capacity;
28
31
  #refillIntervalMs;
@@ -3,4 +3,7 @@
3
3
  * rationale shared across all `node/*.ts` lazy-loaders.
4
4
  */
5
5
  import type * as NodeEvents from 'node:events';
6
+ /**
7
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
8
+ */
6
9
  export declare function getNodeEvents(): typeof NodeEvents;
@@ -5,6 +5,9 @@ const require_constants_runtime = require('../constants/runtime.js');
5
5
 
6
6
  //#region src/node/events.ts
7
7
  let events;
8
+ /**
9
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
10
+ */
8
11
  function getNodeEvents() {
9
12
  if (!require_constants_runtime.IS_NODE) return;
10
13
  return events ??= /*@__PURE__*/ require("events");
package/dist/node/fs.d.ts CHANGED
@@ -12,7 +12,7 @@
12
12
  * load-time snapshot. Two surfaces: `getNodeFs()` returns the module object
13
13
  * with LATE method lookup (spy-able — the test seam); the `fs<Method>` consts
14
14
  * (`fsExistsSync`, `fsReadFileSync`, …) are method references FROZEN at load
15
- * (tamper-proof against a method swap, not spy-able), for the fleet's hot fs
15
+ * (tamper-proof against a method swap, not spy-able), for Socket's hot fs
16
16
  * calls. Both stay browser-safe behind IS_NODE + `/*@__PURE__*\/`.
17
17
  */
18
18
  import type * as NodeFs from 'node:fs';
@@ -3,4 +3,7 @@
3
3
  * rationale shared across all `node/*.ts` lazy-loaders.
4
4
  */
5
5
  import type * as NodeTimersPromises from 'node:timers/promises';
6
+ /**
7
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
8
+ */
6
9
  export declare function getNodeTimersPromises(): typeof NodeTimersPromises;