opal-security 2.3.4 → 3.0.1-beta.4262451

package/lib/lib/credentials/index.js

@@ -1,41 +1,52 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.removeOpalCredentials = exports.getOpalCredentials = exports.setOpalCredentials = void 0;
+exports.removeOpalCredentials = exports.getOpalCredentials = exports.setOpalCredentials = exports.SecretType = void 0;
 const config_1 = require("../config");
 const keychain_1 = require("./keychain");
 const localEncryption_1 = require("./localEncryption");
-const setOpalCredentials = async (command, email, organizationID, clientIDCandidate, accessToken) => {
-    email = email || 'email-unset';
+var SecretType;
+(function (SecretType) {
+    SecretType["Cookie"] = "COOKIE";
+    SecretType["ApiToken"] = "API_TOKEN";
+})(SecretType || (exports.SecretType = SecretType = {}));
+const setOpalCredentials = async (command, email, organizationID, clientIDCandidate, secret, secretType) => {
+    const givenEmail = email || "email-unset";
     const configData = (0, config_1.getOrCreateConfigData)(command.config.configDir);
     configData.creds = {
         clientIDCandidate,
         email,
         organizationID,
+        secretType,
     };
     (0, config_1.writeConfigData)(command.config.configDir, configData);
     if (process.platform === "darwin") {
-        await (0, keychain_1.setTokenInKeychain)(email, accessToken);
+        await (0, keychain_1.setSecretInKeychain)(givenEmail, secret);
     }
     else {
-        await (0, localEncryption_1.setTokenInConfig)(command, configData, accessToken);
+        await (0, localEncryption_1.setSecretInConfig)(command, configData, secret);
     }
 };
 exports.setOpalCredentials = setOpalCredentials;
-const getOpalCredentials = async (command, includeAccessToken = true) => {
+const getOpalCredentials = async (command, includeAuthSecret = true) => {
     var _a, _b;
-    let creds = (_b = (_a = (0, config_1.getOrCreateConfigData)(command.config.configDir)) === null || _a === void 0 ? void 0 : _a.creds) !== null && _b !== void 0 ? _b : {};
-    if (!includeAccessToken) {
+    const creds = (_b = (_a = (0, config_1.getOrCreateConfigData)(command.config.configDir)) === null || _a === void 0 ? void 0 : _a.creds) !== null && _b !== void 0 ? _b : {};
+    if (!includeAuthSecret) {
         return creds;
     }
-    let accessToken = null;
+    let secret = null;
     if (process.platform === "darwin") {
-        accessToken = await (0, keychain_1.getTokenFromKeychain)((creds === null || creds === void 0 ? void 0 : creds.email) || 'email-unset');
+        secret = await (0, keychain_1.getSecretFromKeychain)((creds === null || creds === void 0 ? void 0 : creds.email) || "email-unset");
     }
     else {
-        accessToken = await (0, localEncryption_1.getTokenFromConfig)(creds);
+        secret = await (0, localEncryption_1.getSecretFromConfig)(creds);
     }
-    if (accessToken) {
-        creds.accessToken = accessToken;
+    if (secret) {
+        creds.secret = secret;
+        // This is a fallback for users with stored credentials from before we converted to session auth with the CLITokenExchange mutation
+        // It will allow them to continue authenticating with an access token in an Authorization header, which will work until we remove support for that
+        if (!creds.secretType) {
+            creds.secretType = SecretType.ApiToken;
+        }
     }
     return creds;
 };
@@ -43,13 +54,13 @@ exports.getOpalCredentials = getOpalCredentials;
 const removeOpalCredentials = async (command) => {
     var _a;
     const configData = (0, config_1.getOrCreateConfigData)(command.config.configDir);
-    const email = ((_a = configData === null || configData === void 0 ? void 0 : configData.creds) === null || _a === void 0 ? void 0 : _a.email) || 'email-unset';
+    const email = ((_a = configData === null || configData === void 0 ? void 0 : configData.creds) === null || _a === void 0 ? void 0 : _a.email) || "email-unset";
     // On linux, the access token is stored encrypted in configData.creds, so this effectively removes it
     configData.creds = {};
     (0, config_1.writeConfigData)(command.config.configDir, configData);
     // but on OSX, we need an extra step to delete the token from the keychain
     if (process.platform === "darwin") {
-        await (0, keychain_1.deleteTokenFromKeychain)(email);
+        await (0, keychain_1.deleteSecretFromKeychain)(email);
     }
 };
 exports.removeOpalCredentials = removeOpalCredentials;

package/lib/lib/credentials/keychain.d.ts

@@ -1,3 +1,3 @@
-export declare const setTokenInKeychain: (email: string, accessToken: string) => Promise<void>;
-export declare const getTokenFromKeychain: (email: string) => Promise<string>;
-export declare const deleteTokenFromKeychain: (email: string) => Promise<void>;
+export declare const setSecretInKeychain: (email: string, secret: string) => Promise<void>;
+export declare const getSecretFromKeychain: (email: string) => Promise<string>;
+export declare const deleteSecretFromKeychain: (email: string) => Promise<void>;

package/lib/lib/credentials/keychain.js

@@ -1,12 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.deleteTokenFromKeychain = exports.getTokenFromKeychain = exports.setTokenInKeychain = void 0;
+exports.deleteSecretFromKeychain = exports.getSecretFromKeychain = exports.setSecretInKeychain = void 0;
 const keychain = require("keychain");
-const OPAL_KEYCHAIN_SERVICE = 'opal-cli';
+const OPAL_KEYCHAIN_SERVICE = "opal-cli";
 // On OSX, we can easily work with the system Keychain to store the access token.
-const setTokenInKeychain = async (email, accessToken) => {
+const setSecretInKeychain = async (email, secret) => {
     return new Promise((resolve, reject) => {
-        keychain.setPassword({ account: email, service: OPAL_KEYCHAIN_SERVICE, password: accessToken }, function (err) {
+        keychain.setPassword({ account: email, service: OPAL_KEYCHAIN_SERVICE, password: secret }, (err) => {
             if (err) {
                 reject(err);
             }
@@ -16,11 +16,11 @@ const setTokenInKeychain = async (email, accessToken) => {
         });
     });
 };
-exports.setTokenInKeychain = setTokenInKeychain;
-const getTokenFromKeychain = async (email) => {
+exports.setSecretInKeychain = setSecretInKeychain;
+const getSecretFromKeychain = async (email) => {
     return new Promise((resolve, reject) => {
-        keychain.getPassword({ account: email, service: OPAL_KEYCHAIN_SERVICE }, function (err, password) {
-            if (err && (err === null || err === void 0 ? void 0 : err.type) !== 'PasswordNotFoundError') {
+        keychain.getPassword({ account: email, service: OPAL_KEYCHAIN_SERVICE }, (err, password) => {
+            if (err && (err === null || err === void 0 ? void 0 : err.type) !== "PasswordNotFoundError") {
                 reject(err);
             }
             else {
@@ -29,13 +29,13 @@ const getTokenFromKeychain = async (email) => {
         });
     });
 };
-exports.getTokenFromKeychain = getTokenFromKeychain;
-const deleteTokenFromKeychain = async (email) => {
+exports.getSecretFromKeychain = getSecretFromKeychain;
+const deleteSecretFromKeychain = async (email) => {
     return new Promise((resolve) => {
-        keychain.deletePassword({ service: OPAL_KEYCHAIN_SERVICE, account: email }, function () {
+        keychain.deletePassword({ service: OPAL_KEYCHAIN_SERVICE, account: email }, () => {
             // we might get errors here if the password doesn't exist, which we want to swallow
             resolve();
         });
     });
 };
-exports.deleteTokenFromKeychain = deleteTokenFromKeychain;
+exports.deleteSecretFromKeychain = deleteSecretFromKeychain;

package/lib/lib/credentials/localEncryption.d.ts

@@ -1,3 +1,3 @@
-import { Command } from '@oclif/core';
-export declare const setTokenInConfig: (command: Command, configData: Record<string, any>, accessToken: string) => Promise<void>;
-export declare const getTokenFromConfig: (credsConfig: Record<string, any>) => Promise<string | undefined>;
+import type { Command } from "@oclif/core";
+export declare const setSecretInConfig: (command: Command, configData: Record<string, any>, secret: string) => Promise<void>;
+export declare const getSecretFromConfig: (credsConfig: Record<string, any>) => Promise<string>;

package/lib/lib/credentials/localEncryption.js

@@ -1,11 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getTokenFromConfig = exports.setTokenInConfig = void 0;
-const inquirer = require("inquirer");
+exports.getSecretFromConfig = exports.setSecretInConfig = void 0;
+const node_crypto_1 = require("node:crypto");
 const argon2 = require("argon2");
-const crypto_1 = require("crypto");
+const inquirer = require("inquirer");
 const config_1 = require("../config");
-const ENCRYPTION_ALGORITHM = 'aes-256-gcm';
+const ENCRYPTION_ALGORITHM = "aes-256-gcm";
 /**
  * On linux, windows, and WSL, we can't easily work with the system keychain
  * So instead, we store the token encrypted in an `accessTokenDetails` block in the CLI's config file
@@ -20,56 +20,65 @@ let password;
 const promptForPassword = async (msg) => {
     const { customKey } = await inquirer.prompt([
         {
-            name: 'customKey',
+            name: "customKey",
             message: msg,
-            type: 'password',
+            type: "password",
             validate: (key) => key.length > 0,
         },
     ]);
     return customKey;
 };
-const setTokenInConfig = async (command, configData, accessToken) => {
+const setSecretInConfig = async (command, configData, secret) => {
     if (!password) {
-        password = await promptForPassword('Enter a password to encrypt your credentials: ');
+        password = await promptForPassword("Enter a password to encrypt your credentials: ");
     }
-    const salt = (0, crypto_1.randomBytes)(24);
-    const key = await argon2.hash(password, { hashLength: 32, raw: true, salt: salt });
-    const iv = (0, crypto_1.randomBytes)(12);
-    const cipher = (0, crypto_1.createCipheriv)(ENCRYPTION_ALGORITHM, key, iv);
-    let accessTokenEncrypted = cipher.update(accessToken, 'utf8', 'base64');
-    accessTokenEncrypted += cipher.final('base64');
+    const salt = (0, node_crypto_1.randomBytes)(24);
+    const key = await argon2.hash(password, {
+        hashLength: 32,
+        raw: true,
+        salt: salt,
+    });
+    const iv = (0, node_crypto_1.randomBytes)(12);
+    const cipher = (0, node_crypto_1.createCipheriv)(ENCRYPTION_ALGORITHM, key, iv);
+    let secretEncrypted = cipher.update(secret, "utf8", "base64");
+    secretEncrypted += cipher.final("base64");
     // In addition to storing the encrypted text, we need to store the argon2 salt, and AES authTag + IV so we can decrypt
     configData.creds.accessTokenDetails = {
-        encryptedText: accessTokenEncrypted,
-        authTag: cipher.getAuthTag().toString('base64'),
-        salt: salt.toString('base64'),
-        iv: iv.toString('base64')
+        encryptedText: secretEncrypted,
+        authTag: cipher.getAuthTag().toString("base64"),
+        salt: salt.toString("base64"),
+        iv: iv.toString("base64"),
     };
     (0, config_1.writeConfigData)(command.config.configDir, configData);
 };
-exports.setTokenInConfig = setTokenInConfig;
-const getTokenFromConfig = async (credsConfig) => {
-    let accessToken;
+exports.setSecretInConfig = setSecretInConfig;
+const getSecretFromConfig = async (credsConfig) => {
+    let secret = "";
     if (credsConfig === null || credsConfig === void 0 ? void 0 : credsConfig.accessTokenDetails) {
         if (!password) {
-            password = await promptForPassword('Enter the password used to encrypt your credentials: ');
+            password = await promptForPassword("Enter the password used to encrypt your credentials: ");
         }
-        const salt = Buffer.from(credsConfig.accessTokenDetails.salt, 'base64');
-        const iv = Buffer.from(credsConfig.accessTokenDetails.iv, 'base64');
-        const key = await argon2.hash(password, { hashLength: 32, raw: true, salt: salt });
+        const salt = Buffer.from(credsConfig.accessTokenDetails.salt, "base64");
+        const iv = Buffer.from(credsConfig.accessTokenDetails.iv, "base64");
+        const key = await argon2.hash(password, {
+            hashLength: 32,
+            raw: true,
+            salt: salt,
+        });
         try {
-            const decipher = (0, crypto_1.createDecipheriv)(ENCRYPTION_ALGORITHM, key, iv);
-            decipher.setAuthTag(Buffer.from(credsConfig.accessTokenDetails.authTag, 'base64'));
-            accessToken = decipher.update(credsConfig.accessTokenDetails.encryptedText, 'base64', 'utf8');
-            accessToken += decipher.final('utf8');
+            const decipher = (0, node_crypto_1.createDecipheriv)(ENCRYPTION_ALGORITHM, key, iv);
+            decipher.setAuthTag(Buffer.from(credsConfig.accessTokenDetails.authTag, "base64"));
+            secret = decipher.update(credsConfig.accessTokenDetails.encryptedText, "base64", "utf8");
+            secret += decipher.final("utf8");
         }
         catch (error) {
             console.error("ERROR: Failed to decrypt local credentials.\n" +
                 "  Check that you entered the correct password, or re-authenticate with `opal login`");
             process.exit(1);
         }
+        // biome-ignore lint/performance/noDelete: add tests for this function and remove this eventually
         delete credsConfig.accessTokenDetails;
     }
-    return accessToken;
+    return secret;
 };
-exports.getTokenFromConfig = getTokenFromConfig;
+exports.getSecretFromConfig = getSecretFromConfig;

package/lib/lib/flags.js

@@ -3,24 +3,24 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SHARED_FLAGS = void 0;
 const core_1 = require("@oclif/core");
 exports.SHARED_FLAGS = {
-    help: core_1.Flags.help({ char: 'h' }),
+    help: core_1.Flags.help({ char: "h" }),
     id: core_1.Flags.string({
         multiple: false,
-        char: 'i',
-        description: 'The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]',
+        char: "i",
+        description: "The Opal ID of the resource. You can find this from the URL, e.g. https://opal.dev/resources/[ID]",
     }),
     accessLevelRemoteId: core_1.Flags.string({
         multiple: false,
-        char: 'a',
-        description: 'The remote ID of the access level with which to access the resource.',
+        char: "a",
+        description: "The remote ID of the access level with which to access the resource.",
     }),
     sessionId: core_1.Flags.string({
         multiple: false,
-        char: 's',
-        description: 'The Opal ID of the session to connect to. Uses an existing session that was created via the web flow.',
+        char: "s",
+        description: "The Opal ID of the session to connect to. Uses an existing session that was created via the web flow.",
     }),
     refresh: core_1.Flags.boolean({
-        char: 'r',
-        description: 'Starts a new session even if one already exists. Useful if a session is about to expire.',
+        char: "r",
+        description: "Starts a new session even if one already exists. Useful if a session is about to expire.",
     }),
 };

package/lib/lib/resources.d.ts

@@ -1,5 +1,5 @@
-import { Command } from '@oclif/core';
-import { ResourceAccessLevel, ResourceAccessLevelInput } from '../types';
+import type { Command } from "@oclif/core";
+import type { ResourceAccessLevel, ResourceAccessLevelInput } from "../types";
 export type ResourceInfo = {
     id: string;
     name: string;

package/lib/lib/resources.js

@@ -5,16 +5,15 @@ const inquirer = require("inquirer");
 const handler_1 = require("../handler");
 const apollo_1 = require("./apollo");
 exports.DEFAULT_ACCESS_LEVEL = {
-    accessLevelName: '',
-    accessLevelRemoteId: '',
+    accessLevelName: "",
+    accessLevelRemoteId: "",
 };
 // Returns a filtered array of items that match the input
 const filterChoices = (input, choices) => {
-    input = input || '';
-    if (input === '') {
+    if (!input) {
         return choices;
     }
-    return choices.filter(choice => choice.name.toLowerCase().includes(input.toLowerCase()));
+    return choices.filter((choice) => choice.name.toLowerCase().includes(input.toLowerCase()));
 };
 exports.filterChoices = filterChoices;
 const ListResourcesDocumentTemplate = `
@@ -37,8 +36,8 @@ query ListResources {
   }
 }`;
 const promptUserForResource = async (command, resourceType, message) => {
-    const listResourcesDocument = ListResourcesDocumentTemplate.replace('RESOURCE_TYPE', resourceType);
-    const { resp, error } = await (0, handler_1.runQuery)({
+    const listResourcesDocument = ListResourcesDocumentTemplate.replace("RESOURCE_TYPE", resourceType);
+    const { resp, error } = await (0, handler_1.runQueryDeprecated)({
         command: command,
         query: listResourcesDocument,
         variables: {},
@@ -60,19 +59,22 @@ const promptUserForResource = async (command, resourceType, message) => {
         };
     });
     if (resourceInfos.length === 0) {
-        return (0, apollo_1.handleError)(command, 'You don\'t have access to any resources of this type. Please go to Opal to request access.');
+        return (0, apollo_1.handleError)(command, "You don't have access to any resources of this type. Please go to Opal to request access.");
     }
     const resourceInfoByName = {};
-    resourceInfos.forEach(resourceInfo => {
+    // biome-ignore lint/complexity/noForEach: fix it when you get the chance
+    resourceInfos.forEach((resourceInfo) => {
         resourceInfoByName[resourceInfo.name] = resourceInfo;
     });
-    inquirer.registerPrompt('autocomplete', require('inquirer-autocomplete-prompt'));
-    const selectedResourceInfo = await inquirer.prompt([{
-            name: 'resource',
+    inquirer.registerPrompt("autocomplete", require("inquirer-autocomplete-prompt"));
+    const selectedResourceInfo = await inquirer.prompt([
+        {
+            name: "resource",
             message: message,
-            type: 'autocomplete',
+            type: "autocomplete",
             source: (answers, input) => (0, exports.filterChoices)(input, resourceInfos),
-        }]);
+        },
+    ]);
     return resourceInfoByName[selectedResourceInfo.resource];
 };
 exports.promptUserForResource = promptUserForResource;
@@ -90,7 +92,7 @@ query ListAccessLevelsForResource($resourceId: ResourceId!) {
 }`;
 const promptUserForAccessLevels = async (command, resourceId, instanceType, accessLevelRemoteId) => {
     var _a, _b, _c;
-    const { resp, error } = await (0, handler_1.runQuery)({
+    const { resp, error } = await (0, handler_1.runQueryDeprecated)({
         command: command,
         query: ListAccessLevelsForResource,
         variables: { resourceId },
@@ -103,11 +105,12 @@ const promptUserForAccessLevels = async (command, resourceId, instanceType, acce
         name: resp.accessLevelName,
     }));
     if (!accessLevelInfos) {
-        return (0, apollo_1.handleError)(command, 'This resource requires an access level, but none have been set up in Opal. Please contact your Opal admin.');
+        return (0, apollo_1.handleError)(command, "This resource requires an access level, but none have been set up in Opal. Please contact your Opal admin.");
     }
     const accessLevelInfoByName = {};
     const accessLevelInfoByRemoteId = {};
-    accessLevelInfos.forEach(accessLevelInfo => {
+    // biome-ignore lint/complexity/noForEach: please fix this
+    accessLevelInfos.forEach((accessLevelInfo) => {
         accessLevelInfoByName[accessLevelInfo.name] = accessLevelInfo;
         accessLevelInfoByRemoteId[accessLevelInfo.id] = accessLevelInfo;
     });
@@ -117,14 +120,17 @@ const promptUserForAccessLevels = async (command, resourceId, instanceType, acce
     }
     // Prompt user to pick access levels available to them
     if (!selectedAccessLevel) {
-        inquirer.registerPrompt('autocomplete', require('inquirer-autocomplete-prompt'));
-        const selectedAccessLevelInfo = await inquirer.prompt([{
-                name: 'accessLevel',
+        inquirer.registerPrompt("autocomplete", require("inquirer-autocomplete-prompt"));
+        const selectedAccessLevelInfo = await inquirer.prompt([
+            {
+                name: "accessLevel",
                 message: `Select an access level to the ${instanceType}`,
-                type: 'autocomplete',
+                type: "autocomplete",
                 source: (answers, input) => (0, exports.filterChoices)(input, accessLevelInfos),
-            }]);
-        selectedAccessLevel = accessLevelInfoByName[selectedAccessLevelInfo.accessLevel];
+            },
+        ]);
+        selectedAccessLevel =
+            accessLevelInfoByName[selectedAccessLevelInfo.accessLevel];
     }
     return {
         accessLevelName: selectedAccessLevel.name,

package/lib/lib/sessions.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
-import { ResourceAccessLevelInput } from '../types';
+import type { Command } from "@oclif/core";
+import type { ResourceAccessLevelInput } from "../types";
 export declare const getOrCreateSession: (command: Command, resourceId: string, accessLevel: ResourceAccessLevelInput, sessionId: string | undefined, metadataFragment: string, wantNewSession?: boolean) => Promise<any>;
 export declare const getSessionExpirationMessage: (session: any) => string;

package/lib/lib/sessions.js

@@ -1,11 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getSessionExpirationMessage = exports.getOrCreateSession = void 0;
+const moment = require("moment");
 const open = require("open");
-const config_1 = require("../lib/config");
 const handler_1 = require("../handler");
-const moment = require("moment");
 const apollo_1 = require("../lib/apollo");
+const config_1 = require("../lib/config");
 const util_1 = require("./util");
 const CreateSessionDocument = `
 mutation CreateSession($id: ResourceId!, $accessLevel: ResourceAccessLevelInput!, $sessionId: SessionId) {
@@ -59,9 +59,9 @@ query ListSessions($id: ResourceId!) {
 }
 `;
 const getSession = async (command, resourceId, accessLevelRemoteId, sessionId, metadataFragment, minCreatedAt) => {
-    const { resp, error } = await (0, handler_1.runQuery)({
+    const { resp, error } = await (0, handler_1.runQueryDeprecated)({
         command: command,
-        query: ListSessionsDocument.replace('METADATA_FRAGMENT', metadataFragment),
+        query: ListSessionsDocument.replace("METADATA_FRAGMENT", metadataFragment),
         variables: {
             id: resourceId,
         },
@@ -70,8 +70,9 @@ const getSession = async (command, resourceId, accessLevelRemoteId, sessionId, m
         return (0, apollo_1.handleError)(command, error);
     }
     switch (resp === null || resp === void 0 ? void 0 : resp.data.sessions.__typename) {
-        case 'SessionsResult': {
+        case "SessionsResult": {
             const sessions = resp.data.sessions.sessions;
+            // biome-ignore lint/suspicious/noImplicitAnyLet: please fix how we do queries in this cli
             let selectedSession;
             for (const session of sessions) {
                 if (sessionId && session.id !== sessionId) {
@@ -84,7 +85,8 @@ const getSession = async (command, resourceId, accessLevelRemoteId, sessionId, m
                     // This lets us wait until we get a session that's newly created
                     continue;
                 }
-                if (!selectedSession || moment(session.endTime).diff(selectedSession.endTime) > 0) {
+                if (!selectedSession ||
+                    moment(session.endTime).diff(selectedSession.endTime) > 0) {
                     // Select the session with the latest end time
                     selectedSession = session;
                 }
@@ -105,13 +107,12 @@ const openBrowserAndPollForSession = async (command, message, resourceId, access
     const configData = (0, config_1.getOrCreateConfigData)(command.config.configDir);
     const url = configData[config_1.urlKey];
     setTimeout(() => {
-        open(url + `/resources/${resourceId}?showModal=true&refresh=true`);
+        open(`${url}/resources/${resourceId}?showModal=true&refresh=true`);
     }, 2000); // Wait before opening the browser to give the user time to read the message
+    // biome-ignore lint/suspicious/noImplicitAnyLet: please fix typing for queries
     let session;
     while (!session) {
-        // eslint-disable-next-line no-await-in-loop
         await (0, util_1.sleep)(2000);
-        // eslint-disable-next-line no-await-in-loop
         session = await getSession(command, resourceId, accessLevelRemoteId, sessionId, metadataFragment, minCreatedAt);
     }
     return session;
@@ -119,7 +120,7 @@ const openBrowserAndPollForSession = async (command, message, resourceId, access
 const createSession = async (command, resourceId, accessLevel, sessionId, metadataFragment, wantNewSession) => {
     const { resp, error } = await (0, handler_1.runMutation)({
         command: command,
-        query: CreateSessionDocument.replace('METADATA_FRAGMENT', metadataFragment),
+        query: CreateSessionDocument.replace("METADATA_FRAGMENT", metadataFragment),
         variables: {
             id: resourceId,
             accessLevel: accessLevel,
@@ -130,14 +131,14 @@ const createSession = async (command, resourceId, accessLevel, sessionId, metada
         return (0, apollo_1.handleError)(command, error);
     }
     switch (resp === null || resp === void 0 ? void 0 : resp.data.createSession.__typename) {
-        case 'CreateSessionResult': {
+        case "CreateSessionResult": {
             return resp.data.createSession.session;
         }
-        case 'MfaInvalidError': {
-            return openBrowserAndPollForSession(command, '❗ MFA validation needed. Please connect via browser. Opening browser and awaiting validation...', resourceId, accessLevel.accessLevelRemoteId, sessionId, metadataFragment, wantNewSession);
+        case "MfaInvalidError": {
+            return openBrowserAndPollForSession(command, "❗ MFA validation needed. Please connect via browser. Opening browser and awaiting validation...", resourceId, accessLevel.accessLevelRemoteId, sessionId, metadataFragment, wantNewSession);
         }
-        case 'OidcIDTokenNotFoundError': {
-            return openBrowserAndPollForSession(command, '❗ OIDC authentication needed. Please connect via browser. Opening browser and awaiting authentication...', resourceId, accessLevel.accessLevelRemoteId, sessionId, metadataFragment, wantNewSession);
+        case "OidcIDTokenNotFoundError": {
+            return openBrowserAndPollForSession(command, "❗ OIDC authentication needed. Please connect via browser. Opening browser and awaiting authentication...", resourceId, accessLevel.accessLevelRemoteId, sessionId, metadataFragment, wantNewSession);
         }
         default:
             return (0, apollo_1.handleError)(command, error, resp);
@@ -152,14 +153,14 @@ const getOrCreateSession = async (command, resourceId, accessLevel, sessionId, m
         }
     }
     if (sessionId) {
-        return (0, apollo_1.handleError)(command, 'Session not found for given id: ' + sessionId);
+        return (0, apollo_1.handleError)(command, `Session not found for given id: ${sessionId}`);
     }
     // Create new session
     return createSession(command, resourceId, accessLevel, sessionId, metadataFragment, wantNewSession);
 };
 exports.getOrCreateSession = getOrCreateSession;
 const getSessionExpirationMessage = (session) => {
-    const diff = moment(session.endTime).diff(moment(), 'minutes');
+    const diff = moment(session.endTime).diff(moment(), "minutes");
     const hours = Math.floor(diff / 60);
     const minutes = diff % 60;
     return `${hours}h ${minutes}m`;

package/lib/lib/ssh.d.ts

@@ -1,3 +1,3 @@
-import { Command } from '@oclif/core';
+import type { Command } from "@oclif/core";
 export declare const selectComputeInstance: (command: Command, action: string) => Promise<void | import("./resources").ResourceInfo>;
 export declare const assertSessionManagerPluginExists: () => Promise<boolean>;

package/lib/lib/ssh.js

@@ -4,18 +4,18 @@ exports.assertSessionManagerPluginExists = exports.selectComputeInstance = void
 const cmd_1 = require("../lib/cmd");
 const resources_1 = require("./resources");
 const selectComputeInstance = async (command, action) => {
-    return (0, resources_1.promptUserForResource)(command, 'AWS_EC2_INSTANCE', `Select an EC2 instance to ${action}`);
+    return (0, resources_1.promptUserForResource)(command, "AWS_EC2_INSTANCE", `Select an EC2 instance to ${action}`);
 };
 exports.selectComputeInstance = selectComputeInstance;
 const assertSessionManagerPluginExists = async () => {
-    const errorMessage = '❗ AWS session manager plugin is required to use SSH functionality. ' +
-        'Please install it then retry your command. Installation instructions can be found at ' +
-        'https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html.';
-    let checkPluginCommand = 'command -v session-manager-plugin';
-    if (process.platform === 'win32')
-        checkPluginCommand = 'where session-manager-plugin';
+    const errorMessage = "❗ AWS session manager plugin is required to use SSH functionality. " +
+        "Please install it then retry your command. Installation instructions can be found at " +
+        "https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html.";
+    let checkPluginCommand = "command -v session-manager-plugin";
+    if (process.platform === "win32")
+        checkPluginCommand = "where session-manager-plugin";
     try {
-        const stdOut = await (0, cmd_1.runCommandExecWithCallback)(checkPluginCommand, function (error, stdOut, stdErr) {
+        const stdOut = await (0, cmd_1.runCommandExecWithCallback)(checkPluginCommand, (error, stdOut, stdErr) => {
             // Error if there's no output, meaning the plugin is not installed
             if (!stdOut) {
                 console.log(errorMessage);

package/lib/lib/util.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" />
 export declare const sleep: (ms: number) => Promise<unknown>;
 export declare const copyToClipboard: (content: string) => import("child_process").ChildProcess;
 export declare const displayContent: (content: string) => import("child_process").ChildProcess;

package/lib/lib/util.js

@@ -1,40 +1,40 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.displayContent = exports.copyToClipboard = exports.sleep = void 0;
-const child_process_1 = require("child_process");
+const node_child_process_1 = require("node:child_process");
 const sleep = (ms) => {
-    return new Promise(resolve => {
+    return new Promise((resolve) => {
         setTimeout(resolve, ms);
     });
 };
 exports.sleep = sleep;
 const getCopyCommand = () => {
     switch (process.platform) {
-        case 'darwin':
-            return 'pbcopy';
-        case 'win32':
-            return 'clip';
+        case "darwin":
+            return "pbcopy";
+        case "win32":
+            return "clip";
         default:
-            return 'xclip -selection clipboard';
+            return "xclip -selection clipboard";
     }
 };
 const copyToClipboard = (content) => {
     const copyCommand = getCopyCommand();
-    return (0, child_process_1.exec)(`echo "${content}" | ${copyCommand}`);
+    return (0, node_child_process_1.exec)(`echo "${content}" | ${copyCommand}`);
 };
 exports.copyToClipboard = copyToClipboard;
 const getDisplayCommand = () => {
     switch (process.platform) {
-        case 'win32':
-            return 'more';
+        case "win32":
+            return "more";
         default:
-            return 'less';
+            return "less";
     }
 };
 const displayContent = (content) => {
     const displayCommand = getDisplayCommand();
-    return (0, child_process_1.spawn)(`cat <<< "${content}" | ${displayCommand}`, {
-        stdio: 'inherit',
+    return (0, node_child_process_1.spawn)(`cat <<< "${content}" | ${displayCommand}`, {
+        stdio: "inherit",
         shell: true,
     });
 };