npm - socket - Versions diffs - 1.1.78 → 1.1.79 - Mend

socket 1.1.78 → 1.1.79

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/CHANGELOG.md +5 -0
package/dist/cli.js +11 -1
package/dist/cli.js.map +1 -1
package/dist/constants.js +4 -4
package/dist/constants.js.map +1 -1
package/dist/tsconfig.dts.tsbuildinfo +1 -1
package/dist/types/commands/scan/output-scan-reach.d.mts.map +1 -1
package/dist/types/utils/coana.d.mts +7 -0
package/dist/types/utils/coana.d.mts.map +1 -1
package/dist/types/utils/npm-paths.d.mts.map +1 -1
package/dist/utils.js +75 -3
package/dist/utils.js.map +1 -1
package/package.json +5 -4

package/dist/types/commands/scan/output-scan-reach.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"output-scan-reach.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/output-scan-reach.mts"],"names":[],"mappings":"~~AAMA~~,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAA;AACrF,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAE1D,wBAAsB,eAAe,CACnC,MAAM,EAAE,OAAO,CAAC,0BAA0B,CAAC,EAC3C,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,GACzE,OAAO,CAAC,IAAI,CAAC,~~CAmBf~~"}
1	+ {"version":3,"file":"output-scan-reach.d.mts","sourceRoot":"","sources":["../../../../src/commands/scan/output-scan-reach.mts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,qCAAqC,CAAA;AACrF,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAE1D,wBAAsB,eAAe,CACnC,MAAM,EAAE,OAAO,CAAC,0BAA0B,CAAC,EAC3C,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,GACzE,OAAO,CAAC,IAAI,CAAC,CAmCf"}

package/dist/types/utils/coana.d.mts CHANGED Viewed

@@ -1,2 +1,9 @@
+export type ReachabilityError = {
+    componentName: string;
+    componentVersion: string;
+    ghsaId: string;
+    subprojectPath: string;
+};
+export declare function extractReachabilityErrors(socketFactsFile: string): ReachabilityError[];
 export declare function extractTier1ReachabilityScanId(socketFactsFile: string): string | undefined;
 //# sourceMappingURL=coana.d.mts.map

package/dist/types/utils/coana.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"coana.d.mts","sourceRoot":"","sources":["../../../src/utils/coana.mts"],"names":[],"mappings":"AAeA,wBAAgB,8BAA8B,CAC5C,eAAe,EAAE,MAAM,GACtB,MAAM,GAAG,SAAS,CAQpB"}
1	+ {"version":3,"file":"coana.d.mts","sourceRoot":"","sources":["../../../src/utils/coana.mts"],"names":[],"mappings":"AAeA,MAAM,MAAM,iBAAiB,GAAG;IAC9B,aAAa,EAAE,MAAM,CAAA;IACrB,gBAAgB,EAAE,MAAM,CAAA;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,wBAAgB,yBAAyB,CACvC,eAAe,EAAE,MAAM,GACtB,iBAAiB,EAAE,CA0CrB;AAED,wBAAgB,8BAA8B,CAC5C,eAAe,EAAE,MAAM,GACtB,MAAM,GAAG,SAAS,CAQpB"}

package/dist/types/utils/npm-paths.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"npm-paths.d.mts","sourceRoot":"","sources":["../../../src/utils/npm-paths.mts"],"names":[],"mappings":"~~AAsBA~~,wBAAgB,aAAa,IAAI,MAAM,CAQtC;~~AAWD~~,wBAAgB,aAAa,WAyB5B;AAGD,wBAAgB,aAAa,IAAI,MAAM,CAAC,OAAO,CAY9C;AAGD,wBAAgB,aAAa,IAAI,MAAM,CAQtC;~~AAUD~~,wBAAgB,oBAAoB,YAEnC;AAED,wBAAgB,oBAAoB,YAEnC"}
1	+ {"version":3,"file":"npm-paths.d.mts","sourceRoot":"","sources":["../../../src/utils/npm-paths.mts"],"names":[],"mappings":"AAwCA,wBAAgB,aAAa,IAAI,MAAM,CAQtC;AAkBD,wBAAgB,aAAa,WAyB5B;AAGD,wBAAgB,aAAa,IAAI,MAAM,CAAC,OAAO,CAY9C;AAGD,wBAAgB,aAAa,IAAI,MAAM,CAQtC;AAmBD,wBAAgB,oBAAoB,YAEnC;AAED,wBAAgB,oBAAoB,YAEnC"}

package/dist/utils.js CHANGED Viewed

@@ -4482,6 +4482,36 @@ function* walkNestedMap(map, keys = []) {
  * - Extracts tier 1 reachability scan identifiers
  */
+function extractReachabilityErrors(socketFactsFile) {
+  const json = fs$1.readJsonSync(socketFactsFile, {
+    throws: false
+  });
+  if (!json || !Array.isArray(json.components)) {
+    return [];
+  }
+  const errors = [];
+  for (const component of json.components) {
+    if (!Array.isArray(component.reachability)) {
+      continue;
+    }
+    for (const ghsaEntry of component.reachability) {
+      if (!Array.isArray(ghsaEntry.reachability)) {
+        continue;
+      }
+      for (const entry of ghsaEntry.reachability) {
+        if (entry.type === 'error') {
+          errors.push({
+            componentName: String(component.name ?? ''),
+            componentVersion: String(component.version ?? ''),
+            ghsaId: String(ghsaEntry.ghsa_id ?? ''),
+            subprojectPath: String(entry.subprojectPath ?? '')
+          });
+        }
+      }
+    }
+  }
+  return errors;
+}
 function extractTier1ReachabilityScanId(socketFactsFile) {
   const json = fs$1.readJsonSync(socketFactsFile, {
     throws: false
@@ -5959,6 +5989,23 @@ function exitWithBinPathError$1(binName) {
   // This line is never reached in production, but helps tests.
   throw new Error('process.exit called');
 }
+// Find a binary next to the running node binary (process.execPath).
+// This avoids picking up a project-local binary from node_modules/.bin
+// on PATH, e.g. the standalone "npx" package which bundles npm@5.1.0
+// that is incompatible with Node 22+.
+function findBinNextToNode(binName) {
+  const nodeDir = path.dirname(process.execPath);
+  const binPath = path.join(nodeDir, binName);
+  if (fs.existsSync(binPath)) {
+    try {
+      return bin.resolveBinPathSync(binPath);
+    } catch {
+      return undefined;
+    }
+  }
+  return undefined;
+}
 let _npmBinPath;
 function getNpmBinPath() {
   if (_npmBinPath === undefined) {
@@ -5972,7 +6019,18 @@ function getNpmBinPath() {
 let _npmBinPathDetails;
 function getNpmBinPathDetails() {
   if (_npmBinPathDetails === undefined) {
-    _npmBinPathDetails = findBinPathDetailsSync(constants.NPM);
+    // First try to find npm next to the node binary to avoid picking up
+    // a project-local npm from node_modules/.bin on PATH.
+    const npmNextToNode = findBinNextToNode(constants.NPM);
+    if (npmNextToNode) {
+      _npmBinPathDetails = {
+        name: constants.NPM,
+        path: npmNextToNode,
+        shadowed: false
+      };
+    } else {
+      _npmBinPathDetails = findBinPathDetailsSync(constants.NPM);
+    }
   }
   return _npmBinPathDetails;
 }
@@ -6024,7 +6082,20 @@ function getNpxBinPath() {
 let _npxBinPathDetails;
 function getNpxBinPathDetails() {
   if (_npxBinPathDetails === undefined) {
-    _npxBinPathDetails = findBinPathDetailsSync('npx');
+    // First try to find npx next to the node binary to avoid picking up
+    // a project-local npx from node_modules/.bin on PATH (e.g., the
+    // standalone npx package which bundles npm@5.1.0, incompatible
+    // with Node 22+).
+    const npxNextToNode = findBinNextToNode('npx');
+    if (npxNextToNode) {
+      _npxBinPathDetails = {
+        name: 'npx',
+        path: npxNextToNode,
+        shadowed: false
+      };
+    } else {
+      _npxBinPathDetails = findBinPathDetailsSync('npx');
+    }
   }
   return _npxBinPathDetails;
 }
@@ -7703,6 +7774,7 @@ exports.detectAndValidatePackageEnvironment = detectAndValidatePackageEnvironmen
 exports.detectDefaultBranch = detectDefaultBranch;
 exports.determineOrgSlug = determineOrgSlug;
 exports.enablePrAutoMerge = enablePrAutoMerge;
+exports.extractReachabilityErrors = extractReachabilityErrors;
 exports.extractTier1ReachabilityScanId = extractTier1ReachabilityScanId;
 exports.failMsgWithBadge = failMsgWithBadge;
 exports.fetchGhsaDetails = fetchGhsaDetails;
@@ -7813,5 +7885,5 @@ exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.webLink = webLink;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=c107f1c4-3417-4dcc-ad18-d22becac7c1e
+//# debugId=8ab81ec7-1b88-43f4-85b0-ff74e04851d2
 //# sourceMappingURL=utils.js.map