@socketsecurity/sdk 3.3.0 → 3.4.0

package/CHANGELOG.md

@@ -4,6 +4,32 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [3.4.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v3.4.0) - 2026-03-11
+
+### Added
+
+- **listRepositories**: New `workspace` query parameter to filter repositories by workspace (when provided, only repos in that workspace are returned)
+- New audit log action types for OAuth refresh tokens and repository access rules:
+  - `CreateOauthRefreshToken` - Track OAuth refresh token creation
+  - `RotateOauthRefreshToken` - Track OAuth refresh token rotation
+  - `CreateRepoAccessRule` - Track repository access rule creation
+  - `UpdateRepoAccessRule` - Track repository access rule updates
+  - `DeleteRepoAccessRule` - Track repository access rule deletion
+
+### Changed
+
+- Synced OpenAPI type definitions with latest API specification
+
+## [3.3.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v3.3.1) - 2026-03-03
+
+### Changed
+
+- **createRepository**: Now requires `repoSlug` as second parameter with typed options including `workspace`, `visibility`, `homepage`, `archived`, `default_branch`, and `description`
+
+### Added
+
+- New API endpoints from OpenAPI sync: CSV/PDF export for full scans, delete triage alerts, new alert types
+
 ## [3.3.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v3.3.0) - 2026-01-25
 
 ### Added
@@ -313,6 +339,7 @@ The following methods mapped to deprecated `/report/*` backend endpoints and hav
 #### Method Renames (Following REST Conventions)
 
 **Full Scans (Modern API):**
+
 - `getOrgFullScanList()` → `listFullScans()` with `ListFullScansOptions`
 - `createOrgFullScan()` → `createFullScan()` with `CreateFullScanOptions`
 - `getOrgFullScanBuffered()` → `getFullScan()`
@@ -321,9 +348,11 @@ The following methods mapped to deprecated `/report/*` backend endpoints and hav
 - `getOrgFullScanMetadata()` → `getFullScanMetadata()`
 
 **Organizations:**
+
 - `getOrganizations()` → `listOrganizations()`
 
 **Repositories:**
+
 - `getOrgRepoList()` → `listRepositories()` with `ListRepositoriesOptions`
 - `getOrgRepo()` → `getRepository()`
 - `createOrgRepo()` → `createRepository()`
@@ -342,27 +371,29 @@ Strict types now mark guaranteed API fields as required instead of optional, imp
 
 - File-upload methods automatically skip unreadable files with warnings instead of failing
 
-See [docs/migration-v3.md](./docs/migration-v3.md) and [docs/when-to-use-what.md](./docs/when-to-use-what.md) for migration guidance.
-
 ## [2.0.7](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.7) - 2025-10-22
 
 ### Changed
+
 - Sync with openapi definition
 
 ## [2.0.6](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.6) - 2025-10-22
 
 ### Fixed
+
 - TypeScript lint compliance for array type syntax in `SocketSdkArrayElement` type helper
 
 ## [2.0.5](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.5) - 2025-10-22
 
 ### Added
+
 - `SocketSdkData<T>` type helper for extracting data from SDK operation results
 - `SocketSdkArrayElement<T, K>` type helper for extracting array element types from SDK operations
 
 ## [2.0.4](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.4) - 2025-10-22
 
 ### Added
+
 - Support for `Retry-After` header in rate limit responses (HTTP 429)
   - Automatically respects server-specified retry delays
   - Parses both delay-seconds (numeric) and HTTP-date formats
@@ -371,16 +402,19 @@ See [docs/migration-v3.md](./docs/migration-v3.md) and [docs/when-to-use-what.md
 ## [2.0.3](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.3) - 2025-10-22
 
 ### Fixed
+
 - Improved TypeScript module resolution with explicit type exports instead of wildcard re-exports
 
 ## [2.0.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.2) - 2025-10-22
 
 ### Fixed
+
 - Ensured expected dist/ files are produced and refined package.json exports
 
 ## [2.0.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.1) - 2025-10-21
 
 ### Changed
+
 - Use `@socketsecurity/lib` under the hood
 - Synced OpenAPI type definitions with latest API specification
   - Added documentation for `scan_type` query parameter on manifest upload endpoint (used for categorizing multiple SBOM heads per repository branch)
@@ -389,6 +423,7 @@ See [docs/migration-v3.md](./docs/migration-v3.md) and [docs/when-to-use-what.md
 ## [2.0.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.0) - 2025-10-10
 
 ### Changed
+
 - **BREAKING**: Migrated to ESM-only module format
   - Package is now ESM-only (`"type": "module"` in package.json)
   - All output files use `.mjs` extension for JavaScript
@@ -399,43 +434,52 @@ See [docs/migration-v3.md](./docs/migration-v3.md) and [docs/when-to-use-what.md
 - Improved code splitting for better tree-shaking with ESM
 
 ### Removed
+
 - **BREAKING**: Removed CommonJS support and exports
 - Removed CommonJS-specific build configurations
 
 ### Migration Guide
+
 To migrate from v1.x to v2.0:
+
 1. Ensure your project supports ESM modules (Node.js 14+ with `"type": "module"` or `.mjs` extensions)
 2. Update imports from CommonJS `require()` to ESM `import` statements:
+
    ```javascript
    // Before (v1.x)
-   const { SocketSdk } = require('@socketsecurity/sdk');
+   const { SocketSdk } = require('@socketsecurity/sdk')
 
    // After (v2.0)
-   import { SocketSdk } from '@socketsecurity/sdk';
+   import { SocketSdk } from '@socketsecurity/sdk'
    ```
+
 3. If your project still requires CommonJS, consider staying on v1.x or using a transpiler
 
 ## [1.11.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.11.2) - 2025-10-07
 
 ### Fixed
+
 - Fixed typos in requirements.json
 - Updated @socketsecurity/registry to fix bugs related to inlined runtime-dependent expressions
 
 ## [1.11.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.11.1) - 2025-10-06
 
 ### Added
+
 - Performance optimizations with memoization for `normalizeBaseUrl` and quota utility functions
 - Performance tracking to HTTP client functions
 - Comprehensive error handling tests for SDK methods across organization, scanning, and batch APIs
 - Reusable assertion helpers for SDK tests
 
 ### Changed
+
 - Improved test coverage and reliability with additional test cases
 - Streamlined documentation (README, TESTING.md, QUOTA.md, EXAMPLES.md) for better clarity and discoverability
 
 ## [1.11.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.11.0) - 2025-10-04
 
 ### Added
+
 - Optional TTL caching for API responses with configurable cache duration
 - New `cache` option (default: false) to enable response caching
 - New `cacheTtl` option (default: 5 minutes) to customize cache duration
@@ -443,16 +487,19 @@ To migrate from v1.x to v2.0:
 ## [1.10.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.10.1) - 2025-10-04
 
 ### Added
+
 - Automatic retry with exponential backoff to all HTTP API calls for improved reliability on transient failures
 
 ## [1.10.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.10.0) - 2025-10-04
 
 ### Added
+
 - Added `PromiseQueue` utility for controlled concurrency in async operations
 - HTTP retry logic with exponential backoff for improved reliability on transient failures
 - Added option type interfaces: `CreateDependenciesSnapshotOptions`, `CreateOrgFullScanOptions`, `CreateScanFromFilepathsOptions`, `StreamOrgFullScanOptions`, `UploadManifestFilesOptions`
 
 ### Changed
+
 - **BREAKING**: Refactored SDK methods to use options objects instead of positional parameters for better API clarity:
   - `createDependenciesSnapshot(filepaths, options)` - replaced `repo` and `branch` positional parameters with options object
   - `createOrgFullScan(orgSlug, filepaths, options)` - replaced positional parameters with options object
@@ -465,6 +512,7 @@ To migrate from v1.x to v2.0:
 - Updated `@socketsecurity/registry` dependency to 1.4.0
 
 ### Fixed
+
 - Fixed import assertion syntax for JSON imports to use standard import syntax
 - Fixed HTTP retry test mocks to correctly match PUT method requests
 - Fixed critical issues in type handling and URL search parameter conversions
@@ -472,22 +520,26 @@ To migrate from v1.x to v2.0:
 ## [1.9.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.9.2) - 2025-10-04
 
 ### Changed
+
 - Improved TypeScript type definitions - All optional properties now include explicit `| undefined` type annotations for better type narrowing and null safety
 
 ## [1.9.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.9.1) - 2025-10-03
 
 ### Changed
+
 - Disabled TypeScript declaration map generation to reduce package size
 
 ## [1.9.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.9.0) - 2025-10-03
 
 ### Changed
+
 - **BREAKING**: Improved `SocketSdkResult` type compatibility - success and error results now have symmetric properties (`data`, `error`, `cause`) with explicit `undefined` types for better TypeScript narrowing
 - **BREAKING**: Removed `CResult` type (CLI-specific) in favor of SDK-appropriate `SocketSdkGenericResult` type for `getApi()` and `sendApi()` methods
 - Updated `getApi()` and `sendApi()` to use `SocketSdkGenericResult` with consistent HTTP status codes instead of CLI exit codes
 - All result types now use `success` discriminant with `status` (HTTP code), `data`, `error`, and `cause` properties on both branches
 
 ### Migration Guide
+
 - If using `getApi()` or `sendApi()` with `throws: false`, update from `CResult` to `SocketSdkGenericResult`
 - Change `.ok` checks to `.success`
 - Change `.code` to `.status` (now contains HTTP status code)
@@ -497,11 +549,13 @@ To migrate from v1.x to v2.0:
 ## [1.8.6](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.6) - 2025-10-02
 
 ### Changed
+
 - Reduced package size by excluding source map files (.js.map) from published package
 
 ## [1.8.5](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.5) - 2025-10-02
 
 ### Changed
+
 - Synced with OpenAPI definition
 - Added new `/openapi.json` endpoint for retrieving API specification in JSON format
 - Updated repo label filter descriptions to document empty string ("") usage for repositories with no labels
@@ -510,37 +564,44 @@ To migrate from v1.x to v2.0:
 ## [1.8.4](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.4) - 2025-10-01
 
 ### Fixed
+
 - Fixed registry constant import paths to use correct casing (SOCKET_PUBLIC_API_TOKEN, UNKNOWN_ERROR)
 
 ## [1.8.3](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.3) - 2025-09-30
 
 ### Changed
+
 - Synced with OpenAPI definition
 
 ## [1.8.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.2) - 2025-09-29
 
 ### Fixed
+
 - Fixed publishing workflow to ensure dist folder is built before npm publish
 - Changed prepublishOnly script to prevent accidental local publishing
 
 ## [1.8.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.1) - 2025-09-29
 
 ### Changed
+
 - Update test infrastructure and build configuration
 
 ## [1.8.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.0) - 2025-09-27
 
 ### Added
+
 - Quota utility functions for API cost management in `quota-utils.ts`
 - New exported functions: `checkQuota`, `formatQuotaReport`, `getEstimatedCost`, `getMethodCost`, `getQuotaSummary`, `isWithinQuota`
 - Example files demonstrating quota usage patterns
 
 ### Changed
+
 - Improved error handling for quota utilities
 
 ## [1.7.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.7.0) - 2025-09-26
 
 ### Added
+
 - `getApi` method for raw GET requests with configurable response handling
 - `sendApi` method for POST/PUT requests with JSON body support
 - `CResult` type pattern for non-throwing API operations
@@ -560,6 +621,7 @@ To migrate from v1.x to v2.0:
 - Additional coverage tests for invalid JSON line handling in NDJSON streams
 
 ### Changed
+
 - Improved error message formatting and JSON parsing error handling
 - Enhanced type safety with better generic constraints
 - Renamed option types to `GetOptions` and `SendOptions` for consistency
@@ -574,169 +636,203 @@ To migrate from v1.x to v2.0:
 ## [1.6.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.6.1) - 2025-09-24
 
 ### Changed
+
 - Updated to use trusted publisher for npm package provenance
 
 ## [1.6.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.6.0) - 2025-09-24
 
 ### Changed
+
 - **BREAKING:** Converted to single CommonJS export type, removing dual ESM/CJS support
 
 ## [1.5.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.5.1) - 2025-09-24
 
 ### Fixed
+
 - Added missing setup-script to provenance workflow
 
 ## [1.5.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.5.0) - 2025-09-23
 
 ### Added
+
 - `getOrgFullScanBuffered` method for buffered full scan retrieval
 
 ### Changed
+
 - **BREAKING:** Renamed `getOrgFullScan` to `streamOrgFullScan` for clarity
 
 ### Fixed
+
 - Added missing `getResponseJson` call to `createScanFromFilepaths`
 - Improved handling of empty response bodies
 
 ## [1.4.93](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.93) - 2025-09-15
 
 ### Fixed
+
 - Fixed malformed part header issue for upload of manifest files
 
 ## [1.4.91](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.91) - 2025-09-11
 
 ### Changed
+
 - Improved URL handling
 
 ## [1.4.90](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.90) - 2025-09-11
 
 ### Fixed
+
 - Improved error handling
 
 ## [1.4.84](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.84) - 2025-09-03
 
 ### Added
+
 - Filter alerts by action
 
 ### Changed
+
 - Improved JSON parsing
 
 ## [1.4.82](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.82) - 2025-09-02
 
 ### Changed
+
 - Improved public policy handling
 
 ## [1.4.81](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.81) - 2025-09-02
 
 ### Added
+
 - Add public security policy support
 
 ## [1.4.79](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.79) - 2025-08-27
 
 ### Fixed
+
 - Fixed ESM module compatibility
 
 ## [1.4.77](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.77) - 2025-08-25
 
 ### Added
+
 - Add timeout option for API requests
 
 ## [1.4.73](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.73) - 2025-08-08
 
 ### Fixed
+
 - Fixed crates ecosystem support
 
 ## [1.4.72](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.72) - 2025-08-08
 
 ### Fixed
+
 - Fixed rubygems ecosystem support
 
 ## [1.4.71](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.71) - 2025-08-08
 
 ### Added
+
 - Support for crate and rubygem ecosystems
 
 ## [1.4.68](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.68) - 2025-08-02
 
 ### Changed
+
 - Improved type definitions
 - Memory usage optimizations
 
 ## [1.4.66](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.66) - 2025-07-29
 
 ### Fixed
+
 - Fixed file upload timing issue
 - Fixed multipart form data formatting
 
 ## [1.4.64](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.64) - 2025-07-22
 
 ### Changed
+
 - Improved method signatures
 
 ## [1.4.62](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.62) - 2025-07-21
 
 ### Fixed
+
 - Fixed query parameter handling for empty values
 
 ## [1.4.61](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.61) - 2025-07-21
 
 ### Changed
+
 - Improved query parameter normalization
 
 ## [1.4.60](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.60) - 2025-07-21
 
 ### Changed
+
 - Renamed result type for clarity
 
 ## [1.4.59](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.59) - 2025-07-20
 
 ### Added
+
 - Add alias types for improved developer experience
 
 ## [1.4.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.0) - 2025-05-01
 
 ### Added
+
 - Full scans feature support
 - Audit log and repos features
 - Organization security policy support (getOrgSecurityPolicy)
 
 ### Changed
+
 - Improved TypeScript type exports
 - Enhanced ESM and CJS dual package support
 
 ## [1.3.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.3.0) - 2025-03-01
 
 ### Added
+
 - Support for multiple ecosystem types
 - Enhanced error handling and reporting
 
 ### Changed
+
 - Improved API client architecture
 - Better TypeScript type definitions
 
 ## [1.2.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.2.0) - 2025-01-15
 
 ### Added
+
 - File upload support for manifest files
 - Request body creation for file paths
 
 ### Changed
+
 - Enhanced multipart form data handling
 - Improved streaming support
 
 ## [1.1.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.1.0) - 2024-11-01
 
 ### Added
+
 - Query parameter normalization
 - Enhanced search parameter handling
 
 ### Changed
+
 - Improved URL parsing and handling
 - Better error messages
 
 ## [1.0.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.0.0) - 2024-09-01
 
 ### Added
+
 - Initial release of Socket SDK for JavaScript
 - Full Socket API client implementation
 - TypeScript support with comprehensive type definitions

package/README.md

@@ -2,7 +2,7 @@
 
 [![Socket Badge](https://socket.dev/api/badge/npm/package/@socketsecurity/sdk)](https://socket.dev/npm/package/@socketsecurity/sdk)
 [![CI](https://github.com/SocketDev/socket-sdk-js/actions/workflows/ci.yml/badge.svg)](https://github.com/SocketDev/socket-sdk-js/actions/workflows/ci.yml)
-![Coverage](https://img.shields.io/badge/coverage-80%25-brightgreen)
+![Coverage](https://img.shields.io/badge/coverage-40%25-orange)
 
 [![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)
 [![Follow @socket.dev on Bluesky](https://img.shields.io/badge/Follow-@socket.dev-1DA1F2?style=social&logo=bluesky)](https://bsky.app/profile/socket.dev)
@@ -21,9 +21,9 @@ pnpm add @socketsecurity/sdk
 import { SocketSdk } from '@socketsecurity/sdk'
 
 const client = new SocketSdk('your-api-key', {
-  retries: 3,        // Retry failed requests up to 3 times
-  retryDelay: 1000,  // Start with 1s delay, exponential backoff
-  timeout: 30000,    // 30 second timeout
+  retries: 3, // Retry failed requests up to 3 times
+  retryDelay: 1000, // Start with 1s delay, exponential backoff
+  timeout: 30000, // 30 second timeout
 })
 
 // Check your quota
@@ -35,37 +35,24 @@ if (quota.success) {
 // Analyze a package
 const result = await client.getScoreByNpmPackage('express', '4.18.0')
 if (result.success) {
-  console.log(`Security Score: ${result.data.score}/100`)
+  console.log(`Dependency Score: ${result.data.depscore}`)
 }
 
 // Batch analyze multiple packages
 const batchResult = await client.batchPackageFetch({
   components: [
     { purl: 'pkg:npm/express@4.18.0' },
-    { purl: 'pkg:npm/react@18.0.0' }
-  ]
+    { purl: 'pkg:npm/react@18.0.0' },
+  ],
 })
 ```
 
 ## Documentation
 
-| Guide | Description |
-|-------|-------------|
-| **[Getting Started](./docs/getting-started.md)** | Quick start for contributors (5 min setup) |
-| **[API Reference](./docs/api-reference.md)** | Complete API method documentation |
-| **[Usage Examples](./docs/usage-examples.md)** | Real-world patterns and code samples |
+| Guide                                              | Description                         |
+| -------------------------------------------------- | ----------------------------------- |
+| **[API Reference](./docs/api-reference.md)**       | Complete API method documentation   |
 | **[Quota Management](./docs/quota-management.md)** | Cost tiers (0/10/100) and utilities |
-| **[Testing Guide](./docs/dev/testing.md)** | Test helpers, fixtures, and patterns |
-| **[Method Reference](./docs/when-to-use-what.md)** | Quick method selection guide |
-
-## Examples
-
-See **[usage-examples.md](./docs/usage-examples.md)** for complete examples including:
-- Package security analysis
-- Batch operations
-- Full scans with SBOM
-- Policy management
-- Quota planning
 
 ## License
 

package/data/api-method-quota-and-permissions.json

@@ -12,6 +12,10 @@
       "quota": 100,
       "permissions": ["report:write"]
     },
+    "createFullScan": {
+      "quota": 0,
+      "permissions": ["full-scans:create"]
+    },
     "createOrgFullScan": {
       "quota": 0,
       "permissions": ["full-scans:create"]
@@ -227,6 +231,22 @@
     "sendApi": {
       "quota": 0,
       "permissions": []
+    },
+    "batchOrgPackageFetch": {
+      "quota": 100,
+      "permissions": ["packages:list"]
+    },
+    "exportOpenVEX": {
+      "quota": 0,
+      "permissions": ["report:read"]
+    },
+    "getOrgAlertFullScans": {
+      "quota": 10,
+      "permissions": ["alerts:list"]
+    },
+    "rescanFullScan": {
+      "quota": 0,
+      "permissions": ["full-scans:create"]
     }
   }
 }

package/dist/constants.d.ts

@@ -13,4 +13,4 @@ export declare const MAX_RESPONSE_SIZE: number;
 export declare const MAX_STREAM_SIZE: number;
 export declare const SOCKET_PUBLIC_BLOB_STORE_URL = "https://socketusercontent.com";
 export declare const httpAgentNames: Set<string>;
-export declare const publicPolicy: Map<"ambiguousClassifier" | "badEncoding" | "badSemver" | "badSemverDependency" | "bidi" | "binScriptConfusion" | "chromeContentScript" | "chromeHostPermission" | "chromePermission" | "chromeWildcardHostPermission" | "chronoAnomaly" | "compromisedSSHKey" | "copyleftLicense" | "criticalCVE" | "cve" | "debugAccess" | "deprecated" | "deprecatedException" | "deprecatedLicense" | "didYouMean" | "dynamicRequire" | "emptyPackage" | "envVars" | "explicitlyUnlicensedItem" | "extraneousDependency" | "fileDependency" | "filesystemAccess" | "floatingDependency" | "generic" | "ghaArgToEnv" | "ghaArgToOutput" | "ghaArgToSink" | "ghaContextToEnv" | "ghaContextToOutput" | "ghaContextToSink" | "ghaEnvToSink" | "gitDependency" | "gitHubDependency" | "gptAnomaly" | "gptDidYouMean" | "gptMalware" | "gptSecurity" | "hasNativeCode" | "highEntropyStrings" | "homoglyphs" | "httpDependency" | "installScripts" | "invalidPackageJSON" | "invisibleChars" | "licenseChange" | "licenseException" | "licenseSpdxDisj" | "longStrings" | "majorRefactor" | "malware" | "manifestConfusion" | "mediumCVE" | "mildCVE" | "minifiedFile" | "miscLicenseIssues" | "missingAuthor" | "missingDependency" | "missingLicense" | "missingTarball" | "mixedLicense" | "modifiedException" | "modifiedLicense" | "networkAccess" | "newAuthor" | "noAuthorData" | "noBugTracker" | "noLicenseFound" | "noREADME" | "noRepository" | "noTests" | "noV1" | "noWebsite" | "nonOSILicense" | "nonSPDXLicense" | "nonpermissiveLicense" | "notice" | "obfuscatedFile" | "obfuscatedRequire" | "peerDependency" | "potentialVulnerability" | "recentlyPublished" | "semverAnomaly" | "shellAccess" | "shellScriptOverride" | "shrinkwrap" | "socketUpgradeAvailable" | "suspiciousStarActivity" | "suspiciousString" | "telemetry" | "tooManyFiles" | "trivialPackage" | "troll" | "typeModuleCompatibility" | "uncaughtOptionalDependency" | "unclearLicense" | "unidentifiedLicense" | "unmaintained" | "unpopularPackage" | "unpublished" | "unresolvedRequire" | "unsafeCopyright" | "unstableOwnership" | "unusedDependency" | "urlStrings" | "usesEval" | "vsxActivationWildcard" | "vsxDebuggerContribution" | "vsxExtensionDependency" | "vsxExtensionPack" | "vsxProposedApiUsage" | "vsxUntrustedWorkspaceSupported" | "vsxVirtualWorkspaceSupported" | "vsxWebviewContribution" | "vsxWorkspaceContainsActivation" | "zeroWidth", ALERT_ACTION>;
+export declare const publicPolicy: Map<"ambiguousClassifier" | "badEncoding" | "badSemver" | "badSemverDependency" | "bidi" | "binScriptConfusion" | "chromeContentScript" | "chromeHostPermission" | "chromePermission" | "chromeWildcardHostPermission" | "chronoAnomaly" | "compromisedSSHKey" | "copyleftLicense" | "criticalCVE" | "cve" | "debugAccess" | "deprecated" | "deprecatedException" | "deprecatedLicense" | "didYouMean" | "dynamicRequire" | "emptyPackage" | "envVars" | "explicitlyUnlicensedItem" | "extraneousDependency" | "fileDependency" | "filesystemAccess" | "floatingDependency" | "generic" | "ghaArgToEnv" | "ghaArgToOutput" | "ghaArgToSink" | "ghaContextToEnv" | "ghaContextToOutput" | "ghaContextToSink" | "ghaEnvToSink" | "gitDependency" | "gitHubDependency" | "gptAnomaly" | "gptDidYouMean" | "gptMalware" | "gptSecurity" | "hasNativeCode" | "highEntropyStrings" | "homoglyphs" | "httpDependency" | "installScripts" | "invalidPackageJSON" | "invisibleChars" | "licenseChange" | "licenseException" | "licenseSpdxDisj" | "longStrings" | "majorRefactor" | "malware" | "manifestConfusion" | "mediumCVE" | "mildCVE" | "minifiedFile" | "miscLicenseIssues" | "missingAuthor" | "missingDependency" | "missingLicense" | "missingTarball" | "mixedLicense" | "modifiedException" | "modifiedLicense" | "networkAccess" | "newAuthor" | "noAuthorData" | "noBugTracker" | "noLicenseFound" | "noREADME" | "noRepository" | "noTests" | "noV1" | "noWebsite" | "nonOSILicense" | "nonSPDXLicense" | "nonpermissiveLicense" | "notice" | "obfuscatedFile" | "obfuscatedRequire" | "peerDependency" | "potentialVulnerability" | "recentlyPublished" | "semverAnomaly" | "shellAccess" | "shellScriptOverride" | "shrinkwrap" | "skillAutonomyAbuse" | "skillCommandInjection" | "skillDataExfiltration" | "skillDiscoveryAbuse" | "skillHardcodedSecrets" | "skillObfuscation" | "skillPromptInjection" | "skillResourceAbuse" | "skillSupplyChain" | "skillToolAbuse" | "skillToolChaining" | "skillTransitiveTrust" | "socketUpgradeAvailable" | "suspiciousStarActivity" | "suspiciousString" | "telemetry" | "tooManyFiles" | "trivialPackage" | "troll" | "typeModuleCompatibility" | "uncaughtOptionalDependency" | "unclearLicense" | "unidentifiedLicense" | "unmaintained" | "unpopularPackage" | "unpublished" | "unresolvedRequire" | "unsafeCopyright" | "unstableOwnership" | "unusedDependency" | "urlStrings" | "usesEval" | "vsxActivationWildcard" | "vsxDebuggerContribution" | "vsxExtensionDependency" | "vsxExtensionPack" | "vsxProposedApiUsage" | "vsxUntrustedWorkspaceSupported" | "vsxVirtualWorkspaceSupported" | "vsxWebviewContribution" | "vsxWorkspaceContainsActivation" | "zeroWidth", ALERT_ACTION>;

package/dist/http-client.d.ts

@@ -16,11 +16,12 @@ import type { ClientRequest, IncomingMessage } from 'node:http';
  */
 export declare class ResponseError extends Error {
     response: IncomingMessage;
+    url?: string | undefined;
     /**
      * Create a new ResponseError from an HTTP response.
      * Automatically formats error message with status code and message.
      */
-    constructor(response: IncomingMessage, message?: string);
+    constructor(response: IncomingMessage, message?: string, url?: string | undefined);
 }
 /**
  * Create and execute an HTTP DELETE request.
@@ -74,7 +75,7 @@ export declare function getResponse(req: ClientRequest): Promise<IncomingMessage
  * @throws {ResponseError} When response has non-2xx status code
  * @throws {SyntaxError} When response body contains invalid JSON
  */
-export declare function getResponseJson(response: IncomingMessage, method?: string | undefined): Promise<JsonValue | undefined>;
+export declare function getResponseJson(response: IncomingMessage, method?: string | undefined, url?: string | undefined): Promise<JsonValue | undefined>;
 /**
  * Create DELETE request with automatic retry logic.
  * Retries on network errors and 5xx responses.

package/dist/index.d.ts

@@ -9,7 +9,7 @@ export { createDeleteRequest, createGetRequest, createRequestWithJson, getErrorR
 export { calculateTotalQuotaCost, getAllMethodRequirements, getMethodRequirements, getMethodsByPermissions, getMethodsByQuotaCost, getQuotaCost, getQuotaUsageSummary, getRequiredPermissions, hasQuotaForMethods, } from './quota-utils';
 export { SocketSdk } from './socket-sdk-class';
 export type { ALERT_ACTION, ALERT_TYPE, Agent, ArtifactPatches, BatchPackageFetchResultType, BatchPackageStreamOptions, CompactSocketArtifact, CompactSocketArtifactAlert, CreateDependenciesSnapshotOptions, CreateOrgFullScanOptions, CreateScanFromFilepathsOptions, CustomResponseType, Entitlement, EntitlementsResponse, FileValidationCallback, FileValidationResult, GetOptions, GotOptions, HeadersRecord, PatchFile, PatchRecord, PatchViewResponse, TelemetryConfig, PostOrgTelemetryPayload, PostOrgTelemetryResponse, QueryParams, RequestInfo, RequestOptions, RequestOptionsWithHooks, ResponseInfo, SecurityAlert, SendMethod, SendOptions, SocketArtifact, SocketArtifactAlert, SocketArtifactWithExtras, SocketId, SocketMetricSchema, SocketSdkArrayElement, SocketSdkData, SocketSdkErrorResult, SocketSdkGenericResult, SocketSdkOperations, SocketSdkOptions, SocketSdkResult, SocketSdkSuccessResult, StreamOrgFullScanOptions, UploadManifestFilesError, UploadManifestFilesOptions, UploadManifestFilesResponse, UploadManifestFilesReturnType, Vulnerability, } from './types';
-export type { CreateFullScanOptions, DeleteRepositoryLabelResult, DeleteResult, FullScanItem, FullScanListData, FullScanListResult, FullScanResult, GetRepositoryOptions, ListFullScansOptions, ListRepositoriesOptions, OrganizationItem, OrganizationsResult, RepositoriesListData, RepositoriesListResult, RepositoryItem, RepositoryLabelItem, RepositoryLabelResult, RepositoryLabelsListData, RepositoryLabelsListResult, RepositoryResult, StreamFullScanOptions, StrictErrorResult, StrictResult, } from './types-strict';
+export type { CreateFullScanOptions, DeleteRepositoryLabelResult, DeleteResult, FullScanItem, FullScanListData, FullScanListResult, FullScanResult, GetRepositoryOptions, ListFullScansOptions, ListRepositoriesOptions, OrganizationItem, OrganizationsResult, RepositoriesListData, RepositoriesListResult, RepositoryItem, RepositoryLabelItem, RepositoryLabelResult, RepositoryLabelsListData, RepositoryLabelsListResult, RepositoryListItem, RepositoryResult, StreamFullScanOptions, StrictErrorResult, StrictResult, } from './types-strict';
 export { createUserAgentFromPkgJson } from './user-agent';
 export { calculateWordSetSimilarity, filterRedundantCause, normalizeBaseUrl, promiseWithResolvers, queryToSearchParams, resolveAbsPaths, resolveBasePath, shouldOmitReason, };
 export { DEFAULT_USER_AGENT, httpAgentNames, publicPolicy };