socket 0.14.38 → 0.14.40-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/constants.js +10 -4
- package/dist/module-sync/cli.js +34 -6
- package/dist/module-sync/constants.d.ts +4 -2
- package/dist/module-sync/constants.d.ts.map +1 -1
- package/dist/module-sync/npm-injection.js +236 -269
- package/dist/module-sync/path-resolve.js +1 -4
- package/dist/module-sync/shadow-bin.js +4 -26
- package/dist/require/cli.js +33 -5
- package/dist/require/constants.d.ts.map +1 -1
- package/dist/require/npm-injection.js +236 -269
- package/dist/require/path-resolve.js +1 -4
- package/dist/require/shadow-bin.js +4 -26
- package/dist/require/vendor.js +6 -6
- package/package.json +15 -13
package/dist/constants.js
CHANGED
|
@@ -20,8 +20,9 @@ const LOCK_EXT = '.lock';
|
|
|
20
20
|
const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
|
|
21
21
|
const NPX = 'npx';
|
|
22
22
|
const PNPM = 'pnpm';
|
|
23
|
+
const SOCKET_CLI_FIX_PACKAGE_LOCK_FILE = 'SOCKET_CLI_FIX_PACKAGE_LOCK_FILE';
|
|
23
24
|
const SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
|
|
24
|
-
const
|
|
25
|
+
const SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE';
|
|
25
26
|
const VLT = 'vlt';
|
|
26
27
|
const YARN_BERRY = 'yarn/berry';
|
|
27
28
|
const YARN_CLASSIC = 'yarn/classic';
|
|
@@ -29,8 +30,12 @@ const LAZY_DIST_TYPE = () => registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? 'm
|
|
|
29
30
|
const LAZY_ENV = () => Object.freeze({
|
|
30
31
|
// Lazily access registryConstants.ENV.
|
|
31
32
|
...registryConstants.ENV,
|
|
32
|
-
// Flag set by the
|
|
33
|
-
|
|
33
|
+
// Flag set by the "fix" command to accept the package alerts prompt with
|
|
34
|
+
// "Y(es)" in the SafeArborist reify method.
|
|
35
|
+
[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: env.envAsBoolean(process.env[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]),
|
|
36
|
+
// Flag set by the "optimize" command to bypass the package alerts check
|
|
37
|
+
// in the SafeArborist reify method.
|
|
38
|
+
[SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: env.envAsBoolean(process.env[SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE])
|
|
34
39
|
});
|
|
35
40
|
const lazyCdxgenBinPath = () =>
|
|
36
41
|
// Lazily access constants.nmBinPath.
|
|
@@ -69,8 +74,9 @@ const constants = createConstantsObject({
|
|
|
69
74
|
NPM_REGISTRY_URL,
|
|
70
75
|
NPX,
|
|
71
76
|
PNPM,
|
|
77
|
+
SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
|
|
72
78
|
SOCKET_CLI_ISSUES_URL,
|
|
73
|
-
|
|
79
|
+
SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE,
|
|
74
80
|
VLT,
|
|
75
81
|
YARN_BERRY,
|
|
76
82
|
YARN_CLASSIC,
|
package/dist/module-sync/cli.js
CHANGED
|
@@ -20,14 +20,14 @@ var yargsParse = _socketInterop(require('yargs-parser'));
|
|
|
20
20
|
var npm$1 = require('@socketsecurity/registry/lib/npm');
|
|
21
21
|
var words = require('@socketsecurity/registry/lib/words');
|
|
22
22
|
var constants = require('./constants.js');
|
|
23
|
-
var
|
|
23
|
+
var spawn = _socketInterop(require('@npmcli/promise-spawn'));
|
|
24
24
|
var yoctoSpinner = require('@socketregistry/yocto-spinner');
|
|
25
|
+
var meow = _socketInterop(require('meow'));
|
|
25
26
|
var sdk = require('./sdk.js');
|
|
26
27
|
var prompts = require('@socketsecurity/registry/lib/prompts');
|
|
27
28
|
var isInteractive = _socketInterop(require('is-interactive'));
|
|
28
29
|
var terminalLink = _socketInterop(require('terminal-link'));
|
|
29
30
|
var fs$1 = require('node:fs/promises');
|
|
30
|
-
var spawn = _socketInterop(require('@npmcli/promise-spawn'));
|
|
31
31
|
var npa = _socketInterop(require('npm-package-arg'));
|
|
32
32
|
var semver = _socketInterop(require('semver'));
|
|
33
33
|
var tinyglobby = _socketInterop(require('tinyglobby'));
|
|
@@ -176,8 +176,8 @@ const cdxgen = {
|
|
|
176
176
|
length: unknownLength
|
|
177
177
|
} = unknown;
|
|
178
178
|
if (unknownLength) {
|
|
179
|
-
console.error(`Unknown ${words.pluralize('argument', unknownLength)}: ${yargv._.join(', ')}`);
|
|
180
179
|
process.exitCode = 1;
|
|
180
|
+
console.error(`Unknown ${words.pluralize('argument', unknownLength)}: ${yargv._.join(', ')}`);
|
|
181
181
|
return;
|
|
182
182
|
}
|
|
183
183
|
let cleanupPackageLock = false;
|
|
@@ -218,6 +218,33 @@ const cdxgen = {
|
|
|
218
218
|
}
|
|
219
219
|
};
|
|
220
220
|
|
|
221
|
+
const {
|
|
222
|
+
SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
|
|
223
|
+
abortSignal: abortSignal$3,
|
|
224
|
+
execPath: execPath$1,
|
|
225
|
+
rootBinPath: rootBinPath$1
|
|
226
|
+
} = constants;
|
|
227
|
+
const fix = {
|
|
228
|
+
description: 'Fix "fixable" Socket alerts',
|
|
229
|
+
async run() {
|
|
230
|
+
const wrapperPath = path.join(rootBinPath$1, 'npm-cli.js');
|
|
231
|
+
const npmSpawnOptions = {
|
|
232
|
+
signal: abortSignal$3,
|
|
233
|
+
stdio: 'ignore',
|
|
234
|
+
env: {
|
|
235
|
+
...process.env,
|
|
236
|
+
[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: '1'
|
|
237
|
+
}
|
|
238
|
+
};
|
|
239
|
+
const spinner = yoctoSpinner().start();
|
|
240
|
+
try {
|
|
241
|
+
await spawn(execPath$1, [wrapperPath, 'install', '--silent'], npmSpawnOptions);
|
|
242
|
+
} finally {
|
|
243
|
+
spinner.stop();
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
};
|
|
247
|
+
|
|
221
248
|
const commonFlags = {
|
|
222
249
|
help: {
|
|
223
250
|
type: 'boolean',
|
|
@@ -990,7 +1017,7 @@ const {
|
|
|
990
1017
|
LOCK_EXT,
|
|
991
1018
|
NPM: NPM$1,
|
|
992
1019
|
PNPM,
|
|
993
|
-
|
|
1020
|
+
SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE,
|
|
994
1021
|
VLT,
|
|
995
1022
|
YARN_BERRY,
|
|
996
1023
|
YARN_CLASSIC,
|
|
@@ -1343,7 +1370,7 @@ const depsIncludesByAgent = (() => {
|
|
|
1343
1370
|
};
|
|
1344
1371
|
})();
|
|
1345
1372
|
function createActionMessage(verb, overrideCount, workspaceCount) {
|
|
1346
|
-
return `${verb} ${overrideCount} Socket.dev optimized
|
|
1373
|
+
return `${verb} ${overrideCount} Socket.dev optimized ${words.pluralize('override', overrideCount)}${workspaceCount ? ` in ${workspaceCount} ${words.pluralize('workspace', workspaceCount)}` : ''}`;
|
|
1347
1374
|
}
|
|
1348
1375
|
function getDependencyEntries(pkgJson) {
|
|
1349
1376
|
const {
|
|
@@ -1699,7 +1726,7 @@ const optimize = {
|
|
|
1699
1726
|
stdio: 'ignore',
|
|
1700
1727
|
env: {
|
|
1701
1728
|
...process.env,
|
|
1702
|
-
[
|
|
1729
|
+
[SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
|
|
1703
1730
|
}
|
|
1704
1731
|
};
|
|
1705
1732
|
await spawn(execPath, [wrapperPath, 'install', '--silent'], npmSpawnOptions);
|
|
@@ -4458,6 +4485,7 @@ var cliCommands = {
|
|
|
4458
4485
|
cdxgen: cdxgen,
|
|
4459
4486
|
dependencies: dependencies,
|
|
4460
4487
|
diffScan: diffScan,
|
|
4488
|
+
fix: fix,
|
|
4461
4489
|
info: info,
|
|
4462
4490
|
login: login,
|
|
4463
4491
|
logout: logout,
|
|
@@ -6,15 +6,17 @@ type Constants = {
|
|
|
6
6
|
readonly BINARY_LOCK_EXT: '.lockb';
|
|
7
7
|
readonly BUN: 'bun';
|
|
8
8
|
readonly ENV: RegistryEnv & {
|
|
9
|
-
|
|
9
|
+
SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: boolean;
|
|
10
|
+
SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
|
|
10
11
|
};
|
|
11
12
|
readonly DIST_TYPE: 'module-sync' | 'require';
|
|
12
13
|
readonly LOCK_EXT: '.lock';
|
|
13
14
|
readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
|
|
14
15
|
readonly NPX: 'npx';
|
|
15
16
|
readonly PNPM: 'pnpm';
|
|
17
|
+
readonly SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: 'SOCKET_CLI_FIX_PACKAGE_LOCK_FILE';
|
|
16
18
|
readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues';
|
|
17
|
-
readonly
|
|
19
|
+
readonly SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: 'SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE';
|
|
18
20
|
readonly VLT: 'vlt';
|
|
19
21
|
readonly YARN_BERRY: 'yarn/berry';
|
|
20
22
|
readonly YARN_CLASSIC: 'yarn/classic';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAEtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAEtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,gCAAgC,EAAE,OAAO,CAAA;QACzC,gDAAgD,EAAE,OAAO,CAAA;KAC1D,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,gCAAgC,EAAE,kCAAkC,CAAA;IAC7E,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,gDAAgD,EAAE,kDAAkD,CAAA;IAC7G,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AA+E5B,QAAA,MAAM,SAAS,WA6Cd,CAAA"}
|