socket 1.1.39 → 1.1.40

package/dist/types/commands/fix/coana-fix.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"coana-fix.d.mts","sourceRoot":"","sources":["../../../../src/commands/fix/coana-fix.mts"],"names":[],"mappings":"AAmDA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAC5C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AA2D9C,wBAAsB,QAAQ,CAC5B,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC,OAAO,CAAC;IAAE,IAAI,CAAC,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,OAAO,CAAA;CAAE,CAAC,CAAC,CAmetD"}
+{"version":3,"file":"coana-fix.d.mts","sourceRoot":"","sources":["../../../../src/commands/fix/coana-fix.mts"],"names":[],"mappings":"AAkDA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAC5C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAA;AAgD9C,wBAAsB,QAAQ,CAC5B,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC,OAAO,CAAC;IAAE,IAAI,CAAC,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,OAAO,CAAA;CAAE,CAAC,CAAC,CAmetD"}

package/dist/utils.js

@@ -4061,6 +4061,105 @@ async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()
   return false;
 }
 
+/**
+ * Converts CVE IDs to GHSA IDs using GitHub API.
+ * CVE to GHSA mappings are permanent, so we cache for 30 days.
+ */
+async function convertCveToGhsa(cveId) {
+  try {
+    const cacheKey = `cve-to-ghsa-${cveId}`;
+    const octokit = getOctokit();
+    const THIRTY_DAYS_MS = 30 * 24 * 60 * 60 * 1000;
+    const response = await cacheFetch(cacheKey, () => octokit.rest.securityAdvisories.listGlobalAdvisories({
+      cve_id: cveId,
+      per_page: 1
+    }), THIRTY_DAYS_MS);
+    if (!response.data.length) {
+      return {
+        ok: false,
+        message: `No GHSA found for CVE ${cveId}`
+      };
+    }
+    return {
+      ok: true,
+      data: response.data[0].ghsa_id
+    };
+  } catch (e) {
+    const errorCause = getErrorCause(e);
+    const errorLower = errorCause.toLowerCase();
+    // Detect GitHub API rate limit and network errors.
+    const isRateLimitOrNetworkError = errorLower.includes('rate limit') || errorLower.includes('epipe') || errorLower.includes('econnreset') || errorLower.includes('status: 403') || errorLower.includes('status code 403');
+    return {
+      ok: false,
+      message: isRateLimitOrNetworkError ? 'GitHub API rate limit exceeded while converting CVE to GHSA. Wait an hour or set SOCKET_CLI_GITHUB_TOKEN environment variable with a personal access token for higher limits.' : `Failed to convert CVE to GHSA: ${errorCause}`
+    };
+  }
+}
+
+const PURL_TO_GITHUB_ECOSYSTEM_MAPPING = {
+  __proto__: null,
+  // GitHub Advisory Database supported ecosystems
+  cargo: 'rust',
+  composer: 'composer',
+  gem: 'rubygems',
+  go: 'go',
+  golang: 'go',
+  maven: 'maven',
+  npm: 'npm',
+  nuget: 'nuget',
+  pypi: 'pip',
+  swift: 'swift'
+};
+
+/**
+ * Converts PURL to GHSA IDs using GitHub API.
+ */
+async function convertPurlToGhsas(purl) {
+  try {
+    const purlObj = getPurlObject(purl, {
+      throws: false
+    });
+    if (!purlObj) {
+      return {
+        ok: false,
+        message: `Invalid PURL format: ${purl}`
+      };
+    }
+    const {
+      name,
+      type: ecosystem,
+      version
+    } = purlObj;
+
+    // Map PURL ecosystem to GitHub ecosystem.
+    const githubEcosystem = PURL_TO_GITHUB_ECOSYSTEM_MAPPING[ecosystem];
+    if (!githubEcosystem) {
+      return {
+        ok: false,
+        message: `Unsupported PURL ecosystem: ${ecosystem}`
+      };
+    }
+
+    // Search for advisories affecting this package.
+    const cacheKey = `purl-to-ghsa-${ecosystem}-${name}-${version || constants.LATEST}`;
+    const octokit = getOctokit();
+    const affects = version ? `${name}@${version}` : name;
+    const response = await cacheFetch(cacheKey, () => octokit.rest.securityAdvisories.listGlobalAdvisories({
+      ecosystem: githubEcosystem,
+      affects
+    }));
+    return {
+      ok: true,
+      data: response.data.map(a => a.ghsa_id)
+    };
+  } catch (e) {
+    return {
+      ok: false,
+      message: `Failed to convert PURL to GHSA: ${getErrorCause(e)}`
+    };
+  }
+}
+
 /**
  * Command-line utilities for Socket CLI.
  * Handles argument parsing, flag processing, and command formatting.
@@ -4218,105 +4317,6 @@ function isPnpmLockfileScanCommand(command) {
   return command === 'install' || command === 'i' || command === 'update' || command === 'up';
 }
 
-/**
- * Converts CVE IDs to GHSA IDs using GitHub API.
- * CVE to GHSA mappings are permanent, so we cache for 30 days.
- */
-async function convertCveToGhsa(cveId) {
-  try {
-    const cacheKey = `cve-to-ghsa-${cveId}`;
-    const octokit = getOctokit();
-    const THIRTY_DAYS_MS = 30 * 24 * 60 * 60 * 1000;
-    const response = await cacheFetch(cacheKey, () => octokit.rest.securityAdvisories.listGlobalAdvisories({
-      cve_id: cveId,
-      per_page: 1
-    }), THIRTY_DAYS_MS);
-    if (!response.data.length) {
-      return {
-        ok: false,
-        message: `No GHSA found for CVE ${cveId}`
-      };
-    }
-    return {
-      ok: true,
-      data: response.data[0].ghsa_id
-    };
-  } catch (e) {
-    const errorCause = getErrorCause(e);
-    const errorLower = errorCause.toLowerCase();
-    // Detect GitHub API rate limit and network errors.
-    const isRateLimitOrNetworkError = errorLower.includes('rate limit') || errorLower.includes('epipe') || errorLower.includes('econnreset') || errorLower.includes('status: 403') || errorLower.includes('status code 403');
-    return {
-      ok: false,
-      message: isRateLimitOrNetworkError ? 'GitHub API rate limit exceeded while converting CVE to GHSA. Wait an hour or set SOCKET_CLI_GITHUB_TOKEN environment variable with a personal access token for higher limits.' : `Failed to convert CVE to GHSA: ${errorCause}`
-    };
-  }
-}
-
-const PURL_TO_GITHUB_ECOSYSTEM_MAPPING = {
-  __proto__: null,
-  // GitHub Advisory Database supported ecosystems
-  cargo: 'rust',
-  composer: 'composer',
-  gem: 'rubygems',
-  go: 'go',
-  golang: 'go',
-  maven: 'maven',
-  npm: 'npm',
-  nuget: 'nuget',
-  pypi: 'pip',
-  swift: 'swift'
-};
-
-/**
- * Converts PURL to GHSA IDs using GitHub API.
- */
-async function convertPurlToGhsas(purl) {
-  try {
-    const purlObj = getPurlObject(purl, {
-      throws: false
-    });
-    if (!purlObj) {
-      return {
-        ok: false,
-        message: `Invalid PURL format: ${purl}`
-      };
-    }
-    const {
-      name,
-      type: ecosystem,
-      version
-    } = purlObj;
-
-    // Map PURL ecosystem to GitHub ecosystem.
-    const githubEcosystem = PURL_TO_GITHUB_ECOSYSTEM_MAPPING[ecosystem];
-    if (!githubEcosystem) {
-      return {
-        ok: false,
-        message: `Unsupported PURL ecosystem: ${ecosystem}`
-      };
-    }
-
-    // Search for advisories affecting this package.
-    const cacheKey = `purl-to-ghsa-${ecosystem}-${name}-${version || constants.LATEST}`;
-    const octokit = getOctokit();
-    const affects = version ? `${name}@${version}` : name;
-    const response = await cacheFetch(cacheKey, () => octokit.rest.securityAdvisories.listGlobalAdvisories({
-      ecosystem: githubEcosystem,
-      affects
-    }));
-    return {
-      ok: true,
-      data: response.data.map(a => a.ghsa_id)
-    };
-  } catch (e) {
-    return {
-      ok: false,
-      message: `Failed to convert PURL to GHSA: ${getErrorCause(e)}`
-    };
-  }
-}
-
 const RangeStyles = ['pin', 'preserve'];
 function getMajor(version) {
   try {
@@ -6221,5 +6221,5 @@ exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.webLink = webLink;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=652cf0d7-6cf6-49b1-86ba-204b62a4be68
+//# debugId=9654f015-4a5a-4e8b-b934-395a88591a9
 //# sourceMappingURL=utils.js.map