socket 0.14.40-alpha.9 → 0.14.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/README.md +1 -1
  2. package/bin/cli.js +2 -0
  3. package/dist/{module-sync/constants.d.ts → constants.d.ts} +9 -2
  4. package/dist/constants.d.ts.map +1 -0
  5. package/dist/constants.js +16 -12
  6. package/dist/module-sync/cli.js +292 -251
  7. package/dist/module-sync/debug.d.ts +3 -0
  8. package/dist/module-sync/errors.d.ts +3 -1
  9. package/dist/module-sync/logging.d.ts +16 -0
  10. package/dist/module-sync/npm-injection.js +1027 -939
  11. package/dist/module-sync/path-resolve.d.ts +1 -1
  12. package/dist/module-sync/path-resolve.js +49 -1
  13. package/dist/module-sync/shadow-bin.d.ts +2 -2
  14. package/dist/module-sync/shadow-bin.js +10 -7
  15. package/dist/module-sync/socket-url.d.ts +24 -0
  16. package/dist/module-sync/socket-url.js +222 -0
  17. package/dist/require/cli.js +292 -249
  18. package/dist/require/npm-injection.js +2 -1500
  19. package/dist/require/path-resolve.js +2 -197
  20. package/dist/require/shadow-bin.js +2 -82
  21. package/dist/require/socket-url.js +3 -0
  22. package/dist/require/vendor.js +53 -400
  23. package/package.json +18 -18
  24. package/dist/module-sync/color-or-markdown.d.ts +0 -23
  25. package/dist/module-sync/constants.d.ts.map +0 -1
  26. package/dist/module-sync/sdk.d.ts +0 -8
  27. package/dist/module-sync/sdk.js +0 -214
  28. package/dist/require/constants.d.ts.map +0 -1
  29. package/dist/require/sdk.js +0 -212
package/README.md CHANGED
@@ -117,7 +117,7 @@ use of the `projectIgnorePaths` to excludes files when creating a report.
117
117
 
118
118
  ## Environment variables
119
119
 
120
- - `SOCKET_SECURITY_API_KEY` - if set, this will be used as the API-key
120
+ - `SOCKET_SECURITY_API_TOKEN` - if set, this will be used as the API-key
121
121
 
122
122
  ## Contributing
123
123
 
package/bin/cli.js CHANGED
@@ -1,6 +1,8 @@
1
1
  #!/usr/bin/env node
2
2
  'use strict'
3
3
 
4
+ const process = require('node:process')
5
+
4
6
  const constants = require('../dist/constants')
5
7
 
6
8
  const { DIST_TYPE } = constants
package/dist/{module-sync/constants.d.ts → constants.d.ts} RENAMED
@@ -1,5 +1,10 @@
1
1
  import registryConstants from '@socketsecurity/registry/lib/constants';
2
2
  type RegistryEnv = typeof registryConstants.ENV;
3
+ type IPCObject = {
4
+ SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: boolean;
5
+ SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
6
+ [key: string]: any;
7
+ };
3
8
  type Constants = {
4
9
  readonly API_V0_URL: 'https://api.socket.dev/v0';
5
10
  readonly BABEL_RUNTIME: '@babel/runtime';
@@ -7,19 +12,21 @@ type Constants = {
7
12
  readonly BUN: 'bun';
8
13
  readonly ENV: RegistryEnv & {
9
14
  SOCKET_CLI_DEBUG: boolean;
10
- SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: boolean;
11
- SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
12
15
  };
13
16
  readonly DIST_TYPE: 'module-sync' | 'require';
17
+ readonly IPC: IPCObject;
14
18
  readonly LOCK_EXT: '.lock';
19
+ readonly MODULE_SYNC: 'module-sync';
15
20
  readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
16
21
  readonly NPX: 'npx';
17
22
  readonly PNPM: 'pnpm';
23
+ readonly REQUIRE: 'require';
18
24
  readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG';
19
25
  readonly SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: 'SOCKET_CLI_FIX_PACKAGE_LOCK_FILE';
20
26
  readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues';
21
27
  readonly SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: 'SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE';
22
28
  readonly VLT: 'vlt';
29
+ readonly YARN: 'yarn';
23
30
  readonly YARN_BERRY: 'yarn/berry';
24
31
  readonly YARN_CLASSIC: 'yarn/classic';
25
32
  readonly cdxgenBinPath: string;
package/dist/constants.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAGtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,gCAAgC,EAAE,OAAO,CAAA;IACzC,gDAAgD,EAAE,OAAO,CAAA;IACzD,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CACnB,CAAA;AAED,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,gBAAgB,EAAE,OAAO,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAA;IACvB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAA;IACnC,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAA;IAC3B,QAAQ,CAAC,gBAAgB,EAAE,kBAAkB,CAAA;IAC7C,QAAQ,CAAC,gCAAgC,EAAE,kCAAkC,CAAA;IAC7E,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,gDAAgD,EAAE,kDAAkD,CAAA;IAC7G,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAiF5B,QAAA,MAAM,SAAS,WAiDd,CAAA"}
package/dist/constants.js CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  var fs = require('node:fs');
4
4
  var path = require('node:path');
5
+ var process = require('node:process');
5
6
  var registryConstants = require('@socketsecurity/registry/lib/constants');
6
7
  var env = require('@socketsecurity/registry/lib/env');
7
8
 
@@ -17,28 +18,25 @@ const BABEL_RUNTIME = '@babel/runtime';
17
18
  const BINARY_LOCK_EXT = '.lockb';
18
19
  const BUN = 'bun';
19
20
  const LOCK_EXT = '.lock';
21
+ const MODULE_SYNC = 'module-sync';
20
22
  const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
21
23
  const NPX = 'npx';
22
24
  const PNPM = 'pnpm';
25
+ const REQUIRE = 'require';
23
26
  const SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG';
24
27
  const SOCKET_CLI_FIX_PACKAGE_LOCK_FILE = 'SOCKET_CLI_FIX_PACKAGE_LOCK_FILE';
25
28
  const SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
26
29
  const SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE';
27
30
  const VLT = 'vlt';
28
- const YARN_BERRY = 'yarn/berry';
29
- const YARN_CLASSIC = 'yarn/classic';
30
- const LAZY_DIST_TYPE = () => registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? 'module-sync' : 'require';
31
+ const YARN = 'yarn';
32
+ const YARN_BERRY = `${YARN}/berry`;
33
+ const YARN_CLASSIC = `${YARN}/classic`;
34
+ const LAZY_DIST_TYPE = () => registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE;
31
35
  const LAZY_ENV = () => Object.freeze({
32
36
  // Lazily access registryConstants.ENV.
33
37
  ...registryConstants.ENV,
34
38
  // Flag set to help debug Socket CLI.
35
- [SOCKET_CLI_DEBUG]: env.envAsBoolean(process.env[SOCKET_CLI_DEBUG]),
36
- // Flag set by the "fix" command to accept the package alerts prompt with
37
- // "Y(es)" in the SafeArborist reify method.
38
- [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: env.envAsBoolean(process.env[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]),
39
- // Flag set by the "optimize" command to bypass the package alerts check
40
- // in the SafeArborist reify method.
41
- [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: env.envAsBoolean(process.env[SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE])
39
+ [SOCKET_CLI_DEBUG]: env.envAsBoolean(process.env[SOCKET_CLI_DEBUG])
42
40
  });
43
41
  const lazyCdxgenBinPath = () =>
44
42
  // Lazily access constants.nmBinPath.
@@ -55,7 +53,10 @@ path.join(constants.rootPath, 'bin');
55
53
  const lazyRootDistPath = () =>
56
54
  // Lazily access constants.rootPath.
57
55
  path.join(constants.rootPath, 'dist');
58
- const lazyRootPath = () => path.resolve(fs.realpathSync(__dirname), '..');
56
+ const lazyRootPath = () =>
57
+ // The '@rollup/plugin-replace' will replace 'false' with `false` and
58
+ // it will be dead code eliminated by Rollup.
59
+ path.resolve(fs.realpathSync.native(__dirname), '..');
59
60
  const lazyRootPkgJsonPath = () =>
60
61
  // Lazily access constants.rootPath.
61
62
  path.join(constants.rootPath, PACKAGE_JSON);
@@ -70,18 +71,21 @@ const constants = createConstantsObject({
70
71
  BABEL_RUNTIME,
71
72
  BINARY_LOCK_EXT,
72
73
  BUN,
73
- ENV: undefined,
74
74
  // Lazily defined values are initialized as `undefined` to keep their key order.
75
75
  DIST_TYPE: undefined,
76
+ ENV: undefined,
76
77
  LOCK_EXT,
78
+ MODULE_SYNC,
77
79
  NPM_REGISTRY_URL,
78
80
  NPX,
79
81
  PNPM,
82
+ REQUIRE,
80
83
  SOCKET_CLI_DEBUG,
81
84
  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
82
85
  SOCKET_CLI_ISSUES_URL,
83
86
  SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE,
84
87
  VLT,
88
+ YARN,
85
89
  YARN_BERRY,
86
90
  YARN_CLASSIC,
87
91
  cdxgenBinPath: undefined,