socket 0.14.15 → 0.14.16

package/dist/npm-injection.js

@@ -10,6 +10,8 @@ var require$$3 = require('node:readline');
 var require$$5 = require('node:stream');
 var require$$8$1 = require('node:timers/promises');
 var require$$3$1 = require('@socketsecurity/config');
+var require$$6$1 = require('npm-package-arg');
+var require$$3$2 = require('semver');
 var sdk = require('./sdk.js');
 var require$$1$1 = require('node:net');
 var require$$2 = require('node:os');
@@ -393,6 +395,8 @@ var _config = require$$3$1;
 var _chalk = _interopRequireDefault(vendor.source);
 var _isInteractive = _interopRequireDefault(vendor.isInteractive);
 var _ora = _interopRequireWildcard(vendor.ora);
+var _npmPackageArg = require$$6$1;
+var _semver = require$$3$2;
 var _constants = sdk.constants;
 var _ttyServer = ttyServer$1;
 var _chalkMarkdown = sdk.chalkMarkdown;
@@ -1202,6 +1206,44 @@ class SafeOverrideSet extends OverrideSet {
     }
     return true;
   }
+  getEdgeRule(edge) {
+    for (const rule of this.ruleset.values()) {
+      if (rule.name !== edge.name) {
+        continue;
+      }
+      // If keySpec is * we found our override.
+      if (rule.keySpec === '*') {
+        return rule;
+      }
+      // Patch replacing
+      // let spec = npa(`${edge.name}@${edge.spec}`)
+      // is based on https://github.com/npm/cli/pull/7025.
+      //
+      // We need to use the rawSpec here, because the spec has the overrides
+      // applied to it already.
+      let spec = _npmPackageArg(`${edge.name}@${edge.rawSpec}`);
+      if (spec.type === 'alias') {
+        spec = spec.subSpec;
+      }
+      if (spec.type === 'git') {
+        if (spec.gitRange && rule.keySpec && _semver.intersects(spec.gitRange, rule.keySpec)) {
+          return rule;
+        }
+        continue;
+      }
+      if (spec.type === 'range' || spec.type === 'version') {
+        if (rule.keySpec && _semver.intersects(spec.fetchSpec, rule.keySpec)) {
+          return rule;
+        }
+        continue;
+      }
+      // If we got this far, the spec type is one of tag, directory or file
+      // which means we have no real way to make version comparisons, so we
+      // just accept the override.
+      return rule;
+    }
+    return this;
+  }
 
   // Patch adding isEqual is based on
   // https://github.com/npm/cli/pull/7025.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "0.14.15",
+  "version": "0.14.16",
   "description": "CLI tool for Socket.dev",
   "homepage": "http://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -118,7 +118,6 @@
     "eslint-plugin-depend": "^0.11.0",
     "eslint-plugin-n": "^17.11.1",
     "eslint-plugin-unicorn": "^56.0.0",
-    "globby": "^14.0.2",
     "husky": "^9.1.6",
     "is-interactive": "^2.0.0",
     "is-unicode-supported": "^2.1.0",
@@ -161,9 +160,11 @@
     "indent-string": "npm:@socketregistry/indent-string@^1",
     "is-core-module": "npm:@socketregistry/is-core-module@^1",
     "isarray": "npm:@socketregistry/isarray@^1",
+    "npm-package-arg": "$npm-package-arg",
     "path-parse": "npm:@socketregistry/path-parse@^1",
     "safe-buffer": "npm:@socketregistry/safe-buffer@^1",
     "safer-buffer": "npm:@socketregistry/safer-buffer@^1",
+    "semver": "$semver",
     "set-function-length": "npm:@socketregistry/set-function-length@^1",
     "side-channel": "npm:@socketregistry/side-channel@^1"
   },
@@ -180,9 +181,11 @@
     "indent-string": "npm:@socketregistry/indent-string@^1",
     "is-core-module": "npm:@socketregistry/is-core-module@^1",
     "isarray": "npm:@socketregistry/isarray@^1",
+    "npm-package-arg": "^12.0.0",
     "path-parse": "npm:@socketregistry/path-parse@^1",
     "safe-buffer": "npm:@socketregistry/safe-buffer@^1",
     "safer-buffer": "npm:@socketregistry/safer-buffer@^1",
+    "semver": "^7.6.3",
     "set-function-length": "npm:@socketregistry/set-function-length@^1",
     "side-channel": "npm:@socketregistry/side-channel@^1"
   },