socket 0.14.40-alpha.7 → 0.14.40-alpha.9

package/bin/cli.js

@@ -3,23 +3,27 @@
 
 const constants = require('../dist/constants')
 
-const { DIST_TYPE, distPath } = constants
+const { DIST_TYPE } = constants
 
+// When Node 18 is dropped and experimental-require-module warning are no longer
+// a thing we can just use the require(`${constants.distPath}/cli.js`) code path.
 if (DIST_TYPE === 'require') {
-  require(`${distPath}/cli.js`)
+  // Lazily access constants.distPath.
+  require(`${constants.distPath}/cli.js`)
 } else {
   const path = require('node:path')
   const spawn = require('@npmcli/promise-spawn')
-
-  const { abortSignal, distPath, execPath } = constants
+  const { abortSignal } = constants
 
   process.exitCode = 1
   const spawnPromise = spawn(
-    execPath,
+    // Lazily access constants.execPath
+    constants.execPath,
     [
       // Lazily access constants.nodeNoWarningsFlags.
       ...constants.nodeNoWarningsFlags,
-      path.join(distPath, 'cli.js'),
+      // Lazily access constants.distPath.
+      path.join(constants.distPath, 'cli.js'),
       ...process.argv.slice(2)
     ],
     {

package/dist/constants.js

@@ -20,6 +20,7 @@ const LOCK_EXT = '.lock';
 const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
 const NPX = 'npx';
 const PNPM = 'pnpm';
+const SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG';
 const SOCKET_CLI_FIX_PACKAGE_LOCK_FILE = 'SOCKET_CLI_FIX_PACKAGE_LOCK_FILE';
 const SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
 const SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE';
@@ -30,6 +31,8 @@ const LAZY_DIST_TYPE = () => registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? 'm
 const LAZY_ENV = () => Object.freeze({
   // Lazily access registryConstants.ENV.
   ...registryConstants.ENV,
+  // Flag set to help debug Socket CLI.
+  [SOCKET_CLI_DEBUG]: env.envAsBoolean(process.env[SOCKET_CLI_DEBUG]),
   // Flag set by the "fix" command to accept the package alerts prompt with
   // "Y(es)" in the SafeArborist reify method.
   [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: env.envAsBoolean(process.env[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]),
@@ -74,6 +77,7 @@ const constants = createConstantsObject({
   NPM_REGISTRY_URL,
   NPX,
   PNPM,
+  SOCKET_CLI_DEBUG,
   SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
   SOCKET_CLI_ISSUES_URL,
   SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE,

package/dist/module-sync/cli.js

@@ -20,8 +20,8 @@ var yargsParse = _socketInterop(require('yargs-parser'));
 var npm$1 = require('@socketsecurity/registry/lib/npm');
 var words = require('@socketsecurity/registry/lib/words');
 var constants = require('./constants.js');
-var spawn = _socketInterop(require('@npmcli/promise-spawn'));
 var spinner = require('@socketsecurity/registry/lib/spinner');
+var spawn = _socketInterop(require('@npmcli/promise-spawn'));
 var meow = _socketInterop(require('meow'));
 var sdk = require('./sdk.js');
 var isInteractive = _socketInterop(require('is-interactive'));
@@ -219,22 +219,46 @@ const cdxgen = {
 };
 
 const {
-  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
-  abortSignal: abortSignal$3,
-  execPath: execPath$1,
-  rootBinPath: rootBinPath$1
+  abortSignal: abortSignal$3
+} = constants;
+async function shadowNpmInstall(opts) {
+  const {
+    flags = [],
+    ...spawnOptions
+  } = {
+    __proto__: null,
+    ...opts
+  };
+  // Lazily access constants.ENV.
+  const {
+    SOCKET_CLI_DEBUG
+  } = constants.ENV;
+  return await spawn(
+  // Lazily access constants.execPath.
+  constants.execPath, [
+  // Lazily access constants.rootBinPath.
+  path.join(constants.rootBinPath, 'npm-cli.js'), 'install', ...(SOCKET_CLI_DEBUG ? ['silent'] : []), ...flags], {
+    signal: abortSignal$3,
+    // Lazily access constants.ENV.
+    stdio: SOCKET_CLI_DEBUG ? 'inherit' : 'ignore',
+    ...spawnOptions,
+    env: {
+      ...process.env,
+      ...spawnOptions.env
+    }
+  });
+}
+
+const {
+  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE
 } = constants;
 const fix = {
   description: 'Fix "fixable" Socket alerts',
   async run() {
-    const wrapperPath = path.join(rootBinPath$1, 'npm-cli.js');
     const spinner$1 = new spinner.Spinner().start();
     try {
-      await spawn(execPath$1, [wrapperPath, 'install'], {
-        signal: abortSignal$3,
-        stdio: 'inherit',
+      await shadowNpmInstall({
         env: {
-          ...process.env,
           [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: '1'
         }
       });
@@ -1024,9 +1048,7 @@ const {
   VLT,
   YARN_BERRY,
   YARN_CLASSIC,
-  abortSignal: abortSignal$2,
-  execPath,
-  rootBinPath
+  abortSignal: abortSignal$2
 } = constants;
 const COMMAND_TITLE = 'Socket Optimize';
 const NPM_OVERRIDE_PR_URL = 'https://github.com/npm/cli/pull/7025';
@@ -1721,20 +1743,20 @@ const optimize = {
       spinner$1.start(`Updating ${lockName}...`);
       try {
         if (isNpm) {
-          const wrapperPath = path.join(rootBinPath, 'npm-cli.js');
-          const npmSpawnOptions = {
-            signal: abortSignal$2,
-            stdio: 'inherit',
+          await shadowNpmInstall({
             env: {
-              ...process.env,
               [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
             }
-          };
-          await spawn(execPath, [wrapperPath, 'install'], npmSpawnOptions);
+          });
           // TODO: This is a temporary workaround for a `npm ci` bug where it
           // will error out after Socket Optimize generates a lock file. More
           // investigation is needed.
-          await spawn(execPath, [wrapperPath, 'install', '--ignore-scripts', '--package-lock-only'], npmSpawnOptions);
+          await shadowNpmInstall({
+            flags: ['--ignore-scripts', '--package-lock-only'],
+            env: {
+              [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
+            }
+          });
         } else {
           // All package managers support the "install" command.
           await spawn(agentExecPath, ['install'], {

package/dist/module-sync/constants.d.ts

@@ -6,6 +6,7 @@ type Constants = {
     readonly BINARY_LOCK_EXT: '.lockb';
     readonly BUN: 'bun';
     readonly ENV: RegistryEnv & {
+        SOCKET_CLI_DEBUG: boolean;
         SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: boolean;
         SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
     };
@@ -14,6 +15,7 @@ type Constants = {
     readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
     readonly NPX: 'npx';
     readonly PNPM: 'pnpm';
+    readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG';
     readonly SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: 'SOCKET_CLI_FIX_PACKAGE_LOCK_FILE';
     readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues';
     readonly SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: 'SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE';

package/dist/module-sync/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAGtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,gCAAgC,EAAE,OAAO,CAAA;QACzC,gDAAgD,EAAE,OAAO,CAAA;KAC1D,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,gCAAgC,EAAE,kCAAkC,CAAA;IAC7E,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,gDAAgD,EAAE,kDAAkD,CAAA;IAC7G,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AA+E5B,QAAA,MAAM,SAAS,WA6Cd,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAGtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,gBAAgB,EAAE,OAAO,CAAA;QACzB,gCAAgC,EAAE,OAAO,CAAA;QACzC,gDAAgD,EAAE,OAAO,CAAA;KAC1D,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,gBAAgB,EAAE,kBAAkB,CAAA;IAC7C,QAAQ,CAAC,gCAAgC,EAAE,kCAAkC,CAAA;IAC7E,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,gDAAgD,EAAE,kDAAkD,CAAA;IAC7G,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAkF5B,QAAA,MAAM,SAAS,WA8Cd,CAAA"}

package/dist/module-sync/npm-injection.js

@@ -505,18 +505,14 @@ function walk(diff_) {
       action
     } = diff;
     if (action) {
-      // The `oldNode`, i.e. `actual` node, may be `undefined` if there is no
-      // node_modules folder.
+      // The `pkgNode`, i.e. the `ideal` node, will be `undefined` if the diff
+      // action is 'REMOVE'
+      // The `oldNode`, i.e. the `actual` node, will be `undefined` if the diff
+      // action is 'ADD'.
       const {
         actual: oldNode,
         ideal: pkgNode
       } = diff;
-      if (!oldNode) {
-        console.log('oldNode', oldNode);
-      }
-      if (!pkgNode) {
-        console.log('pkgNode', pkgNode);
-      }
       let existing;
       let keep = false;
       if (action === 'CHANGE') {

package/dist/module-sync/shadow-bin.js

@@ -47,17 +47,19 @@ async function installLinks(realBinPath, binName) {
 
 const {
   NPM,
-  abortSignal,
-  distPath,
-  execPath,
-  shadowBinPath
+  abortSignal
 } = constants;
-const injectionPath = path.join(distPath, 'npm-injection.js');
 async function shadow(binName, binArgs = process.argv.slice(2)) {
   process.exitCode = 1;
-  const spawnPromise = spawn(execPath, [
+  const spawnPromise = spawn(
+  // Lazily access constants.execPath.
+  constants.execPath, [
   // Lazily access constants.nodeNoWarningsFlags.
-  ...constants.nodeNoWarningsFlags, '--require', injectionPath, await installLinks(shadowBinPath, binName), ...binArgs,
+  ...constants.nodeNoWarningsFlags, '--require',
+  // Lazily access constants.distPath.
+  path.join(constants.distPath, 'npm-injection.js'),
+  // Lazily access constants.shadowBinPath.
+  await installLinks(constants.shadowBinPath, binName), ...binArgs,
   // Add the `--quiet` and `--no-progress` flags to fix input being swallowed
   // by the spinner when running the command with recent versions of npm.
   ...(binName === NPM && binArgs.includes('install') && !binArgs.includes('--no-progress') && !binArgs.includes('--quiet') ? ['--no-progress', '--quiet'] : [])], {

package/dist/require/cli.js

@@ -20,8 +20,8 @@ var yargsParse = _socketInterop(require('yargs-parser'));
 var npm$1 = require('@socketsecurity/registry/lib/npm');
 var words = require('@socketsecurity/registry/lib/words');
 var constants = require('./constants.js');
-var spawn = _socketInterop(require('@npmcli/promise-spawn'));
 var spinner = require('@socketsecurity/registry/lib/spinner');
+var spawn = _socketInterop(require('@npmcli/promise-spawn'));
 var sdk = require('./sdk.js');
 var prompts = require('@socketsecurity/registry/lib/prompts');
 var fs$1 = require('node:fs/promises');
@@ -215,22 +215,46 @@ const cdxgen = {
 };
 
 const {
-  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
-  abortSignal: abortSignal$3,
-  execPath: execPath$1,
-  rootBinPath: rootBinPath$1
+  abortSignal: abortSignal$3
+} = constants;
+async function shadowNpmInstall(opts) {
+  const {
+    flags = [],
+    ...spawnOptions
+  } = {
+    __proto__: null,
+    ...opts
+  };
+  // Lazily access constants.ENV.
+  const {
+    SOCKET_CLI_DEBUG
+  } = constants.ENV;
+  return await spawn(
+  // Lazily access constants.execPath.
+  constants.execPath, [
+  // Lazily access constants.rootBinPath.
+  path.join(constants.rootBinPath, 'npm-cli.js'), 'install', ...(SOCKET_CLI_DEBUG ? ['silent'] : []), ...flags], {
+    signal: abortSignal$3,
+    // Lazily access constants.ENV.
+    stdio: SOCKET_CLI_DEBUG ? 'inherit' : 'ignore',
+    ...spawnOptions,
+    env: {
+      ...process.env,
+      ...spawnOptions.env
+    }
+  });
+}
+
+const {
+  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE
 } = constants;
 const fix = {
   description: 'Fix "fixable" Socket alerts',
   async run() {
-    const wrapperPath = path.join(rootBinPath$1, 'npm-cli.js');
     const spinner$1 = new spinner.Spinner().start();
     try {
-      await spawn(execPath$1, [wrapperPath, 'install'], {
-        signal: abortSignal$3,
-        stdio: 'inherit',
+      await shadowNpmInstall({
         env: {
-          ...process.env,
           [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: '1'
         }
       });
@@ -1020,9 +1044,7 @@ const {
   VLT,
   YARN_BERRY,
   YARN_CLASSIC,
-  abortSignal: abortSignal$2,
-  execPath,
-  rootBinPath
+  abortSignal: abortSignal$2
 } = constants;
 const COMMAND_TITLE = 'Socket Optimize';
 const NPM_OVERRIDE_PR_URL = 'https://github.com/npm/cli/pull/7025';
@@ -1717,20 +1739,20 @@ const optimize = {
       spinner$1.start(`Updating ${lockName}...`);
       try {
         if (isNpm) {
-          const wrapperPath = path.join(rootBinPath, 'npm-cli.js');
-          const npmSpawnOptions = {
-            signal: abortSignal$2,
-            stdio: 'inherit',
+          await shadowNpmInstall({
             env: {
-              ...process.env,
               [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
             }
-          };
-          await spawn(execPath, [wrapperPath, 'install'], npmSpawnOptions);
+          });
           // TODO: This is a temporary workaround for a `npm ci` bug where it
           // will error out after Socket Optimize generates a lock file. More
           // investigation is needed.
-          await spawn(execPath, [wrapperPath, 'install', '--ignore-scripts', '--package-lock-only'], npmSpawnOptions);
+          await shadowNpmInstall({
+            flags: ['--ignore-scripts', '--package-lock-only'],
+            env: {
+              [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
+            }
+          });
         } else {
           // All package managers support the "install" command.
           await spawn(agentExecPath, ['install'], {

package/dist/require/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAGtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,gCAAgC,EAAE,OAAO,CAAA;QACzC,gDAAgD,EAAE,OAAO,CAAA;KAC1D,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,gCAAgC,EAAE,kCAAkC,CAAA;IAC7E,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,gDAAgD,EAAE,kDAAkD,CAAA;IAC7G,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AA+E5B,QAAA,MAAM,SAAS,WA6Cd,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAGA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAGtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,gBAAgB,EAAE,OAAO,CAAA;QACzB,gCAAgC,EAAE,OAAO,CAAA;QACzC,gDAAgD,EAAE,OAAO,CAAA;KAC1D,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,gBAAgB,EAAE,kBAAkB,CAAA;IAC7C,QAAQ,CAAC,gCAAgC,EAAE,kCAAkC,CAAA;IAC7E,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,gDAAgD,EAAE,kDAAkD,CAAA;IAC7G,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAkF5B,QAAA,MAAM,SAAS,WA8Cd,CAAA"}

package/dist/require/npm-injection.js

@@ -505,18 +505,14 @@ function walk(diff_) {
       action
     } = diff;
     if (action) {
-      // The `oldNode`, i.e. `actual` node, may be `undefined` if there is no
-      // node_modules folder.
+      // The `pkgNode`, i.e. the `ideal` node, will be `undefined` if the diff
+      // action is 'REMOVE'
+      // The `oldNode`, i.e. the `actual` node, will be `undefined` if the diff
+      // action is 'ADD'.
       const {
         actual: oldNode,
         ideal: pkgNode
       } = diff;
-      if (!oldNode) {
-        console.log('oldNode', oldNode);
-      }
-      if (!pkgNode) {
-        console.log('pkgNode', pkgNode);
-      }
       let existing;
       let keep = false;
       if (action === 'CHANGE') {

package/dist/require/shadow-bin.js

@@ -47,17 +47,19 @@ async function installLinks(realBinPath, binName) {
 
 const {
   NPM,
-  abortSignal,
-  distPath,
-  execPath,
-  shadowBinPath
+  abortSignal
 } = constants;
-const injectionPath = path.join(distPath, 'npm-injection.js');
 async function shadow(binName, binArgs = process.argv.slice(2)) {
   process.exitCode = 1;
-  const spawnPromise = spawn(execPath, [
+  const spawnPromise = spawn(
+  // Lazily access constants.execPath.
+  constants.execPath, [
   // Lazily access constants.nodeNoWarningsFlags.
-  ...constants.nodeNoWarningsFlags, '--require', injectionPath, await installLinks(shadowBinPath, binName), ...binArgs,
+  ...constants.nodeNoWarningsFlags, '--require',
+  // Lazily access constants.distPath.
+  path.join(constants.distPath, 'npm-injection.js'),
+  // Lazily access constants.shadowBinPath.
+  await installLinks(constants.shadowBinPath, binName), ...binArgs,
   // Add the `--quiet` and `--no-progress` flags to fix input being swallowed
   // by the spinner when running the command with recent versions of npm.
   ...(binName === NPM && binArgs.includes('install') && !binArgs.includes('--no-progress') && !binArgs.includes('--quiet') ? ['--no-progress', '--quiet'] : [])], {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "0.14.40-alpha.7",
+  "version": "0.14.40-alpha.9",
   "description": "CLI tool for Socket.dev",
   "homepage": "http://github.com/SocketDev/socket-cli",
   "license": "MIT",
@@ -58,10 +58,10 @@
     "@apideck/better-ajv-errors": "^0.3.6",
     "@cyclonedx/cdxgen": "^11.0.10",
     "@npmcli/promise-spawn": "^8.0.2",
-    "@socketregistry/hyrious__bun.lockb": "1.0.9",
-    "@socketregistry/yocto-spinner": "^1.0.2",
+    "@socketregistry/hyrious__bun.lockb": "1.0.10",
+    "@socketregistry/yocto-spinner": "^1.0.3",
     "@socketsecurity/config": "^2.1.3",
-    "@socketsecurity/registry": "^1.0.67",
+    "@socketsecurity/registry": "^1.0.68",
     "@socketsecurity/sdk": "^1.4.5",
     "blessed": "^0.1.81",
     "blessed-contrib": "^4.11.0",
@@ -70,7 +70,7 @@
     "cmd-shim": "^7.0.0",
     "has-flag": "^4.0.0",
     "hpagent": "^1.2.0",
-    "ignore": "^7.0.1",
+    "ignore": "^7.0.3",
     "is-interactive": "^2.0.0",
     "is-unicode-supported": "^2.1.0",
     "meow": "^13.2.0",
@@ -110,7 +110,7 @@
     "@types/micromatch": "^4.0.9",
     "@types/mocha": "^10.0.10",
     "@types/mock-fs": "^4.13.4",
-    "@types/node": "^22.10.5",
+    "@types/node": "^22.10.6",
     "@types/npmcli__arborist": "^5.6.11",
     "@types/npmcli__promise-spawn": "^6.0.3",
     "@types/proc-log": "^3.0.4",