node-power-user 2.1.1 → 2.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/install.js +8 -0
- package/dist/commands/outdated.js +10 -2
- package/dist/lib/socket.js +24 -10
- package/package.json +6 -5
package/dist/commands/install.js
CHANGED
|
@@ -36,6 +36,14 @@ module.exports = async function (options) {
|
|
|
36
36
|
try {
|
|
37
37
|
await socket.wrap(command, { force: options.force });
|
|
38
38
|
} catch (e) {
|
|
39
|
+
// npm itself failed (ERESOLVE, network, peer-dep conflict) — not a Socket block.
|
|
40
|
+
// The npm error was already printed above; just acknowledge and stop.
|
|
41
|
+
if (e.reason === 'npm-failed') {
|
|
42
|
+
logger.log('');
|
|
43
|
+
logger.log('Fix the npm error above (e.g. resolve peer-dep conflicts) and retry.');
|
|
44
|
+
return;
|
|
45
|
+
}
|
|
46
|
+
|
|
39
47
|
const flaggedPackages = e.flaggedPackages || [];
|
|
40
48
|
|
|
41
49
|
if (flaggedPackages.length > 0) {
|
|
@@ -264,12 +264,20 @@ module.exports = async function (options) {
|
|
|
264
264
|
try {
|
|
265
265
|
await socket.wrap(installCmd, { force: options.force });
|
|
266
266
|
} catch (e) {
|
|
267
|
-
const flaggedPackages = e.flaggedPackages || [];
|
|
268
|
-
|
|
269
267
|
// Restore package.json since the bulk install failed
|
|
270
268
|
jetpack.write(packageJsonPath, packageJsonBackup);
|
|
271
269
|
logger.log('package.json has been restored to its original state.');
|
|
272
270
|
|
|
271
|
+
// npm itself failed (ERESOLVE, network, peer-dep conflict) — not a Socket block.
|
|
272
|
+
// The npm error was already printed above; just acknowledge and stop.
|
|
273
|
+
if (e.reason === 'npm-failed') {
|
|
274
|
+
logger.log('');
|
|
275
|
+
logger.log('Fix the npm error above (e.g. resolve peer-dep conflicts) and retry.');
|
|
276
|
+
return { allPackages, updated: false, target: action };
|
|
277
|
+
}
|
|
278
|
+
|
|
279
|
+
const flaggedPackages = e.flaggedPackages || [];
|
|
280
|
+
|
|
273
281
|
// Trace which of the requested packages bring in the flagged deps
|
|
274
282
|
const riskyParents = new Set();
|
|
275
283
|
|
package/dist/lib/socket.js
CHANGED
|
@@ -72,12 +72,21 @@ async function wrap(command, options) {
|
|
|
72
72
|
console.log(output);
|
|
73
73
|
}
|
|
74
74
|
|
|
75
|
-
//
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
75
|
+
// Distinguish a real Socket risk-block from a generic npm failure.
|
|
76
|
+
// Socket prints its own markers when it blocks; npm failures (ERESOLVE,
|
|
77
|
+
// network errors, peer-dep conflicts) just exit non-zero with npm errors.
|
|
78
|
+
const socketBlocked = /new risk|socket found|exiting due to risks/i.test(output)
|
|
79
|
+
&& !/no new risks/i.test(output);
|
|
80
|
+
|
|
81
|
+
// Subprocess failed but Socket didn't actually block — surface the npm error honestly.
|
|
82
|
+
if (exitedWithError && !socketBlocked) {
|
|
83
|
+
logger.error('npm install failed. See the error output above.');
|
|
84
|
+
const err = new Error('npm install failed.');
|
|
85
|
+
err.reason = 'npm-failed';
|
|
86
|
+
throw err;
|
|
87
|
+
}
|
|
79
88
|
|
|
80
|
-
if (!
|
|
89
|
+
if (!socketBlocked) {
|
|
81
90
|
return;
|
|
82
91
|
}
|
|
83
92
|
|
|
@@ -95,6 +104,7 @@ async function wrap(command, options) {
|
|
|
95
104
|
if (!options.force) {
|
|
96
105
|
logger.error('Refusing to install. Review the risks above, then use --force to bypass.');
|
|
97
106
|
const err = new Error('Socket detected supply chain risks.');
|
|
107
|
+
err.reason = 'socket-blocked';
|
|
98
108
|
err.flaggedPackages = flaggedPackages;
|
|
99
109
|
throw err;
|
|
100
110
|
}
|
|
@@ -130,12 +140,16 @@ async function audit(options) {
|
|
|
130
140
|
console.log(output);
|
|
131
141
|
}
|
|
132
142
|
|
|
133
|
-
//
|
|
134
|
-
const
|
|
135
|
-
|
|
136
|
-
|
|
143
|
+
// Distinguish a real Socket risk-finding from a generic audit-subprocess failure.
|
|
144
|
+
const socketFoundRisks = /new risk|socket found|exiting due to risks/i.test(output)
|
|
145
|
+
&& !/no new risks/i.test(output);
|
|
146
|
+
|
|
147
|
+
if (exitedWithError && !socketFoundRisks) {
|
|
148
|
+
logger.warn('Socket audit subprocess failed (not a risk finding). See output above.');
|
|
149
|
+
return;
|
|
150
|
+
}
|
|
137
151
|
|
|
138
|
-
if (!
|
|
152
|
+
if (!socketFoundRisks) {
|
|
139
153
|
logger.log(logger.format.green('Socket audit passed — no risks detected.'));
|
|
140
154
|
return;
|
|
141
155
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "node-power-user",
|
|
3
|
-
"version": "2.1.
|
|
3
|
+
"version": "2.1.3",
|
|
4
4
|
"description": "Easy tools for every Node.js developer!",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -22,7 +22,8 @@
|
|
|
22
22
|
"input": "./src",
|
|
23
23
|
"output": "./dist",
|
|
24
24
|
"replace": {},
|
|
25
|
-
"type": "copy"
|
|
25
|
+
"type": "copy",
|
|
26
|
+
"hooks": {}
|
|
26
27
|
},
|
|
27
28
|
"repository": {
|
|
28
29
|
"type": "git",
|
|
@@ -40,20 +41,20 @@
|
|
|
40
41
|
},
|
|
41
42
|
"homepage": "https://itwcreativeworks.com",
|
|
42
43
|
"dependencies": {
|
|
43
|
-
"@inquirer/prompts": "^8.3
|
|
44
|
+
"@inquirer/prompts": "^8.4.3",
|
|
44
45
|
"chalk": "^5.6.2",
|
|
45
46
|
"cli-progress": "^3.12.0",
|
|
46
47
|
"fs-jetpack": "^5.1.0",
|
|
47
48
|
"itwcw-package-analytics": "^1.0.8",
|
|
48
49
|
"node-powertools": "^3.0.0",
|
|
49
50
|
"npm-api": "^1.0.1",
|
|
50
|
-
"npm-check-updates": "^
|
|
51
|
+
"npm-check-updates": "^22.2.0",
|
|
51
52
|
"table": "^6.9.0",
|
|
52
53
|
"wonderful-version": "^1.3.2",
|
|
53
54
|
"yargs": "^18.0.0"
|
|
54
55
|
},
|
|
55
56
|
"devDependencies": {
|
|
56
57
|
"mocha": "^11.7.5",
|
|
57
|
-
"prepare-package": "^2.0
|
|
58
|
+
"prepare-package": "^2.1.0"
|
|
58
59
|
}
|
|
59
60
|
}
|