npm - socket - Versions diffs - 0.14.101 → 0.14.103 - Mend

socket 0.14.101 → 0.14.103

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/module-sync/cli.js +93 -52
package/dist/module-sync/cli.js.map +1 -1
package/dist/module-sync/fs.d.ts +61 -0
package/dist/module-sync/shadow-npm-inject.js +2 -2
package/dist/module-sync/shadow-npm-inject.js.map +1 -1
package/dist/require/cli.js +93 -52
package/dist/require/cli.js.map +1 -1
package/dist/require/shadow-npm-inject.js +2 -2
package/dist/require/shadow-npm-inject.js.map +1 -1
package/package.json +1 -1

package/dist/module-sync/cli.js CHANGED Viewed

@@ -900,7 +900,7 @@ function emitBanner(name) {
   logger.logger.error(getAsciiHeader(name))
 }
 function getAsciiHeader(command) {
-  const cliVersion = '0.14.101:26533ef:8b0b91f5:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
+  const cliVersion = '0.14.103:d303e97:2b3cd4a5:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
   const nodeVersion = process$1.version
   const apiToken = shadowNpmInject.getDefaultToken()
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no'
@@ -3708,7 +3708,39 @@ function formatBranchName(str) {
 function getPkgNameFromPurlObj(purlObj) {
   return `${purlObj.namespace ? `${purlObj.namespace}/` : ''}${purlObj.name}`
 }
-async function branchExists(branch, cwd = process.cwd()) {
+function getBaseGitBranch() {
+  // Lazily access constants.ENV[GITHUB_REF_NAME].
+  return (
+    constants.ENV[GITHUB_REF_NAME] ??
+    // GitHub defaults to branch name "main"
+    // https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
+    'main'
+  )
+}
+function getSocketBranchName(purl, toVersion) {
+  const purlObj = packageurlJs.PackageURL.fromString(purl)
+  const namespace = formatBranchName(purlObj.namespace ?? '')
+  const name = formatBranchName(purlObj.name)
+  const version = formatBranchName(toVersion)
+  const fullName = `${namespace ? `${namespace}-` : ''}${name}`
+  return `socket-fix-${fullName}-${version}`
+}
+function getSocketPullRequestTitle(purl, toVersion) {
+  const purlObj = packageurlJs.PackageURL.fromString(purl)
+  const pkgName = getPkgNameFromPurlObj(purlObj)
+  return `Bump ${pkgName} from ${purlObj.version} to ${toVersion}`
+}
+function getSocketPullRequestBody(purl, toVersion) {
+  const purlObj = packageurlJs.PackageURL.fromString(purl)
+  const pkgName = getPkgNameFromPurlObj(purlObj)
+  return `Bumps [${pkgName}](https://socket.dev/${purlObj.type}/package/${pkgName}) from ${purlObj.version} to ${toVersion}.`
+}
+function getSocketCommitMessage(purl, toVersion) {
+  const purlObj = packageurlJs.PackageURL.fromString(purl)
+  const pkgName = getPkgNameFromPurlObj(purlObj)
+  return `socket: Bump ${pkgName} from ${purlObj.version} to ${toVersion}`
+}
+async function gitBranchExists(branch, cwd = process.cwd()) {
   try {
     await spawn.spawn(
       'git',
@@ -3722,8 +3754,15 @@ async function branchExists(branch, cwd = process.cwd()) {
   } catch {}
   return false
 }
-async function checkoutBaseBranchIfAvailable(baseBranch, cwd = process.cwd()) {
+async function gitCheckoutBaseBranchIfAvailable(
+  baseBranch,
+  cwd = process.cwd()
+) {
   try {
+    await gitHardReset()
+    await spawn.spawn('git', ['fetch', '--depth=1', 'origin', baseBranch], {
+      cwd
+    })
     await spawn.spawn('git', ['checkout', baseBranch], {
       cwd
     })
@@ -3731,18 +3770,19 @@ async function checkoutBaseBranchIfAvailable(baseBranch, cwd = process.cwd()) {
       cwd
     })
     logger.logger.info(`Checked out and reset to ${baseBranch}`)
-  } catch {
+  } catch (e) {
     logger.logger.warn(
       `Could not switch to ${baseBranch}. Proceeding with HEAD.`
     )
+    debug.debugLog(e)
   }
 }
-async function createAndPushBranchIfNeeded(
+async function gitCreateAndPushBranchIfNeeded(
   branch,
   commitMsg,
   cwd = process.cwd()
 ) {
-  if (await branchExists(branch, cwd)) {
+  if (await gitBranchExists(branch, cwd)) {
     logger.logger.warn(`Branch "${branch}" already exists. Skipping creation.`)
     return false
   }
@@ -3760,37 +3800,20 @@ async function createAndPushBranchIfNeeded(
   })
   return true
 }
-function getBaseBranch() {
-  // Lazily access constants.ENV[GITHUB_REF_NAME].
-  return (
-    constants.ENV[GITHUB_REF_NAME] ??
-    // GitHub defaults to branch name "main"
-    // https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
-    'main'
-  )
-}
-function getSocketBranchName(purl, toVersion) {
-  const purlObj = packageurlJs.PackageURL.fromString(purl)
-  const namespace = formatBranchName(purlObj.namespace ?? '')
-  const name = formatBranchName(purlObj.name)
-  const version = formatBranchName(toVersion)
-  const fullName = `${namespace ? `${namespace}-` : ''}${name}`
-  return `socket-fix-${fullName}-${version}`
-}
-function getSocketPullRequestTitle(purl, toVersion) {
-  const purlObj = packageurlJs.PackageURL.fromString(purl)
-  const pkgName = getPkgNameFromPurlObj(purlObj)
-  return `Bump ${pkgName} from ${purlObj.version} to ${toVersion}`
-}
-function getSocketPullRequestBody(purl, toVersion) {
-  const purlObj = packageurlJs.PackageURL.fromString(purl)
-  const pkgName = getPkgNameFromPurlObj(purlObj)
-  return `Bumps [${pkgName}](https://socket.dev/${purlObj.type}/package/${pkgName}) from ${purlObj.version} to ${toVersion}.`
+async function gitHardReset(cwd = process.cwd()) {
+  await spawn.spawn('git', ['reset', '--hard'], {
+    cwd
+  })
 }
-function getSocketCommitMessage(purl, toVersion) {
-  const purlObj = packageurlJs.PackageURL.fromString(purl)
-  const pkgName = getPkgNameFromPurlObj(purlObj)
-  return `socket: Bump ${pkgName} from ${purlObj.version} to ${toVersion}`
+async function isInGitRepo(cwd = process.cwd()) {
+  try {
+    await spawn.spawn('git', ['rev-parse', '--is-inside-work-tree'], {
+      cwd,
+      stdio: 'ignore'
+    })
+    return true
+  } catch {}
+  return false
 }
 const { GITHUB_ACTIONS, GITHUB_REPOSITORY, SOCKET_SECURITY_GITHUB_PAT } =
@@ -3967,6 +3990,7 @@ async function npmFix(
   })
   // Lazily access constants.ENV[CI].
   const isCi = constants.ENV[CI$1]
+  const isRepo = await isInGitRepo(cwd)
   await arb.buildIdealTree()
   for (const { 0: name, 1: infos } of infoByPkg) {
     const hasUpgrade = !!registry.getManifestData(NPM$f, name)
@@ -4052,10 +4076,10 @@ async function npmFix(
             : undefined)
         }
         spinner?.info(`Installing ${toSpec}`)
-        const baseBranch = getBaseBranch()
+        const baseBranch = getBaseGitBranch()
         // eslint-disable-next-line no-await-in-loop
-        await checkoutBaseBranchIfAvailable(baseBranch, cwd)
+        await gitCheckoutBaseBranchIfAvailable(baseBranch, cwd)
         let error
         let errored = false
         let installed = false
@@ -4093,7 +4117,7 @@ async function npmFix(
         }
         if (!errored && shouldOpenPr) {
           // eslint-disable-next-line no-await-in-loop
-          await createAndPushBranchIfNeeded(
+          await gitCreateAndPushBranchIfNeeded(
             branch,
             getSocketCommitMessage(fromPurl, toVersion),
             cwd
@@ -4117,12 +4141,18 @@ async function npmFix(
           if (errored) {
             spinner?.error(`Reverting ${toSpec}`, error)
           }
+          if (isRepo) {
+            // eslint-disable-next-line no-await-in-loop
+            await gitHardReset(cwd)
+          }
           if (saved) {
             editablePkgJson.update(revertData)
-            // eslint-disable-next-line no-await-in-loop
-            await editablePkgJson.save()
+            if (!isRepo) {
+              // eslint-disable-next-line no-await-in-loop
+              await editablePkgJson.save()
+            }
           }
-          if (installed) {
+          if (!isRepo && installed) {
             // eslint-disable-next-line no-await-in-loop
             await install$1(revertTree, {
               cwd
@@ -4384,6 +4414,7 @@ async function pnpmFix(
   })
   // Lazily access constants.ENV[CI].
   const isCi = constants.ENV[CI]
+  const isRepo = await isInGitRepo(cwd)
   let actualTree = await getActualTree(cwd)
   for (const { 0: name, 1: infos } of infoByPkg) {
     if (registry.getManifestData(NPM$c, name)) {
@@ -4448,6 +4479,7 @@ async function pnpmFix(
         )
         const toSpec = `${name}@${toVersionRange}`
         const branch = isCi ? getSocketBranchName(fromPurl, toVersion) : ''
+        const baseBranch = isCi ? getBaseGitBranch() : ''
         const { owner, repo } = isCi
           ? getGitHubEnvRepoInfo()
           : {
@@ -4498,10 +4530,10 @@ async function pnpmFix(
             : undefined)
         }
         spinner?.info(`Installing ${toSpec}`)
-        const baseBranch = getBaseBranch()
-        // eslint-disable-next-line no-await-in-loop
-        await checkoutBaseBranchIfAvailable(baseBranch, cwd)
+        if (isCi) {
+          // eslint-disable-next-line no-await-in-loop
+          await gitCheckoutBaseBranchIfAvailable(baseBranch, cwd)
+        }
         let error
         let errored = false
         let installed = false
@@ -4540,7 +4572,7 @@ async function pnpmFix(
         }
         if (!errored && shouldOpenPr) {
           // eslint-disable-next-line no-await-in-loop
-          await createAndPushBranchIfNeeded(
+          await gitCreateAndPushBranchIfNeeded(
             branch,
             getSocketCommitMessage(fromPurl, toVersion),
             cwd
@@ -4564,12 +4596,21 @@ async function pnpmFix(
           if (errored) {
             spinner?.error(`Reverting ${toSpec}`, error)
           }
+          if (isRepo) {
+            // eslint-disable-next-line no-await-in-loop
+            await gitHardReset(cwd)
+          }
           if (saved) {
             editablePkgJson.update(revertData)
-            // eslint-disable-next-line no-await-in-loop
-            await editablePkgJson.save()
+            if (!isRepo) {
+              // eslint-disable-next-line no-await-in-loop
+              await editablePkgJson.save()
+            }
           }
-          if (installed) {
+          if (isRepo) {
+            // eslint-disable-next-line no-await-in-loop
+            actualTree = await getActualTree(cwd)
+          } else if (installed) {
             // eslint-disable-next-line no-await-in-loop
             actualTree = await install(pkgEnvDetails, {
               spinner
@@ -11498,7 +11539,7 @@ void (async () => {
   await vendor.updater({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: '0.14.101',
+    version: '0.14.103',
     ttl: 86_400_000 /* 24 hours in milliseconds */
   })
   try {
@@ -11566,5 +11607,5 @@ void (async () => {
     await shadowNpmInject.captureException(e)
   }
 })()
-//# debugId=994a338d-d21c-4fec-b92e-a2121b0f443a
+//# debugId=3fc5326e-42e3-4bc1-b11e-317bbdc355b6
 //# sourceMappingURL=cli.js.map