socket 0.14.18 → 0.14.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/cli.js +134 -44
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -27,6 +27,7 @@ socket wrapper --enable
|
|
|
27
27
|
[`@socketregistry`](https://github.com/SocketDev/socket-registry) overrides
|
|
28
28
|
|
|
29
29
|
- `--pin` - Pin overrides to their latest version
|
|
30
|
+
- `--prod` - Only add overrides for production dependencies
|
|
30
31
|
|
|
31
32
|
- `socket raw-npm` and `socket raw-npx` - Temporarily disable the Socket
|
|
32
33
|
'safe-npm' wrapper.
|
package/dist/cli.js
CHANGED
|
@@ -1201,9 +1201,16 @@ const distPath$1 = __dirname;
|
|
|
1201
1201
|
const manifestNpmOverrides = (0, _registry.getManifestData)('npm');
|
|
1202
1202
|
const packumentCache = new Map();
|
|
1203
1203
|
const getOverridesDataByAgent = {
|
|
1204
|
+
bun(pkgJson) {
|
|
1205
|
+
const overrides = pkgJson?.resolutions ?? {};
|
|
1206
|
+
return {
|
|
1207
|
+
type: 'yarn',
|
|
1208
|
+
overrides
|
|
1209
|
+
};
|
|
1210
|
+
},
|
|
1204
1211
|
// npm overrides documentation:
|
|
1205
1212
|
// https://docs.npmjs.com/cli/v10/configuring-npm/package-json#overrides
|
|
1206
|
-
npm
|
|
1213
|
+
npm(pkgJson) {
|
|
1207
1214
|
const overrides = pkgJson?.overrides ?? {};
|
|
1208
1215
|
return {
|
|
1209
1216
|
type: 'npm',
|
|
@@ -1212,7 +1219,7 @@ const getOverridesDataByAgent = {
|
|
|
1212
1219
|
},
|
|
1213
1220
|
// pnpm overrides documentation:
|
|
1214
1221
|
// https://pnpm.io/package_json#pnpmoverrides
|
|
1215
|
-
pnpm
|
|
1222
|
+
pnpm(pkgJson) {
|
|
1216
1223
|
const overrides = pkgJson?.pnpm?.overrides ?? {};
|
|
1217
1224
|
return {
|
|
1218
1225
|
type: 'pnpm',
|
|
@@ -1221,7 +1228,7 @@ const getOverridesDataByAgent = {
|
|
|
1221
1228
|
},
|
|
1222
1229
|
// Yarn resolutions documentation:
|
|
1223
1230
|
// https://yarnpkg.com/configuration/manifest#resolutions
|
|
1224
|
-
yarn
|
|
1231
|
+
yarn(pkgJson) {
|
|
1225
1232
|
const overrides = pkgJson?.resolutions ?? {};
|
|
1226
1233
|
return {
|
|
1227
1234
|
type: 'yarn',
|
|
@@ -1229,23 +1236,8 @@ const getOverridesDataByAgent = {
|
|
|
1229
1236
|
};
|
|
1230
1237
|
}
|
|
1231
1238
|
};
|
|
1232
|
-
const lockIncludesByAgent = {
|
|
1233
|
-
|
|
1234
|
-
// Detects the package name in the following cases:
|
|
1235
|
-
// "name":
|
|
1236
|
-
return lockSrc.includes(`"${name}":`);
|
|
1237
|
-
},
|
|
1238
|
-
pnpm: (lockSrc, name) => {
|
|
1239
|
-
const escapedName = (0, _regexps.escapeRegExp)(name);
|
|
1240
|
-
return new RegExp(
|
|
1241
|
-
// Detects the package name in the following cases:
|
|
1242
|
-
// /name/
|
|
1243
|
-
// 'name'
|
|
1244
|
-
// name:
|
|
1245
|
-
// name@
|
|
1246
|
-
`(?<=^\\s*)(?:(['/])${escapedName}\\1|${escapedName}(?=[:@]))`, 'm').test(lockSrc);
|
|
1247
|
-
},
|
|
1248
|
-
yarn: (lockSrc, name) => {
|
|
1239
|
+
const lockIncludesByAgent = (() => {
|
|
1240
|
+
const yarn = (lockSrc, name) => {
|
|
1249
1241
|
const escapedName = (0, _regexps.escapeRegExp)(name);
|
|
1250
1242
|
return new RegExp(
|
|
1251
1243
|
// Detects the package name in the following cases:
|
|
@@ -1254,9 +1246,33 @@ const lockIncludesByAgent = {
|
|
|
1254
1246
|
// name@
|
|
1255
1247
|
// , name@
|
|
1256
1248
|
`(?<=(?:^\\s*|,\\s*)"?)${escapedName}(?=@)`, 'm').test(lockSrc);
|
|
1257
|
-
}
|
|
1258
|
-
|
|
1249
|
+
};
|
|
1250
|
+
return {
|
|
1251
|
+
bun: yarn,
|
|
1252
|
+
npm(lockSrc, name) {
|
|
1253
|
+
// Detects the package name in the following cases:
|
|
1254
|
+
// "name":
|
|
1255
|
+
return lockSrc.includes(`"${name}":`);
|
|
1256
|
+
},
|
|
1257
|
+
pnpm(lockSrc, name) {
|
|
1258
|
+
const escapedName = (0, _regexps.escapeRegExp)(name);
|
|
1259
|
+
return new RegExp(
|
|
1260
|
+
// Detects the package name in the following cases:
|
|
1261
|
+
// /name/
|
|
1262
|
+
// 'name'
|
|
1263
|
+
// name:
|
|
1264
|
+
// name@
|
|
1265
|
+
`(?<=^\\s*)(?:(['/])${escapedName}\\1|${escapedName}(?=[:@]))`, 'm').test(lockSrc);
|
|
1266
|
+
},
|
|
1267
|
+
yarn
|
|
1268
|
+
};
|
|
1269
|
+
})();
|
|
1259
1270
|
const updateManifestByAgent = {
|
|
1271
|
+
bun(pkgJson, overrides) {
|
|
1272
|
+
pkgJson.update({
|
|
1273
|
+
[RESOLUTIONS_FIELD_NAME]: overrides
|
|
1274
|
+
});
|
|
1275
|
+
},
|
|
1260
1276
|
npm(pkgJson, overrides) {
|
|
1261
1277
|
pkgJson.update({
|
|
1262
1278
|
[OVERRIDES_FIELD_NAME]: overrides
|
|
@@ -1276,6 +1292,66 @@ const updateManifestByAgent = {
|
|
|
1276
1292
|
});
|
|
1277
1293
|
}
|
|
1278
1294
|
};
|
|
1295
|
+
const lsByAgent = {
|
|
1296
|
+
async bun(agentExecPath, cwd, _rootPath) {
|
|
1297
|
+
try {
|
|
1298
|
+
// Bun does not support filtering by production packages yet.
|
|
1299
|
+
// https://github.com/oven-sh/bun/issues/8283
|
|
1300
|
+
return (await _promiseSpawn$2(agentExecPath, ['pm', 'ls', '--all'], {
|
|
1301
|
+
cwd
|
|
1302
|
+
})).stdout;
|
|
1303
|
+
} catch {}
|
|
1304
|
+
return '';
|
|
1305
|
+
},
|
|
1306
|
+
async npm(agentExecPath, cwd, rootPath) {
|
|
1307
|
+
try {
|
|
1308
|
+
let {
|
|
1309
|
+
stdout
|
|
1310
|
+
} = await _promiseSpawn$2(agentExecPath, ['ls', '--parseable', '--omit', 'dev', '--all'], {
|
|
1311
|
+
cwd
|
|
1312
|
+
});
|
|
1313
|
+
stdout = stdout.replaceAll(cwd, '');
|
|
1314
|
+
return rootPath === cwd ? stdout : stdout.replaceAll(rootPath, '');
|
|
1315
|
+
} catch {}
|
|
1316
|
+
return '';
|
|
1317
|
+
},
|
|
1318
|
+
async pnpm(agentExecPath, cwd, rootPath) {
|
|
1319
|
+
try {
|
|
1320
|
+
let {
|
|
1321
|
+
stdout
|
|
1322
|
+
} = await _promiseSpawn$2(agentExecPath, ['ls', '--parseable', '--prod', '--depth', 'Infinity'], {
|
|
1323
|
+
cwd
|
|
1324
|
+
});
|
|
1325
|
+
stdout = stdout.replaceAll(cwd, '');
|
|
1326
|
+
return rootPath === cwd ? stdout : stdout.replaceAll(rootPath, '');
|
|
1327
|
+
} catch {}
|
|
1328
|
+
return '';
|
|
1329
|
+
},
|
|
1330
|
+
async yarn(agentExecPath, cwd, _rootPath) {
|
|
1331
|
+
try {
|
|
1332
|
+
return (
|
|
1333
|
+
// Yarn Berry does not support filtering by production packages yet.
|
|
1334
|
+
// https://github.com/yarnpkg/berry/issues/5117
|
|
1335
|
+
(await _promiseSpawn$2(agentExecPath, ['info', '--recursive', '--name-only'], {
|
|
1336
|
+
cwd
|
|
1337
|
+
})).stdout
|
|
1338
|
+
);
|
|
1339
|
+
} catch {}
|
|
1340
|
+
try {
|
|
1341
|
+
// However, Yarn Classic does support it.
|
|
1342
|
+
return (await _promiseSpawn$2(agentExecPath, ['list', '--prod'], {
|
|
1343
|
+
cwd
|
|
1344
|
+
})).stdout;
|
|
1345
|
+
} catch {}
|
|
1346
|
+
return '';
|
|
1347
|
+
}
|
|
1348
|
+
};
|
|
1349
|
+
const depsIncludesByAgent = {
|
|
1350
|
+
bun: (stdout, name) => stdout.includes(name),
|
|
1351
|
+
npm: (stdout, name) => stdout.includes(name),
|
|
1352
|
+
pnpm: (stdout, name) => stdout.includes(name),
|
|
1353
|
+
yarn: (stdout, name) => stdout.includes(name)
|
|
1354
|
+
};
|
|
1279
1355
|
function getDependencyEntries(pkgJson) {
|
|
1280
1356
|
const {
|
|
1281
1357
|
dependencies,
|
|
@@ -1334,12 +1410,13 @@ function workspaceToGlobPattern(workspace) {
|
|
|
1334
1410
|
}
|
|
1335
1411
|
async function addOverrides({
|
|
1336
1412
|
agent,
|
|
1337
|
-
|
|
1413
|
+
agentExecPath,
|
|
1338
1414
|
lockSrc,
|
|
1339
1415
|
manifestEntries,
|
|
1416
|
+
pin,
|
|
1340
1417
|
pkgJson: editablePkgJson,
|
|
1341
1418
|
pkgPath,
|
|
1342
|
-
|
|
1419
|
+
prod,
|
|
1343
1420
|
rootPath
|
|
1344
1421
|
}, state = {
|
|
1345
1422
|
added: new Set(),
|
|
@@ -1350,6 +1427,9 @@ async function addOverrides({
|
|
|
1350
1427
|
}
|
|
1351
1428
|
const pkgJson = editablePkgJson.content;
|
|
1352
1429
|
const isRoot = pkgPath === rootPath;
|
|
1430
|
+
const isLockScanned = isRoot && !prod;
|
|
1431
|
+
const thingToScan = isLockScanned ? lockSrc : await lsByAgent[agent](agentExecPath, pkgPath, rootPath);
|
|
1432
|
+
const thingScanner = isLockScanned ? lockIncludesByAgent[agent] : depsIncludesByAgent[agent];
|
|
1353
1433
|
const depEntries = getDependencyEntries(pkgJson);
|
|
1354
1434
|
const workspaces = await getWorkspaces(agent, pkgPath, pkgJson);
|
|
1355
1435
|
const isWorkspace = !!workspaces;
|
|
@@ -1379,12 +1459,12 @@ async function addOverrides({
|
|
|
1379
1459
|
let thisVersion = version;
|
|
1380
1460
|
// Add package aliases for direct dependencies to avoid npm EOVERRIDE errors.
|
|
1381
1461
|
// https://docs.npmjs.com/cli/v8/using-npm/package-spec#aliases
|
|
1382
|
-
const
|
|
1383
|
-
const existingVersion = pkgSpec.startsWith(
|
|
1462
|
+
const regSpecStartsLike = `npm:${regPkgName}@`;
|
|
1463
|
+
const existingVersion = pkgSpec.startsWith(regSpecStartsLike) ? _semver.coerce(_npmPackageArg(pkgSpec).rawSpec)?.version ?? '' : '';
|
|
1384
1464
|
if (existingVersion) {
|
|
1385
1465
|
thisVersion = existingVersion;
|
|
1386
1466
|
} else {
|
|
1387
|
-
pkgSpec = `${
|
|
1467
|
+
pkgSpec = `${regSpecStartsLike}^${version}`;
|
|
1388
1468
|
depObj[origPkgName] = pkgSpec;
|
|
1389
1469
|
state.added.add(regPkgName);
|
|
1390
1470
|
}
|
|
@@ -1394,19 +1474,17 @@ async function addOverrides({
|
|
|
1394
1474
|
});
|
|
1395
1475
|
}
|
|
1396
1476
|
}
|
|
1397
|
-
if (!isRoot) {
|
|
1398
|
-
return;
|
|
1399
|
-
}
|
|
1400
1477
|
// Chunk package names to process them in parallel 3 at a time.
|
|
1401
1478
|
await (0, _promises2.pEach)(overridesDataObjects, 3, async ({
|
|
1402
1479
|
overrides,
|
|
1403
1480
|
type
|
|
1404
1481
|
}) => {
|
|
1405
1482
|
const overrideExists = (0, _objects.hasOwn)(overrides, origPkgName);
|
|
1406
|
-
if (overrideExists ||
|
|
1483
|
+
if (overrideExists || thingScanner(thingToScan, origPkgName)) {
|
|
1407
1484
|
const oldSpec = overrideExists ? overrides[origPkgName] : undefined;
|
|
1408
1485
|
const depAlias = depAliasMap.get(origPkgName);
|
|
1409
|
-
|
|
1486
|
+
const regSpecStartsLike = `npm:${regPkgName}@`;
|
|
1487
|
+
let newSpec = `${regSpecStartsLike}^${pin ? version : major}`;
|
|
1410
1488
|
let thisVersion = version;
|
|
1411
1489
|
if (depAlias && type === 'npm') {
|
|
1412
1490
|
// With npm one may not set an override for a package that one directly
|
|
@@ -1417,13 +1495,16 @@ async function addOverrides({
|
|
|
1417
1495
|
// of with a $.
|
|
1418
1496
|
// https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides
|
|
1419
1497
|
newSpec = `$${origPkgName}`;
|
|
1420
|
-
} else if (overrideExists
|
|
1498
|
+
} else if (overrideExists) {
|
|
1421
1499
|
const thisSpec = oldSpec.startsWith('$') ? depAlias?.id ?? newSpec : oldSpec ?? newSpec;
|
|
1422
|
-
|
|
1423
|
-
|
|
1424
|
-
|
|
1500
|
+
if (thisSpec.startsWith(regSpecStartsLike)) {
|
|
1501
|
+
if (pin) {
|
|
1502
|
+
thisVersion = _semver.major(_semver.coerce(_npmPackageArg(thisSpec).rawSpec)?.version ?? version) === major ? version : (await fetchPackageManifest(thisSpec))?.version ?? version;
|
|
1503
|
+
}
|
|
1504
|
+
newSpec = `${regSpecStartsLike}^${pin ? thisVersion : _semver.major(thisVersion)}`;
|
|
1505
|
+
} else {
|
|
1506
|
+
newSpec = oldSpec;
|
|
1425
1507
|
}
|
|
1426
|
-
newSpec = `npm:${regPkgName}@^${pin ? thisVersion : _semver.major(thisVersion)}`;
|
|
1427
1508
|
}
|
|
1428
1509
|
if (newSpec !== oldSpec) {
|
|
1429
1510
|
if (overrideExists) {
|
|
@@ -1448,11 +1529,12 @@ async function addOverrides({
|
|
|
1448
1529
|
updated
|
|
1449
1530
|
} = await addOverrides({
|
|
1450
1531
|
agent,
|
|
1532
|
+
agentExecPath,
|
|
1451
1533
|
lockSrc,
|
|
1452
|
-
lockIncludes,
|
|
1453
1534
|
manifestEntries,
|
|
1454
1535
|
pin,
|
|
1455
1536
|
pkgPath: _nodePath$2.dirname(wsPkgJsonPath),
|
|
1537
|
+
prod,
|
|
1456
1538
|
rootPath
|
|
1457
1539
|
});
|
|
1458
1540
|
for (const regPkgName of added) {
|
|
@@ -1507,7 +1589,8 @@ const optimize = optimize$1.optimize = {
|
|
|
1507
1589
|
return;
|
|
1508
1590
|
}
|
|
1509
1591
|
const {
|
|
1510
|
-
pin
|
|
1592
|
+
pin,
|
|
1593
|
+
prod
|
|
1511
1594
|
} = commandContext;
|
|
1512
1595
|
const cwd = process.cwd();
|
|
1513
1596
|
const {
|
|
@@ -1546,19 +1629,19 @@ const optimize = optimize$1.optimize = {
|
|
|
1546
1629
|
updated: new Set()
|
|
1547
1630
|
};
|
|
1548
1631
|
if (lockSrc) {
|
|
1549
|
-
const lockIncludes = agent === 'bun' ? lockIncludesByAgent.yarn : lockIncludesByAgent[agent];
|
|
1550
1632
|
const nodeRange = `>=${minimumNodeVersion}`;
|
|
1551
1633
|
const manifestEntries = manifestNpmOverrides.filter(({
|
|
1552
1634
|
1: data
|
|
1553
1635
|
}) => _semver.satisfies(_semver.coerce(data.engines.node), nodeRange));
|
|
1554
1636
|
await addOverrides({
|
|
1555
|
-
agent
|
|
1556
|
-
|
|
1637
|
+
agent,
|
|
1638
|
+
agentExecPath,
|
|
1557
1639
|
lockSrc,
|
|
1558
1640
|
manifestEntries,
|
|
1559
1641
|
pin,
|
|
1560
1642
|
pkgJson,
|
|
1561
1643
|
pkgPath,
|
|
1644
|
+
prod,
|
|
1562
1645
|
rootPath: pkgPath
|
|
1563
1646
|
}, state);
|
|
1564
1647
|
}
|
|
@@ -1613,6 +1696,11 @@ function setupCommand$l(name, description, argv, importMeta) {
|
|
|
1613
1696
|
type: 'boolean',
|
|
1614
1697
|
default: false,
|
|
1615
1698
|
description: 'Pin overrides to their latest version'
|
|
1699
|
+
},
|
|
1700
|
+
prod: {
|
|
1701
|
+
type: 'boolean',
|
|
1702
|
+
default: false,
|
|
1703
|
+
description: 'Only add overrides for production dependencies'
|
|
1616
1704
|
}
|
|
1617
1705
|
};
|
|
1618
1706
|
const cli = (0, _meow$m.default)(`
|
|
@@ -1632,14 +1720,16 @@ function setupCommand$l(name, description, argv, importMeta) {
|
|
|
1632
1720
|
});
|
|
1633
1721
|
const {
|
|
1634
1722
|
help,
|
|
1635
|
-
pin
|
|
1723
|
+
pin,
|
|
1724
|
+
prod
|
|
1636
1725
|
} = cli.flags;
|
|
1637
1726
|
if (help) {
|
|
1638
1727
|
cli.showHelp();
|
|
1639
1728
|
return;
|
|
1640
1729
|
}
|
|
1641
1730
|
return {
|
|
1642
|
-
pin
|
|
1731
|
+
pin,
|
|
1732
|
+
prod
|
|
1643
1733
|
};
|
|
1644
1734
|
}
|
|
1645
1735
|
|