npm - socket - Versions diffs - 0.14.21 → 0.14.23 - Mend

socket 0.14.21 → 0.14.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/link.js CHANGED Viewed

@@ -2,7 +2,7 @@
 var require$$0 = require('node:fs');
 var require$$1 = require('node:path');
-var require$$6 = require('which');
+var require$$8 = require('which');
 var link = {};
@@ -12,7 +12,7 @@ Object.defineProperty(link, "__esModule", {
 link.installLinks = installLinks;
 var _nodeFs = require$$0;
 var _nodePath = require$$1;
-var _which = require$$6;
+var _which = require$$8;
 function installLinks(realDirname, binName) {
   const realShadowBinDir = realDirname;
   // find package manager being shadowed by this process

package/dist/npm-injection.js CHANGED Viewed

@@ -2,19 +2,19 @@
 var vendor = require('./vendor.js');
 var require$$0 = require('node:fs');
-var require$$1 = require('node:path');
+var require$$1$1 = require('node:path');
 var link = require('./link.js');
-var require$$2$1 = require('node:events');
+var require$$2 = require('node:events');
 var require$$4 = require('node:https');
 var require$$3 = require('node:readline');
 var require$$5 = require('node:stream');
 var require$$8 = require('node:timers/promises');
 var require$$3$1 = require('@socketsecurity/config');
 var require$$7 = require('npm-package-arg');
-var require$$3$2 = require('semver');
+var require$$14 = require('semver');
 var sdk = require('./sdk.js');
-var require$$1$1 = require('node:net');
-var require$$2 = require('node:os');
+var require$$1$2 = require('node:net');
+var require$$1 = require('node:os');
 var require$$6 = require('../package.json');
 var pathResolve = require('./path-resolve.js');
@@ -31,9 +31,9 @@ Object.defineProperty(ttyServer$1, "__esModule", {
 });
 ttyServer$1.createTTYServer = createTTYServer;
 var _nodeFs$2 = require$$0;
-var _nodeNet = require$$1$1;
-var _nodeOs = require$$2;
-var _nodePath$2 = require$$1;
+var _nodeNet = require$$1$2;
+var _nodeOs = require$$1;
+var _nodePath$2 = require$$1$1;
 var _nodeReadline$1 = require$$3;
 var _nodeStream$1 = require$$5;
 var _package = require$$6;
@@ -312,7 +312,6 @@ function issueRuleValueDoesNotDefer(issueRule) {
 /**
  * Handles booleans for backwards compatibility
  */
 function uxForDefinedNonDeferValue(issueRuleValue) {
   if (typeof issueRuleValue === 'boolean') {
@@ -383,10 +382,10 @@ Object.defineProperty(arborist, "__esModule", {
 });
 arborist.SafeArborist = void 0;
 arborist.installSafeArborist = installSafeArborist;
-var _nodeEvents = require$$2$1;
+var _nodeEvents = require$$2;
 var _nodeFs$1 = require$$0;
 var _nodeHttps = require$$4;
-var _nodePath$1 = require$$1;
+var _nodePath$1 = require$$1$1;
 var _nodeReadline = require$$3;
 var _nodeStream = require$$5;
 var _promises = require$$8;
@@ -395,13 +394,13 @@ var _chalk = _interopRequireDefault(vendor.source);
 var _isInteractive = _interopRequireDefault(vendor.isInteractive);
 var _ora = _interopRequireWildcard(vendor.ora);
 var _npmPackageArg = require$$7;
-var _semver = require$$3$2;
+var _semver = require$$14;
 var _constants = sdk.constants;
 var _ttyServer = ttyServer$1;
 var _chalkMarkdown = sdk.chalkMarkdown;
 var _issueRules = issueRules;
 var _misc = sdk.misc;
-var _objects = sdk.objects;
+var _objects = vendor.objects;
 var _pathResolve = pathResolve.pathResolve;
 var _sdk = sdk.sdk;
 var _settings = sdk.settings;
@@ -519,6 +518,12 @@ async function* batchScan(pkgIds) {
     yield JSON.parse(line);
   }
 }
+// Patch adding doOverrideSetsConflict is based on
+// https://github.com/npm/cli/pull/7025.
+function doOverrideSetsConflict(first, second) {
+  return findSpecificOverrideSet(first, second) === undefined;
+}
 function findSocketYmlSync() {
   let prevDir = null;
   let dir = process.cwd();
@@ -805,7 +810,7 @@ class SafeEdge extends Edge {
       }
       // Patch adding "else if" condition is based on
       // https://github.com/npm/cli/pull/7025.
-      else if (this.overrides && this.#safeTo.edgesOut.size && !findSpecificOverrideSet(this.overrides, this.#safeTo.overrides)) {
+      else if (this.overrides && this.#safeTo.edgesOut.size && doOverrideSetsConflict(this.overrides, this.#safeTo.overrides)) {
         // Any inconsistency between the edge's override set and the target's
         // override set is potentially problematic. But we only say the edge is
         // in error if the override sets are plainly conflicting. Note that if
@@ -1015,7 +1020,7 @@ class SafeNode extends Node {
       return false;
     }
     // It's a top level pkg, or a dep of one.
-    if (!this.resolveParent || !this.resolveParent.resolveParent) {
+    if (!this.resolveParent?.resolveParent) {
       return false;
     }
     // No one wants it, remove it.
@@ -1232,7 +1237,7 @@ class SafeNode extends Node {
     }
     // This is an error condition. We can only get here if the new override set
     // is in conflict with the existing.
-    log.silly(`Conflicting override requirements for node ${this.name}`, this);
+    log.silly('Conflicting override sets', this.name);
     return false;
   }
@@ -1488,7 +1493,7 @@ void (async () => {
       const socketSdk = await (0, _sdk.setupSdk)(pubToken);
       const orgResult = await socketSdk.getOrganizations();
       if (!orgResult.success) {
-        throw new Error('Failed to fetch Socket organization info: ' + orgResult.error.message);
+        throw new Error(`Failed to fetch Socket organization info: ${orgResult.error.message}`);
       }
       const orgs = [];
       for (const org of Object.values(orgResult.data.organizations)) {
@@ -1500,7 +1505,7 @@ void (async () => {
         organization: org.id
       })));
       if (!result.success) {
-        throw new Error('Failed to fetch API key settings: ' + result.error.message);
+        throw new Error(`Failed to fetch API key settings: ${result.error.message}`);
       }
       return {
         orgs,
@@ -1541,10 +1546,14 @@ void (async () => {
   if (socketYml) {
     settings.entries.push({
       start: socketYml.path,
-      // @ts-ignore
       settings: {
         [socketYml.path]: {
           deferTo: null,
+          // TODO: TypeScript complains about the type not matching. We should
+          // figure out why are providing
+          // issueRules: { [issueName: string]: boolean }
+          // but expecting
+          // issueRules: { [issueName: string]: { action: 'defer' | 'error' | 'ignore' | 'monitor' | 'warn' } }
           issueRules: socketYml.parsed.issueRules
         }
       }
@@ -1554,7 +1563,7 @@ void (async () => {
 })();
 var _nodeFs = require$$0;
-var _nodePath = require$$1;
+var _nodePath = require$$1$1;
 var _link = link.link;
 var _arborist = arborist;
 const distPath = __dirname;

package/dist/path-resolve.js CHANGED Viewed

@@ -4,7 +4,7 @@ var require$$1$1 = require('node:fs/promises');
 var require$$1 = require('node:path');
 var require$$2 = require('ignore');
 var require$$3 = require('micromatch');
-var require$$11 = require('tinyglobby');
+var require$$15 = require('tinyglobby');
 var pathResolve = {};
@@ -51,7 +51,7 @@ var _promises = require$$1$1;
 var _nodePath = require$$1;
 var _ignore = require$$2;
 var _micromatch = require$$3;
-var _tinyglobby = require$$11;
+var _tinyglobby = require$$15;
 var _ignoreByDefault = ignoreByDefault;
 async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
   const patterns = ['golang', 'npm', 'pypi'].reduce((r, n) => {

package/dist/sdk.d.ts CHANGED Viewed

@@ -1,12 +1,5 @@
 /// <reference types="node" />
 import { SocketSdk } from '@socketsecurity/sdk';
-declare function hasOwn(obj: any, propKey: PropertyKey): boolean;
-declare function isObject(value: any): value is object;
-declare function isObjectObject(value: any): value is {
-    [key: string]: any;
-};
-declare function objectSome(obj: Record<string, any>): boolean;
-declare function pick<T extends Record<string, any>, K extends keyof T>(input: T, keys: K[] | ReadonlyArray<K>): Pick<T, K>;
 declare function createDebugLogger(printDebugLogs?: boolean): typeof console.error;
 declare function isErrnoException(value: unknown): value is NodeJS.ErrnoException;
 declare function stringJoinWithSeparateFinalSeparator(list: (string | undefined)[], separator?: string): string;
@@ -14,9 +7,7 @@ declare const API_V0_URL = "https://api.socket.dev/v0";
 declare const ENV: Readonly<{
     UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
 }>;
-declare const packumentCache: Map<any, any>;
-declare const pacoteCachePath: any;
 declare const FREE_API_KEY = "sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api";
 declare function getDefaultKey(): string | undefined;
 declare function setupSdk(apiKey?: string | undefined, apiBaseUrl?: string | undefined, proxy?: string | undefined): Promise<SocketSdk>;
-export { hasOwn, isObject, isObjectObject, objectSome, pick, createDebugLogger, isErrnoException, stringJoinWithSeparateFinalSeparator, API_V0_URL, ENV, packumentCache, pacoteCachePath, FREE_API_KEY, getDefaultKey, setupSdk };
+export { createDebugLogger, isErrnoException, stringJoinWithSeparateFinalSeparator, API_V0_URL, ENV, FREE_API_KEY, getDefaultKey, setupSdk };

package/dist/sdk.js CHANGED Viewed

@@ -1,14 +1,13 @@
 'use strict';
-var require$$0 = require('pacote');
 var vendor = require('./vendor.js');
-var require$$1$1 = require('node:fs/promises');
-var require$$1 = require('node:path');
-var require$$1$2 = require('@inquirer/prompts');
+var require$$1$2 = require('node:fs/promises');
+var require$$1$1 = require('node:path');
+var require$$1$3 = require('@inquirer/prompts');
 var require$$4 = require('@socketsecurity/sdk');
 var require$$5 = require('hpagent');
-var require$$0$1 = require('node:fs');
-var require$$2 = require('node:os');
+var require$$0 = require('node:fs');
+var require$$1 = require('node:os');
 var errors = {};
@@ -31,21 +30,13 @@ var constants = {};
 Object.defineProperty(constants, "__esModule", {
   value: true
 });
-constants.pacoteCachePath = constants.packumentCache = constants.ENV = constants.API_V0_URL = void 0;
-var _pacote = require$$0;
-function envAsBoolean(value) {
-  return typeof value === 'string' && (value === '1' || value.toLowerCase() === 'true');
-}
+constants.ENV = constants.API_V0_URL = void 0;
+var _env = vendor.env;
 constants.API_V0_URL = 'https://api.socket.dev/v0';
 constants.ENV = Object.freeze({
   // Flag set by the optimize command to bypass the packagesHaveRiskyIssues check.
-  UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: envAsBoolean(process.env['UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE'])
+  UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: (0, _env.envAsBoolean)(process.env['UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE'])
 });
-constants.packumentCache = new Map();
-const {
-  constructor: PacoteFetcherBase
-} = Reflect.getPrototypeOf(_pacote.RegistryFetcher.prototype);
-constants.pacoteCachePath = new PacoteFetcherBase(/*dummy package spec*/'x', {}).cache;
 var chalkMarkdown = {};
@@ -150,42 +141,6 @@ function stringJoinWithSeparateFinalSeparator(list, separator = ' and ') {
   return values.join(', ') + separator + finalValue;
 }
-var objects = {};
-Object.defineProperty(objects, "__esModule", {
-  value: true
-});
-objects.hasOwn = hasOwn;
-objects.isObject = isObject;
-objects.isObjectObject = isObjectObject;
-objects.objectSome = objectSome;
-objects.pick = pick;
-function hasOwn(obj, propKey) {
-  if (obj === null || obj === undefined) return false;
-  return Object.hasOwn(obj, propKey);
-}
-function isObject(value) {
-  return value !== null && typeof value === 'object';
-}
-function isObjectObject(value) {
-  return value !== null && typeof value === 'object' && !Array.isArray(value);
-}
-function objectSome(obj) {
-  for (const key in obj) {
-    if (obj[key]) {
-      return true;
-    }
-  }
-  return false;
-}
-function pick(input, keys) {
-  const result = {};
-  for (const key of keys) {
-    result[key] = input[key];
-  }
-  return result;
-}
 var sdk = {};
 var settings$1 = {};
@@ -196,9 +151,9 @@ Object.defineProperty(settings$1, "__esModule", {
 });
 settings$1.getSetting = getSetting;
 settings$1.updateSetting = updateSetting;
-var _nodeFs = require$$0$1;
-var _nodeOs = require$$2;
-var _nodePath$1 = require$$1;
+var _nodeFs = require$$0;
+var _nodeOs = require$$1;
+var _nodePath$1 = require$$1$1;
 var _ora = _interopRequireDefault$1(vendor.ora);
 let dataHome = process.platform === 'win32' ? process.env['LOCALAPPDATA'] : process.env['XDG_DATA_HOME'];
 if (!dataHome) {
@@ -242,9 +197,9 @@ Object.defineProperty(sdk, "__esModule", {
 sdk.FREE_API_KEY = void 0;
 sdk.getDefaultKey = getDefaultKey;
 sdk.setupSdk = setupSdk;
-var _promises = require$$1$1;
-var _nodePath = require$$1;
-var _prompts = require$$1$2;
+var _promises = require$$1$2;
+var _nodePath = require$$1$1;
+var _prompts = require$$1$3;
 var _sdk = require$$4;
 var _hpagent = require$$5;
 var _isInteractive = _interopRequireDefault(vendor.isInteractive);
@@ -309,6 +264,5 @@ exports.chalkMarkdown = chalkMarkdown;
 exports.constants = constants;
 exports.errors = errors;
 exports.misc = misc;
-exports.objects = objects;
 exports.sdk = sdk;
 exports.settings = settings$1;