opal-security 3.0.0 → 3.0.1-beta.4f1a7ce

package/lib/graphql/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./fragment-masking";
+export * from "./gql";

package/lib/graphql/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+tslib_1.__exportStar(require("./fragment-masking"), exports);
+tslib_1.__exportStar(require("./gql"), exports);

package/lib/handler.d.ts

@@ -1,16 +1,16 @@
-import { Command } from '@oclif/core';
-import { OperationVariables, ApolloError } from '@apollo/client/core';
+import type { ApolloError, OperationVariables } from "@apollo/client/core";
+import type { Command } from "@oclif/core";
 interface QueryHandlerProps<TVar = Record<string, any>> {
     command: Command;
     query: string;
     variables?: TVar;
 }
 export declare const runMutation: ({ command, query, variables, }: QueryHandlerProps) => Promise<{
-    resp: import("@apollo/client/core").FetchResult<any> | null;
+    resp: import("@apollo/client/core").FetchResult<any> | null | undefined;
     error: unknown;
 }>;
-export declare const runQuery: <TResponse = any, TVar extends OperationVariables = Record<string, any>>({ command, query, variables, }: QueryHandlerProps<TVar>) => Promise<{
-    resp: import("@apollo/client/core").ApolloQueryResult<TResponse> | null;
+export declare const runQueryDeprecated: <TResponse = any, TVar extends OperationVariables = Record<string, any>>({ command, query, variables, }: QueryHandlerProps<TVar>) => Promise<{
+    resp: import("@apollo/client/core").ApolloQueryResult<TResponse> | null | undefined;
     error: ApolloError;
 }>;
 export {};

package/lib/handler.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.runQuery = exports.runMutation = void 0;
+exports.runQueryDeprecated = exports.runMutation = void 0;
 const graphql_tag_1 = require("graphql-tag");
 const apollo_1 = require("./lib/apollo");
 const runMutation = async ({ command, query, variables, }) => {
@@ -8,12 +8,12 @@ const runMutation = async ({ command, query, variables, }) => {
     let mutationResp = null;
     let mutationError = null;
     try {
-        mutationResp = await apollo_1.client.mutate({
+        mutationResp = await (apollo_1.client === null || apollo_1.client === void 0 ? void 0 : apollo_1.client.mutate({
             mutation: (0, graphql_tag_1.default) `
         ${query}
       `,
             variables: variables,
-        });
+        }));
     }
     catch (error) {
         mutationError = error;
@@ -21,21 +21,21 @@ const runMutation = async ({ command, query, variables, }) => {
     return { resp: mutationResp, error: mutationError };
 };
 exports.runMutation = runMutation;
-const runQuery = async ({ command, query, variables, }) => {
+const runQueryDeprecated = async ({ command, query, variables, }) => {
     await (0, apollo_1.initClient)(command);
     let queryResp = null;
     let queryError = null;
     try {
-        queryResp = await apollo_1.client.query({
+        queryResp = await (apollo_1.client === null || apollo_1.client === void 0 ? void 0 : apollo_1.client.query({
             query: (0, graphql_tag_1.default) `
         ${query}
       `,
             variables: variables,
-        });
+        }));
     }
     catch (error) {
         queryError = error;
     }
     return { resp: queryResp, error: queryError };
 };
-exports.runQuery = runQuery;
+exports.runQueryDeprecated = runQueryDeprecated;

package/lib/index.d.ts

@@ -1 +1 @@
-export { run } from '@oclif/core';
+export { run } from "@oclif/core";

package/lib/lib/apollo.d.ts

@@ -1,7 +1,8 @@
-import { ApolloClient, NormalizedCacheObject } from '@apollo/client/core';
-import { Command } from '@oclif/core';
+import { ApolloClient, type NormalizedCacheObject } from "@apollo/client/core";
+import type { Command } from "@oclif/core";
 export declare let client: ApolloClient<NormalizedCacheObject> | null;
 export declare let cookieStr: string;
 export declare const printResponse: (command: Command, resp: any) => void;
 export declare const handleError: (command: Command, err: any, resp?: any) => void;
 export declare const initClient: (command: Command, fetchAccessToken?: boolean) => Promise<void>;
+export declare function getClient(command: Command, fetchAccessToken?: boolean): Promise<ApolloClient<NormalizedCacheObject>>;

package/lib/lib/apollo.js

@@ -1,27 +1,32 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.initClient = exports.handleError = exports.printResponse = exports.cookieStr = exports.client = void 0;
+exports.getClient = getClient;
 const core_1 = require("@apollo/client/core");
 const context_1 = require("@apollo/client/link/context");
 const error_1 = require("@apollo/client/link/error");
-const prettyjson_1 = require("prettyjson");
-const semver_1 = require("semver");
 const chalk_1 = require("chalk");
 const moment = require("moment");
-const config_1 = require("../lib/config");
-const credentials_1 = require("../lib/credentials");
+const prettyjson_1 = require("prettyjson");
+const semver_1 = require("semver");
+const globals_1 = require("@apollo/client/utilities/globals");
 const login_1 = require("../commands/login");
 const cmd_1 = require("../lib/cmd");
-const fetch = require('node-fetch');
-const https = require('https');
-const http = require('http');
+const config_1 = require("../lib/config");
+const credentials_1 = require("../lib/credentials");
+const fetch = require("node-fetch");
+const https = require("node:https");
+const http = require("node:http");
+// DO NOT USE DIRECTLY, use getClient instead
 exports.client = null;
 // This is used to keep track of the auth-session cookie during login, before we can persist it into the credential store
-exports.cookieStr = '';
+exports.cookieStr = "";
 let alreadyWarnedAboutVersion = false;
 const printResponse = (command, resp) => {
     const filteredJson = JSON.parse(JSON.stringify(resp.data, (k, v) => {
-        if (k === '__typename' || v === null || (Array.isArray(v) && v.length === 0)) {
+        if (k === "__typename" ||
+            v === null ||
+            (Array.isArray(v) && v.length === 0)) {
             return undefined;
         }
         return v;
@@ -30,27 +35,32 @@ const printResponse = (command, resp) => {
 };
 exports.printResponse = printResponse;
 const handleError = (command, err, resp) => {
-    if (err && typeof err === 'object' && ('networkError' in err && 'statusCode' in err.networkError)) {
+    if (err &&
+        typeof err === "object" &&
+        "networkError" in err &&
+        "statusCode" in err.networkError) {
         // Status code errors are already handled in the global Apollo handler, so we can just return here.
         return;
     }
     let errorMsg;
     if (!err) {
-        errorMsg = 'Unexpected response from server (see below). Please contact Opal support if this issue persists.';
+        errorMsg =
+            "Unexpected response from server (see below). Please contact Opal support if this issue persists.";
     }
-    else if (typeof err === 'object' && err.toString().includes('self signed certificate')) {
-        errorMsg = 'Request failed due to a self-signed certificate appearing in the certificate chain. Try setting your CLI to allow self-signed certs by running: "opal set-url --custom INSERT_URL_HERE --allowSelfSignedCerts"';
+    else if (typeof err === "object" &&
+        err.toString().includes("self signed certificate")) {
+        errorMsg =
+            'Request failed due to a self-signed certificate appearing in the certificate chain. Try setting your CLI to allow self-signed certs by running: "opal set-url --custom INSERT_URL_HERE --allowSelfSignedCerts"';
     }
     else {
         errorMsg = `Error: ${err}`;
     }
-    errorMsg = '❗ ' + errorMsg;
+    errorMsg = `❗ ${errorMsg}`;
     command.log(errorMsg);
     if (resp) {
         (0, exports.printResponse)(command, resp);
     }
     // OPAL-6579: Use process.exit to avoid UnhandledPromiseRejectionWarning
-    // eslint-disable-next-line no-process-exit,unicorn/no-process-exit
     process.exit(1);
 };
 exports.handleError = handleError;
@@ -66,24 +76,20 @@ const initClient = async (command, fetchAccessToken = true) => {
     const httpAgent = new http.Agent({});
     const specifiedUrl = configData[config_1.urlKey];
     const customHeader = configData[config_1.customHttpHeaderKey];
-    const customHeaderKey = customHeader === undefined ?
-        '' :
-        customHeader.split(':')[0];
-    const customHeaderValue = customHeader === undefined ?
-        '' :
-        customHeader.split(':')[1];
-    const agent = specifiedUrl.includes('https') ? httpsAgent : httpAgent;
+    const customHeaderKey = customHeader === undefined ? "" : customHeader.split(":")[0];
+    const customHeaderValue = customHeader === undefined ? "" : customHeader.split(":")[1];
+    const agent = specifiedUrl.includes("https") ? httpsAgent : httpAgent;
     const httpLink = (0, core_1.createHttpLink)({
         uri: `${specifiedUrl}/query`,
-        credentials: 'include',
+        credentials: "include",
         fetch,
         fetchOptions: {
             agent: agent,
-            credentials: 'include'
+            credentials: "include",
         },
     });
     const authLink = (0, context_1.setContext)((_, { headers }) => {
-        const baseHeaders = Object.assign(Object.assign({}, headers), { 'User-Agent': `Opal CLI v${currentCLIVersion}`, 'X-Opal-Organization-ID': organizationID, 'X-Opal-Cli-Version': currentCLIVersion });
+        const baseHeaders = Object.assign(Object.assign({}, headers), { "User-Agent": `Opal CLI v${currentCLIVersion}`, "X-Opal-Organization-ID": organizationID, "X-Opal-Cli-Version": currentCLIVersion });
         if (opalCreds.secretType === credentials_1.SecretType.ApiToken) {
             baseHeaders.authorization = `Bearer ${opalCreds.secret}`;
         }
@@ -113,37 +119,38 @@ const initClient = async (command, fetchAccessToken = true) => {
         const headers = (_a = operation.getContext().response) === null || _a === void 0 ? void 0 : _a.headers;
         if (!alreadyWarnedAboutVersion && headers) {
             // we expect these versions to be a single number - a major version
-            const expectedCLIMajorVersion = headers.get('Opal-CLI-Expected-Major-Version');
-            if (expectedCLIMajorVersion && expectedCLIMajorVersion.match(/^\d+$/)) {
+            const expectedCLIMajorVersion = headers.get("Opal-CLI-Expected-Major-Version");
+            if (expectedCLIMajorVersion === null || expectedCLIMajorVersion === void 0 ? void 0 : expectedCLIMajorVersion.match(/^\d+$/)) {
                 const semverExpectedMinCLIVersion = `${expectedCLIMajorVersion}.0.0`;
                 if ((0, semver_1.major)(currentCLIVersion) < (0, semver_1.major)(semverExpectedMinCLIVersion)) {
                     command.log(chalk_1.default.yellow(`
-❗️ Your CLI is outdated and is incompatible with your Opal server.
+❗ Your CLI is outdated and is incompatible with your Opal server.
    Expected major version ${chalk_1.default.blueBright(semverExpectedMinCLIVersion)}, but version ${chalk_1.default.blueBright(currentCLIVersion)} is installed.
-   Upgrade using the following command: ${chalk_1.default.blueBright('brew upgrade opalsecurity/brew/opal-security')}\n`));
+   Upgrade using the following command: ${chalk_1.default.blueBright("brew upgrade opalsecurity/brew/opal-security")}\n`));
                     alreadyWarnedAboutVersion = true;
                 }
                 else if ((0, semver_1.major)(currentCLIVersion) > (0, semver_1.major)(semverExpectedMinCLIVersion)) {
                     command.log(chalk_1.default.yellow(`
-❗️ Uh oh! The currently installed Opal server is outdated. Please contact your Opal admins to let them know they need to upgrade their deployment.\n`));
+❗ Uh oh! The currently installed Opal server is outdated. Please contact your Opal admins to let them know they need to upgrade their deployment.\n`));
                     alreadyWarnedAboutVersion = true;
                 }
             }
-            const recommendedCLIMajorVersion = headers.get('Opal-CLI-Recommended-Version');
-            if (recommendedCLIMajorVersion && recommendedCLIMajorVersion.match(/^\d+$/)) {
+            const recommendedCLIMajorVersion = headers.get("Opal-CLI-Recommended-Version");
+            if (recommendedCLIMajorVersion === null || recommendedCLIMajorVersion === void 0 ? void 0 : recommendedCLIMajorVersion.match(/^\d+$/)) {
                 const recommendedSemverString = `${recommendedCLIMajorVersion}.0.0`;
-                if (recommendedSemverString && (0, semver_1.major)(currentCLIVersion) < (0, semver_1.major)(recommendedSemverString)) {
+                if (recommendedSemverString &&
+                    (0, semver_1.major)(currentCLIVersion) < (0, semver_1.major)(recommendedSemverString)) {
                     command.log(chalk_1.default.yellow(`
-❗️ Opal recommends that you upgrade your CLI.
+❗ Opal recommends that you upgrade your CLI.
   Recommended version >=${chalk_1.default.blueBright(recommendedSemverString)}, but version ${chalk_1.default.blueBright(currentCLIVersion)} is installed.
-  Upgrade using the following command: ${chalk_1.default.blueBright('brew upgrade opalsecurity/brew/opal-security')}\n`));
+  Upgrade using the following command: ${chalk_1.default.blueBright("brew upgrade opalsecurity/brew/opal-security")}\n`));
                 }
                 alreadyWarnedAboutVersion = true;
             }
         }
     };
     const checkCLIVersionLink = new core_1.ApolloLink((operation, forward) => {
-        return forward(operation).map(response => {
+        return forward(operation).map((response) => {
             checkCLIVersion(operation);
             return response;
         });
@@ -164,9 +171,9 @@ const initClient = async (command, fetchAccessToken = true) => {
         if (customErrorOperations.includes(operation.operationName)) {
             return;
         }
-        if (networkError && 'statusCode' in networkError) {
+        if (networkError && "statusCode" in networkError) {
             let errorMessage = null;
-            if ('result' in networkError) {
+            if ("result" in networkError) {
                 const result = networkError.result;
                 // result is now of type string | Record<string, any>
                 if (typeof result === "string")
@@ -177,12 +184,13 @@ const initClient = async (command, fetchAccessToken = true) => {
             }
             switch (networkError.statusCode) {
                 case 401: {
-                    command.log('Your session is invalid or expired. Authenticating now...\n');
+                    command.log("Your session is invalid or expired. Authenticating now...\n");
                     const loginCommand = new login_1.default([], command.config);
                     loginCommand.run().then(() => {
                         if (cmd_1.mostRecentCommandTime && cmd_1.mostRecentCommand) {
-                            const lastCommandReexecutionDuration = moment.duration(2, 'minutes');
-                            const lastCommandReexecutionDurationHasElapsed = cmd_1.mostRecentCommandTime.add(lastCommandReexecutionDuration) > moment(new Date());
+                            const lastCommandReexecutionDuration = moment.duration(2, "minutes");
+                            const lastCommandReexecutionDurationHasElapsed = cmd_1.mostRecentCommandTime.add(lastCommandReexecutionDuration) >
+                                moment(new Date());
                             if (lastCommandReexecutionDurationHasElapsed) {
                                 cmd_1.mostRecentCommand.run();
                             }
@@ -191,17 +199,17 @@ const initClient = async (command, fetchAccessToken = true) => {
                     break;
                 }
                 default:
-                    return (0, exports.handleError)(command, `Received status code ${networkError.statusCode} from server${errorMessage ? ` with message "${errorMessage}"` : ''}`);
+                    return (0, exports.handleError)(command, `Received status code ${networkError.statusCode} from server${errorMessage ? ` with message "${errorMessage}"` : ""}`);
             }
         }
     });
     // Parses our auth-session cookie out of the Set-Cookie response header, saving it locally so we can use it for future requests
     const preserveCookiesLink = new core_1.ApolloLink((operation, forward) => {
-        return forward(operation).map(response => {
+        return forward(operation).map((response) => {
             var _a, _b, _c, _d;
-            const cookieHeaderStr = (_c = (_b = (_a = operation.getContext().response) === null || _a === void 0 ? void 0 : _a.headers) === null || _b === void 0 ? void 0 : _b.get('Set-Cookie')) !== null && _c !== void 0 ? _c : '';
+            const cookieHeaderStr = (_c = (_b = (_a = operation.getContext().response) === null || _a === void 0 ? void 0 : _a.headers) === null || _b === void 0 ? void 0 : _b.get("Set-Cookie")) !== null && _c !== void 0 ? _c : "";
             const authSessionCookie = (_d = cookieHeaderStr.match(/auth-session=[^;]+;/)) === null || _d === void 0 ? void 0 : _d[0];
-            if (!!authSessionCookie) {
+            if (authSessionCookie) {
                 exports.cookieStr = authSessionCookie;
             }
             return response;
@@ -213,8 +221,13 @@ const initClient = async (command, fetchAccessToken = true) => {
     link = errorLink.concat(link);
     exports.client = new core_1.ApolloClient({
         link: link,
-        credentials: 'include',
+        credentials: "include",
         cache: new core_1.InMemoryCache(),
     });
 };
 exports.initClient = initClient;
+async function getClient(command, fetchAccessToken = true) {
+    await (0, exports.initClient)(command, fetchAccessToken);
+    (0, globals_1.invariant)(exports.client, "Failed to initialize Opal Client");
+    return exports.client;
+}

package/lib/lib/aws.js

@@ -1,20 +1,20 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAwsEnvVarMessage = exports.getAwsConfigUpdateCmd = void 0;
-const opalProfileKey = 'opal';
+const opalProfileKey = "opal";
 const sanitize = (str) => {
     // Remove non standard characters.
     // Note: AWS supports profile names containing alphanumeric characters, symbols, and white spaces
     // from the ASCII character set.
-    let sanitizedStr = str.replace(/[^A-Za-z0-9-_ ]/g, '');
+    let sanitizedStr = str.replace(/[^A-Za-z0-9-_ ]/g, "");
     // De-dupe spaces
-    sanitizedStr = sanitizedStr.replace(/\s+/g, ' ');
+    sanitizedStr = sanitizedStr.replace(/\s+/g, " ");
     // Map remaining spaces to '-'
-    sanitizedStr = sanitizedStr.replace(/ /g, '-');
+    sanitizedStr = sanitizedStr.replace(/ /g, "-");
     return sanitizedStr;
 };
 const getAwsConfigUpdateCmd = (itemName, awsAccessKeyId, awsSecretAccessKey, awsSessionToken) => {
-    let updateProfilesCmd = '';
+    let updateProfilesCmd = "";
     const sanitizedProfileName = sanitize(itemName);
     const profileNames = [opalProfileKey, sanitizedProfileName];
     profileNames.forEach((profileName, i) => {
@@ -25,25 +25,28 @@ const getAwsConfigUpdateCmd = (itemName, awsAccessKeyId, awsSecretAccessKey, aws
         const cmd = `${updateAccessKeyCmd} && ${updateAccessSecretCmd} && ${updateSessionTokenCmd}`;
         updateProfilesCmd += cmd;
         if (i !== profileNames.length - 1) {
-            updateProfilesCmd += '&& ';
+            updateProfilesCmd += "&& ";
         }
     });
     return updateProfilesCmd;
 };
 exports.getAwsConfigUpdateCmd = getAwsConfigUpdateCmd;
 const getAwsEnvVarMessage = () => {
-    if (!process.env.AWS_DEFAULT_PROFILE || process.env.AWS_DEFAULT_PROFILE !== opalProfileKey) {
-        let envVarPhrase = '';
+    if (!process.env.AWS_DEFAULT_PROFILE ||
+        process.env.AWS_DEFAULT_PROFILE !== opalProfileKey) {
+        let envVarPhrase = "";
         if (!process.env.AWS_DEFAULT_PROFILE) {
-            envVarPhrase = 'unset';
+            envVarPhrase = "unset";
         }
         else if (process.env.AWS_DEFAULT_PROFILE !== opalProfileKey) {
             envVarPhrase = `set to "${process.env.AWS_DEFAULT_PROFILE}"`;
         }
-        return '\n\n💡 Did you know you can set your AWS_DEFAULT_PROFILE environment ' +
+        return (
+        // biome-ignore lint/style/useTemplate: it's more readable if split across lines
+        "\n\n💡 Did you know you can set your AWS_DEFAULT_PROFILE environment " +
             `variable to "${opalProfileKey}" to avoid explicitly specifying profile in each command? ` +
-            `Currently, this variable is ${envVarPhrase}.`;
+            `Currently, this variable is ${envVarPhrase}.`);
     }
-    return '';
+    return "";
 };
 exports.getAwsEnvVarMessage = getAwsEnvVarMessage;

package/lib/lib/cmd.d.ts

@@ -1,12 +1,10 @@
-/// <reference types="node" />
-/// <reference types="node" />
-import { ExecException } from 'child_process';
-import { Command } from '@oclif/core';
-import * as moment from 'moment';
+import type { ExecException } from "node:child_process";
+import type { Command } from "@oclif/core";
+import * as moment from "moment";
 export declare let mostRecentCommand: Command | null;
 export declare let mostRecentCommandTime: moment.Moment | null;
 export declare const setMostRecentCommand: (cmd: Command) => void;
 export declare const startInteractiveShell: (runCmd: string, shellName?: string) => void;
 export declare const runCommandExec: (runCmd: string, successMessage: string, errorMessage: string, envVars?: Record<string, any>) => void;
-export declare const runCommandExecWithCallback: (cmd: string, callback?: ((error: ExecException | null, stdout: Buffer, stderr: Buffer) => void) | undefined) => Promise<unknown>;
+export declare const runCommandExecWithCallback: (cmd: string, callback?: (error: ExecException | null, stdout: Buffer, stderr: Buffer) => void) => Promise<unknown>;
 export declare const runCommandSpawn: (runCmd: string, successMessage: string, errorMessage: string, envVars?: Record<string, any>) => void;

package/lib/lib/cmd.js

@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.runCommandSpawn = exports.runCommandExecWithCallback = exports.runCommandExec = exports.startInteractiveShell = exports.setMostRecentCommand = exports.mostRecentCommandTime = exports.mostRecentCommand = void 0;
 const _ = require("lodash");
 const moment = require("moment");
-const { exec, spawn } = require('child_process');
+const { exec, spawn } = require("node:child_process");
 exports.mostRecentCommand = null;
 exports.mostRecentCommandTime = null;
 const setMostRecentCommand = (cmd) => {
@@ -14,10 +14,10 @@ exports.setMostRecentCommand = setMostRecentCommand;
 const startInteractiveShell = (runCmd, shellName) => {
     const shell = spawn(`${runCmd}`, [], {
         env: Object.assign(Object.assign({}, process.env), { SCRIPT_PATH: __dirname }),
-        stdio: 'inherit',
+        stdio: "inherit",
         shell: true,
     });
-    shell.on('close', (code) => {
+    shell.on("close", (code) => {
         if (shellName) {
             if (code === 0) {
                 console.log(`The previously launched ${shellName} has successfully terminated.`);
@@ -30,10 +30,10 @@ const startInteractiveShell = (runCmd, shellName) => {
             console.log(`❗ Error: shell terminated with code ${code}.`);
         }
     });
-    process.on('SIGINT', () => {
+    process.on("SIGINT", () => {
         // intercepting SIGINT
     });
-    process.on('SIGTSTP', () => {
+    process.on("SIGTSTP", () => {
         // intercepting SIGTSTP
     });
 };
@@ -42,7 +42,7 @@ const runCommandExec = (runCmd, successMessage, errorMessage, envVars) => {
     const envVarsToUse = envVars || {};
     exec(`${runCmd}`, {
         env: Object.assign(Object.assign(Object.assign({}, process.env), { SCRIPT_PATH: __dirname }), envVarsToUse),
-    }, function (error, stdOut, stdErr) {
+    }, (error, stdOut, stdErr) => {
         if (error) {
             console.log(`\n❗ Error: ${_.upperFirst(errorMessage)}`);
         }
@@ -59,9 +59,9 @@ const runCommandExec = (runCmd, successMessage, errorMessage, envVars) => {
 };
 exports.runCommandExec = runCommandExec;
 const runCommandExecWithCallback = (cmd, callback) => {
-    return new Promise(resolve => {
-        exec(cmd, function (error, stdOut, stdErr) {
-            callback && callback(error, stdOut, stdErr);
+    return new Promise((resolve) => {
+        exec(cmd, (error, stdOut, stdErr) => {
+            callback === null || callback === void 0 ? void 0 : callback(error, stdOut, stdErr);
             resolve(stdOut);
         });
     });
@@ -71,10 +71,10 @@ const runCommandSpawn = (runCmd, successMessage, errorMessage, envVars) => {
     const envVarsToUse = envVars || {};
     const shell = spawn(`${runCmd}`, [], {
         env: Object.assign(Object.assign(Object.assign({}, process.env), { SCRIPT_PATH: __dirname }), envVarsToUse),
-        stdio: 'inherit',
+        stdio: "inherit",
         shell: true,
     });
-    shell.on('close', (code) => {
+    shell.on("close", (code) => {
         if (code === 0) {
             console.log(`🎉 Success! ${_.upperFirst(successMessage)}`);
         }

package/lib/lib/config.js

@@ -1,18 +1,18 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isProduction = exports.writeConfigData = exports.getOrCreateConfigData = exports.customHttpHeaderKey = exports.defaultAllowSelfSignedCerts = exports.allowSelfSignedCertsKey = exports.defaultUrl = exports.urlKey = void 0;
-const fs = require("fs");
-const path = require("path");
-exports.urlKey = 'url';
-exports.defaultUrl = 'https://app.opal.dev';
-exports.allowSelfSignedCertsKey = 'allowSelfSignedCerts';
+const fs = require("node:fs");
+const path = require("node:path");
+exports.urlKey = "url";
+exports.defaultUrl = "https://app.opal.dev";
+exports.allowSelfSignedCertsKey = "allowSelfSignedCerts";
 exports.defaultAllowSelfSignedCerts = false;
-exports.customHttpHeaderKey = 'customHttpHeader';
+exports.customHttpHeaderKey = "customHttpHeader";
 const getOrCreateConfigData = (configDir) => {
     if (!fs.existsSync(configDir)) {
         fs.mkdirSync(configDir, { recursive: true });
     }
-    const configFilePath = path.join(configDir, 'config.json');
+    const configFilePath = path.join(configDir, "config.json");
     if (!fs.existsSync(configFilePath)) {
         fs.writeFileSync(configFilePath, JSON.stringify({
             [exports.urlKey]: exports.defaultUrl,
@@ -22,10 +22,10 @@ const getOrCreateConfigData = (configDir) => {
     let configData = {};
     try {
         const configDataRaw = fs.readFileSync(configFilePath);
-        configData = JSON.parse(configDataRaw.toString());
+        configData = JSON.parse(configDataRaw === null || configDataRaw === void 0 ? void 0 : configDataRaw.toString());
     }
     catch (error) {
-        if (error.code !== 'ENOENT') {
+        if (error.code !== "ENOENT") {
             throw error;
         }
     }
@@ -37,7 +37,7 @@ const writeConfigData = (configDir, newConfigData) => {
     for (const [key, value] of Object.entries(newConfigData)) {
         existingData[key] = value;
     }
-    const configFilePath = path.join(configDir, 'config.json');
+    const configFilePath = path.join(configDir, "config.json");
     fs.writeFileSync(configFilePath, JSON.stringify(existingData), {
         mode: 0o0600,
     });
@@ -46,9 +46,9 @@ exports.writeConfigData = writeConfigData;
 const isProduction = (configDir) => {
     const configData = (0, exports.getOrCreateConfigData)(configDir);
     // Custom URLs are considered production since it includes on-prem
-    return configData[exports.urlKey] !== 'https://dev.opal.dev' &&
-        configData[exports.urlKey] !== 'https://demo.opal.dev' &&
-        configData[exports.urlKey] !== 'https://staging.opal.dev' &&
-        !configData[exports.urlKey].match(/https?:\/\/localhost/);
+    return (configData[exports.urlKey] !== "https://dev.opal.dev" &&
+        configData[exports.urlKey] !== "https://demo.opal.dev" &&
+        configData[exports.urlKey] !== "https://staging.opal.dev" &&
+        !configData[exports.urlKey].match(/https?:\/\/localhost/));
 };
 exports.isProduction = isProduction;

package/lib/lib/credentials/index.d.ts

@@ -1,4 +1,4 @@
-import { Command } from '@oclif/core';
+import type { Command } from "@oclif/core";
 interface OpalCredentials {
     email?: string;
     organizationID?: string;

package/lib/lib/credentials/index.js

@@ -10,17 +10,17 @@ var SecretType;
     SecretType["ApiToken"] = "API_TOKEN";
 })(SecretType || (exports.SecretType = SecretType = {}));
 const setOpalCredentials = async (command, email, organizationID, clientIDCandidate, secret, secretType) => {
-    email = email || 'email-unset';
+    const givenEmail = email || "email-unset";
     const configData = (0, config_1.getOrCreateConfigData)(command.config.configDir);
     configData.creds = {
         clientIDCandidate,
         email,
         organizationID,
-        secretType
+        secretType,
     };
     (0, config_1.writeConfigData)(command.config.configDir, configData);
     if (process.platform === "darwin") {
-        await (0, keychain_1.setSecretInKeychain)(email, secret);
+        await (0, keychain_1.setSecretInKeychain)(givenEmail, secret);
     }
     else {
         await (0, localEncryption_1.setSecretInConfig)(command, configData, secret);
@@ -29,13 +29,13 @@ const setOpalCredentials = async (command, email, organizationID, clientIDCandid
 exports.setOpalCredentials = setOpalCredentials;
 const getOpalCredentials = async (command, includeAuthSecret = true) => {
     var _a, _b;
-    let creds = (_b = (_a = (0, config_1.getOrCreateConfigData)(command.config.configDir)) === null || _a === void 0 ? void 0 : _a.creds) !== null && _b !== void 0 ? _b : {};
+    const creds = (_b = (_a = (0, config_1.getOrCreateConfigData)(command.config.configDir)) === null || _a === void 0 ? void 0 : _a.creds) !== null && _b !== void 0 ? _b : {};
     if (!includeAuthSecret) {
         return creds;
     }
     let secret = null;
     if (process.platform === "darwin") {
-        secret = await (0, keychain_1.getSecretFromKeychain)((creds === null || creds === void 0 ? void 0 : creds.email) || 'email-unset');
+        secret = await (0, keychain_1.getSecretFromKeychain)((creds === null || creds === void 0 ? void 0 : creds.email) || "email-unset");
     }
     else {
         secret = await (0, localEncryption_1.getSecretFromConfig)(creds);
@@ -54,7 +54,7 @@ exports.getOpalCredentials = getOpalCredentials;
 const removeOpalCredentials = async (command) => {
     var _a;
     const configData = (0, config_1.getOrCreateConfigData)(command.config.configDir);
-    const email = ((_a = configData === null || configData === void 0 ? void 0 : configData.creds) === null || _a === void 0 ? void 0 : _a.email) || 'email-unset';
+    const email = ((_a = configData === null || configData === void 0 ? void 0 : configData.creds) === null || _a === void 0 ? void 0 : _a.email) || "email-unset";
     // On linux, the access token is stored encrypted in configData.creds, so this effectively removes it
     configData.creds = {};
     (0, config_1.writeConfigData)(command.config.configDir, configData);

package/lib/lib/credentials/keychain.js

@@ -2,11 +2,11 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.deleteSecretFromKeychain = exports.getSecretFromKeychain = exports.setSecretInKeychain = void 0;
 const keychain = require("keychain");
-const OPAL_KEYCHAIN_SERVICE = 'opal-cli';
+const OPAL_KEYCHAIN_SERVICE = "opal-cli";
 // On OSX, we can easily work with the system Keychain to store the access token.
 const setSecretInKeychain = async (email, secret) => {
     return new Promise((resolve, reject) => {
-        keychain.setPassword({ account: email, service: OPAL_KEYCHAIN_SERVICE, password: secret }, function (err) {
+        keychain.setPassword({ account: email, service: OPAL_KEYCHAIN_SERVICE, password: secret }, (err) => {
             if (err) {
                 reject(err);
             }
@@ -19,8 +19,8 @@ const setSecretInKeychain = async (email, secret) => {
 exports.setSecretInKeychain = setSecretInKeychain;
 const getSecretFromKeychain = async (email) => {
     return new Promise((resolve, reject) => {
-        keychain.getPassword({ account: email, service: OPAL_KEYCHAIN_SERVICE }, function (err, password) {
-            if (err && (err === null || err === void 0 ? void 0 : err.type) !== 'PasswordNotFoundError') {
+        keychain.getPassword({ account: email, service: OPAL_KEYCHAIN_SERVICE }, (err, password) => {
+            if (err && (err === null || err === void 0 ? void 0 : err.type) !== "PasswordNotFoundError") {
                 reject(err);
             }
             else {
@@ -32,7 +32,7 @@ const getSecretFromKeychain = async (email) => {
 exports.getSecretFromKeychain = getSecretFromKeychain;
 const deleteSecretFromKeychain = async (email) => {
     return new Promise((resolve) => {
-        keychain.deletePassword({ service: OPAL_KEYCHAIN_SERVICE, account: email }, function () {
+        keychain.deletePassword({ service: OPAL_KEYCHAIN_SERVICE, account: email }, () => {
             // we might get errors here if the password doesn't exist, which we want to swallow
             resolve();
         });

package/lib/lib/credentials/localEncryption.d.ts

@@ -1,3 +1,3 @@
-import { Command } from '@oclif/core';
+import type { Command } from "@oclif/core";
 export declare const setSecretInConfig: (command: Command, configData: Record<string, any>, secret: string) => Promise<void>;
-export declare const getSecretFromConfig: (credsConfig: Record<string, any>) => Promise<string | undefined>;
+export declare const getSecretFromConfig: (credsConfig: Record<string, any>) => Promise<string>;