@socketsecurity/sdk 1.11.0 → 1.11.2

package/dist/constants.js

@@ -1,124 +1,30 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.publicPolicy = exports.httpAgentNames = exports.DEFAULT_USER_AGENT = void 0;
+'use strict';
+
+var _package = require('./package.json.js');
+var userAgent = require('./user-agent.js');
+
 /**
  * @fileoverview Configuration constants and enums for the Socket SDK.
  * Provides default values, HTTP agents, and public policy configurations for API interactions.
  */
-const package_json_1 = __importDefault(require("../package.json"));
-const user_agent_1 = require("./user-agent");
-exports.DEFAULT_USER_AGENT = (0, user_agent_1.createUserAgentFromPkgJson)(package_json_1.default);
+
+const DEFAULT_USER_AGENT = userAgent.createUserAgentFromPkgJson(_package.default);
+
 // https://github.com/sindresorhus/got/blob/v14.4.6/documentation/2-options.md#agent
 // Valid HTTP agent names for Got-style agent configuration compatibility.
-exports.httpAgentNames = new Set(['http', 'https', 'http2']);
+const httpAgentNames = new Set(['http', 'https', 'http2']);
+
 // Public security policy.
-exports.publicPolicy = new Map([
-    // error (1):
-    ['malware', 'error'],
-    // warn (7):
-    ['criticalCVE', 'warn'],
-    ['didYouMean', 'warn'],
-    ['gitDependency', 'warn'],
-    ['httpDependency', 'warn'],
-    ['licenseSpdxDisj', 'warn'],
-    ['obfuscatedFile', 'warn'],
-    ['troll', 'warn'],
-    // monitor (7):
-    ['deprecated', 'monitor'],
-    ['mediumCVE', 'monitor'],
-    ['mildCVE', 'monitor'],
-    ['shrinkwrap', 'monitor'],
-    ['telemetry', 'monitor'],
-    ['unpopularPackage', 'monitor'],
-    ['unstableOwnership', 'monitor'],
-    // ignore (85):
-    ['ambiguousClassifier', 'ignore'],
-    ['badEncoding', 'ignore'],
-    ['badSemver', 'ignore'],
-    ['badSemverDependency', 'ignore'],
-    ['bidi', 'ignore'],
-    ['binScriptConfusion', 'ignore'],
-    ['chromeContentScript', 'ignore'],
-    ['chromeHostPermission', 'ignore'],
-    ['chromePermission', 'ignore'],
-    ['chromeWildcardHostPermission', 'ignore'],
-    ['chronoAnomaly', 'ignore'],
-    ['compromisedSSHKey', 'ignore'],
-    ['copyleftLicense', 'ignore'],
-    ['cve', 'ignore'],
-    ['debugAccess', 'ignore'],
-    ['deprecatedLicense', 'ignore'],
-    ['deprecatedException', 'ignore'],
-    ['dynamicRequire', 'ignore'],
-    ['emptyPackage', 'ignore'],
-    ['envVars', 'ignore'],
-    ['explicitlyUnlicensedItem', 'ignore'],
-    ['extraneousDependency', 'ignore'],
-    ['fileDependency', 'ignore'],
-    ['filesystemAccess', 'ignore'],
-    ['floatingDependency', 'ignore'],
-    ['gitHubDependency', 'ignore'],
-    ['gptAnomaly', 'ignore'],
-    ['gptDidYouMean', 'ignore'],
-    ['gptMalware', 'ignore'],
-    ['gptSecurity', 'ignore'],
-    ['hasNativeCode', 'ignore'],
-    ['highEntropyStrings', 'ignore'],
-    ['homoglyphs', 'ignore'],
-    ['installScripts', 'ignore'],
-    ['invalidPackageJSON', 'ignore'],
-    ['invisibleChars', 'ignore'],
-    ['licenseChange', 'ignore'],
-    ['licenseException', 'ignore'],
-    ['longStrings', 'ignore'],
-    ['majorRefactor', 'ignore'],
-    ['manifestConfusion', 'ignore'],
-    ['minifiedFile', 'ignore'],
-    ['miscLicenseIssues', 'ignore'],
-    ['missingAuthor', 'ignore'],
-    ['missingDependency', 'ignore'],
-    ['missingLicense', 'ignore'],
-    ['missingTarball', 'ignore'],
-    ['mixedLicense', 'ignore'],
-    ['modifiedException', 'ignore'],
-    ['modifiedLicense', 'ignore'],
-    ['networkAccess', 'ignore'],
-    ['newAuthor', 'ignore'],
-    ['noAuthorData', 'ignore'],
-    ['noBugTracker', 'ignore'],
-    ['noLicenseFound', 'ignore'],
-    ['noREADME', 'ignore'],
-    ['noRepository', 'ignore'],
-    ['noTests', 'ignore'],
-    ['noV1', 'ignore'],
-    ['noWebsite', 'ignore'],
-    ['nonOSILicense', 'ignore'],
-    ['nonSPDXLicense', 'ignore'],
-    ['nonpermissiveLicense', 'ignore'],
-    ['notice', 'ignore'],
-    ['obfuscatedRequire', 'ignore'],
-    ['peerDependency', 'ignore'],
-    ['potentialVulnerability', 'ignore'],
-    ['semverAnomaly', 'ignore'],
-    ['shellAccess', 'ignore'],
-    ['shellScriptOverride', 'ignore'],
-    ['socketUpgradeAvailable', 'ignore'],
-    ['suspiciousStarActivity', 'ignore'],
-    ['suspiciousString', 'ignore'],
-    ['trivialPackage', 'ignore'],
-    ['typeModuleCompatibility', 'ignore'],
-    ['uncaughtOptionalDependency', 'ignore'],
-    ['unclearLicense', 'ignore'],
-    ['unidentifiedLicense', 'ignore'],
-    ['unmaintained', 'ignore'],
-    ['unpublished', 'ignore'],
-    ['unresolvedRequire', 'ignore'],
-    ['unsafeCopyright', 'ignore'],
-    ['unusedDependency', 'ignore'],
-    ['urlStrings', 'ignore'],
-    ['usesEval', 'ignore'],
-    ['zeroWidth', 'ignore'],
-]);
+const publicPolicy = new Map([
+// error (1):
+['malware', 'error'],
+// warn (7):
+['criticalCVE', 'warn'], ['didYouMean', 'warn'], ['gitDependency', 'warn'], ['httpDependency', 'warn'], ['licenseSpdxDisj', 'warn'], ['obfuscatedFile', 'warn'], ['troll', 'warn'],
+// monitor (7):
+['deprecated', 'monitor'], ['mediumCVE', 'monitor'], ['mildCVE', 'monitor'], ['shrinkwrap', 'monitor'], ['telemetry', 'monitor'], ['unpopularPackage', 'monitor'], ['unstableOwnership', 'monitor'],
+// ignore (85):
+['ambiguousClassifier', 'ignore'], ['badEncoding', 'ignore'], ['badSemver', 'ignore'], ['badSemverDependency', 'ignore'], ['bidi', 'ignore'], ['binScriptConfusion', 'ignore'], ['chromeContentScript', 'ignore'], ['chromeHostPermission', 'ignore'], ['chromePermission', 'ignore'], ['chromeWildcardHostPermission', 'ignore'], ['chronoAnomaly', 'ignore'], ['compromisedSSHKey', 'ignore'], ['copyleftLicense', 'ignore'], ['cve', 'ignore'], ['debugAccess', 'ignore'], ['deprecatedLicense', 'ignore'], ['deprecatedException', 'ignore'], ['dynamicRequire', 'ignore'], ['emptyPackage', 'ignore'], ['envVars', 'ignore'], ['explicitlyUnlicensedItem', 'ignore'], ['extraneousDependency', 'ignore'], ['fileDependency', 'ignore'], ['filesystemAccess', 'ignore'], ['floatingDependency', 'ignore'], ['gitHubDependency', 'ignore'], ['gptAnomaly', 'ignore'], ['gptDidYouMean', 'ignore'], ['gptMalware', 'ignore'], ['gptSecurity', 'ignore'], ['hasNativeCode', 'ignore'], ['highEntropyStrings', 'ignore'], ['homoglyphs', 'ignore'], ['installScripts', 'ignore'], ['invalidPackageJSON', 'ignore'], ['invisibleChars', 'ignore'], ['licenseChange', 'ignore'], ['licenseException', 'ignore'], ['longStrings', 'ignore'], ['majorRefactor', 'ignore'], ['manifestConfusion', 'ignore'], ['minifiedFile', 'ignore'], ['miscLicenseIssues', 'ignore'], ['missingAuthor', 'ignore'], ['missingDependency', 'ignore'], ['missingLicense', 'ignore'], ['missingTarball', 'ignore'], ['mixedLicense', 'ignore'], ['modifiedException', 'ignore'], ['modifiedLicense', 'ignore'], ['networkAccess', 'ignore'], ['newAuthor', 'ignore'], ['noAuthorData', 'ignore'], ['noBugTracker', 'ignore'], ['noLicenseFound', 'ignore'], ['noREADME', 'ignore'], ['noRepository', 'ignore'], ['noTests', 'ignore'], ['noV1', 'ignore'], ['noWebsite', 'ignore'], ['nonOSILicense', 'ignore'], ['nonSPDXLicense', 'ignore'], ['nonpermissiveLicense', 'ignore'], ['notice', 'ignore'], ['obfuscatedRequire', 'ignore'], ['peerDependency', 'ignore'], ['potentialVulnerability', 'ignore'], ['semverAnomaly', 'ignore'], ['shellAccess', 'ignore'], ['shellScriptOverride', 'ignore'], ['socketUpgradeAvailable', 'ignore'], ['suspiciousStarActivity', 'ignore'], ['suspiciousString', 'ignore'], ['trivialPackage', 'ignore'], ['typeModuleCompatibility', 'ignore'], ['uncaughtOptionalDependency', 'ignore'], ['unclearLicense', 'ignore'], ['unidentifiedLicense', 'ignore'], ['unmaintained', 'ignore'], ['unpublished', 'ignore'], ['unresolvedRequire', 'ignore'], ['unsafeCopyright', 'ignore'], ['unusedDependency', 'ignore'], ['urlStrings', 'ignore'], ['usesEval', 'ignore'], ['zeroWidth', 'ignore']]);
+
+exports.DEFAULT_USER_AGENT = DEFAULT_USER_AGENT;
+exports.httpAgentNames = httpAgentNames;
+exports.publicPolicy = publicPolicy;

package/dist/file-upload.js

@@ -1,49 +1,41 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createRequestBodyForFilepaths = createRequestBodyForFilepaths;
-exports.createRequestBodyForJson = createRequestBodyForJson;
-exports.createUploadRequest = createUploadRequest;
+'use strict';
+
+var events = require('node:events');
+var node_fs = require('node:fs');
+var path$1 = require('node:path');
+var node_stream = require('node:stream');
+var path = require('@socketsecurity/registry/lib/path');
+var httpClient = require('./http-client.js');
+
 /** @fileoverview File upload utilities for Socket API with multipart form data support. */
-const node_events_1 = __importDefault(require("node:events"));
-const node_fs_1 = require("node:fs");
-const node_path_1 = __importDefault(require("node:path"));
-const node_stream_1 = require("node:stream");
-const path_1 = require("@socketsecurity/registry/lib/path");
-const http_client_1 = require("./http-client");
 /**
  * Create multipart form-data body parts for file uploads.
  * Converts file paths to readable streams with proper multipart headers.
  */
 function createRequestBodyForFilepaths(filepaths, basePath) {
-    const requestBody = [];
-    for (const absPath of filepaths) {
-        const relPath = (0, path_1.normalizePath)(node_path_1.default.relative(basePath, absPath));
-        const filename = node_path_1.default.basename(absPath);
-        requestBody.push([
-            `Content-Disposition: form-data; name="${relPath}"; filename="${filename}"\r\n`,
-            'Content-Type: application/octet-stream\r\n\r\n',
-            (0, node_fs_1.createReadStream)(absPath, { highWaterMark: 1024 * 1024 }),
-        ]);
-    }
-    return requestBody;
+  const requestBody = [];
+  for (const absPath of filepaths) {
+    const relPath = path.normalizePath(path$1.relative(basePath, absPath));
+    const filename = path$1.basename(absPath);
+    requestBody.push([`Content-Disposition: form-data; name="${relPath}"; filename="${filename}"\r\n`, 'Content-Type: application/octet-stream\r\n\r\n', node_fs.createReadStream(absPath, {
+      highWaterMark: 1024 * 1024
+    })]);
+  }
+  return requestBody;
 }
+
 /**
  * Create multipart form-data body part for JSON data.
  * Converts JSON object to readable stream with appropriate headers.
  */
 function createRequestBodyForJson(jsonData, basename = 'data.json') {
-    const ext = node_path_1.default.extname(basename);
-    const name = node_path_1.default.basename(basename, ext);
-    return [
-        `Content-Disposition: form-data; name="${name}"; filename="${basename}"\r\n` +
-            'Content-Type: application/json\r\n\r\n',
-        node_stream_1.Readable.from(JSON.stringify(jsonData), { highWaterMark: 1024 * 1024 }),
-        '\r\n',
-    ];
+  const ext = path$1.extname(basename);
+  const name = path$1.basename(basename, ext);
+  return [`Content-Disposition: form-data; name="${name}"; filename="${basename}"\r\n` + 'Content-Type: application/json\r\n\r\n', node_stream.Readable.from(JSON.stringify(jsonData), {
+    highWaterMark: 1024 * 1024
+  }), '\r\n'];
 }
+
 /**
  * Create and execute a multipart/form-data upload request.
  * Streams large files efficiently with backpressure handling and early server validation.
@@ -51,101 +43,100 @@ function createRequestBodyForJson(jsonData, basename = 'data.json') {
  * @throws {Error} When network errors occur or stream processing fails
  */
 async function createUploadRequest(baseUrl, urlPath, requestBodyNoBoundaries, options) {
-    // This function constructs and sends a multipart/form-data HTTP POST request
-    // where each part is streamed to the server. It supports string payloads
-    // and readable streams (e.g., large file uploads).
-    // The body is streamed manually with proper backpressure support to avoid
-    // overwhelming Node.js memory (i.e., avoiding out-of-memory crashes for large inputs).
-    // We call `flushHeaders()` early to ensure headers are sent before body transmission
-    // begins. If the server rejects the request (e.g., bad org or auth), it will likely
-    // respond immediately. We listen for that response while still streaming the body.
-    //
-    // This protects against cases where the server closes the connection (EPIPE/ECONNRESET)
-    // mid-stream, which would otherwise cause hard-to-diagnose failures during file upload.
-    //
-    // Example failure this mitigates: `socket scan create --org badorg`
-    // eslint-disable-next-line no-async-promise-executor
-    return await new Promise(async (pass, fail) => {
-        const boundary = `NodeMultipartBoundary${Date.now()}`;
-        const boundarySep = `--${boundary}\r\n`;
-        const finalBoundary = `--${boundary}--\r\n`;
-        const requestBody = [
-            ...requestBodyNoBoundaries.flatMap(part => [
-                boundarySep,
-                /* c8 ignore next - Array.isArray branch for part is defensive coding for edge cases. */
-                ...(Array.isArray(part) ? part : [part]),
-            ]),
-            finalBoundary,
-        ];
-        const url = new URL(urlPath, baseUrl);
-        const req = (0, http_client_1.getHttpModule)(baseUrl).request(url, {
-            method: 'POST',
-            ...options,
-            headers: {
-                ...options?.headers,
-                'Content-Type': `multipart/form-data; boundary=${boundary}`,
-            },
-        });
-        // Send headers early to prompt server validation (auth, URL, quota, etc.).
-        req.flushHeaders();
-        // Concurrently wait for response while we stream body.
-        (0, http_client_1.getResponse)(req).then(pass, fail);
-        let aborted = false;
-        req.on('error', () => (aborted = true));
-        req.on('close', () => (aborted = true));
-        try {
-            for (const part of requestBody) {
-                /* c8 ignore next 3 - aborted state is difficult to test reliably */
-                if (aborted) {
-                    break;
-                }
-                if (typeof part === 'string') {
-                    /* c8 ignore next 5 - backpressure handling requires specific stream conditions */
-                    if (!req.write(part)) {
-                        // Wait for 'drain' if backpressure is signaled.
-                        // eslint-disable-next-line no-await-in-loop
-                        await node_events_1.default.once(req, 'drain');
-                    }
-                }
-                else if (typeof part?.pipe === 'function') {
-                    // Stream data chunk-by-chunk with backpressure support.
-                    const stream = part;
-                    // eslint-disable-next-line no-await-in-loop
-                    for await (const chunk of stream) {
-                        /* c8 ignore next 3 - aborted state during streaming is difficult to test reliably */
-                        if (aborted) {
-                            break;
-                        }
-                        /* c8 ignore next 3 - backpressure handling requires specific stream conditions */
-                        if (!req.write(chunk)) {
-                            await node_events_1.default.once(req, 'drain');
-                        }
-                    }
-                    // Ensure trailing CRLF after file part.
-                    /* c8 ignore next 4 - trailing CRLF backpressure handling is edge case */
-                    if (!aborted && !req.write('\r\n')) {
-                        // eslint-disable-next-line no-await-in-loop
-                        await node_events_1.default.once(req, 'drain');
-                    }
-                    // Cleanup stream to free memory buffers.
-                    if (typeof part.destroy === 'function') {
-                        part.destroy();
-                    }
-                    /* c8 ignore next 3 - defensive check for non-string/stream types */
-                }
-                else {
-                    throw new TypeError('Expected "string" or "stream" type');
-                }
-            }
-        }
-        catch (e) {
-            req.destroy(e);
-            fail(e);
+  // This function constructs and sends a multipart/form-data HTTP POST request
+  // where each part is streamed to the server. It supports string payloads
+  // and readable streams (e.g., large file uploads).
+
+  // The body is streamed manually with proper backpressure support to avoid
+  // overwhelming Node.js memory (i.e., avoiding out-of-memory crashes for large inputs).
+
+  // We call `flushHeaders()` early to ensure headers are sent before body transmission
+  // begins. If the server rejects the request (e.g., bad org or auth), it will likely
+  // respond immediately. We listen for that response while still streaming the body.
+  //
+  // This protects against cases where the server closes the connection (EPIPE/ECONNRESET)
+  // mid-stream, which would otherwise cause hard-to-diagnose failures during file upload.
+  //
+  // Example failure this mitigates: `socket scan create --org badorg`
+
+  // eslint-disable-next-line no-async-promise-executor
+  return await new Promise(async (pass, fail) => {
+    const boundary = `NodeMultipartBoundary${Date.now()}`;
+    const boundarySep = `--${boundary}\r\n`;
+    const finalBoundary = `--${boundary}--\r\n`;
+    const requestBody = [...requestBodyNoBoundaries.flatMap(part => [boundarySep, /* c8 ignore next - Array.isArray branch for part is defensive coding for edge cases. */
+    ...(Array.isArray(part) ? part : [part])]), finalBoundary];
+    const url = new URL(urlPath, baseUrl);
+    const req = httpClient.getHttpModule(baseUrl).request(url, {
+      method: 'POST',
+      ...options,
+      headers: {
+        ...options?.headers,
+        'Content-Type': `multipart/form-data; boundary=${boundary}`
+      }
+    });
+
+    // Send headers early to prompt server validation (auth, URL, quota, etc.).
+    req.flushHeaders();
+
+    // Concurrently wait for response while we stream body.
+    httpClient.getResponse(req).then(pass, fail);
+    let aborted = false;
+    req.on('error', () => aborted = true);
+    req.on('close', () => aborted = true);
+    try {
+      for (const part of requestBody) {
+        /* c8 ignore next 3 - aborted state is difficult to test reliably */
+        if (aborted) {
+          break;
         }
-        finally {
-            if (!aborted) {
-                req.end();
+        if (typeof part === 'string') {
+          /* c8 ignore next 5 - backpressure handling requires specific stream conditions */
+          if (!req.write(part)) {
+            // Wait for 'drain' if backpressure is signaled.
+            // eslint-disable-next-line no-await-in-loop
+            await events.once(req, 'drain');
+          }
+        } else if (typeof part?.pipe === 'function') {
+          // Stream data chunk-by-chunk with backpressure support.
+          const stream = part;
+          // eslint-disable-next-line no-await-in-loop
+          for await (const chunk of stream) {
+            /* c8 ignore next 3 - aborted state during streaming is difficult to test reliably */
+            if (aborted) {
+              break;
             }
+            /* c8 ignore next 3 - backpressure handling requires specific stream conditions */
+            if (!req.write(chunk)) {
+              await events.once(req, 'drain');
+            }
+          }
+          // Ensure trailing CRLF after file part.
+          /* c8 ignore next 4 - trailing CRLF backpressure handling is edge case */
+          if (!aborted && !req.write('\r\n')) {
+            // eslint-disable-next-line no-await-in-loop
+            await events.once(req, 'drain');
+          }
+          // Cleanup stream to free memory buffers.
+          if (typeof part.destroy === 'function') {
+            part.destroy();
+          }
+          /* c8 ignore next 3 - defensive check for non-string/stream types */
+        } else {
+          throw new TypeError('Expected "string" or "stream" type');
         }
-    });
+      }
+    } catch (e) {
+      req.destroy(e);
+      fail(e);
+    } finally {
+      if (!aborted) {
+        req.end();
+      }
+    }
+  });
 }
+
+exports.createRequestBodyForFilepaths = createRequestBodyForFilepaths;
+exports.createRequestBodyForJson = createRequestBodyForJson;
+exports.createUploadRequest = createUploadRequest;

package/dist/http-client.d.ts

@@ -28,6 +28,7 @@ export declare function createDeleteRequest(baseUrl: string, urlPath: string, op
 /**
  * Create and execute an HTTP GET request.
  * Returns the response stream for further processing.
+ * Performance tracking enabled with DEBUG=perf.
  *
  * @throws {Error} When network or timeout errors occur
  */
@@ -35,6 +36,7 @@ export declare function createGetRequest(baseUrl: string, urlPath: string, optio
 /**
  * Create and execute an HTTP request with JSON payload.
  * Automatically sets appropriate content headers and serializes the body.
+ * Performance tracking enabled with DEBUG=perf.
  *
  * @throws {Error} When network or timeout errors occur
  */
@@ -61,6 +63,7 @@ export declare function getResponse(req: ClientRequest): Promise<IncomingMessage
 /**
  * Parse HTTP response body as JSON.
  * Validates response status and handles empty responses gracefully.
+ * Performance tracking enabled with DEBUG=perf.
  *
  * @throws {ResponseError} When response has non-2xx status code
  * @throws {SyntaxError} When response body contains invalid JSON