@socketsecurity/sdk 1.11.2 → 2.0.2

package/CHANGELOG.md

@@ -4,6 +4,48 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [2.0.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.2) - 2025-10-22
+
+### Fixed
+- Ensured expected dist/ files are produced and refined package.json exports
+
+## [2.0.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.1) - 2025-10-21
+
+### Changed
+- Use `@socketsecurity/lib` under the hood
+- Synced OpenAPI type definitions with latest API specification
+  - Added documentation for `scan_type` query parameter on manifest upload endpoint (used for categorizing multiple SBOM heads per repository branch)
+  - Improved TypeScript helper types (`OpReturnType`, `OpErrorType`) for better type inference and error handling
+
+## [2.0.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.0) - 2025-10-10
+
+### Changed
+- **BREAKING**: Migrated to ESM-only module format
+  - Package is now ESM-only (`"type": "module"` in package.json)
+  - All output files use `.mjs` extension for JavaScript
+  - TypeScript declaration files use `.d.mts` extension
+  - CommonJS (`require()`) is no longer supported
+- Simplified build process for ESM-only output
+- Updated TypeScript configuration to use ESM module resolution
+- Improved code splitting for better tree-shaking with ESM
+
+### Removed
+- **BREAKING**: Removed CommonJS support and exports
+- Removed CommonJS-specific build configurations
+
+### Migration Guide
+To migrate from v1.x to v2.0:
+1. Ensure your project supports ESM modules (Node.js 14+ with `"type": "module"` or `.mjs` extensions)
+2. Update imports from CommonJS `require()` to ESM `import` statements:
+   ```javascript
+   // Before (v1.x)
+   const { SocketSdk } = require('@socketsecurity/sdk');
+
+   // After (v2.0)
+   import { SocketSdk } from '@socketsecurity/sdk';
+   ```
+3. If your project still requires CommonJS, consider staying on v1.x or using a transpiler
+
 ## [1.11.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.11.2) - 2025-10-07
 
 ### Fixed

package/README.md

@@ -6,7 +6,7 @@
 [![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)
 [![Follow @socket.dev on Bluesky](https://img.shields.io/badge/Follow-@socket.dev-1DA1F2?style=social&logo=bluesky)](https://bsky.app/profile/socket.dev)
 
-Official SDK for [Socket.dev](https://socket.dev/) - Programmatic access to security analysis, vulnerability scanning, and compliance monitoring for your software supply chain.
+JavaScript SDK for [Socket.dev](https://socket.dev/) API - Security analysis, vulnerability scanning, and compliance monitoring for software supply chains.
 
 ## Installation
 
@@ -14,6 +14,8 @@ Official SDK for [Socket.dev](https://socket.dev/) - Programmatic access to secu
 pnpm add @socketsecurity/sdk
 ```
 
+**Note:** Version 2.0+ is ESM-only. For CommonJS support, use version 1.x.
+
 ## Quick Start
 
 ```typescript
@@ -46,137 +48,107 @@ const batchResult = await client.batchPackageFetch({
 })
 ```
 
-**[→ Configuration Options](./docs/API.md#configuration)**
+**[→ Configuration](./docs/guides/api-reference.md#configuration)**
 
 ## API Methods
 
-<details>
-<summary><strong>Package Analysis</strong> - Quick security checks</summary>
+### Package Analysis
 
-`batchPackageFetch()` • `batchPackageStream()` • `getIssuesByNpmPackage()` • `getScoreByNpmPackage()`
+Quick security checks: `batchPackageFetch()` • `batchPackageStream()` • `getIssuesByNpmPackage()` • `getScoreByNpmPackage()`
 
-[→ Documentation](./docs/API.md#package-analysis)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#package-analysis)
 
-<details>
-<summary><strong>Scanning & Analysis</strong> - Project scanning</summary>
+### Scanning & Analysis
 
-`createDependenciesSnapshot()` • `createOrgFullScan()` • `createScanFromFilepaths()` • `getScan()` • `getScanList()` • `getSupportedScanFiles()`
+Project scanning: `createDependenciesSnapshot()` • `createOrgFullScan()` • `createScanFromFilepaths()` • `getScan()` • `getScanList()` • `getSupportedScanFiles()`
 
-[→ Documentation](./docs/API.md#scanning--analysis)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#scanning--analysis)
 
-<details>
-<summary><strong>Organization Management</strong> - Orgs and repos</summary>
+### Organization Management
 
-`getOrganizations()` • `createOrgRepo()` • `getOrgRepo()` • `getOrgRepoList()` • `updateOrgRepo()` • `deleteOrgRepo()`
+Organizations and repositories: `getOrganizations()` • `createOrgRepo()` • `getOrgRepo()` • `getOrgRepoList()` • `updateOrgRepo()` • `deleteOrgRepo()`
 
-[→ Documentation](./docs/API.md#organization-management)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#organization-management)
 
-<details>
-<summary><strong>Policy & Settings</strong> - Security configuration</summary>
+### Policy & Settings
 
-`getOrgSecurityPolicy()` • `updateOrgSecurityPolicy()` • `getOrgLicensePolicy()` • `updateOrgLicensePolicy()` • `postSettings()`
+Security configuration: `getOrgSecurityPolicy()` • `updateOrgSecurityPolicy()` • `getOrgLicensePolicy()` • `updateOrgLicensePolicy()` • `postSettings()`
 
-[→ Documentation](./docs/API.md#policy--settings)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#policy--settings)
 
-<details>
-<summary><strong>Full Scan Management</strong> - Deep analysis</summary>
+### Full Scan Management
 
-`getOrgFullScanList()` • `getOrgFullScanMetadata()` • `getOrgFullScanBuffered()` • `streamOrgFullScan()` • `deleteOrgFullScan()`
+Deep analysis: `getOrgFullScanList()` • `getOrgFullScanMetadata()` • `getOrgFullScanBuffered()` • `streamOrgFullScan()` • `deleteOrgFullScan()`
 
-[→ Documentation](./docs/API.md#full-scan-management)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#full-scan-management)
 
-<details>
-<summary><strong>Diff Scans</strong> - Compare scans</summary>
+### Diff Scans
 
-`createOrgDiffScanFromIds()` • `getDiffScanById()` • `listOrgDiffScans()` • `deleteOrgDiffScan()`
+Scan comparison: `createOrgDiffScanFromIds()` • `getDiffScanById()` • `listOrgDiffScans()` • `deleteOrgDiffScan()`
 
-[→ Documentation](./docs/API.md#diff-scans)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#diff-scans)
 
-<details>
-<summary><strong>Patches & Vulnerabilities</strong> - Security fixes</summary>
+### Patches & Vulnerabilities
 
-`streamPatchesFromScan()` • `viewPatch()`
+Security fixes: `streamPatchesFromScan()` • `viewPatch()`
 
-[→ Documentation](./docs/API.md#patches--vulnerabilities)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#patches--vulnerabilities)
 
-<details>
-<summary><strong>Alert & Triage</strong> - Alert management</summary>
+### Alert & Triage
 
-`getOrgTriage()` • `updateOrgAlertTriage()`
+Alert management: `getOrgTriage()` • `updateOrgAlertTriage()`
 
-[→ Documentation](./docs/API.md#alert--triage)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#alert--triage)
 
-<details>
-<summary><strong>Export & Integration</strong> - SBOM export</summary>
+### Export & Integration
 
-`exportCDX()` • `exportSPDX()` • `searchDependencies()` • `uploadManifestFiles()`
+SBOM export: `exportCDX()` • `exportSPDX()` • `searchDependencies()` • `uploadManifestFiles()`
 
-[→ Documentation](./docs/API.md#export--integration)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#export--integration)
 
-<details>
-<summary><strong>Repository Labels</strong> - Categorization</summary>
+### Repository Labels
 
-`createOrgRepoLabel()` • `getOrgRepoLabel()` • `getOrgRepoLabelList()` • `updateOrgRepoLabel()` • `deleteOrgRepoLabel()`
+Categorization: `createOrgRepoLabel()` • `getOrgRepoLabel()` • `getOrgRepoLabelList()` • `updateOrgRepoLabel()` • `deleteOrgRepoLabel()`
 
-[→ Documentation](./docs/API.md#repository-labels)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#repository-labels)
 
-<details>
-<summary><strong>Analytics & Monitoring</strong> - Usage metrics</summary>
+### Analytics & Monitoring
 
-`getQuota()` • `getOrgAnalytics()` • `getRepoAnalytics()` • `getAuditLogEvents()`
+Usage metrics: `getQuota()` • `getOrgAnalytics()` • `getRepoAnalytics()` • `getAuditLogEvents()`
 
-[→ Documentation](./docs/API.md#analytics--monitoring)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#analytics--monitoring)
 
-<details>
-<summary><strong>Authentication & Access</strong> - API tokens</summary>
+### Authentication & Access
 
-`getAPITokens()` • `postAPIToken()` • `postAPITokensRotate()` • `postAPITokensRevoke()` • `postAPITokenUpdate()`
+API tokens: `getAPITokens()` • `postAPIToken()` • `postAPITokensRotate()` • `postAPITokensRevoke()` • `postAPITokenUpdate()`
 
-[→ Documentation](./docs/API.md#authentication--access)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#authentication--access)
 
-<details>
-<summary><strong>Entitlements</strong> - Feature access</summary>
+### Entitlements
 
-`getEnabledEntitlements()` • `getEntitlements()`
+Feature access: `getEnabledEntitlements()` • `getEntitlements()`
 
-[→ Documentation](./docs/API.md#entitlements)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#entitlements)
 
-<details>
-<summary><strong>Quota Utilities</strong> - Cost helpers</summary>
+### Quota Utilities
 
-`getQuotaCost()` • `getRequiredPermissions()` • `calculateTotalQuotaCost()` • `hasQuotaForMethods()` • `getMethodsByQuotaCost()` • `getMethodsByPermissions()` • `getQuotaUsageSummary()` • `getAllMethodRequirements()`
+Cost helpers: `getQuotaCost()` • `getRequiredPermissions()` • `calculateTotalQuotaCost()` • `hasQuotaForMethods()` • `getMethodsByQuotaCost()` • `getMethodsByPermissions()` • `getQuotaUsageSummary()` • `getAllMethodRequirements()`
 
-[→ Documentation](./docs/QUOTA.md)
-</details>
+[→ Documentation](./docs/guides/quota-management.md)
 
-<details>
-<summary><strong>Advanced Query Methods</strong> - Raw API</summary>
+### Advanced Query Methods
 
-`getApi()` • `sendApi()`
+Raw API access: `getApi()` • `sendApi()`
 
-[→ Documentation](./docs/API.md#advanced-query-methods)
-</details>
+[→ Documentation](./docs/guides/api-reference.md#advanced-query-methods)
 
-**[→ Complete API Reference](./docs/API.md)**
+**[→ API Reference](./docs/guides/api-reference.md)**
 
-**[→ Usage Examples](./docs/EXAMPLES.md)**
+**[→ Examples](./docs/guides/usage-examples.md)**
 
-**[→ Quota Management](./docs/QUOTA.md)** - Cost tiers: 0 units (free), 10 units (standard), 100 units (batch/uploads)
+**[→ Quota Management](./docs/guides/quota-management.md)** - Cost tiers: 0 (free), 10 (standard), 100 (batch/uploads)
 
-**[→ Testing Utilities](./docs/TESTING.md)** - Mock factories, fixtures, and type guards for SDK testing
+**[→ Testing Utilities](./docs/guides/dev/testing.md)** - Mock factories, fixtures, type guards
 
 ## See Also
 

package/dist/constants.d.ts

@@ -1,4 +1,12 @@
 import type { ALERT_ACTION } from './types';
 export declare const DEFAULT_USER_AGENT: string;
+export declare const DEFAULT_HTTP_TIMEOUT = 30000;
+export declare const DEFAULT_RETRIES = 3;
+export declare const DEFAULT_RETRY_DELAY = 1000;
+export declare const MAX_HTTP_TIMEOUT: number;
+export declare const MIN_HTTP_TIMEOUT = 5000;
+export declare const MAX_RESPONSE_SIZE: number;
+export declare const MAX_STREAM_SIZE: number;
+export declare const SOCKET_PUBLIC_BLOB_STORE_URL = "https://socketusercontent.com";
 export declare const httpAgentNames: Set<string>;
-export declare const publicPolicy: Map<"ambiguousClassifier" | "badEncoding" | "badSemver" | "badSemverDependency" | "bidi" | "binScriptConfusion" | "chromeContentScript" | "chromeHostPermission" | "chromePermission" | "chromeWildcardHostPermission" | "chronoAnomaly" | "compromisedSSHKey" | "copyleftLicense" | "criticalCVE" | "cve" | "debugAccess" | "deprecated" | "deprecatedException" | "deprecatedLicense" | "didYouMean" | "dynamicRequire" | "emptyPackage" | "envVars" | "explicitlyUnlicensedItem" | "extraneousDependency" | "fileDependency" | "filesystemAccess" | "floatingDependency" | "generic" | "gitDependency" | "gitHubDependency" | "gptAnomaly" | "gptDidYouMean" | "gptMalware" | "gptSecurity" | "hasNativeCode" | "highEntropyStrings" | "homoglyphs" | "httpDependency" | "installScripts" | "invalidPackageJSON" | "invisibleChars" | "licenseChange" | "licenseException" | "licenseSpdxDisj" | "longStrings" | "majorRefactor" | "malware" | "manifestConfusion" | "mediumCVE" | "mildCVE" | "minifiedFile" | "miscLicenseIssues" | "missingAuthor" | "missingDependency" | "missingLicense" | "missingTarball" | "mixedLicense" | "modifiedException" | "modifiedLicense" | "networkAccess" | "newAuthor" | "noAuthorData" | "noBugTracker" | "noLicenseFound" | "noREADME" | "noRepository" | "noTests" | "noV1" | "noWebsite" | "nonOSILicense" | "nonSPDXLicense" | "nonpermissiveLicense" | "notice" | "obfuscatedFile" | "obfuscatedRequire" | "peerDependency" | "potentialVulnerability" | "semverAnomaly" | "shellAccess" | "shellScriptOverride" | "shrinkwrap" | "socketUpgradeAvailable" | "suspiciousStarActivity" | "suspiciousString" | "telemetry" | "trivialPackage" | "troll" | "typeModuleCompatibility" | "uncaughtOptionalDependency" | "unclearLicense" | "unidentifiedLicense" | "unmaintained" | "unpopularPackage" | "unpublished" | "unresolvedRequire" | "unsafeCopyright" | "unstableOwnership" | "unusedDependency" | "urlStrings" | "usesEval" | "vsxActivationWildcard" | "vsxDebuggerContribution" | "vsxExtensionDependency" | "vsxExtensionPack" | "vsxProposedApiUsage" | "vsxUntrustedWorkspaceSupported" | "vsxVirtualWorkspaceSupported" | "vsxWebviewContribution" | "vsxWorkspaceContainsActivation" | "zeroWidth", ALERT_ACTION>;
+export declare const publicPolicy: Map<"ambiguousClassifier" | "badEncoding" | "badSemver" | "badSemverDependency" | "bidi" | "binScriptConfusion" | "chromeContentScript" | "chromeHostPermission" | "chromePermission" | "chromeWildcardHostPermission" | "chronoAnomaly" | "compromisedSSHKey" | "copyleftLicense" | "criticalCVE" | "cve" | "debugAccess" | "deprecated" | "deprecatedException" | "deprecatedLicense" | "didYouMean" | "dynamicRequire" | "emptyPackage" | "envVars" | "explicitlyUnlicensedItem" | "extraneousDependency" | "fileDependency" | "filesystemAccess" | "floatingDependency" | "generic" | "ghaArgToEnv" | "ghaArgToOutput" | "ghaArgToSink" | "ghaContextToEnv" | "ghaContextToOutput" | "ghaContextToSink" | "ghaEnvToSink" | "gitDependency" | "gitHubDependency" | "gptAnomaly" | "gptDidYouMean" | "gptMalware" | "gptSecurity" | "hasNativeCode" | "highEntropyStrings" | "homoglyphs" | "httpDependency" | "installScripts" | "invalidPackageJSON" | "invisibleChars" | "licenseChange" | "licenseException" | "licenseSpdxDisj" | "longStrings" | "majorRefactor" | "malware" | "manifestConfusion" | "mediumCVE" | "mildCVE" | "minifiedFile" | "miscLicenseIssues" | "missingAuthor" | "missingDependency" | "missingLicense" | "missingTarball" | "mixedLicense" | "modifiedException" | "modifiedLicense" | "networkAccess" | "newAuthor" | "noAuthorData" | "noBugTracker" | "noLicenseFound" | "noREADME" | "noRepository" | "noTests" | "noV1" | "noWebsite" | "nonOSILicense" | "nonSPDXLicense" | "nonpermissiveLicense" | "notice" | "obfuscatedFile" | "obfuscatedRequire" | "peerDependency" | "potentialVulnerability" | "semverAnomaly" | "shellAccess" | "shellScriptOverride" | "shrinkwrap" | "socketUpgradeAvailable" | "suspiciousStarActivity" | "suspiciousString" | "telemetry" | "trivialPackage" | "troll" | "typeModuleCompatibility" | "uncaughtOptionalDependency" | "unclearLicense" | "unidentifiedLicense" | "unmaintained" | "unpopularPackage" | "unpublished" | "unresolvedRequire" | "unsafeCopyright" | "unstableOwnership" | "unusedDependency" | "urlStrings" | "usesEval" | "vsxActivationWildcard" | "vsxDebuggerContribution" | "vsxExtensionDependency" | "vsxExtensionPack" | "vsxProposedApiUsage" | "vsxUntrustedWorkspaceSupported" | "vsxVirtualWorkspaceSupported" | "vsxWebviewContribution" | "vsxWorkspaceContainsActivation" | "zeroWidth", ALERT_ACTION>;

package/dist/http-client.d.ts

@@ -44,8 +44,10 @@ export declare function createRequestWithJson(method: SendMethod, baseUrl: strin
 /**
  * Read the response body from an HTTP error response.
  * Accumulates all chunks into a complete string for error handling.
+ * Enforces maximum response size to prevent memory exhaustion.
  *
  * @throws {Error} When stream errors occur during reading
+ * @throws {Error} When response exceeds maximum size limit
  */
 export declare function getErrorResponseBody(response: IncomingMessage): Promise<string>;
 /**
@@ -68,7 +70,7 @@ export declare function getResponse(req: ClientRequest): Promise<IncomingMessage
  * @throws {ResponseError} When response has non-2xx status code
  * @throws {SyntaxError} When response body contains invalid JSON
  */
-export declare function getResponseJson(response: IncomingMessage, method?: string | undefined): Promise<import("@socketsecurity/registry/lib/json").JsonValue | undefined>;
+export declare function getResponseJson(response: IncomingMessage, method?: string | undefined): Promise<import("@socketsecurity/lib/json").JsonValue | undefined>;
 /**
  * Check if HTTP response has a successful status code (2xx range).
  * Returns true for status codes between 200-299, false otherwise.

package/dist/socket-sdk-class.d.ts

@@ -419,4 +419,29 @@ export declare class SocketSdk {
      * vulnerabilities, description, license, and tier information.
      */
     viewPatch(orgSlug: string, uuid: string): Promise<PatchViewResponse>;
+    /**
+     * Download patch file content by hash.
+     *
+     * Downloads the actual patched file content from the public Socket blob store.
+     * This is used after calling viewPatch() to get the patch metadata.
+     * No authentication is required as patch blobs are publicly accessible.
+     *
+     * @param hash - The blob hash in SSRI (sha256-base64) or hex format
+     * @param options - Optional configuration
+     * @param options.baseUrl - Override blob store URL (for testing)
+     * @returns Promise<string> - The patch file content as UTF-8 string
+     * @throws Error if blob not found (404) or download fails
+     *
+     * @example
+     * ```typescript
+     * const sdk = new SocketSdk('your-api-token')
+     * // First get patch metadata
+     * const patch = await sdk.viewPatch('my-org', 'patch-uuid')
+     * // Then download the actual patched file
+     * const fileContent = await sdk.downloadPatch(patch.files['index.js'].socketBlob)
+     * ```
+     */
+    downloadPatch(hash: string, options?: {
+        baseUrl?: string;
+    }): Promise<string>;
 }

package/dist/types.d.ts

@@ -3,8 +3,8 @@
  * Provides TypeScript types for API requests, responses, and internal SDK functionality.
  */
 import type { components, operations } from '../types/api';
-import type { OpErrorType, OpReturnType } from '../types/api-helpers';
-import type { Remap } from '@socketsecurity/registry/lib/objects';
+import type { OpReturnType } from '../types/api-helpers';
+import type { Remap } from '@socketsecurity/lib/objects';
 import type { ClientHttp2Session } from 'http2-wrapper';
 import type { Agent as HttpAgent, RequestOptions as HttpRequestOptions } from 'node:http';
 import type { ClientSessionRequestOptions } from 'node:http2';
@@ -106,14 +106,20 @@ export type SocketArtifactAlert = Remap<Omit<components['schemas']['SocketAlert'
     props?: Record<string, unknown> | undefined;
 }>;
 export type SocketSdkOperations = keyof operations;
-export type SocketSdkSuccessResult<T extends SocketSdkOperations> = OpReturnType<operations[T]> & {
+export type SocketSdkSuccessResult<T extends SocketSdkOperations> = {
     cause?: undefined;
+    data: OpReturnType<operations[T]>;
     error?: undefined;
+    status: number;
+    success: true;
 };
-export type SocketSdkErrorResult<T extends SocketSdkOperations> = Omit<OpErrorType<operations[T]>, 'error'> & {
+export type SocketSdkErrorResult<T extends SocketSdkOperations> = {
     cause?: string | undefined;
     data?: undefined;
     error: string;
+    status: number;
+    success: false;
+    _operation?: T;
 };
 export type SocketSdkResult<T extends SocketSdkOperations> = SocketSdkSuccessResult<T> | SocketSdkErrorResult<T>;
 export type SocketSdkGenericResult<T> = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/sdk",
-  "version": "1.11.2",
+  "version": "2.0.2",
   "license": "MIT",
   "description": "SDK for the Socket API client",
   "author": {
@@ -13,93 +13,66 @@
     "type": "git",
     "url": "git://github.com/SocketDev/socket-sdk-js.git"
   },
-  "type": "commonjs",
-  "main": "./dist/index.js",
+  "type": "module",
+  "main": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
-      "default": "./dist/index.js"
+      "default": "./dist/index.mjs"
     },
+    "./package.json": "./package.json",
     "./testing": {
       "types": "./dist/testing.d.ts",
-      "default": "./dist/testing.js"
+      "default": "./dist/testing.mjs"
     },
-    "./types/api-helpers": "./types/api-helpers.d.ts",
-    "./types/api-helpers.d.ts": "./types/api-helpers.d.ts",
-    "./types/api": "./types/api.d.ts",
-    "./types/api.d.ts": "./types/api.d.ts",
-    "./package.json": "./package.json"
+    "./types/api": {
+      "types": "./types/api.d.ts",
+      "default": "./types/api.d.ts"
+    },
+    "./types/api-helpers": {
+      "types": "./types/api-helpers.d.ts",
+      "default": "./types/api-helpers.d.ts"
+    }
   },
   "scripts": {
     "build": "node scripts/build.mjs",
-    "build:dist": "node scripts/build.mjs",
-    "build:dist:src": "node scripts/build.mjs --src-only",
-    "build:dist:types": "node scripts/build.mjs --types-only",
-    "check": "node scripts/check.mjs",
-    "check:lint": "eslint --config .config/eslint.config.mjs --report-unused-disable-directives .",
-    "check:lint:fix": "pnpm run check:lint -- --fix",
-    "check:tsc": "tsgo --noEmit -p .config/tsconfig.check.json",
-    "lint-ci": "pnpm run check:lint",
-    "coverage": "node scripts/coverage.mjs",
-    "coverage:test": "node scripts/coverage.mjs --code-only",
-    "coverage:type": "type-coverage",
-    "coverage:type:verbose": "type-coverage --detail",
-    "coverage:percent": "node scripts/coverage.mjs --percent",
+    "bump": "bash scripts/node-with-loader.sh scripts/bump.mjs",
+    "check": "bash scripts/node-with-loader.sh scripts/check.mjs",
+    "check-ci": "pnpm run check --all",
     "clean": "node scripts/clean.mjs",
-    "clean:cache": "node scripts/clean.mjs --cache",
-    "clean:coverage": "node scripts/clean.mjs --coverage",
-    "clean:dist": "node scripts/clean.mjs --dist",
-    "clean:dist:types": "node scripts/clean.mjs --dist-types",
-    "clean:declarations": "node scripts/clean.mjs --declarations",
-    "clean:node_modules": "node scripts/clean.mjs --node-modules",
-    "fix": "node scripts/lint-fix.mjs",
-    "generate-sdk": "node scripts/generate-sdk.mjs",
-    "generate-sdk:01-prettify": "node scripts/prettify-base-json.mjs",
-    "generate-sdk:02-generate": "node scripts/generate-types.mjs > types/api.d.ts",
-    "generate-sdk:03-clean-api": "pnpm run fix && pnpm run fix",
-    "knip:dependencies": "knip --dependencies",
-    "knip:exports": "knip --include exports,duplicates",
-    "lint": "oxlint -c=.config/.oxlintrc.json --ignore-path=.config/.oxlintignore --tsconfig=.config/tsconfig.json .",
-    "lint:fix": "node scripts/lint-fix.mjs",
-    "lint-staged": "lint-staged",
-    "precommit": "lint-staged",
+    "cover": "bash scripts/node-with-loader.sh scripts/cover.mjs",
+    "fix": "node scripts/lint.mjs --fix",
+    "generate-sdk": "bash scripts/node-with-loader.sh scripts/generate-sdk.mjs",
+    "lint": "node scripts/lint.mjs",
+    "lint-ci": "pnpm run lint --all",
+    "precommit": "pnpm run check --lint --staged",
     "prepare": "husky",
     "prepublishOnly": "echo 'ERROR: Use GitHub Actions workflow for publishing' && exit 1",
-    "pretest:unit": "pnpm run build",
-    "test": "run-s check test:run",
-    "test:run": "node scripts/test.mjs",
-    "test:unit": "dotenvx -q run -f .env.test -- vitest --run",
-    "test:unit:update": "dotenvx -q run -f .env.test -- vitest --run --update",
-    "test:unit:coverage": "dotenvx -q run -f .env.test -- vitest run --coverage",
-    "test-ci": "dotenvx -q run -f .env.test -- vitest --run",
-    "type-ci": "pnpm run check:tsc",
-    "test-pre-commit": "dotenvx -q run -f .env.precommit -- node scripts/test-with-build.mjs",
-    "update": "run-p --aggregate-output update:*",
-    "update:deps": "node scripts/taze.mjs",
-    "update:socket": "pnpm -r update '@socketsecurity/*' --latest"
-  },
-  "dependencies": {
-    "@socketsecurity/registry": "1.5.3"
+    "publish": "bash scripts/node-with-loader.sh scripts/publish.mjs",
+    "claude": "bash scripts/node-with-loader.sh scripts/claude.mjs",
+    "test": "node scripts/test.mjs",
+    "test-ci": "pnpm run test --all",
+    "type": "tsgo --noEmit -p .config/tsconfig.check.json",
+    "type-ci": "pnpm run type",
+    "update": "bash scripts/node-with-loader.sh scripts/update.mjs"
   },
   "devDependencies": {
-    "@babel/core": "7.28.4",
-    "@babel/plugin-transform-runtime": "7.28.3",
-    "@babel/preset-typescript": "7.27.1",
-    "@babel/runtime": "7.28.4",
+    "@babel/parser": "7.26.3",
+    "@babel/traverse": "7.26.4",
+    "@babel/types": "7.26.3",
     "@biomejs/biome": "2.2.4",
     "@dotenvx/dotenvx": "1.49.0",
     "@eslint/compat": "1.3.2",
     "@eslint/js": "9.35.0",
-    "@rollup/plugin-babel": "6.0.4",
-    "@rollup/plugin-commonjs": "28.0.6",
-    "@rollup/plugin-json": "6.1.0",
-    "@rollup/plugin-node-resolve": "16.0.1",
+    "@socketsecurity/lib": "1.0.4",
+    "@socketsecurity/registry": "1.5.3",
     "@types/node": "24.6.2",
     "@typescript/native-preview": "7.0.0-dev.20250926.1",
     "@vitest/coverage-v8": "3.2.4",
-    "del-cli": "6.0.0",
+    "del": "^8.0.1",
     "dev-null-cli": "2.0.0",
+    "esbuild": "0.25.10",
     "eslint": "9.35.0",
     "eslint-import-resolver-typescript": "4.4.4",
     "eslint-plugin-import-x": "4.16.1",
@@ -111,49 +84,39 @@
     "globals": "16.4.0",
     "http2-wrapper": "2.2.1",
     "husky": "9.1.7",
-    "knip": "5.63.1",
-    "lint-staged": "16.1.6",
+    "magic-string": "0.30.14",
     "nock": "14.0.10",
     "npm-run-all2": "8.0.4",
     "openapi-typescript": "6.7.6",
-    "oxlint": "1.15.0",
-    "rollup": "4.50.1",
+    "semver": "7.7.2",
     "taze": "19.6.0",
-    "trash": "10.0.0",
     "type-coverage": "2.29.7",
     "typescript-eslint": "8.44.1",
     "vitest": "3.2.4",
-    "yargs-parser": "22.0.0",
     "yoctocolors-cjs": "2.1.3"
   },
   "pnpm": {
-    "overrides": {
-      "vite": "7.1.7"
-    },
     "ignoredBuiltDependencies": [
       "esbuild",
       "unrs-resolver"
-    ]
+    ],
+    "overrides": {
+      "vite": "7.1.11"
+    }
   },
   "engines": {
     "node": ">=18",
     "pnpm": ">=10.16.0"
   },
   "files": [
-    "dist/**",
-    "types/**",
-    "CHANGELOG.md",
-    "requirements.json"
+    "data/*.json",
+    "dist/*{.js,.d.ts}",
+    "types/*.d.ts",
+    "CHANGELOG.md"
   ],
-  "lint-staged": {
-    "*.{cjs,js,json,md,mjs,mts,ts}": [
-      "oxlint -c=.config/.oxlintrc.json --ignore-path=.config/.oxlintignore --tsconfig=.config/tsconfig.json --quiet --fix",
-      "biome format --log-level=none --fix --no-errors-on-unmatched --files-ignore-unknown=true --colors=off"
-    ]
-  },
   "typeCoverage": {
     "cache": true,
-    "atLeast": 99.64,
+    "atLeast": 99,
     "ignoreAsAssertion": true,
     "ignoreCatch": true,
     "ignoreEmptyType": true,