@socketsecurity/sdk 3.3.1 → 3.4.1

package/CHANGELOG.md

@@ -4,6 +4,30 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [3.4.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v3.4.1) - 2026-03-12
+
+### Changed
+
+- Synced OpenAPI type definitions with latest API specification
+  - Improved documentation for Org Triage API query parameters and request fields
+- Updated `@socketsecurity/lib` to v5.8.1
+
+## [3.4.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v3.4.0) - 2026-03-11
+
+### Added
+
+- **listRepositories**: New `workspace` query parameter to filter repositories by workspace (when provided, only repos in that workspace are returned)
+- New audit log action types for OAuth refresh tokens and repository access rules:
+  - `CreateOauthRefreshToken` - Track OAuth refresh token creation
+  - `RotateOauthRefreshToken` - Track OAuth refresh token rotation
+  - `CreateRepoAccessRule` - Track repository access rule creation
+  - `UpdateRepoAccessRule` - Track repository access rule updates
+  - `DeleteRepoAccessRule` - Track repository access rule deletion
+
+### Changed
+
+- Synced OpenAPI type definitions with latest API specification
+
 ## [3.3.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v3.3.1) - 2026-03-03
 
 ### Changed
@@ -323,6 +347,7 @@ The following methods mapped to deprecated `/report/*` backend endpoints and hav
 #### Method Renames (Following REST Conventions)
 
 **Full Scans (Modern API):**
+
 - `getOrgFullScanList()` → `listFullScans()` with `ListFullScansOptions`
 - `createOrgFullScan()` → `createFullScan()` with `CreateFullScanOptions`
 - `getOrgFullScanBuffered()` → `getFullScan()`
@@ -331,9 +356,11 @@ The following methods mapped to deprecated `/report/*` backend endpoints and hav
 - `getOrgFullScanMetadata()` → `getFullScanMetadata()`
 
 **Organizations:**
+
 - `getOrganizations()` → `listOrganizations()`
 
 **Repositories:**
+
 - `getOrgRepoList()` → `listRepositories()` with `ListRepositoriesOptions`
 - `getOrgRepo()` → `getRepository()`
 - `createOrgRepo()` → `createRepository()`
@@ -355,22 +382,26 @@ Strict types now mark guaranteed API fields as required instead of optional, imp
 ## [2.0.7](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.7) - 2025-10-22
 
 ### Changed
+
 - Sync with openapi definition
 
 ## [2.0.6](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.6) - 2025-10-22
 
 ### Fixed
+
 - TypeScript lint compliance for array type syntax in `SocketSdkArrayElement` type helper
 
 ## [2.0.5](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.5) - 2025-10-22
 
 ### Added
+
 - `SocketSdkData<T>` type helper for extracting data from SDK operation results
 - `SocketSdkArrayElement<T, K>` type helper for extracting array element types from SDK operations
 
 ## [2.0.4](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.4) - 2025-10-22
 
 ### Added
+
 - Support for `Retry-After` header in rate limit responses (HTTP 429)
   - Automatically respects server-specified retry delays
   - Parses both delay-seconds (numeric) and HTTP-date formats
@@ -379,16 +410,19 @@ Strict types now mark guaranteed API fields as required instead of optional, imp
 ## [2.0.3](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.3) - 2025-10-22
 
 ### Fixed
+
 - Improved TypeScript module resolution with explicit type exports instead of wildcard re-exports
 
 ## [2.0.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.2) - 2025-10-22
 
 ### Fixed
+
 - Ensured expected dist/ files are produced and refined package.json exports
 
 ## [2.0.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.1) - 2025-10-21
 
 ### Changed
+
 - Use `@socketsecurity/lib` under the hood
 - Synced OpenAPI type definitions with latest API specification
   - Added documentation for `scan_type` query parameter on manifest upload endpoint (used for categorizing multiple SBOM heads per repository branch)
@@ -397,6 +431,7 @@ Strict types now mark guaranteed API fields as required instead of optional, imp
 ## [2.0.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v2.0.0) - 2025-10-10
 
 ### Changed
+
 - **BREAKING**: Migrated to ESM-only module format
   - Package is now ESM-only (`"type": "module"` in package.json)
   - All output files use `.mjs` extension for JavaScript
@@ -407,43 +442,52 @@ Strict types now mark guaranteed API fields as required instead of optional, imp
 - Improved code splitting for better tree-shaking with ESM
 
 ### Removed
+
 - **BREAKING**: Removed CommonJS support and exports
 - Removed CommonJS-specific build configurations
 
 ### Migration Guide
+
 To migrate from v1.x to v2.0:
+
 1. Ensure your project supports ESM modules (Node.js 14+ with `"type": "module"` or `.mjs` extensions)
 2. Update imports from CommonJS `require()` to ESM `import` statements:
+
    ```javascript
    // Before (v1.x)
-   const { SocketSdk } = require('@socketsecurity/sdk');
+   const { SocketSdk } = require('@socketsecurity/sdk')
 
    // After (v2.0)
-   import { SocketSdk } from '@socketsecurity/sdk';
+   import { SocketSdk } from '@socketsecurity/sdk'
    ```
+
 3. If your project still requires CommonJS, consider staying on v1.x or using a transpiler
 
 ## [1.11.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.11.2) - 2025-10-07
 
 ### Fixed
+
 - Fixed typos in requirements.json
 - Updated @socketsecurity/registry to fix bugs related to inlined runtime-dependent expressions
 
 ## [1.11.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.11.1) - 2025-10-06
 
 ### Added
+
 - Performance optimizations with memoization for `normalizeBaseUrl` and quota utility functions
 - Performance tracking to HTTP client functions
 - Comprehensive error handling tests for SDK methods across organization, scanning, and batch APIs
 - Reusable assertion helpers for SDK tests
 
 ### Changed
+
 - Improved test coverage and reliability with additional test cases
 - Streamlined documentation (README, TESTING.md, QUOTA.md, EXAMPLES.md) for better clarity and discoverability
 
 ## [1.11.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.11.0) - 2025-10-04
 
 ### Added
+
 - Optional TTL caching for API responses with configurable cache duration
 - New `cache` option (default: false) to enable response caching
 - New `cacheTtl` option (default: 5 minutes) to customize cache duration
@@ -451,16 +495,19 @@ To migrate from v1.x to v2.0:
 ## [1.10.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.10.1) - 2025-10-04
 
 ### Added
+
 - Automatic retry with exponential backoff to all HTTP API calls for improved reliability on transient failures
 
 ## [1.10.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.10.0) - 2025-10-04
 
 ### Added
+
 - Added `PromiseQueue` utility for controlled concurrency in async operations
 - HTTP retry logic with exponential backoff for improved reliability on transient failures
 - Added option type interfaces: `CreateDependenciesSnapshotOptions`, `CreateOrgFullScanOptions`, `CreateScanFromFilepathsOptions`, `StreamOrgFullScanOptions`, `UploadManifestFilesOptions`
 
 ### Changed
+
 - **BREAKING**: Refactored SDK methods to use options objects instead of positional parameters for better API clarity:
   - `createDependenciesSnapshot(filepaths, options)` - replaced `repo` and `branch` positional parameters with options object
   - `createOrgFullScan(orgSlug, filepaths, options)` - replaced positional parameters with options object
@@ -473,6 +520,7 @@ To migrate from v1.x to v2.0:
 - Updated `@socketsecurity/registry` dependency to 1.4.0
 
 ### Fixed
+
 - Fixed import assertion syntax for JSON imports to use standard import syntax
 - Fixed HTTP retry test mocks to correctly match PUT method requests
 - Fixed critical issues in type handling and URL search parameter conversions
@@ -480,22 +528,26 @@ To migrate from v1.x to v2.0:
 ## [1.9.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.9.2) - 2025-10-04
 
 ### Changed
+
 - Improved TypeScript type definitions - All optional properties now include explicit `| undefined` type annotations for better type narrowing and null safety
 
 ## [1.9.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.9.1) - 2025-10-03
 
 ### Changed
+
 - Disabled TypeScript declaration map generation to reduce package size
 
 ## [1.9.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.9.0) - 2025-10-03
 
 ### Changed
+
 - **BREAKING**: Improved `SocketSdkResult` type compatibility - success and error results now have symmetric properties (`data`, `error`, `cause`) with explicit `undefined` types for better TypeScript narrowing
 - **BREAKING**: Removed `CResult` type (CLI-specific) in favor of SDK-appropriate `SocketSdkGenericResult` type for `getApi()` and `sendApi()` methods
 - Updated `getApi()` and `sendApi()` to use `SocketSdkGenericResult` with consistent HTTP status codes instead of CLI exit codes
 - All result types now use `success` discriminant with `status` (HTTP code), `data`, `error`, and `cause` properties on both branches
 
 ### Migration Guide
+
 - If using `getApi()` or `sendApi()` with `throws: false`, update from `CResult` to `SocketSdkGenericResult`
 - Change `.ok` checks to `.success`
 - Change `.code` to `.status` (now contains HTTP status code)
@@ -505,11 +557,13 @@ To migrate from v1.x to v2.0:
 ## [1.8.6](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.6) - 2025-10-02
 
 ### Changed
+
 - Reduced package size by excluding source map files (.js.map) from published package
 
 ## [1.8.5](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.5) - 2025-10-02
 
 ### Changed
+
 - Synced with OpenAPI definition
 - Added new `/openapi.json` endpoint for retrieving API specification in JSON format
 - Updated repo label filter descriptions to document empty string ("") usage for repositories with no labels
@@ -518,37 +572,44 @@ To migrate from v1.x to v2.0:
 ## [1.8.4](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.4) - 2025-10-01
 
 ### Fixed
+
 - Fixed registry constant import paths to use correct casing (SOCKET_PUBLIC_API_TOKEN, UNKNOWN_ERROR)
 
 ## [1.8.3](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.3) - 2025-09-30
 
 ### Changed
+
 - Synced with OpenAPI definition
 
 ## [1.8.2](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.2) - 2025-09-29
 
 ### Fixed
+
 - Fixed publishing workflow to ensure dist folder is built before npm publish
 - Changed prepublishOnly script to prevent accidental local publishing
 
 ## [1.8.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.1) - 2025-09-29
 
 ### Changed
+
 - Update test infrastructure and build configuration
 
 ## [1.8.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.8.0) - 2025-09-27
 
 ### Added
+
 - Quota utility functions for API cost management in `quota-utils.ts`
 - New exported functions: `checkQuota`, `formatQuotaReport`, `getEstimatedCost`, `getMethodCost`, `getQuotaSummary`, `isWithinQuota`
 - Example files demonstrating quota usage patterns
 
 ### Changed
+
 - Improved error handling for quota utilities
 
 ## [1.7.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.7.0) - 2025-09-26
 
 ### Added
+
 - `getApi` method for raw GET requests with configurable response handling
 - `sendApi` method for POST/PUT requests with JSON body support
 - `CResult` type pattern for non-throwing API operations
@@ -568,6 +629,7 @@ To migrate from v1.x to v2.0:
 - Additional coverage tests for invalid JSON line handling in NDJSON streams
 
 ### Changed
+
 - Improved error message formatting and JSON parsing error handling
 - Enhanced type safety with better generic constraints
 - Renamed option types to `GetOptions` and `SendOptions` for consistency
@@ -582,169 +644,203 @@ To migrate from v1.x to v2.0:
 ## [1.6.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.6.1) - 2025-09-24
 
 ### Changed
+
 - Updated to use trusted publisher for npm package provenance
 
 ## [1.6.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.6.0) - 2025-09-24
 
 ### Changed
+
 - **BREAKING:** Converted to single CommonJS export type, removing dual ESM/CJS support
 
 ## [1.5.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.5.1) - 2025-09-24
 
 ### Fixed
+
 - Added missing setup-script to provenance workflow
 
 ## [1.5.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.5.0) - 2025-09-23
 
 ### Added
+
 - `getOrgFullScanBuffered` method for buffered full scan retrieval
 
 ### Changed
+
 - **BREAKING:** Renamed `getOrgFullScan` to `streamOrgFullScan` for clarity
 
 ### Fixed
+
 - Added missing `getResponseJson` call to `createScanFromFilepaths`
 - Improved handling of empty response bodies
 
 ## [1.4.93](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.93) - 2025-09-15
 
 ### Fixed
+
 - Fixed malformed part header issue for upload of manifest files
 
 ## [1.4.91](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.91) - 2025-09-11
 
 ### Changed
+
 - Improved URL handling
 
 ## [1.4.90](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.90) - 2025-09-11
 
 ### Fixed
+
 - Improved error handling
 
 ## [1.4.84](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.84) - 2025-09-03
 
 ### Added
+
 - Filter alerts by action
 
 ### Changed
+
 - Improved JSON parsing
 
 ## [1.4.82](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.82) - 2025-09-02
 
 ### Changed
+
 - Improved public policy handling
 
 ## [1.4.81](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.81) - 2025-09-02
 
 ### Added
+
 - Add public security policy support
 
 ## [1.4.79](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.79) - 2025-08-27
 
 ### Fixed
+
 - Fixed ESM module compatibility
 
 ## [1.4.77](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.77) - 2025-08-25
 
 ### Added
+
 - Add timeout option for API requests
 
 ## [1.4.73](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.73) - 2025-08-08
 
 ### Fixed
+
 - Fixed crates ecosystem support
 
 ## [1.4.72](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.72) - 2025-08-08
 
 ### Fixed
+
 - Fixed rubygems ecosystem support
 
 ## [1.4.71](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.71) - 2025-08-08
 
 ### Added
+
 - Support for crate and rubygem ecosystems
 
 ## [1.4.68](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.68) - 2025-08-02
 
 ### Changed
+
 - Improved type definitions
 - Memory usage optimizations
 
 ## [1.4.66](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.66) - 2025-07-29
 
 ### Fixed
+
 - Fixed file upload timing issue
 - Fixed multipart form data formatting
 
 ## [1.4.64](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.64) - 2025-07-22
 
 ### Changed
+
 - Improved method signatures
 
 ## [1.4.62](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.62) - 2025-07-21
 
 ### Fixed
+
 - Fixed query parameter handling for empty values
 
 ## [1.4.61](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.61) - 2025-07-21
 
 ### Changed
+
 - Improved query parameter normalization
 
 ## [1.4.60](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.60) - 2025-07-21
 
 ### Changed
+
 - Renamed result type for clarity
 
 ## [1.4.59](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.59) - 2025-07-20
 
 ### Added
+
 - Add alias types for improved developer experience
 
 ## [1.4.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.4.0) - 2025-05-01
 
 ### Added
+
 - Full scans feature support
 - Audit log and repos features
 - Organization security policy support (getOrgSecurityPolicy)
 
 ### Changed
+
 - Improved TypeScript type exports
 - Enhanced ESM and CJS dual package support
 
 ## [1.3.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.3.0) - 2025-03-01
 
 ### Added
+
 - Support for multiple ecosystem types
 - Enhanced error handling and reporting
 
 ### Changed
+
 - Improved API client architecture
 - Better TypeScript type definitions
 
 ## [1.2.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.2.0) - 2025-01-15
 
 ### Added
+
 - File upload support for manifest files
 - Request body creation for file paths
 
 ### Changed
+
 - Enhanced multipart form data handling
 - Improved streaming support
 
 ## [1.1.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.1.0) - 2024-11-01
 
 ### Added
+
 - Query parameter normalization
 - Enhanced search parameter handling
 
 ### Changed
+
 - Improved URL parsing and handling
 - Better error messages
 
 ## [1.0.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v1.0.0) - 2024-09-01
 
 ### Added
+
 - Initial release of Socket SDK for JavaScript
 - Full Socket API client implementation
 - TypeScript support with comprehensive type definitions

package/README.md

@@ -21,9 +21,9 @@ pnpm add @socketsecurity/sdk
 import { SocketSdk } from '@socketsecurity/sdk'
 
 const client = new SocketSdk('your-api-key', {
-  retries: 3,        // Retry failed requests up to 3 times
-  retryDelay: 1000,  // Start with 1s delay, exponential backoff
-  timeout: 30000,    // 30 second timeout
+  retries: 3, // Retry failed requests up to 3 times
+  retryDelay: 1000, // Start with 1s delay, exponential backoff
+  timeout: 30000, // 30 second timeout
 })
 
 // Check your quota
@@ -42,16 +42,16 @@ if (result.success) {
 const batchResult = await client.batchPackageFetch({
   components: [
     { purl: 'pkg:npm/express@4.18.0' },
-    { purl: 'pkg:npm/react@18.0.0' }
-  ]
+    { purl: 'pkg:npm/react@18.0.0' },
+  ],
 })
 ```
 
 ## Documentation
 
-| Guide | Description |
-|-------|-------------|
-| **[API Reference](./docs/api-reference.md)** | Complete API method documentation |
+| Guide                                              | Description                         |
+| -------------------------------------------------- | ----------------------------------- |
+| **[API Reference](./docs/api-reference.md)**       | Complete API method documentation   |
 | **[Quota Management](./docs/quota-management.md)** | Cost tiers (0/10/100) and utilities |
 
 ## License

package/dist/index.js

@@ -71,20 +71,26 @@ module.exports = __toCommonJS(index_exports);
 // package.json
 var package_default = {
   name: "@socketsecurity/sdk",
-  version: "3.3.1",
-  packageManager: "pnpm@10.30.3",
-  license: "MIT",
+  version: "3.4.1",
   description: "SDK for the Socket API client",
+  homepage: "https://github.com/SocketDev/socket-sdk-js",
+  license: "MIT",
   author: {
     name: "Socket Inc",
     email: "eng@socket.dev",
     url: "https://socket.dev"
   },
-  homepage: "https://github.com/SocketDev/socket-sdk-js",
   repository: {
     type: "git",
     url: "git://github.com/SocketDev/socket-sdk-js.git"
   },
+  files: [
+    "CHANGELOG.md",
+    "data/*.json",
+    "dist/*.d.ts",
+    "dist/*.js",
+    "types/*.d.ts"
+  ],
   main: "./dist/index.js",
   types: "./dist/index.d.ts",
   exports: {
@@ -113,6 +119,8 @@ var package_default = {
     clean: "node scripts/clean.mjs",
     cover: "node scripts/cover.mjs",
     fix: "node scripts/lint.mjs --fix",
+    format: "oxfmt .",
+    "format:check": "oxfmt --check .",
     "generate-sdk": "node scripts/generate-sdk.mjs",
     lint: "node scripts/lint.mjs",
     precommit: "pnpm run check --lint --staged",
@@ -120,7 +128,7 @@ var package_default = {
     "ci:validate": "node scripts/ci-validate.mjs",
     prepublishOnly: "echo 'ERROR: Use GitHub Actions workflow for publishing' && exit 1",
     publish: "node scripts/publish.mjs",
-    "publish:ci": "node scripts/publish.mjs --skip-git --skip-build --tag ${DIST_TAG:-latest}",
+    "publish:ci": "node scripts/publish.mjs --tag ${DIST_TAG:-latest}",
     claude: "node scripts/claude.mjs",
     test: "node scripts/test.mjs",
     type: "tsgo --noEmit -p .config/tsconfig.check.json",
@@ -128,7 +136,7 @@ var package_default = {
   },
   dependencies: {
     "@socketregistry/packageurl-js": "1.3.5",
-    "@socketsecurity/lib": "5.7.0",
+    "@socketsecurity/lib": "5.8.1",
     "form-data": "4.0.5"
   },
   devDependencies: {
@@ -136,10 +144,8 @@ var package_default = {
     "@babel/parser": "7.26.3",
     "@babel/traverse": "7.26.4",
     "@babel/types": "7.26.3",
-    "@biomejs/biome": "2.2.4",
-    "@dotenvx/dotenvx": "^1.52.0",
-    "@eslint/compat": "1.3.2",
-    "@eslint/js": "9.35.0",
+    "@dotenvx/dotenvx": "1.54.1",
+    "@oxlint/migrate": "1.52.0",
     "@sveltejs/acorn-typescript": "1.0.8",
     "@types/babel__traverse": "7.28.0",
     "@types/node": "24.9.2",
@@ -149,26 +155,35 @@ var package_default = {
     del: "8.0.1",
     "dev-null-cli": "2.0.0",
     esbuild: "0.25.11",
-    eslint: "9.35.0",
-    "eslint-import-resolver-typescript": "4.4.4",
-    "eslint-plugin-import-x": "4.16.1",
-    "eslint-plugin-jsdoc": "57.0.8",
-    "eslint-plugin-n": "17.23.1",
-    "eslint-plugin-sort-destructure-keys": "2.0.0",
-    "eslint-plugin-unicorn": "56.0.1",
     "fast-glob": "3.3.3",
-    globals: "16.4.0",
     "http2-wrapper": "2.2.1",
     husky: "9.1.7",
     "magic-string": "0.30.14",
     nock: "14.0.10",
     "openapi-typescript": "6.7.6",
+    oxfmt: "0.37.0",
+    oxlint: "1.52.0",
     semver: "7.7.2",
     taze: "19.9.2",
     "type-coverage": "2.29.7",
-    "typescript-eslint": "8.44.1",
     vitest: "4.0.3"
   },
+  typeCoverage: {
+    atLeast: 99,
+    cache: true,
+    "ignore-files": "test/*",
+    "ignore-non-null-assertion": true,
+    "ignore-type-assertion": true,
+    ignoreAsAssertion: true,
+    ignoreCatch: true,
+    ignoreEmptyType: true,
+    strict: true
+  },
+  engines: {
+    node: ">=18",
+    pnpm: ">=10.25.0"
+  },
+  packageManager: "pnpm@10.32.1",
   pnpm: {
     ignoredBuiltDependencies: [
       "esbuild",
@@ -177,28 +192,6 @@ var package_default = {
     overrides: {
       vite: "7.1.12"
     }
-  },
-  engines: {
-    node: ">=18",
-    pnpm: ">=10.25.0"
-  },
-  files: [
-    "CHANGELOG.md",
-    "data/*.json",
-    "dist/*.d.ts",
-    "dist/*.js",
-    "types/*.d.ts"
-  ],
-  typeCoverage: {
-    cache: true,
-    atLeast: 99,
-    ignoreAsAssertion: true,
-    ignoreCatch: true,
-    ignoreEmptyType: true,
-    "ignore-non-null-assertion": true,
-    "ignore-type-assertion": true,
-    "ignore-files": "test/*",
-    strict: true
   }
 };
 

package/dist/types-strict.d.ts

@@ -95,6 +95,7 @@ export type ListRepositoriesOptions = {
     page?: number | undefined;
     per_page?: number | undefined;
     sort?: string | undefined;
+    workspace?: string | undefined;
 };
 /**
  * Strict type for organization item.

package/package.json

@@ -1,19 +1,25 @@
 {
   "name": "@socketsecurity/sdk",
-  "version": "3.3.1",
-  "packageManager": "pnpm@10.30.3",
-  "license": "MIT",
+  "version": "3.4.1",
   "description": "SDK for the Socket API client",
+  "homepage": "https://github.com/SocketDev/socket-sdk-js",
+  "license": "MIT",
   "author": {
     "name": "Socket Inc",
     "email": "eng@socket.dev",
     "url": "https://socket.dev"
   },
-  "homepage": "https://github.com/SocketDev/socket-sdk-js",
   "repository": {
     "type": "git",
     "url": "git://github.com/SocketDev/socket-sdk-js.git"
   },
+  "files": [
+    "CHANGELOG.md",
+    "data/*.json",
+    "dist/*.d.ts",
+    "dist/*.js",
+    "types/*.d.ts"
+  ],
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "exports": {
@@ -42,6 +48,8 @@
     "clean": "node scripts/clean.mjs",
     "cover": "node scripts/cover.mjs",
     "fix": "node scripts/lint.mjs --fix",
+    "format": "oxfmt .",
+    "format:check": "oxfmt --check .",
     "generate-sdk": "node scripts/generate-sdk.mjs",
     "lint": "node scripts/lint.mjs",
     "precommit": "pnpm run check --lint --staged",
@@ -49,7 +57,7 @@
     "ci:validate": "node scripts/ci-validate.mjs",
     "prepublishOnly": "echo 'ERROR: Use GitHub Actions workflow for publishing' && exit 1",
     "publish": "node scripts/publish.mjs",
-    "publish:ci": "node scripts/publish.mjs --skip-git --skip-build --tag ${DIST_TAG:-latest}",
+    "publish:ci": "node scripts/publish.mjs --tag ${DIST_TAG:-latest}",
     "claude": "node scripts/claude.mjs",
     "test": "node scripts/test.mjs",
     "type": "tsgo --noEmit -p .config/tsconfig.check.json",
@@ -57,7 +65,7 @@
   },
   "dependencies": {
     "@socketregistry/packageurl-js": "1.3.5",
-    "@socketsecurity/lib": "5.7.0",
+    "@socketsecurity/lib": "5.8.1",
     "form-data": "4.0.5"
   },
   "devDependencies": {
@@ -65,10 +73,8 @@
     "@babel/parser": "7.26.3",
     "@babel/traverse": "7.26.4",
     "@babel/types": "7.26.3",
-    "@biomejs/biome": "2.2.4",
-    "@dotenvx/dotenvx": "^1.52.0",
-    "@eslint/compat": "1.3.2",
-    "@eslint/js": "9.35.0",
+    "@dotenvx/dotenvx": "1.54.1",
+    "@oxlint/migrate": "1.52.0",
     "@sveltejs/acorn-typescript": "1.0.8",
     "@types/babel__traverse": "7.28.0",
     "@types/node": "24.9.2",
@@ -78,26 +84,35 @@
     "del": "8.0.1",
     "dev-null-cli": "2.0.0",
     "esbuild": "0.25.11",
-    "eslint": "9.35.0",
-    "eslint-import-resolver-typescript": "4.4.4",
-    "eslint-plugin-import-x": "4.16.1",
-    "eslint-plugin-jsdoc": "57.0.8",
-    "eslint-plugin-n": "17.23.1",
-    "eslint-plugin-sort-destructure-keys": "2.0.0",
-    "eslint-plugin-unicorn": "56.0.1",
     "fast-glob": "3.3.3",
-    "globals": "16.4.0",
     "http2-wrapper": "2.2.1",
     "husky": "9.1.7",
     "magic-string": "0.30.14",
     "nock": "14.0.10",
     "openapi-typescript": "6.7.6",
+    "oxfmt": "0.37.0",
+    "oxlint": "1.52.0",
     "semver": "7.7.2",
     "taze": "19.9.2",
     "type-coverage": "2.29.7",
-    "typescript-eslint": "8.44.1",
     "vitest": "4.0.3"
   },
+  "typeCoverage": {
+    "atLeast": 99,
+    "cache": true,
+    "ignore-files": "test/*",
+    "ignore-non-null-assertion": true,
+    "ignore-type-assertion": true,
+    "ignoreAsAssertion": true,
+    "ignoreCatch": true,
+    "ignoreEmptyType": true,
+    "strict": true
+  },
+  "engines": {
+    "node": ">=18",
+    "pnpm": ">=10.25.0"
+  },
+  "packageManager": "pnpm@10.32.1",
   "pnpm": {
     "ignoredBuiltDependencies": [
       "esbuild",
@@ -106,27 +121,5 @@
     "overrides": {
       "vite": "7.1.12"
     }
-  },
-  "engines": {
-    "node": ">=18",
-    "pnpm": ">=10.25.0"
-  },
-  "files": [
-    "CHANGELOG.md",
-    "data/*.json",
-    "dist/*.d.ts",
-    "dist/*.js",
-    "types/*.d.ts"
-  ],
-  "typeCoverage": {
-    "cache": true,
-    "atLeast": 99,
-    "ignoreAsAssertion": true,
-    "ignoreCatch": true,
-    "ignoreEmptyType": true,
-    "ignore-non-null-assertion": true,
-    "ignore-type-assertion": true,
-    "ignore-files": "test/*",
-    "strict": true
   }
 }

package/types/api.d.ts

@@ -466,7 +466,7 @@ export interface paths {
   '/orgs/{org_slug}/triage/alerts': {
     /**
      * List Org Alert Triage
-     * @description Get alert triage actions for an organization.
+     * @description List triage actions for an organization. Results are paginated and can be sorted by created_at or updated_at.
      *
      * This endpoint consumes 1 unit of your quota.
      *
@@ -475,8 +475,8 @@ export interface paths {
      */
     get: operations['getOrgTriage']
     /**
-     * Update Org Alert Triage
-     * @description Update triage actions on organization alerts.
+     * Create/Update Org Alert Triage
+     * @description Create or update triage actions on organization alerts. Accepts a batch of triage entries. Omit `uuid` to create a new entry; provide an existing `uuid` to update it. Use `?force=true` for broad triages that lack a specific `alertKey` or granular package information.
      *
      * This endpoint consumes 1 unit of your quota.
      *
@@ -7477,7 +7477,7 @@ export interface operations {
   }
   /**
    * List Org Alert Triage
-   * @description Get alert triage actions for an organization.
+   * @description List triage actions for an organization. Results are paginated and can be sorted by created_at or updated_at.
    *
    * This endpoint consumes 1 unit of your quota.
    *
@@ -7487,9 +7487,13 @@ export interface operations {
   getOrgTriage: {
     parameters: {
       query?: {
+        /** @description Field to sort by. One of: created_at, updated_at. */
         sort?: string
+        /** @description Sort direction. One of: asc, desc. */
         direction?: string
+        /** @description Number of results per page (1–100, default 30). */
         per_page?: number
+        /** @description Page number (1-based). */
         page?: number
       }
       path: {
@@ -7612,8 +7616,8 @@ export interface operations {
     }
   }
   /**
-   * Update Org Alert Triage
-   * @description Update triage actions on organization alerts.
+   * Create/Update Org Alert Triage
+   * @description Create or update triage actions on organization alerts. Accepts a batch of triage entries. Omit `uuid` to create a new entry; provide an existing `uuid` to update it. Use `?force=true` for broad triages that lack a specific `alertKey` or granular package information.
    *
    * This endpoint consumes 1 unit of your quota.
    *
@@ -7635,19 +7639,40 @@ export interface operations {
       content: {
         'application/json': {
           alertTriage: Array<{
-            /** @default */
+            /**
+             * @description The UUID of the triage entry. Omit to create a new entry; provide to update an existing one.
+             * @default
+             */
             uuid?: string | null
-            /** @default */
+            /**
+             * @description The package ecosystem type (e.g., npm, pypi). Use null or "*" for wildcard.
+             * @default
+             */
             packageType?: string | null
-            /** @default */
+            /**
+             * @description The package namespace or scope. Use null or "*" for wildcard.
+             * @default
+             */
             packageNamespace?: string | null
-            /** @default */
+            /**
+             * @description The package name. Use null or "*" for wildcard.
+             * @default
+             */
             packageName?: string | null
-            /** @default */
+            /**
+             * @description The package version. Supports a "*" suffix for wildcard prefix matching. Use null for any version.
+             * @default
+             */
             packageVersion?: string | null
-            /** @default */
+            /**
+             * @description The specific alert key to target.
+             * @default
+             */
             alertKey?: string | null
-            /** @default */
+            /**
+             * @description The alert type (e.g., criticalCVE, highCVE).
+             * @default
+             */
             alertType?: string | null
             /**
              * @description Whether a fix is available, unavailable, or * for any
@@ -7664,16 +7689,25 @@ export interface operations {
              * @enum {string}
              */
             kevs?: 'exist' | 'none' | '*'
-            /** @default */
+            /**
+             * @description CVE or GHSA ID to match against.
+             * @default
+             */
             cveOrGhsaId?: string | null
             /**
              * @description The reachability of the alert, can be reachable, unreachable, other, or * for any
              * @enum {string}
              */
             reachability?: 'reachable' | 'unreachable' | 'other' | '*'
-            /** @default */
+            /**
+             * @description CVSS score comparison operator and value (e.g., >=7.5, >5.0, ==8.0).
+             * @default
+             */
             cvssScoreCmp?: string | null
-            /** @default */
+            /**
+             * @description A note or comment for the triage action.
+             * @default
+             */
             note?: string
             /**
              * @description The triage state of the alert
@@ -7754,6 +7788,8 @@ export interface operations {
         page?: number
         /** @description Include archived repositories in the results */
         include_archived?: boolean
+        /** @description Filter repositories by workspace. When provided (including empty string), only repos in that workspace are returned. */
+        workspace?: string
       }
       path: {
         /** @description The slug of the organization */
@@ -15274,12 +15310,15 @@ export interface operations {
           | 'CreateApiToken'
           | 'CreateArtifact'
           | 'CreateLabel'
+          | 'CreateOauthRefreshToken'
+          | 'CreateRepoAccessRule'
           | 'CreateWebhook'
           | 'DeleteAlertTriage'
           | 'DeleteApiToken'
           | 'DeleteFullScan'
           | 'DeleteLabel'
           | 'DeleteLabelSetting'
+          | 'DeleteRepoAccessRule'
           | 'DeleteReport'
           | 'DeleteRepository'
           | 'DeleteWebhook'
@@ -15293,6 +15332,7 @@ export interface operations {
           | 'RemoveMember'
           | 'ResetInvitationLink'
           | 'ResetOrganizationSettingToDefault'
+          | 'RotateOauthRefreshToken'
           | 'RevokeApiToken'
           | 'RotateApiToken'
           | 'SendInvitation'
@@ -15310,6 +15350,7 @@ export interface operations {
           | 'UpdateLabelSetting'
           | 'UpdateLicenseOverlay'
           | 'UpdateOrganizationSetting'
+          | 'UpdateRepoAccessRule'
           | 'UpdateWebhook'
           | 'UpgradeOrganizationPlan'
         /** @description Number of events per page */