New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
@socketsecurity/socket-patch
Advanced tools
@socketsecurity/socket-patch - npm Package Compare versions
@@ -14,6 +14,12 @@ import { describe, it } from "node:test"; | ||
| // Parse keys and values from the object literal | ||
| const entries = [...match[1].matchAll(/"([^"]+)":\s*"([^"]+)"/g)].map( | ||
| ([, key, value]) => [key, value] | ||
| ); | ||
| // Parse keys and array values from the object literal | ||
| // Matches: "key": ["value1", "value2"] or "key": ["value1"] | ||
| const entries = []; | ||
| const entryRegex = /"([^"]+)":\s*\[([\s\S]*?)\]/g; | ||
| let m; | ||
| while ((m = entryRegex.exec(match[1])) !== null) { | ||
| const key = m[1]; | ||
| const values = [...m[2].matchAll(/"([^"]+)"/g)].map(([, v]) => v); | ||
| entries.push([key, values]); | ||
| } | ||
| const PLATFORMS = Object.fromEntries(entries); | ||
@@ -47,9 +53,23 @@ | ||
| it("package names follow @socketsecurity/socket-patch-<platform>-<arch> convention", () => { | ||
| for (const [key, pkg] of Object.entries(PLATFORMS)) { | ||
| it("non-Linux package names follow @socketsecurity/socket-patch-<platform>-<arch> convention", () => { | ||
| for (const [key, candidates] of Object.entries(PLATFORMS)) { | ||
| if (key.startsWith("linux ")) continue; | ||
| const [platform, arch] = key.split(" "); | ||
| assert.equal(candidates.length, 1, `expected 1 candidate for ${key}`); | ||
| const expected = `@socketsecurity/socket-patch-${platform}-${arch}`; | ||
| assert.equal(pkg, expected, `package name mismatch for ${key}`); | ||
| assert.equal(candidates[0], expected, `package name mismatch for ${key}`); | ||
| } | ||
| }); | ||
| it("Linux entries have both glibc and musl candidates", () => { | ||
| for (const [key, candidates] of Object.entries(PLATFORMS)) { | ||
| if (!key.startsWith("linux ")) continue; | ||
| const [, arch] = key.split(" "); | ||
| assert.equal(candidates.length, 2, `expected 2 candidates for ${key}`); | ||
| const gnuPkg = `@socketsecurity/socket-patch-linux-${arch}-gnu`; | ||
| const muslPkg = `@socketsecurity/socket-patch-linux-${arch}-musl`; | ||
| assert.equal(candidates[0], gnuPkg, `first candidate for ${key} should be gnu`); | ||
| assert.equal(candidates[1], muslPkg, `second candidate for ${key} should be musl`); | ||
| } | ||
| }); | ||
| }); |
+15
-11
| { | ||
| "name": "@socketsecurity/socket-patch", | ||
| "version": "2.0.0", | ||
| "version": "2.1.4", | ||
| "description": "CLI tool and schema library for applying security patches to dependencies", | ||
@@ -45,13 +45,17 @@ "bin": { | ||
| "optionalDependencies": { | ||
| "@socketsecurity/socket-patch-android-arm64": "2.0.0", | ||
| "@socketsecurity/socket-patch-darwin-arm64": "2.0.0", | ||
| "@socketsecurity/socket-patch-darwin-x64": "2.0.0", | ||
| "@socketsecurity/socket-patch-linux-arm": "2.0.0", | ||
| "@socketsecurity/socket-patch-linux-arm64": "2.0.0", | ||
| "@socketsecurity/socket-patch-linux-ia32": "2.0.0", | ||
| "@socketsecurity/socket-patch-linux-x64": "2.0.0", | ||
| "@socketsecurity/socket-patch-win32-arm64": "2.0.0", | ||
| "@socketsecurity/socket-patch-win32-ia32": "2.0.0", | ||
| "@socketsecurity/socket-patch-win32-x64": "2.0.0" | ||
| "@socketsecurity/socket-patch-android-arm64": "2.1.4", | ||
| "@socketsecurity/socket-patch-darwin-arm64": "2.1.4", | ||
| "@socketsecurity/socket-patch-darwin-x64": "2.1.4", | ||
| "@socketsecurity/socket-patch-linux-arm-gnu": "2.1.4", | ||
| "@socketsecurity/socket-patch-linux-arm-musl": "2.1.4", | ||
| "@socketsecurity/socket-patch-linux-arm64-gnu": "2.1.4", | ||
| "@socketsecurity/socket-patch-linux-arm64-musl": "2.1.4", | ||
| "@socketsecurity/socket-patch-linux-ia32-gnu": "2.1.4", | ||
| "@socketsecurity/socket-patch-linux-ia32-musl": "2.1.4", | ||
| "@socketsecurity/socket-patch-linux-x64-gnu": "2.1.4", | ||
| "@socketsecurity/socket-patch-linux-x64-musl": "2.1.4", | ||
| "@socketsecurity/socket-patch-win32-arm64": "2.1.4", | ||
| "@socketsecurity/socket-patch-win32-ia32": "2.1.4", | ||
| "@socketsecurity/socket-patch-win32-x64": "2.1.4" | ||
| } | ||
| } |
+1
-1
@@ -69,3 +69,3 @@ # Socket Patch CLI | ||
| ```bash | ||
| cargo install socket-patch-cli --features cargo,golang,maven,gem,composer,nuget | ||
| cargo install socket-patch-cli --features cargo,golang,maven,composer,nuget | ||
| ``` | ||
@@ -72,0 +72,0 @@ |
+2
-1
@@ -12,5 +12,6 @@ { | ||
| "skipLibCheck": true, | ||
| "esModuleInterop": true | ||
| "esModuleInterop": true, | ||
| "types": ["node"] | ||
| }, | ||
| "include": ["src"] | ||
| } |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
24376
6.92%- Lines of code
236
9.26%Worsened metrics
- Dependency count
15
36.36%No dependency changes