@socketsecurity/sdk 1.8.1 → 1.8.2

package/CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.8.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.2) - 2025-09-29
+
+### Fixed
+- Fixed publishing workflow to ensure dist folder is built before npm publish
+- Changed prepublishOnly script to prevent accidental local publishing
+
 ## [1.8.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.1) - 2025-09-29
 
 ### Changed

package/dist/constants.d.ts

@@ -0,0 +1,5 @@
+import type { ALERT_ACTION } from './types';
+export declare const DEFAULT_USER_AGENT: string;
+export declare const httpAgentNames: Set<string>;
+export declare const publicPolicy: Map<"ambiguousClassifier" | "badEncoding" | "badSemver" | "badSemverDependency" | "bidi" | "binScriptConfusion" | "chromeContentScript" | "chromeHostPermission" | "chromePermission" | "chromeWildcardHostPermission" | "chronoAnomaly" | "compromisedSSHKey" | "copyleftLicense" | "criticalCVE" | "cve" | "debugAccess" | "deprecated" | "deprecatedException" | "deprecatedLicense" | "didYouMean" | "dynamicRequire" | "emptyPackage" | "envVars" | "explicitlyUnlicensedItem" | "extraneousDependency" | "fileDependency" | "filesystemAccess" | "floatingDependency" | "generic" | "gitDependency" | "gitHubDependency" | "gptAnomaly" | "gptDidYouMean" | "gptMalware" | "gptSecurity" | "hasNativeCode" | "highEntropyStrings" | "homoglyphs" | "httpDependency" | "installScripts" | "invalidPackageJSON" | "invisibleChars" | "licenseChange" | "licenseException" | "licenseSpdxDisj" | "longStrings" | "majorRefactor" | "malware" | "manifestConfusion" | "mediumCVE" | "mildCVE" | "minifiedFile" | "miscLicenseIssues" | "missingAuthor" | "missingDependency" | "missingLicense" | "missingTarball" | "mixedLicense" | "modifiedException" | "modifiedLicense" | "networkAccess" | "newAuthor" | "noAuthorData" | "noBugTracker" | "noLicenseFound" | "noREADME" | "noRepository" | "noTests" | "noV1" | "noWebsite" | "nonOSILicense" | "nonSPDXLicense" | "nonpermissiveLicense" | "notice" | "obfuscatedFile" | "obfuscatedRequire" | "peerDependency" | "potentialVulnerability" | "semverAnomaly" | "shellAccess" | "shellScriptOverride" | "shrinkwrap" | "socketUpgradeAvailable" | "suspiciousStarActivity" | "suspiciousString" | "telemetry" | "trivialPackage" | "troll" | "typeModuleCompatibility" | "uncaughtOptionalDependency" | "unclearLicense" | "unidentifiedLicense" | "unmaintained" | "unpopularPackage" | "unpublished" | "unresolvedRequire" | "unsafeCopyright" | "unstableOwnership" | "unusedDependency" | "urlStrings" | "usesEval" | "zeroWidth", ALERT_ACTION>;
+//# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,YAAY,EAAc,MAAM,SAAS,CAAA;AAEvD,eAAO,MAAM,kBAAkB,QAA0C,CAAA;AAIzE,eAAO,MAAM,cAAc,aAAsC,CAAA;AAGjE,eAAO,MAAM,YAAY,g5DA0GvB,CAAA"}

package/dist/constants.js

@@ -0,0 +1,128 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.publicPolicy = exports.httpAgentNames = exports.DEFAULT_USER_AGENT = void 0;
+/**
+ * @fileoverview Configuration constants and enums for the Socket SDK.
+ * Provides default values, HTTP agents, and public policy configurations for API interactions.
+ */
+// Import attributes are only supported when the '--module' option is set to
+// 'esnext', 'node18', 'node20', 'nodenext', or 'preserve'.
+// @ts-ignore: Avoid TS import attributes error.
+const package_json_1 = __importDefault(require("../package.json"));
+const user_agent_1 = require("./user-agent");
+exports.DEFAULT_USER_AGENT = (0, user_agent_1.createUserAgentFromPkgJson)(package_json_1.default);
+// https://github.com/sindresorhus/got/blob/v14.4.6/documentation/2-options.md#agent
+// Valid HTTP agent names for Got-style agent configuration compatibility.
+exports.httpAgentNames = new Set(['http', 'https', 'http2']);
+// Public security policy.
+exports.publicPolicy = new Map([
+    // error (1):
+    ['malware', 'error'],
+    // warn (7):
+    ['criticalCVE', 'warn'],
+    ['didYouMean', 'warn'],
+    ['gitDependency', 'warn'],
+    ['httpDependency', 'warn'],
+    ['licenseSpdxDisj', 'warn'],
+    ['obfuscatedFile', 'warn'],
+    ['troll', 'warn'],
+    // monitor (7):
+    ['deprecated', 'monitor'],
+    ['mediumCVE', 'monitor'],
+    ['mildCVE', 'monitor'],
+    ['shrinkwrap', 'monitor'],
+    ['telemetry', 'monitor'],
+    ['unpopularPackage', 'monitor'],
+    ['unstableOwnership', 'monitor'],
+    // ignore (85):
+    ['ambiguousClassifier', 'ignore'],
+    ['badEncoding', 'ignore'],
+    ['badSemver', 'ignore'],
+    ['badSemverDependency', 'ignore'],
+    ['bidi', 'ignore'],
+    ['binScriptConfusion', 'ignore'],
+    ['chromeContentScript', 'ignore'],
+    ['chromeHostPermission', 'ignore'],
+    ['chromePermission', 'ignore'],
+    ['chromeWildcardHostPermission', 'ignore'],
+    ['chronoAnomaly', 'ignore'],
+    ['compromisedSSHKey', 'ignore'],
+    ['copyleftLicense', 'ignore'],
+    ['cve', 'ignore'],
+    ['debugAccess', 'ignore'],
+    ['deprecatedLicense', 'ignore'],
+    ['deprecatedException', 'ignore'],
+    ['dynamicRequire', 'ignore'],
+    ['emptyPackage', 'ignore'],
+    ['envVars', 'ignore'],
+    ['explicitlyUnlicensedItem', 'ignore'],
+    ['extraneousDependency', 'ignore'],
+    ['fileDependency', 'ignore'],
+    ['filesystemAccess', 'ignore'],
+    ['floatingDependency', 'ignore'],
+    ['gitHubDependency', 'ignore'],
+    ['gptAnomaly', 'ignore'],
+    ['gptDidYouMean', 'ignore'],
+    ['gptMalware', 'ignore'],
+    ['gptSecurity', 'ignore'],
+    ['hasNativeCode', 'ignore'],
+    ['highEntropyStrings', 'ignore'],
+    ['homoglyphs', 'ignore'],
+    ['installScripts', 'ignore'],
+    ['invalidPackageJSON', 'ignore'],
+    ['invisibleChars', 'ignore'],
+    ['licenseChange', 'ignore'],
+    ['licenseException', 'ignore'],
+    ['longStrings', 'ignore'],
+    ['majorRefactor', 'ignore'],
+    ['manifestConfusion', 'ignore'],
+    ['minifiedFile', 'ignore'],
+    ['miscLicenseIssues', 'ignore'],
+    ['missingAuthor', 'ignore'],
+    ['missingDependency', 'ignore'],
+    ['missingLicense', 'ignore'],
+    ['missingTarball', 'ignore'],
+    ['mixedLicense', 'ignore'],
+    ['modifiedException', 'ignore'],
+    ['modifiedLicense', 'ignore'],
+    ['networkAccess', 'ignore'],
+    ['newAuthor', 'ignore'],
+    ['noAuthorData', 'ignore'],
+    ['noBugTracker', 'ignore'],
+    ['noLicenseFound', 'ignore'],
+    ['noREADME', 'ignore'],
+    ['noRepository', 'ignore'],
+    ['noTests', 'ignore'],
+    ['noV1', 'ignore'],
+    ['noWebsite', 'ignore'],
+    ['nonOSILicense', 'ignore'],
+    ['nonSPDXLicense', 'ignore'],
+    ['nonpermissiveLicense', 'ignore'],
+    ['notice', 'ignore'],
+    ['obfuscatedRequire', 'ignore'],
+    ['peerDependency', 'ignore'],
+    ['potentialVulnerability', 'ignore'],
+    ['semverAnomaly', 'ignore'],
+    ['shellAccess', 'ignore'],
+    ['shellScriptOverride', 'ignore'],
+    ['socketUpgradeAvailable', 'ignore'],
+    ['suspiciousStarActivity', 'ignore'],
+    ['suspiciousString', 'ignore'],
+    ['trivialPackage', 'ignore'],
+    ['typeModuleCompatibility', 'ignore'],
+    ['uncaughtOptionalDependency', 'ignore'],
+    ['unclearLicense', 'ignore'],
+    ['unidentifiedLicense', 'ignore'],
+    ['unmaintained', 'ignore'],
+    ['unpublished', 'ignore'],
+    ['unresolvedRequire', 'ignore'],
+    ['unsafeCopyright', 'ignore'],
+    ['unusedDependency', 'ignore'],
+    ['urlStrings', 'ignore'],
+    ['usesEval', 'ignore'],
+    ['zeroWidth', 'ignore'],
+]);
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";;;;;;AAAA;;;GAGG;AAEH,4EAA4E;AAC5E,2DAA2D;AAC3D,gDAAgD;AAChD,mEAA+D;AAC/D,6CAAyD;AAI5C,QAAA,kBAAkB,GAAG,IAAA,uCAA0B,EAAC,sBAAW,CAAC,CAAA;AAEzE,oFAAoF;AACpF,0EAA0E;AAC7D,QAAA,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAA;AAEjE,0BAA0B;AACb,QAAA,YAAY,GAAG,IAAI,GAAG,CAA2B;IAC5D,aAAa;IACb,CAAC,SAAS,EAAE,OAAO,CAAC;IACpB,YAAY;IACZ,CAAC,aAAa,EAAE,MAAM,CAAC;IACvB,CAAC,YAAY,EAAE,MAAM,CAAC;IACtB,CAAC,eAAe,EAAE,MAAM,CAAC;IACzB,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAC1B,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAC3B,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAC1B,CAAC,OAAO,EAAE,MAAM,CAAC;IACjB,eAAe;IACf,CAAC,YAAY,EAAE,SAAS,CAAC;IACzB,CAAC,WAAW,EAAE,SAAS,CAAC;IACxB,CAAC,SAAS,EAAE,SAAS,CAAC;IACtB,CAAC,YAAY,EAAE,SAAS,CAAC;IACzB,CAAC,WAAW,EAAE,SAAS,CAAC;IACxB,CAAC,kBAAkB,EAAE,SAAS,CAAC;IAC/B,CAAC,mBAAmB,EAAE,SAAS,CAAC;IAChC,eAAe;IACf,CAAC,qBAAqB,EAAE,QAAQ,CAAC;IACjC,CAAC,aAAa,EAAE,QAAQ,CAAC;IACzB,CAAC,WAAW,EAAE,QAAQ,CAAC;IACvB,CAAC,qBAAqB,EAAE,QAAQ,CAAC;IACjC,CAAC,MAAM,EAAE,QAAQ,CAAC;IAClB,CAAC,oBAAoB,EAAE,QAAQ,CAAC;IAChC,CAAC,qBAAqB,EAAE,QAAQ,CAAC;IACjC,CAAC,sBAAsB,EAAE,QAAQ,CAAC;IAClC,CAAC,kBAAkB,EAAE,QAAQ,CAAC;IAC9B,CAAC,8BAA8B,EAAE,QAAQ,CAAC;IAC1C,CAAC,eAAe,EAAE,QAAQ,CAAC;IAC3B,CAAC,mBAAmB,EAAE,QAAQ,CAAC;IAC/B,CAAC,iBAAiB,EAAE,QAAQ,CAAC;IAC7B,CAAC,KAAK,EAAE,QAAQ,CAAC;IACjB,CAAC,aAAa,EAAE,QAAQ,CAAC;IACzB,CAAC,mBAAmB,EAAE,QAAQ,CAAC;IAC/B,CAAC,qBAAqB,EAAE,QAAQ,CAAC;IACjC,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,cAAc,EAAE,QAAQ,CAAC;IAC1B,CAAC,SAAS,EAAE,QAAQ,CAAC;IACrB,CAAC,0BAA0B,EAAE,QAAQ,CAAC;IACtC,CAAC,sBAAsB,EAAE,QAAQ,CAAC;IAClC,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,kBAAkB,EAAE,QAAQ,CAAC;IAC9B,CAAC,oBAAoB,EAAE,QAAQ,CAAC;IAChC,CAAC,kBAAkB,EAAE,QAAQ,CAAC;IAC9B,CAAC,YAAY,EAAE,QAAQ,CAAC;IACxB,CAAC,eAAe,EAAE,QAAQ,CAAC;IAC3B,CAAC,YAAY,EAAE,QAAQ,CAAC;IACxB,CAAC,aAAa,EAAE,QAAQ,CAAC;IACzB,CAAC,eAAe,EAAE,QAAQ,CAAC;IAC3B,CAAC,oBAAoB,EAAE,QAAQ,CAAC;IAChC,CAAC,YAAY,EAAE,QAAQ,CAAC;IACxB,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,oBAAoB,EAAE,QAAQ,CAAC;IAChC,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,eAAe,EAAE,QAAQ,CAAC;IAC3B,CAAC,kBAAkB,EAAE,QAAQ,CAAC;IAC9B,CAAC,aAAa,EAAE,QAAQ,CAAC;IACzB,CAAC,eAAe,EAAE,QAAQ,CAAC;IAC3B,CAAC,mBAAmB,EAAE,QAAQ,CAAC;IAC/B,CAAC,cAAc,EAAE,QAAQ,CAAC;IAC1B,CAAC,mBAAmB,EAAE,QAAQ,CAAC;IAC/B,CAAC,eAAe,EAAE,QAAQ,CAAC;IAC3B,CAAC,mBAAmB,EAAE,QAAQ,CAAC;IAC/B,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,cAAc,EAAE,QAAQ,CAAC;IAC1B,CAAC,mBAAmB,EAAE,QAAQ,CAAC;IAC/B,CAAC,iBAAiB,EAAE,QAAQ,CAAC;IAC7B,CAAC,eAAe,EAAE,QAAQ,CAAC;IAC3B,CAAC,WAAW,EAAE,QAAQ,CAAC;IACvB,CAAC,cAAc,EAAE,QAAQ,CAAC;IAC1B,CAAC,cAAc,EAAE,QAAQ,CAAC;IAC1B,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,UAAU,EAAE,QAAQ,CAAC;IACtB,CAAC,cAAc,EAAE,QAAQ,CAAC;IAC1B,CAAC,SAAS,EAAE,QAAQ,CAAC;IACrB,CAAC,MAAM,EAAE,QAAQ,CAAC;IAClB,CAAC,WAAW,EAAE,QAAQ,CAAC;IACvB,CAAC,eAAe,EAAE,QAAQ,CAAC;IAC3B,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,sBAAsB,EAAE,QAAQ,CAAC;IAClC,CAAC,QAAQ,EAAE,QAAQ,CAAC;IACpB,CAAC,mBAAmB,EAAE,QAAQ,CAAC;IAC/B,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,wBAAwB,EAAE,QAAQ,CAAC;IACpC,CAAC,eAAe,EAAE,QAAQ,CAAC;IAC3B,CAAC,aAAa,EAAE,QAAQ,CAAC;IACzB,CAAC,qBAAqB,EAAE,QAAQ,CAAC;IACjC,CAAC,wBAAwB,EAAE,QAAQ,CAAC;IACpC,CAAC,wBAAwB,EAAE,QAAQ,CAAC;IACpC,CAAC,kBAAkB,EAAE,QAAQ,CAAC;IAC9B,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,yBAAyB,EAAE,QAAQ,CAAC;IACrC,CAAC,4BAA4B,EAAE,QAAQ,CAAC;IACxC,CAAC,gBAAgB,EAAE,QAAQ,CAAC;IAC5B,CAAC,qBAAqB,EAAE,QAAQ,CAAC;IACjC,CAAC,cAAc,EAAE,QAAQ,CAAC;IAC1B,CAAC,aAAa,EAAE,QAAQ,CAAC;IACzB,CAAC,mBAAmB,EAAE,QAAQ,CAAC;IAC/B,CAAC,iBAAiB,EAAE,QAAQ,CAAC;IAC7B,CAAC,kBAAkB,EAAE,QAAQ,CAAC;IAC9B,CAAC,YAAY,EAAE,QAAQ,CAAC;IACxB,CAAC,UAAU,EAAE,QAAQ,CAAC;IACtB,CAAC,WAAW,EAAE,QAAQ,CAAC;CACxB,CAAC,CAAA"}

package/dist/file-upload.d.ts

@@ -0,0 +1,22 @@
+import { Readable } from 'node:stream';
+import type { RequestOptions } from './types';
+import type { ReadStream } from 'node:fs';
+import type { IncomingMessage } from 'node:http';
+/**
+ * Create multipart form-data body parts for file uploads.
+ * Converts file paths to readable streams with proper multipart headers.
+ */
+export declare function createRequestBodyForFilepaths(filepaths: string[], basePath: string): Array<Array<string | ReadStream>>;
+/**
+ * Create multipart form-data body part for JSON data.
+ * Converts JSON object to readable stream with appropriate headers.
+ */
+export declare function createRequestBodyForJson(jsonData: unknown, basename?: string): Array<string | Readable>;
+/**
+ * Create and execute a multipart/form-data upload request.
+ * Streams large files efficiently with backpressure handling and early server validation.
+ *
+ * @throws {Error} When network errors occur or stream processing fails
+ */
+export declare function createUploadRequest(baseUrl: string, urlPath: string, requestBodyNoBoundaries: Array<string | Readable | Array<string | Readable>>, options: RequestOptions): Promise<IncomingMessage>;
+//# sourceMappingURL=file-upload.d.ts.map

package/dist/file-upload.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-upload.d.ts","sourceRoot":"","sources":["../src/file-upload.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AAMtC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAC7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACzC,OAAO,KAAK,EAAiB,eAAe,EAAE,MAAM,WAAW,CAAA;AAG/D;;;GAGG;AACH,wBAAgB,6BAA6B,CAC3C,SAAS,EAAE,MAAM,EAAE,EACnB,QAAQ,EAAE,MAAM,GACf,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC,CAAC,CAYnC;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,OAAO,EACjB,QAAQ,SAAc,GACrB,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC,CAS1B;AAED;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,uBAAuB,EAAE,KAAK,CAAC,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC,MAAM,GAAG,QAAQ,CAAC,CAAC,EAC5E,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,eAAe,CAAC,CAuG1B"}

package/dist/file-upload.js

@@ -0,0 +1,152 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRequestBodyForFilepaths = createRequestBodyForFilepaths;
+exports.createRequestBodyForJson = createRequestBodyForJson;
+exports.createUploadRequest = createUploadRequest;
+/** @fileoverview File upload utilities for Socket API with multipart form data support. */
+const node_events_1 = __importDefault(require("node:events"));
+const node_fs_1 = require("node:fs");
+const node_path_1 = __importDefault(require("node:path"));
+const node_stream_1 = require("node:stream");
+const path_1 = require("@socketsecurity/registry/lib/path");
+const http_client_1 = require("./http-client");
+/**
+ * Create multipart form-data body parts for file uploads.
+ * Converts file paths to readable streams with proper multipart headers.
+ */
+function createRequestBodyForFilepaths(filepaths, basePath) {
+    const requestBody = [];
+    for (const absPath of filepaths) {
+        const relPath = (0, path_1.normalizePath)(node_path_1.default.relative(basePath, absPath));
+        const filename = node_path_1.default.basename(absPath);
+        requestBody.push([
+            `Content-Disposition: form-data; name="${relPath}"; filename="${filename}"\r\n`,
+            `Content-Type: application/octet-stream\r\n\r\n`,
+            (0, node_fs_1.createReadStream)(absPath, { highWaterMark: 1024 * 1024 }),
+        ]);
+    }
+    return requestBody;
+}
+/**
+ * Create multipart form-data body part for JSON data.
+ * Converts JSON object to readable stream with appropriate headers.
+ */
+function createRequestBodyForJson(jsonData, basename = 'data.json') {
+    const ext = node_path_1.default.extname(basename);
+    const name = node_path_1.default.basename(basename, ext);
+    return [
+        `Content-Disposition: form-data; name="${name}"; filename="${basename}"\r\n` +
+            `Content-Type: application/json\r\n\r\n`,
+        node_stream_1.Readable.from(JSON.stringify(jsonData), { highWaterMark: 1024 * 1024 }),
+        '\r\n',
+    ];
+}
+/**
+ * Create and execute a multipart/form-data upload request.
+ * Streams large files efficiently with backpressure handling and early server validation.
+ *
+ * @throws {Error} When network errors occur or stream processing fails
+ */
+async function createUploadRequest(baseUrl, urlPath, requestBodyNoBoundaries, options) {
+    // This function constructs and sends a multipart/form-data HTTP POST request
+    // where each part is streamed to the server. It supports string payloads
+    // and readable streams (e.g., large file uploads).
+    // The body is streamed manually with proper backpressure support to avoid
+    // overwhelming Node.js memory (i.e., avoiding out-of-memory crashes for large inputs).
+    // We call `flushHeaders()` early to ensure headers are sent before body transmission
+    // begins. If the server rejects the request (e.g., bad org or auth), it will likely
+    // respond immediately. We listen for that response while still streaming the body.
+    //
+    // This protects against cases where the server closes the connection (EPIPE/ECONNRESET)
+    // mid-stream, which would otherwise cause hard-to-diagnose failures during file upload.
+    //
+    // Example failure this mitigates: `socket scan create --org badorg`
+    // eslint-disable-next-line no-async-promise-executor
+    return await new Promise(async (pass, fail) => {
+        const boundary = `NodeMultipartBoundary${Date.now()}`;
+        const boundarySep = `--${boundary}\r\n`;
+        const finalBoundary = `--${boundary}--\r\n`;
+        const requestBody = [
+            ...requestBodyNoBoundaries.flatMap(part => [
+                boundarySep,
+                /* c8 ignore next - Array.isArray branch for part is defensive coding for edge cases. */
+                ...(Array.isArray(part) ? part : [part]),
+            ]),
+            finalBoundary,
+        ];
+        const url = new URL(urlPath, baseUrl);
+        const req = (0, http_client_1.getHttpModule)(baseUrl).request(url, {
+            method: 'POST',
+            ...options,
+            headers: {
+                ...options?.headers,
+                'Content-Type': `multipart/form-data; boundary=${boundary}`,
+            },
+        });
+        // Send headers early to prompt server validation (auth, URL, quota, etc.).
+        req.flushHeaders();
+        // Concurrently wait for response while we stream body.
+        (0, http_client_1.getResponse)(req).then(pass, fail);
+        let aborted = false;
+        req.on('error', () => (aborted = true));
+        req.on('close', () => (aborted = true));
+        try {
+            for (const part of requestBody) {
+                /* c8 ignore next 3 - aborted state is difficult to test reliably */
+                if (aborted) {
+                    break;
+                }
+                if (typeof part === 'string') {
+                    /* c8 ignore next 5 - backpressure handling requires specific stream conditions */
+                    if (!req.write(part)) {
+                        // Wait for 'drain' if backpressure is signaled.
+                        // eslint-disable-next-line no-await-in-loop
+                        await node_events_1.default.once(req, 'drain');
+                    }
+                }
+                else if (typeof part?.pipe === 'function') {
+                    // Stream data chunk-by-chunk with backpressure support.
+                    const stream = part;
+                    // eslint-disable-next-line no-await-in-loop
+                    for await (const chunk of stream) {
+                        /* c8 ignore next 3 - aborted state during streaming is difficult to test reliably */
+                        if (aborted) {
+                            break;
+                        }
+                        /* c8 ignore next 3 - backpressure handling requires specific stream conditions */
+                        if (!req.write(chunk)) {
+                            await node_events_1.default.once(req, 'drain');
+                        }
+                    }
+                    // Ensure trailing CRLF after file part.
+                    /* c8 ignore next 4 - trailing CRLF backpressure handling is edge case */
+                    if (!aborted && !req.write('\r\n')) {
+                        // eslint-disable-next-line no-await-in-loop
+                        await node_events_1.default.once(req, 'drain');
+                    }
+                    // Cleanup stream to free memory buffers.
+                    if (typeof part.destroy === 'function') {
+                        part.destroy();
+                    }
+                    /* c8 ignore next 3 - defensive check for non-string/stream types */
+                }
+                else {
+                    throw new TypeError('Expected string or stream');
+                }
+            }
+        }
+        catch (e) {
+            req.destroy(e);
+            fail(e);
+        }
+        finally {
+            if (!aborted) {
+                req.end();
+            }
+        }
+    });
+}
+//# sourceMappingURL=file-upload.js.map

package/dist/file-upload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-upload.js","sourceRoot":"","sources":["../src/file-upload.ts"],"names":[],"mappings":";;;;;;;;AAAA,2FAA2F;AAC3F,8DAAgC;AAChC,qCAA0C;AAC1C,0DAA4B;AAC5B,6CAAsC;AAEtC,4DAAiE;AAEjE,+CAA0D;AAO1D;;;GAGG;AACH,uCACE,SAAmB,EACnB,QAAgB,EACmB;IACnC,MAAM,WAAW,GAAsC,EAAE,CAAA;IACzD,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,IAAA,oBAAa,EAAC,mBAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAA;QAC/D,MAAM,QAAQ,GAAG,mBAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;QACvC,WAAW,CAAC,IAAI,CAAC;YACf,yCAAyC,OAAO,gBAAgB,QAAQ,OAAO;YAC/E,gDAAgD;YAChD,IAAA,0BAAgB,EAAC,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,GAAG,IAAI,EAAE,CAAC;SAC1D,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,WAAW,CAAA;AAAA,CACnB;AAED;;;GAGG;AACH,kCACE,QAAiB,EACjB,QAAQ,GAAG,WAAW,EACI;IAC1B,MAAM,GAAG,GAAG,mBAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAClC,MAAM,IAAI,GAAG,mBAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;IACzC,OAAO;QACL,yCAAyC,IAAI,gBAAgB,QAAQ,OAAO;YAC1E,wCAAwC;QAC1C,sBAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,aAAa,EAAE,IAAI,GAAG,IAAI,EAAE,CAAC;QACvE,MAAM;KACP,CAAA;AAAA,CACF;AAED;;;;;GAKG;AACI,KAAK,8BACV,OAAe,EACf,OAAe,EACf,uBAA4E,EAC5E,OAAuB,EACG;IAC1B,6EAA6E;IAC7E,yEAAyE;IACzE,mDAAmD;IAEnD,0EAA0E;IAC1E,uFAAuF;IAEvF,qFAAqF;IACrF,oFAAoF;IACpF,mFAAmF;IACnF,EAAE;IACF,wFAAwF;IACxF,wFAAwF;IACxF,EAAE;IACF,oEAAoE;IAEpE,qDAAqD;IACrD,OAAO,MAAM,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC;QAC7C,MAAM,QAAQ,GAAG,wBAAwB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAA;QACrD,MAAM,WAAW,GAAG,KAAK,QAAQ,MAAM,CAAA;QACvC,MAAM,aAAa,GAAG,KAAK,QAAQ,QAAQ,CAAA;QAE3C,MAAM,WAAW,GAAG;YAClB,GAAG,uBAAuB,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzC,WAAW;gBACX,wFAAwF;gBACxF,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;aACzC,CAAC;YACF,aAAa;SACd,CAAA;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QACrC,MAAM,GAAG,GAAkB,IAAA,2BAAa,EAAC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,GAAG,OAAO;YACV,OAAO,EAAE;gBACP,GAAI,OAA+B,EAAE,OAAO;gBAC5C,cAAc,EAAE,iCAAiC,QAAQ,EAAE;aAC5D;SACF,CAAC,CAAA;QAEF,2EAA2E;QAC3E,GAAG,CAAC,YAAY,EAAE,CAAA;QAElB,uDAAuD;QACvD,IAAA,yBAAW,EAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAEjC,IAAI,OAAO,GAAG,KAAK,CAAA;QACnB,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAA;QACvC,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAA;QAEvC,IAAI,CAAC;YACH,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,oEAAoE;gBACpE,IAAI,OAAO,EAAE,CAAC;oBACZ,MAAK;gBACP,CAAC;gBACD,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC7B,kFAAkF;oBAClF,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;wBACrB,gDAAgD;wBAChD,4CAA4C;wBAC5C,MAAM,qBAAM,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;oBACjC,CAAC;gBACH,CAAC;qBAAM,IAAI,OAAO,IAAI,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC5C,wDAAwD;oBACxD,MAAM,MAAM,GAAG,IAAgB,CAAA;oBAC/B,4CAA4C;oBAC5C,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;wBACjC,qFAAqF;wBACrF,IAAI,OAAO,EAAE,CAAC;4BACZ,MAAK;wBACP,CAAC;wBACD,kFAAkF;wBAClF,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;4BACtB,MAAM,qBAAM,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;wBACjC,CAAC;oBACH,CAAC;oBACD,wCAAwC;oBACxC,yEAAyE;oBACzE,IAAI,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;wBACnC,4CAA4C;wBAC5C,MAAM,qBAAM,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;oBACjC,CAAC;oBACD,yCAAyC;oBACzC,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;wBACvC,IAAI,CAAC,OAAO,EAAE,CAAA;oBAChB,CAAC;oBACD,oEAAoE;gBACtE,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,SAAS,CAAC,2BAA2B,CAAC,CAAA;gBAClD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,GAAG,CAAC,OAAO,CAAC,CAAU,CAAC,CAAA;YACvB,IAAI,CAAC,CAAC,CAAC,CAAA;QACT,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,GAAG,CAAC,GAAG,EAAE,CAAA;YACX,CAAC;QACH,CAAC;IAAA,CACF,CAAC,CAAA;AAAA,CACH"}

package/dist/http-client.d.ts

@@ -0,0 +1,79 @@
+/**
+ * @fileoverview HTTP client utilities for Socket API communication.
+ * Provides low-level HTTP request handling with proper error management and response parsing.
+ */
+import http from 'node:http';
+import https from 'node:https';
+import type { RequestOptions, SendMethod } from './types';
+import type { ClientRequest, IncomingMessage } from 'node:http';
+/**
+ * HTTP response error for Socket API requests.
+ * Extends Error with response details for debugging failed API calls.
+ */
+export declare class ResponseError extends Error {
+    response: IncomingMessage;
+    /**
+     * Create a new ResponseError from an HTTP response.
+     * Automatically formats error message with status code and message.
+     */
+    constructor(response: IncomingMessage, message?: string);
+}
+/**
+ * Create and execute an HTTP DELETE request.
+ * Returns the response stream for further processing.
+ *
+ * @throws {Error} When network or timeout errors occur
+ */
+export declare function createDeleteRequest(baseUrl: string, urlPath: string, options: RequestOptions): Promise<IncomingMessage>;
+/**
+ * Create and execute an HTTP GET request.
+ * Returns the response stream for further processing.
+ *
+ * @throws {Error} When network or timeout errors occur
+ */
+export declare function createGetRequest(baseUrl: string, urlPath: string, options: RequestOptions): Promise<IncomingMessage>;
+/**
+ * Create and execute an HTTP request with JSON payload.
+ * Automatically sets appropriate content headers and serializes the body.
+ *
+ * @throws {Error} When network or timeout errors occur
+ */
+export declare function createRequestWithJson(method: SendMethod, baseUrl: string, urlPath: string, json: unknown, options: RequestOptions): Promise<IncomingMessage>;
+/**
+ * Read the response body from an HTTP error response.
+ * Accumulates all chunks into a complete string for error handling.
+ *
+ * @throws {Error} When stream errors occur during reading
+ */
+export declare function getErrorResponseBody(response: IncomingMessage): Promise<string>;
+/**
+ * Get the appropriate HTTP module based on URL protocol.
+ * Returns http module for http: URLs, https module for https: URLs.
+ */
+export declare function getHttpModule(url: string): typeof http | typeof https;
+/**
+ * Wait for and return the HTTP response from a request.
+ * Handles timeout and error conditions during request processing.
+ *
+ * @throws {Error} When request times out or network errors occur
+ */
+export declare function getResponse(req: ClientRequest): Promise<IncomingMessage>;
+/**
+ * Parse HTTP response body as JSON.
+ * Validates response status and handles empty responses gracefully.
+ *
+ * @throws {ResponseError} When response has non-2xx status code
+ * @throws {SyntaxError} When response body contains invalid JSON
+ */
+export declare function getResponseJson(response: IncomingMessage, method?: string): Promise<import("@socketsecurity/registry/lib/json").JsonValue>;
+/**
+ * Check if HTTP response has a successful status code (2xx range).
+ * Returns true for status codes between 200-299, false otherwise.
+ */
+export declare function isResponseOk(response: IncomingMessage): boolean;
+/**
+ * Transform artifact data based on authentication status.
+ * Filters and compacts response data for public/free-tier users.
+ */
+export declare function reshapeArtifactForPublicPolicy<T extends Record<string, any>>(data: T, isAuthenticated: boolean, actions?: string): T;
+//# sourceMappingURL=http-client.d.ts.map

package/dist/http-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-client.d.ts","sourceRoot":"","sources":["../src/http-client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,IAAI,MAAM,WAAW,CAAA;AAC5B,OAAO,KAAK,MAAM,YAAY,CAAA;AAK9B,OAAO,KAAK,EACV,cAAc,EACd,UAAU,EAGX,MAAM,SAAS,CAAA;AAChB,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAE/D;;;GAGG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACtC,QAAQ,EAAE,eAAe,CAAA;IAEzB;;;OAGG;IACH,YAAY,QAAQ,EAAE,eAAe,EAAE,OAAO,GAAE,MAAW,EAW1D;CACF;AAED;;;;;GAKG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,eAAe,CAAC,CAQ1B;AAED;;;;;GAKG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,eAAe,CAAC,CAQ1B;AAED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,UAAU,EAClB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,OAAO,EACb,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,eAAe,CAAC,CAgB1B;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,eAAe,GACxB,OAAO,CAAC,MAAM,CAAC,CASjB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,IAAI,GAAG,OAAO,KAAK,CAErE;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAC/B,GAAG,EAAE,aAAa,GACjB,OAAO,CAAC,eAAe,CAAC,CAuB1B;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,eAAe,EACzB,MAAM,CAAC,EAAE,MAAM,kEA+ChB;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAI/D;AAED;;;GAGG;AACH,wBAAgB,8BAA8B,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC1E,IAAI,EAAE,CAAC,EACP,eAAe,EAAE,OAAO,EACxB,OAAO,CAAC,EAAE,MAAM,GACf,CAAC,CA0DH"}