socket 0.14.123 → 0.14.124

package/dist/module-sync/cli.js

@@ -917,7 +917,7 @@ function emitBanner(name) {
   logger.logger.error(getAsciiHeader(name))
 }
 function getAsciiHeader(command) {
-  const cliVersion = '0.14.123:ac83b62:9fc01fd8:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
+  const cliVersion = '0.14.124:5b2103f:da70cd14:pub' // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
   const nodeVersion = process$1.version
   const apiToken = shadowNpmInject.getDefaultToken()
   const defaultOrg = shadowNpmInject.getConfigValue('defaultOrg')
@@ -3739,7 +3739,7 @@ function getPkgNameFromPurlObj(purlObj) {
 function getBaseGitBranch() {
   // Lazily access constants.ENV[GITHUB_REF_NAME].
   return (
-    constants.ENV[GITHUB_REF_NAME] ??
+    constants.ENV[GITHUB_REF_NAME] ||
     // GitHub defaults to branch name "main"
     // https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
     'main'
@@ -3858,16 +3858,6 @@ async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
   const rawFiles = stdout?.trim().split('\n') ?? []
   return rawFiles.map(relPath => path.normalizePath(relPath))
 }
-async function isInGitRepo(cwd = process.cwd()) {
-  try {
-    await spawn.spawn('git', ['rev-parse', '--is-inside-work-tree'], {
-      cwd,
-      stdio: 'ignore'
-    })
-    return true
-  } catch {}
-  return false
-}
 
 const { GITHUB_ACTIONS, GITHUB_REPOSITORY, SOCKET_SECURITY_GITHUB_PAT } =
   constants
@@ -4054,10 +4044,10 @@ async function npmFix(
 
   // Lazily access constants.ENV[CI].
   const isCi = constants.ENV[CI$1]
-  const { 0: isRepo, 1: workspacePkgJsonPaths } = await Promise.all([
-    isInGitRepo(cwd),
-    shadowNpmInject.globWorkspace(pkgEnvDetails.agent, rootPath)
-  ])
+  const workspacePkgJsonPaths = await shadowNpmInject.globWorkspace(
+    pkgEnvDetails.agent,
+    rootPath
+  )
   const pkgJsonPaths = [
     ...workspacePkgJsonPaths,
     // Process the workspace root last since it will add an override to package.json.
@@ -4075,7 +4065,7 @@ async function npmFix(
     const oldVersions = arrays.arrayUnique(
       shadowNpmInject
         .findPackageNodes(arb.idealTree, name)
-        .map(n => n.version)
+        .map(n => n.target?.version ?? n.version)
         .filter(Boolean)
     )
     const packument =
@@ -4272,15 +4262,15 @@ async function npmFix(
             // eslint-disable-next-line no-await-in-loop
             await Promise.all([
               shadowNpmInject.removeNodeModules(cwd),
-              ...(isRepo ? [gitHardReset(cwd)] : []),
-              ...(saved && !isRepo ? [editablePkgJson.save()] : [])
+              ...(isCi
+                ? [gitCheckoutBaseBranchIfAvailable(baseBranch, cwd)]
+                : []),
+              ...(saved && !isCi ? [editablePkgJson.save()] : [])
             ])
-            if (!isRepo && installed) {
-              // eslint-disable-next-line no-await-in-loop
-              await install$1(revertTree, {
-                cwd
-              })
-            }
+            // eslint-disable-next-line no-await-in-loop
+            await install$1(revertTree, {
+              cwd
+            })
             if (errored) {
               if (!failedSpecs.has(newSpecKey)) {
                 failedSpecs.add(newSpecKey)
@@ -4476,37 +4466,34 @@ async function pnpmFix(
 
   // Lazily access constants.ENV[CI].
   const isCi = constants.ENV[CI]
-  const { 0: isRepo, 1: workspacePkgJsonPaths } = await Promise.all([
-    isInGitRepo(cwd),
-    shadowNpmInject.globWorkspace(pkgEnvDetails.agent, rootPath)
-  ])
+  const workspacePkgJsonPaths = await shadowNpmInject.globWorkspace(
+    pkgEnvDetails.agent,
+    rootPath
+  )
+  const baseBranch = isCi ? getBaseGitBranch() : ''
+  const { owner, repo } = isCi
+    ? getGitHubEnvRepoInfo()
+    : {
+        owner: '',
+        repo: ''
+      }
   const pkgJsonPaths = [
     ...workspacePkgJsonPaths,
     // Process the workspace root last since it will add an override to package.json.
     pkgEnvDetails.editablePkgJson.filename
   ]
-  let actualTree
+  let actualTree = await getActualTree(cwd)
   for (const { 0: name, 1: infos } of infoByPkg) {
     if (registry.getManifestData(NPM$c, name)) {
       spinner?.info(`Skipping ${name}. Socket Optimize package exists.`)
       continue
     }
-    // eslint-disable-next-line no-await-in-loop
-    await Promise.all([
-      shadowNpmInject.removeNodeModules(cwd),
-      ...(isRepo ? [gitHardReset(cwd)] : [])
-    ])
-    // eslint-disable-next-line no-await-in-loop
-    actualTree = await install(pkgEnvDetails, {
-      spinner
-    })
     const oldVersions = arrays.arrayUnique(
       shadowNpmInject
         .findPackageNodes(actualTree, name)
-        .map(n => n.version)
+        .map(n => n.target?.version ?? n.version)
         .filter(Boolean)
     )
-    debug.debugLog(name, 'oldVersions', oldVersions)
     const packument =
       oldVersions.length && infos.length
         ? // eslint-disable-next-line no-await-in-loop
@@ -4529,15 +4516,6 @@ async function pnpmFix(
           firstPatchedVersionIdentifier,
           vulnerableVersionRange
         } of infos) {
-          // eslint-disable-next-line no-await-in-loop
-          await Promise.all([
-            shadowNpmInject.removeNodeModules(cwd),
-            ...(isRepo ? [gitHardReset(cwd)] : [])
-          ])
-          // eslint-disable-next-line no-await-in-loop
-          actualTree = await install(pkgEnvDetails, {
-            spinner
-          })
           const node = shadowNpmInject.findPackageNode(
             actualTree,
             name,
@@ -4640,21 +4618,10 @@ async function pnpmFix(
           const branch = isCi
             ? getSocketBranchName(oldPurl, newVersion, workspaceName)
             : ''
-          const baseBranch = isCi ? getBaseGitBranch() : ''
-          const { owner, repo } = isCi
-            ? getGitHubEnvRepoInfo()
-            : {
-                owner: '',
-                repo: ''
-              }
           const shouldOpenPr = isCi
             ? // eslint-disable-next-line no-await-in-loop
               !(await doesPullRequestExistForBranch(owner, repo, branch))
             : false
-          if (isCi) {
-            // eslint-disable-next-line no-await-in-loop
-            await gitCheckoutBaseBranchIfAvailable(baseBranch, cwd)
-          }
           if (updateData) {
             editablePkgJson.update(updateData)
           }
@@ -4750,11 +4717,10 @@ async function pnpmFix(
             // eslint-disable-next-line no-await-in-loop
             await Promise.all([
               shadowNpmInject.removeNodeModules(cwd),
-              ...(isRepo
-                ? [gitHardReset(cwd)]
-                : installed
-                  ? [editablePkgJson.save()]
-                  : [])
+              ...(isCi
+                ? [gitCheckoutBaseBranchIfAvailable(baseBranch, cwd)]
+                : []),
+              ...(installed && !isCi ? [editablePkgJson.save()] : [])
             ])
             // eslint-disable-next-line no-await-in-loop
             actualTree = await install(pkgEnvDetails, {
@@ -12341,7 +12307,7 @@ void (async () => {
   await vendor.updater({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: '0.14.123',
+    version: '0.14.124',
     ttl: 86_400_000 /* 24 hours in milliseconds */
   })
   try {
@@ -12409,5 +12375,5 @@ void (async () => {
     await shadowNpmInject.captureException(e)
   }
 })()
-//# debugId=5bad9b77-6e22-4b32-a047-7f16520f50a3
+//# debugId=bf160d06-cec8-4139-929e-f01e353b895b
 //# sourceMappingURL=cli.js.map