socket 0.14.63 → 0.14.65
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/constants.d.ts +3 -4
- package/dist/constants.js +30 -37
- package/dist/constants.js.map +1 -1
- package/dist/module-sync/artifact.d.ts +12 -60
- package/dist/module-sync/cli.js +507 -264
- package/dist/module-sync/cli.js.map +1 -1
- package/dist/module-sync/shadow-npm-inject.js +100 -212
- package/dist/module-sync/shadow-npm-inject.js.map +1 -1
- package/dist/module-sync/shadow-npm-paths.js +22 -12
- package/dist/module-sync/shadow-npm-paths.js.map +1 -1
- package/dist/require/cli.js +507 -264
- package/dist/require/cli.js.map +1 -1
- package/package.json +8 -11
package/dist/constants.d.ts
CHANGED
|
@@ -139,18 +139,17 @@ declare const constants: {
|
|
|
139
139
|
readonly tsTypesAvailable: ReadonlySet<string>;
|
|
140
140
|
readonly win32EnsureTestsByEcosystem: Map<string, ReadonlySet<string>>;
|
|
141
141
|
readonly 'Symbol(kInternalsSymbol)': Internals;
|
|
142
|
+
readonly ALERT_FIX_TYPE_CVE: 'cve';
|
|
143
|
+
readonly ALERT_FIX_TYPE_UPGRADE: 'upgrade';
|
|
142
144
|
readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE';
|
|
143
145
|
readonly ALERT_TYPE_CVE: 'cve';
|
|
144
146
|
readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE';
|
|
145
147
|
readonly ALERT_TYPE_MILD_CVE: 'mildCVE';
|
|
146
|
-
readonly
|
|
147
|
-
readonly API_V0_URL: 'https://api.socket.dev/v0';
|
|
148
|
-
readonly BATCH_PURL_ENDPOINT: 'https://api.socket.dev/v0/purl?alerts=true&compact=true';
|
|
148
|
+
readonly API_V0_URL: 'https://api.socket.dev/v0/';
|
|
149
149
|
readonly BINARY_LOCK_EXT: '.lockb';
|
|
150
150
|
readonly BUN: 'bun';
|
|
151
151
|
readonly CLI: 'cli';
|
|
152
152
|
readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier';
|
|
153
|
-
readonly CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE: 'vulnerableVersionRange';
|
|
154
153
|
readonly ENV: ENV;
|
|
155
154
|
readonly DIST_TYPE: 'module-sync' | 'require';
|
|
156
155
|
readonly DRY_RUN_LABEL: '[DryRun]';
|
package/dist/constants.js
CHANGED
|
@@ -10,7 +10,6 @@ var env = require('@socketsecurity/registry/lib/env');
|
|
|
10
10
|
const {
|
|
11
11
|
NODE_MODULES,
|
|
12
12
|
NPM,
|
|
13
|
-
NPX,
|
|
14
13
|
SOCKET_SECURITY_SCOPE,
|
|
15
14
|
kInternalsSymbol,
|
|
16
15
|
[kInternalsSymbol]: {
|
|
@@ -18,19 +17,17 @@ const {
|
|
|
18
17
|
getIpc
|
|
19
18
|
}
|
|
20
19
|
} = registryConstants;
|
|
21
|
-
const
|
|
22
|
-
const
|
|
20
|
+
const ALERT_FIX_TYPE_CVE = 'cve';
|
|
21
|
+
const ALERT_FIX_TYPE_UPGRADE = 'upgrade';
|
|
23
22
|
const ALERT_TYPE_CRITICAL_CVE = 'criticalCVE';
|
|
24
23
|
const ALERT_TYPE_CVE = 'cve';
|
|
25
24
|
const ALERT_TYPE_MEDIUM_CVE = 'mediumCVE';
|
|
26
25
|
const ALERT_TYPE_MILD_CVE = 'mildCVE';
|
|
27
|
-
const
|
|
28
|
-
const API_V0_URL = 'https://api.socket.dev/v0';
|
|
26
|
+
const API_V0_URL = 'https://api.socket.dev/v0/';
|
|
29
27
|
const BINARY_LOCK_EXT = '.lockb';
|
|
30
28
|
const BUN = 'bun';
|
|
31
29
|
const CLI = 'cli';
|
|
32
30
|
const CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER = 'firstPatchedVersionIdentifier';
|
|
33
|
-
const CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE = 'vulnerableVersionRange';
|
|
34
31
|
const DRY_RUN_LABEL = '[DryRun]';
|
|
35
32
|
const DRY_RUN_BAIL_TEXT = `${DRY_RUN_LABEL}: Bailing now`;
|
|
36
33
|
const INLINED_SOCKET_CLI_LEGACY_BUILD = 'INLINED_SOCKET_CLI_LEGACY_BUILD';
|
|
@@ -46,35 +43,31 @@ const REQUIRE = 'require';
|
|
|
46
43
|
const SHADOW_NPM_BIN = 'shadow-bin';
|
|
47
44
|
const SHADOW_NPM_INJECT = 'shadow-npm-inject';
|
|
48
45
|
const SHADOW_NPM_PATHS = 'shadow-npm-paths';
|
|
49
|
-
const
|
|
50
|
-
const
|
|
46
|
+
const SOCKET = 'socket';
|
|
47
|
+
const SOCKET_CLI_BIN_NAME = 'socket';
|
|
48
|
+
const SOCKET_CLI_BIN_NAME_ALIAS = 'cli';
|
|
51
49
|
const SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG';
|
|
52
50
|
const SOCKET_CLI_FIX = 'SOCKET_CLI_FIX';
|
|
53
51
|
const SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';
|
|
54
|
-
const SOCKET_CLI_LEGACY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}
|
|
52
|
+
const SOCKET_CLI_LEGACY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/cli`;
|
|
55
53
|
const SOCKET_CLI_NO_API_TOKEN = 'SOCKET_CLI_NO_API_TOKEN';
|
|
56
54
|
const SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE';
|
|
57
|
-
const SOCKET_CLI_NPM_BIN_NAME =
|
|
58
|
-
const SOCKET_CLI_NPX_BIN_NAME =
|
|
59
|
-
const SOCKET_CLI_PACKAGE_NAME =
|
|
55
|
+
const SOCKET_CLI_NPM_BIN_NAME = 'socket-npm';
|
|
56
|
+
const SOCKET_CLI_NPX_BIN_NAME = 'socket-npx';
|
|
57
|
+
const SOCKET_CLI_PACKAGE_NAME = 'socket';
|
|
60
58
|
const SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER';
|
|
61
|
-
const SOCKET_CLI_SENTRY_BIN_NAME =
|
|
62
|
-
const SOCKET_CLI_SENTRY_BIN_NAME_ALIAS =
|
|
63
|
-
const SOCKET_CLI_SENTRY_NPM_BIN_NAME =
|
|
64
|
-
const SOCKET_CLI_SENTRY_NPX_BIN_NAME =
|
|
65
|
-
const SOCKET_CLI_SENTRY_PACKAGE_NAME = `${
|
|
59
|
+
const SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry';
|
|
60
|
+
const SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry';
|
|
61
|
+
const SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry';
|
|
62
|
+
const SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry';
|
|
63
|
+
const SOCKET_CLI_SENTRY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/cli-with-sentry`;
|
|
66
64
|
const VLT = 'vlt';
|
|
65
|
+
const WITH_SENTRY = 'with-sentry';
|
|
67
66
|
const YARN = 'yarn';
|
|
68
|
-
const YARN_BERRY =
|
|
69
|
-
const YARN_CLASSIC =
|
|
70
|
-
const YARN_LOCK =
|
|
67
|
+
const YARN_BERRY = 'yarn/berry';
|
|
68
|
+
const YARN_CLASSIC = 'yarn/classic';
|
|
69
|
+
const YARN_LOCK = 'yarn.lock';
|
|
71
70
|
let _Sentry;
|
|
72
|
-
const LAZY_BATCH_PURL_ENDPOINT = () => {
|
|
73
|
-
const query = new URLSearchParams();
|
|
74
|
-
query.append('alerts', 'true');
|
|
75
|
-
query.append('compact', 'true');
|
|
76
|
-
return `${API_V0_URL}/purl?${query}`;
|
|
77
|
-
};
|
|
78
71
|
const LAZY_DIST_TYPE = () => registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE;
|
|
79
72
|
const LAZY_ENV = () => {
|
|
80
73
|
const {
|
|
@@ -87,17 +80,17 @@ const LAZY_ENV = () => {
|
|
|
87
80
|
...registryConstants.ENV,
|
|
88
81
|
// Inlined flag set to determine if this is the Legacy build.
|
|
89
82
|
// The '@rollup/plugin-replace' will replace "process.env[INLINED_SOCKET_CLI_LEGACY_BUILD]".
|
|
90
|
-
|
|
83
|
+
INLINED_SOCKET_CLI_LEGACY_BUILD: false,
|
|
91
84
|
// Inlined flag set to determine if this is a published build.
|
|
92
85
|
// The '@rollup/plugin-replace' will replace "process.env[INLINED_SOCKET_CLI_PUBLISHED_BUILD]".
|
|
93
|
-
|
|
86
|
+
INLINED_SOCKET_CLI_PUBLISHED_BUILD: true,
|
|
94
87
|
// Inlined flag set to determine if this is the Sentry build.
|
|
95
88
|
// The '@rollup/plugin-replace' will replace "process.env[INLINED_SOCKET_CLI_SENTRY_BUILD]".
|
|
96
|
-
|
|
89
|
+
INLINED_SOCKET_CLI_SENTRY_BUILD: false,
|
|
97
90
|
// Flag set to help debug Socket CLI.
|
|
98
|
-
|
|
91
|
+
SOCKET_CLI_DEBUG: env.envAsBoolean(env$1['SOCKET_CLI_DEBUG']),
|
|
99
92
|
// Flag set to make the default API token `undefined`.
|
|
100
|
-
|
|
93
|
+
SOCKET_CLI_NO_API_TOKEN: env.envAsBoolean(env$1['SOCKET_CLI_NO_API_TOKEN'])
|
|
101
94
|
});
|
|
102
95
|
};
|
|
103
96
|
const lazyBashRcPath = () =>
|
|
@@ -171,19 +164,18 @@ const lazyZshRcPath = () =>
|
|
|
171
164
|
// Lazily access constants.homePath.
|
|
172
165
|
path.join(constants.homePath, '.zshrc');
|
|
173
166
|
const constants = createConstantsObject({
|
|
167
|
+
ALERT_FIX_TYPE_CVE,
|
|
168
|
+
ALERT_FIX_TYPE_UPGRADE,
|
|
174
169
|
ALERT_TYPE_CRITICAL_CVE,
|
|
175
170
|
ALERT_TYPE_CVE,
|
|
176
171
|
ALERT_TYPE_MEDIUM_CVE,
|
|
177
172
|
ALERT_TYPE_MILD_CVE,
|
|
178
|
-
ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE,
|
|
179
173
|
API_V0_URL,
|
|
180
|
-
// Lazily defined values are initialized as `undefined` to keep their key order.
|
|
181
|
-
BATCH_PURL_ENDPOINT: undefined,
|
|
182
174
|
BINARY_LOCK_EXT,
|
|
183
175
|
BUN,
|
|
184
176
|
CLI,
|
|
185
177
|
CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,
|
|
186
|
-
|
|
178
|
+
// Lazily defined values are initialized as `undefined` to keep their key order.
|
|
187
179
|
DIST_TYPE: undefined,
|
|
188
180
|
DRY_RUN_LABEL,
|
|
189
181
|
DRY_RUN_BAIL_TEXT,
|
|
@@ -210,6 +202,8 @@ const constants = createConstantsObject({
|
|
|
210
202
|
SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,
|
|
211
203
|
SOCKET_CLI_LEGACY_PACKAGE_NAME,
|
|
212
204
|
SOCKET_CLI_NO_API_TOKEN,
|
|
205
|
+
SOCKET_CLI_NPM_BIN_NAME,
|
|
206
|
+
SOCKET_CLI_NPX_BIN_NAME,
|
|
213
207
|
SOCKET_CLI_OPTIMIZE,
|
|
214
208
|
SOCKET_CLI_PACKAGE_NAME,
|
|
215
209
|
SOCKET_CLI_SAFE_WRAPPER,
|
|
@@ -240,7 +234,6 @@ const constants = createConstantsObject({
|
|
|
240
234
|
zshRcPath: undefined
|
|
241
235
|
}, {
|
|
242
236
|
getters: {
|
|
243
|
-
BATCH_PURL_ENDPOINT: LAZY_BATCH_PURL_ENDPOINT,
|
|
244
237
|
DIST_TYPE: LAZY_DIST_TYPE,
|
|
245
238
|
ENV: LAZY_ENV,
|
|
246
239
|
bashRcPath: lazyBashRcPath,
|
|
@@ -276,5 +269,5 @@ const constants = createConstantsObject({
|
|
|
276
269
|
});
|
|
277
270
|
|
|
278
271
|
module.exports = constants;
|
|
279
|
-
//# debugId=
|
|
272
|
+
//# debugId=8401a60a-f43c-476e-ac2a-afaf93b90a64
|
|
280
273
|
//# sourceMappingURL=constants.js.map
|
package/dist/constants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sources":["../../src/constants.ts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport os from 'node:os'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\nimport { envAsBoolean } from '@socketsecurity/registry/lib/env'\n\nimport type { Agent } from './utils/package-environment'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst {\n NODE_MODULES,\n NPM,\n NPX,\n SOCKET_SECURITY_SCOPE,\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n createConstantsObject,\n getIpc\n }\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_NO_API_TOKEN: boolean\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_WRAPPER?: string | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE: 'socketUpgradeAvailable'\n readonly API_V0_URL: 'https://api.socket.dev/v0'\n readonly BATCH_PURL_ENDPOINT: 'https://api.socket.dev/v0/purl?alerts=true&compact=true'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly CLI: 'cli'\n readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n readonly CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE: 'vulnerableVersionRange'\n readonly ENV: ENV\n readonly DIST_TYPE: 'module-sync' | 'require'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAIL_TEXT: '[DryRun] Bailing now'\n readonly INLINED_SOCKET_CLI_LEGACY_BUILD: 'INLINED_SOCKET_CLI_LEGACY_BUILD'\n readonly INLINED_SOCKET_CLI_PUBLISHED_BUILD: 'INLINED_SOCKET_CLI_PUBLISHED_BUILD'\n readonly INLINED_SOCKET_CLI_SENTRY_BUILD: 'INLINED_SOCKET_CLI_SENTRY_BUILD'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly MODULE_SYNC: 'module-sync'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly REQUIRE: 'require'\n readonly SHADOW_NPM_BIN: 'shadow-bin'\n readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n readonly SHADOW_NPM_PATHS: 'shadow-npm-paths'\n readonly SOCKET: 'socket'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n readonly SOCKET_CLI_NO_API_TOKEN: 'SOCKET_CLI_NO_API_TOKEN'\n readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER'\n readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n readonly VLT: 'vlt'\n readonly WITH_SENTRY: 'with-sentry'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly distCliPath: string\n readonly distInstrumentWithSentryPath: string\n readonly distPath: string\n readonly distShadowNpmBinPath: string\n readonly distShadowNpmInjectPath: string\n readonly homePath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly rootBinPath: string\n readonly rootDistPath: string\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly zshRcPath: string\n }\n>\n\nconst SOCKET = 'socket'\nconst WITH_SENTRY = 'with-sentry'\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE = 'socketUpgradeAvailable'\nconst API_V0_URL = 'https://api.socket.dev/v0'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n 'firstPatchedVersionIdentifier'\nconst CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE = 'vulnerableVersionRange'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAIL_TEXT = `${DRY_RUN_LABEL}: Bailing now`\nconst INLINED_SOCKET_CLI_LEGACY_BUILD = 'INLINED_SOCKET_CLI_LEGACY_BUILD'\nconst INLINED_SOCKET_CLI_PUBLISHED_BUILD = 'INLINED_SOCKET_CLI_PUBLISHED_BUILD'\nconst INLINED_SOCKET_CLI_SENTRY_BUILD = 'INLINED_SOCKET_CLI_SENTRY_BUILD'\nconst LOCK_EXT = '.lock'\nconst MODULE_SYNC = 'module-sync'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst REQUIRE = 'require'\nconst SHADOW_NPM_BIN = 'shadow-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SHADOW_NPM_PATHS = 'shadow-npm-paths'\nconst SOCKET_CLI_BIN_NAME = SOCKET\nconst SOCKET_CLI_BIN_NAME_ALIAS = CLI\nconst SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/${CLI}`\nconst SOCKET_CLI_NO_API_TOKEN = 'SOCKET_CLI_NO_API_TOKEN'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = `${SOCKET}-${NPM}`\nconst SOCKET_CLI_NPX_BIN_NAME = `${SOCKET}-${NPX}`\nconst SOCKET_CLI_PACKAGE_NAME = SOCKET\nconst SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER'\nconst SOCKET_CLI_SENTRY_BIN_NAME = `${SOCKET_CLI_BIN_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = `${SOCKET_CLI_BIN_NAME_ALIAS}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = `${SOCKET_CLI_NPM_BIN_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = `${SOCKET_CLI_NPX_BIN_NAME}-${WITH_SENTRY}`\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = `${SOCKET_CLI_LEGACY_PACKAGE_NAME}-${WITH_SENTRY}`\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = `${YARN}/berry`\nconst YARN_CLASSIC = `${YARN}/classic`\nconst YARN_LOCK = `${YARN}${LOCK_EXT}`\n\nlet _Sentry: any\n\nconst LAZY_BATCH_PURL_ENDPOINT = () => {\n const query = new URLSearchParams()\n query.append('alerts', 'true')\n query.append('compact', 'true')\n return `${API_V0_URL}/purl?${query}`\n}\n\nconst LAZY_DIST_TYPE = () =>\n registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE\n\nconst LAZY_ENV = () => {\n const { env } = process\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Inlined flag set to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_LEGACY_BUILD]\".\n [INLINED_SOCKET_CLI_LEGACY_BUILD]:\n process.env[INLINED_SOCKET_CLI_LEGACY_BUILD],\n // Inlined flag set to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_PUBLISHED_BUILD]\".\n [INLINED_SOCKET_CLI_PUBLISHED_BUILD]:\n process.env[INLINED_SOCKET_CLI_PUBLISHED_BUILD],\n // Inlined flag set to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_SENTRY_BUILD]\".\n [INLINED_SOCKET_CLI_SENTRY_BUILD]:\n process.env[INLINED_SOCKET_CLI_SENTRY_BUILD],\n // Flag set to help debug Socket CLI.\n [SOCKET_CLI_DEBUG]: envAsBoolean(env[SOCKET_CLI_DEBUG]),\n // Flag set to make the default API token `undefined`.\n [SOCKET_CLI_NO_API_TOKEN]: envAsBoolean(env[SOCKET_CLI_NO_API_TOKEN])\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistInstrumentWithSentryPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, 'instrument-with-sentry.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootDistPath and constants.DIST_TYPE.\n path.join(constants.rootDistPath, constants.DIST_TYPE)\n\nconst lazyDistShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyDistShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n [NPM, '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.9'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, '*']\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, `${NODE_MODULES}/.bin`)\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_SENTRY_BUILD]\".\n // Lazily access constants.WIN32.\n process.env[INLINED_SOCKET_CLI_SENTRY_BUILD] || constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n ['--disable-proto', 'delete', '--frozen-intrinsics', '--no-deprecation']\n\nconst lazyRootBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyRootDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () =>\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_TEST_DIST_BUILD']\".\n path.join(\n realpathSync.native(__dirname),\n process.env['INLINED_SOCKET_CLI_TEST_DIST_BUILD'] ? '../..' : '..'\n )\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, SHADOW_NPM_BIN)\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants = createConstantsObject(\n {\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE,\n API_V0_URL,\n // Lazily defined values are initialized as `undefined` to keep their key order.\n BATCH_PURL_ENDPOINT: undefined,\n BINARY_LOCK_EXT,\n BUN,\n CLI,\n CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE,\n DIST_TYPE: undefined,\n DRY_RUN_LABEL,\n DRY_RUN_BAIL_TEXT,\n ENV: undefined,\n INLINED_SOCKET_CLI_LEGACY_BUILD,\n INLINED_SOCKET_CLI_PUBLISHED_BUILD,\n INLINED_SOCKET_CLI_SENTRY_BUILD,\n LOCK_EXT,\n MODULE_SYNC,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n REQUIRE,\n SHADOW_NPM_BIN,\n SHADOW_NPM_INJECT,\n SHADOW_NPM_PATHS,\n SOCKET,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_BIN_NAME_ALIAS,\n SOCKET_CLI_DEBUG,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n SOCKET_CLI_LEGACY_PACKAGE_NAME,\n SOCKET_CLI_NO_API_TOKEN,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PACKAGE_NAME,\n SOCKET_CLI_SAFE_WRAPPER,\n SOCKET_CLI_SENTRY_BIN_NAME,\n SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n SOCKET_CLI_SENTRY_PACKAGE_NAME,\n VLT,\n WITH_SENTRY,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n distCliPath: undefined,\n distInstrumentWithSentryPath: undefined,\n distPath: undefined,\n distShadowNpmBinPath: undefined,\n distShadowNpmInjectPath: undefined,\n homePath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n rootBinPath: undefined,\n rootDistPath: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n zshRcPath: undefined\n },\n {\n getters: {\n BATCH_PURL_ENDPOINT: LAZY_BATCH_PURL_ENDPOINT,\n DIST_TYPE: LAZY_DIST_TYPE,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n distCliPath: lazyDistCliPath,\n distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,\n distPath: lazyDistPath,\n distShadowNpmBinPath: lazyDistShadowNpmBinPath,\n distShadowNpmInjectPath: lazyDistShadowNpmInjectPath,\n homePath: lazyHomePath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n rootBinPath: lazyRootBinPath,\n rootDistPath: lazyRootDistPath,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n zshRcPath: lazyZshRcPath\n },\n internals: {\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n }\n },\n mixin: registryConstants\n }\n) as Constants\n\nexport default constants\n"],"names":["getIpc","query","env","path","constants","BATCH_PURL_ENDPOINT","DIST_TYPE","ENV","bashRcPath","distCliPath","distInstrumentWithSentryPath","distPath","distShadowNpmBinPath","distShadowNpmInjectPath","homePath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootBinPath","rootDistPath","rootPath","shadowBinPath","zshRcPath","getters","internals","getSentry","_Sentry","mixin"],"mappings":";;;;;;;;;AAWA;;;;;;AAME;;AAEEA;AACF;AACF;AA+GA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACE;AACAC;AACAA;AACA;AACF;AAEA;AAGA;;AACUC;AAAI;AACZ;AACA;;AAEE;;AAEA;AACA;AACA;AAEA;AACA;AACA;AAEA;AACA;AACA;AAEA;;AAEA;AACA;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AACE;AACA;AACgDC;AAE5C;AACA;AACA;AACA;AACA;AACA;AACA;AAEN;AACE;AACAD;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAKF;AACE;AACAA;AAEF;AACE;AACAA;AAEIC;;;;;;;AAQF;AACAC;;;;;;AAMAC;;;AAGAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;AACElB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;;AAEEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;;AAEFC;AACF;;","debugId":"3907c1b1-6857-44ea-a3e6-0f0145f3652a"}
|
|
1
|
+
{"version":3,"file":"constants.js","sources":["../../src/constants.ts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport os from 'node:os'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\nimport { envAsBoolean } from '@socketsecurity/registry/lib/env'\n\nimport type { Agent } from './utils/package-environment'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst {\n NODE_MODULES,\n NPM,\n SOCKET_SECURITY_SCOPE,\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n createConstantsObject,\n getIpc\n }\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIpc'> &\n Readonly<{\n getIpc: {\n (): Promise<IPC>\n <K extends keyof IPC | undefined>(\n key?: K | undefined\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_NO_API_TOKEN: boolean\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string | undefined\n SOCKET_CLI_OPTIMIZE?: boolean | undefined\n SOCKET_CLI_SAFE_WRAPPER?: string | undefined\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_FIX_TYPE_CVE: 'cve'\n readonly ALERT_FIX_TYPE_UPGRADE: 'upgrade'\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly API_V0_URL: 'https://api.socket.dev/v0/'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly CLI: 'cli'\n readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n readonly ENV: ENV\n readonly DIST_TYPE: 'module-sync' | 'require'\n readonly DRY_RUN_LABEL: '[DryRun]'\n readonly DRY_RUN_BAIL_TEXT: '[DryRun] Bailing now'\n readonly INLINED_SOCKET_CLI_LEGACY_BUILD: 'INLINED_SOCKET_CLI_LEGACY_BUILD'\n readonly INLINED_SOCKET_CLI_PUBLISHED_BUILD: 'INLINED_SOCKET_CLI_PUBLISHED_BUILD'\n readonly INLINED_SOCKET_CLI_SENTRY_BUILD: 'INLINED_SOCKET_CLI_SENTRY_BUILD'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly MODULE_SYNC: 'module-sync'\n readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly PNPM: 'pnpm'\n readonly REDACTED: '<redacted>'\n readonly REQUIRE: 'require'\n readonly SHADOW_NPM_BIN: 'shadow-bin'\n readonly SHADOW_NPM_INJECT: 'shadow-npm-inject'\n readonly SHADOW_NPM_PATHS: 'shadow-npm-paths'\n readonly SOCKET: 'socket'\n readonly SOCKET_CLI_BIN_NAME: 'socket'\n readonly SOCKET_CLI_BIN_NAME_ALIAS: 'cli'\n readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_SENTRY_BIN_NAME_ALIAS: 'cli-with-sentry'\n readonly SOCKET_CLI_LEGACY_PACKAGE_NAME: '@socketsecurity/cli'\n readonly SOCKET_CLI_NO_API_TOKEN: 'SOCKET_CLI_NO_API_TOKEN'\n readonly SOCKET_CLI_NPM_BIN_NAME: 'socket-npm'\n readonly SOCKET_CLI_NPX_BIN_NAME: 'socket-npx'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PACKAGE_NAME: 'socket'\n readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER'\n readonly SOCKET_CLI_SENTRY_BIN_NAME: 'socket-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPM_BIN_NAME: 'socket-npm-with-sentry'\n readonly SOCKET_CLI_SENTRY_NPX_BIN_NAME: 'socket-npx-with-sentry'\n readonly SOCKET_CLI_SENTRY_PACKAGE_NAME: '@socketsecurity/cli-with-sentry'\n readonly VLT: 'vlt'\n readonly WITH_SENTRY: 'with-sentry'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly YARN_LOCK: 'yarn.lock'\n readonly bashRcPath: string\n readonly distCliPath: string\n readonly distInstrumentWithSentryPath: string\n readonly distPath: string\n readonly distShadowNpmBinPath: string\n readonly distShadowNpmInjectPath: string\n readonly homePath: string\n readonly minimumVersionByAgent: Map<Agent, string>\n readonly nmBinPath: string\n readonly nodeHardenFlags: string[]\n readonly rootBinPath: string\n readonly rootDistPath: string\n readonly rootPath: string\n readonly shadowBinPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_FIX_TYPE_CVE = 'cve'\nconst ALERT_FIX_TYPE_UPGRADE = 'upgrade'\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n 'firstPatchedVersionIdentifier'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAIL_TEXT = `${DRY_RUN_LABEL}: Bailing now`\nconst INLINED_SOCKET_CLI_LEGACY_BUILD = 'INLINED_SOCKET_CLI_LEGACY_BUILD'\nconst INLINED_SOCKET_CLI_PUBLISHED_BUILD = 'INLINED_SOCKET_CLI_PUBLISHED_BUILD'\nconst INLINED_SOCKET_CLI_SENTRY_BUILD = 'INLINED_SOCKET_CLI_SENTRY_BUILD'\nconst LOCK_EXT = '.lock'\nconst MODULE_SYNC = 'module-sync'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst REQUIRE = 'require'\nconst SHADOW_NPM_BIN = 'shadow-bin'\nconst SHADOW_NPM_INJECT = 'shadow-npm-inject'\nconst SHADOW_NPM_PATHS = 'shadow-npm-paths'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_BIN_NAME_ALIAS = 'cli'\nconst SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/cli`\nconst SOCKET_CLI_NO_API_TOKEN = 'SOCKET_CLI_NO_API_TOKEN'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_NPM_BIN_NAME = 'socket-npm'\nconst SOCKET_CLI_NPX_BIN_NAME = 'socket-npx'\nconst SOCKET_CLI_PACKAGE_NAME = 'socket'\nconst SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER'\nconst SOCKET_CLI_SENTRY_BIN_NAME = 'socket-with-sentry'\nconst SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = 'cli-with-sentry'\nconst SOCKET_CLI_SENTRY_NPM_BIN_NAME = 'socket-npm-with-sentry'\nconst SOCKET_CLI_SENTRY_NPX_BIN_NAME = 'socket-npx-with-sentry'\nconst SOCKET_CLI_SENTRY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/cli-with-sentry`\nconst VLT = 'vlt'\nconst WITH_SENTRY = 'with-sentry'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nconst LAZY_DIST_TYPE = () =>\n registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE\n\nconst LAZY_ENV = () => {\n const { env } = process\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Inlined flag set to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_LEGACY_BUILD]\".\n INLINED_SOCKET_CLI_LEGACY_BUILD:\n process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n // Inlined flag set to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_PUBLISHED_BUILD]\".\n INLINED_SOCKET_CLI_PUBLISHED_BUILD:\n process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n // Inlined flag set to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_SENTRY_BUILD]\".\n INLINED_SOCKET_CLI_SENTRY_BUILD:\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n // Flag set to help debug Socket CLI.\n SOCKET_CLI_DEBUG: envAsBoolean(env['SOCKET_CLI_DEBUG']),\n // Flag set to make the default API token `undefined`.\n SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN'])\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyDistCliPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, 'cli.js')\n\nconst lazyDistInstrumentWithSentryPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, 'instrument-with-sentry.js')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootDistPath and constants.DIST_TYPE.\n path.join(constants.rootDistPath, constants.DIST_TYPE)\n\nconst lazyDistShadowNpmBinPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_BIN}.js`)\n\nconst lazyDistShadowNpmInjectPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${SHADOW_NPM_INJECT}.js`)\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyMinimumVersionByAgent = () =>\n new Map([\n // Bun >=1.1.39 supports the text-based lockfile.\n // https://bun.sh/blog/bun-lock-text-lockfile\n [BUN, '1.1.39'],\n // The npm version bundled with Node 18.\n // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n [NPM, '10.8.2'],\n // 8.x is the earliest version to support Node 18.\n // https://pnpm.io/installation#compatibility\n // https://www.npmjs.com/package/pnpm?activeTab=versions\n [PNPM, '8.15.9'],\n // 4.x supports >= Node 18.12.0\n // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n [YARN_BERRY, '4.0.0'],\n // Latest 1.x.\n // https://www.npmjs.com/package/yarn?activeTab=versions\n [YARN_CLASSIC, '1.22.22'],\n // vlt does not support overrides so we don't gate on it.\n [VLT, '*']\n ])\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, `${NODE_MODULES}/.bin`)\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n // The '@rollup/plugin-replace' will replace \"process.env[INLINED_SOCKET_CLI_SENTRY_BUILD]\".\n // Lazily access constants.WIN32.\n process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'] || constants.WIN32\n ? []\n : // Harden Node security.\n // https://nodejs.org/en/learn/getting-started/security-best-practices\n // We have contributed the following patches to our dependencies to make\n // Node's --frozen-intrinsics workable.\n // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n // √ https://github.com/pnpm/components/pull/23\n ['--disable-proto', 'delete', '--frozen-intrinsics', '--no-deprecation']\n\nconst lazyRootBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyRootDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () =>\n // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_TEST_DIST_BUILD']\".\n path.join(\n realpathSync.native(__dirname),\n process.env['INLINED_SOCKET_CLI_TEST_DIST_BUILD'] ? '../..' : '..'\n )\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, SHADOW_NPM_BIN)\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants = createConstantsObject(\n {\n ALERT_FIX_TYPE_CVE,\n ALERT_FIX_TYPE_UPGRADE,\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n API_V0_URL,\n BINARY_LOCK_EXT,\n BUN,\n CLI,\n CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n // Lazily defined values are initialized as `undefined` to keep their key order.\n DIST_TYPE: undefined,\n DRY_RUN_LABEL,\n DRY_RUN_BAIL_TEXT,\n ENV: undefined,\n INLINED_SOCKET_CLI_LEGACY_BUILD,\n INLINED_SOCKET_CLI_PUBLISHED_BUILD,\n INLINED_SOCKET_CLI_SENTRY_BUILD,\n LOCK_EXT,\n MODULE_SYNC,\n NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n NPM_REGISTRY_URL,\n PNPM,\n REDACTED,\n REQUIRE,\n SHADOW_NPM_BIN,\n SHADOW_NPM_INJECT,\n SHADOW_NPM_PATHS,\n SOCKET,\n SOCKET_CLI_BIN_NAME,\n SOCKET_CLI_BIN_NAME_ALIAS,\n SOCKET_CLI_DEBUG,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,\n SOCKET_CLI_LEGACY_PACKAGE_NAME,\n SOCKET_CLI_NO_API_TOKEN,\n SOCKET_CLI_NPM_BIN_NAME,\n SOCKET_CLI_NPX_BIN_NAME,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PACKAGE_NAME,\n SOCKET_CLI_SAFE_WRAPPER,\n SOCKET_CLI_SENTRY_BIN_NAME,\n SOCKET_CLI_SENTRY_NPM_BIN_NAME,\n SOCKET_CLI_SENTRY_NPX_BIN_NAME,\n SOCKET_CLI_SENTRY_PACKAGE_NAME,\n VLT,\n WITH_SENTRY,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n YARN_LOCK,\n bashRcPath: undefined,\n distCliPath: undefined,\n distInstrumentWithSentryPath: undefined,\n distPath: undefined,\n distShadowNpmBinPath: undefined,\n distShadowNpmInjectPath: undefined,\n homePath: undefined,\n minimumVersionByAgent: undefined,\n nmBinPath: undefined,\n nodeHardenFlags: undefined,\n rootBinPath: undefined,\n rootDistPath: undefined,\n rootPath: undefined,\n shadowBinPath: undefined,\n zshRcPath: undefined\n },\n {\n getters: {\n DIST_TYPE: LAZY_DIST_TYPE,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n distCliPath: lazyDistCliPath,\n distInstrumentWithSentryPath: lazyDistInstrumentWithSentryPath,\n distPath: lazyDistPath,\n distShadowNpmBinPath: lazyDistShadowNpmBinPath,\n distShadowNpmInjectPath: lazyDistShadowNpmInjectPath,\n homePath: lazyHomePath,\n minimumVersionByAgent: lazyMinimumVersionByAgent,\n nmBinPath: lazyNmBinPath,\n nodeHardenFlags: lazyNodeHardenFlags,\n rootBinPath: lazyRootBinPath,\n rootDistPath: lazyRootDistPath,\n rootPath: lazyRootPath,\n shadowBinPath: lazyShadowBinPath,\n zshRcPath: lazyZshRcPath\n },\n internals: {\n getIpc,\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n }\n },\n mixin: registryConstants\n }\n) as Constants\n\nexport default constants\n"],"names":["getIpc","env","INLINED_SOCKET_CLI_LEGACY_BUILD","INLINED_SOCKET_CLI_PUBLISHED_BUILD","INLINED_SOCKET_CLI_SENTRY_BUILD","SOCKET_CLI_DEBUG","SOCKET_CLI_NO_API_TOKEN","path","constants","DIST_TYPE","ENV","bashRcPath","distCliPath","distInstrumentWithSentryPath","distPath","distShadowNpmBinPath","distShadowNpmInjectPath","homePath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","rootBinPath","rootDistPath","rootPath","shadowBinPath","zshRcPath","getters","internals","getSentry","_Sentry","mixin"],"mappings":";;;;;;;;;AAWA;;;;;AAKE;;AAEEA;AACF;AACF;AA8GA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AAGA;;AACUC;AAAI;AACZ;AACA;;AAEE;;AAEA;AACA;AACAC;AAEA;AACA;AACAC;AAEA;AACA;AACAC;AAEA;AACAC;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AACE;AACA;AACkDC;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AAEN;AACE;AACAD;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAKF;AACE;AACAA;AAEF;AACE;AACAA;AAEIC;;;;;;;;;;;;AAaF;AACAC;;;AAGAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;AACEjB;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;;AAEEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;;AAEFC;AACF;;","debugId":"8401a60a-f43c-476e-ac2a-afaf93b90a64"}
|
|
@@ -1,62 +1,9 @@
|
|
|
1
1
|
import { Remap } from '@socketsecurity/registry/lib/objects';
|
|
2
|
-
|
|
3
|
-
type SocketArtifactAlert = {
|
|
4
|
-
key: string;
|
|
5
|
-
type: string;
|
|
6
|
-
severity: string;
|
|
7
|
-
category: string;
|
|
8
|
-
action?: string | undefined;
|
|
9
|
-
actionPolicyIndex?: number | undefined;
|
|
10
|
-
file?: string | undefined;
|
|
11
|
-
props?: any | undefined;
|
|
12
|
-
start?: number | undefined;
|
|
13
|
-
end?: number | undefined;
|
|
14
|
-
};
|
|
15
|
-
type SocketArtifact = {
|
|
16
|
-
type: string;
|
|
17
|
-
name: string;
|
|
18
|
-
namespace?: string | undefined;
|
|
19
|
-
version?: string | undefined;
|
|
20
|
-
subpath?: string | undefined;
|
|
21
|
-
release?: string | undefined;
|
|
22
|
-
id?: string | undefined;
|
|
23
|
-
author?: string[];
|
|
24
|
-
license?: string | undefined;
|
|
25
|
-
licenseDetails?: Array<{
|
|
26
|
-
spdxDisj: string;
|
|
27
|
-
provenance: string;
|
|
28
|
-
filepath: string;
|
|
29
|
-
match_strength: number;
|
|
30
|
-
}>;
|
|
31
|
-
licenseAttrib?: Array<{
|
|
32
|
-
attribText: string;
|
|
33
|
-
attribData: Array<{
|
|
34
|
-
purl: string;
|
|
35
|
-
foundInFilepath: string;
|
|
36
|
-
spdxExpr: string;
|
|
37
|
-
foundAuthors: string[];
|
|
38
|
-
}>;
|
|
39
|
-
}>;
|
|
40
|
-
score?: {
|
|
41
|
-
supplyChain: number;
|
|
42
|
-
quality: number;
|
|
43
|
-
maintenance: number;
|
|
44
|
-
vulnerability: number;
|
|
45
|
-
license: number;
|
|
46
|
-
overall: number;
|
|
47
|
-
};
|
|
48
|
-
alerts?: SocketArtifactAlert[];
|
|
49
|
-
size?: number | undefined;
|
|
50
|
-
batchIndex?: number | undefined;
|
|
51
|
-
};
|
|
52
|
-
type CompactSocketArtifactAlert = Remap<Omit<SocketArtifactAlert, 'action' | 'actionPolicyIndex' | 'category' | 'end' | 'file' | 'start'>>;
|
|
53
|
-
type CompactSocketArtifact = Remap<Omit<SocketArtifact, 'alerts' | 'batchIndex' | 'size'> & {
|
|
54
|
-
alerts: CompactSocketArtifactAlert[];
|
|
55
|
-
}>;
|
|
2
|
+
import { components } from '@socketsecurity/sdk/types/api';
|
|
56
3
|
type ArtifactAlertCve = Remap<Omit<CompactSocketArtifactAlert, 'type'> & {
|
|
57
4
|
type: CveAlertType;
|
|
58
5
|
}>;
|
|
59
|
-
type ArtifactAlertCveFixable = Remap<Omit<CompactSocketArtifactAlert, 'props'> & {
|
|
6
|
+
type ArtifactAlertCveFixable = Remap<Omit<CompactSocketArtifactAlert, 'props' | 'type'> & {
|
|
60
7
|
type: CveAlertType;
|
|
61
8
|
props: {
|
|
62
9
|
firstPatchedVersionIdentifier: string;
|
|
@@ -67,9 +14,14 @@ type ArtifactAlertCveFixable = Remap<Omit<CompactSocketArtifactAlert, 'props'> &
|
|
|
67
14
|
type ArtifactAlertUpgrade = Remap<Omit<CompactSocketArtifactAlert, 'type'> & {
|
|
68
15
|
type: 'socketUpgradeAvailable';
|
|
69
16
|
}>;
|
|
70
|
-
|
|
17
|
+
type CveAlertType = 'cve' | 'mediumCVE' | 'mildCVE' | 'criticalCVE';
|
|
18
|
+
type CompactSocketArtifactAlert = Remap<Omit<SocketArtifactAlert, 'action' | 'actionPolicyIndex' | 'category' | 'end' | 'file' | 'start'>>;
|
|
19
|
+
type CompactSocketArtifact = Remap<Omit<SocketArtifact, 'alerts' | 'batchIndex' | 'size'> & {
|
|
20
|
+
alerts: CompactSocketArtifactAlert[];
|
|
21
|
+
}>;
|
|
22
|
+
type SocketArtifact = components['schemas']['SocketArtifact'];
|
|
23
|
+
type SocketArtifactAlert = Remap<Omit<components['schemas']['SocketAlert'], 'props'> & {
|
|
24
|
+
props?: any | undefined;
|
|
25
|
+
}>;
|
|
71
26
|
declare function isArtifactAlertCve(alert: CompactSocketArtifactAlert): alert is ArtifactAlertCve;
|
|
72
|
-
|
|
73
|
-
declare function isArtifactAlertUpgrade(alert: CompactSocketArtifactAlert): alert is ArtifactAlertUpgrade;
|
|
74
|
-
declare function isArtifactAlertFixable(alert: CompactSocketArtifactAlert): alert is ArtifactAlertCveFixable | ArtifactAlertUpgrade;
|
|
75
|
-
export { CveAlertType, SocketArtifactAlert, SocketArtifact, CompactSocketArtifactAlert, CompactSocketArtifact, ArtifactAlertCve, ArtifactAlertCveFixable, ArtifactAlertUpgrade, batchScan, isArtifactAlertCve, isArtifactAlertCveFixable, isArtifactAlertUpgrade, isArtifactAlertFixable };
|
|
27
|
+
export { ArtifactAlertCve, ArtifactAlertCveFixable, ArtifactAlertUpgrade, CveAlertType, CompactSocketArtifactAlert, CompactSocketArtifact, SocketArtifact, SocketArtifactAlert, isArtifactAlertCve };
|