Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

socket

Package Overview
Dependencies
Maintainers
0
Versions
26
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

socket - npm Package Compare versions

Comparing version 0.14.30 to 0.14.31

dist/module-sync/vendor.js

3

dist/module-sync/constants.d.ts

@@ -6,2 +6,3 @@ declare const SUPPORTS_SYNC_ESM: boolean;

declare const NPM_REGISTRY_URL = "https://registry.npmjs.org";
declare const SOCKET_PUBLIC_API_KEY = "sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api";
declare const SOCKET_CLI_ISSUES_URL = "https://github.com/SocketDev/socket-cli/issues";

@@ -21,2 +22,2 @@ declare const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = "UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE";

declare const synpBinPath: string;
export { SUPPORTS_SYNC_ESM, API_V0_URL, DIST_TYPE, LOOP_SENTINEL, NPM_REGISTRY_URL, SOCKET_CLI_ISSUES_URL, UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE, ENV, rootPath, rootDistPath, rootBinPath, rootPkgJsonPath, nmBinPath, cdxgenBinPath, distPath, shadowBinPath, synpBinPath };
export { SUPPORTS_SYNC_ESM, API_V0_URL, DIST_TYPE, LOOP_SENTINEL, NPM_REGISTRY_URL, SOCKET_PUBLIC_API_KEY, SOCKET_CLI_ISSUES_URL, UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE, ENV, rootPath, rootDistPath, rootBinPath, rootPkgJsonPath, nmBinPath, cdxgenBinPath, distPath, shadowBinPath, synpBinPath };

28

dist/module-sync/constants.js
'use strict';
var require$$0 = require('node:fs');
var require$$1 = require('node:path');
var require$$2 = require('@socketsecurity/registry/lib/env');
var require$$3 = require('@socketsecurity/registry/lib/constants');
var require$$4 = require('semver');
function getDefaultExportFromCjs (x) {
return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var require$$0 = _interop(require('node:fs'));
var require$$1 = _interop(require('node:path'));
var require$$2 = _interop(require('@socketsecurity/registry/lib/env'));
var require$$3 = _interop(require('@socketsecurity/registry/lib/constants'));
var require$$4 = _interop(require('semver'));
var constants = {};

@@ -18,3 +26,3 @@

});
constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_PUBLIC_API_KEY = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
var _nodeFs = require$$0;

@@ -33,2 +41,3 @@ var _nodePath = require$$1;

constants.NPM_REGISTRY_URL = 'https://registry.npmjs.org';
constants.SOCKET_PUBLIC_API_KEY = 'sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api';
const SOCKET_CLI_ISSUES_URL = constants.SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';

@@ -74,2 +83,1 @@ const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE';

exports.constants = constants;
exports.getDefaultExportFromCjs = getDefaultExportFromCjs;

18

dist/module-sync/link.js
'use strict';
var require$$0 = require('node:fs');
var require$$1 = require('node:path');
var require$$4 = require('which');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var require$$0 = _interop(require('node:fs'));
var require$$1 = _interop(require('node:path'));
var require$$4 = _interop(require('which'));
var link = {};

@@ -8,0 +20,0 @@

30

dist/module-sync/npm-cli.js
#!/usr/bin/env node
'use strict';
var constants = require('./constants.js');
var require$$0$1 = require('@babel/runtime/helpers/interopRequireWildcard');
var require$$0 = require('node:fs');
var require$$1 = require('node:path');
var require$$1$1 = require('@npmcli/promise-spawn');
var link = require('./link.js');
var pathResolve = require('./path-resolve.js');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var vendor = _interop(require('./vendor.js'));
var require$$0 = _interop(require('node:fs'));
var require$$1 = _interop(require('node:path'));
var require$$1$1 = _interop(require('@npmcli/promise-spawn'));
var constants = _interop(require('./constants.js'));
var link = _interop(require('./link.js'));
var pathResolve = _interop(require('./path-resolve.js'));
var npmCli$2 = {};

@@ -58,3 +70,3 @@

var _interopRequireWildcard = require$$0$1.default;
var _interopRequireWildcard = vendor.interopRequireWildcard.default;
Object.defineProperty(exports, "__esModule", {

@@ -84,4 +96,4 @@ value: true

var npmCli = /*@__PURE__*/constants.getDefaultExportFromCjs(npmCli$2);
var npmCli = /*@__PURE__*/vendor.getDefaultExportFromCjs(npmCli$2);
module.exports = npmCli;

572

dist/module-sync/npm-injection.js
'use strict';
var constants = require('./constants.js');
var require$$0$2 = require('@babel/runtime/helpers/interopRequireWildcard');
var require$$0$1 = require('@babel/runtime/helpers/interopRequireDefault');
var require$$1$2 = require('node:events');
var require$$0 = require('node:fs');
var require$$3$3 = require('node:https');
var require$$1 = require('node:path');
var require$$3 = require('node:readline');
var require$$5 = require('node:stream');
var require$$7$1 = require('node:timers/promises');
var require$$3$1 = require('is-interactive');
var require$$5$1 = require('npm-package-arg');
var require$$3$2 = require('@socketregistry/yocto-spinner');
var require$$4 = require('semver');
var require$$6$1 = require('@socketsecurity/config');
var require$$7 = require('@socketsecurity/registry/lib/objects');
var require$$8 = require('@socketsecurity/registry/lib/packages');
var require$$1$1 = require('node:net');
var require$$2 = require('node:os');
var require$$6 = require('../../package.json');
var sdk = require('./sdk.js');
var pathResolve = require('./path-resolve.js');
var link = require('./link.js');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var vendor = _interop(require('./vendor.js'));
var constants = _interop(require('./constants.js'));
var require$$1$3 = _interop(require('node:events'));
var require$$0 = _interop(require('node:fs'));
var require$$3$3 = _interop(require('node:https'));
var require$$1 = _interop(require('node:path'));
var require$$3 = _interop(require('node:readline'));
var require$$6$2 = _interop(require('node:timers/promises'));
var require$$1$2 = _interop(require('@inquirer/confirm'));
var require$$3$2 = _interop(require('@socketregistry/yocto-spinner'));
var require$$3$1 = _interop(require('is-interactive'));
var require$$5$1 = _interop(require('npm-package-arg'));
var require$$4 = _interop(require('semver'));
var require$$6$1 = _interop(require('@socketsecurity/config'));
var require$$7 = _interop(require('@socketsecurity/registry/lib/objects'));
var require$$1$1 = _interop(require('node:net'));
var require$$2 = _interop(require('node:os'));
var require$$5 = _interop(require('node:stream'));
var sdk = _interop(require('./sdk.js'));
var pathResolve = _interop(require('./path-resolve.js'));
var link = _interop(require('./link.js'));
var npmInjection$2 = {};

@@ -35,2 +45,241 @@

var name = "socket";
var version = "0.14.31";
var description = "CLI tool for Socket.dev";
var homepage = "http://github.com/SocketDev/socket-cli";
var license = "MIT";
var repository = {
type: "git",
url: "git+https://github.com/SocketDev/socket-cli.git"
};
var author = {
name: "Socket Inc",
email: "eng@socket.dev",
url: "https://socket.dev"
};
var bin = {
socket: "./bin/cli.js",
"socket-npm": "./bin/npm-cli.js",
"socket-npx": "./bin/npx-cli.js"
};
var exports$1 = {
"./bin/cli.js": {
"module-sync": {
types: "./dist/module-sync/cli.d.ts",
"default": "./dist/module-sync/cli.js"
},
require: {
types: "./dist/require/cli.d.ts",
"default": "./dist/require/cli.js"
}
},
"./bin/npm-cli.js": {
"module-sync": {
types: "./dist/module-sync/npm-cli.d.ts",
"default": "./dist/module-sync/npm-cli.js"
},
require: {
types: "./dist/require/npm-cli.d.ts",
"default": "./dist/require/npm-cli.js"
}
},
"./bin/npx-cli.js": {
"module-sync": {
types: "./dist/module-sync/npx-cli.d.ts",
"default": "./dist/module-sync/npx-cli.js"
},
require: {
types: "./dist/require/npx-cli.d.ts",
"default": "./dist/require/npx-cli.js"
}
},
"./package.json": "./package.json",
"./translations.json": "./translations.json"
};
var scripts = {
build: "run-s build:*",
"build:dist": "rollup -c .config/rollup.dist.config.mjs",
"build:test": "rollup -c .config/rollup.test.config.mjs",
check: "run-p -c --aggregate-output check:*",
"check:lint": "eslint --report-unused-disable-directives .",
"check:tsc": "tsc",
"check:type-coverage": "type-coverage --detail --strict --at-least 95 --ignore-files 'test/*'",
"knip:dependencies": "knip --dependencies",
"knip:exports": "knip --include exports,duplicates",
lint: "oxlint -c=./.oxlintrc.json --ignore-path=./.prettierignore --tsconfig=./tsconfig.json .",
"lint:fix": "npm run lint -- --fix && npm run lint:fix:fast",
"lint:fix:fast": "prettier --cache --log-level warn --write .",
prepare: "husky && custompatch",
test: "run-s check build:* test:*",
"test:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
"test-ci": "run-s build:* test:*",
"test:unit": "tap-run",
"test:coverage": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
};
var dependencies = {
"@apideck/better-ajv-errors": "^0.3.6",
"@cyclonedx/cdxgen": "^11.0.5",
"@inquirer/confirm": "^5.0.2",
"@inquirer/password": "^4.0.3",
"@inquirer/select": "^4.0.3",
"@npmcli/promise-spawn": "^8.0.2",
"@socketregistry/hyrious__bun.lockb": "1.0.5",
"@socketregistry/yocto-spinner": "^1.0.1",
"@socketsecurity/config": "^2.1.3",
"@socketsecurity/registry": "^1.0.35",
"@socketsecurity/sdk": "^1.3.0",
blessed: "^0.1.81",
"blessed-contrib": "^4.11.0",
browserslist: "4.24.2",
"chalk-table": "^1.0.2",
"has-flag": "^4.0.0",
hpagent: "^1.2.0",
ignore: "^6.0.2",
micromatch: "^4.0.8",
"npm-package-arg": "^12.0.0",
"pony-cause": "^2.1.11",
semver: "^7.6.3",
synp: "^1.9.14",
tinyglobby: "^0.2.10",
which: "^5.0.0",
yaml: "^2.6.1",
"yargs-parser": "^21.1.1",
"yoctocolors-cjs": "^2.1.2"
};
var devDependencies = {
"@babel/core": "^7.26.0",
"@babel/plugin-proposal-export-default-from": "^7.25.9",
"@babel/plugin-syntax-dynamic-import": "^7.8.3",
"@babel/plugin-transform-export-namespace-from": "^7.25.9",
"@babel/plugin-transform-modules-commonjs": "^7.26.3",
"@babel/plugin-transform-runtime": "^7.25.9",
"@babel/preset-env": "^7.26.0",
"@babel/preset-typescript": "^7.26.0",
"@babel/runtime": "^7.26.0",
"@eslint/compat": "^1.2.4",
"@eslint/js": "^9.16.0",
"@rollup/plugin-commonjs": "^28.0.1",
"@rollup/plugin-json": "^6.1.0",
"@rollup/plugin-node-resolve": "^15.3.0",
"@rollup/plugin-replace": "^6.0.1",
"@rollup/pluginutils": "^5.1.3",
"@tapjs/run": "^4.0.1",
"@types/blessed": "^0.1.25",
"@types/micromatch": "^4.0.9",
"@types/mocha": "^10.0.10",
"@types/mock-fs": "^4.13.4",
"@types/node": "^22.10.1",
"@types/npmcli__arborist": "^5.6.11",
"@types/npmcli__promise-spawn": "^6.0.3",
"@types/proc-log": "^3.0.4",
"@types/semver": "^7.5.8",
"@types/update-notifier": "^6.0.8",
"@types/which": "^3.0.4",
"@types/yargs-parser": "^21.0.3",
"@typescript-eslint/eslint-plugin": "^8.17.0",
"@typescript-eslint/parser": "^8.17.0",
c8: "^10.1.2",
custompatch: "^1.0.28",
eslint: "^9.16.0",
"eslint-import-resolver-oxc": "^0.6.0",
"eslint-plugin-depend": "^0.12.0",
"eslint-plugin-import-x": "^4.5.0",
"eslint-plugin-n": "^17.14.0",
"eslint-plugin-sort-destructure-keys": "^2.0.0",
"eslint-plugin-unicorn": "^56.0.1",
husky: "^9.1.7",
"is-interactive": "^2.0.0",
"is-unicode-supported": "^2.1.0",
knip: "^5.39.2",
"magic-string": "^0.30.14",
meow: "^13.2.0",
"mock-fs": "^5.4.1",
nock: "^13.5.6",
"npm-run-all2": "^7.0.1",
open: "^10.1.0",
oxlint: "0.14.1",
prettier: "3.4.2",
"read-package-up": "^11.0.0",
rollup: "4.28.1",
"rollup-plugin-ts": "^3.4.5",
"terminal-link": "^3.0.0",
"tiny-updater": "^3.5.2",
"type-coverage": "^2.29.7",
typescript: "5.4.5",
"typescript-eslint": "^8.17.0",
"unplugin-purge-polyfills": "^0.0.7"
};
var overrides = {
"aggregate-error": "npm:@socketregistry/aggregate-error@^1",
"es-define-property": "npm:@socketregistry/es-define-property@^1",
"function-bind": "npm:@socketregistry/function-bind@^1",
globalthis: "npm:@socketregistry/globalthis@^1",
gopd: "npm:@socketregistry/gopd@^1",
"has-property-descriptors": "npm:@socketregistry/has-property-descriptors@^1",
"has-proto": "npm:@socketregistry/has-proto@^1",
"has-symbols": "npm:@socketregistry/has-symbols@^1",
hasown: "npm:@socketregistry/hasown@^1",
"indent-string": "npm:@socketregistry/indent-string@^1",
"is-core-module": "npm:@socketregistry/is-core-module@^1",
isarray: "npm:@socketregistry/isarray@^1",
"npm-package-arg": "$npm-package-arg",
"packageurl-js": "npm:@socketregistry/packageurl-js@^1",
"path-parse": "npm:@socketregistry/path-parse@^1",
"safe-buffer": "npm:@socketregistry/safe-buffer@^1",
"safer-buffer": "npm:@socketregistry/safer-buffer@^1",
semver: "$semver",
"set-function-length": "npm:@socketregistry/set-function-length@^1",
"side-channel": "npm:@socketregistry/side-channel@^1",
yaml: "$yaml"
};
var resolutions = {
"aggregate-error": "npm:@socketregistry/aggregate-error@^1",
"es-define-property": "npm:@socketregistry/es-define-property@^1",
"function-bind": "npm:@socketregistry/function-bind@^1",
globalthis: "npm:@socketregistry/globalthis@^1",
gopd: "npm:@socketregistry/gopd@^1",
"has-property-descriptors": "npm:@socketregistry/has-property-descriptors@^1",
"has-proto": "npm:@socketregistry/has-proto@^1",
"has-symbols": "npm:@socketregistry/has-symbols@^1",
hasown: "npm:@socketregistry/hasown@^1",
"indent-string": "npm:@socketregistry/indent-string@^1",
"is-core-module": "npm:@socketregistry/is-core-module@^1",
isarray: "npm:@socketregistry/isarray@^1",
"npm-package-arg": "^12.0.0",
"packageurl-js": "npm:@socketregistry/packageurl-js@^1",
"path-parse": "npm:@socketregistry/path-parse@^1",
"safe-buffer": "npm:@socketregistry/safe-buffer@^1",
"safer-buffer": "npm:@socketregistry/safer-buffer@^1",
semver: "^7.6.3",
"set-function-length": "npm:@socketregistry/set-function-length@^1",
"side-channel": "npm:@socketregistry/side-channel@^1",
yaml: "^2.6.0"
};
var engines = {
node: "^18.20.4 || ^20.9.0 || >=22.0.0"
};
var files = [
"bin/**",
"dist/**",
"translations.json"
];
var require$$6 = {
name: name,
version: version,
description: description,
homepage: homepage,
license: license,
repository: repository,
author: author,
bin: bin,
exports: exports$1,
scripts: scripts,
dependencies: dependencies,
devDependencies: devDependencies,
overrides: overrides,
resolutions: resolutions,
engines: engines,
files: files
};
Object.defineProperty(ttyServer$1, "__esModule", {

@@ -45,3 +294,3 @@ value: true

var _nodeReadline$1 = require$$3;
var _nodeStream$1 = require$$5;
var _nodeStream = require$$5;
var _package = require$$6;

@@ -84,6 +333,6 @@ var _misc$1 = sdk.misc;

}
const input = hasInput ? new _nodeStream$1.PassThrough() : null;
const input = hasInput ? new _nodeStream.PassThrough() : null;
input?.pause();
if (input) conn.pipe(input);
const output = hasOutput ? new _nodeStream$1.PassThrough() : null;
const output = hasOutput ? new _nodeStream.PassThrough() : null;
if (output) {

@@ -242,3 +491,3 @@ output.pipe(conn)

});
issueRules.createIssueUXLookup = createIssueUXLookup;
issueRules.createAlertUXLookup = createAlertUXLookup;
//#region UX Constants

@@ -310,3 +559,3 @@

return false;
} else if (typeof issueRule === 'object' && issueRule) {
} else if (issueRule !== null && typeof issueRule === 'object') {
const {

@@ -343,7 +592,9 @@ action

function createIssueUXLookup(settings) {
function createAlertUXLookup(settings) {
const cachedUX = new Map();
return context => {
const key = context.issue.type;
let ux = cachedUX.get(key);
const {
type
} = context.alert;
let ux = cachedUX.get(type);
if (ux) {

@@ -361,3 +612,3 @@ return ux;

}
const issueRuleValue = resolvedTarget.issueRules?.[key];
const issueRuleValue = resolvedTarget.issueRules?.[type];
if (typeof issueRuleValue !== 'undefined') {

@@ -370,3 +621,3 @@ orderedIssueRules.push(issueRuleValue);

}
const defaultValue = settings.defaults.issueRules[key];
const defaultValue = settings.defaults.issueRules[type];
let resolvedDefaultValue = {

@@ -385,3 +636,3 @@ action: 'error'

ux = resolveIssueRuleUX(entriesOrderedIssueRules, resolvedDefaultValue);
cachedUX.set(key, ux);
cachedUX.set(type, ux);
return ux;

@@ -391,3 +642,3 @@ };

var _interopRequireDefault = require$$0$1.default;
var _interopRequireDefault = vendor.interopRequireDefault.default;
Object.defineProperty(arborist, "__esModule", {

@@ -398,3 +649,3 @@ value: true

arborist.installSafeArborist = installSafeArborist;
var _nodeEvents = require$$1$2;
var _nodeEvents = require$$1$3;
var _nodeFs = require$$0;

@@ -404,11 +655,10 @@ var _nodeHttps = require$$3$3;

var _nodeReadline = require$$3;
var _nodeStream = require$$5;
var _promises = require$$7$1;
var _promises = require$$6$2;
var _confirm = require$$1$2;
var _yoctoSpinner = require$$3$2;
var _isInteractive = _interopRequireDefault(require$$3$1);
var _npmPackageArg = require$$5$1;
var _yoctoSpinner = require$$3$2;
var _semver = require$$4;
var _config = require$$6$1;
var _objects = require$$7;
var _packages = require$$8;
var _ttyServer = ttyServer$1;

@@ -483,3 +733,3 @@ var _constants$1 = constants.constants;

const formatter = new _colorOrMarkdown.ColorOrMarkdown(false);
const pubToken = (0, _sdk.getDefaultKey)() ?? _sdk.FREE_API_KEY;
const pubToken = (0, _sdk.getDefaultKey)() ?? _constants$1.SOCKET_PUBLIC_API_KEY;
const ttyServer = (0, _ttyServer.createTTYServer)((0, _isInteractive.default)({

@@ -499,18 +749,3 @@ stream: process.stdin

async function* batchScan(pkgIds) {
const query = {
packages: pkgIds.map(id => {
const {
name,
version
} = pkgidParts(id);
return {
eco: 'npm',
pkg: name,
ver: version,
top: true
};
})
};
// TODO: Migrate to SDK.
const pkgDataReq = _nodeHttps.request(`${_constants$1.API_V0_URL}/scan/batch`, {
const req = _nodeHttps.request(`${_constants$1.API_V0_URL}/purl?alerts=true`, {
method: 'POST',

@@ -521,6 +756,10 @@ headers: {

signal: abortSignal
}).end(JSON.stringify(query));
}).end(JSON.stringify({
components: pkgIds.map(id => ({
purl: `pkg:npm/${id}`
}))
}));
const {
0: res
} = await _nodeEvents.once(pkgDataReq, 'response');
} = await _nodeEvents.once(req, 'response');
const ok = res.statusCode >= 200 && res.statusCode <= 299;

@@ -591,2 +830,11 @@ if (!ok) {

}
function isAlertFixable(alert) {
const {
type
} = alert;
if (type === 'cve' || type === 'mediumCVE' || type === 'mildCVE' || type === 'criticalCVE') {
return !!alert.props?.['firstPatchedVersionIdentifier'];
}
return type === 'socketUpgradeAvailable';
}
function maybeReadfileSync(filepath) {

@@ -598,13 +846,13 @@ try {

}
async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
async function getPackagesAlerts(safeArb, _registry, pkgs, output) {
const spinner = _yoctoSpinner({
stream: output
});
let result = false;
let {
length: remaining
} = pkgs;
const packageAlerts = [];
if (!remaining) {
spinner.success('No changes detected');
return result;
return packageAlerts;
}

@@ -614,69 +862,68 @@ const getText = () => `Looking up data for ${remaining} packages`;

try {
for await (const pkgData of batchScan(pkgs.map(p => p.pkgid))) {
for await (const artifact of batchScan(pkgs.map(p => p.pkgid))) {
if (!artifact.name || !artifact.version || !artifact.alerts?.length) {
continue;
}
const {
pkg: name,
ver: version
} = pkgData;
const id = `${name}@${version}`;
version
} = artifact;
const name = `${artifact.namespace ? `${artifact.namespace}/` : ''}${artifact.name}`;
const id = `${name}@${artifact.version}`;
let blocked = false;
let displayWarning = false;
let failures = [];
if (pkgData.type === 'missing') {
result = true;
failures.push({
type: 'missingDependency',
block: false,
raw: undefined
let alerts = [];
for (const alert of artifact.alerts) {
// eslint-disable-next-line no-await-in-loop
const ux = await uxLookup({
package: {
name,
version
},
alert: {
type: alert.type
}
});
} else {
let blocked = false;
for (const failure of pkgData.value.issues) {
const {
type
} = failure;
// eslint-disable-next-line no-await-in-loop
const ux = await uxLookup({
package: {
name,
version
},
issue: {
type
}
if (ux.block) {
blocked = true;
}
if (ux.display) {
displayWarning = true;
}
if (ux.block || ux.display) {
alerts.push({
name,
version,
type: alert.type,
block: ux.block,
raw: alert,
fixable: isAlertFixable(alert)
});
if (ux.block) {
result = true;
blocked = true;
// Before we ask about problematic issues, check to see if they
// already existed in the old version if they did, be quiet.
const pkg = pkgs.find(p => p.pkgid === id && p.existing?.startsWith(`${name}@`));
if (pkg?.existing) {
const oldArtifact =
// eslint-disable-next-line no-await-in-loop
(await batchScan([pkg.existing]).next()).value;
console.log('oldArtifact', oldArtifact);
// if (oldArtifact.type === 'success') {
// issues = issues.filter(
// ({ type }) =>
// oldPkgData.value.issues.find(
// oldIssue => oldIssue.type === type
// ) === undefined
// )
// }
}
if (ux.display) {
displayWarning = true;
}
if (ux.block || ux.display) {
failures.push({
type,
block: ux.block,
raw: failure
});
// Before we ask about problematic issues, check to see if they
// already existed in the old version if they did, be quiet.
const pkg = pkgs.find(p => p.pkgid === id && p.existing?.startsWith(`${name}@`));
if (pkg?.existing) {
const oldPkgData =
// eslint-disable-next-line no-await-in-loop
(await batchScan([pkg.existing]).next()).value;
if (oldPkgData.type === 'success') {
failures = failures.filter(issue => oldPkgData.value.issues.find(oldIssue => oldIssue.type === issue.type) === undefined);
}
}
}
}
if (!blocked) {
const pkg = pkgs.find(p => p.pkgid === id);
if (pkg) {
await tarball.stream(id, stream => {
stream.resume();
return stream.promise();
}, {
...safeArb[kCtorArgs][0]
});
}
}
if (!blocked) {
const pkg = pkgs.find(p => p.pkgid === id);
if (pkg) {
await tarball.stream(id, stream => {
stream.resume();
return stream.promise();
}, {
...safeArb[kCtorArgs][0]
});
}

@@ -686,22 +933,14 @@ }

spinner.stop(`(socket) ${formatter.hyperlink(id, `https://socket.dev/npm/package/${name}/overview/${version}`)} contains risks:`);
// Filter issues for blessed packages.
if ((0, _packages.isBlessedPackageName)(name)) {
failures = failures.filter(({
type
}) => type !== 'unpopularPackage' && type !== 'unstableOwnership');
}
failures.sort((a, b) => a.type < b.type ? -1 : 1);
alerts.sort((a, b) => a.type < b.type ? -1 : 1);
const lines = new Set();
for (const failure of failures) {
const {
type
} = failure;
for (const alert of alerts) {
// Based data from { pageProps: { alertTypes } } of:
// https://socket.dev/_next/data/94666139314b6437ee4491a0864e72b264547585/en-US.json
const info = translations.issues[type];
const title = info?.title ?? type;
const maybeBlocking = failure.block ? '' : ' (non-blocking)';
const info = translations.alerts[alert.type];
const title = info?.title ?? alert.type;
const attributes = [...(alert.fixable ? ['fixable'] : []), ...(alert.block ? [] : ['non-blocking'])];
const maybeAttributes = attributes.length ? ` (${attributes.join('; ')})` : '';
const maybeDesc = info?.description ? ` - ${info.description}` : '';
// TODO: emoji seems to mis-align terminals sometimes
lines.add(` ${title}${maybeBlocking}${maybeDesc}\n`);
lines.add(` ${title}${maybeAttributes}${maybeDesc}\n`);
}

@@ -715,17 +954,11 @@ for (const line of lines) {

spinner.text = remaining > 0 ? getText() : '';
packageAlerts.push(...alerts);
}
return result;
} catch (e) {
console.log('error', e);
} finally {
spinner.stop();
}
return packageAlerts;
}
function pkgidParts(pkgid) {
const delimiter = pkgid.lastIndexOf('@');
const name = pkgid.slice(0, delimiter);
const version = pkgid.slice(delimiter + 1);
return {
name,
version
};
}
function toRepoUrl(resolved) {

@@ -1462,32 +1695,15 @@ return resolved.replace(/#[\s\S]*$/, '').replace(/\?[\s\S]*$/, '').replace(/\/[^/]*\/-\/[\s\S]*$/, '');

if (input && output) {
const risky = await packagesHaveRiskyIssues(this, this['registry'], diff, output);
if (!risky) {
const alerts = await getPackagesAlerts(this, this['registry'], diff, output);
if (!alerts.length) {
return true;
}
const rlin = new _nodeStream.PassThrough();
input.pipe(rlin);
const rlout = new _nodeStream.PassThrough();
rlout.pipe(output, {
end: false
return await _confirm({
message: 'Accept risks of installing these packages?',
default: false
}, {
input,
output,
signal: abortSignal
});
const rli = _nodeReadline.createInterface(rlin, rlout);
try {
while (true) {
// eslint-disable-next-line no-await-in-loop
const answer = await new Promise(resolve => {
rli.question('Accept risks of installing these packages (y/N)?\n', {
signal: abortSignal
}, resolve);
});
if (/^\s*y(?:es)?\s*$/i.test(answer)) {
return true;
}
if (/^(?:\s*no?\s*|)$/i.test(answer)) {
return false;
}
}
} finally {
rli.close();
}
} else if (await packagesHaveRiskyIssues(this, this['registry'], diff, output)) {
} else if ((await getPackagesAlerts(this, this['registry'], diff, output)).length > 0) {
throw new Error('Socket npm Unable to prompt to accept risk, need TTY to do so');

@@ -1593,3 +1809,3 @@ }

}
_uxLookup = (0, _issueRules.createIssueUXLookup)(settings);
_uxLookup = (0, _issueRules.createAlertUXLookup)(settings);
})();

@@ -1606,3 +1822,3 @@

var _interopRequireWildcard = require$$0$2.default;
var _interopRequireWildcard = vendor.interopRequireWildcard.default;
Object.defineProperty(exports, "__esModule", {

@@ -1632,4 +1848,4 @@ value: true

var npmInjection = /*@__PURE__*/constants.getDefaultExportFromCjs(npmInjection$2);
var npmInjection = /*@__PURE__*/vendor.getDefaultExportFromCjs(npmInjection$2);
module.exports = npmInjection;

26

dist/module-sync/npx-cli.js
#!/usr/bin/env node
'use strict';
var constants = require('./constants.js');
var require$$0 = require('@babel/runtime/helpers/interopRequireWildcard');
var require$$1 = require('node:path');
var require$$1$1 = require('@npmcli/promise-spawn');
var link = require('./link.js');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var vendor = _interop(require('./vendor.js'));
var require$$1 = _interop(require('node:path'));
var require$$1$1 = _interop(require('@npmcli/promise-spawn'));
var constants = _interop(require('./constants.js'));
var link = _interop(require('./link.js'));
var npxCli$2 = {};

@@ -34,3 +46,3 @@

var _interopRequireWildcard = require$$0.default;
var _interopRequireWildcard = vendor.interopRequireWildcard.default;
Object.defineProperty(exports, "__esModule", {

@@ -60,4 +72,4 @@ value: true

var npxCli = /*@__PURE__*/constants.getDefaultExportFromCjs(npxCli$2);
var npxCli = /*@__PURE__*/vendor.getDefaultExportFromCjs(npxCli$2);
module.exports = npxCli;

22

dist/module-sync/path-resolve.js
'use strict';
var require$$1$1 = require('node:fs/promises');
var require$$1 = require('node:path');
var require$$2 = require('ignore');
var require$$3 = require('micromatch');
var require$$8 = require('tinyglobby');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var require$$1$1 = _interop(require('node:fs/promises'));
var require$$1 = _interop(require('node:path'));
var require$$2 = _interop(require('ignore'));
var require$$3 = _interop(require('micromatch'));
var require$$8 = _interop(require('tinyglobby'));
var pathResolve = {};

@@ -10,0 +22,0 @@

3

dist/module-sync/sdk.d.ts

@@ -6,5 +6,4 @@ /// <reference types="node" />

declare function stringJoinWithSeparateFinalSeparator(list: (string | undefined)[], separator?: string): string;
declare const FREE_API_KEY = "sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api";
declare function getDefaultKey(): string | undefined;
declare function setupSdk(apiKey?: string | undefined, apiBaseUrl?: string | undefined, proxy?: string | undefined): Promise<SocketSdk>;
export { createDebugLogger, isErrnoException, stringJoinWithSeparateFinalSeparator, FREE_API_KEY, getDefaultKey, setupSdk };
export { createDebugLogger, isErrnoException, stringJoinWithSeparateFinalSeparator, getDefaultKey, setupSdk };

74

dist/module-sync/sdk.js
'use strict';
var require$$0 = require('@babel/runtime/helpers/interopRequireDefault');
var require$$1 = require('yoctocolors-cjs');
var require$$2 = require('is-unicode-supported');
var require$$3 = require('terminal-link');
var require$$1$2 = require('@inquirer/prompts');
var require$$2$2 = require('hpagent');
var require$$3$2 = require('is-interactive');
var require$$4 = require('@socketsecurity/sdk');
var constants = require('./constants.js');
var require$$0$1 = require('node:fs');
var require$$2$1 = require('node:os');
var require$$1$1 = require('node:path');
var require$$3$1 = require('@socketregistry/yocto-spinner');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var vendor = _interop(require('./vendor.js'));
var require$$1 = _interop(require('yoctocolors-cjs'));
var require$$2 = _interop(require('is-unicode-supported'));
var require$$3 = _interop(require('terminal-link'));
var require$$1$2 = _interop(require('@inquirer/password'));
var require$$2$2 = _interop(require('hpagent'));
var require$$3$2 = _interop(require('is-interactive'));
var require$$4 = _interop(require('@socketsecurity/registry/lib/strings'));
var require$$5 = _interop(require('@socketsecurity/sdk'));
var constants = _interop(require('./constants.js'));
var require$$0 = _interop(require('node:fs'));
var require$$2$1 = _interop(require('node:os'));
var require$$1$1 = _interop(require('node:path'));
var require$$3$1 = _interop(require('@socketregistry/yocto-spinner'));
var errors = {};

@@ -35,3 +48,3 @@

var _interopRequireDefault$1 = require$$0.default;
var _interopRequireDefault$1 = vendor.interopRequireDefault.default;
Object.defineProperty(colorOrMarkdown, "__esModule", {

@@ -146,3 +159,3 @@ value: true

settings$1.updateSetting = updateSetting;
var _nodeFs = require$$0$1;
var _nodeFs = require$$0;
var _nodeOs = require$$2$1;

@@ -186,41 +199,38 @@ var _nodePath = require$$1$1;

var _interopRequireDefault = require$$0.default;
var _interopRequireDefault = vendor.interopRequireDefault.default;
Object.defineProperty(sdk, "__esModule", {
value: true
});
sdk.FREE_API_KEY = void 0;
sdk.getDefaultKey = getDefaultKey;
sdk.setupSdk = setupSdk;
var _prompts = require$$1$2;
var _password = require$$1$2;
var _hpagent = require$$2$2;
var _isInteractive = _interopRequireDefault(require$$3$2);
var _sdk = require$$4;
var _strings = require$$4;
var _sdk = require$$5;
var _constants = constants.constants;
var _errors = errors;
var _settings = settings$1;
sdk.FREE_API_KEY = 'sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api';
// This API key should be stored globally for the duration of the CLI execution
// This API key should be stored globally for the duration of the CLI execution.
let defaultKey;
function getDefaultKey() {
defaultKey = process.env['SOCKET_SECURITY_API_KEY'] || (0, _settings.getSetting)('apiKey') || defaultKey;
const key = process.env['SOCKET_SECURITY_API_KEY'] || (0, _settings.getSetting)('apiKey') || defaultKey;
defaultKey = (0, _strings.isNonEmptyString)(key) ? key : undefined;
return defaultKey;
}
// The API server that should be used for operations
let defaultAPIBaseUrl;
// The API server that should be used for operations.
function getDefaultAPIBaseUrl() {
defaultAPIBaseUrl = process.env['SOCKET_SECURITY_API_BASE_URL'] || (0, _settings.getSetting)('apiBaseUrl') || undefined;
return defaultAPIBaseUrl;
const baseUrl = process.env['SOCKET_SECURITY_API_BASE_URL'] || (0, _settings.getSetting)('apiBaseUrl');
return (0, _strings.isNonEmptyString)(baseUrl) ? baseUrl : undefined;
}
// The API server that should be used for operations
let defaultApiProxy;
// The API server that should be used for operations.
function getDefaultHTTPProxy() {
defaultApiProxy = process.env['SOCKET_SECURITY_API_PROXY'] || (0, _settings.getSetting)('apiProxy') || undefined;
return defaultApiProxy;
const apiProxy = process.env['SOCKET_SECURITY_API_PROXY'] || (0, _settings.getSetting)('apiProxy');
return (0, _strings.isNonEmptyString)(apiProxy) ? apiProxy : undefined;
}
async function setupSdk(apiKey = getDefaultKey(), apiBaseUrl = getDefaultAPIBaseUrl(), proxy = getDefaultHTTPProxy()) {
if (typeof apiKey !== 'string' && (0, _isInteractive.default)()) {
apiKey = await (0, _prompts.password)({
apiKey = await _password({
message: 'Enter your Socket.dev API key (not saved, use socket login to persist)'

@@ -227,0 +237,0 @@ });

3

dist/require/constants.d.ts

@@ -6,2 +6,3 @@ declare const SUPPORTS_SYNC_ESM: boolean;

declare const NPM_REGISTRY_URL = "https://registry.npmjs.org";
declare const SOCKET_PUBLIC_API_KEY = "sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api";
declare const SOCKET_CLI_ISSUES_URL = "https://github.com/SocketDev/socket-cli/issues";

@@ -21,2 +22,2 @@ declare const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = "UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE";

declare const synpBinPath: string;
export { SUPPORTS_SYNC_ESM, API_V0_URL, DIST_TYPE, LOOP_SENTINEL, NPM_REGISTRY_URL, SOCKET_CLI_ISSUES_URL, UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE, ENV, rootPath, rootDistPath, rootBinPath, rootPkgJsonPath, nmBinPath, cdxgenBinPath, distPath, shadowBinPath, synpBinPath };
export { SUPPORTS_SYNC_ESM, API_V0_URL, DIST_TYPE, LOOP_SENTINEL, NPM_REGISTRY_URL, SOCKET_PUBLIC_API_KEY, SOCKET_CLI_ISSUES_URL, UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE, ENV, rootPath, rootDistPath, rootBinPath, rootPkgJsonPath, nmBinPath, cdxgenBinPath, distPath, shadowBinPath, synpBinPath };

25

dist/require/constants.js
'use strict';
var require$$0 = require('node:fs');
var require$$1 = require('node:path');
var require$$2 = require('@socketsecurity/registry/lib/env');
var require$$3 = require('@socketsecurity/registry/lib/constants');
var require$$4 = require('semver');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var require$$0 = _interop(require('node:fs'));
var require$$1 = _interop(require('node:path'));
var require$$2 = _interop(require('@socketsecurity/registry/lib/env'));
var require$$3 = _interop(require('@socketsecurity/registry/lib/constants'));
var require$$4 = _interop(require('semver'));
var constants = {};

@@ -14,3 +26,3 @@

});
constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
constants.synpBinPath = constants.shadowBinPath = constants.rootPkgJsonPath = constants.rootPath = constants.rootDistPath = constants.rootBinPath = constants.nmBinPath = constants.distPath = constants.cdxgenBinPath = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.SUPPORTS_SYNC_ESM = constants.SOCKET_PUBLIC_API_KEY = constants.SOCKET_CLI_ISSUES_URL = constants.NPM_REGISTRY_URL = constants.LOOP_SENTINEL = constants.ENV = constants.DIST_TYPE = constants.API_V0_URL = void 0;
var _nodeFs = require$$0;

@@ -29,2 +41,3 @@ var _nodePath = require$$1;

constants.NPM_REGISTRY_URL = 'https://registry.npmjs.org';
constants.SOCKET_PUBLIC_API_KEY = 'sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api';
const SOCKET_CLI_ISSUES_URL = constants.SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues';

@@ -31,0 +44,0 @@ const UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = constants.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE = 'UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE';

18

dist/require/link.js
'use strict';
var require$$0 = require('node:fs');
var require$$1 = require('node:path');
var require$$4 = require('which');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var require$$0 = _interop(require('node:fs'));
var require$$1 = _interop(require('node:path'));
var require$$4 = _interop(require('which'));
var link = {};

@@ -8,0 +20,0 @@

26

dist/require/npm-cli.js
#!/usr/bin/env node
'use strict';
var vendor = require('./vendor.js');
var require$$0 = require('node:fs');
var require$$1 = require('node:path');
var require$$1$1 = require('@npmcli/promise-spawn');
var constants = require('./constants.js');
var link = require('./link.js');
var pathResolve = require('./path-resolve.js');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var vendor = _interop(require('./vendor.js'));
var require$$0 = _interop(require('node:fs'));
var require$$1 = _interop(require('node:path'));
var require$$1$1 = _interop(require('@npmcli/promise-spawn'));
var constants = _interop(require('./constants.js'));
var link = _interop(require('./link.js'));
var pathResolve = _interop(require('./path-resolve.js'));
var npmCli$2 = {};

@@ -13,0 +25,0 @@

331

dist/require/npm-injection.js
'use strict';
var vendor = require('./vendor.js');
var constants = require('./constants.js');
var require$$1$3 = require('node:events');
var require$$0 = require('node:fs');
var require$$3$2 = require('node:https');
var require$$1$1 = require('node:path');
var require$$3 = require('node:readline');
var require$$5 = require('node:stream');
var require$$7$1 = require('node:timers/promises');
var require$$5$1 = require('npm-package-arg');
var require$$3$1 = require('@socketregistry/yocto-spinner');
var require$$4 = require('semver');
var require$$6$1 = require('@socketsecurity/config');
var require$$7 = require('@socketsecurity/registry/lib/objects');
var require$$8 = require('@socketsecurity/registry/lib/packages');
var require$$1$2 = require('node:net');
var require$$1 = require('node:os');
var sdk = require('./sdk.js');
var pathResolve = require('./path-resolve.js');
var link = require('./link.js');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var vendor = _interop(require('./vendor.js'));
var constants = _interop(require('./constants.js'));
var require$$1$4 = _interop(require('node:events'));
var require$$0 = _interop(require('node:fs'));
var require$$3$2 = _interop(require('node:https'));
var require$$1$1 = _interop(require('node:path'));
var require$$3 = _interop(require('node:readline'));
var require$$6$2 = _interop(require('node:timers/promises'));
var require$$1$3 = _interop(require('@inquirer/confirm'));
var require$$3$1 = _interop(require('@socketregistry/yocto-spinner'));
var require$$5$1 = _interop(require('npm-package-arg'));
var require$$4 = _interop(require('semver'));
var require$$6$1 = _interop(require('@socketsecurity/config'));
var require$$7 = _interop(require('@socketsecurity/registry/lib/objects'));
var require$$1$2 = _interop(require('node:net'));
var require$$1 = _interop(require('node:os'));
var require$$5 = _interop(require('node:stream'));
var sdk = _interop(require('./sdk.js'));
var pathResolve = _interop(require('./path-resolve.js'));
var link = _interop(require('./link.js'));
var npmInjection$2 = {};

@@ -33,3 +45,3 @@

var name = "socket";
var version = "0.14.30";
var version = "0.14.31";
var description = "CLI tool for Socket.dev";

@@ -109,3 +121,5 @@ var homepage = "http://github.com/SocketDev/socket-cli";

"@cyclonedx/cdxgen": "^11.0.5",
"@inquirer/prompts": "^7.1.0",
"@inquirer/confirm": "^5.0.2",
"@inquirer/password": "^4.0.3",
"@inquirer/select": "^4.0.3",
"@npmcli/promise-spawn": "^8.0.2",

@@ -115,3 +129,3 @@ "@socketregistry/hyrious__bun.lockb": "1.0.5",

"@socketsecurity/config": "^2.1.3",
"@socketsecurity/registry": "^1.0.33",
"@socketsecurity/registry": "^1.0.35",
"@socketsecurity/sdk": "^1.3.0",

@@ -281,3 +295,3 @@ blessed: "^0.1.81",

var _nodeReadline$1 = require$$3;
var _nodeStream$1 = require$$5;
var _nodeStream = require$$5;
var _package = require$$6;

@@ -320,6 +334,6 @@ var _misc$1 = sdk.misc;

}
const input = hasInput ? new _nodeStream$1.PassThrough() : null;
const input = hasInput ? new _nodeStream.PassThrough() : null;
input?.pause();
if (input) conn.pipe(input);
const output = hasOutput ? new _nodeStream$1.PassThrough() : null;
const output = hasOutput ? new _nodeStream.PassThrough() : null;
if (output) {

@@ -478,3 +492,3 @@ output.pipe(conn)

});
issueRules.createIssueUXLookup = createIssueUXLookup;
issueRules.createAlertUXLookup = createAlertUXLookup;
//#region UX Constants

@@ -546,3 +560,3 @@

return false;
} else if (typeof issueRule === 'object' && issueRule) {
} else if (issueRule !== null && typeof issueRule === 'object') {
const {

@@ -579,7 +593,9 @@ action

function createIssueUXLookup(settings) {
function createAlertUXLookup(settings) {
const cachedUX = new Map();
return context => {
const key = context.issue.type;
let ux = cachedUX.get(key);
const {
type
} = context.alert;
let ux = cachedUX.get(type);
if (ux) {

@@ -597,3 +613,3 @@ return ux;

}
const issueRuleValue = resolvedTarget.issueRules?.[key];
const issueRuleValue = resolvedTarget.issueRules?.[type];
if (typeof issueRuleValue !== 'undefined') {

@@ -606,3 +622,3 @@ orderedIssueRules.push(issueRuleValue);

}
const defaultValue = settings.defaults.issueRules[key];
const defaultValue = settings.defaults.issueRules[type];
let resolvedDefaultValue = {

@@ -621,3 +637,3 @@ action: 'error'

ux = resolveIssueRuleUX(entriesOrderedIssueRules, resolvedDefaultValue);
cachedUX.set(key, ux);
cachedUX.set(type, ux);
return ux;

@@ -633,3 +649,3 @@ };

arborist.installSafeArborist = installSafeArborist;
var _nodeEvents = require$$1$3;
var _nodeEvents = require$$1$4;
var _nodeFs = require$$0;

@@ -639,11 +655,10 @@ var _nodeHttps = require$$3$2;

var _nodeReadline = require$$3;
var _nodeStream = require$$5;
var _promises = require$$7$1;
var _promises = require$$6$2;
var _confirm = require$$1$3;
var _yoctoSpinner = require$$3$1;
var _isInteractive = _interopRequireDefault(vendor.isInteractive);
var _npmPackageArg = require$$5$1;
var _yoctoSpinner = require$$3$1;
var _semver = require$$4;
var _config = require$$6$1;
var _objects = require$$7;
var _packages = require$$8;
var _ttyServer = ttyServer$1;

@@ -718,3 +733,3 @@ var _constants$1 = constants.constants;

const formatter = new _colorOrMarkdown.ColorOrMarkdown(false);
const pubToken = (0, _sdk.getDefaultKey)() ?? _sdk.FREE_API_KEY;
const pubToken = (0, _sdk.getDefaultKey)() ?? _constants$1.SOCKET_PUBLIC_API_KEY;
const ttyServer = (0, _ttyServer.createTTYServer)((0, _isInteractive.default)({

@@ -734,18 +749,3 @@ stream: process.stdin

async function* batchScan(pkgIds) {
const query = {
packages: pkgIds.map(id => {
const {
name,
version
} = pkgidParts(id);
return {
eco: 'npm',
pkg: name,
ver: version,
top: true
};
})
};
// TODO: Migrate to SDK.
const pkgDataReq = _nodeHttps.request(`${_constants$1.API_V0_URL}/scan/batch`, {
const req = _nodeHttps.request(`${_constants$1.API_V0_URL}/purl?alerts=true`, {
method: 'POST',

@@ -756,6 +756,10 @@ headers: {

signal: abortSignal
}).end(JSON.stringify(query));
}).end(JSON.stringify({
components: pkgIds.map(id => ({
purl: `pkg:npm/${id}`
}))
}));
const {
0: res
} = await _nodeEvents.once(pkgDataReq, 'response');
} = await _nodeEvents.once(req, 'response');
const ok = res.statusCode >= 200 && res.statusCode <= 299;

@@ -826,2 +830,11 @@ if (!ok) {

}
function isAlertFixable(alert) {
const {
type
} = alert;
if (type === 'cve' || type === 'mediumCVE' || type === 'mildCVE' || type === 'criticalCVE') {
return !!alert.props?.['firstPatchedVersionIdentifier'];
}
return type === 'socketUpgradeAvailable';
}
function maybeReadfileSync(filepath) {

@@ -833,13 +846,13 @@ try {

}
async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
async function getPackagesAlerts(safeArb, _registry, pkgs, output) {
const spinner = _yoctoSpinner({
stream: output
});
let result = false;
let {
length: remaining
} = pkgs;
const packageAlerts = [];
if (!remaining) {
spinner.success('No changes detected');
return result;
return packageAlerts;
}

@@ -849,69 +862,68 @@ const getText = () => `Looking up data for ${remaining} packages`;

try {
for await (const pkgData of batchScan(pkgs.map(p => p.pkgid))) {
for await (const artifact of batchScan(pkgs.map(p => p.pkgid))) {
if (!artifact.name || !artifact.version || !artifact.alerts?.length) {
continue;
}
const {
pkg: name,
ver: version
} = pkgData;
const id = `${name}@${version}`;
version
} = artifact;
const name = `${artifact.namespace ? `${artifact.namespace}/` : ''}${artifact.name}`;
const id = `${name}@${artifact.version}`;
let blocked = false;
let displayWarning = false;
let failures = [];
if (pkgData.type === 'missing') {
result = true;
failures.push({
type: 'missingDependency',
block: false,
raw: undefined
let alerts = [];
for (const alert of artifact.alerts) {
// eslint-disable-next-line no-await-in-loop
const ux = await uxLookup({
package: {
name,
version
},
alert: {
type: alert.type
}
});
} else {
let blocked = false;
for (const failure of pkgData.value.issues) {
const {
type
} = failure;
// eslint-disable-next-line no-await-in-loop
const ux = await uxLookup({
package: {
name,
version
},
issue: {
type
}
if (ux.block) {
blocked = true;
}
if (ux.display) {
displayWarning = true;
}
if (ux.block || ux.display) {
alerts.push({
name,
version,
type: alert.type,
block: ux.block,
raw: alert,
fixable: isAlertFixable(alert)
});
if (ux.block) {
result = true;
blocked = true;
// Before we ask about problematic issues, check to see if they
// already existed in the old version if they did, be quiet.
const pkg = pkgs.find(p => p.pkgid === id && p.existing?.startsWith(`${name}@`));
if (pkg?.existing) {
const oldArtifact =
// eslint-disable-next-line no-await-in-loop
(await batchScan([pkg.existing]).next()).value;
console.log('oldArtifact', oldArtifact);
// if (oldArtifact.type === 'success') {
// issues = issues.filter(
// ({ type }) =>
// oldPkgData.value.issues.find(
// oldIssue => oldIssue.type === type
// ) === undefined
// )
// }
}
if (ux.display) {
displayWarning = true;
}
if (ux.block || ux.display) {
failures.push({
type,
block: ux.block,
raw: failure
});
// Before we ask about problematic issues, check to see if they
// already existed in the old version if they did, be quiet.
const pkg = pkgs.find(p => p.pkgid === id && p.existing?.startsWith(`${name}@`));
if (pkg?.existing) {
const oldPkgData =
// eslint-disable-next-line no-await-in-loop
(await batchScan([pkg.existing]).next()).value;
if (oldPkgData.type === 'success') {
failures = failures.filter(issue => oldPkgData.value.issues.find(oldIssue => oldIssue.type === issue.type) === undefined);
}
}
}
}
if (!blocked) {
const pkg = pkgs.find(p => p.pkgid === id);
if (pkg) {
await tarball.stream(id, stream => {
stream.resume();
return stream.promise();
}, {
...safeArb[kCtorArgs][0]
});
}
}
if (!blocked) {
const pkg = pkgs.find(p => p.pkgid === id);
if (pkg) {
await tarball.stream(id, stream => {
stream.resume();
return stream.promise();
}, {
...safeArb[kCtorArgs][0]
});
}

@@ -921,22 +933,14 @@ }

spinner.stop(`(socket) ${formatter.hyperlink(id, `https://socket.dev/npm/package/${name}/overview/${version}`)} contains risks:`);
// Filter issues for blessed packages.
if ((0, _packages.isBlessedPackageName)(name)) {
failures = failures.filter(({
type
}) => type !== 'unpopularPackage' && type !== 'unstableOwnership');
}
failures.sort((a, b) => a.type < b.type ? -1 : 1);
alerts.sort((a, b) => a.type < b.type ? -1 : 1);
const lines = new Set();
for (const failure of failures) {
const {
type
} = failure;
for (const alert of alerts) {
// Based data from { pageProps: { alertTypes } } of:
// https://socket.dev/_next/data/94666139314b6437ee4491a0864e72b264547585/en-US.json
const info = translations.issues[type];
const title = info?.title ?? type;
const maybeBlocking = failure.block ? '' : ' (non-blocking)';
const info = translations.alerts[alert.type];
const title = info?.title ?? alert.type;
const attributes = [...(alert.fixable ? ['fixable'] : []), ...(alert.block ? [] : ['non-blocking'])];
const maybeAttributes = attributes.length ? ` (${attributes.join('; ')})` : '';
const maybeDesc = info?.description ? ` - ${info.description}` : '';
// TODO: emoji seems to mis-align terminals sometimes
lines.add(` ${title}${maybeBlocking}${maybeDesc}\n`);
lines.add(` ${title}${maybeAttributes}${maybeDesc}\n`);
}

@@ -950,17 +954,11 @@ for (const line of lines) {

spinner.text = remaining > 0 ? getText() : '';
packageAlerts.push(...alerts);
}
return result;
} catch (e) {
console.log('error', e);
} finally {
spinner.stop();
}
return packageAlerts;
}
function pkgidParts(pkgid) {
const delimiter = pkgid.lastIndexOf('@');
const name = pkgid.slice(0, delimiter);
const version = pkgid.slice(delimiter + 1);
return {
name,
version
};
}
function toRepoUrl(resolved) {

@@ -1697,32 +1695,15 @@ return resolved.replace(/#[\s\S]*$/, '').replace(/\?[\s\S]*$/, '').replace(/\/[^/]*\/-\/[\s\S]*$/, '');

if (input && output) {
const risky = await packagesHaveRiskyIssues(this, this['registry'], diff, output);
if (!risky) {
const alerts = await getPackagesAlerts(this, this['registry'], diff, output);
if (!alerts.length) {
return true;
}
const rlin = new _nodeStream.PassThrough();
input.pipe(rlin);
const rlout = new _nodeStream.PassThrough();
rlout.pipe(output, {
end: false
return await _confirm({
message: 'Accept risks of installing these packages?',
default: false
}, {
input,
output,
signal: abortSignal
});
const rli = _nodeReadline.createInterface(rlin, rlout);
try {
while (true) {
// eslint-disable-next-line no-await-in-loop
const answer = await new Promise(resolve => {
rli.question('Accept risks of installing these packages (y/N)?\n', {
signal: abortSignal
}, resolve);
});
if (/^\s*y(?:es)?\s*$/i.test(answer)) {
return true;
}
if (/^(?:\s*no?\s*|)$/i.test(answer)) {
return false;
}
}
} finally {
rli.close();
}
} else if (await packagesHaveRiskyIssues(this, this['registry'], diff, output)) {
} else if ((await getPackagesAlerts(this, this['registry'], diff, output)).length > 0) {
throw new Error('Socket npm Unable to prompt to accept risk, need TTY to do so');

@@ -1828,3 +1809,3 @@ }

}
_uxLookup = (0, _issueRules.createIssueUXLookup)(settings);
_uxLookup = (0, _issueRules.createAlertUXLookup)(settings);
})();

@@ -1831,0 +1812,0 @@

22

dist/require/npx-cli.js
#!/usr/bin/env node
'use strict';
var vendor = require('./vendor.js');
var require$$1 = require('node:path');
var require$$1$1 = require('@npmcli/promise-spawn');
var constants = require('./constants.js');
var link = require('./link.js');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var vendor = _interop(require('./vendor.js'));
var require$$1 = _interop(require('node:path'));
var require$$1$1 = _interop(require('@npmcli/promise-spawn'));
var constants = _interop(require('./constants.js'));
var link = _interop(require('./link.js'));
var npxCli$2 = {};

@@ -11,0 +23,0 @@

22

dist/require/path-resolve.js
'use strict';
var require$$1$1 = require('node:fs/promises');
var require$$1 = require('node:path');
var require$$2 = require('ignore');
var require$$3 = require('micromatch');
var require$$8 = require('tinyglobby');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var require$$1$1 = _interop(require('node:fs/promises'));
var require$$1 = _interop(require('node:path'));
var require$$2 = _interop(require('ignore'));
var require$$3 = _interop(require('micromatch'));
var require$$8 = _interop(require('tinyglobby'));
var pathResolve = {};

@@ -10,0 +22,0 @@

3

dist/require/sdk.d.ts

@@ -6,5 +6,4 @@ /// <reference types="node" />

declare function stringJoinWithSeparateFinalSeparator(list: (string | undefined)[], separator?: string): string;
declare const FREE_API_KEY = "sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api";
declare function getDefaultKey(): string | undefined;
declare function setupSdk(apiKey?: string | undefined, apiBaseUrl?: string | undefined, proxy?: string | undefined): Promise<SocketSdk>;
export { createDebugLogger, isErrnoException, stringJoinWithSeparateFinalSeparator, FREE_API_KEY, getDefaultKey, setupSdk };
export { createDebugLogger, isErrnoException, stringJoinWithSeparateFinalSeparator, getDefaultKey, setupSdk };

62

dist/require/sdk.js
'use strict';
var vendor = require('./vendor.js');
var require$$1 = require('yoctocolors-cjs');
var require$$1$3 = require('@inquirer/prompts');
var require$$2 = require('hpagent');
var require$$4 = require('@socketsecurity/sdk');
var constants = require('./constants.js');
var require$$0 = require('node:fs');
var require$$1$1 = require('node:os');
var require$$1$2 = require('node:path');
var require$$3 = require('@socketregistry/yocto-spinner');
function _interop(e) {
let d
if (e) {
let c = 0
for (const k in e) {
d = c++ === 0 && k === 'default' ? e[k] : void 0
if (!d) break
}
}
return d ?? e
}
var vendor = _interop(require('./vendor.js'));
var require$$1 = _interop(require('yoctocolors-cjs'));
var require$$1$3 = _interop(require('@inquirer/password'));
var require$$2 = _interop(require('hpagent'));
var require$$4 = _interop(require('@socketsecurity/registry/lib/strings'));
var require$$5 = _interop(require('@socketsecurity/sdk'));
var constants = _interop(require('./constants.js'));
var require$$0 = _interop(require('node:fs'));
var require$$1$1 = _interop(require('node:os'));
var require$$1$2 = _interop(require('node:path'));
var require$$3 = _interop(require('@socketregistry/yocto-spinner'));
var errors = {};

@@ -185,37 +198,34 @@

});
sdk.FREE_API_KEY = void 0;
sdk.getDefaultKey = getDefaultKey;
sdk.setupSdk = setupSdk;
var _prompts = require$$1$3;
var _password = require$$1$3;
var _hpagent = require$$2;
var _isInteractive = _interopRequireDefault(vendor.isInteractive);
var _sdk = require$$4;
var _strings = require$$4;
var _sdk = require$$5;
var _constants = constants.constants;
var _errors = errors;
var _settings = settings$1;
sdk.FREE_API_KEY = 'sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api';
// This API key should be stored globally for the duration of the CLI execution
// This API key should be stored globally for the duration of the CLI execution.
let defaultKey;
function getDefaultKey() {
defaultKey = process.env['SOCKET_SECURITY_API_KEY'] || (0, _settings.getSetting)('apiKey') || defaultKey;
const key = process.env['SOCKET_SECURITY_API_KEY'] || (0, _settings.getSetting)('apiKey') || defaultKey;
defaultKey = (0, _strings.isNonEmptyString)(key) ? key : undefined;
return defaultKey;
}
// The API server that should be used for operations
let defaultAPIBaseUrl;
// The API server that should be used for operations.
function getDefaultAPIBaseUrl() {
defaultAPIBaseUrl = process.env['SOCKET_SECURITY_API_BASE_URL'] || (0, _settings.getSetting)('apiBaseUrl') || undefined;
return defaultAPIBaseUrl;
const baseUrl = process.env['SOCKET_SECURITY_API_BASE_URL'] || (0, _settings.getSetting)('apiBaseUrl');
return (0, _strings.isNonEmptyString)(baseUrl) ? baseUrl : undefined;
}
// The API server that should be used for operations
let defaultApiProxy;
// The API server that should be used for operations.
function getDefaultHTTPProxy() {
defaultApiProxy = process.env['SOCKET_SECURITY_API_PROXY'] || (0, _settings.getSetting)('apiProxy') || undefined;
return defaultApiProxy;
const apiProxy = process.env['SOCKET_SECURITY_API_PROXY'] || (0, _settings.getSetting)('apiProxy');
return (0, _strings.isNonEmptyString)(apiProxy) ? apiProxy : undefined;
}
async function setupSdk(apiKey = getDefaultKey(), apiBaseUrl = getDefaultAPIBaseUrl(), proxy = getDefaultHTTPProxy()) {
if (typeof apiKey !== 'string' && (0, _isInteractive.default)()) {
apiKey = await (0, _prompts.password)({
apiKey = await _password({
message: 'Enter your Socket.dev API key (not saved, use socket login to persist)'

@@ -222,0 +232,0 @@ });

8

package.json
{
"name": "socket",
"version": "0.14.30",
"version": "0.14.31",
"description": "CLI tool for Socket.dev",

@@ -78,3 +78,5 @@ "homepage": "http://github.com/SocketDev/socket-cli",

"@cyclonedx/cdxgen": "^11.0.5",
"@inquirer/prompts": "^7.1.0",
"@inquirer/confirm": "^5.0.2",
"@inquirer/password": "^4.0.3",
"@inquirer/select": "^4.0.3",
"@npmcli/promise-spawn": "^8.0.2",

@@ -84,3 +86,3 @@ "@socketregistry/hyrious__bun.lockb": "1.0.5",

"@socketsecurity/config": "^2.1.3",
"@socketsecurity/registry": "^1.0.33",
"@socketsecurity/registry": "^1.0.35",
"@socketsecurity/sdk": "^1.3.0",

@@ -87,0 +89,0 @@ "blessed": "^0.1.81",

2

translations.json
{
"issues": {
"alerts": {
"badEncoding": {

@@ -4,0 +4,0 @@ "description": "Source files are encoded using a non-standard text encoding.",

dist/module-sync/cli.js

Sorry, the diff of this file is too big to display

dist/require/cli.js

Sorry, the diff of this file is too big to display

dist/require/vendor.js

Sorry, the diff of this file is too big to display

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc