npm - @socketsecurity/sdk - Versions diffs - 3.4.0 → 3.5.0 - Mend

@socketsecurity/sdk 3.4.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/CHANGELOG.md +25 -0
package/README.md +1 -1
package/dist/constants.d.ts +3 -1
package/dist/http-client.d.ts +1 -36
package/dist/index.d.ts +1 -1
package/dist/index.js +262 -152
package/dist/socket-sdk-class.d.ts +35 -31
package/dist/types.d.ts +28 -8
package/package.json +9 -6
package/types/api.d.ts +162 -21

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,31 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+## [3.5.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v3.5.0) - 2026-04-03
+### Added
+- **checkMalware**: New API method for normalized malware detection across public and org tokens
+  - Public tokens use the firewall API with client-side `publicPolicy` filtering
+  - Org tokens use the batch PURL API with full server-assigned org policy
+  - Both paths return the same normalized `MalwareCheckResult` shape
+- New exported types: `MalwareCheckAlert`, `MalwareCheckPackage`, `MalwareCheckResult`, `MalwareCheckScore`
+- New audit log action types: `CreateTicket`, `DisconnectJiraIntegration`, `JiraIntegrationConnected`
+- New `alert-resolution` permission scope (list, create, read, delete)
+- New `workspace` parameter for `createOrgFullScan` package entries
+- New `SocketSBOMScore` schema for supply chain risk score breakdowns with formulas and components
+- New `skillPreExecution` alert type and policy action
+- Full scan `include_scores` and `include_scores_details` query parameters with `scores` ndjson event
+- Batch PURL `timeoutSec` parameter for scan result timeout control
+## [3.4.1](https://github.com/SocketDev/socket-sdk-js/releases/tag/v3.4.1) - 2026-03-12
+### Changed
+- Synced OpenAPI type definitions with latest API specification
+  - Improved documentation for Org Triage API query parameters and request fields
+- Updated `@socketsecurity/lib` to v5.8.1
 ## [3.4.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v3.4.0) - 2026-03-11
 ### Added

package/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 [![Socket Badge](https://socket.dev/api/badge/npm/package/@socketsecurity/sdk)](https://socket.dev/npm/package/@socketsecurity/sdk)
 [![CI](https://github.com/SocketDev/socket-sdk-js/actions/workflows/ci.yml/badge.svg)](https://github.com/SocketDev/socket-sdk-js/actions/workflows/ci.yml)
-![Coverage](https://img.shields.io/badge/coverage-40%25-orange)
+![Coverage](https://img.shields.io/badge/coverage-96%25-brightgreen)
 [![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)
 [![Follow @socket.dev on Bluesky](https://img.shields.io/badge/Follow-@socket.dev-1DA1F2?style=social&logo=bluesky)](https://bsky.app/profile/socket.dev)

package/dist/constants.d.ts CHANGED Viewed

@@ -12,5 +12,7 @@ export declare const MIN_HTTP_TIMEOUT = 5000;
 export declare const MAX_RESPONSE_SIZE: number;
 export declare const MAX_STREAM_SIZE: number;
 export declare const SOCKET_PUBLIC_BLOB_STORE_URL = "https://socketusercontent.com";
+export declare const MAX_FIREWALL_COMPONENTS = 8;
+export declare const SOCKET_FIREWALL_API_URL = "https://firewall-api.socket.dev/purl";
 export declare const httpAgentNames: Set<string>;
-export declare const publicPolicy: Map<"ambiguousClassifier" | "badEncoding" | "badSemver" | "badSemverDependency" | "bidi" | "binScriptConfusion" | "chromeContentScript" | "chromeHostPermission" | "chromePermission" | "chromeWildcardHostPermission" | "chronoAnomaly" | "compromisedSSHKey" | "copyleftLicense" | "criticalCVE" | "cve" | "debugAccess" | "deprecated" | "deprecatedException" | "deprecatedLicense" | "didYouMean" | "dynamicRequire" | "emptyPackage" | "envVars" | "explicitlyUnlicensedItem" | "extraneousDependency" | "fileDependency" | "filesystemAccess" | "floatingDependency" | "generic" | "ghaArgToEnv" | "ghaArgToOutput" | "ghaArgToSink" | "ghaContextToEnv" | "ghaContextToOutput" | "ghaContextToSink" | "ghaEnvToSink" | "gitDependency" | "gitHubDependency" | "gptAnomaly" | "gptDidYouMean" | "gptMalware" | "gptSecurity" | "hasNativeCode" | "highEntropyStrings" | "homoglyphs" | "httpDependency" | "installScripts" | "invalidPackageJSON" | "invisibleChars" | "licenseChange" | "licenseException" | "licenseSpdxDisj" | "longStrings" | "majorRefactor" | "malware" | "manifestConfusion" | "mediumCVE" | "mildCVE" | "minifiedFile" | "miscLicenseIssues" | "missingAuthor" | "missingDependency" | "missingLicense" | "missingTarball" | "mixedLicense" | "modifiedException" | "modifiedLicense" | "networkAccess" | "newAuthor" | "noAuthorData" | "noBugTracker" | "noLicenseFound" | "noREADME" | "noRepository" | "noTests" | "noV1" | "noWebsite" | "nonOSILicense" | "nonSPDXLicense" | "nonpermissiveLicense" | "notice" | "obfuscatedFile" | "obfuscatedRequire" | "peerDependency" | "potentialVulnerability" | "recentlyPublished" | "semverAnomaly" | "shellAccess" | "shellScriptOverride" | "shrinkwrap" | "skillAutonomyAbuse" | "skillCommandInjection" | "skillDataExfiltration" | "skillDiscoveryAbuse" | "skillHardcodedSecrets" | "skillObfuscation" | "skillPromptInjection" | "skillResourceAbuse" | "skillSupplyChain" | "skillToolAbuse" | "skillToolChaining" | "skillTransitiveTrust" | "socketUpgradeAvailable" | "suspiciousStarActivity" | "suspiciousString" | "telemetry" | "tooManyFiles" | "trivialPackage" | "troll" | "typeModuleCompatibility" | "uncaughtOptionalDependency" | "unclearLicense" | "unidentifiedLicense" | "unmaintained" | "unpopularPackage" | "unpublished" | "unresolvedRequire" | "unsafeCopyright" | "unstableOwnership" | "unusedDependency" | "urlStrings" | "usesEval" | "vsxActivationWildcard" | "vsxDebuggerContribution" | "vsxExtensionDependency" | "vsxExtensionPack" | "vsxProposedApiUsage" | "vsxUntrustedWorkspaceSupported" | "vsxVirtualWorkspaceSupported" | "vsxWebviewContribution" | "vsxWorkspaceContainsActivation" | "zeroWidth", ALERT_ACTION>;
+export declare const publicPolicy: Map<"ambiguousClassifier" | "badEncoding" | "badSemver" | "badSemverDependency" | "bidi" | "binScriptConfusion" | "chromeContentScript" | "chromeHostPermission" | "chromePermission" | "chromeWildcardHostPermission" | "chronoAnomaly" | "compromisedSSHKey" | "copyleftLicense" | "criticalCVE" | "cve" | "debugAccess" | "deprecated" | "deprecatedException" | "deprecatedLicense" | "didYouMean" | "dynamicRequire" | "emptyPackage" | "envVars" | "explicitlyUnlicensedItem" | "extraneousDependency" | "fileDependency" | "filesystemAccess" | "floatingDependency" | "generic" | "ghaArgToEnv" | "ghaArgToOutput" | "ghaArgToSink" | "ghaContextToEnv" | "ghaContextToOutput" | "ghaContextToSink" | "ghaEnvToSink" | "gitDependency" | "gitHubDependency" | "gptAnomaly" | "gptDidYouMean" | "gptMalware" | "gptSecurity" | "hasNativeCode" | "highEntropyStrings" | "homoglyphs" | "httpDependency" | "installScripts" | "invalidPackageJSON" | "invisibleChars" | "licenseChange" | "licenseException" | "licenseSpdxDisj" | "longStrings" | "majorRefactor" | "malware" | "manifestConfusion" | "mediumCVE" | "mildCVE" | "minifiedFile" | "miscLicenseIssues" | "missingAuthor" | "missingDependency" | "missingLicense" | "missingTarball" | "mixedLicense" | "modifiedException" | "modifiedLicense" | "networkAccess" | "newAuthor" | "noAuthorData" | "noBugTracker" | "noLicenseFound" | "noREADME" | "noRepository" | "noTests" | "noV1" | "noWebsite" | "nonOSILicense" | "nonSPDXLicense" | "nonpermissiveLicense" | "notice" | "obfuscatedFile" | "obfuscatedRequire" | "peerDependency" | "potentialVulnerability" | "recentlyPublished" | "semverAnomaly" | "shellAccess" | "shellScriptOverride" | "shrinkwrap" | "skillAutonomyAbuse" | "skillCommandInjection" | "skillDataExfiltration" | "skillDiscoveryAbuse" | "skillHardcodedSecrets" | "skillObfuscation" | "skillPreExecution" | "skillPromptInjection" | "skillResourceAbuse" | "skillSupplyChain" | "skillToolAbuse" | "skillToolChaining" | "skillTransitiveTrust" | "socketUpgradeAvailable" | "suspiciousStarActivity" | "suspiciousString" | "telemetry" | "tooManyFiles" | "trivialPackage" | "troll" | "typeModuleCompatibility" | "uncaughtOptionalDependency" | "unclearLicense" | "unidentifiedLicense" | "unmaintained" | "unpopularPackage" | "unpublished" | "unresolvedRequire" | "unsafeCopyright" | "unstableOwnership" | "unusedDependency" | "urlStrings" | "usesEval" | "vsxActivationWildcard" | "vsxDebuggerContribution" | "vsxExtensionDependency" | "vsxExtensionPack" | "vsxProposedApiUsage" | "vsxUntrustedWorkspaceSupported" | "vsxVirtualWorkspaceSupported" | "vsxWebviewContribution" | "vsxWorkspaceContainsActivation" | "zeroWidth", ALERT_ACTION>;

package/dist/http-client.d.ts CHANGED Viewed

@@ -76,30 +76,6 @@ export declare function getResponse(req: ClientRequest): Promise<IncomingMessage
  * @throws {SyntaxError} When response body contains invalid JSON
  */
 export declare function getResponseJson(response: IncomingMessage, method?: string | undefined, url?: string | undefined): Promise<JsonValue | undefined>;
-/**
- * Create DELETE request with automatic retry logic.
- * Retries on network errors and 5xx responses.
- *
- * @param retries - Number of retry attempts (default: 0, retries disabled)
- * @param retryDelay - Initial delay in ms (default: 100)
- */
-export declare function createDeleteRequestWithRetry(baseUrl: string, urlPath: string, options?: RequestOptionsWithHooks | undefined, retries?: number, retryDelay?: number): Promise<IncomingMessage>;
-/**
- * Create GET request with automatic retry logic.
- * Retries on network errors and 5xx responses.
- *
- * @param retries - Number of retry attempts (default: 0, retries disabled)
- * @param retryDelay - Initial delay in ms (default: 100)
- */
-export declare function createGetRequestWithRetry(baseUrl: string, urlPath: string, options?: RequestOptionsWithHooks | undefined, retries?: number, retryDelay?: number): Promise<IncomingMessage>;
-/**
- * Create request with JSON payload and automatic retry logic.
- * Retries on network errors and 5xx responses.
- *
- * @param retries - Number of retry attempts (default: 0, retries disabled)
- * @param retryDelay - Initial delay in ms (default: 100)
- */
-export declare function createRequestWithJsonAndRetry(method: SendMethod, baseUrl: string, urlPath: string, json: unknown, options?: RequestOptionsWithHooks | undefined, retries?: number, retryDelay?: number): Promise<IncomingMessage>;
 /**
  * Check if HTTP response has a successful status code (2xx range).
  * Returns true for status codes between 200-299, false otherwise.
@@ -109,15 +85,4 @@ export declare function isResponseOk(response: IncomingMessage): boolean;
  * Transform artifact data based on authentication status.
  * Filters and compacts response data for public/free-tier users.
  */
-export declare function reshapeArtifactForPublicPolicy<T extends Record<string, unknown>>(data: T, isAuthenticated: boolean, actions?: string | undefined): T;
-/**
- * Retry helper for HTTP requests with exponential backoff.
- * Wraps any async HTTP function and retries on failure.
- *
- * @param fn - Async function to retry
- * @param retries - Number of retry attempts (default: 0, retries disabled)
- * @param retryDelay - Initial delay in ms (default: 100)
- * @returns Result of the function call
- * @throws {Error} Last error if all retries exhausted
- */
-export declare function withRetry<T>(fn: () => Promise<T>, retries?: number, retryDelay?: number): Promise<T>;
+export declare function reshapeArtifactForPublicPolicy<T extends Record<string, unknown>>(data: T, isAuthenticated: boolean, actions?: string | undefined, policy?: Map<string, string> | undefined): T;

package/dist/index.d.ts CHANGED Viewed

@@ -8,7 +8,7 @@ export { createRequestBodyForFilepaths, createRequestBodyForJson, createUploadRe
 export { createDeleteRequest, createGetRequest, createRequestWithJson, getErrorResponseBody, getHttpModule, getResponse, getResponseJson, isResponseOk, ResponseError, reshapeArtifactForPublicPolicy, } from './http-client';
 export { calculateTotalQuotaCost, getAllMethodRequirements, getMethodRequirements, getMethodsByPermissions, getMethodsByQuotaCost, getQuotaCost, getQuotaUsageSummary, getRequiredPermissions, hasQuotaForMethods, } from './quota-utils';
 export { SocketSdk } from './socket-sdk-class';
-export type { ALERT_ACTION, ALERT_TYPE, Agent, ArtifactPatches, BatchPackageFetchResultType, BatchPackageStreamOptions, CompactSocketArtifact, CompactSocketArtifactAlert, CreateDependenciesSnapshotOptions, CreateOrgFullScanOptions, CreateScanFromFilepathsOptions, CustomResponseType, Entitlement, EntitlementsResponse, FileValidationCallback, FileValidationResult, GetOptions, GotOptions, HeadersRecord, PatchFile, PatchRecord, PatchViewResponse, TelemetryConfig, PostOrgTelemetryPayload, PostOrgTelemetryResponse, QueryParams, RequestInfo, RequestOptions, RequestOptionsWithHooks, ResponseInfo, SecurityAlert, SendMethod, SendOptions, SocketArtifact, SocketArtifactAlert, SocketArtifactWithExtras, SocketId, SocketMetricSchema, SocketSdkArrayElement, SocketSdkData, SocketSdkErrorResult, SocketSdkGenericResult, SocketSdkOperations, SocketSdkOptions, SocketSdkResult, SocketSdkSuccessResult, StreamOrgFullScanOptions, UploadManifestFilesError, UploadManifestFilesOptions, UploadManifestFilesResponse, UploadManifestFilesReturnType, Vulnerability, } from './types';
+export type { ALERT_ACTION, ALERT_TYPE, Agent, ArtifactPatches, BatchPackageFetchResultType, BatchPackageStreamOptions, CompactSocketArtifact, CompactSocketArtifactAlert, CreateDependenciesSnapshotOptions, CustomResponseType, Entitlement, EntitlementsResponse, FileValidationCallback, FileValidationResult, GetOptions, GotOptions, HeadersRecord, MalwareCheckAlert, MalwareCheckPackage, MalwareCheckResult, MalwareCheckScore, PatchFile, PatchRecord, PatchViewResponse, TelemetryConfig, PostOrgTelemetryPayload, PostOrgTelemetryResponse, QueryParams, RequestInfo, RequestOptions, RequestOptionsWithHooks, ResponseInfo, SecurityAlert, SendMethod, SendOptions, SocketArtifact, SocketArtifactAlert, SocketArtifactWithExtras, SocketId, SocketMetricSchema, SocketSdkArrayElement, SocketSdkData, SocketSdkErrorResult, SocketSdkGenericResult, SocketSdkOperations, SocketSdkOptions, SocketSdkResult, SocketSdkSuccessResult, StreamOrgFullScanOptions, UploadManifestFilesError, UploadManifestFilesOptions, UploadManifestFilesResponse, UploadManifestFilesReturnType, Vulnerability, } from './types';
 export type { CreateFullScanOptions, DeleteRepositoryLabelResult, DeleteResult, FullScanItem, FullScanListData, FullScanListResult, FullScanResult, GetRepositoryOptions, ListFullScansOptions, ListRepositoriesOptions, OrganizationItem, OrganizationsResult, RepositoriesListData, RepositoriesListResult, RepositoryItem, RepositoryLabelItem, RepositoryLabelResult, RepositoryLabelsListData, RepositoryLabelsListResult, RepositoryListItem, RepositoryResult, StreamFullScanOptions, StrictErrorResult, StrictResult, } from './types-strict';
 export { createUserAgentFromPkgJson } from './user-agent';
 export { calculateWordSetSimilarity, filterRedundantCause, normalizeBaseUrl, promiseWithResolvers, queryToSearchParams, resolveAbsPaths, resolveBasePath, shouldOmitReason, };