@socketsecurity/sdk 3.4.0 → 3.5.0

package/dist/index.js

@@ -71,7 +71,7 @@ module.exports = __toCommonJS(index_exports);
 // package.json
 var package_default = {
   name: "@socketsecurity/sdk",
-  version: "3.4.0",
+  version: "3.5.0",
   description: "SDK for the Socket API client",
   homepage: "https://github.com/SocketDev/socket-sdk-js",
   license: "MIT",
@@ -130,16 +130,18 @@ var package_default = {
     publish: "node scripts/publish.mjs",
     "publish:ci": "node scripts/publish.mjs --tag ${DIST_TAG:-latest}",
     claude: "node scripts/claude.mjs",
+    security: "agentshield scan && { command -v zizmor >/dev/null && zizmor .github/ || echo 'zizmor not installed \u2014 run pnpm run setup to install'; }",
     test: "node scripts/test.mjs",
     type: "tsgo --noEmit -p .config/tsconfig.check.json",
     update: "node scripts/update.mjs"
   },
   dependencies: {
-    "@socketregistry/packageurl-js": "1.3.5",
-    "@socketsecurity/lib": "5.8.0",
+    "@socketregistry/packageurl-js": "1.4.1",
+    "@socketsecurity/lib": "5.11.4",
     "form-data": "4.0.5"
   },
   devDependencies: {
+    "@anthropic-ai/claude-code": "2.1.89",
     "@babel/generator": "7.28.5",
     "@babel/parser": "7.26.3",
     "@babel/traverse": "7.26.4",
@@ -154,6 +156,7 @@ var package_default = {
     acorn: "8.15.0",
     del: "8.0.1",
     "dev-null-cli": "2.0.0",
+    "ecc-agentshield": "1.4.0",
     esbuild: "0.25.11",
     "fast-glob": "3.3.3",
     "http2-wrapper": "2.2.1",
@@ -180,10 +183,10 @@ var package_default = {
     strict: true
   },
   engines: {
-    node: ">=18",
-    pnpm: ">=10.25.0"
+    node: ">=18.20.8",
+    pnpm: ">=10.33.0"
   },
-  packageManager: "pnpm@10.32.1",
+  packageManager: "pnpm@10.33.0",
   pnpm: {
     ignoredBuiltDependencies: [
       "esbuild",
@@ -216,6 +219,8 @@ var MIN_HTTP_TIMEOUT = 5e3;
 var MAX_RESPONSE_SIZE = 10 * 1024 * 1024;
 var MAX_STREAM_SIZE = 100 * 1024 * 1024;
 var SOCKET_PUBLIC_BLOB_STORE_URL = "https://socketusercontent.com";
+var MAX_FIREWALL_COMPONENTS = 8;
+var SOCKET_FIREWALL_API_URL = "https://firewall-api.socket.dev/purl";
 var httpAgentNames = /* @__PURE__ */ new Set(["http", "https", "http2"]);
 var publicPolicy = /* @__PURE__ */ new Map([
   // error (1):
@@ -327,6 +332,7 @@ var publicPolicy = /* @__PURE__ */ new Map([
 
 // src/utils.ts
 var import_node_path = __toESM(require("node:path"));
+var import_node_process = __toESM(require("node:process"));
 var import_memoization = require("@socketsecurity/lib/memoization");
 var import_normalize = require("@socketsecurity/lib/paths/normalize");
 function normalizeToWordSet(s) {
@@ -405,7 +411,7 @@ function resolveAbsPaths(filepaths, pathsRelativeTo) {
   return filepaths.map((p) => (0, import_normalize.normalizePath)(import_node_path.default.resolve(basePath, p)));
 }
 function resolveBasePath(pathsRelativeTo = ".") {
-  return (0, import_normalize.normalizePath)(import_node_path.default.resolve(process.cwd(), pathsRelativeTo));
+  return (0, import_normalize.normalizePath)(import_node_path.default.resolve(import_node_process.default.cwd(), pathsRelativeTo));
 }
 function shouldOmitReason(errorMessage, reason, threshold = 0.6) {
   if (!reason || !reason.trim()) {
@@ -803,9 +809,10 @@ function isResponseOk(response) {
   const { statusCode } = response;
   return statusCode ? statusCode >= 200 && statusCode < 300 : false;
 }
-function reshapeArtifactForPublicPolicy(data, isAuthenticated, actions) {
+function reshapeArtifactForPublicPolicy(data, isAuthenticated, actions, policy) {
   if (!isAuthenticated) {
     const allowedActions = actions?.trim() ? actions.split(",") : void 0;
+    const resolvedPolicy = policy ?? publicPolicy;
     const reshapeArtifact = (artifact) => ({
       name: artifact.name,
       version: artifact.version,
@@ -818,17 +825,19 @@ function reshapeArtifactForPublicPolicy(data, isAuthenticated, actions) {
       // Compact the alerts array to reduce response size for non-authenticated
       // requests.
       alerts: artifact.alerts?.filter((alert) => {
+        const action = resolvedPolicy.get(alert.type);
         if (alert.severity === "low") {
           return false;
         }
-        if (allowedActions && alert.action && !allowedActions.includes(alert.action)) {
+        if (allowedActions && action && !allowedActions.includes(action)) {
           return false;
         }
         return true;
       }).map((alert) => ({
-        type: alert.type,
+        action: resolvedPolicy.get(alert.type),
+        key: alert.key,
         severity: alert.severity,
-        key: alert.key
+        type: alert.type
       }))
     });
     if (data["artifacts"]) {
@@ -1064,6 +1073,7 @@ function hasQuotaForMethods(availableQuota, methodNames) {
 var import_node_events = __toESM(require("node:events"));
 var import_node_fs3 = require("node:fs");
 var import_node_path4 = __toESM(require("node:path"));
+var import_node_process2 = __toESM(require("node:process"));
 var import_node_readline = __toESM(require("node:readline"));
 var import_cache_with_ttl = require("@socketsecurity/lib/cache-with-ttl");
 var import_core = require("@socketsecurity/lib/constants/core");
@@ -1077,7 +1087,7 @@ var import_promises = require("@socketsecurity/lib/promises");
 var import_suppress_warnings = require("@socketsecurity/lib/suppress-warnings");
 var import_url = require("@socketsecurity/lib/url");
 var abortSignal = (0, import_process.getAbortSignal)();
-var SocketSdk = class {
+var SocketSdk = class _SocketSdk {
   #apiToken;
   #baseUrl;
   #cache;
@@ -1191,11 +1201,12 @@ var SocketSdk = class {
         );
         if ((0, import_objects.isObjectObject)(artifact)) {
           yield this.#handleApiSuccess(
-            /* c8 ignore next 7 - Public token artifact reshaping branch for policy compliance. */
+            /* c8 ignore next 8 - Public token artifact reshaping branch for policy compliance. */
             isPublicToken ? reshapeArtifactForPublicPolicy(
               artifact,
               false,
-              queryParams?.["actions"]
+              queryParams?.["actions"],
+              publicPolicy
             ) : artifact
           );
         }
@@ -1336,7 +1347,6 @@ var SocketSdk = class {
    * Extract text content from HTTP response stream.
    * Internal method with size limits to prevent memory exhaustion.
    */
-  /* c8 ignore start - unused utility method reserved for future text response handling */
   async #getResponseText(response) {
     const chunks = [];
     let size = 0;
@@ -1350,7 +1360,6 @@ var SocketSdk = class {
     }
     return Buffer.concat(chunks).toString("utf8");
   }
-  /* c8 ignore stop */
   /**
    * Handle API error responses and convert to standardized error result.
    * Internal error handling with status code analysis and message formatting.
@@ -1547,14 +1556,17 @@ var SocketSdk = class {
     const url = `${this.#baseUrl}orgs/${encodeURIComponent(orgSlug)}/purl?${queryToSearchParams(queryParams)}`;
     let res;
     try {
-      const req = getHttpModule(this.#baseUrl).request(url, {
-        method: "POST",
-        ...this.#reqOptions
-      }).end(JSON.stringify(componentsObj));
-      res = await getResponse(req);
-      if (!isResponseOk(res)) {
-        throw new ResponseError(res, "", url);
-      }
+      res = await this.#executeWithRetry(async () => {
+        const req = getHttpModule(this.#baseUrl).request(url, {
+          method: "POST",
+          ...this.#reqOptions
+        }).end(JSON.stringify(componentsObj));
+        const response = await getResponse(req);
+        if (!isResponseOk(response)) {
+          throw new ResponseError(response, "POST Request failed", url);
+        }
+        return response;
+      });
     } catch (e) {
       return await this.#handleApiError(e);
     }
@@ -1620,11 +1632,12 @@ var SocketSdk = class {
         );
         if ((0, import_objects.isObjectObject)(artifact)) {
           results.push(
-            /* c8 ignore next 7 - Public token artifact reshaping for policy compliance. */
+            /* c8 ignore next 8 - Public token artifact reshaping for policy compliance. */
             isPublicToken ? reshapeArtifactForPublicPolicy(
               artifact,
               false,
-              queryParams?.["actions"]
+              queryParams?.["actions"],
+              publicPolicy
             ) : artifact
           );
         }
@@ -1713,6 +1726,111 @@ var SocketSdk = class {
       }
     }
   }
+  /**
+   * Check packages for malware and security alerts.
+   *
+   * For small sets (≤ MAX_FIREWALL_COMPONENTS), uses parallel firewall API
+   * requests which return full artifact data including score and alert details.
+   *
+   * For larger sets, uses the batch PURL API for efficiency.
+   *
+   * Both paths normalize alerts through publicPolicy and only return
+   * malware-relevant results.
+   *
+   * @param components - Array of package URLs to check
+   * @returns Normalized results with policy-filtered alerts per package
+   */
+  async checkMalware(components) {
+    if (components.length <= MAX_FIREWALL_COMPONENTS) {
+      return this.#checkMalwareFirewall(components);
+    }
+    return this.#checkMalwareBatch(components);
+  }
+  // Small-set path: parallel firewall API requests per PURL.
+  // Returns full artifact data (score, alert props, categories, fix info).
+  async #checkMalwareFirewall(components) {
+    const packages = [];
+    const results = await Promise.allSettled(
+      components.map(async ({ purl }) => {
+        const urlPath = `/${encodeURIComponent(purl)}`;
+        const response = await createGetRequest(
+          SOCKET_FIREWALL_API_URL,
+          urlPath,
+          this.#reqOptions
+        );
+        if (!isResponseOk(response)) return void 0;
+        const json = await getResponseJson(response);
+        return json;
+      })
+    );
+    for (const settled of results) {
+      if (settled.status === "rejected" || !settled.value) continue;
+      packages.push(_SocketSdk.#normalizeArtifact(settled.value, publicPolicy));
+    }
+    return {
+      cause: void 0,
+      data: packages,
+      error: void 0,
+      status: 200,
+      success: true
+    };
+  }
+  // Multi-component path: batch PURL API request, normalized to publicPolicy.
+  async #checkMalwareBatch(components) {
+    const result = await this.batchPackageFetch(
+      { components },
+      { alerts: true, cachedResultsOnly: true }
+    );
+    if (!result.success) {
+      return {
+        cause: result.cause,
+        data: void 0,
+        error: result.error,
+        status: result.status,
+        success: false
+      };
+    }
+    const packages = [];
+    for (const artifact of result.data) {
+      packages.push(_SocketSdk.#normalizeArtifact(artifact, publicPolicy));
+    }
+    return {
+      cause: void 0,
+      data: packages,
+      error: void 0,
+      status: 200,
+      success: true
+    };
+  }
+  // Normalize an artifact into MalwareCheckPackage.
+  // When policy is provided, derive action from the map.
+  // When policy is undefined, use server-assigned alert.action.
+  static #normalizeArtifact(artifact, policy) {
+    const alerts = [];
+    if (artifact.alerts) {
+      for (const alert of artifact.alerts) {
+        const action = policy ? policy.get(alert.type) ?? "ignore" : alert.action ?? "ignore";
+        if (action === "error" || action === "warn") {
+          alerts.push({
+            category: alert.category,
+            fix: alert.fix ? { description: alert.fix.description, type: alert.fix.type } : void 0,
+            key: alert.key,
+            props: alert.props,
+            severity: alert.severity,
+            type: alert.type
+          });
+        }
+      }
+    }
+    return {
+      alerts,
+      name: artifact.name,
+      namespace: artifact.namespace,
+      score: artifact.score,
+      type: artifact.type,
+      version: artifact.version
+    };
+  }
   /**
    * Create a snapshot of project dependencies by uploading manifest files.
    * Analyzes dependency files to generate a comprehensive security report.
@@ -2367,41 +2485,31 @@ var SocketSdk = class {
     }
   }
   /**
-     * Delete a legacy scan report permanently.
-  
-    /**
-     * Download patch file content by hash.
-     *
-     * Downloads the actual patched file content from the public Socket blob store.
-     * This is used after calling viewPatch() to get the patch metadata.
-     * No authentication is required as patch blobs are publicly accessible.
-     *
-     * @param hash - The blob hash in SSRI (sha256-base64) or hex format
-     * @param options - Optional configuration
-     * @param options.baseUrl - Override blob store URL (for testing)
-     * @returns Promise<string> - The patch file content as UTF-8 string
-     * @throws Error if blob not found (404) or download fails
-     *
-     * @example
-     * ```typescript
-     * const sdk = new SocketSdk('your-api-token')
-     * // First get patch metadata
-     * const patch = await sdk.viewPatch('my-org', 'patch-uuid')
-     * // Then download the actual patched file
-     * const fileContent = await sdk.downloadPatch(patch.files['index.js'].socketBlob)
-     * ```
-     */
+   * Download full scan files as a tar archive.
+   *
+   * Streams the full scan file contents to the specified output path as a tar file.
+   * Includes size limit enforcement to prevent excessive disk usage.
+   *
+   * @param orgSlug - Organization identifier
+   * @param fullScanId - Full scan identifier
+   * @param outputPath - Local file path to write the tar archive
+   * @returns Download result with success/error status
+   * @throws {Error} When server returns 5xx status codes
+   */
   async downloadOrgFullScanFilesAsTar(orgSlug, fullScanId, outputPath) {
     const url = `${this.#baseUrl}orgs/${encodeURIComponent(orgSlug)}/full-scans/${encodeURIComponent(fullScanId)}/files.tar`;
     try {
-      const req = getHttpModule(this.#baseUrl).request(url, {
-        method: "GET",
-        ...this.#reqOptions
-      }).end();
-      const res = await getResponse(req);
-      if (!isResponseOk(res)) {
-        throw new ResponseError(res, "", url);
-      }
+      const res = await this.#executeWithRetry(async () => {
+        const req = getHttpModule(this.#baseUrl).request(url, {
+          method: "GET",
+          ...this.#reqOptions
+        }).end();
+        const response = await getResponse(req);
+        if (!isResponseOk(response)) {
+          throw new ResponseError(response, "", url);
+        }
+        return response;
+      });
       const writeStream = (0, import_node_fs3.createWriteStream)(outputPath);
       let bytesWritten = 0;
       res.on("data", (chunk) => {
@@ -2637,26 +2745,16 @@ var SocketSdk = class {
     };
     const url = `${this.#baseUrl}${urlPath}`;
     try {
-      const response = await createGetRequest(this.#baseUrl, urlPath, {
-        ...this.#reqOptions,
-        hooks: this.#hooks
-      });
-      if (!isResponseOk(response)) {
-        if (throws) {
-          throw new ResponseError(response, "", url);
+      const response = await this.#executeWithRetry(async () => {
+        const res = await createGetRequest(this.#baseUrl, urlPath, {
+          ...this.#reqOptions,
+          hooks: this.#hooks
+        });
+        if (!isResponseOk(res)) {
+          throw new ResponseError(res, "", url);
         }
-        const errorResult = await this.#handleApiError(
-          new ResponseError(response, "", url)
-        );
-        return {
-          cause: errorResult.cause,
-          data: void 0,
-          error: errorResult.error,
-          status: errorResult.status,
-          success: false,
-          url: errorResult.url
-        };
-      }
+        return res;
+      });
       const data = await this.#handleQueryResponseData(
         response,
         responseType
@@ -2683,7 +2781,8 @@ var SocketSdk = class {
           data: void 0,
           error: errorResult.error,
           status: errorResult.status,
-          success: false
+          success: false,
+          url: errorResult.url
         };
       }
       return this.#createQueryErrorResult(e);
@@ -2800,7 +2899,7 @@ var SocketSdk = class {
   /**
    * Retrieve the enabled entitlements for an organization.
    *
-   * This method fetches the organization's entitlements and filters for only* the enabled ones, returning their keys. Entitlements represent Socket
+   * This method fetches the organization's entitlements and filters for only the enabled ones, returning their keys. Entitlements represent Socket
    * Products that the organization has access to use.
    */
   async getEnabledEntitlements(orgSlug) {
@@ -3086,7 +3185,8 @@ var SocketSdk = class {
     }
   }
   /**
-   * Get organization's license policy configuration.* Returns allowed, restricted, and monitored license types.
+   * Get organization's license policy configuration.
+   * Returns allowed, restricted, and monitored license types.
    *
    * @throws {Error} When server returns 5xx status codes
    */
@@ -3107,7 +3207,8 @@ var SocketSdk = class {
     }
   }
   /**
-   * Get organization's security policy configuration.* Returns alert rules, severity thresholds, and enforcement settings.
+   * Get organization's security policy configuration.
+   * Returns alert rules, severity thresholds, and enforcement settings.
    *
    * @throws {Error} When server returns 5xx status codes
    */
@@ -3272,36 +3373,32 @@ var SocketSdk = class {
     }
   }
   /**
-     * Get detailed results for a legacy scan report.
-    /**
-  
-    /**
-     * Get details for a specific repository.
-     *
-     * Returns repository configuration, monitoring status, and metadata.
-     *
-     * @param orgSlug - Organization identifier
-     * @param repoSlug - Repository slug/name
-     * @param options - Optional parameters including workspace
-     * @returns Repository details with configuration
-     *
-     * @example
-     * ```typescript
-     * const result = await sdk.getRepository('my-org', 'my-repo')
-     *
-     * if (result.success) {
-     *   console.log('Repository:', result.data.name)
-     *   console.log('Visibility:', result.data.visibility)
-     *   console.log('Default branch:', result.data.default_branch)
-     * }
-     * ```
-     *
-     * @see https://docs.socket.dev/reference/getorgrepo
-     * @apiEndpoint GET /orgs/{org_slug}/repos/{repo_slug}
-     * @quota 0 units
-     * @scopes repo:read
-     * @throws {Error} When server returns 5xx status codes
-     */
+   * Get details for a specific repository.
+   *
+   * Returns repository configuration, monitoring status, and metadata.
+   *
+   * @param orgSlug - Organization identifier
+   * @param repoSlug - Repository slug/name
+   * @param options - Optional parameters including workspace
+   * @returns Repository details with configuration
+   *
+   * @example
+   * ```typescript
+   * const result = await sdk.getRepository('my-org', 'my-repo')
+   *
+   * if (result.success) {
+   *   console.log('Repository:', result.data.name)
+   *   console.log('Visibility:', result.data.visibility)
+   *   console.log('Default branch:', result.data.default_branch)
+   * }
+   * ```
+   *
+   * @see https://docs.socket.dev/reference/getorgrepo
+   * @apiEndpoint GET /orgs/{org_slug}/repos/{repo_slug}
+   * @quota 0 units
+   * @scopes repo:read
+   * @throws {Error} When server returns 5xx status codes
+   */
   async getRepository(orgSlug, repoSlug, options) {
     const orgSlugParam = encodeURIComponent(orgSlug);
     const repoSlugParam = encodeURIComponent(repoSlug);
@@ -3860,7 +3957,7 @@ var SocketSdk = class {
         success: true
       };
     } catch (e) {
-      return this.#createQueryErrorResult(e);
+      return await this.#handleApiError(e);
     }
   }
   /**
@@ -3977,14 +4074,21 @@ var SocketSdk = class {
       method = "POST",
       throws = true
     } = { __proto__: null, ...options };
+    const url = `${this.#baseUrl}${urlPath}`;
     try {
-      const response = await createRequestWithJson(
-        method,
-        this.#baseUrl,
-        urlPath,
-        body,
-        { ...this.#reqOptions, hooks: this.#hooks }
-      );
+      const response = await this.#executeWithRetry(async () => {
+        const res = await createRequestWithJson(
+          method,
+          this.#baseUrl,
+          urlPath,
+          body,
+          { ...this.#reqOptions, hooks: this.#hooks }
+        );
+        if (!isResponseOk(res)) {
+          throw new ResponseError(res, "", url);
+        }
+        return res;
+      });
       const data = await getResponseJson(response);
       if (throws) {
         return data;
@@ -4008,17 +4112,11 @@ var SocketSdk = class {
           data: void 0,
           error: errorResult.error,
           status: errorResult.status,
-          success: false
+          success: false,
+          url: errorResult.url
         };
       }
-      const errStr = e ? String(e).trim() : "";
-      return {
-        cause: errStr || import_core.UNKNOWN_ERROR,
-        data: void 0,
-        error: "API request failed",
-        status: 0,
-        success: false
-      };
+      return this.#createQueryErrorResult(e);
     }
   }
   /**
@@ -4061,14 +4159,17 @@ var SocketSdk = class {
     };
     const url = `${this.#baseUrl}orgs/${encodeURIComponent(orgSlug)}/full-scans/${encodeURIComponent(scanId)}`;
     try {
-      const req = getHttpModule(this.#baseUrl).request(url, {
-        method: "GET",
-        ...this.#reqOptions
-      }).end();
-      const res = await getResponse(req);
-      if (!isResponseOk(res)) {
-        throw new ResponseError(res, "", url);
-      }
+      const res = await this.#executeWithRetry(async () => {
+        const req = getHttpModule(this.#baseUrl).request(url, {
+          method: "GET",
+          ...this.#reqOptions
+        }).end();
+        const response = await getResponse(req);
+        if (!isResponseOk(response)) {
+          throw new ResponseError(response, "", url);
+        }
+        return response;
+      });
       if (typeof output === "string") {
         const writeStream = (0, import_node_fs3.createWriteStream)(output);
         let bytesWritten = 0;
@@ -4103,15 +4204,15 @@ var SocketSdk = class {
         });
         const stdoutErrorHandler = (_error) => {
           res.destroy();
-          process.stdout.removeListener("error", stdoutErrorHandler);
+          import_node_process2.default.stdout.removeListener("error", stdoutErrorHandler);
         };
-        process.stdout.on("error", stdoutErrorHandler);
-        res.pipe(process.stdout);
+        import_node_process2.default.stdout.on("error", stdoutErrorHandler);
+        res.pipe(import_node_process2.default.stdout);
         res.on("end", () => {
-          process.stdout.removeListener("error", stdoutErrorHandler);
+          import_node_process2.default.stdout.removeListener("error", stdoutErrorHandler);
         });
         res.on("error", () => {
-          process.stdout.removeListener("error", stdoutErrorHandler);
+          import_node_process2.default.stdout.removeListener("error", stdoutErrorHandler);
         });
       }
       return this.#handleApiSuccess(res);
@@ -4196,7 +4297,8 @@ var SocketSdk = class {
     }
   }
   /**
-   * Update organization's license policy configuration.* Modifies allowed, restricted, and monitored license types.
+   * Update organization's license policy configuration.
+   * Modifies allowed, restricted, and monitored license types.
    *
    * @throws {Error} When server returns 5xx status codes
    */
@@ -4219,7 +4321,8 @@ var SocketSdk = class {
     }
   }
   /**
-   * Update organization's security policy configuration.* Modifies alert rules, severity thresholds, and enforcement settings.
+   * Update organization's security policy configuration.
+   * Modifies alert rules, severity thresholds, and enforcement settings.
    *
    * @throws {Error} When server returns 5xx status codes
    */
@@ -4514,18 +4617,25 @@ var SocketSdk = class {
    * vulnerabilities, description, license, and tier information.
    */
   async viewPatch(orgSlug, uuid) {
-    const data = await getResponseJson(
-      await createGetRequest(
-        this.#baseUrl,
-        `orgs/${encodeURIComponent(orgSlug)}/patches/view/${encodeURIComponent(uuid)}`,
-        { ...this.#reqOptions, hooks: this.#hooks }
-      )
-    );
-    return data;
+    try {
+      const data = await this.#executeWithRetry(
+        async () => await getResponseJson(
+          await createGetRequest(
+            this.#baseUrl,
+            `orgs/${encodeURIComponent(orgSlug)}/patches/view/${encodeURIComponent(uuid)}`,
+            { ...this.#reqOptions, hooks: this.#hooks }
+          )
+        )
+      );
+      return data;
+    } catch (e) {
+      const result = await this.#handleApiError(e);
+      throw new Error(result.error, { cause: result.cause });
+    }
   }
 };
 if ((0, import_debug2.isDebugNs)("heap")) {
-  const used = process.memoryUsage();
+  const used = import_node_process2.default.memoryUsage();
   (0, import_debug2.debugLog)("heap", `heap used: ${Math.round(used.heapUsed / 1024 / 1024)}MB`);
 }
 // Annotate the CommonJS export names for ESM import in node: