npm - socket - Versions diffs - 0.14.11 → 0.14.13 - Mend

socket 0.14.11 → 0.14.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/npm-injection.js CHANGED Viewed

@@ -4,18 +4,18 @@ var vendor = require('./vendor.js');
 var require$$0 = require('node:fs');
 var require$$1 = require('node:path');
 var link = require('./link.js');
-var require$$0$1 = require('node:events');
+var require$$2$1 = require('node:events');
 var require$$4 = require('node:https');
 var require$$3 = require('node:readline');
-var require$$1$2 = require('node:stream');
-var require$$8 = require('node:timers/promises');
+var require$$5 = require('node:stream');
+var require$$8$1 = require('node:timers/promises');
 var require$$3$1 = require('@socketsecurity/config');
 var require$$1$1 = require('node:net');
 var require$$2 = require('node:os');
 var require$$6 = require('../package.json');
 var sdk = require('./sdk.js');
 var pathResolve = require('./path-resolve.js');
-var require$$21 = require('pacote');
+var require$$8 = require('pacote');
 var npmInjection$1 = {};
@@ -34,7 +34,7 @@ var _nodeNet = require$$1$1;
 var _nodeOs = require$$2;
 var _nodePath$2 = require$$1;
 var _nodeReadline$1 = require$$3;
-var _nodeStream$1 = require$$1$2;
+var _nodeStream$1 = require$$5;
 var _package = require$$6;
 var _misc$1 = sdk.misc;
 const NEWLINE_CHAR_CODE = 10; /*'\n'*/
@@ -382,13 +382,13 @@ Object.defineProperty(arborist, "__esModule", {
 });
 arborist.SafeArborist = void 0;
 arborist.installSafeArborist = installSafeArborist;
-var _nodeEvents = require$$0$1;
+var _nodeEvents = require$$2$1;
 var _nodeFs$1 = require$$0;
 var _nodeHttps = require$$4;
 var _nodePath$1 = require$$1;
 var _nodeReadline = require$$3;
-var _nodeStream = require$$1$2;
-var _promises = require$$8;
+var _nodeStream = require$$5;
+var _promises = require$$8$1;
 var _config = require$$3$1;
 var _chalk = _interopRequireDefault(vendor.source);
 var _isInteractive = _interopRequireDefault(vendor.isInteractive);
@@ -437,7 +437,7 @@ let tarball;
 try {
   tarball = require(_nodePath$1.join(npmNmPath, 'pacote')).tarball;
 } catch {
-  tarball = require$$21.tarball;
+  tarball = require$$8.tarball;
 }
 const Arborist = require(arboristClassPath);
 const Edge = require(arboristEdgeClassPath);

package/dist/path-resolve.d.ts CHANGED Viewed

@@ -2,10 +2,7 @@
 import { SocketYml } from '@socketsecurity/config';
 import { SocketSdkReturnType } from '@socketsecurity/sdk';
 declare function directoryPatterns(): string[];
-declare function arrayUnique<T>(array: T[]): T[];
-declare function getPackageFiles(cwd: string, inputPaths: string[], config: SocketYml | undefined, supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], debugLog: typeof console.error): Promise<string[]>;
-declare function getPackageFilesFullScans(cwd: string, inputPaths: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], debugLog: typeof console.error): Promise<string[]>;
-declare function mapGlobResultToFiles(entries: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']): Promise<string[]>;
-declare function mapGlobEntryToFiles(entry: string, supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data']): Promise<string[]>;
 declare function findRoot(filepath: string): string | undefined;
-export { directoryPatterns, arrayUnique, getPackageFiles, getPackageFilesFullScans, mapGlobResultToFiles, mapGlobEntryToFiles, findRoot };
+declare function getPackageFiles(cwd: string, inputPaths: string[], config: SocketYml | undefined, supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], debugLog?: typeof console.error): Promise<string[]>;
+declare function getPackageFilesFullScans(cwd: string, inputPaths: string[], supportedFiles: SocketSdkReturnType<'getReportSupportedFiles'>['data'], debugLog?: typeof console.error): Promise<string[]>;
+export { directoryPatterns, findRoot, getPackageFiles, getPackageFilesFullScans };

package/dist/path-resolve.js CHANGED Viewed

@@ -1,22 +1,13 @@
 'use strict';
-var require$$1 = require('node:fs/promises');
-var require$$1$1 = require('node:path');
-var vendor = require('./vendor.js');
-var require$$3 = require('ignore');
+var require$$1$1 = require('node:fs/promises');
+var require$$1 = require('node:path');
+var require$$2 = require('ignore');
+var require$$3 = require('micromatch');
+var require$$4 = require('tinyglobby');
 var pathResolve = {};
-var arrays = {};
-Object.defineProperty(arrays, "__esModule", {
-  value: true
-});
-arrays.arrayUnique = arrayUnique;
-function arrayUnique(array) {
-  return [...new Set(array)];
-}
 var ignoreByDefault = {};
 Object.defineProperty(ignoreByDefault, "__esModule", {
@@ -56,68 +47,101 @@ Object.defineProperty(pathResolve, "__esModule", {
 pathResolve.findRoot = findRoot;
 pathResolve.getPackageFiles = getPackageFiles;
 pathResolve.getPackageFilesFullScans = getPackageFilesFullScans;
-pathResolve.mapGlobEntryToFiles = mapGlobEntryToFiles;
-pathResolve.mapGlobResultToFiles = mapGlobResultToFiles;
-var _promises = require$$1;
-var _nodePath = require$$1$1;
-var _globby = vendor.globby;
-var _ignore = require$$3;
-var _arrays = arrays;
+var _promises = require$$1$1;
+var _nodePath = require$$1;
+var _ignore = require$$2;
+var _micromatch = require$$3;
+var _tinyglobby = require$$4;
 var _ignoreByDefault = ignoreByDefault;
-const BASE_GLOBBY_OPTS = {
-  __proto__: null,
-  absolute: true,
-  expandDirectories: false,
-  gitignore: true,
-  ignore: (0, _ignoreByDefault.directoryPatterns)(),
-  markDirectories: true,
-  onlyFiles: true,
-  unique: true
-};
-async function getPackageFiles(cwd, inputPaths, config, supportedFiles, debugLog) {
-  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
-  // TODO: Does not support `~/` paths
-  const entries = await (0, _globby.globby)(inputPaths, {
-    ...BASE_GLOBBY_OPTS,
-    cwd,
-    onlyFiles: false
-  });
-  debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries);
-  const packageFiles = await mapGlobResultToFiles(entries, supportedFiles);
-  debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles);
-  const includedPackageFiles = config?.projectIgnorePaths?.length ? _ignore().add(config.projectIgnorePaths).filter(packageFiles.map(item => _nodePath.relative(cwd, item))).map(item => _nodePath.resolve(cwd, item)) : packageFiles;
-  return includedPackageFiles;
+async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
+  const patterns = ['golang', 'npm', 'pypi'].reduce((r, n) => {
+    const supported = supportedFiles[n];
+    r.push(...(supported ? Object.values(supported).map(p => `**/${p.pattern}`) : []));
+    return r;
+  }, []);
+  return entries.filter(p => _micromatch.some(p, patterns));
 }
-async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles, debugLog) {
-  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
-  // TODO: Does not support `~/` paths
-  const entries = await (0, _globby.globby)(inputPaths, {
-    ...BASE_GLOBBY_OPTS,
+async function globWithGitIgnore(patterns, options) {
+  const {
+    socketConfig,
+    cwd = process.cwd(),
+    ...additionalOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const projectIgnorePaths = socketConfig?.projectIgnorePaths;
+  const ignoreFiles = await (0, _tinyglobby.glob)(['**/.gitignore'], {
+    __proto__: null,
+    absolute: true,
     cwd,
-    onlyFiles: false
+    expandDirectories: true
   });
-  debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries);
-  const packageFiles = await mapGlobResultToFiles(entries, supportedFiles);
-  debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles);
-  return packageFiles;
+  const ignores = [...(0, _ignoreByDefault.directoryPatterns)(), ...(Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, _nodePath.join(cwd, '.gitignore'), cwd) : []), ...(await Promise.all(ignoreFiles.map(async filepath => ignoreFileToGlobPatterns(await _promises.readFile(filepath, 'utf8'), filepath, cwd)))).flat()];
+  const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/);
+  const globOptions = {
+    __proto__: null,
+    absolute: true,
+    cwd,
+    expandDirectories: false,
+    ignore: hasNegatedPattern ? [] : ignores,
+    ...additionalOptions
+  };
+  const result = await (0, _tinyglobby.glob)(patterns, globOptions);
+  if (!hasNegatedPattern) {
+    return result;
+  }
+  const {
+    absolute
+  } = globOptions;
+  const filtered = _ignore().add(ignores).filter(absolute ? result.map(p => _nodePath.relative(cwd, p)) : result);
+  return absolute ? filtered.map(p => _nodePath.resolve(cwd, p)) : filtered;
+}
+function ignoreFileLinesToGlobPatterns(lines, filepath, cwd) {
+  const base = _nodePath.relative(cwd, _nodePath.dirname(filepath)).replace(/\\/g, '/');
+  const patterns = [];
+  for (let i = 0, {
+      length
+    } = lines; i < length; i += 1) {
+    const pattern = lines[i].trim();
+    if (pattern.length > 0 && pattern.charCodeAt(0) !== 35 /*'#'*/) {
+      patterns.push(ignorePatternToMinimatch(pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/ ? `!${_nodePath.posix.join(base, pattern.slice(1))}` : _nodePath.posix.join(base, pattern)));
+    }
+  }
+  return patterns;
 }
-async function mapGlobResultToFiles(entries, supportedFiles) {
-  const packageFiles = await Promise.all(entries.map(entry => mapGlobEntryToFiles(entry, supportedFiles)));
-  return (0, _arrays.arrayUnique)(packageFiles.flat());
+function ignoreFileToGlobPatterns(content, filepath, cwd) {
+  return ignoreFileLinesToGlobPatterns(content.split(/\r?\n/), filepath, cwd);
 }
-async function mapGlobEntryToFiles(entry, supportedFiles) {
-  const jsSupported = supportedFiles['npm'] ?? {};
-  const jsLockFilePatterns = Object.values(jsSupported).map(p => `**/${p.pattern}`);
-  const pyFilePatterns = Object.values(supportedFiles['pypi'] ?? {}).map(p => `**/${p.pattern}`);
-  const goSupported = supportedFiles['golang'] ?? {};
-  const goSupplementalPatterns = Object.values(goSupported).map(p => `**/${p.pattern}`);
-  return await (0, _globby.globby)([...jsLockFilePatterns, ...pyFilePatterns, ...goSupplementalPatterns], {
-    ...BASE_GLOBBY_OPTS,
-    onlyFiles: true,
-    cwd: _nodePath.resolve((await (0, _promises.stat)(entry)).isDirectory() ? entry : _nodePath.dirname(entry))
-  });
+// Based on `@eslint/compat` convertIgnorePatternToMinimatch.
+// Apache v2.0 licensed
+// Copyright Nicholas C. Zakas
+// https://github.com/eslint/rewrite/blob/compat-v1.2.1/packages/compat/src/ignore-file.js#L28
+function ignorePatternToMinimatch(pattern) {
+  const isNegated = pattern.startsWith('!');
+  const negatedPrefix = isNegated ? '!' : '';
+  const patternToTest = (isNegated ? pattern.slice(1) : pattern).trimEnd();
+  // Special cases.
+  if (patternToTest === '' || patternToTest === '**' || patternToTest === '/**' || patternToTest === '**') {
+    return `${negatedPrefix}${patternToTest}`;
+  }
+  const firstIndexOfSlash = patternToTest.indexOf('/');
+  const matchEverywherePrefix = firstIndexOfSlash === -1 || firstIndexOfSlash === patternToTest.length - 1 ? '**/' : '';
+  const patternWithoutLeadingSlash = firstIndexOfSlash === 0 ? patternToTest.slice(1) : patternToTest;
+  // Escape `{` and `(` because in gitignore patterns they are just
+  // literal characters without any specific syntactic meaning,
+  // while in minimatch patterns they can form brace expansion or extglob syntax.
+  //
+  // For example, gitignore pattern `src/{a,b}.js` ignores file `src/{a,b}.js`.
+  // But, the same minimatch pattern `src/{a,b}.js` ignores files `src/a.js` and `src/b.js`.
+  // Minimatch pattern `src/\{a,b}.js` is equivalent to gitignore pattern `src/{a,b}.js`.
+  const escapedPatternWithoutLeadingSlash = patternWithoutLeadingSlash.replaceAll(/(?=((?:\\.|[^{(])*))\1([{(])/guy, '$1\\$2');
+  const matchInsideSuffix = patternToTest.endsWith('/**') ? '/*' : '';
+  return `${negatedPrefix}${matchEverywherePrefix}${escapedPatternWithoutLeadingSlash}${matchInsideSuffix}`;
+}
+function pathsToPatterns(paths) {
+  return paths.map(p => p === '.' ? '**/*' : p);
 }
 function findRoot(filepath) {
   let curPath = filepath;
@@ -132,5 +156,30 @@ function findRoot(filepath) {
     curPath = parent;
   }
 }
+async function getPackageFiles(cwd, inputPaths, config, supportedFiles, debugLog = () => {}) {
+  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
+  // TODO: Does not support `~/` paths
+  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {
+    cwd,
+    socketConfig: config
+  });
+  debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries);
+  const packageFiles = await filterGlobResultToSupportedFiles(entries, supportedFiles);
+  debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles);
+  return packageFiles;
+}
+async function getPackageFilesFullScans(cwd, inputPaths, supportedFiles, debugLog = () => {}) {
+  debugLog(`Globbed resolving ${inputPaths.length} paths:`, inputPaths);
+  // TODO: Does not support `~/` paths
+  const entries = await globWithGitIgnore(pathsToPatterns(inputPaths), {
+    cwd
+  });
+  debugLog(`Globbed resolved ${inputPaths.length} paths to ${entries.length} paths:`, entries);
+  const packageFiles = await filterGlobResultToSupportedFiles(entries, supportedFiles);
+  debugLog(`Mapped ${entries.length} entries to ${packageFiles.length} files:`, packageFiles);
+  return packageFiles;
+}
 exports.pathResolve = pathResolve;