socket 0.14.18 → 0.14.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/cli.js +281 -95
- package/dist/npm-injection.js +2 -2
- package/dist/sdk.d.ts +3 -1
- package/dist/sdk.js +10 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -27,6 +27,7 @@ socket wrapper --enable
|
|
|
27
27
|
[`@socketregistry`](https://github.com/SocketDev/socket-registry) overrides
|
|
28
28
|
|
|
29
29
|
- `--pin` - Pin overrides to their latest version
|
|
30
|
+
- `--prod` - Only add overrides for production dependencies
|
|
30
31
|
|
|
31
32
|
- `socket raw-npm` and `socket raw-npx` - Temporarily disable the Socket
|
|
32
33
|
'safe-npm' wrapper.
|
package/dist/cli.js
CHANGED
|
@@ -14,7 +14,7 @@ var require$$1$4 = require('node:fs/promises');
|
|
|
14
14
|
var require$$1$3 = require('@npmcli/package-json');
|
|
15
15
|
var require$$5$1 = require('@socketsecurity/registry');
|
|
16
16
|
var require$$7 = require('npm-package-arg');
|
|
17
|
-
var require$$
|
|
17
|
+
var require$$0$1 = require('pacote');
|
|
18
18
|
var require$$3 = require('semver');
|
|
19
19
|
var require$$11 = require('tinyglobby');
|
|
20
20
|
var require$$12 = require('yaml');
|
|
@@ -26,12 +26,12 @@ var require$$3$1 = require('@socketsecurity/config');
|
|
|
26
26
|
var pathResolve = require('./path-resolve.js');
|
|
27
27
|
var require$$2$2 = require('node:os');
|
|
28
28
|
var require$$3$2 = require('node:readline');
|
|
29
|
-
var require$$0$
|
|
29
|
+
var require$$0$2 = require('node:process');
|
|
30
30
|
var require$$2$3 = require('node:readline/promises');
|
|
31
31
|
var require$$2$4 = require('chalk-table');
|
|
32
32
|
var require$$2$5 = require('blessed');
|
|
33
33
|
var require$$3$3 = require('blessed-contrib');
|
|
34
|
-
var require$$0$
|
|
34
|
+
var require$$0$3 = require('node:util');
|
|
35
35
|
|
|
36
36
|
var cli$1 = {};
|
|
37
37
|
|
|
@@ -285,7 +285,7 @@ apiHelpers.queryAPI = queryAPI;
|
|
|
285
285
|
var _chalk$i = _interopRequireDefault$r(vendor.source);
|
|
286
286
|
var _ponyCause$4 = require$$6;
|
|
287
287
|
var _errors$l = sdk.errors;
|
|
288
|
-
var _constants = sdk.constants;
|
|
288
|
+
var _constants$1 = sdk.constants;
|
|
289
289
|
function handleUnsuccessfulApiResponse(_name, result, spinner) {
|
|
290
290
|
const resultError = 'error' in result && result.error && typeof result.error === 'object' ? result.error : {};
|
|
291
291
|
const message = 'message' in resultError && typeof resultError.message === 'string' ? resultError.message : 'No error message returned';
|
|
@@ -315,7 +315,7 @@ async function handleAPIError(code) {
|
|
|
315
315
|
}
|
|
316
316
|
}
|
|
317
317
|
async function queryAPI(path, apiKey) {
|
|
318
|
-
return await fetch(`${_constants.API_V0_URL}/${path}`, {
|
|
318
|
+
return await fetch(`${_constants$1.API_V0_URL}/${path}`, {
|
|
319
319
|
method: 'GET',
|
|
320
320
|
headers: {
|
|
321
321
|
Authorization: 'Basic ' + btoa(`${apiKey}:${apiKey}`)
|
|
@@ -915,7 +915,7 @@ var _which = require$$6$1;
|
|
|
915
915
|
var _fs$1 = fs;
|
|
916
916
|
var _objects$1 = sdk.objects;
|
|
917
917
|
var _strings$1 = strings;
|
|
918
|
-
const AGENTS = packageManagerDetector.AGENTS = ['bun', 'npm', 'pnpm', 'yarn'];
|
|
918
|
+
const AGENTS = packageManagerDetector.AGENTS = ['bun', 'npm', 'pnpm', 'yarn/berry', 'yarn/classic'];
|
|
919
919
|
const numericCollator = new Intl.Collator(undefined, {
|
|
920
920
|
numeric: true,
|
|
921
921
|
sensitivity: 'base'
|
|
@@ -952,7 +952,7 @@ const LOCKS = {
|
|
|
952
952
|
'bun.lockb': 'bun',
|
|
953
953
|
'pnpm-lock.yaml': 'pnpm',
|
|
954
954
|
'pnpm-lock.yml': 'pnpm',
|
|
955
|
-
'yarn.lock': 'yarn',
|
|
955
|
+
'yarn.lock': 'yarn/classic',
|
|
956
956
|
// If both package-lock.json and npm-shrinkwrap.json are present in the root
|
|
957
957
|
// of a project, npm-shrinkwrap.json will take precedence and package-lock.json
|
|
958
958
|
// will be ignored.
|
|
@@ -988,11 +988,12 @@ const readLockFileByAgent = (() => {
|
|
|
988
988
|
} catch {}
|
|
989
989
|
// To print a Yarn lockfile to your console without writing it to disk use `bun bun.lockb`.
|
|
990
990
|
// https://bun.sh/guides/install/yarnlock
|
|
991
|
-
return (await _promiseSpawn$3(agentExecPath, [lockPath])).stdout;
|
|
991
|
+
return (await _promiseSpawn$3(agentExecPath, [lockPath])).stdout.trim();
|
|
992
992
|
}),
|
|
993
993
|
npm: wrapReader(async lockPath => await (0, _fs$1.readFileUtf8)(lockPath)),
|
|
994
994
|
pnpm: wrapReader(async lockPath => await (0, _fs$1.readFileUtf8)(lockPath)),
|
|
995
|
-
yarn: wrapReader(async lockPath => await (0, _fs$1.readFileUtf8)(lockPath))
|
|
995
|
+
'yarn/berry': wrapReader(async lockPath => await (0, _fs$1.readFileUtf8)(lockPath)),
|
|
996
|
+
'yarn/classic': wrapReader(async lockPath => await (0, _fs$1.readFileUtf8)(lockPath))
|
|
996
997
|
};
|
|
997
998
|
})();
|
|
998
999
|
async function detect({
|
|
@@ -1007,10 +1008,11 @@ async function detect({
|
|
|
1007
1008
|
cwd
|
|
1008
1009
|
});
|
|
1009
1010
|
const pkgPath = (0, _fs$1.existsSync)(pkgJsonPath) ? _nodePath$3.dirname(pkgJsonPath) : undefined;
|
|
1010
|
-
const
|
|
1011
|
+
const editablePkgJson = pkgPath ? await _packageJson$1.load(pkgPath) : undefined;
|
|
1012
|
+
const pkgJson = editablePkgJson?.content;
|
|
1011
1013
|
// Read Corepack `packageManager` field in package.json:
|
|
1012
1014
|
// https://nodejs.org/api/packages.html#packagemanager
|
|
1013
|
-
const pkgManager = (0, _strings$1.isNonEmptyString)(pkgJson?.
|
|
1015
|
+
const pkgManager = (0, _strings$1.isNonEmptyString)(pkgJson?.packageManager) ? pkgJson.packageManager : undefined;
|
|
1014
1016
|
let agent;
|
|
1015
1017
|
let agentVersion;
|
|
1016
1018
|
if (pkgManager) {
|
|
@@ -1020,7 +1022,7 @@ async function detect({
|
|
|
1020
1022
|
const version = pkgManager.slice(atSignIndex + 1);
|
|
1021
1023
|
if (version && AGENTS.includes(name)) {
|
|
1022
1024
|
agent = name;
|
|
1023
|
-
agentVersion = version;
|
|
1025
|
+
agentVersion = _semver$1.coerce(version) ?? undefined;
|
|
1024
1026
|
}
|
|
1025
1027
|
}
|
|
1026
1028
|
}
|
|
@@ -1034,6 +1036,18 @@ async function detect({
|
|
|
1034
1036
|
const agentExecPath = (await _which(agent, {
|
|
1035
1037
|
nothrow: true
|
|
1036
1038
|
})) ?? agent;
|
|
1039
|
+
if (agentVersion === undefined) {
|
|
1040
|
+
try {
|
|
1041
|
+
agentVersion = _semver$1.coerce(
|
|
1042
|
+
// All package managers support the "--version" flag.
|
|
1043
|
+
(await _promiseSpawn$3(agentExecPath, ['--version'], {
|
|
1044
|
+
cwd
|
|
1045
|
+
})).stdout) ?? undefined;
|
|
1046
|
+
} catch {}
|
|
1047
|
+
}
|
|
1048
|
+
if (agent === 'yarn/classic' && (agentVersion?.major ?? 0) > 1) {
|
|
1049
|
+
agent = 'yarn/berry';
|
|
1050
|
+
}
|
|
1037
1051
|
const targets = {
|
|
1038
1052
|
browser: false,
|
|
1039
1053
|
node: true
|
|
@@ -1041,18 +1055,18 @@ async function detect({
|
|
|
1041
1055
|
let lockSrc;
|
|
1042
1056
|
let minimumNodeVersion = maintainedNodeVersions.previous;
|
|
1043
1057
|
if (pkgJson) {
|
|
1044
|
-
const browserField = pkgJson.
|
|
1058
|
+
const browserField = pkgJson.browser;
|
|
1045
1059
|
if ((0, _strings$1.isNonEmptyString)(browserField) || (0, _objects$1.isObjectObject)(browserField)) {
|
|
1046
1060
|
targets.browser = true;
|
|
1047
1061
|
}
|
|
1048
|
-
const nodeRange = pkgJson.
|
|
1062
|
+
const nodeRange = pkgJson.engines?.['node'];
|
|
1049
1063
|
if ((0, _strings$1.isNonEmptyString)(nodeRange)) {
|
|
1050
1064
|
const coerced = _semver$1.coerce(nodeRange);
|
|
1051
1065
|
if (coerced && _semver$1.lt(coerced, minimumNodeVersion)) {
|
|
1052
1066
|
minimumNodeVersion = coerced.version;
|
|
1053
1067
|
}
|
|
1054
1068
|
}
|
|
1055
|
-
const browserslistQuery = pkgJson
|
|
1069
|
+
const browserslistQuery = pkgJson['browserslist'];
|
|
1056
1070
|
if (Array.isArray(browserslistQuery)) {
|
|
1057
1071
|
const browserslistTargets = _browserslist(browserslistQuery).map(s => s.toLowerCase()).toSorted(alphaNumericComparator);
|
|
1058
1072
|
const browserslistNodeTargets = browserslistTargets.filter(v => v.startsWith('node ')).map(v => v.slice(5 /*'node '.length*/));
|
|
@@ -1078,7 +1092,7 @@ async function detect({
|
|
|
1078
1092
|
lockPath,
|
|
1079
1093
|
lockSrc,
|
|
1080
1094
|
minimumNodeVersion,
|
|
1081
|
-
pkgJson,
|
|
1095
|
+
pkgJson: editablePkgJson,
|
|
1082
1096
|
pkgPath,
|
|
1083
1097
|
supported: targets.browser || targets.node,
|
|
1084
1098
|
targets
|
|
@@ -1180,10 +1194,11 @@ var _registry = require$$5$1;
|
|
|
1180
1194
|
var _meow$m = _interopRequireDefault$n(vendor.build);
|
|
1181
1195
|
var _npmPackageArg = require$$7;
|
|
1182
1196
|
var _ora$i = _interopRequireDefault$n(vendor.ora);
|
|
1183
|
-
var _pacote = require$$
|
|
1197
|
+
var _pacote = require$$0$1;
|
|
1184
1198
|
var _semver = require$$3;
|
|
1185
1199
|
var _tinyglobby = require$$11;
|
|
1186
1200
|
var _yaml = require$$12;
|
|
1201
|
+
var _constants = sdk.constants;
|
|
1187
1202
|
var _flags$j = flags$1;
|
|
1188
1203
|
var _formatting$k = formatting;
|
|
1189
1204
|
var _fs = fs;
|
|
@@ -1193,17 +1208,27 @@ var _promises2 = promises;
|
|
|
1193
1208
|
var _regexps = regexps;
|
|
1194
1209
|
var _sorts$1 = sorts;
|
|
1195
1210
|
var _strings = strings;
|
|
1211
|
+
//import cacache from 'cacache'
|
|
1212
|
+
|
|
1213
|
+
//import { packumentCache, pacoteCachePath } from '../constants'
|
|
1214
|
+
|
|
1196
1215
|
const COMMAND_TITLE = 'Socket Optimize';
|
|
1197
1216
|
const OVERRIDES_FIELD_NAME = 'overrides';
|
|
1198
1217
|
const PNPM_WORKSPACE = 'pnpm-workspace';
|
|
1199
1218
|
const RESOLUTIONS_FIELD_NAME = 'resolutions';
|
|
1200
1219
|
const distPath$1 = __dirname;
|
|
1201
1220
|
const manifestNpmOverrides = (0, _registry.getManifestData)('npm');
|
|
1202
|
-
const packumentCache = new Map();
|
|
1203
1221
|
const getOverridesDataByAgent = {
|
|
1222
|
+
bun(pkgJson) {
|
|
1223
|
+
const overrides = pkgJson?.resolutions ?? {};
|
|
1224
|
+
return {
|
|
1225
|
+
type: 'yarn/berry',
|
|
1226
|
+
overrides
|
|
1227
|
+
};
|
|
1228
|
+
},
|
|
1204
1229
|
// npm overrides documentation:
|
|
1205
1230
|
// https://docs.npmjs.com/cli/v10/configuring-npm/package-json#overrides
|
|
1206
|
-
npm
|
|
1231
|
+
npm(pkgJson) {
|
|
1207
1232
|
const overrides = pkgJson?.overrides ?? {};
|
|
1208
1233
|
return {
|
|
1209
1234
|
type: 'npm',
|
|
@@ -1212,7 +1237,7 @@ const getOverridesDataByAgent = {
|
|
|
1212
1237
|
},
|
|
1213
1238
|
// pnpm overrides documentation:
|
|
1214
1239
|
// https://pnpm.io/package_json#pnpmoverrides
|
|
1215
|
-
pnpm
|
|
1240
|
+
pnpm(pkgJson) {
|
|
1216
1241
|
const overrides = pkgJson?.pnpm?.overrides ?? {};
|
|
1217
1242
|
return {
|
|
1218
1243
|
type: 'pnpm',
|
|
@@ -1221,31 +1246,25 @@ const getOverridesDataByAgent = {
|
|
|
1221
1246
|
},
|
|
1222
1247
|
// Yarn resolutions documentation:
|
|
1223
1248
|
// https://yarnpkg.com/configuration/manifest#resolutions
|
|
1224
|
-
yarn
|
|
1249
|
+
'yarn/berry'(pkgJson) {
|
|
1225
1250
|
const overrides = pkgJson?.resolutions ?? {};
|
|
1226
1251
|
return {
|
|
1227
|
-
type: 'yarn',
|
|
1252
|
+
type: 'yarn/berry',
|
|
1253
|
+
overrides
|
|
1254
|
+
};
|
|
1255
|
+
},
|
|
1256
|
+
// Yarn resolutions documentation:
|
|
1257
|
+
// https://classic.yarnpkg.com/en/docs/selective-version-resolutions
|
|
1258
|
+
'yarn/classic'(pkgJson) {
|
|
1259
|
+
const overrides = pkgJson?.resolutions ?? {};
|
|
1260
|
+
return {
|
|
1261
|
+
type: 'yarn/classic',
|
|
1228
1262
|
overrides
|
|
1229
1263
|
};
|
|
1230
1264
|
}
|
|
1231
1265
|
};
|
|
1232
|
-
const lockIncludesByAgent = {
|
|
1233
|
-
|
|
1234
|
-
// Detects the package name in the following cases:
|
|
1235
|
-
// "name":
|
|
1236
|
-
return lockSrc.includes(`"${name}":`);
|
|
1237
|
-
},
|
|
1238
|
-
pnpm: (lockSrc, name) => {
|
|
1239
|
-
const escapedName = (0, _regexps.escapeRegExp)(name);
|
|
1240
|
-
return new RegExp(
|
|
1241
|
-
// Detects the package name in the following cases:
|
|
1242
|
-
// /name/
|
|
1243
|
-
// 'name'
|
|
1244
|
-
// name:
|
|
1245
|
-
// name@
|
|
1246
|
-
`(?<=^\\s*)(?:(['/])${escapedName}\\1|${escapedName}(?=[:@]))`, 'm').test(lockSrc);
|
|
1247
|
-
},
|
|
1248
|
-
yarn: (lockSrc, name) => {
|
|
1266
|
+
const lockIncludesByAgent = (() => {
|
|
1267
|
+
const yarn = (lockSrc, name) => {
|
|
1249
1268
|
const escapedName = (0, _regexps.escapeRegExp)(name);
|
|
1250
1269
|
return new RegExp(
|
|
1251
1270
|
// Detects the package name in the following cases:
|
|
@@ -1254,9 +1273,34 @@ const lockIncludesByAgent = {
|
|
|
1254
1273
|
// name@
|
|
1255
1274
|
// , name@
|
|
1256
1275
|
`(?<=(?:^\\s*|,\\s*)"?)${escapedName}(?=@)`, 'm').test(lockSrc);
|
|
1257
|
-
}
|
|
1258
|
-
|
|
1276
|
+
};
|
|
1277
|
+
return {
|
|
1278
|
+
bun: yarn,
|
|
1279
|
+
npm(lockSrc, name) {
|
|
1280
|
+
// Detects the package name in the following cases:
|
|
1281
|
+
// "name":
|
|
1282
|
+
return lockSrc.includes(`"${name}":`);
|
|
1283
|
+
},
|
|
1284
|
+
pnpm(lockSrc, name) {
|
|
1285
|
+
const escapedName = (0, _regexps.escapeRegExp)(name);
|
|
1286
|
+
return new RegExp(
|
|
1287
|
+
// Detects the package name in the following cases:
|
|
1288
|
+
// /name/
|
|
1289
|
+
// 'name'
|
|
1290
|
+
// name:
|
|
1291
|
+
// name@
|
|
1292
|
+
`(?<=^\\s*)(?:(['/])${escapedName}\\1|${escapedName}(?=[:@]))`, 'm').test(lockSrc);
|
|
1293
|
+
},
|
|
1294
|
+
'yarn/berry': yarn,
|
|
1295
|
+
'yarn/classic': yarn
|
|
1296
|
+
};
|
|
1297
|
+
})();
|
|
1259
1298
|
const updateManifestByAgent = {
|
|
1299
|
+
bun(pkgJson, overrides) {
|
|
1300
|
+
pkgJson.update({
|
|
1301
|
+
[RESOLUTIONS_FIELD_NAME]: overrides
|
|
1302
|
+
});
|
|
1303
|
+
},
|
|
1260
1304
|
npm(pkgJson, overrides) {
|
|
1261
1305
|
pkgJson.update({
|
|
1262
1306
|
[OVERRIDES_FIELD_NAME]: overrides
|
|
@@ -1270,12 +1314,88 @@ const updateManifestByAgent = {
|
|
|
1270
1314
|
}
|
|
1271
1315
|
});
|
|
1272
1316
|
},
|
|
1273
|
-
yarn(pkgJson, overrides) {
|
|
1317
|
+
'yarn/berry'(pkgJson, overrides) {
|
|
1318
|
+
pkgJson.update({
|
|
1319
|
+
[RESOLUTIONS_FIELD_NAME]: overrides
|
|
1320
|
+
});
|
|
1321
|
+
},
|
|
1322
|
+
'yarn/classic'(pkgJson, overrides) {
|
|
1274
1323
|
pkgJson.update({
|
|
1275
1324
|
[RESOLUTIONS_FIELD_NAME]: overrides
|
|
1276
1325
|
});
|
|
1277
1326
|
}
|
|
1278
1327
|
};
|
|
1328
|
+
const lsByAgent = {
|
|
1329
|
+
async bun(agentExecPath, cwd, _rootPath) {
|
|
1330
|
+
try {
|
|
1331
|
+
// Bun does not support filtering by production packages yet.
|
|
1332
|
+
// https://github.com/oven-sh/bun/issues/8283
|
|
1333
|
+
return (await _promiseSpawn$2(agentExecPath, ['pm', 'ls', '--all'], {
|
|
1334
|
+
cwd
|
|
1335
|
+
})).stdout;
|
|
1336
|
+
} catch {}
|
|
1337
|
+
return '';
|
|
1338
|
+
},
|
|
1339
|
+
async npm(agentExecPath, cwd, rootPath) {
|
|
1340
|
+
try {
|
|
1341
|
+
let {
|
|
1342
|
+
stdout
|
|
1343
|
+
} = await _promiseSpawn$2(agentExecPath, ['ls', '--parseable', '--omit', 'dev', '--all'], {
|
|
1344
|
+
cwd
|
|
1345
|
+
});
|
|
1346
|
+
stdout = stdout.trim();
|
|
1347
|
+
stdout = stdout.replaceAll(cwd, '');
|
|
1348
|
+
stdout = rootPath === cwd ? stdout : stdout.replaceAll(rootPath, '');
|
|
1349
|
+
return stdout.replaceAll('\\', '/');
|
|
1350
|
+
} catch {}
|
|
1351
|
+
return '';
|
|
1352
|
+
},
|
|
1353
|
+
async pnpm(agentExecPath, cwd, rootPath) {
|
|
1354
|
+
try {
|
|
1355
|
+
let {
|
|
1356
|
+
stdout
|
|
1357
|
+
} = await _promiseSpawn$2(agentExecPath, ['ls', '--parseable', '--prod', '--depth', 'Infinity'], {
|
|
1358
|
+
cwd
|
|
1359
|
+
});
|
|
1360
|
+
stdout = stdout.trim();
|
|
1361
|
+
stdout = stdout.replaceAll(cwd, '');
|
|
1362
|
+
stdout = rootPath === cwd ? stdout : stdout.replaceAll(rootPath, '');
|
|
1363
|
+
return stdout.replaceAll('\\', '/');
|
|
1364
|
+
} catch {}
|
|
1365
|
+
return '';
|
|
1366
|
+
},
|
|
1367
|
+
async 'yarn/berry'(agentExecPath, cwd, _rootPath) {
|
|
1368
|
+
try {
|
|
1369
|
+
return (
|
|
1370
|
+
// Yarn Berry does not support filtering by production packages yet.
|
|
1371
|
+
// https://github.com/yarnpkg/berry/issues/5117
|
|
1372
|
+
(await _promiseSpawn$2(agentExecPath, ['info', '--recursive', '--name-only'], {
|
|
1373
|
+
cwd
|
|
1374
|
+
})).stdout.trim()
|
|
1375
|
+
);
|
|
1376
|
+
} catch {}
|
|
1377
|
+
return '';
|
|
1378
|
+
},
|
|
1379
|
+
async 'yarn/classic'(agentExecPath, cwd, _rootPath) {
|
|
1380
|
+
try {
|
|
1381
|
+
// However, Yarn Classic does support it.
|
|
1382
|
+
// https://github.com/yarnpkg/yarn/releases/tag/v1.0.0
|
|
1383
|
+
// > Fix: Excludes dev dependencies from the yarn list output when the
|
|
1384
|
+
// environment is production
|
|
1385
|
+
return (await _promiseSpawn$2(agentExecPath, ['list', '--prod'], {
|
|
1386
|
+
cwd
|
|
1387
|
+
})).stdout.trim();
|
|
1388
|
+
} catch {}
|
|
1389
|
+
return '';
|
|
1390
|
+
}
|
|
1391
|
+
};
|
|
1392
|
+
const depsIncludesByAgent = {
|
|
1393
|
+
bun: (stdout, name) => stdout.includes(` ${name}@`),
|
|
1394
|
+
npm: (stdout, name) => stdout.includes(`/${name}\n`),
|
|
1395
|
+
pnpm: (stdout, name) => stdout.includes(`/${name}\n`),
|
|
1396
|
+
'yarn/berry': (stdout, name) => stdout.includes(` ${name}@`),
|
|
1397
|
+
'yarn/classic': (stdout, name) => stdout.includes(` ${name}@`)
|
|
1398
|
+
};
|
|
1279
1399
|
function getDependencyEntries(pkgJson) {
|
|
1280
1400
|
const {
|
|
1281
1401
|
dependencies,
|
|
@@ -1334,22 +1454,30 @@ function workspaceToGlobPattern(workspace) {
|
|
|
1334
1454
|
}
|
|
1335
1455
|
async function addOverrides({
|
|
1336
1456
|
agent,
|
|
1337
|
-
|
|
1457
|
+
agentExecPath,
|
|
1338
1458
|
lockSrc,
|
|
1339
1459
|
manifestEntries,
|
|
1460
|
+
pin,
|
|
1340
1461
|
pkgJson: editablePkgJson,
|
|
1341
1462
|
pkgPath,
|
|
1342
|
-
|
|
1463
|
+
prod,
|
|
1343
1464
|
rootPath
|
|
1344
1465
|
}, state = {
|
|
1345
1466
|
added: new Set(),
|
|
1467
|
+
spinner: undefined,
|
|
1346
1468
|
updated: new Set()
|
|
1347
1469
|
}) {
|
|
1348
1470
|
if (editablePkgJson === undefined) {
|
|
1349
1471
|
editablePkgJson = await _packageJson.load(pkgPath);
|
|
1350
1472
|
}
|
|
1473
|
+
const {
|
|
1474
|
+
spinner
|
|
1475
|
+
} = state;
|
|
1351
1476
|
const pkgJson = editablePkgJson.content;
|
|
1352
1477
|
const isRoot = pkgPath === rootPath;
|
|
1478
|
+
const isLockScanned = isRoot && !prod;
|
|
1479
|
+
const thingToScan = isLockScanned ? lockSrc : await lsByAgent[agent](agentExecPath, pkgPath, rootPath);
|
|
1480
|
+
const thingScanner = isLockScanned ? lockIncludesByAgent[agent] : depsIncludesByAgent[agent];
|
|
1353
1481
|
const depEntries = getDependencyEntries(pkgJson);
|
|
1354
1482
|
const workspaces = await getWorkspaces(agent, pkgPath, pkgJson);
|
|
1355
1483
|
const isWorkspace = !!workspaces;
|
|
@@ -1357,9 +1485,11 @@ async function addOverrides({
|
|
|
1357
1485
|
if (pkgJson['private'] || isWorkspace) {
|
|
1358
1486
|
overridesDataObjects.push(getOverridesDataByAgent[agent](pkgJson));
|
|
1359
1487
|
} else {
|
|
1360
|
-
overridesDataObjects.push(getOverridesDataByAgent['npm'](pkgJson), getOverridesDataByAgent['yarn'](pkgJson));
|
|
1488
|
+
overridesDataObjects.push(getOverridesDataByAgent['npm'](pkgJson), getOverridesDataByAgent['yarn/classic'](pkgJson));
|
|
1489
|
+
}
|
|
1490
|
+
if (spinner) {
|
|
1491
|
+
spinner.text = `Adding overrides${isRoot ? '' : ` to ${_nodePath$2.relative(rootPath, pkgPath)}`}...`;
|
|
1361
1492
|
}
|
|
1362
|
-
const spinner = isRoot ? (0, _ora$i.default)('Fetching override manifests...').start() : undefined;
|
|
1363
1493
|
const depAliasMap = new Map();
|
|
1364
1494
|
// Chunk package names to process them in parallel 3 at a time.
|
|
1365
1495
|
await (0, _promises2.pEach)(manifestEntries, 3, async ({
|
|
@@ -1379,12 +1509,12 @@ async function addOverrides({
|
|
|
1379
1509
|
let thisVersion = version;
|
|
1380
1510
|
// Add package aliases for direct dependencies to avoid npm EOVERRIDE errors.
|
|
1381
1511
|
// https://docs.npmjs.com/cli/v8/using-npm/package-spec#aliases
|
|
1382
|
-
const
|
|
1383
|
-
const existingVersion = pkgSpec.startsWith(
|
|
1512
|
+
const regSpecStartsLike = `npm:${regPkgName}@`;
|
|
1513
|
+
const existingVersion = pkgSpec.startsWith(regSpecStartsLike) ? _semver.coerce(_npmPackageArg(pkgSpec).rawSpec)?.version ?? '' : '';
|
|
1384
1514
|
if (existingVersion) {
|
|
1385
1515
|
thisVersion = existingVersion;
|
|
1386
1516
|
} else {
|
|
1387
|
-
pkgSpec = `${
|
|
1517
|
+
pkgSpec = `${regSpecStartsLike}^${version}`;
|
|
1388
1518
|
depObj[origPkgName] = pkgSpec;
|
|
1389
1519
|
state.added.add(regPkgName);
|
|
1390
1520
|
}
|
|
@@ -1394,19 +1524,17 @@ async function addOverrides({
|
|
|
1394
1524
|
});
|
|
1395
1525
|
}
|
|
1396
1526
|
}
|
|
1397
|
-
if (!isRoot) {
|
|
1398
|
-
return;
|
|
1399
|
-
}
|
|
1400
1527
|
// Chunk package names to process them in parallel 3 at a time.
|
|
1401
1528
|
await (0, _promises2.pEach)(overridesDataObjects, 3, async ({
|
|
1402
1529
|
overrides,
|
|
1403
1530
|
type
|
|
1404
1531
|
}) => {
|
|
1405
1532
|
const overrideExists = (0, _objects.hasOwn)(overrides, origPkgName);
|
|
1406
|
-
if (overrideExists ||
|
|
1533
|
+
if (overrideExists || thingScanner(thingToScan, origPkgName)) {
|
|
1407
1534
|
const oldSpec = overrideExists ? overrides[origPkgName] : undefined;
|
|
1408
1535
|
const depAlias = depAliasMap.get(origPkgName);
|
|
1409
|
-
|
|
1536
|
+
const regSpecStartsLike = `npm:${regPkgName}@`;
|
|
1537
|
+
let newSpec = `${regSpecStartsLike}^${pin ? version : major}`;
|
|
1410
1538
|
let thisVersion = version;
|
|
1411
1539
|
if (depAlias && type === 'npm') {
|
|
1412
1540
|
// With npm one may not set an override for a package that one directly
|
|
@@ -1417,13 +1545,16 @@ async function addOverrides({
|
|
|
1417
1545
|
// of with a $.
|
|
1418
1546
|
// https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides
|
|
1419
1547
|
newSpec = `$${origPkgName}`;
|
|
1420
|
-
} else if (overrideExists
|
|
1548
|
+
} else if (overrideExists) {
|
|
1421
1549
|
const thisSpec = oldSpec.startsWith('$') ? depAlias?.id ?? newSpec : oldSpec ?? newSpec;
|
|
1422
|
-
|
|
1423
|
-
|
|
1424
|
-
|
|
1550
|
+
if (thisSpec.startsWith(regSpecStartsLike)) {
|
|
1551
|
+
if (pin) {
|
|
1552
|
+
thisVersion = _semver.major(_semver.coerce(_npmPackageArg(thisSpec).rawSpec)?.version ?? version) === major ? version : (await fetchPackageManifest(thisSpec))?.version ?? version;
|
|
1553
|
+
}
|
|
1554
|
+
newSpec = `${regSpecStartsLike}^${pin ? thisVersion : _semver.major(thisVersion)}`;
|
|
1555
|
+
} else {
|
|
1556
|
+
newSpec = oldSpec;
|
|
1425
1557
|
}
|
|
1426
|
-
newSpec = `npm:${regPkgName}@^${pin ? thisVersion : _semver.major(thisVersion)}`;
|
|
1427
1558
|
}
|
|
1428
1559
|
if (newSpec !== oldSpec) {
|
|
1429
1560
|
if (overrideExists) {
|
|
@@ -1439,7 +1570,8 @@ async function addOverrides({
|
|
|
1439
1570
|
if (workspaces) {
|
|
1440
1571
|
const wsPkgJsonPaths = await (0, _tinyglobby.glob)(workspaces.map(workspaceToGlobPattern), {
|
|
1441
1572
|
absolute: true,
|
|
1442
|
-
cwd: pkgPath
|
|
1573
|
+
cwd: pkgPath,
|
|
1574
|
+
ignore: ['**/node_modules/**', '**/bower_components/**']
|
|
1443
1575
|
});
|
|
1444
1576
|
// Chunk package names to process them in parallel 3 at a time.
|
|
1445
1577
|
await (0, _promises2.pEach)(wsPkgJsonPaths, 3, async wsPkgJsonPath => {
|
|
@@ -1448,12 +1580,17 @@ async function addOverrides({
|
|
|
1448
1580
|
updated
|
|
1449
1581
|
} = await addOverrides({
|
|
1450
1582
|
agent,
|
|
1583
|
+
agentExecPath,
|
|
1451
1584
|
lockSrc,
|
|
1452
|
-
lockIncludes,
|
|
1453
1585
|
manifestEntries,
|
|
1454
1586
|
pin,
|
|
1455
1587
|
pkgPath: _nodePath$2.dirname(wsPkgJsonPath),
|
|
1588
|
+
prod,
|
|
1456
1589
|
rootPath
|
|
1590
|
+
}, {
|
|
1591
|
+
added: new Set(),
|
|
1592
|
+
spinner,
|
|
1593
|
+
updated: new Set()
|
|
1457
1594
|
});
|
|
1458
1595
|
for (const regPkgName of added) {
|
|
1459
1596
|
state.added.add(regPkgName);
|
|
@@ -1463,8 +1600,7 @@ async function addOverrides({
|
|
|
1463
1600
|
}
|
|
1464
1601
|
});
|
|
1465
1602
|
}
|
|
1466
|
-
|
|
1467
|
-
if (state.added.size || state.updated.size) {
|
|
1603
|
+
if (state.added.size > 0 || state.updated.size > 0) {
|
|
1468
1604
|
editablePkgJson.update(Object.fromEntries(depEntries));
|
|
1469
1605
|
for (const {
|
|
1470
1606
|
overrides,
|
|
@@ -1476,10 +1612,39 @@ async function addOverrides({
|
|
|
1476
1612
|
}
|
|
1477
1613
|
return state;
|
|
1478
1614
|
}
|
|
1615
|
+
|
|
1616
|
+
// type ExtractOptions = pacote.Options & {
|
|
1617
|
+
// tmpPrefix?: string
|
|
1618
|
+
// [key: string]: any
|
|
1619
|
+
// }
|
|
1620
|
+
|
|
1621
|
+
// async function extractPackage(pkgNameOrId: string, options: ExtractOptions | undefined, callback: (tmpDirPath: string) => any) {
|
|
1622
|
+
// if (arguments.length === 2 && typeof options === 'function') {
|
|
1623
|
+
// callback = options
|
|
1624
|
+
// options = undefined
|
|
1625
|
+
// }
|
|
1626
|
+
// const { tmpPrefix, ...extractOptions } = { __proto__: null, ...options }
|
|
1627
|
+
// // cacache.tmp.withTmp DOES return a promise.
|
|
1628
|
+
// await cacache.tmp.withTmp(
|
|
1629
|
+
// pacoteCachePath,
|
|
1630
|
+
// { tmpPrefix },
|
|
1631
|
+
// // eslint-disable-next-line @typescript-eslint/no-misused-promises
|
|
1632
|
+
// async tmpDirPath => {
|
|
1633
|
+
// await pacote.extract(pkgNameOrId, tmpDirPath, {
|
|
1634
|
+
// __proto__: null,
|
|
1635
|
+
// packumentCache,
|
|
1636
|
+
// preferOffline: true,
|
|
1637
|
+
// ...<Omit<typeof extractOptions, '__proto__'>>extractOptions
|
|
1638
|
+
// })
|
|
1639
|
+
// await callback(tmpDirPath)
|
|
1640
|
+
// }
|
|
1641
|
+
// )
|
|
1642
|
+
// }
|
|
1643
|
+
|
|
1479
1644
|
async function fetchPackageManifest(pkgNameOrId, options) {
|
|
1480
1645
|
const pacoteOptions = {
|
|
1481
1646
|
...options,
|
|
1482
|
-
packumentCache,
|
|
1647
|
+
packumentCache: _constants.packumentCache,
|
|
1483
1648
|
preferOffline: true
|
|
1484
1649
|
};
|
|
1485
1650
|
const {
|
|
@@ -1507,12 +1672,14 @@ const optimize = optimize$1.optimize = {
|
|
|
1507
1672
|
return;
|
|
1508
1673
|
}
|
|
1509
1674
|
const {
|
|
1510
|
-
pin
|
|
1675
|
+
pin,
|
|
1676
|
+
prod
|
|
1511
1677
|
} = commandContext;
|
|
1512
1678
|
const cwd = process.cwd();
|
|
1513
1679
|
const {
|
|
1514
1680
|
agent,
|
|
1515
1681
|
agentExecPath,
|
|
1682
|
+
agentVersion,
|
|
1516
1683
|
lockSrc,
|
|
1517
1684
|
lockPath,
|
|
1518
1685
|
minimumNodeVersion,
|
|
@@ -1534,53 +1701,64 @@ const optimize = optimize$1.optimize = {
|
|
|
1534
1701
|
console.log(`✘ ${COMMAND_TITLE}: No ${lockName} found`);
|
|
1535
1702
|
return;
|
|
1536
1703
|
}
|
|
1704
|
+
if (lockSrc.trim() === '') {
|
|
1705
|
+
console.log(`✘ ${COMMAND_TITLE}: ${lockName} is empty`);
|
|
1706
|
+
return;
|
|
1707
|
+
}
|
|
1537
1708
|
if (pkgPath === undefined) {
|
|
1538
1709
|
console.log(`✘ ${COMMAND_TITLE}: No package.json found`);
|
|
1539
1710
|
return;
|
|
1540
1711
|
}
|
|
1712
|
+
if (prod && (agent === 'bun' || agent === 'yarn/berry')) {
|
|
1713
|
+
console.log(`✘ ${COMMAND_TITLE}: --prod not supported for ${agent}${agentVersion ? `@${agentVersion.toString()}` : ''}`);
|
|
1714
|
+
return;
|
|
1715
|
+
}
|
|
1541
1716
|
if (lockPath && _nodePath$2.relative(cwd, lockPath).startsWith('.')) {
|
|
1542
1717
|
console.log(`⚠️ ${COMMAND_TITLE}: Package ${lockName} found at ${lockPath}`);
|
|
1543
1718
|
}
|
|
1719
|
+
const spinner = (0, _ora$i.default)('Socket optimizing...');
|
|
1544
1720
|
const state = {
|
|
1545
1721
|
added: new Set(),
|
|
1722
|
+
spinner,
|
|
1546
1723
|
updated: new Set()
|
|
1547
1724
|
};
|
|
1548
|
-
|
|
1549
|
-
|
|
1550
|
-
|
|
1551
|
-
|
|
1552
|
-
|
|
1553
|
-
|
|
1554
|
-
|
|
1555
|
-
|
|
1556
|
-
|
|
1557
|
-
|
|
1558
|
-
|
|
1559
|
-
|
|
1560
|
-
|
|
1561
|
-
|
|
1562
|
-
|
|
1563
|
-
|
|
1564
|
-
|
|
1725
|
+
spinner.start();
|
|
1726
|
+
const nodeRange = `>=${minimumNodeVersion}`;
|
|
1727
|
+
const manifestEntries = manifestNpmOverrides.filter(({
|
|
1728
|
+
1: data
|
|
1729
|
+
}) => _semver.satisfies(_semver.coerce(data.engines.node), nodeRange));
|
|
1730
|
+
await addOverrides({
|
|
1731
|
+
agent,
|
|
1732
|
+
agentExecPath,
|
|
1733
|
+
lockSrc,
|
|
1734
|
+
manifestEntries,
|
|
1735
|
+
pin,
|
|
1736
|
+
pkgJson,
|
|
1737
|
+
pkgPath,
|
|
1738
|
+
prod,
|
|
1739
|
+
rootPath: pkgPath
|
|
1740
|
+
}, state);
|
|
1741
|
+
spinner.stop();
|
|
1565
1742
|
const pkgJsonChanged = state.added.size > 0 || state.updated.size > 0;
|
|
1566
|
-
if (
|
|
1567
|
-
|
|
1568
|
-
|
|
1569
|
-
|
|
1570
|
-
|
|
1571
|
-
|
|
1572
|
-
|
|
1743
|
+
if (pkgJsonChanged) {
|
|
1744
|
+
if (state.updated.size > 0) {
|
|
1745
|
+
console.log(`Updated ${state.updated.size} Socket.dev optimized overrides ${state.added.size ? '.' : '🚀'}`);
|
|
1746
|
+
}
|
|
1747
|
+
if (state.added.size > 0) {
|
|
1748
|
+
console.log(`Added ${state.added.size} Socket.dev optimized overrides 🚀`);
|
|
1749
|
+
}
|
|
1750
|
+
} else {
|
|
1573
1751
|
console.log('Congratulations! Already Socket.dev optimized 🎉');
|
|
1574
1752
|
}
|
|
1575
1753
|
const isNpm = agent === 'npm';
|
|
1576
1754
|
if (isNpm || pkgJsonChanged) {
|
|
1577
1755
|
// Always update package-lock.json until the npm overrides PR lands:
|
|
1578
1756
|
// https://github.com/npm/cli/pull/7025
|
|
1579
|
-
|
|
1757
|
+
spinner.start(`Updating ${lockName}...`);
|
|
1580
1758
|
try {
|
|
1581
1759
|
if (isNpm) {
|
|
1582
1760
|
const wrapperPath = _nodePath$2.join(distPath$1, 'npm-cli.js');
|
|
1583
|
-
await _promiseSpawn$2(process.execPath, [wrapperPath, 'install'], {
|
|
1761
|
+
await _promiseSpawn$2(process.execPath, [wrapperPath, 'install', '--no-audit', '--no-fund'], {
|
|
1584
1762
|
stdio: 'pipe',
|
|
1585
1763
|
env: {
|
|
1586
1764
|
...process.env,
|
|
@@ -1588,6 +1766,7 @@ const optimize = optimize$1.optimize = {
|
|
|
1588
1766
|
}
|
|
1589
1767
|
});
|
|
1590
1768
|
} else {
|
|
1769
|
+
// All package managers support the "install" command.
|
|
1591
1770
|
await _promiseSpawn$2(agentExecPath, ['install'], {
|
|
1592
1771
|
stdio: 'pipe'
|
|
1593
1772
|
});
|
|
@@ -1613,6 +1792,11 @@ function setupCommand$l(name, description, argv, importMeta) {
|
|
|
1613
1792
|
type: 'boolean',
|
|
1614
1793
|
default: false,
|
|
1615
1794
|
description: 'Pin overrides to their latest version'
|
|
1795
|
+
},
|
|
1796
|
+
prod: {
|
|
1797
|
+
type: 'boolean',
|
|
1798
|
+
default: false,
|
|
1799
|
+
description: 'Only add overrides for production dependencies'
|
|
1616
1800
|
}
|
|
1617
1801
|
};
|
|
1618
1802
|
const cli = (0, _meow$m.default)(`
|
|
@@ -1632,14 +1816,16 @@ function setupCommand$l(name, description, argv, importMeta) {
|
|
|
1632
1816
|
});
|
|
1633
1817
|
const {
|
|
1634
1818
|
help,
|
|
1635
|
-
pin
|
|
1819
|
+
pin,
|
|
1820
|
+
prod
|
|
1636
1821
|
} = cli.flags;
|
|
1637
1822
|
if (help) {
|
|
1638
1823
|
cli.showHelp();
|
|
1639
1824
|
return;
|
|
1640
1825
|
}
|
|
1641
1826
|
return {
|
|
1642
|
-
pin
|
|
1827
|
+
pin,
|
|
1828
|
+
prod
|
|
1643
1829
|
};
|
|
1644
1830
|
}
|
|
1645
1831
|
|
|
@@ -2455,7 +2641,7 @@ Object.defineProperty(create$3, "__esModule", {
|
|
|
2455
2641
|
value: true
|
|
2456
2642
|
});
|
|
2457
2643
|
create$3.create = void 0;
|
|
2458
|
-
var _nodeProcess = require$$0$
|
|
2644
|
+
var _nodeProcess = require$$0$2;
|
|
2459
2645
|
var _promises$1 = require$$2$3;
|
|
2460
2646
|
var _chalk$e = _interopRequireDefault$f(vendor.source);
|
|
2461
2647
|
var _meow$e = _interopRequireDefault$f(vendor.build);
|
|
@@ -4324,7 +4510,7 @@ Object.defineProperty(get$1, "__esModule", {
|
|
|
4324
4510
|
});
|
|
4325
4511
|
get$1.get = void 0;
|
|
4326
4512
|
var _nodeFs$1 = require$$0;
|
|
4327
|
-
var _nodeUtil = require$$0$
|
|
4513
|
+
var _nodeUtil = require$$0$3;
|
|
4328
4514
|
var _chalk$1 = _interopRequireDefault$2(vendor.source);
|
|
4329
4515
|
var _meow$1 = _interopRequireDefault$2(vendor.build);
|
|
4330
4516
|
var _ora$1 = _interopRequireDefault$2(vendor.ora);
|
package/dist/npm-injection.js
CHANGED
|
@@ -17,7 +17,7 @@ var require$$1$1 = require('node:net');
|
|
|
17
17
|
var require$$2 = require('node:os');
|
|
18
18
|
var require$$6 = require('../package.json');
|
|
19
19
|
var pathResolve = require('./path-resolve.js');
|
|
20
|
-
var require$$
|
|
20
|
+
var require$$0$1 = require('pacote');
|
|
21
21
|
|
|
22
22
|
var npmInjection$1 = {};
|
|
23
23
|
|
|
@@ -444,7 +444,7 @@ let tarball;
|
|
|
444
444
|
try {
|
|
445
445
|
tarball = require(_nodePath$1.join(npmNmPath, 'pacote')).tarball;
|
|
446
446
|
} catch {
|
|
447
|
-
tarball = require$$
|
|
447
|
+
tarball = require$$0$1.tarball;
|
|
448
448
|
}
|
|
449
449
|
const Arborist = require(arboristClassPath);
|
|
450
450
|
const Edge = require(arboristEdgeClassPath);
|
package/dist/sdk.d.ts
CHANGED
|
@@ -14,7 +14,9 @@ declare const API_V0_URL = "https://api.socket.dev/v0";
|
|
|
14
14
|
declare const ENV: Readonly<{
|
|
15
15
|
UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
|
|
16
16
|
}>;
|
|
17
|
+
declare const packumentCache: Map<any, any>;
|
|
18
|
+
declare const pacoteCachePath: any;
|
|
17
19
|
declare const FREE_API_KEY = "sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api";
|
|
18
20
|
declare function getDefaultKey(): string | undefined;
|
|
19
21
|
declare function setupSdk(apiKey?: string | undefined, apiBaseUrl?: string | undefined, proxy?: string | undefined): Promise<SocketSdk>;
|
|
20
|
-
export { hasOwn, isObject, isObjectObject, objectSome, pick, createDebugLogger, isErrnoException, stringJoinWithSeparateFinalSeparator, API_V0_URL, ENV, FREE_API_KEY, getDefaultKey, setupSdk };
|
|
22
|
+
export { hasOwn, isObject, isObjectObject, objectSome, pick, createDebugLogger, isErrnoException, stringJoinWithSeparateFinalSeparator, API_V0_URL, ENV, packumentCache, pacoteCachePath, FREE_API_KEY, getDefaultKey, setupSdk };
|
package/dist/sdk.js
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
var require$$0 = require('pacote');
|
|
3
4
|
var vendor = require('./vendor.js');
|
|
4
5
|
var require$$1$1 = require('node:fs/promises');
|
|
5
6
|
var require$$1 = require('node:path');
|
|
6
7
|
var require$$1$2 = require('@inquirer/prompts');
|
|
7
8
|
var require$$4 = require('@socketsecurity/sdk');
|
|
8
9
|
var require$$5 = require('hpagent');
|
|
9
|
-
var require$$0 = require('node:fs');
|
|
10
|
+
var require$$0$1 = require('node:fs');
|
|
10
11
|
var require$$2 = require('node:os');
|
|
11
12
|
|
|
12
13
|
var errors = {};
|
|
@@ -30,7 +31,8 @@ var constants = {};
|
|
|
30
31
|
Object.defineProperty(constants, "__esModule", {
|
|
31
32
|
value: true
|
|
32
33
|
});
|
|
33
|
-
constants.ENV = constants.API_V0_URL = void 0;
|
|
34
|
+
constants.pacoteCachePath = constants.packumentCache = constants.ENV = constants.API_V0_URL = void 0;
|
|
35
|
+
var _pacote = require$$0;
|
|
34
36
|
function envAsBoolean(value) {
|
|
35
37
|
return typeof value === 'string' && (value === '1' || value.toLowerCase() === 'true');
|
|
36
38
|
}
|
|
@@ -39,6 +41,11 @@ constants.ENV = Object.freeze({
|
|
|
39
41
|
// Flag set by the optimize command to bypass the packagesHaveRiskyIssues check.
|
|
40
42
|
UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: envAsBoolean(process.env['UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE'])
|
|
41
43
|
});
|
|
44
|
+
constants.packumentCache = new Map();
|
|
45
|
+
const {
|
|
46
|
+
constructor: PacoteFetcherBase
|
|
47
|
+
} = Reflect.getPrototypeOf(_pacote.RegistryFetcher.prototype);
|
|
48
|
+
constants.pacoteCachePath = new PacoteFetcherBase(/*dummy package spec*/'x', {}).cache;
|
|
42
49
|
|
|
43
50
|
var chalkMarkdown = {};
|
|
44
51
|
|
|
@@ -189,7 +196,7 @@ Object.defineProperty(settings$1, "__esModule", {
|
|
|
189
196
|
});
|
|
190
197
|
settings$1.getSetting = getSetting;
|
|
191
198
|
settings$1.updateSetting = updateSetting;
|
|
192
|
-
var _nodeFs = require$$0;
|
|
199
|
+
var _nodeFs = require$$0$1;
|
|
193
200
|
var _nodeOs = require$$2;
|
|
194
201
|
var _nodePath$1 = require$$1;
|
|
195
202
|
var _ora = _interopRequireDefault$1(vendor.ora);
|