socket 0.14.29 → 0.14.30

package/bin/cli.js

@@ -1,9 +1,7 @@
 #!/usr/bin/env node
 'use strict'
 
-const semver = require('semver')
-const distType = semver.satisfies(process.versions.node, '>=22.12')
+const DIST_TYPE = require('semver').satisfies(process.versions.node, '>=22.12')
   ? 'module-sync'
   : 'require'
-process.removeAllListeners('warning')
-require(`../dist/${distType}/cli.js`)
+require(`../dist/${DIST_TYPE}/cli.js`)

package/bin/npm-cli.js

@@ -1,9 +1,7 @@
 #!/usr/bin/env node
 'use strict'
 
-const semver = require('semver')
-const distType = semver.satisfies(process.versions.node, '>=22.12')
+const DIST_TYPE = require('semver').satisfies(process.versions.node, '>=22.12')
   ? 'module-sync'
   : 'require'
-process.removeAllListeners('warning')
-require(`../dist/${distType}/npm-cli.js`)
+require(`../dist/${DIST_TYPE}/npm-cli.js`)

package/bin/npx-cli.js

@@ -1,9 +1,7 @@
 #!/usr/bin/env node
 'use strict'
 
-const semver = require('semver')
-const distType = semver.satisfies(process.versions.node, '>=22.12')
+const DIST_TYPE = require('semver').satisfies(process.versions.node, '>=22.12')
   ? 'module-sync'
   : 'require'
-process.removeAllListeners('warning')
-require(`../dist/${distType}/npx-cli.js`)
+require(`../dist/${DIST_TYPE}/npx-cli.js`)

package/dist/module-sync/cli.js

@@ -299,8 +299,9 @@ var _ponyCause$4 = require$$4$1;
 var _errors$l = sdk.errors;
 var _constants$5 = constants.constants;
 function handleUnsuccessfulApiResponse(_name, result, spinner) {
-  const resultError = 'error' in result && result.error && typeof result.error === 'object' ? result.error : {};
-  const message = 'message' in resultError && typeof resultError.message === 'string' ? resultError.message : 'No error message returned';
+  // SocketSdkErrorType['error'] is not typed.
+  const resultErrorMessage = result.error?.message;
+  const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
   if (result.status === 401 || result.status === 403) {
     spinner.stop();
     throw new _errors$l.AuthError(message);
@@ -321,16 +322,16 @@ async function handleApiCall(value, description) {
 }
 async function handleAPIError(code) {
   if (code === 400) {
-    return `One of the options passed might be incorrect.`;
+    return 'One of the options passed might be incorrect.';
   } else if (code === 403) {
-    return `You might be trying to access an organization that is not linked to the API key you are logged in with.`;
+    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
   }
 }
 async function queryAPI(path, apiKey) {
   return await fetch(`${_constants$5.API_V0_URL}/${path}`, {
     method: 'GET',
     headers: {
-      Authorization: 'Basic ' + btoa(`${apiKey}:${apiKey}`)
+      Authorization: `Basic ${btoa(`${apiKey}:${apiKey}`)}`
     }
   });
 }
@@ -1145,6 +1146,7 @@ var _fs = fs;
 var _packageManagerDetector = packageManagerDetector;
 const COMMAND_TITLE = 'Socket Optimize';
 const OVERRIDES_FIELD_NAME = 'overrides';
+const NPM_OVERRIDE_PR_URL = 'https://github.com/npm/cli/pull/7025';
 const PNPM_FIELD_NAME = 'pnpm';
 const PNPM_WORKSPACE = 'pnpm-workspace';
 const RESOLUTIONS_FIELD_NAME = 'resolutions';
@@ -1826,11 +1828,11 @@ const optimize = optimize$1.optimize = {
       try {
         if (isNpm) {
           const wrapperPath = _nodePath$1.join(_constants$1.distPath, 'npm-cli.js');
-          await _promiseSpawn$2(process.execPath, [wrapperPath, 'install', '--no-audit', '--no-fund'], {
+          await _promiseSpawn$2(process.execPath, [wrapperPath, 'install', '--silent'], {
             stdio: 'ignore',
             env: {
               ...process.env,
-              UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: '1'
+              [_constants$1.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
             }
           });
         } else {
@@ -1841,7 +1843,7 @@ const optimize = optimize$1.optimize = {
         }
         spinner.stop();
         if (isNpm) {
-          console.log(`💡 Re-run ${COMMAND_TITLE} whenever ${lockName} changes.\n   This can be skipped once npm ships https://github.com/npm/cli/pull/7025.`);
+          console.log(`💡 Re-run ${COMMAND_TITLE} whenever ${lockName} changes.\n   This can be skipped once npm ships ${NPM_OVERRIDE_PR_URL}.`);
         }
       } catch {
         spinner.error(`${COMMAND_TITLE}: ${agent} install failed to update ${lockName}`);

package/dist/module-sync/constants.d.ts

@@ -1,8 +1,13 @@
+declare const SUPPORTS_SYNC_ESM: boolean;
 declare const API_V0_URL = "https://api.socket.dev/v0";
+declare const DIST_TYPE: string;
+declare const LOOP_SENTINEL = 1000000;
+declare const NPM_REGISTRY_URL = "https://registry.npmjs.org";
+declare const SOCKET_CLI_ISSUES_URL = "https://github.com/SocketDev/socket-cli/issues";
+declare const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = "UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE";
 declare const ENV: Readonly<{
     UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
 }>;
-declare const SUPPORTS_SYNC_ESM: boolean;
 declare const rootPath: string;
 declare const rootDistPath: string;
 declare const rootBinPath: string;
@@ -12,4 +17,4 @@ declare const cdxgenBinPath: string;
 declare const distPath: string;
 declare const shadowBinPath: string;
 declare const synpBinPath: string;
-export { API_V0_URL, ENV, SUPPORTS_SYNC_ESM, rootPath, rootDistPath, rootBinPath, rootPkgJsonPath, nmBinPath, cdxgenBinPath, distPath, shadowBinPath, synpBinPath };
+export { SUPPORTS_SYNC_ESM, API_V0_URL, DIST_TYPE, LOOP_SENTINEL, NPM_REGISTRY_URL, SOCKET_CLI_ISSUES_URL, UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE, ENV, rootPath, rootDistPath, rootBinPath, rootPkgJsonPath, nmBinPath, cdxgenBinPath, distPath, shadowBinPath, synpBinPath };

package/dist/module-sync/constants.js

@@ -15,7 +15,7 @@ var constants = {};
 Object.defineProperty(constants, "__esModule", {
   value: true
 });
-constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.SUPPORTS_SYNC_ESM = constants.ENV = constants.API_V0_URL = void 0;
+constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
 var _nodeFs = require$$0;
 var _nodePath = require$$1;
 var _env = require$$2;
@@ -24,20 +24,30 @@ var _semver = require$$4;
 const {
   PACKAGE_JSON
 } = _constants;
+const SUPPORTS_SYNC_ESM = constants.SUPPORTS_SYNC_ESM = _semver.satisfies(process.versions.node, '>=22.12');
 constants.API_V0_URL = 'https://api.socket.dev/v0';
+const DIST_TYPE = constants.DIST_TYPE = SUPPORTS_SYNC_ESM ? 'module-sync' : 'require';
+constants.LOOP_SENTINEL = 1_000_000;
+constants.NPM_REGISTRY_URL = 'https://registry.npmjs.org';
+const SOCKET_CLI_ISSUES_URL = constants.SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
+const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE';
 constants.ENV = Object.freeze({
   // Flag set by the optimize command to bypass the packagesHaveRiskyIssues check.
-  UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: (0, _env.envAsBoolean)(process.env['UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE'])
+  [UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE]: (0, _env.envAsBoolean)(process.env[UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE])
 });
-const SUPPORTS_SYNC_ESM = constants.SUPPORTS_SYNC_ESM = _semver.satisfies(process.versions.node, '>=22.12');
+
+// Dynamically detect the rootPath so constants.ts can be used in tests.
 const rootPath = constants.rootPath = (() => {
   let oldPath;
   let currPath = (0, _nodeFs.realpathSync)(__dirname);
+  // Dirname stops when at the filepath root, e.g. '/' for posix and 'C:\\' for win32,
+  // so `currPath` equal `oldPath`.
   while (currPath !== oldPath) {
     const pkgJsonPath = _nodePath.join(currPath, PACKAGE_JSON);
     if ((0, _nodeFs.existsSync)(pkgJsonPath)) {
       try {
-        // socket is replaced by .config/rollup.base.config.mjs
+        // Content matching socket is replaced by
+        // the @rollup/plugin-replace plugin used in .config/rollup.base.config.mjs
         // with either 'socket' or '@socketsecurity/cli'.
         if (require(pkgJsonPath)?.name === 'socket') {
           return currPath;
@@ -47,15 +57,15 @@ const rootPath = constants.rootPath = (() => {
     oldPath = currPath;
     currPath = _nodePath.dirname(currPath);
   }
-  throw new TypeError('rootPath cannot be resolved.');
+  throw new TypeError(`Socket CLI initialization error: rootPath cannot be resolved.\n\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`);
 })();
 const rootDistPath = constants.rootDistPath = _nodePath.join(rootPath, 'dist');
 constants.rootBinPath = _nodePath.join(rootPath, 'bin');
 constants.rootPkgJsonPath = _nodePath.join(rootPath, PACKAGE_JSON);
 const nmBinPath = constants.nmBinPath = _nodePath.join(rootPath, 'node_modules/.bin');
 constants.cdxgenBinPath = _nodePath.join(nmBinPath, 'cdxgen');
-constants.distPath = _nodePath.join(rootDistPath, SUPPORTS_SYNC_ESM ? 'module-sync' : 'require');
-constants.shadowBinPath = _nodePath.join(rootPath, 'shadow', SUPPORTS_SYNC_ESM ? 'module-sync' : 'require');
+constants.distPath = _nodePath.join(rootDistPath, DIST_TYPE);
+constants.shadowBinPath = _nodePath.join(rootPath, 'shadow', DIST_TYPE);
 constants.synpBinPath = _nodePath.join(nmBinPath, 'synp');
 
 exports.constants = constants;

package/dist/module-sync/npm-injection.js

@@ -16,6 +16,7 @@ var require$$3$2 = require('@socketregistry/yocto-spinner');
 var require$$4 = require('semver');
 var require$$6$1 = require('@socketsecurity/config');
 var require$$7 = require('@socketsecurity/registry/lib/objects');
+var require$$8 = require('@socketsecurity/registry/lib/packages');
 var require$$1$1 = require('node:net');
 var require$$2 = require('node:os');
 var require$$6 = require('../../package.json');
@@ -397,6 +398,7 @@ var _yoctoSpinner = require$$3$2;
 var _semver = require$$4;
 var _config = require$$6$1;
 var _objects = require$$7;
+var _packages = require$$8;
 var _ttyServer = ttyServer$1;
 var _constants$1 = constants.constants;
 var _colorOrMarkdown = sdk.colorOrMarkdown;
@@ -405,7 +407,7 @@ var _misc = sdk.misc;
 var _pathResolve = pathResolve.pathResolve;
 var _sdk = sdk.sdk;
 var _settings = sdk.settings;
-const POTENTIALLY_BUG_ERROR_SNIPPET = 'this is potentially a bug with socket-npm caused by changes to the npm cli';
+const POTENTIAL_BUG_ERROR_MESSAGE = `This is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${_constants$1.SOCKET_CLI_ISSUES_URL}.`;
 const npmEntrypoint = (0, _nodeFs.realpathSync)(process.argv[1]);
 const npmRootPath = (0, _pathResolve.findRoot)(_nodePath.dirname(npmEntrypoint));
 function tryRequire(...ids) {
@@ -431,12 +433,9 @@ function tryRequire(...ids) {
   return undefined;
 }
 if (npmRootPath === undefined) {
-  console.error(`Unable to find npm cli install directory, ${POTENTIALLY_BUG_ERROR_SNIPPET}.`);
-  console.error(`Searched parent directories of ${npmEntrypoint}`);
+  console.error(`Unable to find npm CLI install directory.\nSearched parent directories of ${npmEntrypoint}.\n\n${POTENTIAL_BUG_ERROR_MESSAGE}`);
   process.exit(127);
 }
-const LOOP_SENTINEL = 1_000_000;
-const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
 const npmNmPath = _nodePath.join(npmRootPath, 'node_modules');
 const arboristPkgPath = _nodePath.join(npmNmPath, '@npmcli/arborist');
 const arboristClassPath = _nodePath.join(arboristPkgPath, 'lib/arborist/index.js');
@@ -449,7 +448,7 @@ const log = tryRequire([_nodePath.join(npmNmPath, 'proc-log/lib/index.js'),
 // is really that of its export log.
 mod => mod.log], _nodePath.join(npmNmPath, 'npmlog/lib/log.js'));
 if (log === undefined) {
-  console.error(`Unable to integrate with npm cli logging infrastructure, ${POTENTIALLY_BUG_ERROR_SNIPPET}.`);
+  console.error(`Unable to integrate with npm CLI logging infrastructure.\n\n${POTENTIAL_BUG_ERROR_MESSAGE}.`);
   process.exit(127);
 }
 const pacote = tryRequire(_nodePath.join(npmNmPath, 'pacote'), 'pacote');
@@ -606,11 +605,16 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
       if (pkgData.type === 'missing') {
         result = true;
         failures.push({
-          type: 'missingDependency'
+          type: 'missingDependency',
+          block: false,
+          raw: undefined
         });
       } else {
         let blocked = false;
         for (const failure of pkgData.value.issues) {
+          const {
+            type
+          } = failure;
           // eslint-disable-next-line no-await-in-loop
           const ux = await uxLookup({
             package: {
@@ -618,33 +622,34 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
               version
             },
             issue: {
-              type: failure.type
+              type
             }
           });
-          if (ux.display || ux.block) {
+          if (ux.block) {
+            result = true;
+            blocked = true;
+          }
+          if (ux.display) {
+            displayWarning = true;
+          }
+          if (ux.block || ux.display) {
             failures.push({
-              raw: failure,
-              block: ux.block
+              type,
+              block: ux.block,
+              raw: failure
             });
             // Before we ask about problematic issues, check to see if they
             // already existed in the old version if they did, be quiet.
             const pkg = pkgs.find(p => p.pkgid === id && p.existing?.startsWith(`${name}@`));
             if (pkg?.existing) {
+              const oldPkgData =
               // eslint-disable-next-line no-await-in-loop
-              for await (const oldPkgData of batchScan([pkg.existing])) {
-                if (oldPkgData.type === 'success') {
-                  failures = failures.filter(issue => oldPkgData.value.issues.find(oldIssue => oldIssue.type === issue.raw.type) == null);
-                }
+              (await batchScan([pkg.existing]).next()).value;
+              if (oldPkgData.type === 'success') {
+                failures = failures.filter(issue => oldPkgData.value.issues.find(oldIssue => oldIssue.type === issue.type) === undefined);
               }
             }
           }
-          if (ux.block) {
-            result = true;
-            blocked = true;
-          }
-          if (ux.display) {
-            displayWarning = true;
-          }
         }
         if (!blocked) {
           const pkg = pkgs.find(p => p.pkgid === id);
@@ -660,15 +665,26 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
       }
       if (displayWarning) {
         spinner.stop(`(socket) ${formatter.hyperlink(id, `https://socket.dev/npm/package/${name}/overview/${version}`)} contains risks:`);
-        failures.sort((a, b) => a.raw.type < b.raw.type ? -1 : 1);
+        // Filter issues for blessed packages.
+        if ((0, _packages.isBlessedPackageName)(name)) {
+          failures = failures.filter(({
+            type
+          }) => type !== 'unpopularPackage' && type !== 'unstableOwnership');
+        }
+        failures.sort((a, b) => a.type < b.type ? -1 : 1);
         const lines = new Set();
         for (const failure of failures) {
-          const type = failure.raw.type;
-          if (type) {
-            const issueTypeTranslation = translations.issues[type];
-            // TODO: emoji seems to mis-align terminals sometimes
-            lines.add(`  ${issueTypeTranslation?.title ?? type}${failure.block ? '' : ' (non-blocking)'} - ${issueTypeTranslation?.description ?? ''}\n`);
-          }
+          const {
+            type
+          } = failure;
+          // Based data from { pageProps: { alertTypes } } of:
+          // https://socket.dev/_next/data/94666139314b6437ee4491a0864e72b264547585/en-US.json
+          const info = translations.issues[type];
+          const title = info?.title ?? type;
+          const maybeBlocking = failure.block ? '' : ' (non-blocking)';
+          const maybeDesc = info?.description ? ` - ${info.description}` : '';
+          // TODO: emoji seems to mis-align terminals sometimes
+          lines.add(`  ${title}${maybeBlocking}${maybeDesc}\n`);
         }
         for (const line of lines) {
           output?.write(line);
@@ -702,7 +718,7 @@ function walk(diff_, needInfoOn = []) {
     length: queueLength
   } = queue;
   while (pos < queueLength) {
-    if (pos === LOOP_SENTINEL) {
+    if (pos === _constants$1.LOOP_SENTINEL) {
       throw new Error('Detected infinite loop while walking Arborist diff');
     }
     const diff = queue[pos++];
@@ -1274,7 +1290,7 @@ class SafeOverrideSet extends OverrideSet {
       length: queueLength
     } = queue;
     while (pos < queueLength) {
-      if (pos === LOOP_SENTINEL) {
+      if (pos === _constants$1.LOOP_SENTINEL) {
         throw new Error('Detected infinite loop while comparing override sets');
       }
       const {
@@ -1416,10 +1432,10 @@ class SafeArborist extends Arborist {
     options['save'] = old.save;
     options['saveBundle'] = old.saveBundle;
     // Nothing to check, mmm already installed or all private?
-    if (diff.findIndex(c => c.repository_url === NPM_REGISTRY_URL) === -1) {
+    if (diff.findIndex(c => c.repository_url === _constants$1.NPM_REGISTRY_URL) === -1) {
       return await this[kRiskyReify](...args);
     }
-    let proceed = _constants$1.ENV.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE;
+    let proceed = _constants$1.ENV[_constants$1.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE];
     if (!proceed) {
       proceed = await ttyServer.captureTTY(async (input, output) => {
         if (input && output) {

package/dist/require/cli.js

@@ -293,8 +293,9 @@ var _ponyCause$4 = require$$4$1;
 var _errors$l = sdk.errors;
 var _constants$5 = constants.constants;
 function handleUnsuccessfulApiResponse(_name, result, spinner) {
-  const resultError = 'error' in result && result.error && typeof result.error === 'object' ? result.error : {};
-  const message = 'message' in resultError && typeof resultError.message === 'string' ? resultError.message : 'No error message returned';
+  // SocketSdkErrorType['error'] is not typed.
+  const resultErrorMessage = result.error?.message;
+  const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
   if (result.status === 401 || result.status === 403) {
     spinner.stop();
     throw new _errors$l.AuthError(message);
@@ -315,16 +316,16 @@ async function handleApiCall(value, description) {
 }
 async function handleAPIError(code) {
   if (code === 400) {
-    return `One of the options passed might be incorrect.`;
+    return 'One of the options passed might be incorrect.';
   } else if (code === 403) {
-    return `You might be trying to access an organization that is not linked to the API key you are logged in with.`;
+    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
   }
 }
 async function queryAPI(path, apiKey) {
   return await fetch(`${_constants$5.API_V0_URL}/${path}`, {
     method: 'GET',
     headers: {
-      Authorization: 'Basic ' + btoa(`${apiKey}:${apiKey}`)
+      Authorization: `Basic ${btoa(`${apiKey}:${apiKey}`)}`
     }
   });
 }
@@ -1139,6 +1140,7 @@ var _fs = fs;
 var _packageManagerDetector = packageManagerDetector;
 const COMMAND_TITLE = 'Socket Optimize';
 const OVERRIDES_FIELD_NAME = 'overrides';
+const NPM_OVERRIDE_PR_URL = 'https://github.com/npm/cli/pull/7025';
 const PNPM_FIELD_NAME = 'pnpm';
 const PNPM_WORKSPACE = 'pnpm-workspace';
 const RESOLUTIONS_FIELD_NAME = 'resolutions';
@@ -1820,11 +1822,11 @@ const optimize = optimize$1.optimize = {
       try {
         if (isNpm) {
           const wrapperPath = _nodePath$1.join(_constants$1.distPath, 'npm-cli.js');
-          await _promiseSpawn$2(process.execPath, [wrapperPath, 'install', '--no-audit', '--no-fund'], {
+          await _promiseSpawn$2(process.execPath, [wrapperPath, 'install', '--silent'], {
             stdio: 'ignore',
             env: {
               ...process.env,
-              UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: '1'
+              [_constants$1.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
             }
           });
         } else {
@@ -1835,7 +1837,7 @@ const optimize = optimize$1.optimize = {
         }
         spinner.stop();
         if (isNpm) {
-          console.log(`💡 Re-run ${COMMAND_TITLE} whenever ${lockName} changes.\n   This can be skipped once npm ships https://github.com/npm/cli/pull/7025.`);
+          console.log(`💡 Re-run ${COMMAND_TITLE} whenever ${lockName} changes.\n   This can be skipped once npm ships ${NPM_OVERRIDE_PR_URL}.`);
         }
       } catch {
         spinner.error(`${COMMAND_TITLE}: ${agent} install failed to update ${lockName}`);

package/dist/require/constants.d.ts

@@ -1,8 +1,13 @@
+declare const SUPPORTS_SYNC_ESM: boolean;
 declare const API_V0_URL = "https://api.socket.dev/v0";
+declare const DIST_TYPE: string;
+declare const LOOP_SENTINEL = 1000000;
+declare const NPM_REGISTRY_URL = "https://registry.npmjs.org";
+declare const SOCKET_CLI_ISSUES_URL = "https://github.com/SocketDev/socket-cli/issues";
+declare const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = "UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE";
 declare const ENV: Readonly<{
     UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
 }>;
-declare const SUPPORTS_SYNC_ESM: boolean;
 declare const rootPath: string;
 declare const rootDistPath: string;
 declare const rootBinPath: string;
@@ -12,4 +17,4 @@ declare const cdxgenBinPath: string;
 declare const distPath: string;
 declare const shadowBinPath: string;
 declare const synpBinPath: string;
-export { API_V0_URL, ENV, SUPPORTS_SYNC_ESM, rootPath, rootDistPath, rootBinPath, rootPkgJsonPath, nmBinPath, cdxgenBinPath, distPath, shadowBinPath, synpBinPath };
+export { SUPPORTS_SYNC_ESM, API_V0_URL, DIST_TYPE, LOOP_SENTINEL, NPM_REGISTRY_URL, SOCKET_CLI_ISSUES_URL, UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE, ENV, rootPath, rootDistPath, rootBinPath, rootPkgJsonPath, nmBinPath, cdxgenBinPath, distPath, shadowBinPath, synpBinPath };

package/dist/require/constants.js

@@ -11,7 +11,7 @@ var constants = {};
 Object.defineProperty(constants, "__esModule", {
   value: true
 });
-constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.SUPPORTS_SYNC_ESM = constants.ENV = constants.API_V0_URL = void 0;
+constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
 var _nodeFs = require$$0;
 var _nodePath = require$$1;
 var _env = require$$2;
@@ -20,20 +20,30 @@ var _semver = require$$4;
 const {
   PACKAGE_JSON
 } = _constants;
+const SUPPORTS_SYNC_ESM = constants.SUPPORTS_SYNC_ESM = _semver.satisfies(process.versions.node, '>=22.12');
 constants.API_V0_URL = 'https://api.socket.dev/v0';
+const DIST_TYPE = constants.DIST_TYPE = SUPPORTS_SYNC_ESM ? 'module-sync' : 'require';
+constants.LOOP_SENTINEL = 1_000_000;
+constants.NPM_REGISTRY_URL = 'https://registry.npmjs.org';
+const SOCKET_CLI_ISSUES_URL = constants.SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
+const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE';
 constants.ENV = Object.freeze({
   // Flag set by the optimize command to bypass the packagesHaveRiskyIssues check.
-  UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: (0, _env.envAsBoolean)(process.env['UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE'])
+  [UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE]: (0, _env.envAsBoolean)(process.env[UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE])
 });
-const SUPPORTS_SYNC_ESM = constants.SUPPORTS_SYNC_ESM = _semver.satisfies(process.versions.node, '>=22.12');
+
+// Dynamically detect the rootPath so constants.ts can be used in tests.
 const rootPath = constants.rootPath = (() => {
   let oldPath;
   let currPath = (0, _nodeFs.realpathSync)(__dirname);
+  // Dirname stops when at the filepath root, e.g. '/' for posix and 'C:\\' for win32,
+  // so `currPath` equal `oldPath`.
   while (currPath !== oldPath) {
     const pkgJsonPath = _nodePath.join(currPath, PACKAGE_JSON);
     if ((0, _nodeFs.existsSync)(pkgJsonPath)) {
       try {
-        // socket is replaced by .config/rollup.base.config.mjs
+        // Content matching socket is replaced by
+        // the @rollup/plugin-replace plugin used in .config/rollup.base.config.mjs
         // with either 'socket' or '@socketsecurity/cli'.
         if (require(pkgJsonPath)?.name === 'socket') {
           return currPath;
@@ -43,15 +53,15 @@ const rootPath = constants.rootPath = (() => {
     oldPath = currPath;
     currPath = _nodePath.dirname(currPath);
   }
-  throw new TypeError('rootPath cannot be resolved.');
+  throw new TypeError(`Socket CLI initialization error: rootPath cannot be resolved.\n\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`);
 })();
 const rootDistPath = constants.rootDistPath = _nodePath.join(rootPath, 'dist');
 constants.rootBinPath = _nodePath.join(rootPath, 'bin');
 constants.rootPkgJsonPath = _nodePath.join(rootPath, PACKAGE_JSON);
 const nmBinPath = constants.nmBinPath = _nodePath.join(rootPath, 'node_modules/.bin');
 constants.cdxgenBinPath = _nodePath.join(nmBinPath, 'cdxgen');
-constants.distPath = _nodePath.join(rootDistPath, SUPPORTS_SYNC_ESM ? 'module-sync' : 'require');
-constants.shadowBinPath = _nodePath.join(rootPath, 'shadow', SUPPORTS_SYNC_ESM ? 'module-sync' : 'require');
+constants.distPath = _nodePath.join(rootDistPath, DIST_TYPE);
+constants.shadowBinPath = _nodePath.join(rootPath, 'shadow', DIST_TYPE);
 constants.synpBinPath = _nodePath.join(nmBinPath, 'synp');
 
 exports.constants = constants;