npm - socket - Versions diffs - 0.14.40-alpha.8 → 0.14.40 - Mend

socket 0.14.40-alpha.8 → 0.14.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/README.md +1 -1
package/bin/cli.js +12 -6
package/dist/{module-sync/constants.d.ts → constants.d.ts} +11 -2
package/dist/constants.d.ts.map +1 -0
package/dist/constants.js +19 -11
package/dist/module-sync/cli.js +318 -255
package/dist/module-sync/debug.d.ts +3 -0
package/dist/module-sync/errors.d.ts +3 -1
package/dist/module-sync/logging.d.ts +16 -0
package/dist/module-sync/npm-injection.js +1026 -942
package/dist/module-sync/path-resolve.d.ts +1 -1
package/dist/module-sync/path-resolve.js +49 -1
package/dist/module-sync/shadow-bin.d.ts +2 -2
package/dist/module-sync/shadow-bin.js +19 -14
package/dist/module-sync/socket-url.d.ts +24 -0
package/dist/module-sync/socket-url.js +222 -0
package/dist/require/cli.js +318 -253
package/dist/require/npm-injection.js +2 -1504
package/dist/require/path-resolve.js +2 -197
package/dist/require/shadow-bin.js +2 -80
package/dist/require/socket-url.js +3 -0
package/dist/require/vendor.js +53 -400
package/package.json +19 -19
package/dist/module-sync/color-or-markdown.d.ts +0 -23
package/dist/module-sync/constants.d.ts.map +0 -1
package/dist/module-sync/sdk.d.ts +0 -8
package/dist/module-sync/sdk.js +0 -214
package/dist/require/constants.d.ts.map +0 -1
package/dist/require/sdk.js +0 -212

package/README.md CHANGED Viewed

@@ -117,7 +117,7 @@ use of the `projectIgnorePaths` to excludes files when creating a report.
 ## Environment variables
-- `SOCKET_SECURITY_API_KEY` - if set, this will be used as the API-key
+- `SOCKET_SECURITY_API_TOKEN` - if set, this will be used as the API-key
 ## Contributing

package/bin/cli.js CHANGED Viewed

@@ -1,25 +1,31 @@
 #!/usr/bin/env node
 'use strict'
+const process = require('node:process')
 const constants = require('../dist/constants')
-const { DIST_TYPE, distPath } = constants
+const { DIST_TYPE } = constants
+// When Node 18 is dropped and experimental-require-module warning are no longer
+// a thing we can just use the require(`${constants.distPath}/cli.js`) code path.
 if (DIST_TYPE === 'require') {
-  require(`${distPath}/cli.js`)
+  // Lazily access constants.distPath.
+  require(`${constants.distPath}/cli.js`)
 } else {
   const path = require('node:path')
   const spawn = require('@npmcli/promise-spawn')
-  const { abortSignal, distPath, execPath } = constants
+  const { abortSignal } = constants
   process.exitCode = 1
   const spawnPromise = spawn(
-    execPath,
+    // Lazily access constants.execPath
+    constants.execPath,
     [
       // Lazily access constants.nodeNoWarningsFlags.
       ...constants.nodeNoWarningsFlags,
-      path.join(distPath, 'cli.js'),
+      // Lazily access constants.distPath.
+      path.join(constants.distPath, 'cli.js'),
       ...process.argv.slice(2)
     ],
     {

package/dist/{module-sync/constants.d.ts → constants.d.ts} RENAMED Viewed

@@ -1,23 +1,32 @@
 import registryConstants from '@socketsecurity/registry/lib/constants';
 type RegistryEnv = typeof registryConstants.ENV;
+type IPCObject = {
+    SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: boolean;
+    SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
+    [key: string]: any;
+};
 type Constants = {
     readonly API_V0_URL: 'https://api.socket.dev/v0';
     readonly BABEL_RUNTIME: '@babel/runtime';
     readonly BINARY_LOCK_EXT: '.lockb';
     readonly BUN: 'bun';
     readonly ENV: RegistryEnv & {
-        SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: boolean;
-        SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
+        SOCKET_CLI_DEBUG: boolean;
     };
     readonly DIST_TYPE: 'module-sync' | 'require';
+    readonly IPC: IPCObject;
     readonly LOCK_EXT: '.lock';
+    readonly MODULE_SYNC: 'module-sync';
     readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
     readonly NPX: 'npx';
     readonly PNPM: 'pnpm';
+    readonly REQUIRE: 'require';
+    readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG';
     readonly SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: 'SOCKET_CLI_FIX_PACKAGE_LOCK_FILE';
     readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues';
     readonly SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: 'SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE';
     readonly VLT: 'vlt';
+    readonly YARN: 'yarn';
     readonly YARN_BERRY: 'yarn/berry';
     readonly YARN_CLASSIC: 'yarn/classic';
     readonly cdxgenBinPath: string;

package/dist/constants.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAGtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,gCAAgC,EAAE,OAAO,CAAA;IACzC,gDAAgD,EAAE,OAAO,CAAA;IACzD,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CACnB,CAAA;AAED,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,gBAAgB,EAAE,OAAO,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAA;IACvB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAA;IACnC,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAA;IAC3B,QAAQ,CAAC,gBAAgB,EAAE,kBAAkB,CAAA;IAC7C,QAAQ,CAAC,gCAAgC,EAAE,kCAAkC,CAAA;IAC7E,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,gDAAgD,EAAE,kDAAkD,CAAA;IAC7G,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAiF5B,QAAA,MAAM,SAAS,WAiDd,CAAA"}

package/dist/constants.js CHANGED Viewed

@@ -2,6 +2,7 @@
 var fs = require('node:fs');
 var path = require('node:path');
+var process = require('node:process');
 var registryConstants = require('@socketsecurity/registry/lib/constants');
 var env = require('@socketsecurity/registry/lib/env');
@@ -17,25 +18,25 @@ const BABEL_RUNTIME = '@babel/runtime';
 const BINARY_LOCK_EXT = '.lockb';
 const BUN = 'bun';
 const LOCK_EXT = '.lock';
+const MODULE_SYNC = 'module-sync';
 const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
 const NPX = 'npx';
 const PNPM = 'pnpm';
+const REQUIRE = 'require';
+const SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG';
 const SOCKET_CLI_FIX_PACKAGE_LOCK_FILE = 'SOCKET_CLI_FIX_PACKAGE_LOCK_FILE';
 const SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
 const SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE';
 const VLT = 'vlt';
-const YARN_BERRY = 'yarn/berry';
-const YARN_CLASSIC = 'yarn/classic';
-const LAZY_DIST_TYPE = () => registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? 'module-sync' : 'require';
+const YARN = 'yarn';
+const YARN_BERRY = `${YARN}/berry`;
+const YARN_CLASSIC = `${YARN}/classic`;
+const LAZY_DIST_TYPE = () => registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE;
 const LAZY_ENV = () => Object.freeze({
   // Lazily access registryConstants.ENV.
   ...registryConstants.ENV,
-  // Flag set by the "fix" command to accept the package alerts prompt with
-  // "Y(es)" in the SafeArborist reify method.
-  [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: env.envAsBoolean(process.env[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]),
-  // Flag set by the "optimize" command to bypass the package alerts check
-  // in the SafeArborist reify method.
-  [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: env.envAsBoolean(process.env[SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE])
+  // Flag set to help debug Socket CLI.
+  [SOCKET_CLI_DEBUG]: env.envAsBoolean(process.env[SOCKET_CLI_DEBUG])
 });
 const lazyCdxgenBinPath = () =>
 // Lazily access constants.nmBinPath.
@@ -52,7 +53,10 @@ path.join(constants.rootPath, 'bin');
 const lazyRootDistPath = () =>
 // Lazily access constants.rootPath.
 path.join(constants.rootPath, 'dist');
-const lazyRootPath = () => path.resolve(fs.realpathSync(__dirname), '..');
+const lazyRootPath = () =>
+// The '@rollup/plugin-replace' will replace 'false' with `false` and
+// it will be dead code eliminated by Rollup.
+path.resolve(fs.realpathSync.native(__dirname), '..');
 const lazyRootPkgJsonPath = () =>
 // Lazily access constants.rootPath.
 path.join(constants.rootPath, PACKAGE_JSON);
@@ -67,17 +71,21 @@ const constants = createConstantsObject({
   BABEL_RUNTIME,
   BINARY_LOCK_EXT,
   BUN,
-  ENV: undefined,
   // Lazily defined values are initialized as `undefined` to keep their key order.
   DIST_TYPE: undefined,
+  ENV: undefined,
   LOCK_EXT,
+  MODULE_SYNC,
   NPM_REGISTRY_URL,
   NPX,
   PNPM,
+  REQUIRE,
+  SOCKET_CLI_DEBUG,
   SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
   SOCKET_CLI_ISSUES_URL,
   SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE,
   VLT,
+  YARN,
   YARN_BERRY,
   YARN_CLASSIC,
   cdxgenBinPath: undefined,