@socketsecurity/lib 6.0.9 → 6.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (335) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/README.md +8 -9
  3. package/dist/abort/signal.d.ts +1 -1
  4. package/dist/abort/signal.js +1 -1
  5. package/dist/ai/agent-context.d.mts +1 -1
  6. package/dist/ai/agent-context.js +3 -2
  7. package/dist/ai/backends.d.mts +3 -3
  8. package/dist/ai/backends.js +2 -2
  9. package/dist/ai/billing-context.d.mts +74 -0
  10. package/dist/ai/billing-context.js +129 -0
  11. package/dist/ai/credentials.d.mts +39 -5
  12. package/dist/ai/credentials.js +61 -6
  13. package/dist/ai/discover.d.mts +4 -0
  14. package/dist/ai/discover.js +4 -0
  15. package/dist/ai/exec.d.mts +1 -1
  16. package/dist/ai/exec.js +1 -1
  17. package/dist/ai/http.d.mts +8 -8
  18. package/dist/ai/http.js +6 -6
  19. package/dist/ai/profiles.d.mts +9 -10
  20. package/dist/ai/profiles.js +0 -5
  21. package/dist/ai/role.d.mts +58 -0
  22. package/dist/ai/role.js +96 -0
  23. package/dist/ai/route-heuristic.d.mts +177 -0
  24. package/dist/ai/route-heuristic.js +194 -0
  25. package/dist/ai/route.d.mts +10 -9
  26. package/dist/ai/route.js +14 -13
  27. package/dist/ai/spawn.d.mts +2 -1
  28. package/dist/ai/spawn.js +25 -2
  29. package/dist/ai/subagent-status.d.mts +2 -0
  30. package/dist/ai/subagent-status.js +2 -0
  31. package/dist/ai/tier.d.mts +1 -1
  32. package/dist/ai/types.d.mts +9 -2
  33. package/dist/ai/worktree.d.mts +1 -1
  34. package/dist/ai/worktree.js +3 -2
  35. package/dist/argv/parse.d.ts +2 -0
  36. package/dist/argv/parse.js +2 -0
  37. package/dist/bin/_internal.d.ts +1 -1
  38. package/dist/bin/_internal.js +1 -1
  39. package/dist/bin/prim.cjs +446 -300
  40. package/dist/bin/shadow.js +2 -1
  41. package/dist/bin/which.d.ts +28 -3
  42. package/dist/bin/which.js +45 -3
  43. package/dist/cacache/_internal.d.ts +10 -2
  44. package/dist/cacache/_internal.js +6 -10
  45. package/dist/cache/ttl/_internal.d.ts +33 -0
  46. package/dist/cache/ttl/_internal.js +68 -0
  47. package/dist/cache/ttl/browser.d.ts +56 -0
  48. package/dist/cache/ttl/browser.js +257 -0
  49. package/dist/cache/ttl/store.js +10 -33
  50. package/dist/cache/ttl/types.d.ts +46 -3
  51. package/dist/checks/primordials-defaults.d.ts +5 -5
  52. package/dist/checks/primordials-defaults.js +5 -5
  53. package/dist/checks/primordials.d.ts +1 -1
  54. package/dist/checks/primordials.js +25 -17
  55. package/dist/cli/check-primordials.d.ts +6 -1
  56. package/dist/cli/check-primordials.js +14 -5
  57. package/dist/cli/check.js +1 -1
  58. package/dist/cli/socket-lib.d.ts +1 -1
  59. package/dist/cli/socket-lib.js +3 -3
  60. package/dist/colors/socket-palette.d.ts +1 -1
  61. package/dist/compression/brotli.d.ts +6 -2
  62. package/dist/compression/brotli.js +4 -0
  63. package/dist/compression/gzip.d.ts +6 -2
  64. package/dist/compression/gzip.js +6 -1
  65. package/dist/config/layers.d.ts +4 -4
  66. package/dist/config/layers.js +4 -4
  67. package/dist/constants/agents.d.ts +3 -0
  68. package/dist/constants/agents.js +3 -0
  69. package/dist/constants/node.d.ts +14 -0
  70. package/dist/constants/node.js +14 -0
  71. package/dist/constants/package-default-node-range.js +1 -5
  72. package/dist/constants/packages.d.ts +5 -0
  73. package/dist/constants/packages.js +5 -0
  74. package/dist/constants/platform.d.ts +1 -1
  75. package/dist/constants/platform.js +1 -1
  76. package/dist/constants/socket.js +1 -1
  77. package/dist/constants/typescript.d.ts +5 -0
  78. package/dist/constants/typescript.js +5 -0
  79. package/dist/debug/_internal.d.ts +22 -7
  80. package/dist/debug/_internal.js +33 -15
  81. package/dist/debug/namespace.js +11 -8
  82. package/dist/debug/output.d.ts +12 -1
  83. package/dist/debug/output.js +33 -16
  84. package/dist/dlx/binary-resolution.js +7 -4
  85. package/dist/eco/npm/npm/parse-lockfile.js +2 -1
  86. package/dist/eco/npm/vlt/exec.d.ts +1 -1
  87. package/dist/eco/npm/vlt/exec.js +1 -1
  88. package/dist/env/agents.d.ts +6 -0
  89. package/dist/env/agents.js +29 -0
  90. package/dist/env/flags.d.ts +12 -0
  91. package/dist/env/flags.js +23 -0
  92. package/dist/env/github-status.js +2 -2
  93. package/dist/env/providers.d.ts +6 -0
  94. package/dist/env/providers.js +23 -0
  95. package/dist/env/proxy.js +1 -1
  96. package/dist/env/rewire.d.ts +32 -0
  97. package/dist/env/rewire.js +55 -23
  98. package/dist/env/runtimes.d.ts +9 -0
  99. package/dist/env/runtimes.js +53 -0
  100. package/dist/env/socket-cli.d.ts +5 -2
  101. package/dist/env/socket-cli.js +6 -3
  102. package/dist/errors/predicates.d.ts +3 -2
  103. package/dist/errors/predicates.js +5 -3
  104. package/dist/errors/stack.js +2 -1
  105. package/dist/events/exit/_internal.d.ts +1 -23
  106. package/dist/external/@npmcli/package-json.js +179 -88
  107. package/dist/external/@npmcli/promise-spawn.js +2 -2
  108. package/dist/external/@sinclair/typebox/value.js +5 -4
  109. package/dist/external/@socketregistry/yocto-spinner.js +3 -3
  110. package/dist/external/adm-zip.d.ts +82 -0
  111. package/dist/external/adm-zip.js +2 -2
  112. package/dist/external/cacache.d.ts +87 -0
  113. package/dist/external/debug.d.ts +22 -0
  114. package/dist/external/debug.js +11 -4
  115. package/dist/external/del.d.ts +1 -0
  116. package/dist/external/external-pack.d.ts +12 -0
  117. package/dist/external/external-pack.js +41 -34
  118. package/dist/external/fast-glob.d.ts +8 -0
  119. package/dist/external/fast-sort.d.ts +1 -0
  120. package/dist/external/get-east-asian-width.d.ts +5 -0
  121. package/dist/external/get-east-asian-width.js +8 -1
  122. package/dist/external/has-flag.d.ts +1 -0
  123. package/dist/external/inquirer-pack.d.ts +18 -0
  124. package/dist/external/libnpmexec.d.ts +35 -0
  125. package/dist/external/libnpmpack.d.ts +1 -0
  126. package/dist/external/make-fetch-happen.d.ts +13 -0
  127. package/dist/external/normalize-package-data.d.ts +4 -0
  128. package/dist/external/npm-core.d.ts +14 -0
  129. package/dist/external/npm-pack.d.ts +24 -0
  130. package/dist/external/npm-pack.js +1551 -1867
  131. package/dist/external/npm-package-arg.d.ts +4 -0
  132. package/dist/external/p-map.js +8 -1
  133. package/dist/external/pacote.d.ts +15 -0
  134. package/dist/external/pico-pack.d.ts +16 -0
  135. package/dist/external/pico-pack.js +38 -23
  136. package/dist/external/picomatch.d.ts +96 -0
  137. package/dist/external/pony-cause.d.ts +14 -0
  138. package/dist/external/semver.d.ts +60 -0
  139. package/dist/external/semver.js +1459 -4
  140. package/dist/external/shell-quote.d.ts +51 -0
  141. package/dist/external/shell-quote.js +55 -15
  142. package/dist/external/signal-exit.d.ts +1 -0
  143. package/dist/external/spdx-correct.d.ts +4 -0
  144. package/dist/external/spdx-expression-parse.d.ts +4 -0
  145. package/dist/external/spdx-pack.d.ts +10 -0
  146. package/dist/external/std-env.d.ts +284 -0
  147. package/dist/external/std-env.js +323 -0
  148. package/dist/external/streaming-iterables.d.ts +11 -0
  149. package/dist/external/supports-color.d.ts +1 -0
  150. package/dist/external/tar-fs.d.ts +31 -0
  151. package/dist/external/validate-npm-package-name.d.ts +4 -0
  152. package/dist/external/which.d.ts +25 -0
  153. package/dist/external/which.js +2 -2
  154. package/dist/external/yargs-parser.d.ts +2 -0
  155. package/dist/external/yargs-parser.js +11 -3
  156. package/dist/external/yoctocolors-cjs.d.ts +51 -0
  157. package/dist/external-tools/bazel/asset-names.d.ts +1 -1
  158. package/dist/external-tools/bazel/from-download.d.ts +1 -1
  159. package/dist/external-tools/bazel/resolve.d.ts +3 -0
  160. package/dist/external-tools/bazel/resolve.js +3 -0
  161. package/dist/external-tools/cdxgen/asset-names.d.ts +5 -5
  162. package/dist/external-tools/cdxgen/asset-names.js +3 -3
  163. package/dist/external-tools/cdxgen/from-download.d.ts +2 -2
  164. package/dist/external-tools/cdxgen/from-download.js +1 -1
  165. package/dist/external-tools/cdxgen/resolve.d.ts +4 -1
  166. package/dist/external-tools/cdxgen/resolve.js +4 -1
  167. package/dist/external-tools/cdxgen/types.d.ts +1 -1
  168. package/dist/external-tools/from-download.d.ts +2 -2
  169. package/dist/external-tools/from-download.js +1 -1
  170. package/dist/external-tools/janus/asset-names.d.ts +4 -1
  171. package/dist/external-tools/janus/asset-names.js +3 -0
  172. package/dist/external-tools/janus/from-download.d.ts +3 -3
  173. package/dist/external-tools/janus/from-download.js +2 -2
  174. package/dist/external-tools/janus/resolve.d.ts +3 -0
  175. package/dist/external-tools/janus/resolve.js +3 -0
  176. package/dist/external-tools/jre/asset-names.d.ts +3 -1
  177. package/dist/external-tools/jre/asset-names.js +2 -0
  178. package/dist/external-tools/jre/from-download.d.ts +1 -1
  179. package/dist/external-tools/manifest.d.ts +5 -3
  180. package/dist/external-tools/manifest.js +4 -2
  181. package/dist/external-tools/opengrep/asset-names.d.ts +1 -1
  182. package/dist/external-tools/opengrep/resolve.d.ts +3 -0
  183. package/dist/external-tools/opengrep/resolve.js +3 -0
  184. package/dist/external-tools/python/asset-names.d.ts +3 -1
  185. package/dist/external-tools/python/asset-names.js +7 -3
  186. package/dist/external-tools/python/pin.js +3 -1
  187. package/dist/external-tools/python/resolve.d.ts +3 -0
  188. package/dist/external-tools/python/resolve.js +3 -0
  189. package/dist/external-tools/sbt/resolve.d.ts +3 -0
  190. package/dist/external-tools/sbt/resolve.js +3 -0
  191. package/dist/external-tools/skillspector/from-uv.d.ts +1 -1
  192. package/dist/external-tools/synp/resolve.d.ts +3 -0
  193. package/dist/external-tools/synp/resolve.js +3 -0
  194. package/dist/external-tools/trivy/asset-names.d.ts +1 -1
  195. package/dist/external-tools/trivy/resolve.d.ts +3 -0
  196. package/dist/external-tools/trivy/resolve.js +3 -0
  197. package/dist/external-tools/trufflehog/asset-names.d.ts +4 -1
  198. package/dist/external-tools/trufflehog/asset-names.js +3 -0
  199. package/dist/external-tools/trufflehog/from-download.d.ts +1 -1
  200. package/dist/external-tools/trufflehog/resolve.d.ts +3 -0
  201. package/dist/external-tools/trufflehog/resolve.js +3 -0
  202. package/dist/external-tools/uv/asset-names.d.ts +1 -1
  203. package/dist/external-tools/uv/resolve.d.ts +3 -0
  204. package/dist/external-tools/uv/resolve.js +3 -0
  205. package/dist/fleet/repo-config.d.ts +8 -6
  206. package/dist/fleet/repo-config.js +8 -6
  207. package/dist/fs/_internal.d.ts +1 -1
  208. package/dist/fs/_internal.js +1 -1
  209. package/dist/fs/access.d.ts +2 -0
  210. package/dist/fs/access.js +2 -0
  211. package/dist/fs/allowed-dirs-cache.js +5 -3
  212. package/dist/fs/find.js +1 -2
  213. package/dist/fs/inspect.d.ts +2 -2
  214. package/dist/fs/read-file.js +3 -4
  215. package/dist/fs/safe.js +1 -1
  216. package/dist/git/_internal.js +5 -1
  217. package/dist/github/commit.d.ts +92 -0
  218. package/dist/github/commit.js +113 -0
  219. package/dist/github/ghsa.js +1 -1
  220. package/dist/github/refs-graphql.js +1 -1
  221. package/dist/github/request.js +1 -1
  222. package/dist/github/token.d.ts +5 -2
  223. package/dist/github/token.js +6 -4
  224. package/dist/github/workflow-runs.d.ts +107 -0
  225. package/dist/github/workflow-runs.js +98 -0
  226. package/dist/http-request/_internal.d.ts +1 -1
  227. package/dist/http-request/browser.d.ts +6 -0
  228. package/dist/http-request/browser.js +3 -2
  229. package/dist/http-request/download.js +2 -0
  230. package/dist/http-request/headers.d.ts +1 -1
  231. package/dist/http-request/headers.js +1 -1
  232. package/dist/http-request/request-attempt.js +6 -3
  233. package/dist/http-request/request-types.d.ts +10 -1
  234. package/dist/http-request/request.js +2 -2
  235. package/dist/http-request/user-agent.d.ts +23 -2
  236. package/dist/http-request/user-agent.js +48 -6
  237. package/dist/integrity.d.ts +3 -1
  238. package/dist/integrity.js +3 -1
  239. package/dist/json/format.js +4 -1
  240. package/dist/logger/_internal.d.ts +13 -15
  241. package/dist/logger/_internal.js +21 -21
  242. package/dist/logger/colors.d.ts +9 -3
  243. package/dist/logger/colors.js +6 -13
  244. package/dist/logger/console-methods.js +2 -2
  245. package/dist/logger/console.d.ts +1 -0
  246. package/dist/logger/console.js +9 -9
  247. package/dist/logger/node.js +2 -1
  248. package/dist/native-messaging/install.js +1 -1
  249. package/dist/native-messaging/rate-limit.d.ts +4 -1
  250. package/dist/native-messaging/rate-limit.js +4 -1
  251. package/dist/node/events.d.ts +3 -0
  252. package/dist/node/events.js +3 -0
  253. package/dist/node/fs.d.ts +1 -1
  254. package/dist/node/timers-promises.d.ts +3 -0
  255. package/dist/node/timers-promises.js +3 -0
  256. package/dist/node/url.d.ts +3 -0
  257. package/dist/node/url.js +3 -0
  258. package/dist/npm/meta-cache.d.ts +183 -0
  259. package/dist/npm/meta-cache.js +318 -0
  260. package/dist/npm/meta-slice.d.ts +27 -0
  261. package/dist/npm/meta-slice.js +68 -0
  262. package/dist/npm/meta-types.d.ts +282 -0
  263. package/dist/npm/meta-types.js +2 -0
  264. package/dist/npm/meta.d.ts +125 -0
  265. package/dist/npm/meta.js +347 -0
  266. package/dist/npm/registry.d.ts +212 -0
  267. package/dist/npm/registry.js +284 -0
  268. package/dist/objects/getters.d.ts +1 -1
  269. package/dist/objects/getters.js +1 -1
  270. package/dist/packages/manifest.js +6 -7
  271. package/dist/packages/metadata-extensions.js +2 -4
  272. package/dist/packages/provenance.d.ts +8 -0
  273. package/dist/packages/provenance.js +8 -0
  274. package/dist/packages/tarball.js +1 -2
  275. package/dist/packages/validation.d.ts +0 -10
  276. package/dist/packages/validation.js +0 -14
  277. package/dist/paths/exts.d.ts +30 -0
  278. package/dist/paths/exts.js +30 -0
  279. package/dist/paths/filenames.d.ts +6 -0
  280. package/dist/paths/filenames.js +6 -0
  281. package/dist/paths/globs.d.ts +6 -0
  282. package/dist/paths/globs.js +6 -0
  283. package/dist/paths/resolve.js +19 -14
  284. package/dist/paths/socket.d.ts +8 -8
  285. package/dist/paths/socket.js +8 -8
  286. package/dist/perf/report.js +4 -2
  287. package/dist/pkg-ext/data.js +0 -2
  288. package/dist/primordials/globals.d.ts +1 -1
  289. package/dist/primordials/globals.js +1 -1
  290. package/dist/primordials/headers.d.ts +13 -1
  291. package/dist/primordials/headers.js +13 -1
  292. package/dist/primordials/process.d.ts +1 -1
  293. package/dist/primordials/process.js +1 -1
  294. package/dist/primordials/url.d.ts +18 -0
  295. package/dist/primordials/url.js +18 -0
  296. package/dist/process/spawn/child.js +3 -5
  297. package/dist/promises/_internal.d.ts +1 -1
  298. package/dist/promises/_internal.js +1 -2
  299. package/dist/promises/options.js +3 -3
  300. package/dist/releases/socket-btm-binary-naming.js +12 -1
  301. package/dist/secrets/_internal.d.ts +1 -1
  302. package/dist/secrets/_internal.js +1 -1
  303. package/dist/secrets/find.d.ts +2 -2
  304. package/dist/secrets/find.js +2 -2
  305. package/dist/secrets/keychain.d.ts +10 -1
  306. package/dist/secrets/keychain.js +10 -1
  307. package/dist/secrets/socket-api-token.d.ts +1 -1
  308. package/dist/secrets/socket-api-token.js +1 -1
  309. package/dist/secrets/types.d.ts +1 -1
  310. package/dist/smol/http.d.ts +2 -0
  311. package/dist/smol/http.js +2 -0
  312. package/dist/smol/https.d.ts +2 -0
  313. package/dist/smol/https.js +2 -0
  314. package/dist/sorts/_internal.d.ts +2 -3
  315. package/dist/sorts/_internal.js +1 -3
  316. package/dist/spinner/format.js +2 -4
  317. package/dist/stdio/footer.js +8 -7
  318. package/dist/stdio/prompts.d.ts +8 -15
  319. package/dist/stdio/prompts.js +18 -29
  320. package/dist/strings/predicates.d.ts +2 -2
  321. package/dist/strings/search.js +1 -1
  322. package/dist/strings/types.d.ts +4 -0
  323. package/dist/strings/width.d.ts +1 -0
  324. package/dist/strings/width.js +17 -8
  325. package/dist/themes/context.d.ts +13 -0
  326. package/dist/themes/context.js +23 -8
  327. package/dist/versions/_internal.d.ts +43 -13
  328. package/dist/versions/_internal.js +27 -15
  329. package/dist/versions/compare.d.ts +16 -10
  330. package/dist/versions/compare.js +36 -16
  331. package/dist/versions/parse.js +1 -1
  332. package/dist/versions/range.js +3 -2
  333. package/dist/words/pluralize.js +4 -1
  334. package/llms.txt +63 -750
  335. package/package.json +200 -35
@@ -0,0 +1,284 @@
1
+ "use strict";
2
+ /* Socket Lib - Built with rolldown */
3
+ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
4
+ const require_primordials_string = require('../primordials/string.js');
5
+
6
+ //#region src/npm/registry.ts
7
+ /**
8
+ * @file Browser-safe npm registry client — pure parsers + injectable-fetch
9
+ * shell. Safe for Chrome MV3 service workers, content scripts, and any
10
+ * environment without `node:*` builtins. The HTTP adapter is injected by the
11
+ * caller (`{ http: { json } }`) so Node callers pass `httpJson` from
12
+ * `@socketsecurity/lib/http-request` and browser callers pass `httpJson` from
13
+ * `@socketsecurity/lib/http-request/browser`. No network dependency at module
14
+ * load time.
15
+ *
16
+ * ## Endpoints covered
17
+ *
18
+ * - Packument: `registry.npmjs.org/<pkg>`
19
+ * - Version manifest (package.json):
20
+ * `cdn.jsdelivr.net/npm/<pkg>@<ver>/package.json`
21
+ * - Weekly downloads: `api.npmjs.org/downloads/point/last-week/<pkg>`
22
+ * - Attestation bundle: `registry.npmjs.org/-/npm/v1/attestations/<pkg>@<ver>`
23
+ * - Org packages: `registry.npmjs.org/-/org/<org>/package`
24
+ *
25
+ * ## URL encoding
26
+ *
27
+ * Registry endpoints (`registry.npmjs.org`, `api.npmjs.org`): scoped names
28
+ * encode to `@scope%2Fname` (one `encodeURIComponent` call that encodes the
29
+ * slash, then `%40` is restored to `@`).
30
+ * CDN endpoint (`cdn.jsdelivr.net`): scope and name are encoded separately,
31
+ * preserving the literal `/` between them. A prior extension bug sent
32
+ * `@scope%2Fname` to the CDN which returned 400; the fix is this split-encode
33
+ * path.
34
+ *
35
+ * ## Trusted Publisher detection
36
+ *
37
+ * From the packument alone, only `!!dist.attestations` is detectable —
38
+ * proving provenance was signed but not identifying which repo or workflow is
39
+ * configured as the TP. To get repo + workflow call `getAttestations()` then
40
+ * `parseProvenancePredicate()` to parse the SLSA
41
+ * `externalParameters.workflow` field. The npm access page
42
+ * (`/package/<name>/access`) is session-only HTML and is out of scope for
43
+ * this public client.
44
+ */
45
+ const NPM_REGISTRY = "https://registry.npmjs.org";
46
+ const NPM_DOWNLOADS_API = "https://api.npmjs.org";
47
+ const CDN_JSDELIVR = "https://cdn.jsdelivr.net";
48
+ const SLSA_PROVENANCE_TYPE = "https://slsa.dev/provenance/v1";
49
+ /**
50
+ * Build the CDN path `<encoded-name>@<encoded-version>/package.json`.
51
+ * Exposed as a pure function so callers can construct the full URL themselves.
52
+ */
53
+ function buildCdnPath(name, version) {
54
+ return `${encodeCdnName(name)}@${encodeURIComponent(version)}/package.json`;
55
+ }
56
+ /**
57
+ * Detect Trusted Publisher configuration from a packument version entry.
58
+ *
59
+ * From the packument alone, only the presence of `dist.attestations` is
60
+ * detectable (`configured: true` means provenance was signed; it does NOT
61
+ * confirm that a TP source is configured on npmjs.com). To get `repo` and
62
+ * `workflow`, fetch the attestation bundle with `getAttestations()` and parse
63
+ * it with `parseProvenancePredicate()`.
64
+ */
65
+ function detectTrustedPublisher(versionEntry) {
66
+ if (!hasProvenance(versionEntry)) return { configured: false };
67
+ return { configured: true };
68
+ }
69
+ /**
70
+ * Encode a package name for use in registry CDN URLs.
71
+ * Scope and name are encoded individually, preserving the literal `/`.
72
+ * Use this for `cdn.jsdelivr.net` URLs — fixes the `@scope%2Fname` → 400 bug.
73
+ */
74
+ function encodeCdnName(name) {
75
+ if (require_primordials_string.StringPrototypeIndexOf(name, "/") === -1) return encodeURIComponent(name);
76
+ const slashAt = require_primordials_string.StringPrototypeIndexOf(name, "/");
77
+ const scope = require_primordials_string.StringPrototypeSlice(name, 0, slashAt);
78
+ const pkg = require_primordials_string.StringPrototypeSlice(name, slashAt + 1);
79
+ return `${encodeURIComponent(scope)}/${encodeURIComponent(pkg)}`;
80
+ }
81
+ /**
82
+ * Encode a package name for use in registry / download-API URLs.
83
+ *
84
+ * Registry form (`cdn: false`, the default): `encodeURIComponent` then restore
85
+ * the leading `@` so `@scope/name` → `@scope%2Fname`.
86
+ *
87
+ * CDN form (`cdn: true`): scope and name are encoded individually so the
88
+ * literal `/` separator is preserved: `@scope/name` → `@scope/name` (each
89
+ * segment encoded separately). This fixes the `@scope%2Fname` → 400 bug on
90
+ * `cdn.jsdelivr.net`.
91
+ *
92
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
93
+ */
94
+ function encodePackageName(name, options) {
95
+ if ({
96
+ __proto__: null,
97
+ cdn: false,
98
+ ...options
99
+ }.cdn) return encodeCdnName(name);
100
+ return encodeRegistryName(name);
101
+ }
102
+ /**
103
+ * Encode a package name for use in registry / download-API URLs.
104
+ * Applies `encodeURIComponent` then restores `@` so scoped names become
105
+ * `@scope%2Fname`.
106
+ */
107
+ function encodeRegistryName(name) {
108
+ return encodeURIComponent(name).replace("%40", "@");
109
+ }
110
+ /**
111
+ * Fetch the attestation bundle for a package version from the npm transparency
112
+ * log. Returns `undefined` when no attestations entry is present in the
113
+ * packument (404 is treated as absent rather than an error).
114
+ */
115
+ async function getAttestations(name, version, options) {
116
+ const opts = {
117
+ __proto__: null,
118
+ ...options
119
+ };
120
+ const encoded = `${encodeRegistryName(name)}@${encodeURIComponent(version)}`;
121
+ const url = `${NPM_REGISTRY}/-/npm/v1/attestations/${encoded}`;
122
+ try {
123
+ return await opts.http.json(url);
124
+ } catch {
125
+ return;
126
+ }
127
+ }
128
+ /**
129
+ * Fetch the list of packages belonging to an npm org.
130
+ * Returns package names as a string array.
131
+ */
132
+ async function getOrgPackages(org, options) {
133
+ const opts = {
134
+ __proto__: null,
135
+ ...options
136
+ };
137
+ const url = `${NPM_REGISTRY}/-/org/${encodeURIComponent(org)}/package`;
138
+ const raw = await opts.http.json(url);
139
+ return Object.keys(raw);
140
+ }
141
+ /**
142
+ * Fetch and parse the full packument for a package.
143
+ */
144
+ async function getPackument(name, options) {
145
+ const opts = {
146
+ __proto__: null,
147
+ ...options
148
+ };
149
+ const url = `${NPM_REGISTRY}/${encodeRegistryName(name)}`;
150
+ const parsed = parsePackument(await opts.http.json(url));
151
+ if (!parsed) throw new Error(`getPackument: invalid packument response for "${name}" from ${url}`);
152
+ return parsed;
153
+ }
154
+ /**
155
+ * Fetch a version's package.json via the jsDelivr CDN.
156
+ *
157
+ * Uses split-encode for scoped names so `cdn.jsdelivr.net` receives the literal
158
+ * `/` between scope and name (not `%2F` which causes 400s).
159
+ *
160
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
161
+ */
162
+ async function getVersionManifest(name, version, options) {
163
+ const opts = {
164
+ __proto__: null,
165
+ ...options
166
+ };
167
+ const cdnPath = buildCdnPath(name, version);
168
+ const url = `${CDN_JSDELIVR}/npm/${cdnPath}`;
169
+ return opts.http.json(url);
170
+ }
171
+ /**
172
+ * Fetch last-week download counts for a package from the npm downloads API.
173
+ *
174
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
175
+ */
176
+ async function getWeeklyDownloads(name, options) {
177
+ const opts = {
178
+ __proto__: null,
179
+ ...options
180
+ };
181
+ const url = `${NPM_DOWNLOADS_API}/downloads/point/last-week/${encodeRegistryName(name)}`;
182
+ return opts.http.json(url);
183
+ }
184
+ /**
185
+ * Return true when `versionEntry.dist.attestations` is present — indicating a
186
+ * SLSA provenance attestation was produced for this version.
187
+ */
188
+ function hasProvenance(versionEntry) {
189
+ return !!versionEntry.dist?.attestations;
190
+ }
191
+ /**
192
+ * Return `true` when `version` of `name` is already published to the registry.
193
+ * Authoritative — reads the packument's `versions` map rather than a CDN, so a
194
+ * pre-publish guard never false-negatives on CDN lag (the asymmetric-cost case:
195
+ * a wrong "not published" invites a duplicate-version publish attempt). Returns
196
+ * `false` when the package does not exist or the packument fetch fails.
197
+ *
198
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
199
+ */
200
+ async function isVersionPublished(name, version, options) {
201
+ try {
202
+ return (await getPackument(name, options)).versions[version] !== void 0;
203
+ } catch {
204
+ return false;
205
+ }
206
+ }
207
+ /**
208
+ * Parse a raw packument JSON response into a typed `PackumentRecord`.
209
+ * Adds the `distTags` alias for `dist-tags` so callers don't need bracket
210
+ * notation. Returns `undefined` when the input is not a valid packument shape.
211
+ */
212
+ function parsePackument(raw) {
213
+ if (raw === void 0 || raw === null || typeof raw !== "object" || !("versions" in raw) || !("dist-tags" in raw)) return;
214
+ const rec = raw;
215
+ return {
216
+ "dist-tags": rec["dist-tags"] ?? {},
217
+ distTags: rec["dist-tags"] ?? {},
218
+ name: typeof rec.name === "string" ? rec.name : "",
219
+ time: rec.time,
220
+ versions: rec.versions ?? {}
221
+ };
222
+ }
223
+ /**
224
+ * Parse an npm transparency-log attestation bundle (the JSON returned from
225
+ * `registry.npmjs.org/-/npm/v1/attestations/<pkg>@<ver>`) and extract the
226
+ * SLSA provenance predicate.
227
+ *
228
+ * Returns the first SLSA provenance v1 predicate found, or `undefined` when
229
+ * none is present or the bundle is malformed.
230
+ */
231
+ function parseProvenancePredicate(bundle) {
232
+ if (bundle === void 0 || bundle === null || typeof bundle !== "object" || !("attestations" in bundle) || !Array.isArray(bundle.attestations)) return;
233
+ const { attestations } = bundle;
234
+ /* c8 ignore start - the prior Array.isArray guard above already narrows
235
+ * `attestations` to a real array; even an empty array is truthy, so this
236
+ * falsy-check can never take its true branch at runtime. Kept only to
237
+ * satisfy the optional `attestations?: ... | undefined` field type. */
238
+ if (!attestations) return;
239
+ /* c8 ignore stop */
240
+ for (const entry of attestations) {
241
+ if (entry.predicateType !== SLSA_PROVENANCE_TYPE) continue;
242
+ const b = entry.bundle;
243
+ if (b === void 0 || b === null || typeof b !== "object") continue;
244
+ const verificationMaterial = b.verificationMaterial;
245
+ if (verificationMaterial === void 0 || verificationMaterial === null || typeof verificationMaterial !== "object") continue;
246
+ const content = verificationMaterial.content;
247
+ if (typeof content !== "string") continue;
248
+ let parsed;
249
+ try {
250
+ parsed = JSON.parse(content);
251
+ } catch {
252
+ continue;
253
+ }
254
+ if (parsed === void 0 || parsed === null || typeof parsed !== "object") continue;
255
+ const envelope = parsed;
256
+ if (typeof envelope.payload !== "string") continue;
257
+ let payload;
258
+ try {
259
+ payload = JSON.parse(atob(envelope.payload));
260
+ } catch {
261
+ continue;
262
+ }
263
+ if (payload === void 0 || payload === null || typeof payload !== "object") continue;
264
+ const statement = payload;
265
+ if (statement.predicate === void 0 || statement.predicate === null || typeof statement.predicate !== "object") continue;
266
+ return statement.predicate;
267
+ }
268
+ }
269
+
270
+ //#endregion
271
+ exports.buildCdnPath = buildCdnPath;
272
+ exports.detectTrustedPublisher = detectTrustedPublisher;
273
+ exports.encodeCdnName = encodeCdnName;
274
+ exports.encodePackageName = encodePackageName;
275
+ exports.encodeRegistryName = encodeRegistryName;
276
+ exports.getAttestations = getAttestations;
277
+ exports.getOrgPackages = getOrgPackages;
278
+ exports.getPackument = getPackument;
279
+ exports.getVersionManifest = getVersionManifest;
280
+ exports.getWeeklyDownloads = getWeeklyDownloads;
281
+ exports.hasProvenance = hasProvenance;
282
+ exports.isVersionPublished = isVersionPublished;
283
+ exports.parsePackument = parsePackument;
284
+ exports.parseProvenancePredicate = parseProvenancePredicate;
@@ -1,6 +1,6 @@
1
1
  /**
2
2
  * @file Lazy-getter primitives + `createConstantsObject`.
3
- * `createConstantsObject` is the most-used factory in this module — fleet
3
+ * `createConstantsObject` is the most-used factory in this module — Socket
4
4
  * repos use it to assemble frozen settings objects with a mix of eager
5
5
  * values, lazy-computed values, and internals reachable through
6
6
  * `kInternalsSymbol`. The `defineLazyGetter*` helpers underneath are the
@@ -10,7 +10,7 @@ const require_objects_sort = require('./sort.js');
10
10
  //#region src/objects/getters.ts
11
11
  /**
12
12
  * @file Lazy-getter primitives + `createConstantsObject`.
13
- * `createConstantsObject` is the most-used factory in this module — fleet
13
+ * `createConstantsObject` is the most-used factory in this module — Socket
14
14
  * repos use it to assemble frozen settings objects with a mix of eager
15
15
  * values, lazy-computed values, and internals reachable through
16
16
  * `kInternalsSymbol`. The `defineLazyGetter*` helpers underneath are the
@@ -8,13 +8,12 @@ const require_objects_predicates = require('../objects/predicates.js');
8
8
  const require_process_abort = require('../process/abort.js');
9
9
  const require_constants_socket = require('../constants/socket.js');
10
10
  const require_constants_packages = require('../constants/packages.js');
11
+ const require_versions__internal = require('../versions/_internal.js');
11
12
  const require_objects_sort = require('../objects/sort.js');
12
13
  const require_packages_exports = require('./exports.js');
13
14
  const require_packages_validation = require('./validation.js');
14
15
  let src_external_npm_package_arg = require("../external/npm-package-arg");
15
16
  src_external_npm_package_arg = require_runtime.__toESM(src_external_npm_package_arg);
16
- let src_external_semver = require("../external/semver");
17
- src_external_semver = require_runtime.__toESM(src_external_semver);
18
17
  let src_external_pacote = require("../external/pacote");
19
18
  src_external_pacote = require_runtime.__toESM(src_external_pacote);
20
19
 
@@ -22,7 +21,6 @@ src_external_pacote = require_runtime.__toESM(src_external_pacote);
22
21
  /**
23
22
  * @file Package manifest and packument fetching utilities.
24
23
  */
25
- const abortSignal = require_process_abort.getAbortSignal();
26
24
  const packageDefaultNodeRange = require_constants_packages.getPackageDefaultNodeRange();
27
25
  const PACKAGE_DEFAULT_SOCKET_CATEGORIES = require_constants_packages.getPackageDefaultSocketCategories();
28
26
  const packumentCache = require_constants_packages.getPackumentCache();
@@ -72,8 +70,9 @@ function createPackageJson(sockRegPkgName, directory, options) {
72
70
  if (strKey === "node") {
73
71
  const { 1: range } = result;
74
72
  if (typeof range === "string" && range && packageDefaultNodeRange) {
75
- const coercedRange = src_external_semver.default.coerce(range);
76
- if (!src_external_semver.default.satisfies(coercedRange?.version ?? "0.0.0", packageDefaultNodeRange)) result[1] = packageDefaultNodeRange;
73
+ const semver = require_versions__internal.getSemver();
74
+ const coercedRange = semver.coerce(range);
75
+ if (!semver.satisfies(coercedRange?.version ?? "0.0.0", packageDefaultNodeRange)) result[1] = packageDefaultNodeRange;
77
76
  }
78
77
  }
79
78
  return result;
@@ -93,7 +92,7 @@ function createPackageJson(sockRegPkgName, directory, options) {
93
92
  async function fetchPackageManifest(pkgNameOrId, options) {
94
93
  const pacoteOptions = {
95
94
  __proto__: null,
96
- signal: abortSignal,
95
+ signal: require_process_abort.getAbortSignal(),
97
96
  ...options,
98
97
  packumentCache,
99
98
  preferOffline: true
@@ -125,7 +124,7 @@ async function fetchPackagePackument(pkgNameOrId, options) {
125
124
  try {
126
125
  return await src_external_pacote.default.packument(pkgNameOrId, {
127
126
  __proto__: null,
128
- signal: abortSignal,
127
+ signal: require_process_abort.getAbortSignal(),
129
128
  ...options,
130
129
  packumentCache,
131
130
  preferOffline: true
@@ -1,11 +1,9 @@
1
1
  "use strict";
2
2
  /* Socket Lib - Built with rolldown */
3
3
  Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
4
- const require_runtime = require('../_virtual/_rolldown/runtime.js');
5
4
  const require_objects_mutate = require('../objects/mutate.js');
6
5
  const require_constants_packages = require('../constants/packages.js');
7
- let src_external_semver = require("../external/semver");
8
- src_external_semver = require_runtime.__toESM(src_external_semver);
6
+ const require_versions__internal = require('../versions/_internal.js');
9
7
 
10
8
  //#region src/packages/metadata-extensions.ts
11
9
  /**
@@ -30,7 +28,7 @@ function findPackageExtensions(pkgName, pkgVer) {
30
28
  const lastAtSignIndex = selector.lastIndexOf("@");
31
29
  if (pkgName === selector.slice(0, lastAtSignIndex)) {
32
30
  const range = selector.slice(lastAtSignIndex + 1);
33
- if (src_external_semver.satisfies(pkgVer, range)) {
31
+ if (require_versions__internal.getSemver().satisfies(pkgVer, range)) {
34
32
  if (result === void 0) result = {};
35
33
  if (typeof ext === "object" && ext !== null) require_objects_mutate.merge(result, ext);
36
34
  }
@@ -5,6 +5,8 @@ import type { ProvenanceOptions } from './types';
5
5
  /**
6
6
  * Comparator ordering two trust statuses by ascending trust level. Sorts an
7
7
  * array of statuses lowest-trust-first; negate for highest-first.
8
+ *
9
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
8
10
  */
9
11
  export declare function compareTrust(a: TrustStatus, b: TrustStatus): -1 | 0 | 1;
10
12
  /**
@@ -12,6 +14,8 @@ export declare function compareTrust(a: TrustStatus, b: TrustStatus): -1 | 0 | 1
12
14
  * regressed its supply-chain posture. Drives the post-publish provenance
13
15
  * reminder: a version that drops from trustedPublisher back to bare provenance
14
16
  * is a red flag worth surfacing.
17
+ *
18
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
15
19
  */
16
20
  export declare function didTrustDecrease(prev: TrustStatus, next: TrustStatus): boolean;
17
21
  /**
@@ -48,6 +52,8 @@ export declare function getProvenanceDetails(attestationData: unknown): unknown;
48
52
  export declare function getTrustLevel(status: TrustStatus): TrustLevel;
49
53
  /**
50
54
  * Map a trust status to its human-readable level name.
55
+ *
56
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
51
57
  */
52
58
  export declare function getTrustLevelName(status: TrustStatus): TrustLevelName;
53
59
  /**
@@ -59,6 +65,8 @@ export declare function getTrustLevelName(status: TrustStatus): TrustLevelName;
59
65
  * 2FA-gated approve step. That signal ranks ABOVE both `trustedPublisher` and
60
66
  * `provenance` in pnpm's trust-evidence ladder, because it adds a human
61
67
  * approval gate on top of the OIDC publisher identity.
68
+ *
69
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
62
70
  */
63
71
  export declare function getTrustStatus(meta: unknown): TrustStatus;
64
72
  /**
@@ -25,6 +25,8 @@ let cachedFetcher;
25
25
  /**
26
26
  * Comparator ordering two trust statuses by ascending trust level. Sorts an
27
27
  * array of statuses lowest-trust-first; negate for highest-first.
28
+ *
29
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
28
30
  */
29
31
  function compareTrust(a, b) {
30
32
  const levelA = getTrustLevel(a);
@@ -38,6 +40,8 @@ function compareTrust(a, b) {
38
40
  * regressed its supply-chain posture. Drives the post-publish provenance
39
41
  * reminder: a version that drops from trustedPublisher back to bare provenance
40
42
  * is a red flag worth surfacing.
43
+ *
44
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
41
45
  */
42
46
  function didTrustDecrease(prev, next) {
43
47
  return getTrustLevel(next) < getTrustLevel(prev);
@@ -152,6 +156,8 @@ function getTrustLevel(status) {
152
156
  }
153
157
  /**
154
158
  * Map a trust status to its human-readable level name.
159
+ *
160
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
155
161
  */
156
162
  function getTrustLevelName(status) {
157
163
  return TRUST_LEVELS[getTrustLevel(status)];
@@ -165,6 +171,8 @@ function getTrustLevelName(status) {
165
171
  * 2FA-gated approve step. That signal ranks ABOVE both `trustedPublisher` and
166
172
  * `provenance` in pnpm's trust-evidence ladder, because it adds a human
167
173
  * approval gate on top of the OIDC publisher identity.
174
+ *
175
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
168
176
  */
169
177
  function getTrustStatus(meta) {
170
178
  const status = {
@@ -18,7 +18,6 @@ src_external_libnpmpack = require_runtime.__toESM(src_external_libnpmpack);
18
18
  * spec into a tarball, both via pacote/libnpmpack with the shared packument
19
19
  * cache.
20
20
  */
21
- const abortSignal = require_process_abort.getAbortSignal();
22
21
  const packumentCache = require_constants_packages.getPackumentCache();
23
22
  const pacoteCachePath = require_constants_packages.getPacoteCachePath();
24
23
  /**
@@ -68,7 +67,7 @@ async function packPackage(spec, options) {
68
67
  /* c8 ignore start - External package registry packing */
69
68
  return await (0, src_external_libnpmpack.default)(spec, {
70
69
  __proto__: null,
71
- signal: abortSignal,
70
+ signal: require_process_abort.getAbortSignal(),
72
71
  ...options,
73
72
  packumentCache,
74
73
  preferOffline: true
@@ -1,16 +1,6 @@
1
1
  /**
2
2
  * @file Package name validation utilities.
3
3
  */
4
- /**
5
- * Check if package name is a blessed Socket.dev package.
6
- *
7
- * @example
8
- * ;```typescript
9
- * isBlessedPackageName('@socketregistry/is-number') // true
10
- * isBlessedPackageName('lodash') // false
11
- * ```
12
- */
13
- export declare function isBlessedPackageName(name: unknown): boolean;
14
4
  /**
15
5
  * Check if a type string represents a registry fetcher type.
16
6
  *
@@ -2,7 +2,6 @@
2
2
  /* Socket Lib - Built with rolldown */
3
3
  Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
4
4
  const require_runtime = require('../_virtual/_rolldown/runtime.js');
5
- const require_primordials_string = require('../primordials/string.js');
6
5
  let src_external_validate_npm_package_name = require("../external/validate-npm-package-name");
7
6
  src_external_validate_npm_package_name = require_runtime.__toESM(src_external_validate_npm_package_name);
8
7
 
@@ -11,18 +10,6 @@ src_external_validate_npm_package_name = require_runtime.__toESM(src_external_va
11
10
  * @file Package name validation utilities.
12
11
  */
13
12
  /**
14
- * Check if package name is a blessed Socket.dev package.
15
- *
16
- * @example
17
- * ;```typescript
18
- * isBlessedPackageName('@socketregistry/is-number') // true
19
- * isBlessedPackageName('lodash') // false
20
- * ```
21
- */
22
- function isBlessedPackageName(name) {
23
- return typeof name === "string" && (name === "sfw" || name === "socket" || require_primordials_string.StringPrototypeStartsWith(name, "@socketoverride/") || require_primordials_string.StringPrototypeStartsWith(name, "@socketregistry/") || require_primordials_string.StringPrototypeStartsWith(name, "@socketsecurity/"));
24
- }
25
- /**
26
13
  * Check if a type string represents a registry fetcher type.
27
14
  *
28
15
  * @example
@@ -48,6 +35,5 @@ function isValidPackageName(name) {
48
35
  }
49
36
 
50
37
  //#endregion
51
- exports.isBlessedPackageName = isBlessedPackageName;
52
38
  exports.isRegistryFetcherType = isRegistryFetcherType;
53
39
  exports.isValidPackageName = isValidPackageName;
@@ -1,17 +1,47 @@
1
1
  /**
2
2
  * @file File extension constants.
3
3
  */
4
+ /**
5
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
6
+ */
4
7
  export declare const EXT_CJS = ".cjs";
8
+ /**
9
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
10
+ */
5
11
  export declare const EXT_CMD = ".cmd";
12
+ /**
13
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
14
+ */
6
15
  export declare const EXT_CTS = ".cts";
16
+ /**
17
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
18
+ */
7
19
  export declare const EXT_DTS = ".d.ts";
20
+ /**
21
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
22
+ */
8
23
  export declare const EXT_JS = ".js";
9
24
  export declare const EXT_JSON = ".json";
10
25
  export declare const EXT_LOCK = ".lock";
11
26
  export declare const EXT_LOCKB = ".lockb";
12
27
  export declare const EXT_MD = ".md";
28
+ /**
29
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
30
+ */
13
31
  export declare const EXT_MJS = ".mjs";
32
+ /**
33
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
34
+ */
14
35
  export declare const EXT_MTS = ".mts";
36
+ /**
37
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
38
+ */
15
39
  export declare const EXT_PS1 = ".ps1";
40
+ /**
41
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
42
+ */
16
43
  export declare const EXT_YAML = ".yaml";
44
+ /**
45
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
46
+ */
17
47
  export declare const EXT_YML = ".yml";
@@ -6,19 +6,49 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
6
6
  /**
7
7
  * @file File extension constants.
8
8
  */
9
+ /**
10
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
11
+ */
9
12
  const EXT_CJS = ".cjs";
13
+ /**
14
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
15
+ */
10
16
  const EXT_CMD = ".cmd";
17
+ /**
18
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
19
+ */
11
20
  const EXT_CTS = ".cts";
21
+ /**
22
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
23
+ */
12
24
  const EXT_DTS = ".d.ts";
25
+ /**
26
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
27
+ */
13
28
  const EXT_JS = ".js";
14
29
  const EXT_JSON = ".json";
15
30
  const EXT_LOCK = ".lock";
16
31
  const EXT_LOCKB = ".lockb";
17
32
  const EXT_MD = ".md";
33
+ /**
34
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
35
+ */
18
36
  const EXT_MJS = ".mjs";
37
+ /**
38
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
39
+ */
19
40
  const EXT_MTS = ".mts";
41
+ /**
42
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
43
+ */
20
44
  const EXT_PS1 = ".ps1";
45
+ /**
46
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
47
+ */
21
48
  const EXT_YAML = ".yaml";
49
+ /**
50
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
51
+ */
22
52
  const EXT_YML = ".yml";
23
53
 
24
54
  //#endregion
@@ -4,11 +4,17 @@
4
4
  export declare const PACKAGE_JSON = "package.json";
5
5
  export declare const TSCONFIG_JSON = "tsconfig.json";
6
6
  export declare const LICENSE = "LICENSE";
7
+ /**
8
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
9
+ */
7
10
  export declare const LICENSE_MD = "LICENSE.md";
8
11
  export declare const LICENSE_ORIGINAL = "LICENSE.original";
9
12
  export declare const README_MD = "README.md";
10
13
  export declare const CHANGELOG_MD = "CHANGELOG.md";
11
14
  export declare const MANIFEST_JSON = "manifest.json";
12
15
  export declare const EXTENSIONS_JSON = "extensions.json";
16
+ /**
17
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
18
+ */
13
19
  export declare const GITIGNORE = ".gitignore";
14
20
  export declare const DOT_PACKAGE_LOCK_JSON = ".package-lock.json";
@@ -9,12 +9,18 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
9
9
  const PACKAGE_JSON = "package.json";
10
10
  const TSCONFIG_JSON = "tsconfig.json";
11
11
  const LICENSE = "LICENSE";
12
+ /**
13
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
14
+ */
12
15
  const LICENSE_MD = "LICENSE.md";
13
16
  const LICENSE_ORIGINAL = "LICENSE.original";
14
17
  const README_MD = "README.md";
15
18
  const CHANGELOG_MD = "CHANGELOG.md";
16
19
  const MANIFEST_JSON = "manifest.json";
17
20
  const EXTENSIONS_JSON = "extensions.json";
21
+ /**
22
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
23
+ */
18
24
  const GITIGNORE = ".gitignore";
19
25
  const DOT_PACKAGE_LOCK_JSON = ".package-lock.json";
20
26
 
@@ -3,7 +3,13 @@
3
3
  */
4
4
  export declare const LICENSE_GLOB = "LICEN[CS]E{[.-]*,}";
5
5
  export declare const LICENSE_GLOB_RECURSIVE = "**/LICEN[CS]E{[.-]*,}";
6
+ /**
7
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
8
+ */
6
9
  export declare const LICENSE_ORIGINAL_GLOB = "*.original{.*,}";
7
10
  export declare const LICENSE_ORIGINAL_GLOB_RECURSIVE = "**/*.original{.*,}";
8
11
  export declare const README_GLOB = "README{.*,}";
12
+ /**
13
+ * @unused No internal or Socket consumers (exercised only by its unit tests).
14
+ */
9
15
  export declare const README_GLOB_RECURSIVE = "**/README{.*,}";