socket 0.14.57 → 0.14.59
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cli.js +2 -0
- package/dist/constants.d.ts +2 -2
- package/dist/constants.js +15 -6
- package/dist/constants.js.map +1 -1
- package/dist/module-sync/artifact.d.ts +75 -0
- package/dist/module-sync/cli.js +1063 -802
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/index.d.ts +4 -3
- package/dist/module-sync/shadow-bin.js +3 -1
- package/dist/module-sync/shadow-bin.js.map +1 -1
- package/dist/module-sync/shadow-npm-inject.js +1414 -1287
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/module-sync/shadow-npm-paths.js.map +1 -1
- package/dist/module-sync/socket-package-alert.d.ts +46 -0
- package/dist/module-sync/types.d.ts +11 -3
- package/dist/require/cli.js +1063 -802
- package/dist/require/cli.js.map +1 -1
- package/package.json +11 -9
- package/dist/module-sync/color-or-markdown.d.ts +0 -16
- package/dist/module-sync/socket-url.d.ts +0 -3
package/bin/cli.js
CHANGED
|
@@ -21,6 +21,8 @@ if (
|
|
|
21
21
|
// Lazily access constants.execPath.
|
|
22
22
|
constants.execPath,
|
|
23
23
|
[
|
|
24
|
+
// Lazily access constants.nodeHardenFlags.
|
|
25
|
+
...constants.nodeHardenFlags,
|
|
24
26
|
// Lazily access constants.nodeNoWarningsFlags.
|
|
25
27
|
...constants.nodeNoWarningsFlags,
|
|
26
28
|
// Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
|
package/dist/constants.d.ts
CHANGED
|
@@ -18,7 +18,6 @@ type ENV = Remap<RegistryEnv & Readonly<{
|
|
|
18
18
|
SOCKET_CLI_NO_API_TOKEN: boolean;
|
|
19
19
|
SOCKET_CLI_PUBLISHED_BUILD: boolean;
|
|
20
20
|
SOCKET_CLI_SENTRY_BUILD: boolean;
|
|
21
|
-
SOCKET_CLI_SHOW_BANNER: boolean;
|
|
22
21
|
SOCKET_CLI_VERSION_HASH: string;
|
|
23
22
|
}>>;
|
|
24
23
|
type IPC = Readonly<{
|
|
@@ -158,6 +157,7 @@ declare const constants: {
|
|
|
158
157
|
readonly IPC: IPC;
|
|
159
158
|
readonly LOCK_EXT: '.lock';
|
|
160
159
|
readonly MODULE_SYNC: 'module-sync';
|
|
160
|
+
readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0';
|
|
161
161
|
readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
|
|
162
162
|
readonly PNPM: 'pnpm';
|
|
163
163
|
readonly REDACTED: '<redacted>';
|
|
@@ -186,7 +186,6 @@ declare const constants: {
|
|
|
186
186
|
readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry';
|
|
187
187
|
readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry';
|
|
188
188
|
readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry';
|
|
189
|
-
readonly SOCKET_CLI_SHOW_BANNER: 'SOCKET_CLI_SHOW_BANNER';
|
|
190
189
|
readonly SOCKET_CLI_VERSION_HASH: 'SOCKET_CLI_VERSION_HASH';
|
|
191
190
|
readonly VLT: 'vlt';
|
|
192
191
|
readonly WITH_SENTRY: 'with-sentry';
|
|
@@ -201,6 +200,7 @@ declare const constants: {
|
|
|
201
200
|
readonly distShadowNpmInjectPath: string;
|
|
202
201
|
readonly homePath: string;
|
|
203
202
|
readonly nmBinPath: string;
|
|
203
|
+
readonly nodeHardenFlags: string[];
|
|
204
204
|
readonly rootBinPath: string;
|
|
205
205
|
readonly rootDistPath: string;
|
|
206
206
|
readonly rootPath: string;
|
package/dist/constants.js
CHANGED
|
@@ -35,6 +35,7 @@ const DRY_RUN_LABEL = '[DryRun]';
|
|
|
35
35
|
const DRY_RUN_BAIL_TEXT = `${DRY_RUN_LABEL}: Bailing now`;
|
|
36
36
|
const LOCK_EXT = '.lock';
|
|
37
37
|
const MODULE_SYNC = 'module-sync';
|
|
38
|
+
const NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0';
|
|
38
39
|
const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
|
|
39
40
|
const PNPM = 'pnpm';
|
|
40
41
|
const REDACTED = '<redacted>';
|
|
@@ -62,7 +63,6 @@ const SOCKET_CLI_SENTRY_BUILD = 'SOCKET_CLI_SENTRY_BUILD';
|
|
|
62
63
|
const SOCKET_CLI_SENTRY_NPM_BIN_NAME = `${SOCKET_CLI_NPM_BIN_NAME}-${WITH_SENTRY}`;
|
|
63
64
|
const SOCKET_CLI_SENTRY_NPX_BIN_NAME = `${SOCKET_CLI_NPX_BIN_NAME}-${WITH_SENTRY}`;
|
|
64
65
|
const SOCKET_CLI_SENTRY_PACKAGE_NAME = `${SOCKET_CLI_LEGACY_PACKAGE_NAME}-${WITH_SENTRY}`;
|
|
65
|
-
const SOCKET_CLI_SHOW_BANNER = 'SOCKET_CLI_SHOW_BANNER';
|
|
66
66
|
const SOCKET_CLI_VERSION_HASH = 'SOCKET_CLI_VERSION_HASH';
|
|
67
67
|
const VLT = 'vlt';
|
|
68
68
|
const YARN = 'yarn';
|
|
@@ -98,11 +98,9 @@ const LAZY_ENV = () => {
|
|
|
98
98
|
// Inlined flag set to determine if this is the Sentry build.
|
|
99
99
|
// The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_SENTRY_BUILD]".
|
|
100
100
|
[SOCKET_CLI_SENTRY_BUILD]: false,
|
|
101
|
-
// Flag set to toggle the informative ASCII art banner.
|
|
102
|
-
[SOCKET_CLI_SHOW_BANNER]: env.envAsBoolean(env$1[SOCKET_CLI_SHOW_BANNER]),
|
|
103
101
|
// Inlined flag set to determine the version hash of the build.
|
|
104
102
|
// The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_VERSION_HASH]".
|
|
105
|
-
[SOCKET_CLI_VERSION_HASH]: "0.14.
|
|
103
|
+
[SOCKET_CLI_VERSION_HASH]: "0.14.59:e40b009:df22b573:pub"
|
|
106
104
|
});
|
|
107
105
|
};
|
|
108
106
|
const lazyBashRcPath = () =>
|
|
@@ -146,6 +144,16 @@ path.join(constants.rootPath, SHADOW_NPM_BIN);
|
|
|
146
144
|
const lazyZshRcPath = () =>
|
|
147
145
|
// Lazily access constants.homePath.
|
|
148
146
|
path.join(constants.homePath, '.zshrc');
|
|
147
|
+
|
|
148
|
+
// Harden Node security.
|
|
149
|
+
// https://nodejs.org/en/learn/getting-started/security-best-practices
|
|
150
|
+
const nodeHardenFlags =
|
|
151
|
+
// The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_SENTRY_BUILD]".
|
|
152
|
+
['--disable-proto', 'delete',
|
|
153
|
+
// TODO: We can try --frozen-intrinsics once
|
|
154
|
+
// https://github.com/SBoudrias/Inquirer.js/pull/1683 is addressed.
|
|
155
|
+
// '--frozen-intrinsics',
|
|
156
|
+
'--no-deprecation'];
|
|
149
157
|
const constants = createConstantsObject({
|
|
150
158
|
ALERT_TYPE_CRITICAL_CVE,
|
|
151
159
|
ALERT_TYPE_CVE,
|
|
@@ -166,6 +174,7 @@ const constants = createConstantsObject({
|
|
|
166
174
|
ENV: undefined,
|
|
167
175
|
LOCK_EXT,
|
|
168
176
|
MODULE_SYNC,
|
|
177
|
+
NPM_BUGGY_OVERRIDES_PATCHED_VERSION,
|
|
169
178
|
NPM_REGISTRY_URL,
|
|
170
179
|
PNPM,
|
|
171
180
|
REDACTED,
|
|
@@ -192,7 +201,6 @@ const constants = createConstantsObject({
|
|
|
192
201
|
SOCKET_CLI_SENTRY_NPM_BIN_NAME,
|
|
193
202
|
SOCKET_CLI_SENTRY_NPX_BIN_NAME,
|
|
194
203
|
SOCKET_CLI_SENTRY_PACKAGE_NAME,
|
|
195
|
-
SOCKET_CLI_SHOW_BANNER,
|
|
196
204
|
SOCKET_CLI_VERSION_HASH,
|
|
197
205
|
VLT,
|
|
198
206
|
WITH_SENTRY,
|
|
@@ -207,6 +215,7 @@ const constants = createConstantsObject({
|
|
|
207
215
|
distShadowNpmInjectPath: undefined,
|
|
208
216
|
homePath: undefined,
|
|
209
217
|
nmBinPath: undefined,
|
|
218
|
+
nodeHardenFlags,
|
|
210
219
|
rootBinPath: undefined,
|
|
211
220
|
rootDistPath: undefined,
|
|
212
221
|
rootPath: undefined,
|
|
@@ -249,5 +258,5 @@ const constants = createConstantsObject({
|
|
|
249
258
|
});
|
|
250
259
|
|
|
251
260
|
module.exports = constants;
|
|
252
|
-
//# debugId=
|
|
261
|
+
//# debugId=b4807eeb-d558-4720-a508-980c3382d674
|
|
253
262
|
//# sourceMappingURL=constants.js.map
|
package/dist/constants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sources":["../../src/constants.ts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport os from 'node:os'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\nimport { envAsBoolean } from '@socketsecurity/registry/lib/env'\n\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst {\n NODE_MODULES,\n NPM,\n NPX,\n PACKAGE_JSON,\n SOCKET_SECURITY_SCOPE,\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n createConstantsObject\n }\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIPC'> &\n Readonly<{\n getIPC: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_LEGACY_BUILD: boolean\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_PUBLISHED_BUILD: boolean\n SOCKET_CLI_SENTRY_BUILD: boolean\n SOCKET_CLI_SHOW_BANNER: boolean\n SOCKET_CLI_VERSION_HASH: string\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_WRAPPER?: number | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE: 'socketUpgradeAvailable'\n readonly API_V0_URL: 'https://api.socket.dev/v0'\n readonly BATCH_PURL_ENDPOINT: 'https://api.socket.dev/v0/purl?alerts=true&compact=true'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly CLI: 'cli'\n readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n readonly CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE: 'vulnerableVersionRange'\n readonly ENV: ENV\n readonly DIST_TYPE: 'module-sync' | 'require'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAIL_TEXT: '[DryRun] Bailing now'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly MODULE_SYNC: 'module-sync'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly REQUIRE: 'require'\n readonly SHADOW_NPM_BIN: 'shadow-bin'\n readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n readonly SHADOW_NPM_PATHS: 'shadow-npm-paths'\n readonly SOCKET: 'socket'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n readonly SOCKET_CLI_LEGACY_BUILD: 'SOCKET_CLI_LEGACY_BUILD'\n readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n readonly SOCKET_CLI_NO_API_TOKEN: 'SOCKET_CLI_NO_API_TOKEN'\n readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n readonly SOCKET_CLI_PUBLISHED_BUILD: 'SOCKET_CLI_PUBLISHED_BUILD'\n readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER'\n readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n readonly SOCKET_CLI_SENTRY_BUILD: 'SOCKET_CLI_SENTRY_BUILD'\n readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n readonly SOCKET_CLI_SHOW_BANNER: 'SOCKET_CLI_SHOW_BANNER'\n readonly SOCKET_CLI_VERSION_HASH: 'SOCKET_CLI_VERSION_HASH'\n readonly VLT: 'vlt'\n readonly WITH_SENTRY: 'with-sentry'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly bashRcPath: string\n readonly distCliPath: string\n readonly distInstrumentWithSentryPath: string\n readonly distPath: string\n readonly distShadowNpmBinPath: string\n readonly distShadowNpmInjectPath: string\n readonly homePath: string\n readonly nmBinPath: string\n readonly rootBinPath: string\n readonly rootDistPath: string\n readonly rootPath: string\n readonly rootPkgJsonPath: string\n readonly shadowBinPath: string\n readonly zshRcPath: string\n }\n>\n\nconst SOCKET = 'socket'\nconst WITH_SENTRY = 'with-sentry'\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE = 'socketUpgradeAvailable'\nconst API_V0_URL = 'https://api.socket.dev/v0'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n 'firstPatchedVersionIdentifier'\nconst CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE = 'vulnerableVersionRange'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAIL_TEXT = `${DRY_RUN_LABEL}: Bailing now`\nconst LOCK_EXT = '.lock'\nconst MODULE_SYNC = 'module-sync'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst REQUIRE = 'require'\nconst SHADOW_NPM_BIN = 'shadow-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SHADOW_NPM_PATHS = 'shadow-npm-paths'\nconst SOCKET_CLI_BIN_NAME = SOCKET\nconst SOCKET_CLI_BIN_NAME_ALIAS = CLI\nconst SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_BUILD = 'SOCKET_CLI_LEGACY_BUILD'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/${CLI}`\nconst SOCKET_CLI_NO_API_TOKEN = 'SOCKET_CLI_NO_API_TOKEN'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = `${SOCKET}-${NPM}`\nconst SOCKET_CLI_NPX_BIN_NAME = `${SOCKET}-${NPX}`\nconst SOCKET_CLI_PACKAGE_NAME = SOCKET\nconst SOCKET_CLI_PUBLISHED_BUILD = 'SOCKET_CLI_PUBLISHED_BUILD'\nconst SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER'\nconst SOCKET_CLI_SENTRY_BIN_NAME = `${SOCKET_CLI_BIN_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = `${SOCKET_CLI_BIN_NAME_ALIAS}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_BUILD = 'SOCKET_CLI_SENTRY_BUILD'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = `${SOCKET_CLI_NPM_BIN_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = `${SOCKET_CLI_NPX_BIN_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = `${SOCKET_CLI_LEGACY_PACKAGE_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_SHOW_BANNER = 'SOCKET_CLI_SHOW_BANNER'\nconst SOCKET_CLI_VERSION_HASH = 'SOCKET_CLI_VERSION_HASH'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = `${YARN}/berry`\nconst YARN_CLASSIC = `${YARN}/classic`\n\nlet _Sentry: any\n\nconst LAZY_BATCH_PURL_ENDPOINT = () => {\n const query = new URLSearchParams()\n query.append('alerts', 'true')\n query.append('compact', 'true')\n return `${API_V0_URL}/purl?${query}`\n}\n\nconst LAZY_DIST_TYPE = () =>\n registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE\n\nconst LAZY_ENV = () => {\n const { env } = process\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Flag set to help debug Socket CLI.\n [SOCKET_CLI_DEBUG]: envAsBoolean(env[SOCKET_CLI_DEBUG]),\n // Inlined flag set to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_LEGACY_BUILD]\".\n [SOCKET_CLI_LEGACY_BUILD]: process.env[SOCKET_CLI_LEGACY_BUILD],\n // Flag set to make the default API token `undefined`.\n [SOCKET_CLI_NO_API_TOKEN]: envAsBoolean(env[SOCKET_CLI_NO_API_TOKEN]),\n // Inlined flag set to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_PUBLISHED_BUILD]\".\n [SOCKET_CLI_PUBLISHED_BUILD]: process.env[SOCKET_CLI_PUBLISHED_BUILD],\n // Inlined flag set to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_SENTRY_BUILD]\".\n [SOCKET_CLI_SENTRY_BUILD]: process.env[SOCKET_CLI_SENTRY_BUILD],\n // Flag set to toggle the informative ASCII art banner.\n [SOCKET_CLI_SHOW_BANNER]: envAsBoolean(env[SOCKET_CLI_SHOW_BANNER]),\n // Inlined flag set to determine the version hash of the build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_VERSION_HASH]\".\n [SOCKET_CLI_VERSION_HASH]: process.env[SOCKET_CLI_VERSION_HASH]\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistInstrumentWithSentryPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, 'instrument-with-sentry.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootDistPath and constants.DIST_TYPE.\n path.join(constants.rootDistPath, constants.DIST_TYPE)\n\nconst lazyDistShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyDistShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, `${NODE_MODULES}/.bin`)\n\nconst lazyRootBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyRootDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () =>\n // The '@rollup/plugin-replace' will replace \"process.env.['VITEST']\" with `false` and\n // it will be dead code eliminated by Rollup.\n path.join(\n realpathSync.native(__dirname),\n process.env['SOCKET_CLI_TEST_DIST_BUILD'] ? '../..' : '..'\n )\n\nconst lazyRootPkgJsonPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, PACKAGE_JSON)\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, SHADOW_NPM_BIN)\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants = <Constants>createConstantsObject(\n {\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE,\n API_V0_URL,\n // Lazily defined values are initialized as `undefined` to keep their key order.\n BATCH_PURL_ENDPOINT: undefined,\n BINARY_LOCK_EXT,\n BUN,\n CLI,\n CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE,\n DIST_TYPE: undefined,\n DRY_RUN_LABEL,\n DRY_RUN_BAIL_TEXT,\n ENV: undefined,\n LOCK_EXT,\n MODULE_SYNC,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n REQUIRE,\n SHADOW_NPM_BIN,\n SHADOW_NPM_INJECT,\n SHADOW_NPM_PATHS,\n SOCKET,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_BIN_NAME_ALIAS,\n SOCKET_CLI_DEBUG,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n SOCKET_CLI_LEGACY_BUILD,\n SOCKET_CLI_LEGACY_PACKAGE_NAME,\n SOCKET_CLI_NO_API_TOKEN,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PACKAGE_NAME,\n SOCKET_CLI_PUBLISHED_BUILD,\n SOCKET_CLI_SAFE_WRAPPER,\n SOCKET_CLI_SENTRY_BIN_NAME,\n SOCKET_CLI_SENTRY_BUILD,\n SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n SOCKET_CLI_SENTRY_PACKAGE_NAME,\n SOCKET_CLI_SHOW_BANNER,\n SOCKET_CLI_VERSION_HASH,\n VLT,\n WITH_SENTRY,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n bashRcPath: undefined,\n distCliPath: undefined,\n distInstrumentWithSentryPath: undefined,\n distPath: undefined,\n distShadowNpmBinPath: undefined,\n distShadowNpmInjectPath: undefined,\n homePath: undefined,\n nmBinPath: undefined,\n rootBinPath: undefined,\n rootDistPath: undefined,\n rootPath: undefined,\n rootPkgJsonPath: undefined,\n shadowBinPath: undefined,\n zshRcPath: undefined\n },\n {\n getters: {\n BATCH_PURL_ENDPOINT: LAZY_BATCH_PURL_ENDPOINT,\n DIST_TYPE: LAZY_DIST_TYPE,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n distCliPath: lazyDistCliPath,\n distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,\n distPath: lazyDistPath,\n distShadowNpmBinPath: lazyDistShadowNpmBinPath,\n distShadowNpmInjectPath: lazyDistShadowNpmInjectPath,\n homePath: lazyHomePath,\n nmBinPath: lazyNmBinPath,\n rootBinPath: lazyRootBinPath,\n rootDistPath: lazyRootDistPath,\n rootPath: lazyRootPath,\n rootPkgJsonPath: lazyRootPkgJsonPath,\n shadowBinPath: lazyShadowBinPath,\n zshRcPath: lazyZshRcPath\n },\n internals: {\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n }\n },\n mixin: registryConstants\n }\n)\n\nexport default constants\n"],"names":["createConstantsObject","query","env","path","constants","BATCH_PURL_ENDPOINT","DIST_TYPE","ENV","bashRcPath","distCliPath","distInstrumentWithSentryPath","distPath","distShadowNpmBinPath","distShadowNpmInjectPath","homePath","nmBinPath","rootBinPath","rootDistPath","rootPath","rootPkgJsonPath","shadowBinPath","zshRcPath","getters","internals","getSentry","_Sentry","mixin"],"mappings":";;;;;;;;;AAUA;;;;;;;AAOE;AACEA;AACF;AACF;AAmHA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACE;AACAC;AACAA;AACA;AACF;AAEA;AAGA;;AACUC;AAAI;AACZ;AACA;;AAEE;;AAEA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACAA;AAKF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEIC;;;;;;;AAQF;AACAC;;;;;;AAMAC;;;AAGAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;AACEjB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;AACEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;;AAEFC;AACF;;","debugId":"23cb1c1d-7228-4cb4-ad0d-9b5e4a38c195"}
|
|
1
|
+
{"version":3,"file":"constants.js","sources":["../../src/constants.ts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport os from 'node:os'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\nimport { envAsBoolean } from '@socketsecurity/registry/lib/env'\n\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst {\n NODE_MODULES,\n NPM,\n NPX,\n PACKAGE_JSON,\n SOCKET_SECURITY_SCOPE,\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n createConstantsObject\n }\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIPC'> &\n Readonly<{\n getIPC: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_LEGACY_BUILD: boolean\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_PUBLISHED_BUILD: boolean\n SOCKET_CLI_SENTRY_BUILD: boolean\n SOCKET_CLI_VERSION_HASH: string\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_WRAPPER?: number | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE: 'socketUpgradeAvailable'\n readonly API_V0_URL: 'https://api.socket.dev/v0'\n readonly BATCH_PURL_ENDPOINT: 'https://api.socket.dev/v0/purl?alerts=true&compact=true'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly CLI: 'cli'\n readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n readonly CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE: 'vulnerableVersionRange'\n readonly ENV: ENV\n readonly DIST_TYPE: 'module-sync' | 'require'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAIL_TEXT: '[DryRun] Bailing now'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly MODULE_SYNC: 'module-sync'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly REQUIRE: 'require'\n readonly SHADOW_NPM_BIN: 'shadow-bin'\n readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n readonly SHADOW_NPM_PATHS: 'shadow-npm-paths'\n readonly SOCKET: 'socket'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n readonly SOCKET_CLI_LEGACY_BUILD: 'SOCKET_CLI_LEGACY_BUILD'\n readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n readonly SOCKET_CLI_NO_API_TOKEN: 'SOCKET_CLI_NO_API_TOKEN'\n readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n readonly SOCKET_CLI_PUBLISHED_BUILD: 'SOCKET_CLI_PUBLISHED_BUILD'\n readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER'\n readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n readonly SOCKET_CLI_SENTRY_BUILD: 'SOCKET_CLI_SENTRY_BUILD'\n readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n readonly SOCKET_CLI_VERSION_HASH: 'SOCKET_CLI_VERSION_HASH'\n readonly VLT: 'vlt'\n readonly WITH_SENTRY: 'with-sentry'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly bashRcPath: string\n readonly distCliPath: string\n readonly distInstrumentWithSentryPath: string\n readonly distPath: string\n readonly distShadowNpmBinPath: string\n readonly distShadowNpmInjectPath: string\n readonly homePath: string\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly rootBinPath: string\n readonly rootDistPath: string\n readonly rootPath: string\n readonly rootPkgJsonPath: string\n readonly shadowBinPath: string\n readonly zshRcPath: string\n }\n>\n\nconst SOCKET = 'socket'\nconst WITH_SENTRY = 'with-sentry'\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE = 'socketUpgradeAvailable'\nconst API_V0_URL = 'https://api.socket.dev/v0'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n 'firstPatchedVersionIdentifier'\nconst CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE = 'vulnerableVersionRange'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAIL_TEXT = `${DRY_RUN_LABEL}: Bailing now`\nconst LOCK_EXT = '.lock'\nconst MODULE_SYNC = 'module-sync'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst REQUIRE = 'require'\nconst SHADOW_NPM_BIN = 'shadow-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SHADOW_NPM_PATHS = 'shadow-npm-paths'\nconst SOCKET_CLI_BIN_NAME = SOCKET\nconst SOCKET_CLI_BIN_NAME_ALIAS = CLI\nconst SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_BUILD = 'SOCKET_CLI_LEGACY_BUILD'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/${CLI}`\nconst SOCKET_CLI_NO_API_TOKEN = 'SOCKET_CLI_NO_API_TOKEN'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = `${SOCKET}-${NPM}`\nconst SOCKET_CLI_NPX_BIN_NAME = `${SOCKET}-${NPX}`\nconst SOCKET_CLI_PACKAGE_NAME = SOCKET\nconst SOCKET_CLI_PUBLISHED_BUILD = 'SOCKET_CLI_PUBLISHED_BUILD'\nconst SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER'\nconst SOCKET_CLI_SENTRY_BIN_NAME = `${SOCKET_CLI_BIN_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = `${SOCKET_CLI_BIN_NAME_ALIAS}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_BUILD = 'SOCKET_CLI_SENTRY_BUILD'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = `${SOCKET_CLI_NPM_BIN_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = `${SOCKET_CLI_NPX_BIN_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = `${SOCKET_CLI_LEGACY_PACKAGE_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_VERSION_HASH = 'SOCKET_CLI_VERSION_HASH'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = `${YARN}/berry`\nconst YARN_CLASSIC = `${YARN}/classic`\n\nlet _Sentry: any\n\nconst LAZY_BATCH_PURL_ENDPOINT = () => {\n const query = new URLSearchParams()\n query.append('alerts', 'true')\n query.append('compact', 'true')\n return `${API_V0_URL}/purl?${query}`\n}\n\nconst LAZY_DIST_TYPE = () =>\n registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE\n\nconst LAZY_ENV = () => {\n const { env } = process\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Flag set to help debug Socket CLI.\n [SOCKET_CLI_DEBUG]: envAsBoolean(env[SOCKET_CLI_DEBUG]),\n // Inlined flag set to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_LEGACY_BUILD]\".\n [SOCKET_CLI_LEGACY_BUILD]: process.env[SOCKET_CLI_LEGACY_BUILD],\n // Flag set to make the default API token `undefined`.\n [SOCKET_CLI_NO_API_TOKEN]: envAsBoolean(env[SOCKET_CLI_NO_API_TOKEN]),\n // Inlined flag set to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_PUBLISHED_BUILD]\".\n [SOCKET_CLI_PUBLISHED_BUILD]: process.env[SOCKET_CLI_PUBLISHED_BUILD],\n // Inlined flag set to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_SENTRY_BUILD]\".\n [SOCKET_CLI_SENTRY_BUILD]: process.env[SOCKET_CLI_SENTRY_BUILD],\n // Inlined flag set to determine the version hash of the build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_VERSION_HASH]\".\n [SOCKET_CLI_VERSION_HASH]: process.env[SOCKET_CLI_VERSION_HASH]\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistInstrumentWithSentryPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, 'instrument-with-sentry.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootDistPath and constants.DIST_TYPE.\n path.join(constants.rootDistPath, constants.DIST_TYPE)\n\nconst lazyDistShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyDistShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, `${NODE_MODULES}/.bin`)\n\nconst lazyRootBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyRootDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () =>\n // The '@rollup/plugin-replace' will replace \"process.env.['VITEST']\" with `false` and\n // it will be dead code eliminated by Rollup.\n path.join(\n realpathSync.native(__dirname),\n process.env['SOCKET_CLI_TEST_DIST_BUILD'] ? '../..' : '..'\n )\n\nconst lazyRootPkgJsonPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, PACKAGE_JSON)\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, SHADOW_NPM_BIN)\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\n// Harden Node security.\n// https://nodejs.org/en/learn/getting-started/security-best-practices\nconst nodeHardenFlags: string[] =\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_SENTRY_BUILD]\".\n process.env[SOCKET_CLI_SENTRY_BUILD]\n ? []\n : [\n '--disable-proto',\n 'delete',\n // TODO: We can try --frozen-intrinsics once\n // https://github.com/SBoudrias/Inquirer.js/pull/1683 is addressed.\n // '--frozen-intrinsics',\n '--no-deprecation'\n ]\n\nconst constants = createConstantsObject(\n {\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE,\n API_V0_URL,\n // Lazily defined values are initialized as `undefined` to keep their key order.\n BATCH_PURL_ENDPOINT: undefined,\n BINARY_LOCK_EXT,\n BUN,\n CLI,\n CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE,\n DIST_TYPE: undefined,\n DRY_RUN_LABEL,\n DRY_RUN_BAIL_TEXT,\n ENV: undefined,\n LOCK_EXT,\n MODULE_SYNC,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n REQUIRE,\n SHADOW_NPM_BIN,\n SHADOW_NPM_INJECT,\n SHADOW_NPM_PATHS,\n SOCKET,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_BIN_NAME_ALIAS,\n SOCKET_CLI_DEBUG,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n SOCKET_CLI_LEGACY_BUILD,\n SOCKET_CLI_LEGACY_PACKAGE_NAME,\n SOCKET_CLI_NO_API_TOKEN,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PACKAGE_NAME,\n SOCKET_CLI_PUBLISHED_BUILD,\n SOCKET_CLI_SAFE_WRAPPER,\n SOCKET_CLI_SENTRY_BIN_NAME,\n SOCKET_CLI_SENTRY_BUILD,\n SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n SOCKET_CLI_SENTRY_PACKAGE_NAME,\n SOCKET_CLI_VERSION_HASH,\n VLT,\n WITH_SENTRY,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n bashRcPath: undefined,\n distCliPath: undefined,\n distInstrumentWithSentryPath: undefined,\n distPath: undefined,\n distShadowNpmBinPath: undefined,\n distShadowNpmInjectPath: undefined,\n homePath: undefined,\n nmBinPath: undefined,\n nodeHardenFlags,\n rootBinPath: undefined,\n rootDistPath: undefined,\n rootPath: undefined,\n rootPkgJsonPath: undefined,\n shadowBinPath: undefined,\n zshRcPath: undefined\n },\n {\n getters: {\n BATCH_PURL_ENDPOINT: LAZY_BATCH_PURL_ENDPOINT,\n DIST_TYPE: LAZY_DIST_TYPE,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n distCliPath: lazyDistCliPath,\n distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,\n distPath: lazyDistPath,\n distShadowNpmBinPath: lazyDistShadowNpmBinPath,\n distShadowNpmInjectPath: lazyDistShadowNpmInjectPath,\n homePath: lazyHomePath,\n nmBinPath: lazyNmBinPath,\n rootBinPath: lazyRootBinPath,\n rootDistPath: lazyRootDistPath,\n rootPath: lazyRootPath,\n rootPkgJsonPath: lazyRootPkgJsonPath,\n shadowBinPath: lazyShadowBinPath,\n zshRcPath: lazyZshRcPath\n },\n internals: {\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n }\n },\n mixin: registryConstants\n }\n) as Constants\n\nexport default constants\n"],"names":["createConstantsObject","query","env","path","constants","BATCH_PURL_ENDPOINT","DIST_TYPE","ENV","bashRcPath","distCliPath","distInstrumentWithSentryPath","distPath","distShadowNpmBinPath","distShadowNpmInjectPath","homePath","nmBinPath","rootBinPath","rootDistPath","rootPath","rootPkgJsonPath","shadowBinPath","zshRcPath","getters","internals","getSentry","_Sentry","mixin"],"mappings":";;;;;;;;;AAUA;;;;;;;AAOE;AACEA;AACF;AACF;AAmHA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACE;AACAC;AACAA;AACA;AACF;AAEA;AAGA;;AACUC;AAAI;AACZ;AACA;;AAEE;;AAEA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACAA;AAKF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;;AAEF;AACA;AACA;AACE;AAGI;AAGE;AACA;AACA;AACA;AAGFC;;;;;;;AAQF;AACAC;;;;;;AAMAC;;;AAGAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;AACEjB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;AACEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;;AAEFC;AACF;;","debugId":"b4807eeb-d558-4720-a508-980c3382d674"}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
import { Remap } from '@socketsecurity/registry/lib/objects';
|
|
2
|
+
type CveAlertType = 'cve' | 'mediumCVE' | 'mildCVE' | 'criticalCVE';
|
|
3
|
+
type SocketArtifactAlert = {
|
|
4
|
+
key: string;
|
|
5
|
+
type: string;
|
|
6
|
+
severity: string;
|
|
7
|
+
category: string;
|
|
8
|
+
action?: string | undefined;
|
|
9
|
+
actionPolicyIndex?: number | undefined;
|
|
10
|
+
file?: string | undefined;
|
|
11
|
+
props?: any | undefined;
|
|
12
|
+
start?: number | undefined;
|
|
13
|
+
end?: number | undefined;
|
|
14
|
+
};
|
|
15
|
+
type SocketArtifact = {
|
|
16
|
+
type: string;
|
|
17
|
+
name: string;
|
|
18
|
+
namespace?: string | undefined;
|
|
19
|
+
version?: string | undefined;
|
|
20
|
+
subpath?: string | undefined;
|
|
21
|
+
release?: string | undefined;
|
|
22
|
+
id?: string | undefined;
|
|
23
|
+
author?: string[];
|
|
24
|
+
license?: string | undefined;
|
|
25
|
+
licenseDetails?: Array<{
|
|
26
|
+
spdxDisj: string;
|
|
27
|
+
provenance: string;
|
|
28
|
+
filepath: string;
|
|
29
|
+
match_strength: number;
|
|
30
|
+
}>;
|
|
31
|
+
licenseAttrib?: Array<{
|
|
32
|
+
attribText: string;
|
|
33
|
+
attribData: Array<{
|
|
34
|
+
purl: string;
|
|
35
|
+
foundInFilepath: string;
|
|
36
|
+
spdxExpr: string;
|
|
37
|
+
foundAuthors: string[];
|
|
38
|
+
}>;
|
|
39
|
+
}>;
|
|
40
|
+
score?: {
|
|
41
|
+
supplyChain: number;
|
|
42
|
+
quality: number;
|
|
43
|
+
maintenance: number;
|
|
44
|
+
vulnerability: number;
|
|
45
|
+
license: number;
|
|
46
|
+
overall: number;
|
|
47
|
+
};
|
|
48
|
+
alerts?: SocketArtifactAlert[];
|
|
49
|
+
size?: number | undefined;
|
|
50
|
+
batchIndex?: number | undefined;
|
|
51
|
+
};
|
|
52
|
+
type CompactSocketArtifactAlert = Remap<Omit<SocketArtifactAlert, 'action' | 'actionPolicyIndex' | 'category' | 'end' | 'file' | 'start'>>;
|
|
53
|
+
type CompactSocketArtifact = Remap<Omit<SocketArtifact, 'alerts' | 'batchIndex' | 'size'> & {
|
|
54
|
+
alerts: CompactSocketArtifactAlert[];
|
|
55
|
+
}>;
|
|
56
|
+
type ArtifactAlertCve = Remap<Omit<CompactSocketArtifactAlert, 'type'> & {
|
|
57
|
+
type: CveAlertType;
|
|
58
|
+
}>;
|
|
59
|
+
type ArtifactAlertCveFixable = Remap<Omit<CompactSocketArtifactAlert, 'props'> & {
|
|
60
|
+
type: CveAlertType;
|
|
61
|
+
props: {
|
|
62
|
+
firstPatchedVersionIdentifier: string;
|
|
63
|
+
vulnerableVersionRange: string;
|
|
64
|
+
[key: string]: any;
|
|
65
|
+
};
|
|
66
|
+
}>;
|
|
67
|
+
type ArtifactAlertUpgrade = Remap<Omit<CompactSocketArtifactAlert, 'type'> & {
|
|
68
|
+
type: 'socketUpgradeAvailable';
|
|
69
|
+
}>;
|
|
70
|
+
declare function batchScan(pkgIds: string[], concurrencyLimit?: number): AsyncGenerator<CompactSocketArtifact>;
|
|
71
|
+
declare function isArtifactAlertCve(alert: CompactSocketArtifactAlert): alert is ArtifactAlertCve;
|
|
72
|
+
declare function isArtifactAlertCveFixable(alert: CompactSocketArtifactAlert): alert is ArtifactAlertCveFixable;
|
|
73
|
+
declare function isArtifactAlertUpgrade(alert: CompactSocketArtifactAlert): alert is ArtifactAlertUpgrade;
|
|
74
|
+
declare function isArtifactAlertFixable(alert: CompactSocketArtifactAlert): alert is ArtifactAlertCveFixable | ArtifactAlertUpgrade;
|
|
75
|
+
export { CveAlertType, SocketArtifactAlert, SocketArtifact, CompactSocketArtifactAlert, CompactSocketArtifact, ArtifactAlertCve, ArtifactAlertCveFixable, ArtifactAlertUpgrade, batchScan, isArtifactAlertCve, isArtifactAlertCveFixable, isArtifactAlertUpgrade, isArtifactAlertFixable };
|