npm - @socketsecurity/sdk - Versions diffs - 1.10.1 → 1.11.1 - Mend

@socketsecurity/sdk 1.10.1 → 1.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/CHANGELOG.md +19 -0
package/README.md +153 -311
package/dist/constants.js +23 -117
package/dist/file-upload.js +118 -127
package/dist/http-client.d.ts +11 -8
package/dist/http-client.js +281 -223
package/dist/index.js +43 -48
package/dist/package.json.js +212 -0
package/dist/quota-utils.d.ts +13 -6
package/dist/quota-utils.js +128 -105
package/dist/socket-sdk-class.d.ts +1 -1
package/dist/socket-sdk-class.js +1488 -1407
package/dist/testing.d.ts +453 -0
package/dist/testing.js +387 -0
package/dist/types.d.ts +26 -0
package/dist/user-agent.js +11 -7
package/dist/utils.d.ts +2 -1
package/dist/utils.js +66 -60
package/package.json +27 -6
package/dist/promise-queue.js +0 -91
package/dist/types.js +0 -3

package/dist/http-client.js CHANGED Viewed

@@ -1,53 +1,37 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ResponseError = void 0;
-exports.createDeleteRequest = createDeleteRequest;
-exports.createGetRequest = createGetRequest;
-exports.createRequestWithJson = createRequestWithJson;
-exports.getErrorResponseBody = getErrorResponseBody;
-exports.getHttpModule = getHttpModule;
-exports.getResponse = getResponse;
-exports.getResponseJson = getResponseJson;
-exports.isResponseOk = isResponseOk;
-exports.reshapeArtifactForPublicPolicy = reshapeArtifactForPublicPolicy;
-exports.withRetry = withRetry;
-exports.createGetRequestWithRetry = createGetRequestWithRetry;
-exports.createDeleteRequestWithRetry = createDeleteRequestWithRetry;
-exports.createRequestWithJsonAndRetry = createRequestWithJsonAndRetry;
+'use strict';
+var http = require('node:http');
+var https = require('node:https');
+var debug = require('@socketsecurity/registry/lib/debug');
+var json = require('@socketsecurity/registry/lib/json');
+var performance = require('@socketsecurity/registry/lib/performance');
 /**
  * @fileoverview HTTP client utilities for Socket API communication.
  * Provides low-level HTTP request handling with proper error management and response parsing.
  */
-const node_http_1 = __importDefault(require("node:http"));
-const node_https_1 = __importDefault(require("node:https"));
-const debug_1 = require("@socketsecurity/registry/lib/debug");
-const json_1 = require("@socketsecurity/registry/lib/json");
 /**
  * HTTP response error for Socket API requests.
  * Extends Error with response details for debugging failed API calls.
  */
 class ResponseError extends Error {
-    response;
-    /**
-     * Create a new ResponseError from an HTTP response.
-     * Automatically formats error message with status code and message.
-     */
-    constructor(response, message = '') {
-        /* c8 ignore next 2 - statusCode and statusMessage may be undefined in edge cases */
-        const statusCode = response.statusCode ?? 'unknown';
-        const statusMessage = response.statusMessage ?? 'No status message';
-        super(
-        /* c8 ignore next - fallback empty message if not provided */
-        `Socket API ${message || 'Request failed'} (${statusCode}): ${statusMessage}`);
-        this.name = 'ResponseError';
-        this.response = response;
-        Error.captureStackTrace(this, ResponseError);
-    }
+  /**
+   * Create a new ResponseError from an HTTP response.
+   * Automatically formats error message with status code and message.
+   */
+  constructor(response, message = '') {
+    /* c8 ignore next 2 - statusCode and statusMessage may be undefined in edge cases */
+    const statusCode = response.statusCode ?? 'unknown';
+    const statusMessage = response.statusMessage ?? 'No status message';
+    super(/* c8 ignore next - fallback empty message if not provided */
+    `Socket API ${message || 'Request failed'} (${statusCode}): ${statusMessage}`);
+    this.name = 'ResponseError';
+    this.response = response;
+    Error.captureStackTrace(this, ResponseError);
+  }
 }
-exports.ResponseError = ResponseError;
 /**
  * Create and execute an HTTP DELETE request.
  * Returns the response stream for further processing.
@@ -55,50 +39,79 @@ exports.ResponseError = ResponseError;
  * @throws {Error} When network or timeout errors occur
  */
 async function createDeleteRequest(baseUrl, urlPath, options) {
-    const req = getHttpModule(baseUrl)
-        .request(`${baseUrl}${urlPath}`, {
-        method: 'DELETE',
-        ...options,
-    })
-        .end();
-    return await getResponse(req);
+  const req = getHttpModule(baseUrl).request(`${baseUrl}${urlPath}`, {
+    method: 'DELETE',
+    ...options
+  }).end();
+  return await getResponse(req);
 }
 /**
  * Create and execute an HTTP GET request.
  * Returns the response stream for further processing.
+ * Performance tracking enabled with DEBUG=perf.
  *
  * @throws {Error} When network or timeout errors occur
  */
 async function createGetRequest(baseUrl, urlPath, options) {
-    const req = getHttpModule(baseUrl)
-        .request(`${baseUrl}${urlPath}`, {
-        method: 'GET',
-        ...options,
-    })
-        .end();
-    return await getResponse(req);
+  const stopTimer = performance.perfTimer('http:get', {
+    urlPath
+  });
+  try {
+    const req = getHttpModule(baseUrl).request(`${baseUrl}${urlPath}`, {
+      method: 'GET',
+      ...options
+    }).end();
+    const response = await getResponse(req);
+    stopTimer({
+      statusCode: response.statusCode
+    });
+    return response;
+  } catch (error) {
+    stopTimer({
+      error: true
+    });
+    throw error;
+  }
 }
 /**
  * Create and execute an HTTP request with JSON payload.
  * Automatically sets appropriate content headers and serializes the body.
+ * Performance tracking enabled with DEBUG=perf.
  *
  * @throws {Error} When network or timeout errors occur
  */
 async function createRequestWithJson(method, baseUrl, urlPath, json, options) {
+  const stopTimer = performance.perfTimer(`http:${method.toLowerCase()}`, {
+    urlPath
+  });
+  try {
     const body = JSON.stringify(json);
     const req = getHttpModule(baseUrl).request(`${baseUrl}${urlPath}`, {
-        method,
-        ...options,
-        headers: {
-            ...options.headers,
-            'Content-Length': Buffer.byteLength(body, 'utf8'),
-            'Content-Type': 'application/json',
-        },
+      method,
+      ...options,
+      headers: {
+        ...options.headers,
+        'Content-Length': Buffer.byteLength(body, 'utf8'),
+        'Content-Type': 'application/json'
+      }
     });
     req.write(body);
     req.end();
-    return await getResponse(req);
+    const response = await getResponse(req);
+    stopTimer({
+      statusCode: response.statusCode
+    });
+    return response;
+  } catch (error) {
+    stopTimer({
+      error: true
+    });
+    throw error;
+  }
 }
 /**
  * Read the response body from an HTTP error response.
  * Accumulates all chunks into a complete string for error handling.
@@ -106,22 +119,24 @@ async function createRequestWithJson(method, baseUrl, urlPath, json, options) {
  * @throws {Error} When stream errors occur during reading
  */
 async function getErrorResponseBody(response) {
-    return await new Promise((resolve, reject) => {
-        let body = '';
-        response.setEncoding('utf8');
-        response.on('data', (chunk) => (body += chunk));
-        response.on('end', () => resolve(body));
-        /* c8 ignore next - Extremely rare network or stream error during error response reading. */
-        response.on('error', e => reject(e));
-    });
+  return await new Promise((resolve, reject) => {
+    let body = '';
+    response.setEncoding('utf8');
+    response.on('data', chunk => body += chunk);
+    response.on('end', () => resolve(body));
+    /* c8 ignore next - Extremely rare network or stream error during error response reading. */
+    response.on('error', e => reject(e));
+  });
 }
 /**
  * Get the appropriate HTTP module based on URL protocol.
  * Returns http module for http: URLs, https module for https: URLs.
  */
 function getHttpModule(url) {
-    return url.startsWith('https:') ? node_https_1.default : node_http_1.default;
+  return url.startsWith('https:') ? https : http;
 }
 /**
  * Wait for and return the HTTP response from a request.
  * Handles timeout and error conditions during request processing.
@@ -129,219 +144,262 @@ function getHttpModule(url) {
  * @throws {Error} When request times out or network errors occur
  */
 async function getResponse(req) {
-    return await new Promise((resolve, reject) => {
-        let timedOut = false;
-        req.on('response', (response) => {
-            /* c8 ignore next 3 - Race condition where response arrives after timeout. */
-            if (timedOut) {
-                return;
-            }
-            resolve(response);
-        });
-        req.on('timeout', () => {
-            timedOut = true;
-            req.destroy();
-            reject(new Error('Request timed out'));
-        });
-        /* c8 ignore start - Network error handling during request, difficult to test reliably. */
-        req.on('error', e => {
-            if (!timedOut) {
-                reject(e);
-            }
-        });
-        /* c8 ignore stop */
+  return await new Promise((resolve, reject) => {
+    let timedOut = false;
+    req.on('response', response => {
+      /* c8 ignore next 3 - Race condition where response arrives after timeout. */
+      if (timedOut) {
+        return;
+      }
+      resolve(response);
+    });
+    req.on('timeout', () => {
+      timedOut = true;
+      req.destroy();
+      reject(new Error('Request timed out'));
+    });
+    /* c8 ignore start - Network error handling during request, difficult to test reliably. */
+    req.on('error', e => {
+      if (!timedOut) {
+        reject(e);
+      }
     });
+    /* c8 ignore stop */
+  });
 }
 /**
  * Parse HTTP response body as JSON.
  * Validates response status and handles empty responses gracefully.
+ * Performance tracking enabled with DEBUG=perf.
  *
  * @throws {ResponseError} When response has non-2xx status code
  * @throws {SyntaxError} When response body contains invalid JSON
  */
 async function getResponseJson(response, method) {
+  const stopTimer = performance.perfTimer('http:parse-json');
+  try {
     if (!isResponseOk(response)) {
-        throw new ResponseError(response, method ? `${method} Request failed` : undefined);
+      throw new ResponseError(response, method ? `${method} Request failed` : undefined);
     }
     const responseBody = await getErrorResponseBody(response);
     // Handle truly empty responses (not whitespace) as valid empty objects.
     if (responseBody === '') {
-        (0, debug_1.debugLog)('API response: empty response treated as {}');
-        return {};
+      debug.debugLog('API response: empty response treated as {}');
+      stopTimer({
+        success: true
+      });
+      return {};
     }
     try {
-        const responseJson = (0, json_1.jsonParse)(responseBody);
-        (0, debug_1.debugLog)('API response:', responseJson);
-        return responseJson;
-    }
-    catch (e) {
-        if (e instanceof SyntaxError) {
-            // Attach the original response text for better error reporting.
-            const enhancedError = new Error(`Socket API - Invalid JSON response:\n${responseBody}\n→ ${e.message}`, { cause: e });
-            enhancedError.name = 'SyntaxError';
-            enhancedError.originalResponse = responseBody;
-            Object.setPrototypeOf(enhancedError, SyntaxError.prototype);
-            throw enhancedError;
-        }
-        /* c8 ignore start - Error instanceof check and unknown error handling for JSON parsing edge cases. */
-        if (e instanceof Error) {
-            throw e;
-        }
-        // Handle non-Error objects thrown by JSON parsing.
-        const unknownError = new Error('Unknown JSON parsing error', {
-            cause: e,
+      const responseJson = json.jsonParse(responseBody);
+      debug.debugLog('API response:', responseJson);
+      stopTimer({
+        success: true
+      });
+      return responseJson;
+    } catch (e) {
+      stopTimer({
+        error: true
+      });
+      if (e instanceof SyntaxError) {
+        // Attach the original response text for better error reporting.
+        const enhancedError = new Error(`Socket API - Invalid JSON response:\n${responseBody}\n→ ${e.message}`, {
+          cause: e
         });
-        unknownError.name = 'SyntaxError';
-        unknownError.originalResponse = responseBody;
-        Object.setPrototypeOf(unknownError, SyntaxError.prototype);
-        throw unknownError;
-        /* c8 ignore stop */
+        enhancedError.name = 'SyntaxError';
+        enhancedError.originalResponse = responseBody;
+        Object.setPrototypeOf(enhancedError, SyntaxError.prototype);
+        throw enhancedError;
+      }
+      /* c8 ignore start - Error instanceof check and unknown error handling for JSON parsing edge cases. */
+      if (e instanceof Error) {
+        throw e;
+      }
+      // Handle non-Error objects thrown by JSON parsing.
+      const unknownError = new Error('Unknown JSON parsing error', {
+        cause: e
+      });
+      unknownError.name = 'SyntaxError';
+      unknownError.originalResponse = responseBody;
+      Object.setPrototypeOf(unknownError, SyntaxError.prototype);
+      throw unknownError;
+      /* c8 ignore stop */
     }
+  } catch (error) {
+    stopTimer({
+      error: true
+    });
+    throw error;
+  }
 }
 /**
  * Check if HTTP response has a successful status code (2xx range).
  * Returns true for status codes between 200-299, false otherwise.
  */
 function isResponseOk(response) {
-    const { statusCode } = response;
-    /* c8 ignore next - Defensive fallback for edge cases where statusCode might be undefined. */
-    return statusCode ? statusCode >= 200 && statusCode < 300 : false;
+  const {
+    statusCode
+  } = response;
+  /* c8 ignore next - Defensive fallback for edge cases where statusCode might be undefined. */
+  return statusCode ? statusCode >= 200 && statusCode < 300 : false;
 }
 /**
  * Transform artifact data based on authentication status.
  * Filters and compacts response data for public/free-tier users.
  */
 function reshapeArtifactForPublicPolicy(data, isAuthenticated, actions) {
-    /* c8 ignore start - Public policy artifact reshaping for unauthenticated users, difficult to test edge cases. */
-    // If user is not authenticated, provide a different response structure
-    // optimized for the public free-tier experience.
-    if (!isAuthenticated) {
-        // Parse actions parameter for alert filtering.
-        const allowedActions = actions ? actions.split(',') : undefined;
-        const reshapeArtifact = (artifact) => ({
-            name: artifact.name,
-            version: artifact.version,
-            size: artifact.size,
-            author: artifact.author,
-            type: artifact.type,
-            supplyChainRisk: artifact.supplyChainRisk,
-            scorecards: artifact.scorecards,
-            topLevelAncestors: artifact.topLevelAncestors,
-            // Compact the alerts array to reduce response size for non-authenticated
-            // requests.
-            alerts: artifact.alerts
-                ?.filter((alert) => {
-                // Filter by severity (remove low severity alerts).
-                if (alert.severity === 'low') {
-                    return false;
-                }
-                // Filter by actions if specified.
-                if (allowedActions &&
-                    alert.action &&
-                    !allowedActions.includes(alert.action)) {
-                    return false;
-                }
-                return true;
-            })
-                .map((alert) => ({
-                type: alert.type,
-                severity: alert.severity,
-                key: alert.key,
-            })),
-        });
-        // Handle both single artifacts and objects with artifacts arrays.
-        if (data['artifacts']) {
-            // Object with artifacts array.
-            const artifacts = data['artifacts'];
-            return {
-                ...data,
-                artifacts: Array.isArray(artifacts)
-                    ? artifacts.map(reshapeArtifact)
-                    : artifacts,
-            };
+  /* c8 ignore start - Public policy artifact reshaping for unauthenticated users, difficult to test edge cases. */
+  // If user is not authenticated, provide a different response structure
+  // optimized for the public free-tier experience.
+  if (!isAuthenticated) {
+    // Parse actions parameter for alert filtering.
+    const allowedActions = actions ? actions.split(',') : undefined;
+    const reshapeArtifact = artifact => ({
+      name: artifact.name,
+      version: artifact.version,
+      size: artifact.size,
+      author: artifact.author,
+      type: artifact.type,
+      supplyChainRisk: artifact.supplyChainRisk,
+      scorecards: artifact.scorecards,
+      topLevelAncestors: artifact.topLevelAncestors,
+      // Compact the alerts array to reduce response size for non-authenticated
+      // requests.
+      alerts: artifact.alerts?.filter(alert => {
+        // Filter by severity (remove low severity alerts).
+        if (alert.severity === 'low') {
+          return false;
         }
-        if (data['alerts']) {
-            // Single artifact with alerts.
-            return reshapeArtifact(data);
+        // Filter by actions if specified.
+        if (allowedActions && alert.action && !allowedActions.includes(alert.action)) {
+          return false;
         }
+        return true;
+      }).map(alert => ({
+        type: alert.type,
+        severity: alert.severity,
+        key: alert.key
+      }))
+    });
+    // Handle both single artifacts and objects with artifacts arrays.
+    if (data['artifacts']) {
+      // Object with artifacts array.
+      const artifacts = data['artifacts'];
+      return {
+        ...data,
+        artifacts: Array.isArray(artifacts) ? artifacts.map(reshapeArtifact) : artifacts
+      };
     }
-    return data;
-    /* c8 ignore stop */
+    if (data['alerts']) {
+      // Single artifact with alerts.
+      return reshapeArtifact(data);
+    }
+  }
+  return data;
+  /* c8 ignore stop */
 }
 /**
  * Retry helper for HTTP requests with exponential backoff.
  * Wraps any async HTTP function and retries on failure.
  *
  * @param fn - Async function to retry
- * @param retries - Number of retry attempts (default: 3)
- * @param retryDelay - Initial delay in ms (default: 1000)
+ * @param retries - Number of retry attempts (default: 0, retries disabled)
+ * @param retryDelay - Initial delay in ms (default: 100)
  * @returns Result of the function call
  * @throws {Error} Last error if all retries exhausted
  */
-async function withRetry(fn, retries = 3, retryDelay = 1000) {
-    let lastError;
-    for (let attempt = 0; attempt <= retries; attempt++) {
-        try {
-            // eslint-disable-next-line no-await-in-loop
-            return await fn();
-        }
-        catch (error) {
-            lastError = error;
-            // Last attempt - throw error with retry context.
-            if (attempt === retries) {
-                const enhancedError = new Error(`Request failed after ${retries + 1} attempts`, { cause: lastError });
-                throw enhancedError;
-            }
-            // Check if error is retryable (network errors, 5xx responses).
-            if (error instanceof ResponseError) {
-                const status = error.response.statusCode;
-                // Don't retry client errors (4xx).
-                if (status && status >= 400 && status < 500) {
-                    throw error;
-                }
-                (0, debug_1.debugLog)('withRetry', `Retrying after ${status} error (attempt ${attempt + 1}/${retries + 1})`);
-            }
-            else {
-                (0, debug_1.debugLog)('withRetry', `Retrying after network error (attempt ${attempt + 1}/${retries + 1})`);
-            }
-            // Exponential backoff.
-            const delayMs = retryDelay * 2 ** attempt;
-            (0, debug_1.debugLog)('withRetry', `Waiting ${delayMs}ms before retry`);
-            // eslint-disable-next-line no-await-in-loop
-            await new Promise(resolve => setTimeout(resolve, delayMs));
+async function withRetry(fn, retries = 0, retryDelay = 100) {
+  let lastError;
+  for (let attempt = 0; attempt <= retries; attempt++) {
+    try {
+      // eslint-disable-next-line no-await-in-loop
+      return await fn();
+    } catch (error) {
+      lastError = error;
+      // Last attempt - throw error with retry context.
+      if (attempt === retries) {
+        const enhancedError = new Error(`Request failed after ${retries + 1} attempts`, {
+          cause: lastError
+        });
+        throw enhancedError;
+      }
+      // Check if error is retryable (network errors, 5xx responses).
+      if (error instanceof ResponseError) {
+        const status = error.response.statusCode;
+        // Don't retry client errors (4xx).
+        if (status && status >= 400 && status < 500) {
+          throw error;
         }
+        debug.debugLog('withRetry', `Retrying after ${status} error (attempt ${attempt + 1}/${retries + 1})`);
+      } else {
+        debug.debugLog('withRetry', `Retrying after network error (attempt ${attempt + 1}/${retries + 1})`);
+      }
+      // Exponential backoff.
+      const delayMs = retryDelay * 2 ** attempt;
+      debug.debugLog('withRetry', `Waiting ${delayMs}ms before retry`);
+      // eslint-disable-next-line no-await-in-loop
+      await new Promise(resolve => setTimeout(resolve, delayMs));
     }
-    // Fallback error if lastError is somehow undefined.
-    /* c8 ignore next - Defensive fallback for undefined lastError */
-    throw lastError || new Error('Request failed after retries');
+  }
+  // Fallback error if lastError is somehow undefined.
+  /* c8 ignore next - Defensive fallback for undefined lastError */
+  throw lastError || new Error('Request failed after retries');
 }
 /**
  * Create GET request with automatic retry logic.
  * Retries on network errors and 5xx responses.
  *
- * @param retries - Number of retry attempts (default: 3)
- * @param retryDelay - Initial delay in ms (default: 1000)
+ * @param retries - Number of retry attempts (default: 0, retries disabled)
+ * @param retryDelay - Initial delay in ms (default: 100)
  */
-async function createGetRequestWithRetry(baseUrl, urlPath, options, retries = 3, retryDelay = 1000) {
-    return await withRetry(() => createGetRequest(baseUrl, urlPath, options), retries, retryDelay);
+async function createGetRequestWithRetry(baseUrl, urlPath, options, retries = 0, retryDelay = 100) {
+  return await withRetry(() => createGetRequest(baseUrl, urlPath, options), retries, retryDelay);
 }
 /**
  * Create DELETE request with automatic retry logic.
  * Retries on network errors and 5xx responses.
  *
- * @param retries - Number of retry attempts (default: 3)
- * @param retryDelay - Initial delay in ms (default: 1000)
+ * @param retries - Number of retry attempts (default: 0, retries disabled)
+ * @param retryDelay - Initial delay in ms (default: 100)
  */
-async function createDeleteRequestWithRetry(baseUrl, urlPath, options, retries = 3, retryDelay = 1000) {
-    return await withRetry(() => createDeleteRequest(baseUrl, urlPath, options), retries, retryDelay);
+async function createDeleteRequestWithRetry(baseUrl, urlPath, options, retries = 0, retryDelay = 100) {
+  return await withRetry(() => createDeleteRequest(baseUrl, urlPath, options), retries, retryDelay);
 }
 /**
  * Create request with JSON payload and automatic retry logic.
  * Retries on network errors and 5xx responses.
  *
- * @param retries - Number of retry attempts (default: 3)
- * @param retryDelay - Initial delay in ms (default: 1000)
+ * @param retries - Number of retry attempts (default: 0, retries disabled)
+ * @param retryDelay - Initial delay in ms (default: 100)
  */
-async function createRequestWithJsonAndRetry(method, baseUrl, urlPath, json, options, retries = 3, retryDelay = 1000) {
-    return await withRetry(() => createRequestWithJson(method, baseUrl, urlPath, json, options), retries, retryDelay);
+async function createRequestWithJsonAndRetry(method, baseUrl, urlPath, json, options, retries = 0, retryDelay = 100) {
+  return await withRetry(() => createRequestWithJson(method, baseUrl, urlPath, json, options), retries, retryDelay);
 }
+exports.ResponseError = ResponseError;
+exports.createDeleteRequest = createDeleteRequest;
+exports.createDeleteRequestWithRetry = createDeleteRequestWithRetry;
+exports.createGetRequest = createGetRequest;
+exports.createGetRequestWithRetry = createGetRequestWithRetry;
+exports.createRequestWithJson = createRequestWithJson;
+exports.createRequestWithJsonAndRetry = createRequestWithJsonAndRetry;
+exports.getErrorResponseBody = getErrorResponseBody;
+exports.getHttpModule = getHttpModule;
+exports.getResponse = getResponse;
+exports.getResponseJson = getResponseJson;
+exports.isResponseOk = isResponseOk;
+exports.reshapeArtifactForPublicPolicy = reshapeArtifactForPublicPolicy;
+exports.withRetry = withRetry;