🚨 Latest Research:Tanstack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack.Learn More →
@socketsecurity/sdk
Advanced tools
@socketsecurity/sdk - npm Package Compare versions
+23
-0
@@ -7,2 +7,25 @@ # Changelog | ||
| ## [4.0.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v4.0.0) - 2026-04-06 | ||
| ### Breaking Changes | ||
| - **HTTP client refactored**: All HTTP methods (`createGetRequest`, `createDeleteRequest`, `createRequestWithJson`, `createUploadRequest`) now return `HttpResponse` from `@socketsecurity/lib/http-request` instead of Node.js `IncomingMessage` | ||
| - **`ResponseError.response`**: Changed from `IncomingMessage` to `HttpResponse` — access status via `.status`/`.statusText` instead of `.statusCode`/`.statusMessage` | ||
| - **Unified HTTP transport**: File uploads now use `httpRequest()` from `@socketsecurity/lib` — eliminated the dual `node:http`/`node:https` + `getResponse()` stack | ||
| - **Trimmed public API surface**: Removed internal helpers from the main entry point: | ||
| - HTTP functions: `createDeleteRequest`, `createGetRequest`, `createRequestWithJson`, `getErrorResponseBody`, `getResponseJson`, `isResponseOk`, `reshapeArtifactForPublicPolicy` | ||
| - File upload functions: `createRequestBodyForFilepaths`, `createRequestBodyForJson`, `createUploadRequest` | ||
| - Utilities: `calculateWordSetSimilarity`, `filterRedundantCause`, `normalizeBaseUrl`, `promiseWithResolvers`, `queryToSearchParams`, `resolveAbsPaths`, `resolveBasePath`, `shouldOmitReason` | ||
| - Constants: `DEFAULT_USER_AGENT`, `httpAgentNames`, `publicPolicy` | ||
| - **Removed exports**: `getHttpModule` and `getResponse` are fully removed (not just from index) | ||
| - **Removed `PromiseQueue`**: The `PromiseQueue` class has been removed entirely | ||
| - **Removed `getSupportedScanFiles()`**: Deprecated since 2023-01-15 — use `getSupportedFiles()` instead | ||
| - **Removed `http2-wrapper` type dependency**: `Agent` type now uses `ClientHttp2Session` from native `node:http2` | ||
| ### Changed | ||
| - Migrated HTTP internals to `@socketsecurity/lib/http-request` (`httpRequest`), reducing code duplication and consolidating response handling | ||
| - Retry logic improved: all 4xx client errors now bail immediately (previously only 401/403) | ||
| - New audit log action types: `CreateFirewallCustomRegistry`, `CreateFirewallDeploymentConfig`, `DeleteFirewallCustomRegistry`, `DeleteFirewallDeploymentConfig`, `UpdateFirewallCustomRegistry`, `UpdateFirewallDeploymentConfig` | ||
| ## [3.5.0](https://github.com/SocketDev/socket-sdk-js/releases/tag/v3.5.0) - 2026-04-03 | ||
@@ -9,0 +32,0 @@ |
| import FormData from 'form-data'; | ||
| import type { RequestOptionsWithHooks } from './types'; | ||
| import type { IncomingMessage } from 'node:http'; | ||
| /** | ||
| * Create multipart form-data body parts for file uploads. | ||
| * Converts file paths to readable streams with proper multipart headers. | ||
| * | ||
| * @throws {Error} When file cannot be read (ENOENT, EACCES, EISDIR, etc.) | ||
| */ | ||
| import type { HttpResponse } from '@socketsecurity/lib/http-request'; | ||
| export declare function createRequestBodyForFilepaths(filepaths: string[], basePath: string): FormData; | ||
| /** | ||
| * Create multipart form-data body part for JSON data. | ||
| * Converts JSON object to readable stream with appropriate headers. | ||
| */ | ||
| export declare function createRequestBodyForJson(jsonData: unknown, basename?: string): FormData; | ||
| /** | ||
| * Create and execute a multipart/form-data upload request using form-data library. | ||
| * Streams large files efficiently with automatic backpressure handling and early server validation. | ||
| * | ||
| * @throws {Error} When network errors occur or stream processing fails | ||
| */ | ||
| export declare function createUploadRequest(baseUrl: string, urlPath: string, form: FormData, options?: RequestOptionsWithHooks | undefined): Promise<IncomingMessage>; | ||
| export declare function createUploadRequest(baseUrl: string, urlPath: string, form: FormData, options?: RequestOptionsWithHooks | undefined): Promise<HttpResponse>; |
@@ -1,88 +0,14 @@ | ||
| /** | ||
| * @fileoverview HTTP client utilities for Socket API communication. | ||
| * Provides low-level HTTP request handling with proper error management and response parsing. | ||
| */ | ||
| import http from 'node:http'; | ||
| import https from 'node:https'; | ||
| import type { RequestOptionsWithHooks, SendMethod } from './types'; | ||
| import type { HttpResponse } from '@socketsecurity/lib/http-request'; | ||
| import type { JsonValue } from '@socketsecurity/lib/json/types'; | ||
| import type { ClientRequest, IncomingMessage } from 'node:http'; | ||
| /** | ||
| * Array of sensitive header names that should be redacted in logs | ||
| */ | ||
| /** | ||
| * HTTP response error for Socket API requests. | ||
| * Extends Error with response details for debugging failed API calls. | ||
| */ | ||
| export declare class ResponseError extends Error { | ||
| response: IncomingMessage; | ||
| response: HttpResponse; | ||
| url?: string | undefined; | ||
| /** | ||
| * Create a new ResponseError from an HTTP response. | ||
| * Automatically formats error message with status code and message. | ||
| */ | ||
| constructor(response: IncomingMessage, message?: string, url?: string | undefined); | ||
| constructor(response: HttpResponse, message?: string, url?: string | undefined); | ||
| } | ||
| /** | ||
| * Create and execute an HTTP DELETE request. | ||
| * Returns the response stream for further processing. | ||
| * | ||
| * @throws {Error} When network or timeout errors occur | ||
| */ | ||
| export declare function createDeleteRequest(baseUrl: string, urlPath: string, options?: RequestOptionsWithHooks | undefined): Promise<IncomingMessage>; | ||
| /** | ||
| * Create and execute an HTTP GET request. | ||
| * Returns the response stream for further processing. | ||
| * Performance tracking enabled with DEBUG=perf. | ||
| * | ||
| * @throws {Error} When network or timeout errors occur | ||
| */ | ||
| export declare function createGetRequest(baseUrl: string, urlPath: string, options?: RequestOptionsWithHooks | undefined): Promise<IncomingMessage>; | ||
| /** | ||
| * Create and execute an HTTP request with JSON payload. | ||
| * Automatically sets appropriate content headers and serializes the body. | ||
| * Performance tracking enabled with DEBUG=perf. | ||
| * | ||
| * @throws {Error} When network or timeout errors occur | ||
| */ | ||
| export declare function createRequestWithJson(method: SendMethod, baseUrl: string, urlPath: string, json: unknown, options?: RequestOptionsWithHooks | undefined): Promise<IncomingMessage>; | ||
| /** | ||
| * Read the response body from an HTTP error response. | ||
| * Accumulates all chunks into a complete string for error handling. | ||
| * Enforces maximum response size to prevent memory exhaustion. | ||
| * | ||
| * @throws {Error} When stream errors occur during reading | ||
| * @throws {Error} When response exceeds maximum size limit | ||
| */ | ||
| export declare function getErrorResponseBody(response: IncomingMessage): Promise<string>; | ||
| /** | ||
| * Get the appropriate HTTP module based on URL protocol. | ||
| * Returns http module for http: URLs, https module for https: URLs. | ||
| */ | ||
| export declare function getHttpModule(url: string): typeof http | typeof https; | ||
| /** | ||
| * Wait for and return the HTTP response from a request. | ||
| * Handles timeout and error conditions during request processing. | ||
| * | ||
| * @throws {Error} When request times out or network errors occur | ||
| */ | ||
| export declare function getResponse(req: ClientRequest): Promise<IncomingMessage>; | ||
| /** | ||
| * Parse HTTP response body as JSON. | ||
| * Validates response status and handles empty responses gracefully. | ||
| * Performance tracking enabled with DEBUG=perf. | ||
| * | ||
| * @throws {ResponseError} When response has non-2xx status code | ||
| * @throws {SyntaxError} When response body contains invalid JSON | ||
| */ | ||
| export declare function getResponseJson(response: IncomingMessage, method?: string | undefined, url?: string | undefined): Promise<JsonValue | undefined>; | ||
| /** | ||
| * Check if HTTP response has a successful status code (2xx range). | ||
| * Returns true for status codes between 200-299, false otherwise. | ||
| */ | ||
| export declare function isResponseOk(response: IncomingMessage): boolean; | ||
| /** | ||
| * Transform artifact data based on authentication status. | ||
| * Filters and compacts response data for public/free-tier users. | ||
| */ | ||
| export declare function createDeleteRequest(baseUrl: string, urlPath: string, options?: RequestOptionsWithHooks | undefined): Promise<HttpResponse>; | ||
| export declare function createGetRequest(baseUrl: string, urlPath: string, options?: RequestOptionsWithHooks | undefined): Promise<HttpResponse>; | ||
| export declare function createRequestWithJson(method: SendMethod, baseUrl: string, urlPath: string, json: unknown, options?: RequestOptionsWithHooks | undefined): Promise<HttpResponse>; | ||
| export declare function getResponseJson(response: HttpResponse, method?: string | undefined, url?: string | undefined): Promise<JsonValue | undefined>; | ||
| export declare function isResponseOk(response: HttpResponse): boolean; | ||
| export declare function reshapeArtifactForPublicPolicy<T extends Record<string, unknown>>(data: T, isAuthenticated: boolean, actions?: string | undefined, policy?: Map<string, string> | undefined): T; |
+1
-6
@@ -5,6 +5,3 @@ /** | ||
| */ | ||
| import { DEFAULT_USER_AGENT, httpAgentNames, publicPolicy } from './constants'; | ||
| import { calculateWordSetSimilarity, filterRedundantCause, normalizeBaseUrl, promiseWithResolvers, queryToSearchParams, resolveAbsPaths, resolveBasePath, shouldOmitReason } from './utils'; | ||
| export { createRequestBodyForFilepaths, createRequestBodyForJson, createUploadRequest, } from './file-upload'; | ||
| export { createDeleteRequest, createGetRequest, createRequestWithJson, getErrorResponseBody, getHttpModule, getResponse, getResponseJson, isResponseOk, ResponseError, reshapeArtifactForPublicPolicy, } from './http-client'; | ||
| export { ResponseError } from './http-client'; | ||
| export { calculateTotalQuotaCost, getAllMethodRequirements, getMethodRequirements, getMethodsByPermissions, getMethodsByQuotaCost, getQuotaCost, getQuotaUsageSummary, getRequiredPermissions, hasQuotaForMethods, } from './quota-utils'; | ||
@@ -15,3 +12,1 @@ export { SocketSdk } from './socket-sdk-class'; | ||
| export { createUserAgentFromPkgJson } from './user-agent'; | ||
| export { calculateWordSetSimilarity, filterRedundantCause, normalizeBaseUrl, promiseWithResolvers, queryToSearchParams, resolveAbsPaths, resolveBasePath, shouldOmitReason, }; | ||
| export { DEFAULT_USER_AGENT, httpAgentNames, publicPolicy }; |
| import type { ArtifactPatches, BatchPackageFetchResultType, BatchPackageStreamOptions, CreateDependenciesSnapshotOptions, Entitlement, GetOptions, MalwareCheckResult, PatchViewResponse, PostOrgTelemetryPayload, PostOrgTelemetryResponse, QueryParams, SendOptions, SocketSdkGenericResult, SocketSdkOptions, SocketSdkResult, StreamOrgFullScanOptions, UploadManifestFilesError, UploadManifestFilesOptions, UploadManifestFilesReturnType } from './types'; | ||
| import type { CreateFullScanOptions, DeleteRepositoryLabelResult, DeleteResult, FullScanListResult, FullScanResult, GetRepositoryOptions, ListFullScansOptions, ListRepositoriesOptions, OrganizationsResult, RepositoriesListResult, RepositoryLabelResult, RepositoryLabelsListResult, RepositoryResult, StrictErrorResult } from './types-strict'; | ||
| import type { IncomingMessage } from 'node:http'; | ||
| import type { HttpResponse } from '@socketsecurity/lib/http-request'; | ||
| /** | ||
@@ -479,3 +479,3 @@ * Socket SDK for programmatic access to Socket.dev security analysis APIs. | ||
| */ | ||
| getApi<T = IncomingMessage>(urlPath: string, options?: GetOptions | undefined): Promise<T | SocketSdkGenericResult<T>>; | ||
| getApi<T = HttpResponse>(urlPath: string, options?: GetOptions | undefined): Promise<T | SocketSdkGenericResult<T>>; | ||
| /** | ||
@@ -882,11 +882,2 @@ * Get list of API tokens for an organization. | ||
| /** | ||
| * Get list of file types and formats supported for scanning. | ||
| * Returns supported manifest files, lockfiles, and configuration formats. | ||
| * | ||
| * @deprecated Use getSupportedFiles() instead. This endpoint has been deprecated | ||
| * since 2023-01-15 and now uses the /report/supported endpoint. | ||
| * @throws {Error} When server returns 5xx status codes | ||
| */ | ||
| getSupportedScanFiles(): Promise<SocketSdkResult<'getReportSupportedFiles'>>; | ||
| /** | ||
| * List all full scans for an organization. | ||
@@ -893,0 +884,0 @@ * |
+1
-2
@@ -8,5 +8,4 @@ /** | ||
| import type { Remap } from '@socketsecurity/lib/objects'; | ||
| import type { ClientHttp2Session } from 'http2-wrapper'; | ||
| import type { Agent as HttpAgent, RequestOptions as HttpRequestOptions } from 'node:http'; | ||
| import type { ClientSessionRequestOptions } from 'node:http2'; | ||
| import type { ClientHttp2Session, ClientSessionRequestOptions } from 'node:http2'; | ||
| import type { Agent as HttpsAgent, RequestOptions as HttpsRequestOptions } from 'node:https'; | ||
@@ -13,0 +12,0 @@ export type ALERT_ACTION = 'error' | 'monitor' | 'warn' | 'ignore'; |
+0
-1
| import type { QueryParams } from './types'; | ||
| export { createUserAgentFromPkgJson } from './user-agent'; | ||
| /** | ||
@@ -4,0 +3,0 @@ * Calculate Jaccard similarity coefficient between two strings based on word sets. |
+6
-7
| { | ||
| "name": "@socketsecurity/sdk", | ||
| "version": "3.5.0", | ||
| "version": "4.0.0", | ||
| "description": "SDK for the Socket API client", | ||
@@ -51,3 +51,3 @@ "homepage": "https://github.com/SocketDev/socket-sdk-js", | ||
| "fix": "node scripts/lint.mjs --fix", | ||
| "format": "oxfmt .", | ||
| "format": "oxfmt --write .", | ||
| "format:check": "oxfmt --check .", | ||
@@ -69,8 +69,7 @@ "generate-sdk": "node scripts/generate-sdk.mjs", | ||
| "dependencies": { | ||
| "@socketregistry/packageurl-js": "1.4.1", | ||
| "@socketsecurity/lib": "5.11.4", | ||
| "@socketsecurity/lib": "5.15.0", | ||
| "form-data": "4.0.5" | ||
| }, | ||
| "devDependencies": { | ||
| "@anthropic-ai/claude-code": "2.1.89", | ||
| "@anthropic-ai/claude-code": "2.1.92", | ||
| "@babel/generator": "7.28.5", | ||
@@ -93,3 +92,2 @@ "@babel/parser": "7.26.3", | ||
| "fast-glob": "3.3.3", | ||
| "http2-wrapper": "2.2.1", | ||
| "husky": "9.1.7", | ||
@@ -128,5 +126,6 @@ "magic-string": "0.30.14", | ||
| "overrides": { | ||
| "vite": "7.1.12" | ||
| "defu": ">=6.1.6", | ||
| "vite": "7.3.2" | ||
| } | ||
| } | ||
| } |
| export declare class PromiseQueue { | ||
| private queue; | ||
| private running; | ||
| private readonly maxConcurrency; | ||
| private readonly maxQueueLength; | ||
| /** | ||
| * Creates a new PromiseQueue | ||
| * @param maxConcurrency - Maximum number of promises that can run concurrently | ||
| * @param maxQueueLength - Maximum queue size (older tasks are dropped if exceeded) | ||
| */ | ||
| constructor(maxConcurrency: number, maxQueueLength?: number | undefined); | ||
| private runNext; | ||
| /** | ||
| * Get the number of tasks currently running | ||
| */ | ||
| get activeCount(): number; | ||
| /** | ||
| * Add a task to the queue | ||
| * @param fn - Async function to execute | ||
| * @returns Promise that resolves with the function's result | ||
| */ | ||
| add<T>(fn: () => Promise<T>): Promise<T>; | ||
| /** | ||
| * Clear all pending tasks from the queue (does not affect running tasks) | ||
| */ | ||
| clear(): void; | ||
| /** | ||
| * Wait for all queued and running tasks to complete | ||
| */ | ||
| onIdle(): Promise<void>; | ||
| /** | ||
| * Get the number of tasks waiting in the queue | ||
| */ | ||
| get pendingCount(): number; | ||
| } |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Dependency count
2
-33.33%- Dev dependency count
28
-3.45%Worsened metrics
- Total package byte prevSize
997278
-1.65%- Number of package files
20
-4.76%- Lines of code
26682
-1.63%Dependency changes
+ Added
@socketsecurity/lib@5.15.0(transitive)- Removed
@socketregistry/packageurl-js@1.4.1- Removed
@socketregistry/packageurl-js@1.4.1(transitive)- Removed
@socketsecurity/lib@5.11.4(transitive)- Removed
picomatch@4.0.3(transitive)Updated
@socketsecurity/lib@5.15.0