socket 0.14.42 → 0.14.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -248,7 +248,13 @@ function shadowNpmInstall(opts) {
248
248
  '--no-audit', '--no-fund',
249
249
  // Add `--no-progress` flags to fix input being swallowed by the spinner
250
250
  // when running the command with recent versions of npm.
251
- '--no-progress', ...(useDebug || flags.some(f => f.startsWith('--loglevel') || f === '-d' || f === '--dd' || f === '--ddd' || f === '-q' || f === '--quiet' || f === '-s' || f === '--silent') ? [] : ['--silent']), ...flags], {
251
+ '--no-progress', ...(useDebug ||
252
+ // Detect loglevel flags:
253
+ flags.some(f =>
254
+ // https://docs.npmjs.com/cli/v11/using-npm/logging#setting-log-levels
255
+ f.startsWith('--loglevel') ||
256
+ // https://docs.npmjs.com/cli/v11/using-npm/logging#aliases
257
+ f === '-d' || f === '--dd' || f === '--ddd' || f === '-q' || f === '--quiet' || f === '-s' || f === '--silent') ? [] : ['--silent']), ...flags], {
252
258
  signal: abortSignal$3,
253
259
  // Set stdio to include 'ipc'.
254
260
  // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
@@ -1371,27 +1371,25 @@ async function updateAdvisoryDependencies(arb, alerts) {
1371
1371
  const kRiskyReify = Symbol('riskyReify');
1372
1372
  async function reify(...args) {
1373
1373
  const IPC = await getIPC();
1374
+ const runningFixCommand = !!IPC[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE];
1374
1375
  // We are assuming `this[_diffTrees]()` has been called by `super.reify(...)`:
1375
1376
  // https://github.com/npm/cli/blob/v11.0.0/workspaces/arborist/lib/arborist/reify.js#L141
1376
1377
  let needInfoOn = getPackagesToQueryFromDiff(this.diff, {
1377
- includeUnchanged: !!IPC[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]
1378
+ includeUnchanged: runningFixCommand
1378
1379
  });
1379
1380
  if (!needInfoOn.length) {
1380
1381
  // Nothing to check, hmmm already installed or all private?
1381
1382
  return await this[kRiskyReify](...args);
1382
1383
  }
1383
- const {
1384
- [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: bypassConfirms,
1385
- [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: bypassAlerts
1386
- } = IPC;
1384
+ const runningOptimizeCommand = !!IPC[SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE];
1387
1385
  const {
1388
1386
  stderr: output,
1389
1387
  stdin: input
1390
1388
  } = process;
1391
- let alerts = bypassAlerts ? [] : await getPackagesAlerts(needInfoOn, {
1389
+ let alerts = runningOptimizeCommand ? [] : await getPackagesAlerts(needInfoOn, {
1392
1390
  output
1393
1391
  });
1394
- if (alerts.length && !bypassConfirms && !(await prompts.confirm({
1392
+ if (alerts.length && !runningFixCommand && !(await prompts.confirm({
1395
1393
  message: 'Accept risks of installing these packages?',
1396
1394
  default: false
1397
1395
  }, {
@@ -1401,14 +1399,7 @@ async function reify(...args) {
1401
1399
  }))) {
1402
1400
  throw new Error('Socket npm exiting due to risks');
1403
1401
  }
1404
- if (!alerts.length || !bypassConfirms && !(await prompts.confirm({
1405
- message: 'Try to fix alerts?',
1406
- default: true
1407
- }, {
1408
- input,
1409
- output,
1410
- signal: abortSignal
1411
- }))) {
1402
+ if (!alerts.length || !runningFixCommand) {
1412
1403
  return await this[kRiskyReify](...args);
1413
1404
  }
1414
1405
  const prev = new Set(alerts.map(a => a.key));
@@ -59,9 +59,13 @@ async function shadowBin(binName, binArgs = process.argv.slice(2)) {
59
59
  path.join(constants.distPath, 'npm-injection.js'),
60
60
  // Lazily access constants.shadowBinPath.
61
61
  await installLinks(constants.shadowBinPath, binName), ...(binName === NPM && binArgs.includes('install') ? [
62
- // Add the `--quiet` and `--no-progress` flags to fix input being swallowed
63
- // by the spinner when running the command with recent versions of npm.
64
- ...binArgs.filter(a => a !== '--progress' && a !== '--no-progress'), '--no-progress', ...(binArgs.includes('-q') || binArgs.includes('--quiet') || binArgs.includes('-s') || binArgs.includes('--silent') ? [] : ['--quiet'])] : binArgs)], {
62
+ // Add the `--quiet` and `--no-progress` flags to fix input being
63
+ // swallowed by the spinner when running the command with recent
64
+ // versions of npm.
65
+ ...binArgs.filter(a => a !== '--progress' && a !== '--no-progress'), '--no-progress',
66
+ // Add the '--quiet' flag if an equivalent flag is not provided.
67
+ // https://docs.npmjs.com/cli/v11/using-npm/logging#aliases
68
+ ...(binArgs.includes('-q') || binArgs.includes('--quiet') || binArgs.includes('-s') || binArgs.includes('--silent') ? [] : ['--quiet'])] : binArgs)], {
65
69
  signal: abortSignal,
66
70
  stdio: 'inherit'
67
71
  });
@@ -246,7 +246,13 @@ function shadowNpmInstall(opts) {
246
246
  '--no-audit', '--no-fund',
247
247
  // Add `--no-progress` flags to fix input being swallowed by the spinner
248
248
  // when running the command with recent versions of npm.
249
- '--no-progress', ...(useDebug || flags.some(f => f.startsWith('--loglevel') || f === '-d' || f === '--dd' || f === '--ddd' || f === '-q' || f === '--quiet' || f === '-s' || f === '--silent') ? [] : ['--silent']), ...flags], {
249
+ '--no-progress', ...(useDebug ||
250
+ // Detect loglevel flags:
251
+ flags.some(f =>
252
+ // https://docs.npmjs.com/cli/v11/using-npm/logging#setting-log-levels
253
+ f.startsWith('--loglevel') ||
254
+ // https://docs.npmjs.com/cli/v11/using-npm/logging#aliases
255
+ f === '-d' || f === '--dd' || f === '--ddd' || f === '-q' || f === '--quiet' || f === '-s' || f === '--silent') ? [] : ['--silent']), ...flags], {
250
256
  signal: abortSignal$3,
251
257
  // Set stdio to include 'ipc'.
252
258
  // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "socket",
3
- "version": "0.14.42",
3
+ "version": "0.14.43",
4
4
  "description": "CLI tool for Socket.dev",
5
5
  "homepage": "http://github.com/SocketDev/socket-cli",
6
6
  "license": "MIT",