socket 0.14.42 → 0.14.44

package/README.md

@@ -9,20 +9,11 @@
 
 ```bash
 npm install -g socket
-```
-
-```bash
 socket --help
-socket info webtorrent@1.9.1
-socket report create package.json --view
-socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
-socket wrapper --enable
 ```
 
 ## Commands
 
-### Popular Commands
-
 - `socket npm [args...]` and `socket npx [args...]` - Wraps `npm` and `npx` to
   integrate Socket and preempt installation of alerted packages using the
   builtin resolution of `npm` to precisely determine package installations.
@@ -30,41 +21,15 @@ socket wrapper --enable
 - `socket optimize` - Optimize dependencies with
   [`@socketregistry`](https://github.com/SocketDev/socket-registry) overrides!
   _(👀 [our blog post](https://socket.dev/blog/introducing-socket-optimize))_
+
   - `--pin` - Pin overrides to their latest version.
   - `--prod` - Add overrides for only production dependencies.
 
-### Other Commands
-
 - `socket cdxgen [command]` - Call out to
   [cdxgen](https://cyclonedx.github.io/cdxgen/#/?id=getting-started). See
   [their documentation](https://cyclonedx.github.io/cdxgen/#/CLI?id=getting-help)
   for commands.
 
-- `socket info <package@version>` - Look up issues for a package.
-
-- `socket raw-npm [args...]` and `socket raw-npx [args...]` - Temporarily
-  disable the Socket 'safe-npm' wrapper.
-
-- `socket report create <path(s)-to-folder-or-file>` - Create a report on
-  [Socket.dev](https://socket.dev/)
-
-  Upload the specified `package.json` and lock files for JavaScript, Python, and
-  Go dependency manifests. If any folder is specified, the ones found in there
-  recursively are uploaded.
-
-  Glob patterns such as `**/package.json`, `**/requirements.txt`,
-  `**/pyproject.toml`, and `**/go.mod` is supported.
-
-  Intuitively ignores files matching your project's `.gitignore`, the
-  `projectIgnorePaths` in your project's
-  [`socket.yml`](https://docs.socket.dev/docs/socket-yml), and a sensible set of
-  [default ignore patterns](https://socket.dev/npm/package/ignore-by-default).
-
-- `socket report view <report-id>` - Look up issues and scores from a report.
-
-- `socket wrapper --enable` and `socket wrapper --disable` - Enable and disable
-  the Socket 'safe-npm' wrapper.
-
 ## Aliases
 
 All aliases support the flags and arguments of the commands they alias.
@@ -121,6 +86,19 @@ use of the `projectIgnorePaths` to excludes files when creating a report.
 
 ## Contributing
 
+### Setup
+
+To run dev locally you can run these steps
+
+```
+npm install
+npm run build:dist
+npm exec socket
+```
+
+That should invoke it from local sources. If you make changes you run
+`build:dist` again.
+
 ### Environment variables for development
 
 - `SOCKET_SECURITY_API_BASE_URL` - if set, this will be the base for all

package/bin/cli.js

@@ -5,13 +5,15 @@ const process = require('node:process')
 
 const constants = require('../dist/constants')
 
-const { DIST_TYPE } = constants
+const { CLI, DIST_TYPE, SOCKET_CLI_SENTRY_BUILD } = constants
 
-// When Node 18 is dropped and experimental-require-module warning are no longer
-// a thing we can just use the require(`${constants.distPath}/cli.js`) code path.
-if (DIST_TYPE === 'require') {
+if (
+  DIST_TYPE === 'require' &&
+  // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
+  !constants.ENV[SOCKET_CLI_SENTRY_BUILD]
+) {
   // Lazily access constants.distPath.
-  require(`${constants.distPath}/cli.js`)
+  require(`${constants.distPath}/${CLI}.js`)
 } else {
   const path = require('node:path')
   const spawn = require('@npmcli/promise-spawn')
@@ -19,13 +21,21 @@ if (DIST_TYPE === 'require') {
 
   process.exitCode = 1
   const spawnPromise = spawn(
-    // Lazily access constants.execPath
+    // Lazily access constants.execPath.
     constants.execPath,
     [
       // Lazily access constants.nodeNoWarningsFlags.
       ...constants.nodeNoWarningsFlags,
+      // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
+      ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD]
+        ? [
+            '--require',
+            // Lazily access constants.instrumentWithSentryPath.
+            constants.instrumentWithSentryPath
+          ]
+        : []),
       // Lazily access constants.distPath.
-      path.join(constants.distPath, 'cli.js'),
+      path.join(constants.distPath, `${CLI}.js`),
       ...process.argv.slice(2)
     ],
     {

package/bin/npm-cli.js

@@ -2,5 +2,5 @@
 'use strict'
 
 const constants = require('../dist/constants')
-const shadowBin = require(`${constants.distPath}/shadow-bin.js`)
+const shadowBin = require(`${constants.distPath}/${constants.SHADOW_BIN}.js`)
 shadowBin(constants.NPM)

package/bin/npx-cli.js

@@ -2,5 +2,5 @@
 'use strict'
 
 const constants = require('../dist/constants')
-const shadowBin = require(`${constants.distPath}/shadow-bin.js`)
+const shadowBin = require(`${constants.distPath}/${constants.SHADOW_BIN}.js`)
 shadowBin(constants.NPX)

package/dist/constants.d.ts

@@ -1,45 +1,157 @@
+/// <reference types="node" />
 import registryConstants from '@socketsecurity/registry/lib/constants';
+import { Remap } from '@socketsecurity/registry/lib/objects';
 type RegistryEnv = typeof registryConstants.ENV;
 type RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)'];
-type Internals = Omit<RegistryInternals, 'getIPC'> & Readonly<{
+type Sentry = any;
+type Internals = Remap<Omit<RegistryInternals, 'getIPC'> & Readonly<{
     getIPC: {
         (): Promise<IPC>;
         <K extends keyof IPC | undefined>(key?: K): Promise<K extends keyof IPC ? IPC[K] : IPC>;
     };
-}>;
-type ENV = RegistryEnv & Readonly<{
+    getSentry: () => Sentry;
+    setSentry(Sentry: Sentry): boolean;
+}>>;
+type ENV = Remap<RegistryEnv & Readonly<{
     SOCKET_CLI_DEBUG: boolean;
-}>;
+    SOCKET_CLI_LEGACY_BUILD: boolean;
+    SOCKET_CLI_PUBLISHED_BUILD: boolean;
+    SOCKET_CLI_SENTRY_BUILD: boolean;
+    SOCKET_CLI_VERSION_HASH: string;
+}>>;
 type IPC = Readonly<{
-    SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: boolean;
-    SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
+    SOCKET_CLI_FIX?: string;
+    SOCKET_CLI_OPTIMIZE?: boolean;
+    SOCKET_CLI_SAFE_WRAPPER?: boolean;
 }>;
-type Constants = Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {
+declare const constants: {
+    readonly CI: "CI";
+    readonly [kInternalsSymbol]: registryConstants.Internals;
+    readonly NODE_MODULES: "node_modules";
+    readonly PACKAGE_JSON: "package.json";
+    readonly TAP: "TAP";
+    readonly kInternalsSymbol: unique symbol;
+    readonly NODE_AUTH_TOKEN: "NODE_AUTH_TOKEN";
+    readonly NODE_ENV: "NODE_ENV";
+    readonly PRE_COMMIT: "PRE_COMMIT";
+    readonly VITEST: "VITEST";
+    readonly AT_LATEST: "@latest";
+    readonly BIOME_JSON: "biome.json";
+    readonly COLUMN_LIMIT: 80;
+    readonly EMPTY_FILE: "/* empty */\n";
+    readonly ESLINT_CONFIG_JS: "eslint.config.js";
+    readonly ESNEXT: "esnext";
+    readonly EXTENSIONS: "extensions";
+    readonly EXTENSIONS_JSON: "extensions.json";
+    readonly GIT_IGNORE: ".gitignore";
+    readonly LATEST: "latest";
+    readonly LICENSE: "LICENSE";
+    readonly LICENSE_GLOB: "LICEN[CS]E{[.-]*,}";
+    readonly LICENSE_GLOB_RECURSIVE: "**/LICEN[CS]E{[.-]*,}";
+    readonly LICENSE_ORIGINAL: "LICENSE.original";
+    readonly LICENSE_ORIGINAL_GLOB: "*.original{.*,}";
+    readonly LICENSE_ORIGINAL_GLOB_RECURSIVE: "**/*.original{.*,}";
+    readonly LOOP_SENTINEL: 1000000;
+    readonly MANIFEST_JSON: "manifest.json";
+    readonly MIT: "MIT";
+    readonly NODE_MODULES_GLOB_RECURSIVE: "**/node_modules";
+    readonly NODE_WORKSPACES: "node_workspaces";
+    readonly NODE_VERSION: string;
+    readonly NPM: "npm";
+    readonly NPM_ORG: "socketregistry";
+    readonly OVERRIDES: "overrides";
+    readonly PACKAGE_DEFAULT_SOCKET_CATEGORIES: readonly ["cleanup"];
+    readonly PACKAGE_DEFAULT_NODE_RANGE: string;
+    readonly PACKAGE_DEFAULT_VERSION: "1.0.0";
+    readonly PACKAGE_LOCK: "package-lock.json";
+    readonly PACKAGE_SCOPE: "@socketregistry";
+    readonly README_GLOB: "README{.*,}";
+    readonly README_GLOB_RECURSIVE: "**/README{.*,}";
+    readonly README_MD: "README.md";
+    readonly REGISTRY: "registry";
+    readonly REGISTRY_SCOPE_DELIMITER: "__";
+    readonly RESOLUTIONS: "resolutions";
+    readonly SOCKET_IPC_HANDSHAKE: "SOCKET_IPC_HANDSHAKE";
+    readonly SOCKET_PUBLIC_API_KEY: string;
+    readonly SOCKET_PUBLIC_API_TOKEN: string;
+    readonly SOCKET_REPO_ORG: "SocketDev";
+    readonly SOCKET_REGISTRY_REPO_NAME: "socket-registry";
+    readonly SUPPORTS_NODE_DISABLE_WARNING_FLAG: boolean;
+    readonly SUPPORTS_NODE_REQUIRE_MODULE: boolean;
+    readonly SUPPORTS_NODE_RUN: boolean;
+    readonly SUPPORTS_PROCESS_SEND: boolean;
+    readonly TEMPLATE_CJS: "cjs";
+    readonly TEMPLATE_CJS_BROWSER: "cjs-browser";
+    readonly TEMPLATE_CJS_ESM: "cjs-esm";
+    readonly TEMPLATE_ES_SHIM_CONSTRUCTOR: "es-shim-constructor";
+    readonly TEMPLATE_ES_SHIM_PROTOTYPE_METHOD: "es-shim-prototype-method";
+    readonly TEMPLATE_ES_SHIM_STATIC_METHOD: "es-shim-static-method";
+    readonly TSCONFIG_JSON: "tsconfig.json";
+    readonly UNDEFINED_TOKEN: {};
+    readonly UNLICENCED: "UNLICENCED";
+    readonly UNLICENSED: "UNLICENSED";
+    readonly WIN32: boolean;
+    readonly abortController: AbortController;
+    readonly abortSignal: AbortSignal;
+    readonly copyLeftLicenses: ReadonlySet<string>;
+    readonly execPath: string;
+    readonly ignoreGlobs: readonly ["**/.git", "**/.npmrc", "**/bun.lockb?", "**/node_modules", "**/package-lock.json", "**/pnpm-lock.ya?ml", "**/yarn.lock", "**/.DS_Store", "**/.gitignore", "**/.hg", "**/.lock-wscript", "**/.npmignore", "**/.svn", "**/.wafpickle-*", "**/.*.swp", "**/._*/**", "**/archived-packages/**", "**/build/config.gypi", "**/CVS", "**/npm-debug.log", "**/*.orig", "**/.env", "**/.eslintcache", "**/.nvm", "**/.tap", "**/.tapci.yaml", "**/.vscode", "**/*.tsbuildinfo", "**/Thumbs.db"];
+    readonly lifecycleScriptNames: ReadonlySet<string>;
+    readonly maintainedNodeVersions: registryConstants.MaintainedNodeVersions;
+    readonly nodeNoWarningsFlags: readonly string[];
+    readonly npmExecPath: string;
+    readonly packageExtensions: readonly [string, object][];
+    readonly packumentCache: Map<unknown, unknown>;
+    readonly pacoteCachePath: string;
+    readonly parseArgsConfig: registryConstants.ParseArgsConfig;
+    readonly skipTestsByEcosystem: Readonly<Record<string, ReadonlySet<string>>>;
+    readonly tsLibsAvailable: ReadonlySet<string>;
+    readonly tsTypesAvailable: ReadonlySet<string>;
+    readonly win32EnsureTestsByEcosystem: Readonly<Record<string, ReadonlySet<string>>>;
     readonly 'Symbol(kInternalsSymbol)': Internals;
+    readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE';
+    readonly ALERT_TYPE_CVE: 'cve';
+    readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE';
+    readonly ALERT_TYPE_MILD_CVE: 'mildCVE';
+    readonly ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE: 'socketUpgradeAvailable';
     readonly API_V0_URL: 'https://api.socket.dev/v0';
     readonly BABEL_RUNTIME: '@babel/runtime';
+    readonly BATCH_PURL_ENDPOINT: 'https://api.socket.dev/v0/purl?alerts=true&compact=true';
     readonly BINARY_LOCK_EXT: '.lockb';
     readonly BUN: 'bun';
+    readonly CLI: 'cli';
+    readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier';
+    readonly CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE: 'vulnerableVersionRange';
     readonly ENV: ENV;
     readonly DIST_TYPE: 'module-sync' | 'require';
     readonly IPC: IPC;
     readonly LOCK_EXT: '.lock';
     readonly MODULE_SYNC: 'module-sync';
+    readonly NPM_INJECTION: 'npm-injection';
     readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
     readonly NPX: 'npx';
     readonly PNPM: 'pnpm';
     readonly REQUIRE: 'require';
+    readonly SHADOW_BIN: 'shadow-bin';
+    readonly SOCKET: 'socket';
     readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG';
-    readonly SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: 'SOCKET_CLI_FIX_PACKAGE_LOCK_FILE';
+    readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX';
     readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues';
-    readonly SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: 'SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE';
+    readonly SOCKET_CLI_LEGACY_BUILD: 'SOCKET_CLI_LEGACY_BUILD';
+    readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE';
+    readonly SOCKET_CLI_PUBLISHED_BUILD: 'SOCKET_CLI_PUBLISHED_BUILD';
+    readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER';
+    readonly SOCKET_CLI_SENTRY_BUILD: 'SOCKET_CLI_SENTRY_BUILD';
+    readonly SOCKET_CLI_VERSION_HASH: 'SOCKET_CLI_VERSION_HASH';
     readonly VLT: 'vlt';
     readonly YARN: 'yarn';
     readonly YARN_BERRY: 'yarn/berry';
     readonly YARN_CLASSIC: 'yarn/classic';
     readonly cdxgenBinPath: string;
     readonly distPath: string;
+    readonly instrumentWithSentryPath: string;
     readonly nmBinPath: string;
+    readonly npmInjectionPath: string;
     readonly rootBinPath: string;
     readonly rootDistPath: string;
     readonly rootPath: string;
@@ -47,6 +159,4 @@ type Constants = Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'EN
     readonly shadowBinPath: string;
     readonly synpBinPath: string;
 };
-declare const constants: Constants;
 export { constants as default };
-//# sourceMappingURL=constants.d.ts.map

package/dist/constants.js

@@ -7,36 +7,76 @@ var registryConstants = require('@socketsecurity/registry/lib/constants');
 var env = require('@socketsecurity/registry/lib/env');
 
 const {
+  NODE_MODULES,
   PACKAGE_JSON,
+  TAP,
   kInternalsSymbol,
   [kInternalsSymbol]: {
     createConstantsObject
   }
 } = registryConstants;
+const ALERT_TYPE_CRITICAL_CVE = 'criticalCVE';
+const ALERT_TYPE_CVE = 'cve';
+const ALERT_TYPE_MEDIUM_CVE = 'mediumCVE';
+const ALERT_TYPE_MILD_CVE = 'mildCVE';
+const ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE = 'socketUpgradeAvailable';
 const API_V0_URL = 'https://api.socket.dev/v0';
 const BABEL_RUNTIME = '@babel/runtime';
 const BINARY_LOCK_EXT = '.lockb';
 const BUN = 'bun';
+const CLI = 'cli';
+const CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER = 'firstPatchedVersionIdentifier';
+const CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE = 'vulnerableVersionRange';
 const LOCK_EXT = '.lock';
 const MODULE_SYNC = 'module-sync';
+const NPM_INJECTION = 'npm-injection';
 const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
 const NPX = 'npx';
 const PNPM = 'pnpm';
 const REQUIRE = 'require';
+const SHADOW_BIN = 'shadow-bin';
+const SOCKET = 'socket';
 const SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG';
-const SOCKET_CLI_FIX_PACKAGE_LOCK_FILE = 'SOCKET_CLI_FIX_PACKAGE_LOCK_FILE';
+const SOCKET_CLI_FIX = 'SOCKET_CLI_FIX';
 const SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
-const SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE';
+const SOCKET_CLI_LEGACY_BUILD = 'SOCKET_CLI_LEGACY_BUILD';
+const SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE';
+const SOCKET_CLI_PUBLISHED_BUILD = 'SOCKET_CLI_PUBLISHED_BUILD';
+const SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER';
+const SOCKET_CLI_SENTRY_BUILD = 'SOCKET_CLI_SENTRY_BUILD';
+const SOCKET_CLI_VERSION_HASH = 'SOCKET_CLI_VERSION_HASH';
 const VLT = 'vlt';
 const YARN = 'yarn';
 const YARN_BERRY = `${YARN}/berry`;
 const YARN_CLASSIC = `${YARN}/classic`;
+let _Sentry;
+const LAZY_BATCH_PURL_ENDPOINT = () => {
+  const query = new URLSearchParams();
+  query.append('alerts', 'true');
+  query.append('compact', 'true');
+  return `${API_V0_URL}/purl?${query}`;
+};
 const LAZY_DIST_TYPE = () => registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE;
 const LAZY_ENV = () => Object.freeze({
   // Lazily access registryConstants.ENV.
   ...registryConstants.ENV,
   // Flag set to help debug Socket CLI.
-  [SOCKET_CLI_DEBUG]: env.envAsBoolean(process.env[SOCKET_CLI_DEBUG])
+  [SOCKET_CLI_DEBUG]: env.envAsBoolean(process.env[SOCKET_CLI_DEBUG]),
+  // Inline the following environment values so that they CANNOT be influenced
+  // by user provided environment variables.
+  //
+  // Flag set to determine if this is the Legacy build.
+  // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_LEGACY_BUILD]".
+  [SOCKET_CLI_LEGACY_BUILD]: false,
+  // Flag set to determine if this is a published build.
+  // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_PUBLISHED_BUILD]".
+  [SOCKET_CLI_PUBLISHED_BUILD]: true,
+  // Flag set to determine if this is the Sentry build.
+  // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_SENTRY_BUILD]".
+  [SOCKET_CLI_SENTRY_BUILD]: false,
+  // Flag set to determine the version hash of the build.
+  // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_VERSION_HASH]".
+  [SOCKET_CLI_VERSION_HASH]: "0.14.44:d759761:627be68f:pub"
 });
 const lazyCdxgenBinPath = () =>
 // Lazily access constants.nmBinPath.
@@ -44,9 +84,15 @@ path.join(constants.nmBinPath, 'cdxgen');
 const lazyDistPath = () =>
 // Lazily access constants.rootDistPath and constants.DIST_TYPE.
 path.join(constants.rootDistPath, constants.DIST_TYPE);
+const lazyInstrumentWithSentryPath = () =>
+// Lazily access constants.rootDistPath.
+path.join(constants.rootDistPath, 'instrument-with-sentry.js');
 const lazyNmBinPath = () =>
 // Lazily access constants.rootPath.
-path.join(constants.rootPath, 'node_modules/.bin');
+path.join(constants.rootPath, `${NODE_MODULES}/.bin`);
+const lazyNpmInjectionPath = () =>
+// Lazily access constants.distPath.
+path.join(constants.distPath, `${NPM_INJECTION}.js`);
 const lazyRootBinPath = () =>
 // Lazily access constants.rootPath.
 path.join(constants.rootPath, 'bin');
@@ -54,43 +100,61 @@ const lazyRootDistPath = () =>
 // Lazily access constants.rootPath.
 path.join(constants.rootPath, 'dist');
 const lazyRootPath = () =>
-// The '@rollup/plugin-replace' will replace 'false' with `false` and
-// it will be dead code eliminated by Rollup.
+// The '@rollup/plugin-replace' will replace "process.env.[TAP]".
 path.resolve(fs.realpathSync.native(__dirname), '..');
 const lazyRootPkgJsonPath = () =>
 // Lazily access constants.rootPath.
 path.join(constants.rootPath, PACKAGE_JSON);
 const lazyShadowBinPath = () =>
 // Lazily access constants.rootPath.
-path.join(constants.rootPath, 'shadow-bin');
+path.join(constants.rootPath, SHADOW_BIN);
 const lazySynpBinPath = () =>
 // Lazily access constants.nmBinPath.
 path.join(constants.nmBinPath, 'synp');
 const constants = createConstantsObject({
+  ALERT_TYPE_CRITICAL_CVE,
+  ALERT_TYPE_CVE,
+  ALERT_TYPE_MEDIUM_CVE,
+  ALERT_TYPE_MILD_CVE,
+  ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE,
   API_V0_URL,
   BABEL_RUNTIME,
+  // Lazily defined values are initialized as `undefined` to keep their key order.
+  BATCH_PURL_ENDPOINT: undefined,
   BINARY_LOCK_EXT,
   BUN,
-  // Lazily defined values are initialized as `undefined` to keep their key order.
+  CLI,
+  CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,
+  CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE,
   DIST_TYPE: undefined,
   ENV: undefined,
   LOCK_EXT,
   MODULE_SYNC,
+  NPM_INJECTION,
   NPM_REGISTRY_URL,
   NPX,
   PNPM,
   REQUIRE,
+  SHADOW_BIN,
+  SOCKET,
   SOCKET_CLI_DEBUG,
-  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
+  SOCKET_CLI_FIX,
   SOCKET_CLI_ISSUES_URL,
-  SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE,
+  SOCKET_CLI_LEGACY_BUILD,
+  SOCKET_CLI_OPTIMIZE,
+  SOCKET_CLI_PUBLISHED_BUILD,
+  SOCKET_CLI_SAFE_WRAPPER,
+  SOCKET_CLI_SENTRY_BUILD,
+  SOCKET_CLI_VERSION_HASH,
   VLT,
   YARN,
   YARN_BERRY,
   YARN_CLASSIC,
   cdxgenBinPath: undefined,
   distPath: undefined,
+  instrumentWithSentryPath: undefined,
   nmBinPath: undefined,
+  npmInjectionPath: undefined,
   rootBinPath: undefined,
   rootDistPath: undefined,
   rootPath: undefined,
@@ -99,11 +163,14 @@ const constants = createConstantsObject({
   synpBinPath: undefined
 }, {
   getters: {
+    BATCH_PURL_ENDPOINT: LAZY_BATCH_PURL_ENDPOINT,
     DIST_TYPE: LAZY_DIST_TYPE,
     ENV: LAZY_ENV,
     distPath: lazyDistPath,
     cdxgenBinPath: lazyCdxgenBinPath,
+    instrumentWithSentryPath: lazyInstrumentWithSentryPath,
     nmBinPath: lazyNmBinPath,
+    npmInjectionPath: lazyNpmInjectionPath,
     rootBinPath: lazyRootBinPath,
     rootDistPath: lazyRootDistPath,
     rootPath: lazyRootPath,
@@ -111,7 +178,21 @@ const constants = createConstantsObject({
     shadowBinPath: lazyShadowBinPath,
     synpBinPath: lazySynpBinPath
   },
+  internals: {
+    getSentry() {
+      return _Sentry;
+    },
+    setSentry(Sentry) {
+      if (_Sentry === undefined) {
+        _Sentry = Sentry;
+        return true;
+      }
+      return false;
+    }
+  },
   mixin: registryConstants
 });
 
 module.exports = constants;
+//# debugId=43200c8b-0de4-4686-ba0f-0fbc8f6029e1
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sources":["../../src/constants.ts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\nimport { envAsBoolean } from '@socketsecurity/registry/lib/env'\n\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst {\n  NODE_MODULES,\n  PACKAGE_JSON,\n  TAP,\n  kInternalsSymbol,\n  [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n    createConstantsObject\n  }\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n  Omit<RegistryInternals, 'getIPC'> &\n    Readonly<{\n      getIPC: {\n        (): Promise<IPC>\n        <K extends keyof IPC | undefined>(\n          key?: K\n        ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n      }\n      getSentry: () => Sentry\n      setSentry(Sentry: Sentry): boolean\n    }>\n>\n\ntype ENV = Remap<\n  RegistryEnv &\n    Readonly<{\n      SOCKET_CLI_DEBUG: boolean\n      SOCKET_CLI_LEGACY_BUILD: boolean\n      SOCKET_CLI_PUBLISHED_BUILD: boolean\n      SOCKET_CLI_SENTRY_BUILD: boolean\n      SOCKET_CLI_VERSION_HASH: string\n    }>\n>\n\ntype IPC = Readonly<{\n  SOCKET_CLI_FIX?: string\n  SOCKET_CLI_OPTIMIZE?: boolean\n  SOCKET_CLI_SAFE_WRAPPER?: boolean\n}>\n\ntype Constants = Remap<\n  Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n    readonly 'Symbol(kInternalsSymbol)': Internals\n    readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n    readonly ALERT_TYPE_CVE: 'cve'\n    readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n    readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n    readonly ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE: 'socketUpgradeAvailable'\n    readonly API_V0_URL: 'https://api.socket.dev/v0'\n    readonly BABEL_RUNTIME: '@babel/runtime'\n    readonly BATCH_PURL_ENDPOINT: 'https://api.socket.dev/v0/purl?alerts=true&compact=true'\n    readonly BINARY_LOCK_EXT: '.lockb'\n    readonly BUN: 'bun'\n    readonly CLI: 'cli'\n    readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n    readonly CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE: 'vulnerableVersionRange'\n    readonly ENV: ENV\n    readonly DIST_TYPE: 'module-sync' | 'require'\n    readonly IPC: IPC\n    readonly LOCK_EXT: '.lock'\n    readonly MODULE_SYNC: 'module-sync'\n    readonly NPM_INJECTION: 'npm-injection'\n    readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n    readonly NPX: 'npx'\n    readonly PNPM: 'pnpm'\n    readonly REQUIRE: 'require'\n    readonly SHADOW_BIN: 'shadow-bin'\n    readonly SOCKET: 'socket'\n    readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG'\n    readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n    readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n    readonly SOCKET_CLI_LEGACY_BUILD: 'SOCKET_CLI_LEGACY_BUILD'\n    readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n    readonly SOCKET_CLI_PUBLISHED_BUILD: 'SOCKET_CLI_PUBLISHED_BUILD'\n    readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER'\n    readonly SOCKET_CLI_SENTRY_BUILD: 'SOCKET_CLI_SENTRY_BUILD'\n    readonly SOCKET_CLI_VERSION_HASH: 'SOCKET_CLI_VERSION_HASH'\n    readonly VLT: 'vlt'\n    readonly YARN: 'yarn'\n    readonly YARN_BERRY: 'yarn/berry'\n    readonly YARN_CLASSIC: 'yarn/classic'\n    readonly cdxgenBinPath: string\n    readonly distPath: string\n    readonly instrumentWithSentryPath: string\n    readonly nmBinPath: string\n    readonly npmInjectionPath: string\n    readonly rootBinPath: string\n    readonly rootDistPath: string\n    readonly rootPath: string\n    readonly rootPkgJsonPath: string\n    readonly shadowBinPath: string\n    readonly synpBinPath: string\n  }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE = 'socketUpgradeAvailable'\nconst API_V0_URL = 'https://api.socket.dev/v0'\nconst BABEL_RUNTIME = '@babel/runtime'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n  'firstPatchedVersionIdentifier'\nconst CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE = 'vulnerableVersionRange'\nconst LOCK_EXT = '.lock'\nconst MODULE_SYNC = 'module-sync'\nconst NPM_INJECTION = 'npm-injection'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst NPX = 'npx'\nconst PNPM = 'pnpm'\nconst REQUIRE = 'require'\nconst SHADOW_BIN = 'shadow-bin'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_BUILD = 'SOCKET_CLI_LEGACY_BUILD'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_PUBLISHED_BUILD = 'SOCKET_CLI_PUBLISHED_BUILD'\nconst SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER'\nconst SOCKET_CLI_SENTRY_BUILD = 'SOCKET_CLI_SENTRY_BUILD'\nconst SOCKET_CLI_VERSION_HASH = 'SOCKET_CLI_VERSION_HASH'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = `${YARN}/berry`\nconst YARN_CLASSIC = `${YARN}/classic`\n\nlet _Sentry: any\n\nconst LAZY_BATCH_PURL_ENDPOINT = () => {\n  const query = new URLSearchParams()\n  query.append('alerts', 'true')\n  query.append('compact', 'true')\n  return `${API_V0_URL}/purl?${query}`\n}\n\nconst LAZY_DIST_TYPE = () =>\n  registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE\n\nconst LAZY_ENV = () =>\n  Object.freeze({\n    // Lazily access registryConstants.ENV.\n    ...registryConstants.ENV,\n    // Flag set to help debug Socket CLI.\n    [SOCKET_CLI_DEBUG]: envAsBoolean(process.env[SOCKET_CLI_DEBUG]),\n    // Inline the following environment values so that they CANNOT be influenced\n    // by user provided environment variables.\n    //\n    // Flag set to determine if this is the Legacy build.\n    // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_LEGACY_BUILD]\".\n    [SOCKET_CLI_LEGACY_BUILD]: process.env[SOCKET_CLI_LEGACY_BUILD],\n    // Flag set to determine if this is a published build.\n    // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_PUBLISHED_BUILD]\".\n    [SOCKET_CLI_PUBLISHED_BUILD]: process.env[SOCKET_CLI_PUBLISHED_BUILD],\n    // Flag set to determine if this is the Sentry build.\n    // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_SENTRY_BUILD]\".\n    [SOCKET_CLI_SENTRY_BUILD]: process.env[SOCKET_CLI_SENTRY_BUILD],\n    // Flag set to determine the version hash of the build.\n    // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_VERSION_HASH]\".\n    [SOCKET_CLI_VERSION_HASH]: process.env[SOCKET_CLI_VERSION_HASH]\n  })\n\nconst lazyCdxgenBinPath = () =>\n  // Lazily access constants.nmBinPath.\n  path.join(constants.nmBinPath, 'cdxgen')\n\nconst lazyDistPath = () =>\n  // Lazily access constants.rootDistPath and constants.DIST_TYPE.\n  path.join(constants.rootDistPath, constants.DIST_TYPE)\n\nconst lazyInstrumentWithSentryPath = () =>\n  // Lazily access constants.rootDistPath.\n  path.join(constants.rootDistPath, 'instrument-with-sentry.js')\n\nconst lazyNmBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, `${NODE_MODULES}/.bin`)\n\nconst lazyNpmInjectionPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, `${NPM_INJECTION}.js`)\n\nconst lazyRootBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'bin')\n\nconst lazyRootDistPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () =>\n  // The '@rollup/plugin-replace' will replace \"process.env.[TAP]\".\n  path.resolve(\n    realpathSync.native(__dirname),\n    process.env[TAP] ? '../..' : '..'\n  )\n\nconst lazyRootPkgJsonPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, PACKAGE_JSON)\n\nconst lazyShadowBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, SHADOW_BIN)\n\nconst lazySynpBinPath = () =>\n  // Lazily access constants.nmBinPath.\n  path.join(constants.nmBinPath, 'synp')\n\nconst constants = <Constants>createConstantsObject(\n  {\n    ALERT_TYPE_CRITICAL_CVE,\n    ALERT_TYPE_CVE,\n    ALERT_TYPE_MEDIUM_CVE,\n    ALERT_TYPE_MILD_CVE,\n    ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE,\n    API_V0_URL,\n    BABEL_RUNTIME,\n    // Lazily defined values are initialized as `undefined` to keep their key order.\n    BATCH_PURL_ENDPOINT: undefined,\n    BINARY_LOCK_EXT,\n    BUN,\n    CLI,\n    CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n    CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE,\n    DIST_TYPE: undefined,\n    ENV: undefined,\n    LOCK_EXT,\n    MODULE_SYNC,\n    NPM_INJECTION,\n    NPM_REGISTRY_URL,\n    NPX,\n    PNPM,\n    REQUIRE,\n    SHADOW_BIN,\n    SOCKET,\n    SOCKET_CLI_DEBUG,\n    SOCKET_CLI_FIX,\n    SOCKET_CLI_ISSUES_URL,\n    SOCKET_CLI_LEGACY_BUILD,\n    SOCKET_CLI_OPTIMIZE,\n    SOCKET_CLI_PUBLISHED_BUILD,\n    SOCKET_CLI_SAFE_WRAPPER,\n    SOCKET_CLI_SENTRY_BUILD,\n    SOCKET_CLI_VERSION_HASH,\n    VLT,\n    YARN,\n    YARN_BERRY,\n    YARN_CLASSIC,\n    cdxgenBinPath: undefined,\n    distPath: undefined,\n    instrumentWithSentryPath: undefined,\n    nmBinPath: undefined,\n    npmInjectionPath: undefined,\n    rootBinPath: undefined,\n    rootDistPath: undefined,\n    rootPath: undefined,\n    rootPkgJsonPath: undefined,\n    shadowBinPath: undefined,\n    synpBinPath: undefined\n  },\n  {\n    getters: {\n      BATCH_PURL_ENDPOINT: LAZY_BATCH_PURL_ENDPOINT,\n      DIST_TYPE: LAZY_DIST_TYPE,\n      ENV: LAZY_ENV,\n      distPath: lazyDistPath,\n      cdxgenBinPath: lazyCdxgenBinPath,\n      instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n      nmBinPath: lazyNmBinPath,\n      npmInjectionPath: lazyNpmInjectionPath,\n      rootBinPath: lazyRootBinPath,\n      rootDistPath: lazyRootDistPath,\n      rootPath: lazyRootPath,\n      rootPkgJsonPath: lazyRootPkgJsonPath,\n      shadowBinPath: lazyShadowBinPath,\n      synpBinPath: lazySynpBinPath\n    },\n    internals: {\n      getSentry() {\n        return _Sentry\n      },\n      setSentry(Sentry: Sentry): boolean {\n        if (_Sentry === undefined) {\n          _Sentry = Sentry\n          return true\n        }\n        return false\n      }\n    },\n    mixin: registryConstants\n  }\n)\n\nexport default constants\n"],"names":["createConstantsObject","query","path","constants","BATCH_PURL_ENDPOINT","DIST_TYPE","ENV","cdxgenBinPath","distPath","instrumentWithSentryPath","nmBinPath","npmInjectionPath","rootBinPath","rootDistPath","rootPath","rootPkgJsonPath","shadowBinPath","synpBinPath","getters","internals","getSentry","_Sentry","mixin"],"mappings":";;;;;;;;AASA;;;;;AAKE;AACEA;AACF;AACF;AA8FA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACE;AACAC;AACAA;AACA;AACF;AAEA;AAGA;AAEI;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF;AAEF;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAKF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEIC;;;;;;;;AASF;AACAC;;;;;;AAMAC;AACAC;;;;;;;;;;;;;;;;;;;;;;;AAuBAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;AACEd;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;AACEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;;AAEFC;AACF;;","debugId":"43200c8b-0de4-4686-ba0f-0fbc8f6029e1"}