socket 1.0.57 → 1.0.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/dist/cli.js +83 -31
  2. package/dist/cli.js.map +1 -1
  3. package/dist/constants.js +4 -4
  4. package/dist/constants.js.map +1 -1
  5. package/dist/types/commands/fix/agent-fix.d.mts.map +1 -1
  6. package/dist/types/commands/fix/npm-fix.d.mts.map +1 -1
  7. package/dist/types/commands/fix/pnpm-fix.d.mts.map +1 -1
  8. package/dist/types/commands/fix/pull-request.d.mts +1 -1
  9. package/dist/types/commands/fix/pull-request.d.mts.map +1 -1
  10. package/dist/types/commands/scan/cmd-scan-create.d.mts.map +1 -1
  11. package/dist/types/commands/scan/suggest_target.d.mts +1 -1
  12. package/dist/types/commands/scan/suggest_target.d.mts.map +1 -1
  13. package/dist/types/utils/git.d.mts +2 -2
  14. package/dist/types/utils/git.d.mts.map +1 -1
  15. package/dist/utils.js +92 -22
  16. package/dist/utils.js.map +1 -1
  17. package/dist/vendor.js +8 -8
  18. package/external/@socketsecurity/registry/lib/debug.js +37 -6
  19. package/external/@socketsecurity/registry/lib/spinner.js +19 -7
  20. package/package.json +7 -7
package/dist/cli.js CHANGED
@@ -1205,7 +1205,7 @@ function createLeaf(art, alert, policyAction) {
1205
1205
  type: alert.type,
1206
1206
  policy: policyAction,
1207
1207
  url: utils.getSocketDevPackageOverviewUrlFromPurl(art),
1208
- manifest: art.manifestFiles?.map(obj => obj.file) ?? []
1208
+ manifest: art.manifestFiles?.map(o => o.file) ?? []
1209
1209
  };
1210
1210
  return leaf;
1211
1211
  }
@@ -3457,22 +3457,26 @@ async function openPr(owner, repo, branch, purl, newVersion, options) {
3457
3457
  return null;
3458
3458
  }
3459
3459
  async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()) {
3460
- const stdioIgnoreOptions = {
3461
- cwd,
3462
- stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
3463
- };
3464
3460
  const {
3465
3461
  host
3466
3462
  } = new URL(constants.ENV.GITHUB_SERVER_URL);
3467
3463
  const url = `https://x-access-token:${token}@${host}/${owner}/${repo}`;
3464
+ const stdioIgnoreOptions = {
3465
+ cwd,
3466
+ stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
3467
+ };
3468
+ const quotedCmd = `\`git remote set-url origin ${url}\``;
3469
+ debug.debugFn('stdio', `spawn: ${quotedCmd}`);
3468
3470
  try {
3469
3471
  await spawn.spawn('git', ['remote', 'set-url', 'origin', url], stdioIgnoreOptions);
3472
+ return true;
3470
3473
  } catch (e) {
3471
- debug.debugFn('error', 'caught: unexpected error');
3474
+ debug.debugFn('error', `caught: ${quotedCmd} failed`);
3472
3475
  debug.debugDir('inspect', {
3473
3476
  error: e
3474
3477
  });
3475
3478
  }
3479
+ return false;
3476
3480
  }
3477
3481
 
3478
3482
  function ciRepoInfo() {
@@ -3712,6 +3716,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
3712
3716
  };
3713
3717
  const handleInstallFail = () => {
3714
3718
  cleanupInfoEntriesLoop();
3719
+ spinner?.stop();
3715
3720
  return {
3716
3721
  ok: false,
3717
3722
  message: 'Install failed',
@@ -4105,22 +4110,47 @@ function getFixAlertsMapOptions(options = {}) {
4105
4110
 
4106
4111
  async function install$1(pkgEnvDetails, options) {
4107
4112
  const {
4108
- args,
4113
+ args: extraArgs,
4109
4114
  cwd,
4110
4115
  spinner
4111
4116
  } = {
4112
4117
  __proto__: null,
4113
4118
  ...options
4114
4119
  };
4120
+ const args = ['--ignore-scripts', '--no-audit', '--no-fund', '--no-progress', '--no-save', '--silent', ...(extraArgs ?? [])];
4121
+ const quotedCmd = `\`${pkgEnvDetails.agent} install ${args.join(' ')}\``;
4122
+ debug.debugFn('stdio', `spawn: ${quotedCmd}`);
4123
+ const isSpinning = spinner?.isSpinning;
4124
+ spinner?.stop();
4125
+ let errored = false;
4115
4126
  try {
4116
4127
  await utils.runAgentInstall(pkgEnvDetails, {
4117
- args: ['--ignore-scripts', '--no-audit', '--no-fund', '--no-progress', '--no-save', '--silent', ...(args ?? [])],
4128
+ args,
4118
4129
  spinner,
4119
4130
  stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
4120
4131
  });
4121
- return await getActualTree(cwd);
4122
- } catch {}
4123
- return null;
4132
+ } catch (e) {
4133
+ debug.debugFn('error', `caught: ${quotedCmd} failed`);
4134
+ debug.debugDir('inspect', {
4135
+ error: e
4136
+ });
4137
+ errored = true;
4138
+ }
4139
+ let actualTree = null;
4140
+ if (!errored) {
4141
+ try {
4142
+ actualTree = await getActualTree(cwd);
4143
+ } catch (e) {
4144
+ debug.debugFn('error', 'caught: Arborist error');
4145
+ debug.debugDir('inspect', {
4146
+ error: e
4147
+ });
4148
+ }
4149
+ }
4150
+ if (isSpinning) {
4151
+ spinner.start();
4152
+ }
4153
+ return actualTree;
4124
4154
  }
4125
4155
  async function npmFix(pkgEnvDetails, fixConfig) {
4126
4156
  const {
@@ -4226,28 +4256,53 @@ const {
4226
4256
  } = constants;
4227
4257
  async function install(pkgEnvDetails, options) {
4228
4258
  const {
4229
- args,
4259
+ args: extraArgs,
4230
4260
  cwd,
4231
4261
  spinner
4232
4262
  } = {
4233
4263
  __proto__: null,
4234
4264
  ...options
4235
4265
  };
4266
+ const args = [
4267
+ // Enable pnpm updates to pnpm-lock.yaml in CI environments.
4268
+ // https://pnpm.io/cli/install#--frozen-lockfile
4269
+ '--no-frozen-lockfile',
4270
+ // Enable a non-interactive pnpm install
4271
+ // https://github.com/pnpm/pnpm/issues/6778
4272
+ '--config.confirmModulesPurge=false', ...(extraArgs ?? [])];
4273
+ const quotedCmd = `\`${pkgEnvDetails.agent} install ${args.join(' ')}\``;
4274
+ debug.debugFn('stdio', `spawn: ${quotedCmd}`);
4275
+ const isSpinning = spinner?.isSpinning;
4276
+ spinner?.stop();
4277
+ let errored = false;
4236
4278
  try {
4237
4279
  await utils.runAgentInstall(pkgEnvDetails, {
4238
- args: [
4239
- // Enable pnpm updates to pnpm-lock.yaml in CI environments.
4240
- // https://pnpm.io/cli/install#--frozen-lockfile
4241
- '--no-frozen-lockfile',
4242
- // Enable a non-interactive pnpm install
4243
- // https://github.com/pnpm/pnpm/issues/6778
4244
- '--config.confirmModulesPurge=false', ...(args ?? [])],
4280
+ args,
4245
4281
  spinner,
4246
4282
  stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
4247
4283
  });
4248
- return await getActualTree(cwd);
4249
- } catch {}
4250
- return null;
4284
+ } catch (e) {
4285
+ debug.debugFn('error', `caught: ${quotedCmd} failed`);
4286
+ debug.debugDir('inspect', {
4287
+ error: e
4288
+ });
4289
+ errored = true;
4290
+ }
4291
+ let actualTree = null;
4292
+ if (!errored) {
4293
+ try {
4294
+ actualTree = await getActualTree(cwd);
4295
+ } catch (e) {
4296
+ debug.debugFn('error', 'caught: Arborist error');
4297
+ debug.debugDir('inspect', {
4298
+ error: e
4299
+ });
4300
+ }
4301
+ }
4302
+ if (isSpinning) {
4303
+ spinner.start();
4304
+ }
4305
+ return actualTree;
4251
4306
  }
4252
4307
  async function pnpmFix(pkgEnvDetails, fixConfig) {
4253
4308
  const {
@@ -6295,8 +6350,8 @@ async function setupManifestConfig(cwd, defaultOnReadError = false) {
6295
6350
  logger.logger.log(' CLI commands. You can still override them by explicitly');
6296
6351
  logger.logger.log(' setting the flag. It is meant to be a convenience tool.');
6297
6352
  logger.logger.log('');
6298
- logger.logger.log('This command will generate a `socket.json` file in the target cwd.');
6299
- logger.logger.log('You can choose to add this file to your repo (handy for collab)');
6353
+ logger.logger.log('This command will generate a socket.json file in the target cwd.');
6354
+ logger.logger.log('You can choose to add this file to your repo (handy for collaboration)');
6300
6355
  logger.logger.log('or to add it to the ignored files, or neither. This file is only');
6301
6356
  logger.logger.log('used in CLI workflows.');
6302
6357
  logger.logger.log('');
@@ -7484,7 +7539,7 @@ async function updateLockfile(pkgEnvDetails, options) {
7484
7539
  __proto__: null,
7485
7540
  ...options
7486
7541
  };
7487
- const isSpinning = !!spinner?.['isSpinning'];
7542
+ const isSpinning = !!spinner?.isSpinning;
7488
7543
  if (!isSpinning) {
7489
7544
  spinner?.start();
7490
7545
  }
@@ -10245,9 +10300,7 @@ async function suggestTarget() {
10245
10300
  description: 'Do not use the current directory (this will end in a no-op)'
10246
10301
  }]
10247
10302
  });
10248
- if (proceed) {
10249
- return ['.'];
10250
- }
10303
+ return proceed ? ['.'] : [];
10251
10304
  }
10252
10305
 
10253
10306
  const {
@@ -10475,8 +10528,7 @@ async function run$c(argv, importMeta, {
10475
10528
  // the command without requiring user input, as a suggestion.
10476
10529
  let updatedInput = false;
10477
10530
  if (!targets.length && !dryRun && interactive) {
10478
- const received = await suggestTarget();
10479
- targets = received ?? [];
10531
+ targets = await suggestTarget();
10480
10532
  updatedInput = true;
10481
10533
  }
10482
10534
 
@@ -14158,5 +14210,5 @@ void (async () => {
14158
14210
  await utils.captureException(e);
14159
14211
  }
14160
14212
  })();
14161
- //# debugId=4fadc2fa-389d-44dd-820e-1cd78bae1dd6
14213
+ //# debugId=b9685bcd-e040-4012-90f5-54b3bfba5ba0
14162
14214
  //# sourceMappingURL=cli.js.map