npm - socket - Versions diffs - 0.0.1 → 0.14.12 - Mend

socket 0.0.1 → 0.14.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/LICENSE +21 -0
package/README.md +128 -0
package/bin/npm +2 -0
package/bin/npx +2 -0
package/dist/chalk-markdown.d.ts +23 -0
package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +4777 -0
package/dist/errors.d.ts +7 -0
package/dist/link.d.ts +2 -0
package/dist/link.js +45 -0
package/dist/npm-cli.d.ts +2 -0
package/dist/npm-cli.js +84 -0
package/dist/npm-injection.d.ts +1 -0
package/dist/npm-injection.js +1253 -0
package/dist/npx-cli.d.ts +2 -0
package/dist/npx-cli.js +61 -0
package/dist/path-resolve.d.ts +11 -0
package/dist/path-resolve.js +136 -0
package/dist/sdk.d.ts +13 -0
package/dist/sdk.js +270 -0
package/dist/settings.d.ts +9 -0
package/dist/vendor.d.ts +0 -0
package/dist/vendor.js +18048 -0
package/package.json +174 -19
package/translations.json +689 -0
package/examples/echo-server.js +0 -29
package/examples/simple-test.js +0 -76
package/examples/simple-time-server.js +0 -40
package/index.js +0 -24
package/lib/index.js +0 -110
package/lib/middleware/echo.js +0 -30
package/lib/middleware/errorHandler.js +0 -57
package/lib/middleware/json.js +0 -42
package/lib/middleware/profiler.js +0 -129
package/lib/proto.js +0 -191
package/lib/utils.js +0 -75
package/nbproject/private/private.properties +0 -1
package/nbproject/project.properties +0 -6
package/nbproject/project.xml +0 -9
package/scripts/lint +0 -3

package/dist/npm-injection.js ADDED Viewed

@@ -0,0 +1,1253 @@
+'use strict';
+var vendor = require('./vendor.js');
+var require$$0 = require('node:fs');
+var require$$1 = require('node:path');
+var link = require('./link.js');
+var require$$0$1 = require('node:events');
+var require$$4 = require('node:https');
+var require$$3 = require('node:readline');
+var require$$1$2 = require('node:stream');
+var require$$8 = require('node:timers/promises');
+var require$$3$1 = require('@socketsecurity/config');
+var require$$1$1 = require('node:net');
+var require$$2 = require('node:os');
+var require$$6 = require('../package.json');
+var sdk = require('./sdk.js');
+var pathResolve = require('./path-resolve.js');
+var require$$21 = require('pacote');
+var npmInjection$1 = {};
+var npmInjection = {};
+var arborist = {};
+var ttyServer$1 = {};
+Object.defineProperty(ttyServer$1, "__esModule", {
+  value: true
+});
+ttyServer$1.createTTYServer = createTTYServer;
+var _nodeFs$2 = require$$0;
+var _nodeNet = require$$1$1;
+var _nodeOs = require$$2;
+var _nodePath$2 = require$$1;
+var _nodeReadline$1 = require$$3;
+var _nodeStream$1 = require$$1$2;
+var _package = require$$6;
+var _misc$1 = sdk.misc;
+const NEWLINE_CHAR_CODE = 10; /*'\n'*/
+const TTY_IPC = process.env['SOCKET_SECURITY_TTY_IPC'];
+const sock = _nodePath$2.join(_nodeOs.tmpdir(), `socket-security-tty-${process.pid}.sock`);
+process.env['SOCKET_SECURITY_TTY_IPC'] = sock;
+function createNonStandardTTYServer() {
+  return {
+    async captureTTY(mutexFn) {
+      return await new Promise((resolve, reject) => {
+        const conn = _nodeNet.createConnection({
+          path: TTY_IPC
+        }).on('error', reject);
+        let captured = false;
+        const buffs = [];
+        conn.on('data', function awaitCapture(chunk) {
+          buffs.push(chunk);
+          let lineBuff = Buffer.concat(buffs);
+          if (captured) return;
+          try {
+            const eolIndex = lineBuff.indexOf(NEWLINE_CHAR_CODE);
+            if (eolIndex !== -1) {
+              conn.removeListener('data', awaitCapture);
+              conn.push(lineBuff.slice(eolIndex + 1));
+              const {
+                ipc_version: remote_ipc_version,
+                capabilities: {
+                  input: hasInput,
+                  output: hasOutput,
+                  colorLevel: ipcColorLevel
+                }
+              } = JSON.parse(lineBuff.slice(0, eolIndex).toString('utf-8'));
+              lineBuff = null;
+              captured = true;
+              if (remote_ipc_version !== _package.version) {
+                throw new Error('Mismatched STDIO tunnel IPC version, ensure you only have 1 version of socket CLI being called.');
+              }
+              const input = hasInput ? new _nodeStream$1.PassThrough() : null;
+              input?.pause();
+              if (input) conn.pipe(input);
+              const output = hasOutput ? new _nodeStream$1.PassThrough() : null;
+              if (output) {
+                output.pipe(conn)
+                // Make ora happy
+                ;
+                output.isTTY = true;
+                output.cursorTo = function cursorTo(x, y, callback) {
+                  _nodeReadline$1.cursorTo(this, x, y, callback);
+                };
+                output.clearLine = function clearLine(dir, callback) {
+                  _nodeReadline$1.clearLine(this, dir, callback);
+                };
+              }
+              mutexFn(ipcColorLevel, hasInput ? input : undefined, hasOutput ? output : undefined).then(resolve, reject).finally(() => {
+                conn.unref();
+                conn.end();
+                input?.end();
+                output?.end();
+                // process.exit(13)
+              });
+            }
+          } catch (e) {
+            reject(e);
+          }
+        });
+      });
+    }
+  };
+}
+function createIPCServer(colorLevel, captureState, npmlog) {
+  const input = process.stdin;
+  const output = process.stderr;
+  return new Promise((resolve, reject) => {
+    const server = _nodeNet
+    // eslint-disable-next-line @typescript-eslint/no-misused-promises
+    .createServer(async conn => {
+      if (captureState.captured) {
+        await new Promise(resolve => {
+          captureState.pendingCaptures.push({
+            resolve() {
+              resolve();
+            }
+          });
+        });
+      } else {
+        captureState.captured = true;
+      }
+      const wasProgressEnabled = npmlog.progressEnabled;
+      npmlog.pause();
+      if (wasProgressEnabled) {
+        npmlog.disableProgress();
+      }
+      conn.write(`${JSON.stringify({
+        ipc_version: _package.version,
+        capabilities: {
+          input: Boolean(input),
+          output: true,
+          colorLevel
+        }
+      })}\n`);
+      conn.on('data', data => {
+        output.write(data);
+      }).on('error', e => {
+        output.write(`there was an error prompting from a sub shell (${e?.message}), socket npm closing`);
+        process.exit(1);
+      });
+      input.on('data', data => {
+        conn.write(data);
+      }).on('end', () => {
+        conn.unref();
+        conn.end();
+        if (wasProgressEnabled) {
+          npmlog.enableProgress();
+        }
+        npmlog.resume();
+        captureState.nextCapture();
+      });
+    }).listen(sock, () => resolve(server)).on('error', reject).unref();
+    process.on('exit', () => {
+      server.close();
+      tryUnlinkSync(sock);
+    });
+    resolve(server);
+  });
+}
+function createStandardTTYServer(colorLevel, isInteractive, npmlog) {
+  const captureState = {
+    captured: false,
+    nextCapture: () => {
+      if (captureState.pendingCaptures.length > 0) {
+        const pendingCapture = captureState.pendingCaptures.shift();
+        pendingCapture?.resolve();
+      } else {
+        captureState.captured = false;
+      }
+    },
+    pendingCaptures: []
+  };
+  tryUnlinkSync(sock);
+  const input = isInteractive ? process.stdin : undefined;
+  const output = process.stderr;
+  let ipcServerPromise;
+  if (input) {
+    ipcServerPromise = createIPCServer(colorLevel, captureState, npmlog);
+  }
+  return {
+    async captureTTY(mutexFn) {
+      await ipcServerPromise;
+      if (captureState.captured) {
+        const captured = new Promise(resolve => {
+          captureState.pendingCaptures.push({
+            resolve() {
+              resolve();
+            }
+          });
+        });
+        await captured;
+      } else {
+        captureState.captured = true;
+      }
+      const wasProgressEnabled = npmlog.progressEnabled;
+      try {
+        npmlog.pause();
+        if (wasProgressEnabled) {
+          npmlog.disableProgress();
+        }
+        return await mutexFn(colorLevel, input, output);
+      } finally {
+        if (wasProgressEnabled) {
+          npmlog.enableProgress();
+        }
+        npmlog.resume();
+        captureState.nextCapture();
+      }
+    }
+  };
+}
+function tryUnlinkSync(filepath) {
+  try {
+    (0, _nodeFs$2.unlinkSync)(filepath);
+  } catch (e) {
+    if ((0, _misc$1.isErrnoException)(e) && e.code !== 'ENOENT') {
+      throw e;
+    }
+  }
+}
+function createTTYServer(colorLevel, isInteractive, npmlog) {
+  return !isInteractive && TTY_IPC ? createNonStandardTTYServer() : createStandardTTYServer(colorLevel, isInteractive, npmlog);
+}
+var issueRules = {};
+Object.defineProperty(issueRules, "__esModule", {
+  value: true
+});
+issueRules.createIssueUXLookup = createIssueUXLookup;
+//#region UX Constants
+const IGNORE_UX = {
+  block: false,
+  display: false
+};
+const WARN_UX = {
+  block: false,
+  display: true
+};
+const ERROR_UX = {
+  block: true,
+  display: true
+};
+//#endregion
+//#region utils
+/**
+ * Iterates over all entries with ordered issue rule for deferral.  Iterates over
+ * all issue rules and finds the first defined value that does not defer otherwise
+ * uses the defaultValue. Takes the value and converts into a UX workflow
+ */
+function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
+  if (defaultValue === true || defaultValue == null) {
+    defaultValue = {
+      action: 'error'
+    };
+  } else if (defaultValue === false) {
+    defaultValue = {
+      action: 'ignore'
+    };
+  }
+  let block = false;
+  let display = false;
+  let needDefault = true;
+  iterate_entries: for (const issueRuleArr of entriesOrderedIssueRules) {
+    for (const rule of issueRuleArr) {
+      if (issueRuleValueDoesNotDefer(rule)) {
+        needDefault = false;
+        const narrowingFilter = uxForDefinedNonDeferValue(rule);
+        block = block || narrowingFilter.block;
+        display = display || narrowingFilter.display;
+        continue iterate_entries;
+      }
+    }
+    const narrowingFilter = uxForDefinedNonDeferValue(defaultValue);
+    block = block || narrowingFilter.block;
+    display = display || narrowingFilter.display;
+  }
+  if (needDefault) {
+    const narrowingFilter = uxForDefinedNonDeferValue(defaultValue);
+    block = block || narrowingFilter.block;
+    display = display || narrowingFilter.display;
+  }
+  return {
+    block,
+    display
+  };
+}
+/**
+ * Negative form because it is narrowing the type
+ */
+function issueRuleValueDoesNotDefer(issueRule) {
+  if (issueRule === undefined) {
+    return false;
+  } else if (typeof issueRule === 'object' && issueRule) {
+    const {
+      action
+    } = issueRule;
+    if (action === undefined || action === 'defer') {
+      return false;
+    }
+  }
+  return true;
+}
+/**
+ * Handles booleans for backwards compatibility
+ */
+function uxForDefinedNonDeferValue(issueRuleValue) {
+  if (typeof issueRuleValue === 'boolean') {
+    return issueRuleValue ? ERROR_UX : IGNORE_UX;
+  }
+  const {
+    action
+  } = issueRuleValue;
+  if (action === 'warn') {
+    return WARN_UX;
+  } else if (action === 'ignore') {
+    return IGNORE_UX;
+  }
+  return ERROR_UX;
+}
+//#endregion
+//#region exports
+function createIssueUXLookup(settings) {
+  const cachedUX = new Map();
+  return context => {
+    const key = context.issue.type;
+    let ux = cachedUX.get(key);
+    if (ux) {
+      return ux;
+    }
+    const entriesOrderedIssueRules = [];
+    for (const settingsEntry of settings.entries) {
+      const orderedIssueRules = [];
+      let target = settingsEntry.start;
+      while (target !== null) {
+        const resolvedTarget = settingsEntry.settings[target];
+        if (!resolvedTarget) {
+          break;
+        }
+        const issueRuleValue = resolvedTarget.issueRules?.[key];
+        if (typeof issueRuleValue !== 'undefined') {
+          orderedIssueRules.push(issueRuleValue);
+        }
+        target = resolvedTarget.deferTo ?? null;
+      }
+      entriesOrderedIssueRules.push(orderedIssueRules);
+    }
+    const defaultValue = settings.defaults.issueRules[key];
+    let resolvedDefaultValue = {
+      action: 'error'
+    };
+    if (defaultValue === false) {
+      resolvedDefaultValue = {
+        action: 'ignore'
+      };
+    } else if (defaultValue && defaultValue !== true) {
+      resolvedDefaultValue = {
+        action: defaultValue.action ?? 'error'
+      };
+    }
+    ux = resolveIssueRuleUX(entriesOrderedIssueRules, resolvedDefaultValue);
+    cachedUX.set(key, ux);
+    return ux;
+  };
+}
+var _interopRequireWildcard = vendor.interopRequireWildcard.default;
+var _interopRequireDefault = vendor.interopRequireDefault.default;
+Object.defineProperty(arborist, "__esModule", {
+  value: true
+});
+arborist.SafeArborist = void 0;
+arborist.installSafeArborist = installSafeArborist;
+var _nodeEvents = require$$0$1;
+var _nodeFs$1 = require$$0;
+var _nodeHttps = require$$4;
+var _nodePath$1 = require$$1;
+var _nodeReadline = require$$3;
+var _nodeStream = require$$1$2;
+var _promises = require$$8;
+var _config = require$$3$1;
+var _chalk = _interopRequireDefault(vendor.source);
+var _isInteractive = _interopRequireDefault(vendor.isInteractive);
+var _ora = _interopRequireWildcard(vendor.ora);
+var _ttyServer = ttyServer$1;
+var _chalkMarkdown = sdk.chalkMarkdown;
+var _issueRules = issueRules;
+var _misc = sdk.misc;
+var _pathResolve = pathResolve.pathResolve;
+var _sdk = sdk.sdk;
+var _settings = sdk.settings;
+var _constants = sdk.constants;
+const LOOP_SENTINEL = 1_000_000;
+const POTENTIALLY_BUG_ERROR_SNIPPET = 'this is potentially a bug with socket-npm caused by changes to the npm cli';
+const distPath$1 = __dirname;
+const rootPath$1 = _nodePath$1.resolve(distPath$1, '..');
+const translations = require(_nodePath$1.join(rootPath$1, 'translations.json'));
+const npmEntrypoint = (0, _nodeFs$1.realpathSync)(`${process.argv[1]}`);
+const npmRootPath = (0, _pathResolve.findRoot)(_nodePath$1.dirname(npmEntrypoint));
+const abortController = new AbortController();
+const {
+  signal: abortSignal
+} = abortController;
+if (npmRootPath === undefined) {
+  console.error(`Unable to find npm cli install directory, ${POTENTIALLY_BUG_ERROR_SNIPPET}.`);
+  console.error(`Searched parent directories of ${npmEntrypoint}`);
+  process.exit(127);
+}
+const npmNmPath = _nodePath$1.join(npmRootPath, 'node_modules');
+const arboristClassPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/arborist/index.js');
+const arboristEdgeClassPath = _nodePath$1.join(npmNmPath, '@npmcli/arborist/lib/edge.js');
+let npmlog;
+try {
+  npmlog = require(_nodePath$1.join(npmNmPath, 'proc-log/lib/index.js')).log;
+} catch {}
+if (npmlog === undefined) {
+  try {
+    npmlog = require(_nodePath$1.join(npmNmPath, 'npmlog/lib/log.js'));
+  } catch {}
+}
+if (npmlog === undefined) {
+  console.error(`Unable to integrate with npm cli logging infrastructure, ${POTENTIALLY_BUG_ERROR_SNIPPET}.`);
+  process.exit(127);
+}
+let tarball;
+try {
+  tarball = require(_nodePath$1.join(npmNmPath, 'pacote')).tarball;
+} catch {
+  tarball = require$$21.tarball;
+}
+const Arborist = require(arboristClassPath);
+const Edge = require(arboristEdgeClassPath);
+const kCtorArgs = Symbol('ctorArgs');
+const kRiskyReify = Symbol('riskyReify');
+const formatter = new _chalkMarkdown.ChalkOrMarkdown(false);
+const pubToken = (0, _sdk.getDefaultKey)() ?? _sdk.FREE_API_KEY;
+const ttyServer = (0, _ttyServer.createTTYServer)(_chalk.default.level, (0, _isInteractive.default)({
+  stream: process.stdin
+}), npmlog);
+let _uxLookup;
+async function uxLookup(settings) {
+  while (_uxLookup === undefined) {
+    // eslint-disable-next-line no-await-in-loop
+    await (0, _promises.setTimeout)(1, {
+      signal: abortSignal
+    });
+  }
+  return _uxLookup(settings);
+}
+async function* batchScan(pkgIds) {
+  const query = {
+    packages: pkgIds.map(pkgid => {
+      const {
+        name,
+        version
+      } = pkgidParts(pkgid);
+      return {
+        eco: 'npm',
+        pkg: name,
+        ver: version,
+        top: true
+      };
+    })
+  };
+  // TODO: Migrate to SDK.
+  const pkgDataReq = _nodeHttps.request(`${_constants.API_V0_URL}/scan/batch`, {
+    method: 'POST',
+    headers: {
+      Authorization: `Basic ${Buffer.from(`${pubToken}:`).toString('base64url')}`
+    },
+    signal: abortSignal
+  }).end(JSON.stringify(query));
+  const {
+    0: res
+  } = await _nodeEvents.once(pkgDataReq, 'response');
+  const ok = res.statusCode >= 200 && res.statusCode <= 299;
+  if (!ok) {
+    throw new Error(`Socket API Error: ${res.statusCode}`);
+  }
+  const rli = _nodeReadline.createInterface(res);
+  for await (const line of rli) {
+    yield JSON.parse(line);
+  }
+}
+function deleteEdgeIn(node, edge) {
+  node.edgesIn.delete(edge);
+  const {
+    overrides
+  } = edge;
+  if (overrides) {
+    updateNodeOverrideSetDueToEdgeRemoval(node, overrides);
+  }
+}
+function findSocketYmlSync() {
+  let prevDir = null;
+  let dir = process.cwd();
+  while (dir !== prevDir) {
+    let ymlPath = _nodePath$1.join(dir, 'socket.yml');
+    let yml = maybeReadfileSync(ymlPath);
+    if (yml === undefined) {
+      ymlPath = _nodePath$1.join(dir, 'socket.yaml');
+      yml = maybeReadfileSync(ymlPath);
+    }
+    if (typeof yml === 'string') {
+      try {
+        return {
+          path: ymlPath,
+          parsed: _config.parseSocketConfig(yml)
+        };
+      } catch {
+        throw new Error(`Found file but was unable to parse ${ymlPath}`);
+      }
+    }
+    prevDir = dir;
+    dir = _nodePath$1.join(dir, '..');
+  }
+  return null;
+}
+function findSpecificOverrideSet(first, second) {
+  let overrideSet = second;
+  while (overrideSet) {
+    if (overrideSetsEqual(overrideSet, first)) {
+      return second;
+    }
+    overrideSet = overrideSet.parent;
+  }
+  overrideSet = first;
+  while (overrideSet) {
+    if (overrideSetsEqual(overrideSet, second)) {
+      return first;
+    }
+    overrideSet = overrideSet.parent;
+  }
+  console.error('Conflicting override sets');
+  return undefined;
+}
+function maybeReadfileSync(filepath) {
+  try {
+    return (0, _nodeFs$1.readFileSync)(filepath, 'utf8');
+  } catch {}
+  return undefined;
+}
+function overrideSetsChildrenAreEqual(overrideSet, other) {
+  const queue = [[overrideSet, other]];
+  let pos = 0;
+  let {
+    length: queueLength
+  } = queue;
+  while (pos < queueLength) {
+    if (pos === LOOP_SENTINEL) {
+      throw new Error('Detected infinite loop while comparing override sets');
+    }
+    const {
+      0: currSet,
+      1: currOtherSet
+    } = queue[pos++];
+    const {
+      children
+    } = currSet;
+    const {
+      children: otherChildren
+    } = currOtherSet;
+    if (children.size !== otherChildren.size) {
+      return false;
+    }
+    for (const key of children.keys()) {
+      if (!otherChildren.has(key)) {
+        return false;
+      }
+      const child = children.get(key);
+      const otherChild = otherChildren.get(key);
+      if (child.value !== otherChild.value) {
+        return false;
+      }
+      queue[queueLength++] = [child, otherChild];
+    }
+  }
+  return true;
+}
+function overrideSetsEqual(overrideSet, other) {
+  if (overrideSet === other) {
+    return true;
+  }
+  if (!other) {
+    return false;
+  }
+  if (overrideSet.key !== other.key || overrideSet.value !== other.value) {
+    return false;
+  }
+  if (!overrideSetsChildrenAreEqual(overrideSet, other)) {
+    return false;
+  }
+  if (!overrideSet.parent) {
+    return !other.parent;
+  }
+  return overrideSetsEqual(overrideSet.parent, other.parent);
+}
+async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
+  let result = false;
+  let remaining = pkgs.length;
+  if (!remaining) {
+    (0, _ora.default)('').succeed('No changes detected');
+    return result;
+  }
+  const getText = () => `Looking up data for ${remaining} packages`;
+  const spinner = (0, _ora.default)({
+    color: 'cyan',
+    stream: output,
+    isEnabled: true,
+    isSilent: false,
+    hideCursor: true,
+    discardStdin: true,
+    spinner: _ora.spinners.dots
+  }).start(getText());
+  try {
+    for await (const pkgData of batchScan(pkgs.map(pkg => pkg.pkgid))) {
+      let failures = [];
+      let displayWarning = false;
+      const name = pkgData.pkg;
+      const version = pkgData.ver;
+      const id = `${name}@${version}`;
+      if (pkgData.type === 'missing') {
+        result = true;
+        failures.push({
+          type: 'missingDependency'
+        });
+      } else {
+        let blocked = false;
+        for (const failure of pkgData.value.issues) {
+          // eslint-disable-next-line no-await-in-loop
+          const ux = await uxLookup({
+            package: {
+              name,
+              version
+            },
+            issue: {
+              type: failure.type
+            }
+          });
+          if (ux.display || ux.block) {
+            failures.push({
+              raw: failure,
+              block: ux.block
+            });
+            // Before we ask about problematic issues, check to see if they
+            // already existed in the old version if they did, be quiet.
+            const pkg = pkgs.find(pkg => pkg.pkgid === id && pkg.existing?.startsWith(`${name}@`));
+            if (pkg?.existing) {
+              // eslint-disable-next-line no-await-in-loop
+              for await (const oldPkgData of batchScan([pkg.existing])) {
+                if (oldPkgData.type === 'success') {
+                  failures = failures.filter(issue => oldPkgData.value.issues.find(oldIssue => oldIssue.type === issue.raw.type) == null);
+                }
+              }
+            }
+          }
+          if (ux.block) {
+            result = true;
+            blocked = true;
+          }
+          if (ux.display) {
+            displayWarning = true;
+          }
+        }
+        if (!blocked) {
+          const pkg = pkgs.find(pkg => pkg.pkgid === id);
+          if (pkg) {
+            await tarball.stream(id, stream => {
+              stream.resume();
+              return stream.promise();
+            }, {
+              ...safeArb[kCtorArgs][0]
+            });
+          }
+        }
+      }
+      if (displayWarning) {
+        spinner.stop();
+        output?.write(`(socket) ${formatter.hyperlink(id, `https://socket.dev/npm/package/${name}/overview/${version}`)} contains risks:\n`);
+        failures.sort((a, b) => a.raw.type < b.raw.type ? -1 : 1);
+        const lines = new Set();
+        for (const failure of failures) {
+          const type = failure.raw.type;
+          if (type) {
+            const issueTypeTranslation = translations.issues[type];
+            // TODO: emoji seems to mis-align terminals sometimes
+            lines.add(`  ${issueTypeTranslation?.title ?? type}${failure.block ? '' : ' (non-blocking)'} - ${issueTypeTranslation?.description ?? ''}\n`);
+          }
+        }
+        for (const line of lines) {
+          output?.write(line);
+        }
+        spinner.start();
+      }
+      remaining -= 1;
+      spinner.text = remaining > 0 ? getText() : '';
+    }
+    return result;
+  } finally {
+    if (spinner.isSpinning) {
+      spinner.stop();
+    }
+  }
+}
+function pkgidParts(pkgid) {
+  const delimiter = pkgid.lastIndexOf('@');
+  const name = pkgid.slice(0, delimiter);
+  const version = pkgid.slice(delimiter + 1);
+  return {
+    name,
+    version
+  };
+}
+function recalculateOutEdgesOverrides(node) {
+  // For each edge out propagate the new overrides through.
+  for (const edge of node.edgesOut.values()) {
+    edge.reload(true);
+    if (edge.to) {
+      updateNodeOverrideSet(edge.to, edge.overrides);
+    }
+  }
+}
+function toPURL(pkgid, resolved) {
+  const repo = resolved.replace(/#[\s\S]*$/u, '').replace(/\?[\s\S]*$/u, '').replace(/\/[^/]*\/-\/[\s\S]*$/u, '');
+  const {
+    name,
+    version
+  } = pkgidParts(pkgid);
+  return {
+    type: 'npm',
+    namespace_and_name: name,
+    version,
+    repository_url: repo
+  };
+}
+function updateNodeOverrideSetDueToEdgeRemoval(node, other) {
+  const {
+    overrides
+  } = node;
+  // If this edge's overrides isn't equal to this node's overrides, then removing
+  // it won't change newOverrideSet later.
+  if (!overrides || !overrideSetsEqual(overrides, other)) {
+    return false;
+  }
+  let newOverrideSet;
+  for (const edge of node.edgesIn) {
+    const {
+      overrides: edgeOverrides
+    } = edge;
+    if (newOverrideSet) {
+      newOverrideSet = findSpecificOverrideSet(edgeOverrides, newOverrideSet);
+    } else {
+      newOverrideSet = edgeOverrides;
+    }
+  }
+  if (overrideSetsEqual(overrides, newOverrideSet)) {
+    return false;
+  }
+  node.overrides = newOverrideSet;
+  if (newOverrideSet) {
+    // Optimization: If there's any override set at all, then no non-extraneous
+    // node has an empty override set. So if we temporarily have no override set
+    // (for example, we removed all the edges in), there's no use updating all
+    // the edges out right now. Let's just wait until we have an actual override
+    // set later.
+    recalculateOutEdgesOverrides(node);
+  }
+  return true;
+}
+// This logic isn't perfect either. When we have two edges in that have different
+// override sets, then we have to decide which set is correct. This function
+// assumes the more specific override set is applicable, so if we have dependencies
+// A->B->C and A->C and an override set that specifies what happens for C under
+// A->B, this will work even if the new A->C edge comes along and tries to change
+// the override set. The strictly correct logic is not to allow two edges with
+// different overrides to point to the same node, because even if this node can
+// satisfy both, one of its dependencies might need to be different depending on
+// the edge leading to it. However, this might cause a lot of duplication, because
+// the conflict in the dependencies might never actually happen.
+function updateNodeOverrideSet(node, otherOverrideSet) {
+  if (!node.overrides) {
+    // Assuming there are any overrides at all, the overrides field is never
+    // undefined for any node at the end state of the tree. So if the new edge's
+    // overrides is undefined it will be updated later. So we can wait with
+    // updating the node's overrides field.
+    if (!otherOverrideSet) {
+      return false;
+    }
+    node.overrides = otherOverrideSet;
+    recalculateOutEdgesOverrides(node);
+    return true;
+  }
+  const {
+    overrides
+  } = node;
+  if (overrideSetsEqual(overrides, otherOverrideSet)) {
+    return false;
+  }
+  const newOverrideSet = findSpecificOverrideSet(overrides, otherOverrideSet);
+  if (newOverrideSet) {
+    if (overrideSetsEqual(overrides, newOverrideSet)) {
+      return false;
+    }
+    node.overrides = newOverrideSet;
+    recalculateOutEdgesOverrides(node);
+    return true;
+  }
+  // This is an error condition. We can only get here if the new override set is
+  // in conflict with the existing.
+  console.error('Conflicting override sets');
+  return false;
+}
+function walk(diff_, needInfoOn = []) {
+  const queue = [diff_];
+  let pos = 0;
+  let {
+    length: queueLength
+  } = queue;
+  while (pos < queueLength) {
+    if (pos === LOOP_SENTINEL) {
+      throw new Error('Detected infinite loop while walking Arborist diff');
+    }
+    const diff = queue[pos++];
+    if (!diff) {
+      continue;
+    }
+    if (diff.action) {
+      const sameVersion = diff.actual?.package.version === diff.ideal?.package.version;
+      let keep = false;
+      let existing = null;
+      if (diff.action === 'CHANGE') {
+        if (!sameVersion) {
+          existing = diff.actual.pkgid;
+          keep = true;
+        }
+      } else {
+        keep = diff.action !== 'REMOVE';
+      }
+      if (keep && diff.ideal?.pkgid && diff.ideal.resolved && (!diff.actual || diff.actual.resolved)) {
+        needInfoOn.push({
+          existing,
+          action: diff.action,
+          location: diff.ideal.location,
+          pkgid: diff.ideal.pkgid,
+          newPackage: toPURL(diff.ideal.pkgid, diff.ideal.resolved),
+          oldPackage: diff.actual && diff.actual.resolved ? toPURL(diff.actual.pkgid, diff.actual.resolved) : null,
+          resolved: diff.ideal.resolved
+        });
+      }
+    }
+    if (diff.children) {
+      for (const child of diff.children) {
+        queue[queueLength++] = child;
+      }
+    }
+  }
+  return needInfoOn;
+}
+// Copied from
+// https://github.com/npm/cli/blob/v10.9.0/workspaces/arborist/lib/edge.js:
+// The npm application
+// Copyright (c) npm, Inc. and Contributors
+// Licensed on the terms of The Artistic License 2.0
+//
+// An edge in the dependency graph.
+// Represents a dependency relationship of some kind.
+class SafeEdge extends Edge {
+  #safeAccept;
+  #safeError;
+  #safeExplanation;
+  #safeFrom;
+  #safeTo;
+  constructor(options) {
+    const {
+      accept,
+      from
+    } = options;
+    // Defer to supper to validate options and assign non-private values.
+    super(options);
+    if (accept !== undefined) {
+      this.#safeAccept = accept || '*';
+    }
+    this.#safeError = null;
+    this.#safeExplanation = null;
+    this.#safeFrom = from;
+    this.#safeTo = null;
+    this.reload(true);
+  }
+  // Return the edge data, and an explanation of how that edge came to be here.
+  // @ts-ignore: Edge#explain is defined with an unused `seen = []` param.
+  explain() {
+    if (!this.#safeExplanation) {
+      const explanation = {
+        type: this.type,
+        name: this.name,
+        spec: this.spec,
+        bundled: false,
+        overridden: false,
+        error: undefined,
+        from: undefined,
+        rawSpec: undefined
+      };
+      if (this.rawSpec !== this.spec) {
+        explanation.rawSpec = this.rawSpec;
+        explanation.overridden = true;
+      }
+      if (this.bundled) {
+        explanation.bundled = this.bundled;
+      }
+      if (this.error) {
+        explanation.error = this.error;
+      }
+      if (this.#safeFrom) {
+        explanation.from = this.#safeFrom.explain();
+      }
+      this.#safeExplanation = explanation;
+    }
+    return this.#safeExplanation;
+  }
+  get bundled() {
+    return !!this.#safeFrom?.package?.bundleDependencies?.includes(this.name);
+  }
+  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
+  get spec() {
+    if (this.overrides?.value && this.overrides.value !== '*' && this.overrides.name === this.name) {
+      if (this.overrides.value.startsWith('$')) {
+        const ref = this.overrides.value.slice(1);
+        // We may be a virtual root, if we are we want to resolve reference
+        // overrides from the real root, not the virtual one.
+        const pkg = this.#safeFrom?.sourceReference ? this.#safeFrom.sourceReference.root.package : this.#safeFrom?.root.package;
+        if (pkg?.devDependencies?.[ref]) {
+          return pkg.devDependencies[ref];
+        }
+        if (pkg?.optionalDependencies?.[ref]) {
+          return pkg.optionalDependencies[ref];
+        }
+        if (pkg?.dependencies?.[ref]) {
+          return pkg.dependencies[ref];
+        }
+        if (pkg?.peerDependencies?.[ref]) {
+          return pkg.peerDependencies[ref];
+        }
+        throw new Error(`Unable to resolve reference ${this.overrides.value}`);
+      }
+      return this.overrides.value;
+    }
+    return this.rawSpec;
+  }
+  get accept() {
+    return this.#safeAccept;
+  }
+  get error() {
+    if (!this.#safeError) {
+      if (!this.#safeTo) {
+        if (this.optional) {
+          this.#safeError = null;
+        } else {
+          this.#safeError = 'MISSING';
+        }
+      } else if (this.peer && this.#safeFrom === this.#safeTo.parent && !this.#safeFrom?.isTop) {
+        this.#safeError = 'PEER LOCAL';
+      } else if (!this.satisfiedBy(this.#safeTo)) {
+        this.#safeError = 'INVALID';
+      } else {
+        this.#safeError = 'OK';
+      }
+    }
+    if (this.#safeError === 'OK') {
+      return null;
+    }
+    return this.#safeError;
+  }
+  reload(hard = false) {
+    this.#safeExplanation = null;
+    if (this.#safeFrom?.overrides) {
+      this.overrides = this.#safeFrom.overrides.getEdgeRule(this);
+    } else {
+      this.overrides = undefined;
+    }
+    const newTo = this.#safeFrom?.resolve(this.name);
+    if (newTo !== this.#safeTo) {
+      if (this.#safeTo) {
+        // Instead of `this.#safeTo.edgesIn.delete(this)` we patch based on
+        // https://github.com/npm/cli/pull/7025.
+        deleteEdgeIn(this.#safeTo, this);
+      }
+      this.#safeTo = newTo ?? null;
+      this.#safeError = null;
+      if (this.#safeTo) {
+        this.#safeTo.addEdgeIn(this);
+      }
+    } else if (hard) {
+      this.#safeError = null;
+    }
+  }
+  detach() {
+    this.#safeExplanation = null;
+    if (this.#safeTo) {
+      // Instead of `this.#safeTo.edgesIn.delete(this)` we patch based on
+      // https://github.com/npm/cli/pull/7025.
+      deleteEdgeIn(this.#safeTo, this);
+    }
+    if (this.#safeFrom) {
+      this.#safeFrom.edgesOut.delete(this.name);
+    }
+    this.#safeTo = null;
+    this.#safeError = 'DETACHED';
+    this.#safeFrom = null;
+  }
+  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
+  get from() {
+    return this.#safeFrom;
+  }
+  // @ts-ignore: Incorrectly typed as a property instead of an accessor.
+  get to() {
+    return this.#safeTo;
+  }
+}
+class SafeArborist extends Arborist {
+  constructor(...ctorArgs) {
+    const mutedArguments = [{
+      ...ctorArgs[0],
+      audit: true,
+      dryRun: true,
+      ignoreScripts: true,
+      save: false,
+      saveBundle: false,
+      // progress: false,
+      fund: false
+    }, ctorArgs.slice(1)];
+    super(...mutedArguments);
+    this[kCtorArgs] = ctorArgs;
+  }
+  async [kRiskyReify](...args) {
+    // SafeArborist has suffered side effects and must be rebuilt from scratch.
+    const arb = new Arborist(...this[kCtorArgs]);
+    const ret = await arb.reify(...args);
+    Object.assign(this, arb);
+    return ret;
+  }
+  // @ts-ignore Incorrectly typed.
+  async reify(...args) {
+    const options = args[0] ? {
+      ...args[0]
+    } : {};
+    if (options.dryRun) {
+      return await this[kRiskyReify](...args);
+    }
+    const old = {
+      ...options,
+      dryRun: false,
+      save: Boolean(options['save'] ?? true),
+      saveBundle: Boolean(options['saveBundle'] ?? false)
+    };
+    args[0] = options;
+    options.dryRun = true;
+    options['save'] = false;
+    options['saveBundle'] = false;
+    // TODO: Make this deal w/ any refactor to private fields by punching the
+    // class itself.
+    await super.reify(...args);
+    const diff = walk(this['diff']);
+    options.dryRun = old.dryRun;
+    options['save'] = old.save;
+    options['saveBundle'] = old.saveBundle;
+    // Nothing to check, mmm already installed or all private?
+    if (diff.findIndex(c => c.newPackage.repository_url === 'https://registry.npmjs.org') === -1) {
+      return await this[kRiskyReify](...args);
+    }
+    let proceed = _constants.ENV.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE;
+    if (!proceed) {
+      proceed = await ttyServer.captureTTY(async (colorLevel, input, output) => {
+        _chalk.default.level = colorLevel;
+        if (input && output) {
+          const risky = await packagesHaveRiskyIssues(this, this['registry'], diff, output);
+          if (!risky) {
+            return true;
+          }
+          const rlin = new _nodeStream.PassThrough();
+          input.pipe(rlin);
+          const rlout = new _nodeStream.PassThrough();
+          rlout.pipe(output, {
+            end: false
+          });
+          const rli = _nodeReadline.createInterface(rlin, rlout);
+          try {
+            while (true) {
+              // eslint-disable-next-line no-await-in-loop
+              const answer = await new Promise(resolve => {
+                rli.question('Accept risks of installing these packages (y/N)?\n', {
+                  signal: abortSignal
+                }, resolve);
+              });
+              if (/^\s*y(?:es)?\s*$/i.test(answer)) {
+                return true;
+              }
+              if (/^(?:\s*no?\s*|)$/i.test(answer)) {
+                return false;
+              }
+            }
+          } finally {
+            rli.close();
+          }
+        } else if (await packagesHaveRiskyIssues(this, this['registry'], diff, output)) {
+          throw new Error('Socket npm Unable to prompt to accept risk, need TTY to do so');
+        }
+        return true;
+      });
+    }
+    if (proceed) {
+      return await this[kRiskyReify](...args);
+    } else {
+      throw new Error('Socket npm exiting due to risks');
+    }
+  }
+}
+arborist.SafeArborist = SafeArborist;
+function installSafeArborist() {
+  require.cache[arboristEdgeClassPath].exports = SafeEdge;
+  require.cache[arboristClassPath].exports = SafeArborist;
+}
+void (async () => {
+  const remoteSettings = await (async () => {
+    try {
+      const socketSdk = await (0, _sdk.setupSdk)(pubToken);
+      const orgResult = await socketSdk.getOrganizations();
+      if (!orgResult.success) {
+        throw new Error('Failed to fetch Socket organization info: ' + orgResult.error.message);
+      }
+      const orgs = [];
+      for (const org of Object.values(orgResult.data.organizations)) {
+        if (org) {
+          orgs.push(org);
+        }
+      }
+      const result = await socketSdk.postSettings(orgs.map(org => {
+        return {
+          organization: org.id
+        };
+      }));
+      if (!result.success) {
+        throw new Error('Failed to fetch API key settings: ' + result.error.message);
+      }
+      return {
+        orgs,
+        settings: result.data
+      };
+    } catch (e) {
+      if (typeof e === 'object' && e !== null && 'cause' in e) {
+        const {
+          cause
+        } = e;
+        if ((0, _misc.isErrnoException)(cause)) {
+          if (cause.code === 'ENOTFOUND' || cause.code === 'ECONNREFUSED') {
+            throw new Error('Unable to connect to socket.dev, ensure internet connectivity before retrying', {
+              cause: e
+            });
+          }
+        }
+      }
+      throw e;
+    }
+  })();
+  const {
+    orgs,
+    settings
+  } = remoteSettings;
+  const enforcedOrgs = (0, _settings.getSetting)('enforcedOrgs') ?? [];
+  // remove any organizations not being enforced
+  for (const {
+    0: i,
+    1: org
+  } of orgs.entries()) {
+    if (!enforcedOrgs.includes(org.id)) {
+      settings.entries.splice(i, 1);
+    }
+  }
+  const socketYml = findSocketYmlSync();
+  if (socketYml) {
+    settings.entries.push({
+      start: socketYml.path,
+      // @ts-ignore
+      settings: {
+        [socketYml.path]: {
+          deferTo: null,
+          issueRules: socketYml.parsed.issueRules
+        }
+      }
+    });
+  }
+  _uxLookup = (0, _issueRules.createIssueUXLookup)(settings);
+})();
+var _nodeFs = require$$0;
+var _nodePath = require$$1;
+var _link = link.link;
+var _arborist = arborist;
+const distPath = __dirname;
+const rootPath = _nodePath.resolve(distPath, '..');
+const binPath = _nodePath.join(rootPath, 'bin');
+// shadow `npm` and `npx` to mitigate subshells
+(0, _link.installLinks)((0, _nodeFs.realpathSync)(binPath), 'npm');
+(0, _arborist.installSafeArborist)();
+(function (exports) {
+	var _interopRequireWildcard = vendor.interopRequireWildcard.default;
+	Object.defineProperty(exports, "__esModule", {
+	  value: true
+	});
+	var _exportNames = {};
+	Object.defineProperty(exports, "default", {
+	  enumerable: true,
+	  get: function () {
+	    return _npmInjection.default;
+	  }
+	});
+	var _npmInjection = _interopRequireWildcard(npmInjection, true);
+	Object.keys(_npmInjection).forEach(function (key) {
+	  if (key === "default" || key === "__esModule") return;
+	  if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
+	  if (key in exports && exports[key] === _npmInjection[key]) return;
+	  Object.defineProperty(exports, key, {
+	    enumerable: true,
+	    get: function () {
+	      return _npmInjection[key];
+	    }
+	  });
+	});
+} (npmInjection$1));
+module.exports = npmInjection$1;