socket 0.0.1 → 0.14.12

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Socket Inc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,128 @@
+# Socket CLI
+
+[![Socket Badge](https://socket.dev/api/badge/npm/package/socket)](https://socket.dev/npm/package/socket)
+[![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)
+
+> CLI tool for [Socket.dev](https://socket.dev/)
+
+## Usage
+
+```bash
+npm install -g socket
+```
+
+```bash
+socket --help
+socket info webtorrent@1.9.1
+socket report create package.json --view
+socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
+socket wrapper --enable
+```
+
+## Commands
+
+- `socket info <package@version>` - Look up issues for a package.
+
+- `socket optimize` - Optimize dependencies with
+  [`@socketregistry`](https://github.com/SocketDev/socket-registry-js) overrides
+
+- `socket raw-npm` and `socket raw-npx` - Temporarily disable the Socket
+  'safe-npm' wrapper.
+
+- `socket report create <path(s)-to-folder-or-file>` - creates a report on
+  [socket.dev](https://socket.dev/)
+
+  Upload the specified `package.json` and lock files for JavaScript, Python, and
+  Go dependency manifests. If any folder is specified, the ones found in there
+  recursively are uploaded.
+
+  Supports globbing such as `**/package.json`, `**/requirements.txt`,
+  `**/pyproject.toml`, and `**/go.mod`.
+
+  Ignores any file specified in your project's `.gitignore`, the
+  `projectIgnorePaths` in your project's
+  [`socket.yml`](https://docs.socket.dev/docs/socket-yml) and on top of that has
+  a sensible set of
+  [default ignores](https://socket.dev/npm/package/ignore-by-default)
+
+- `socket report view <report-id>` - Look up issues and scores from a report.
+
+- `socket wrapper --enable` and `socket wrapper --disable` - Enable and disable
+  the Socket 'safe-npm' wrapper.
+
+## Aliases
+
+All aliases supports flags and arguments of the commands they alias.
+
+- `socket ci` - alias for `socket report create --view --strict` which creates a
+  report and quits with an exit code if the result is unhealthy. Use like eg.
+  `socket ci .` for a report for the current folder
+
+## Flags
+
+### Command specific flags
+
+- `--view` - when set on `socket report create` the command will immediately do
+  a `socket report view` style view of the created report, waiting for the
+  server to complete it
+
+### Output flags
+
+- `--json` - outputs result as json which you can then pipe into
+  [`jq`](https://stedolan.github.io/jq/) and other tools
+- `--markdown` - outputs result as markdown which you can then copy into an
+  issue, PR or even chat
+
+## Strictness flags
+
+- `--all` - by default only `high` and `critical` issues are included, by
+  setting this flag all issues will be included
+- `--strict` - when set, exits with an error code if report result is deemed
+  unhealthy
+
+### Other flags
+
+- `--dry-run` - like all CLI tools that perform an action should have, we have a
+  dry run flag. Eg. `socket report create` supports running the command without
+  actually uploading anything
+- `--debug` - outputs additional debug output. Great for debugging, geeks and us
+  who develop. Hopefully you will never _need_ it, but it can still be fun,
+  right?
+- `--help` - prints the help for the current command. All CLI tools should have
+  this flag
+- `--version` - prints the version of the tool. All CLI tools should have this
+  flag
+
+## Configuration files
+
+The CLI reads and uses data from a
+[`socket.yml` file](https://docs.socket.dev/docs/socket-yml) in the folder you
+run it in. It supports the version 2 of the `socket.yml` file format and makes
+use of the `projectIgnorePaths` to excludes files when creating a report.
+
+## Environment variables
+
+- `SOCKET_SECURITY_API_KEY` - if set, this will be used as the API-key
+
+## Contributing
+
+### Environment variables for development
+
+- `SOCKET_SECURITY_API_BASE_URL` - if set, this will be the base for all
+  API-calls. Defaults to `https://api.socket.dev/v0/`
+- `SOCKET_SECURITY_API_PROXY` - if set to something like
+  [`http://127.0.0.1:9090`](https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries),
+  then all request will be proxied through that proxy
+
+## Similar projects
+
+- [`@socketsecurity/sdk`](https://github.com/SocketDev/socket-sdk-js) - the SDK
+  used in this CLI
+
+## See also
+
+- [Announcement blog post](https://socket.dev/blog/announcing-socket-cli-preview)
+- [Socket API Reference](https://docs.socket.dev/reference) - the API used in
+  this CLI
+- [Socket GitHub App](https://github.com/apps/socket-security) - the
+  plug-and-play GitHub App

package/bin/npm

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+require('../dist/npm-cli.js')

package/bin/npx

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+require('../dist/npx-cli.js')

package/dist/chalk-markdown.d.ts

@@ -0,0 +1,23 @@
+declare const logSymbols: {
+    __proto__: null;
+    info: string;
+    success: string;
+    warning: string;
+    error: string;
+};
+declare class ChalkOrMarkdown {
+    useMarkdown: boolean;
+    constructor(useMarkdown: boolean);
+    header(text: string, level?: number): string;
+    bold(text: string): string;
+    italic(text: string): string;
+    hyperlink(text: string, url: string | undefined, { fallback, fallbackToUrl }?: {
+        fallback?: boolean;
+        fallbackToUrl?: boolean;
+    }): string;
+    list(items: string[]): string;
+    get logSymbols(): typeof logSymbols;
+    indent(text: string, level?: number): string;
+    json(value: unknown): string;
+}
+export { logSymbols, ChalkOrMarkdown };

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts","../src/utils/formatting.ts","../src/utils/sorts.ts","../src/utils/meow-with-subcommands.ts","../src/commands/cdxgen.ts","../src/flags.ts","../src/utils/api-helpers.ts","../src/utils/objects.ts","../src/utils/format-issues.ts","../src/commands/info.ts","../src/commands/login.ts","../src/commands/logout.ts","../src/commands/npm.ts","../src/commands/npx.ts","../src/utils/fs.ts","../src/utils/json.ts","../src/utils/strings.ts","../src/utils/package-manager-detector.ts","../src/utils/regexps.ts","../src/commands/optimize.ts","../src/commands/organization.ts","../src/commands/raw-npm.ts","../src/commands/raw-npx.ts","../src/commands/report/view.ts","../src/commands/report/create.ts","../src/commands/report/index.ts","../src/commands/wrapper.ts","../src/commands/scan/create.ts","../src/commands/scan/delete.ts","../src/commands/scan/list.ts","../src/commands/scan/metadata.ts","../src/commands/scan/stream.ts","../src/commands/scan/index.ts","../src/commands/audit-log.ts","../src/commands/repos/create.ts","../src/commands/repos/delete.ts","../src/commands/repos/list.ts","../src/commands/repos/update.ts","../src/commands/repos/view.ts","../src/commands/repos/index.ts","../src/commands/dependencies.ts","../src/commands/analytics.ts","../src/commands/diff-scan/get.ts","../src/commands/diff-scan/index.ts","../src/commands/threat-feed.ts","../src/commands/index.ts"],"names":[],"mappings":""}