├── .node-version ├── .gitattributes ├── packages ├── cli │ ├── .gitignore │ ├── src │ │ ├── commands │ │ │ ├── optimize │ │ │ │ ├── shared.mts │ │ │ │ ├── types.mts │ │ │ │ ├── deps-includes-by-agent.mts │ │ │ │ └── get-dependency-entries.mts │ │ │ ├── repository │ │ │ │ ├── types.mts │ │ │ │ ├── handle-view-repo.mts │ │ │ │ ├── handle-delete-repo.mts │ │ │ │ ├── handle-update-repo.mts │ │ │ │ ├── output-update-repo.mts │ │ │ │ └── output-delete-repo.mts │ │ │ ├── scan │ │ │ │ ├── types.mts │ │ │ │ ├── handle-scan-config.mts │ │ │ │ ├── handle-delete-scan.mts │ │ │ │ ├── handle-scan-metadata.mts │ │ │ │ ├── handle-scan-view.mts │ │ │ │ ├── output-scan-config-result.mts │ │ │ │ ├── handle-diff-scan.mts │ │ │ │ ├── suggest_target.mts │ │ │ │ ├── output-scan-github.mts │ │ │ │ ├── handle-list-scans.mts │ │ │ │ ├── fetch-diff-scan.mts │ │ │ │ ├── handle-create-github-scan.mts │ │ │ │ ├── output-delete-scan.mts │ │ │ │ └── finalize-tier1-scan.mts │ │ │ ├── json │ │ │ │ └── handle-cmd-json.mts │ │ │ ├── whoami │ │ │ │ ├── cmd-whoami.mts │ │ │ │ └── output-whoami.mts │ │ │ ├── install │ │ │ │ ├── handle-install-completion.mts │ │ │ │ └── cmd-install.mts │ │ │ ├── threat-feed │ │ │ │ ├── types.mts │ │ │ │ └── handle-threat-feed.mts │ │ │ ├── organization │ │ │ │ ├── handle-quota.mts │ │ │ │ ├── handle-license-policy.mts │ │ │ │ ├── handle-security-policy.mts │ │ │ │ ├── handle-organization-list.mts │ │ │ │ ├── handle-dependencies.mts │ │ │ │ └── fetch-quota.mts │ │ │ ├── uninstall │ │ │ │ ├── handle-uninstall-completion.mts │ │ │ │ └── cmd-uninstall.mts │ │ │ ├── manifest │ │ │ │ ├── handle-manifest-setup.mts │ │ │ │ ├── output-manifest-setup.mts │ │ │ │ ├── handle-manifest-conda.mts │ │ │ │ └── README.md │ │ │ ├── logout │ │ │ │ ├── apply-logout.mts │ │ │ │ └── attempt-logout.mts │ │ │ ├── config │ │ │ │ ├── handle-config-get.mts │ │ │ │ ├── handle-config-auto.mts │ │ │ │ ├── handle-config-unset.mts │ │ │ │ └── handle-config-set.mts │ │ │ ├── self-update │ │ │ │ └── cmd-self-update.mts │ │ │ ├── login │ │ │ │ └── apply-login.mts │ │ │ ├── fix │ │ │ │ └── types.mts │ │ │ ├── package │ │ │ │ ├── handle-purl-deep-score.mts │ │ │ │ ├── handle-purls-shallow-score.mts │ │ │ │ └── cmd-package.mts │ │ │ ├── audit-log │ │ │ │ └── handle-audit-log.mts │ │ │ └── wrapper │ │ │ │ └── check-socket-wrapper-setup.mts │ │ ├── env │ │ │ ├── node-env.mts │ │ │ ├── home.mts │ │ │ ├── github-api-url.mts │ │ │ ├── github-base-ref.mts │ │ │ ├── github-ref-name.mts │ │ │ ├── github-ref-type.mts │ │ │ ├── temp.mts │ │ │ ├── term.mts │ │ │ ├── userprofile.mts │ │ │ ├── ci.mts │ │ │ ├── github-server-url.mts │ │ │ ├── github-repository.mts │ │ │ ├── node-options.mts │ │ │ ├── socket-cli-config.mts │ │ │ ├── tmp.mts │ │ │ ├── localappdata.mts │ │ │ ├── npm-config-cache.mts │ │ │ ├── npm-config-user-agent.mts │ │ │ ├── socket-cli-mode.mts │ │ │ ├── socket-cli-api-proxy.mts │ │ │ ├── socket-cli-api-token.mts │ │ │ ├── vitest.mts │ │ │ ├── run-e2e-tests.mts │ │ │ ├── socket-cli-debug.mts │ │ │ ├── socket-cli-api-base-url.mts │ │ │ ├── socket-cli-api-timeout.mts │ │ │ ├── socket-cli-no-api-token.mts │ │ │ ├── socket-cli-accept-risks.mts │ │ │ ├── socket-cli-npm-path.mts │ │ │ ├── socket-cli-bin-path.mts │ │ │ ├── socket-cli-view-all-risks.mts │ │ │ ├── socket-cli-fix.mts │ │ │ ├── socket-cli-js-path.mts │ │ │ ├── run-integration-tests.mts │ │ │ ├── socket-cli-local-path.mts │ │ │ ├── socket-cli-org-slug.mts │ │ │ ├── xdg-data-home.mts │ │ │ ├── socket-cli-cdxgen-local-path.mts │ │ │ ├── xdg-cache-home.mts │ │ │ ├── socket-cli-optimize.mts │ │ │ ├── socket-cli-sfw-local-path.mts │ │ │ ├── socket-cli-coana-local-path.mts │ │ │ ├── socket-cli-models-path.mts │ │ │ ├── socket-cli-pycli-local-path.mts │ │ │ ├── socket-cli-github-token.mts │ │ │ ├── socket-cli-node-download-url.mts │ │ │ ├── socket-cli-sea-node-version.mts │ │ │ ├── socket-cli-bootstrap-cache-dir.mts │ │ │ ├── disable-github-cache.mts │ │ │ ├── socket-cli-bootstrap-spec.mts │ │ │ ├── socket-cli-git-user-email.mts │ │ │ ├── socket-cli-git-user-name.mts │ │ │ ├── cli-name.mts │ │ │ ├── cli-version.mts │ │ │ ├── cli-homepage.mts │ │ │ ├── synp-version.mts │ │ │ ├── coana-version.mts │ │ │ ├── pycli-version.mts │ │ │ ├── cli-version-hash.mts │ │ │ ├── python-version.mts │ │ │ ├── cdxgen-version.mts │ │ │ ├── python-build-tag.mts │ │ │ ├── is-legacy-build.mts │ │ │ ├── is-sentry-build.mts │ │ │ └── is-published-build.mts │ │ ├── utils │ │ │ ├── alert │ │ │ │ ├── translations.mts │ │ │ │ └── fix.mts │ │ │ ├── error │ │ │ │ └── fail-msg-with-badge.mts │ │ │ ├── data │ │ │ │ ├── walk-nested-map.mts │ │ │ │ ├── objects.mts │ │ │ │ ├── map-to-object.mts │ │ │ │ └── strings.mts │ │ │ ├── organization.mts │ │ │ ├── npm │ │ │ │ └── package-arg.mts │ │ │ ├── ink.types.ts │ │ │ ├── semver.mts │ │ │ ├── command │ │ │ │ └── registry.mts │ │ │ ├── ecosystem │ │ │ │ ├── spec.mts │ │ │ │ └── requirements.mts │ │ │ ├── fs │ │ │ │ └── home-path.mts │ │ │ ├── terminal │ │ │ │ └── ink.mts │ │ │ ├── home-cache-time.mts │ │ │ ├── validation │ │ │ │ └── filter-config.mts │ │ │ └── output │ │ │ │ └── mode.mts │ │ ├── shadow │ │ │ ├── npm │ │ │ │ ├── inject.mts │ │ │ │ └── bin.mts │ │ │ ├── npx │ │ │ │ └── bin.mts │ │ │ └── stdio-ipc.mts │ │ ├── constants │ │ │ ├── alerts.mts │ │ │ ├── reporting.mts │ │ │ ├── cache.mts │ │ │ ├── config.mts │ │ │ ├── github.mts │ │ │ ├── http.mts │ │ │ ├── types.mts │ │ │ └── errors.mts │ │ ├── polyfills │ │ │ ├── intl-stub │ │ │ │ ├── base.mts │ │ │ │ ├── locale.mts │ │ │ │ └── helpers.mts │ │ │ └── intl-stub.mts │ │ ├── types │ │ │ ├── chalk-table.d.ts │ │ │ └── registry.d.ts │ │ ├── external │ │ │ ├── ink-table.mjs │ │ │ └── ink-table.d.mts │ │ ├── cli-dispatch-with-sentry.mts │ │ └── npx-cli.mts │ ├── test │ │ ├── fixtures │ │ │ ├── commands │ │ │ │ ├── fix │ │ │ │ │ ├── e2e-test-py │ │ │ │ │ │ └── requirements.txt │ │ │ │ │ ├── pnpm │ │ │ │ │ │ ├── monorepo │ │ │ │ │ │ │ ├── packages │ │ │ │ │ │ │ │ ├── app │ │ │ │ │ │ │ │ │ └── package.json │ │ │ │ │ │ │ │ └── lib │ │ │ │ │ │ │ │ │ └── package.json │ │ │ │ │ │ │ └── package.json │ │ │ │ │ │ └── vulnerable-deps │ │ │ │ │ │ │ └── package.json │ │ │ │ │ ├── yarn │ │ │ │ │ │ ├── monorepo │ │ │ │ │ │ │ ├── yarn.lock │ │ │ │ │ │ │ ├── packages │ │ │ │ │ │ │ │ ├── lib │ │ │ │ │ │ │ │ │ └── package.json │ │ │ │ │ │ │ │ └── app │ │ │ │ │ │ │ │ │ └── package.json │ │ │ │ │ │ │ └── package.json │ │ │ │ │ │ └── vulnerable-deps │ │ │ │ │ │ │ ├── package.json │ │ │ │ │ │ │ └── yarn.lock │ │ │ │ │ ├── e2e-test-js │ │ │ │ │ │ ├── package.json │ │ │ │ │ │ └── package-lock.json │ │ │ │ │ └── npm │ │ │ │ │ │ ├── monorepo │ │ │ │ │ │ ├── packages │ │ │ │ │ │ │ ├── app │ │ │ │ │ │ │ │ └── package.json │ │ │ │ │ │ │ └── lib │ │ │ │ │ │ │ │ └── package.json │ │ │ │ │ │ └── package.json │ │ │ │ │ │ └── vulnerable-deps │ │ │ │ │ │ ├── package.json │ │ │ │ │ │ └── package-lock.json │ │ │ │ ├── yarn │ │ │ │ │ └── minimal │ │ │ │ │ │ ├── .yarnrc.yml │ │ │ │ │ │ ├── .yarn │ │ │ │ │ │ └── install-state.gz │ │ │ │ │ │ ├── package.json │ │ │ │ │ │ └── yarn.lock │ │ │ │ ├── manifest │ │ │ │ │ ├── python │ │ │ │ │ │ └── requirements.txt │ │ │ │ │ └── conda │ │ │ │ │ │ └── environment.yml │ │ │ │ ├── npm │ │ │ │ │ ├── lacking-typosquat │ │ │ │ │ │ └── package.json │ │ │ │ │ ├── npm9 │ │ │ │ │ │ └── package.json │ │ │ │ │ ├── npm10 │ │ │ │ │ │ └── package.json │ │ │ │ │ └── npm11 │ │ │ │ │ │ └── package.json │ │ │ │ ├── cdxgen │ │ │ │ │ ├── npm │ │ │ │ │ │ └── package.json │ │ │ │ │ ├── package.json │ │ │ │ │ ├── pnpm │ │ │ │ │ │ └── package.json │ │ │ │ │ └── yarn │ │ │ │ │ │ └── package.json │ │ │ │ ├── patch │ │ │ │ │ ├── npm │ │ │ │ │ │ └── package.json │ │ │ │ │ ├── pnpm │ │ │ │ │ │ └── package.json │ │ │ │ │ └── yarn │ │ │ │ │ │ └── package.json │ │ │ │ ├── optimize │ │ │ │ │ ├── pnpm │ │ │ │ │ │ └── package.json │ │ │ │ │ ├── npm │ │ │ │ │ │ ├── package.json │ │ │ │ │ │ └── package-lock.json │ │ │ │ │ ├── pnpm8 │ │ │ │ │ │ └── package.json │ │ │ │ │ ├── pnpm9 │ │ │ │ │ │ └── package.json │ │ │ │ │ └── yarn │ │ │ │ │ │ ├── package.json │ │ │ │ │ │ └── yarn.lock │ │ │ │ ├── scan │ │ │ │ │ └── reach │ │ │ │ │ │ ├── index.js │ │ │ │ │ │ ├── npm │ │ │ │ │ │ ├── index.js │ │ │ │ │ │ └── package.json │ │ │ │ │ │ ├── pnpm │ │ │ │ │ │ ├── index.js │ │ │ │ │ │ └── package.json │ │ │ │ │ │ ├── yarn │ │ │ │ │ │ ├── index.js │ │ │ │ │ │ └── package.json │ │ │ │ │ │ └── package.json │ │ │ │ └── json │ │ │ │ │ └── socket.json │ │ │ ├── agent │ │ │ │ ├── bun │ │ │ │ │ └── package.json │ │ │ │ ├── vlt │ │ │ │ │ └── package.json │ │ │ │ ├── pnpm-v10 │ │ │ │ │ └── package.json │ │ │ │ ├── pnpm-v8 │ │ │ │ │ └── package.json │ │ │ │ ├── pnpm-v9 │ │ │ │ │ └── package.json │ │ │ │ ├── yarn-berry │ │ │ │ │ └── package.json │ │ │ │ └── yarn-classic │ │ │ │ │ └── package.json │ │ │ └── optimize │ │ │ │ ├── bun │ │ │ │ └── package.json │ │ │ │ ├── vlt │ │ │ │ └── package.json │ │ │ │ ├── pnpm-v8 │ │ │ │ └── package.json │ │ │ │ ├── pnpm-v9 │ │ │ │ └── package.json │ │ │ │ ├── pnpm-v10 │ │ │ │ └── package.json │ │ │ │ ├── yarn-berry │ │ │ │ └── package.json │ │ │ │ └── yarn-classic │ │ │ │ └── package.json │ │ ├── setup.mts │ │ ├── stubs │ │ │ ├── glob-test-helpers.mts │ │ │ └── cve-to-ghsa-stub.mts │ │ └── helpers │ │ │ └── index.mts │ ├── scripts │ │ ├── constants │ │ │ ├── versions.mjs │ │ │ └── build.mjs │ │ └── load.mjs │ ├── .config │ │ ├── esbuild-inject-import-meta.mjs │ │ └── tsconfig.check.json │ ├── .env.e2e │ ├── tsconfig.json │ └── .env.test ├── sdk │ ├── .gitattributes │ ├── test │ │ └── utils │ │ │ ├── constants.mts │ │ │ ├── fixtures.mts │ │ │ ├── mock-helpers.mts │ │ │ ├── fast-test-config.mts │ │ │ └── setup.mts │ ├── docs │ │ └── security.md │ ├── .config │ │ ├── isolated-tests.json │ │ ├── tsconfig.check.json │ │ ├── tsconfig.dts.json │ │ ├── tsconfig.check.local.json │ │ └── taze.config.mts │ ├── tsconfig.json │ ├── src │ │ ├── types │ │ │ └── registry.d.ts │ │ └── user-agent.ts │ ├── scripts │ │ ├── utils │ │ │ └── path-helpers.mjs │ │ ├── register-loader.mjs │ │ ├── prettify-base-json.mjs │ │ └── generate-types.mjs │ └── .gitignore ├── socketbin-cli-alpine-x64 │ ├── .gitignore │ ├── README.md │ └── package.json ├── socketbin-cli-darwin-x64 │ ├── .gitignore │ ├── README.md │ └── package.json ├── socketbin-cli-linux-x64 │ ├── .gitignore │ ├── README.md │ └── package.json ├── socketbin-cli-win32-x64 │ ├── .gitignore │ ├── README.md │ └── package.json ├── socketbin-cli-alpine-arm64 │ ├── .gitignore │ ├── README.md │ └── package.json ├── socketbin-cli-darwin-arm64 │ ├── .gitignore │ ├── README.md │ └── package.json ├── socketbin-cli-linux-arm64 │ ├── .gitignore │ ├── README.md │ └── package.json ├── socketbin-cli-win32-arm64 │ ├── .gitignore │ ├── README.md │ └── package.json ├── cli-with-sentry │ ├── vitest.config.mts │ └── .config │ │ └── esbuild-inject-import-meta.mjs ├── node-sea-builder │ ├── vitest.config.mts │ ├── package.json │ ├── scripts │ │ └── constants.mjs │ └── README.md ├── lib-internal │ ├── src │ │ ├── package-default-socket-categories.ts │ │ ├── zod.ts │ │ ├── constants │ │ │ ├── github.ts │ │ │ ├── testing.ts │ │ │ ├── platform.ts │ │ │ ├── encoding.ts │ │ │ ├── typescript.ts │ │ │ ├── time.ts │ │ │ ├── process.ts │ │ │ └── core.ts │ │ ├── env │ │ │ ├── term.ts │ │ │ ├── path.ts │ │ │ ├── home.ts │ │ │ ├── shell.ts │ │ │ ├── debug.ts │ │ │ ├── node-env.ts │ │ │ ├── node-auth-token.ts │ │ │ ├── ci.ts │ │ │ ├── pre-commit.ts │ │ │ ├── helpers.ts │ │ │ ├── locale.ts │ │ │ ├── temp-dir.ts │ │ │ ├── xdg.ts │ │ │ └── test.ts │ │ ├── package-default-node-range.ts │ │ ├── lifecycle-script-names.ts │ │ └── regexps.ts │ ├── scripts │ │ └── build-externals │ │ │ └── stubs │ │ │ ├── empty.cjs │ │ │ ├── noop.cjs │ │ │ ├── encoding.cjs │ │ │ ├── throw.cjs │ │ │ └── debug.cjs │ ├── tsconfig.dts.json │ ├── tsconfig.test.json │ ├── .config │ │ ├── knip.json │ │ ├── tsconfig.check.json │ │ ├── taze.config.mts │ │ └── vitest-global-setup.mts │ ├── .gitignore │ └── data │ │ └── extensions.json ├── bootstrap │ ├── node-version.json │ ├── src │ │ └── bootstrap-npm.mts │ └── package.json ├── yoga-layout │ └── package.json └── socket │ └── vitest.config.mts ├── .env.external ├── .env.precommit ├── logo-dark.png ├── .env.testu ├── .husky ├── pre-push ├── commit-msg └── pre-commit ├── logo-light.png ├── socket.yml ├── .env.dist ├── .config ├── tsconfig.test.json ├── tsconfig.build.json ├── esbuild-inject-import-meta.mjs ├── tsconfig.external-aliases.json ├── tsconfig.check.json └── isolated-tests.json ├── .npmrc ├── SECURITY.md ├── .vscode └── extensions.json ├── .pnpmrc ├── vitest.config.simple.mts ├── .env.example ├── .github ├── dependabot.yml └── workflows │ ├── claude-auto-review.yml │ ├── claude.yml │ └── socket-auto-pr.yml ├── .env.local.example ├── patches ├── brace-expansion@2.0.2.patch ├── string_decoder@0.10.31.patch └── graceful-fs@4.2.11.patch ├── tsconfig.json ├── vitest.e2e.config.mts ├── sd ├── Makefile ├── scripts ├── register.mjs └── dev-local.sh └── taze.config.mts /.node-version: -------------------------------------------------------------------------------- 1 | 24 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | -------------------------------------------------------------------------------- /packages/cli/.gitignore: -------------------------------------------------------------------------------- 1 | external/ 2 | -------------------------------------------------------------------------------- /packages/sdk/.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | -------------------------------------------------------------------------------- /packages/socketbin-cli-alpine-x64/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /packages/socketbin-cli-darwin-x64/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /packages/socketbin-cli-linux-x64/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /packages/socketbin-cli-win32-x64/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /packages/socketbin-cli-alpine-arm64/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /packages/socketbin-cli-darwin-arm64/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /packages/socketbin-cli-linux-arm64/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /packages/socketbin-cli-win32-arm64/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /.env.external: -------------------------------------------------------------------------------- 1 | LINT_EXTERNAL=1 2 | NODE_COMPILE_CACHE="./.cache" 3 | -------------------------------------------------------------------------------- /.env.precommit: -------------------------------------------------------------------------------- 1 | NODE_COMPILE_CACHE="./.cache" 2 | PRE_COMMIT=1 3 | -------------------------------------------------------------------------------- /logo-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SocketDev/socket-cli/HEAD/logo-dark.png -------------------------------------------------------------------------------- /.env.testu: -------------------------------------------------------------------------------- 1 | NODE_COMPILE_CACHE="./.cache" 2 | SOCKET_CLI_NO_API_TOKEN=1 3 | VITEST=1 4 | -------------------------------------------------------------------------------- /.husky/pre-push: -------------------------------------------------------------------------------- 1 | # Run pre-push security validation. 2 | .git-hooks/pre-push "$@" 3 | -------------------------------------------------------------------------------- /logo-light.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SocketDev/socket-cli/HEAD/logo-light.png -------------------------------------------------------------------------------- /packages/cli/src/commands/optimize/shared.mts: -------------------------------------------------------------------------------- 1 | export const CMD_NAME = 'socket optimize' 2 | -------------------------------------------------------------------------------- /packages/cli/src/commands/repository/types.mts: -------------------------------------------------------------------------------- 1 | export type Direction = 'asc' | 'desc' 2 | -------------------------------------------------------------------------------- /socket.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | 3 | projectIgnorePaths: 4 | - "test/fixtures/commands/fix" 5 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/e2e-test-py/requirements.txt: -------------------------------------------------------------------------------- 1 | django==3.0.0 2 | requests==2.25.0 3 | -------------------------------------------------------------------------------- /.husky/commit-msg: -------------------------------------------------------------------------------- 1 | # Run commit message validation and auto-strip AI attribution. 2 | .git-hooks/commit-msg "$1" 3 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/yarn/minimal/.yarnrc.yml: -------------------------------------------------------------------------------- 1 | nodeLinker: node-modules 2 | enableGlobalCache: false 3 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/manifest/python/requirements.txt: -------------------------------------------------------------------------------- 1 | qgrid==1.3.0 2 | mplstereonet 3 | pyqt5 4 | gempy==2.1.0 -------------------------------------------------------------------------------- /packages/socketbin-cli-linux-x64/README.md: -------------------------------------------------------------------------------- 1 | # @socketbin/cli-linux-x64 2 | 3 | Native Socket CLI binary for **Linux x64**. 4 | -------------------------------------------------------------------------------- /packages/socketbin-cli-win32-x64/README.md: -------------------------------------------------------------------------------- 1 | # @socketbin/cli-win32-x64 2 | 3 | Native Socket CLI binary for **Windows x64**. 4 | -------------------------------------------------------------------------------- /.env.dist: -------------------------------------------------------------------------------- 1 | LINT_DIST=1 2 | NODE_COMPILE_CACHE="./.cache" 3 | NODE_OPTIONS="--max-old-space-size=4096 --max-semi-space-size=512" 4 | -------------------------------------------------------------------------------- /packages/socketbin-cli-linux-arm64/README.md: -------------------------------------------------------------------------------- 1 | # @socketbin/cli-linux-arm64 2 | 3 | Native Socket CLI binary for **Linux ARM64**. 4 | -------------------------------------------------------------------------------- /packages/socketbin-cli-darwin-x64/README.md: -------------------------------------------------------------------------------- 1 | # @socketbin/cli-darwin-x64 2 | 3 | Native Socket CLI binary for **macOS x64 (Intel)**. 4 | -------------------------------------------------------------------------------- /packages/socketbin-cli-win32-arm64/README.md: -------------------------------------------------------------------------------- 1 | # @socketbin/cli-win32-arm64 2 | 3 | Native Socket CLI binary for **Windows ARM64**. 4 | -------------------------------------------------------------------------------- /packages/socketbin-cli-alpine-x64/README.md: -------------------------------------------------------------------------------- 1 | # @socketbin/cli-alpine-x64 2 | 3 | Native Socket CLI binary for **Alpine Linux x64 (musl)**. 4 | -------------------------------------------------------------------------------- /packages/socketbin-cli-alpine-arm64/README.md: -------------------------------------------------------------------------------- 1 | # @socketbin/cli-alpine-arm64 2 | 3 | Native Socket CLI binary for **Alpine Linux ARM64 (musl)**. 4 | -------------------------------------------------------------------------------- /packages/socketbin-cli-darwin-arm64/README.md: -------------------------------------------------------------------------------- 1 | # @socketbin/cli-darwin-arm64 2 | 3 | Native Socket CLI binary for **macOS ARM64 (Apple Silicon)**. 4 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/agent/bun/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "bun-fixture", 3 | "version": "1.0.0", 4 | "private": true, 5 | "dependencies": {} 6 | } 7 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/npm/lacking-typosquat/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "dependencies": { 3 | "bowserify": "^10.2.1" 4 | }, 5 | "private": true 6 | } 7 | -------------------------------------------------------------------------------- /.config/tsconfig.test.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.base.json", 3 | "compilerOptions": { 4 | "noUnusedLocals": false, 5 | "noUnusedParameters": false 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /packages/cli/src/env/node-env.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview NODE_ENV environment variable. */ 2 | 3 | import { env } from 'node:process' 4 | 5 | export const NODE_ENV = env['NODE_ENV'] 6 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/types.mts: -------------------------------------------------------------------------------- 1 | export type FOLD_SETTING = 'pkg' | 'version' | 'file' | 'none' 2 | 3 | export type REPORT_LEVEL = 'defer' | 'ignore' | 'monitor' | 'warn' | 'error' 4 | -------------------------------------------------------------------------------- /packages/sdk/test/utils/constants.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview Test constants and configuration values. */ 2 | 3 | export { SOCKET_PUBLIC_API_TOKEN } from '@socketsecurity/lib/constants/socket' 4 | -------------------------------------------------------------------------------- /packages/cli-with-sentry/vitest.config.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Extends shared simple vitest config. 3 | */ 4 | import baseConfig from '../../vitest.config.simple.mts' 5 | 6 | export default baseConfig 7 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/agent/vlt/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "vlt-fixture", 3 | "version": "1.0.0", 4 | "private": true, 5 | "dependencies": { 6 | "vlt": "0.0.0-30" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/yarn/minimal/.yarn/install-state.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SocketDev/socket-cli/HEAD/packages/cli/test/fixtures/commands/yarn/minimal/.yarn/install-state.gz -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/yarn/minimal/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "test-yarn-minimal", 3 | "version": "1.0.0", 4 | "private": true, 5 | "packageManager": "yarn@4.10.3" 6 | } 7 | -------------------------------------------------------------------------------- /packages/cli/test/setup.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview Vitest setup file for test utilities. */ 2 | 3 | // Disable debug output during tests 4 | process.env.DEBUG = '' 5 | delete process.env.NODE_DEBUG 6 | -------------------------------------------------------------------------------- /packages/node-sea-builder/vitest.config.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Extends shared simple vitest config. 3 | */ 4 | import baseConfig from '../../vitest.config.simple.mts' 5 | 6 | export default baseConfig 7 | -------------------------------------------------------------------------------- /.npmrc: -------------------------------------------------------------------------------- 1 | # Suppress pnpm build script warnings. 2 | ignore-scripts=true 3 | 4 | # Suppress pnpm workspace warnings 5 | link-workspace-packages=false 6 | loglevel=error 7 | prefer-workspace-packages=false -------------------------------------------------------------------------------- /packages/cli/src/commands/json/handle-cmd-json.mts: -------------------------------------------------------------------------------- 1 | import { outputCmdJson } from './output-cmd-json.mts' 2 | 3 | export async function handleCmdJson(cwd: string) { 4 | await outputCmdJson(cwd) 5 | } 6 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/agent/pnpm-v10/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "pnpm-v10-fixture", 3 | "version": "1.0.0", 4 | "private": true, 5 | "dependencies": { 6 | "pnpm": "10.0.0" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/agent/pnpm-v8/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "pnpm-v8-fixture", 3 | "version": "1.0.0", 4 | "private": true, 5 | "dependencies": { 6 | "pnpm": "8.15.1" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/agent/pnpm-v9/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "pnpm-v9-fixture", 3 | "version": "1.0.0", 4 | "private": true, 5 | "dependencies": { 6 | "pnpm": "9.14.4" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/agent/yarn-berry/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "yarn-berry-fixture", 3 | "version": "1.0.0", 4 | "private": true, 5 | "dependencies": { 6 | "@yarnpkg/cli": "4.10.3" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/agent/yarn-classic/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "yarn-classic-fixture", 3 | "version": "1.0.0", 4 | "private": true, 5 | "dependencies": { 6 | "yarn": "1.22.22" 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/home.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * HOME environment variable. 3 | * User home directory (Unix systems). 4 | */ 5 | 6 | import { getHome } from '@socketsecurity/lib/env/home' 7 | 8 | export const HOME = getHome() 9 | -------------------------------------------------------------------------------- /packages/cli/src/utils/alert/translations.mts: -------------------------------------------------------------------------------- 1 | import translations from '../../../data/alert-translations.json' with { 2 | type: 'json', 3 | } 4 | 5 | export function getTranslations() { 6 | return translations 7 | } 8 | -------------------------------------------------------------------------------- /packages/cli/src/env/github-api-url.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview GITHUB_API_URL environment variable. */ 2 | 3 | import { getGithubApiUrl } from '@socketsecurity/lib/env/github' 4 | 5 | export const GITHUB_API_URL = getGithubApiUrl() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/github-base-ref.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview GITHUB_BASE_REF environment variable. */ 2 | 3 | import { getGithubBaseRef } from '@socketsecurity/lib/env/github' 4 | 5 | export const GITHUB_BASE_REF = getGithubBaseRef() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/github-ref-name.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview GITHUB_REF_NAME environment variable. */ 2 | 3 | import { getGithubRefName } from '@socketsecurity/lib/env/github' 4 | 5 | export const GITHUB_REF_NAME = getGithubRefName() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/github-ref-type.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview GITHUB_REF_TYPE environment variable. */ 2 | 3 | import { getGithubRefType } from '@socketsecurity/lib/env/github' 4 | 5 | export const GITHUB_REF_TYPE = getGithubRefType() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/temp.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * TEMP environment variable. 3 | * Temporary directory path (Windows systems). 4 | */ 5 | 6 | import { getTemp } from '@socketsecurity/lib/env/temp-dir' 7 | 8 | export const TEMP = getTemp() 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/term.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * TERM environment variable. 3 | * Terminal type for Unix-based systems (e.g., "xterm-256color"). 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const TERM = env['TERM'] 9 | -------------------------------------------------------------------------------- /.config/tsconfig.build.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.base.json", 3 | "compilerOptions": { 4 | "declaration": true, 5 | "declarationMap": true, 6 | "composite": true, 7 | "incremental": true 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /packages/cli/src/env/userprofile.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * USERPROFILE environment variable. 3 | * User profile directory (Windows systems). 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const USERPROFILE = env['USERPROFILE'] 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/optimize/bun/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "test-bun", 3 | "version": "1.0.0", 4 | "private": true, 5 | "packageManager": "bun@1.1.42", 6 | "dependencies": { 7 | "bun": "1.1.42" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/optimize/vlt/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "test-vlt", 3 | "version": "1.0.0", 4 | "private": true, 5 | "packageManager": "vlt@0.1.0", 6 | "dependencies": { 7 | "vlt": "0.1.0" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /packages/lib-internal/src/package-default-socket-categories.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Default Socket security categories for packages. 3 | */ 4 | 5 | // Default category for new packages 6 | export default Object.freeze(['cleanup']) 7 | -------------------------------------------------------------------------------- /packages/lib-internal/src/zod.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Zod schema validation library wrapper for type-safe runtime validation. 3 | * Provides access to zod's schema builder through the z object. 4 | */ 5 | 6 | export { z } from 'zod' 7 | -------------------------------------------------------------------------------- /packages/cli/src/env/ci.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * CI environment variable. 3 | * Set to true/1 when running in a continuous integration environment. 4 | */ 5 | 6 | import { getCI } from '@socketsecurity/lib/env/ci' 7 | 8 | export const CI = getCI() 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/github-server-url.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview GITHUB_SERVER_URL environment variable. */ 2 | 3 | import { getGithubServerUrl } from '@socketsecurity/lib/env/github' 4 | 5 | export const GITHUB_SERVER_URL = getGithubServerUrl() 6 | -------------------------------------------------------------------------------- /packages/cli/test/stubs/glob-test-helpers.mts: -------------------------------------------------------------------------------- 1 | import micromatch from 'micromatch' 2 | 3 | // Helper for testing. 4 | export function isGlobMatch(path: string, patterns: string[]): boolean { 5 | return micromatch.isMatch(path, patterns) 6 | } 7 | -------------------------------------------------------------------------------- /packages/cli/src/env/github-repository.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview GITHUB_REPOSITORY environment variable. */ 2 | 3 | import { getGithubRepository } from '@socketsecurity/lib/env/github' 4 | 5 | export const GITHUB_REPOSITORY = getGithubRepository() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/node-options.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * NODE_OPTIONS environment variable snapshot. 3 | * Used to pass options to Node.js runtime. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const NODE_OPTIONS = env['NODE_OPTIONS'] 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-config.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview SOCKET_CLI_CONFIG environment variable. */ 2 | 3 | import { getSocketCliConfig } from '@socketsecurity/lib/env/socket-cli' 4 | 5 | export const SOCKET_CLI_CONFIG = getSocketCliConfig() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/tmp.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * TMP environment variable. 3 | * Alternative temporary directory path (Windows/Unix systems). 4 | */ 5 | 6 | import { getTmp } from '@socketsecurity/lib/env/temp-dir' 7 | 8 | export const TMP = getTmp() 9 | -------------------------------------------------------------------------------- /packages/cli/src/shadow/npm/inject.mts: -------------------------------------------------------------------------------- 1 | import { installSafeArborist } from './arborist/index.mts' 2 | import { initializeIpc } from '../../utils/ipc.mjs' 3 | 4 | // Initialize IPC data handling. 5 | initializeIpc() 6 | 7 | installSafeArborist() 8 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/optimize/pnpm-v8/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "test-pnpm-v8", 3 | "version": "1.0.0", 4 | "private": true, 5 | "packageManager": "pnpm@8.15.1", 6 | "dependencies": { 7 | "pnpm": "8.15.1" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/optimize/pnpm-v9/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "test-pnpm-v9", 3 | "version": "1.0.0", 4 | "private": true, 5 | "packageManager": "pnpm@9.14.4", 6 | "dependencies": { 7 | "pnpm": "9.14.4" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /packages/lib-internal/scripts/build-externals/stubs/empty.cjs: -------------------------------------------------------------------------------- 1 | /** 2 | * Empty stub - provides no functionality. 3 | * Used for dependencies that are never actually called in our code paths. 4 | */ 5 | 'use strict' 6 | 7 | module.exports = {} 8 | -------------------------------------------------------------------------------- /packages/cli/src/env/localappdata.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * LOCALAPPDATA environment variable. 3 | * Local application data directory (Windows systems). 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const LOCALAPPDATA = env['LOCALAPPDATA'] 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/optimize/pnpm-v10/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "test-pnpm-v10", 3 | "version": "1.0.0", 4 | "private": true, 5 | "packageManager": "pnpm@10.0.0", 6 | "dependencies": { 7 | "pnpm": "10.0.0" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /packages/cli/src/env/npm-config-cache.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * npm_config_cache environment variable snapshot. 3 | * Points to the npm cache directory. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const npm_config_cache = env['npm_config_cache'] 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/npm-config-user-agent.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview npm_config_user_agent environment variable. */ 2 | 3 | import { getNpmConfigUserAgent } from '@socketsecurity/lib/env/npm' 4 | 5 | export const npm_config_user_agent = getNpmConfigUserAgent() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-mode.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_MODE environment variable snapshot. 3 | * Controls Socket CLI operational mode. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_MODE = env['SOCKET_CLI_MODE'] 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/optimize/yarn-berry/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "test-yarn-berry", 3 | "version": "1.0.0", 4 | "private": true, 5 | "packageManager": "yarn@4.10.3", 6 | "dependencies": { 7 | "yarn": "4.10.3" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-api-proxy.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview SOCKET_CLI_API_PROXY environment variable. */ 2 | 3 | import { getSocketCliApiProxy } from '@socketsecurity/lib/env/socket-cli' 4 | 5 | export const SOCKET_CLI_API_PROXY = getSocketCliApiProxy() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-api-token.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview SOCKET_CLI_API_TOKEN environment variable. */ 2 | 3 | import { getSocketCliApiToken } from '@socketsecurity/lib/env/socket-cli' 4 | 5 | export const SOCKET_CLI_API_TOKEN = getSocketCliApiToken() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/vitest.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * VITEST environment variable snapshot. 3 | * Indicates whether code is running under Vitest test runner. 4 | */ 5 | 6 | import { getVitest } from '@socketsecurity/lib/env/test' 7 | 8 | export const VITEST = getVitest() 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/optimize/yarn-classic/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "test-yarn-classic", 3 | "version": "1.0.0", 4 | "private": true, 5 | "packageManager": "yarn@1.22.22", 6 | "dependencies": { 7 | "yarn": "1.22.22" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /packages/cli/src/env/run-e2e-tests.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * RUN_E2E_TESTS environment variable. 3 | * Set to enable end-to-end tests that require Socket API access. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const RUN_E2E_TESTS = env['RUN_E2E_TESTS'] 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-debug.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_DEBUG environment variable snapshot. 3 | * Controls Socket CLI-specific debug output. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_DEBUG = env['SOCKET_CLI_DEBUG'] 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-api-base-url.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview SOCKET_CLI_API_BASE_URL environment variable. */ 2 | 3 | import { getSocketCliApiBaseUrl } from '@socketsecurity/lib/env/socket-cli' 4 | 5 | export const SOCKET_CLI_API_BASE_URL = getSocketCliApiBaseUrl() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-api-timeout.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview SOCKET_CLI_API_TIMEOUT environment variable. */ 2 | 3 | import { getSocketCliApiTimeout } from '@socketsecurity/lib/env/socket-cli' 4 | 5 | export const SOCKET_CLI_API_TIMEOUT = getSocketCliApiTimeout() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-no-api-token.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview SOCKET_CLI_NO_API_TOKEN environment variable. */ 2 | 3 | import { getSocketCliNoApiToken } from '@socketsecurity/lib/env/socket-cli' 4 | 5 | export const SOCKET_CLI_NO_API_TOKEN = getSocketCliNoApiToken() 6 | -------------------------------------------------------------------------------- /packages/lib-internal/src/constants/github.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * GitHub APIs and cache configuration. 3 | */ 4 | 5 | // GitHub API. 6 | export const GITHUB_API_BASE_URL = 'https://api.github.com' 7 | 8 | // GitHub cache. 9 | export const CACHE_GITHUB_DIR = 'github' 10 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-accept-risks.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview SOCKET_CLI_ACCEPT_RISKS environment variable. */ 2 | 3 | import { getSocketCliAcceptRisks } from '@socketsecurity/lib/env/socket-cli' 4 | 5 | export const SOCKET_CLI_ACCEPT_RISKS = getSocketCliAcceptRisks() 6 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-npm-path.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_NPM_PATH environment variable snapshot. 3 | * Overrides the default npm binary path. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_NPM_PATH = env['SOCKET_CLI_NPM_PATH'] 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-bin-path.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_BIN_PATH environment variable snapshot. 3 | * Overrides the default Socket CLI binary path. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_BIN_PATH = env['SOCKET_CLI_BIN_PATH'] 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-view-all-risks.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview SOCKET_CLI_VIEW_ALL_RISKS environment variable. */ 2 | 3 | import { getSocketCliViewAllRisks } from '@socketsecurity/lib/env/socket-cli' 4 | 5 | export const SOCKET_CLI_VIEW_ALL_RISKS = getSocketCliViewAllRisks() 6 | -------------------------------------------------------------------------------- /packages/cli/src/utils/alert/fix.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview Alert fix type definitions. */ 2 | 3 | import { createEnum } from '../data/objects.mts' 4 | 5 | export const ALERT_FIX_TYPE = createEnum({ 6 | cve: 'cve', 7 | remove: 'remove', 8 | upgrade: 'upgrade', 9 | }) 10 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/term.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * TERM environment variable getter. 3 | * Terminal type identifier. 4 | */ 5 | 6 | import { getEnvValue } from '#env/rewire' 7 | 8 | export function getTerm(): string | undefined { 9 | return getEnvValue('TERM') 10 | } 11 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-fix.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_FIX environment variable snapshot. 3 | * Enables automatic fix mode in Socket CLI. 4 | */ 5 | 6 | import { getSocketCliFix } from '@socketsecurity/lib/env/socket-cli' 7 | 8 | export const SOCKET_CLI_FIX = getSocketCliFix() 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-js-path.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_JS_PATH environment variable snapshot. 3 | * Overrides the default Socket CLI JavaScript entry path. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_JS_PATH = env['SOCKET_CLI_JS_PATH'] 9 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/path.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * PATH environment variable getter. 3 | * System executable search paths. 4 | */ 5 | 6 | import { getEnvValue } from '#env/rewire' 7 | 8 | export function getPath(): string | undefined { 9 | return getEnvValue('PATH') 10 | } 11 | -------------------------------------------------------------------------------- /packages/cli/src/constants/alerts.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Security alert type constants. 3 | */ 4 | 5 | export const ALERT_TYPE_CRITICAL_CVE = 'criticalCVE' 6 | export const ALERT_TYPE_CVE = 'cve' 7 | export const ALERT_TYPE_MEDIUM_CVE = 'mediumCVE' 8 | export const ALERT_TYPE_MILD_CVE = 'mildCVE' 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/npm/npm9/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "npm9", 3 | "version": "1.0.0", 4 | "private": true, 5 | "scripts": { 6 | "test": "echo \"Error: no test specified\" && exit 1" 7 | }, 8 | "dependencies": { 9 | "npm": "9.9.4" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/home.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * HOME environment variable getter. 3 | * Points to the user's home directory. 4 | */ 5 | 6 | import { getEnvValue } from '#env/rewire' 7 | 8 | export function getHome(): string | undefined { 9 | return getEnvValue('HOME') 10 | } 11 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/shell.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * SHELL environment variable getter. 3 | * Unix/macOS default shell path. 4 | */ 5 | 6 | import { getEnvValue } from '#env/rewire' 7 | 8 | export function getShell(): string | undefined { 9 | return getEnvValue('SHELL') 10 | } 11 | -------------------------------------------------------------------------------- /packages/cli/src/env/run-integration-tests.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * RUN_INTEGRATION_TESTS environment variable. 3 | * Set to enable integration tests that require Socket API access. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const RUN_INTEGRATION_TESTS = env['RUN_INTEGRATION_TESTS'] 9 | -------------------------------------------------------------------------------- /packages/cli/src/polyfills/intl-stub/base.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Base class for all Intl stub implementations. 3 | */ 4 | 5 | /** 6 | * Base class for all Intl stub implementations. 7 | * Accepts any constructor arguments but ignores them. 8 | */ 9 | export class IntlBase {} 10 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/npm/npm10/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "npm10", 3 | "version": "1.0.0", 4 | "private": true, 5 | "scripts": { 6 | "test": "echo \"Error: no test specified\" && exit 1" 7 | }, 8 | "dependencies": { 9 | "npm": "10.9.2" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/npm/npm11/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "npm11", 3 | "version": "1.0.0", 4 | "private": true, 5 | "scripts": { 6 | "test": "echo \"Error: no test specified\" && exit 1" 7 | }, 8 | "dependencies": { 9 | "npm": "11.2.0" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /packages/bootstrap/node-version.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-07/schema#", 3 | "description": "Node.js version configuration for Socket CLI. This version is used by bootstrap, smol builder, and SEA builder.", 4 | "version": "v24.10.0", 5 | "versionSemver": "24.10.0" 6 | } 7 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/debug.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * DEBUG environment variable getter. 3 | * Controls debug output for the debug package. 4 | */ 5 | 6 | import { getEnvValue } from '#env/rewire' 7 | 8 | export function getDebug(): string | undefined { 9 | return getEnvValue('DEBUG') 10 | } 11 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-local-path.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Local path override for Socket CLI binary. 3 | * Useful for E2E testing different build variants (bin/cli.js, smol, SEA, etc). 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_LOCAL_PATH = env['SOCKET_CLI_LOCAL_PATH'] 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-org-slug.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_ORG_SLUG environment variable. 3 | * Default organization slug for Socket CLI operations. 4 | */ 5 | 6 | import { getSocketCliOrgSlug } from '@socketsecurity/lib/env/socket-cli' 7 | 8 | export const SOCKET_CLI_ORG_SLUG = getSocketCliOrgSlug() 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/xdg-data-home.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * XDG_DATA_HOME environment variable. 3 | * User-specific data directory following XDG Base Directory specification (Unix systems). 4 | */ 5 | 6 | import { getXdgDataHome } from '@socketsecurity/lib/env/xdg' 7 | 8 | export const XDG_DATA_HOME = getXdgDataHome() 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/pnpm/monorepo/packages/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@monorepo/app", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "App package in monorepo", 6 | "main": "index.js", 7 | "dependencies": { 8 | "on-headers": "1.0.2" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/pnpm/monorepo/packages/lib/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@monorepo/lib", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Lib package in monorepo", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.20" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/yarn/monorepo/yarn.lock: -------------------------------------------------------------------------------- 1 | # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. 2 | # yarn lockfile v1 3 | 4 | 5 | axios@1.3.2: 6 | version "1.3.2" 7 | resolved "https://registry.npmjs.org/axios/-/axios-1.3.2.tgz" 8 | integrity sha512-test-integrity-placeholder -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-cdxgen-local-path.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Local path override for cdxgen binary. 3 | * Useful for local development and testing with custom cdxgen builds. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_CDXGEN_LOCAL_PATH = env['SOCKET_CLI_CDXGEN_LOCAL_PATH'] 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/xdg-cache-home.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * XDG_CACHE_HOME environment variable. 3 | * User-specific cache directory following XDG Base Directory specification (Unix systems). 4 | */ 5 | 6 | import { getXdgCacheHome } from '@socketsecurity/lib/env/xdg' 7 | 8 | export const XDG_CACHE_HOME = getXdgCacheHome() 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/e2e-test-js/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "e2e-test-js", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "E2E test fixture with known vulnerabilities", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.20" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/pnpm/monorepo/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "monorepo-test", 3 | "version": "1.0.0", 4 | "description": "Test monorepo fixture", 5 | "private": true, 6 | "workspaces": [ 7 | "packages/*" 8 | ], 9 | "devDependencies": { 10 | "axios": "1.3.2" 11 | } 12 | } -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-optimize.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_OPTIMIZE environment variable snapshot. 3 | * Enables automatic optimization mode in Socket CLI. 4 | */ 5 | 6 | import { getSocketCliOptimize } from '@socketsecurity/lib/env/socket-cli' 7 | 8 | export const SOCKET_CLI_OPTIMIZE = getSocketCliOptimize() 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-sfw-local-path.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Local path override for socket-firewall binary. 3 | * Useful for local development and testing with custom firewall builds. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_SFW_LOCAL_PATH = env['SOCKET_CLI_SFW_LOCAL_PATH'] 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/npm/monorepo/packages/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@monorepo-npm/app", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "App package in monorepo (npm)", 6 | "main": "index.js", 7 | "dependencies": { 8 | "on-headers": "1.0.2" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/npm/monorepo/packages/lib/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@monorepo-npm/lib", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Lib package in monorepo (npm)", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.20" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/yarn/monorepo/packages/lib/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@monorepo-yarn/lib", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Lib package in monorepo (yarn)", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.20" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Reporting Security Issues 2 | 3 | **Report security vulnerabilities directly to [security@socket.dev](mailto:security@socket.dev).** 4 | 5 | All reports are taken seriously and addressed promptly. 6 | 7 | **Do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** 8 | -------------------------------------------------------------------------------- /packages/cli/src/commands/optimize/types.mts: -------------------------------------------------------------------------------- 1 | import type { StringKeyValueObject } from '../../types.mts' 2 | 3 | export type NpmOverrides = { [key: string]: string | StringKeyValueObject } 4 | 5 | export type PnpmOrYarnOverrides = { [key: string]: string } 6 | 7 | export type Overrides = NpmOverrides | PnpmOrYarnOverrides 8 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-coana-local-path.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_COANA_LOCAL_PATH environment variable snapshot. 3 | * Overrides the default Coana CLI path for local development. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_COANA_LOCAL_PATH = env['SOCKET_CLI_COANA_LOCAL_PATH'] 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-models-path.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_MODELS_PATH environment variable snapshot. 3 | * Specifies the directory containing NLP model files (ONNX models and tokenizers). 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_MODELS_PATH = env['SOCKET_CLI_MODELS_PATH'] 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/npm/monorepo/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "monorepo-test-npm", 3 | "version": "1.0.0", 4 | "description": "Test monorepo fixture (npm)", 5 | "private": true, 6 | "workspaces": [ 7 | "packages/*" 8 | ], 9 | "devDependencies": { 10 | "axios": "1.3.2" 11 | } 12 | } -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/yarn/monorepo/packages/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@monorepo-yarn/app", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "App package in monorepo (yarn)", 6 | "main": "index.js", 7 | "dependencies": { 8 | "on-headers": "1.0.2" 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /packages/lib-internal/scripts/build-externals/stubs/noop.cjs: -------------------------------------------------------------------------------- 1 | /** 2 | * No-op stub - provides functions that do nothing. 3 | * Used for optional features we don't need (logging, debugging, etc). 4 | */ 5 | 'use strict' 6 | 7 | const noop = () => {} 8 | 9 | module.exports = noop 10 | module.exports.default = noop 11 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "ryanluker.vscode-coverage-gutters", 4 | "hbenl.vscode-test-explorer", 5 | "hbenl.vscode-mocha-test-adapter", 6 | "dbaeumer.vscode-eslint", 7 | "gruntfuggly.todo-tree", 8 | "editorconfig.editorconfig", 9 | "biomejs.biome" 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-pycli-local-path.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Local path override for Socket Python CLI binary. 3 | * Useful for local development and testing with custom Python CLI builds. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_PYCLI_LOCAL_PATH = env['SOCKET_CLI_PYCLI_LOCAL_PATH'] 9 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/yarn/monorepo/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "monorepo-test-yarn", 3 | "version": "1.0.0", 4 | "description": "Test monorepo fixture (yarn)", 5 | "private": true, 6 | "workspaces": [ 7 | "packages/*" 8 | ], 9 | "devDependencies": { 10 | "axios": "1.3.2" 11 | } 12 | } -------------------------------------------------------------------------------- /packages/lib-internal/src/constants/testing.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Testing framework constants and CI environment detection. 3 | */ 4 | 5 | // Testing frameworks. 6 | export const TEST = 'test' 7 | export const VITEST = 'VITEST' 8 | 9 | // CI environment. 10 | export const CI = 'CI' 11 | export const PRE_COMMIT = 'PRE_COMMIT' 12 | -------------------------------------------------------------------------------- /packages/lib-internal/tsconfig.dts.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.json", 3 | "compilerOptions": { 4 | "declaration": true, 5 | "emitDeclarationOnly": true, 6 | "noEmit": false 7 | }, 8 | "include": ["src/**/*.ts"], 9 | "exclude": ["node_modules", "dist/**/*", "lib", "test", "src/**/*.js"] 10 | } 11 | -------------------------------------------------------------------------------- /.pnpmrc: -------------------------------------------------------------------------------- 1 | # Delayed dependency updates - wait 7 days (10080 minutes) before allowing new packages. 2 | minimumReleaseAge=10080 3 | 4 | # Auto-install peers. 5 | auto-install-peers=true 6 | 7 | # Strict peer dependencies. 8 | strict-peer-dependencies=false 9 | 10 | # Save exact versions (like npm --save-exact). 11 | save-exact=true -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-github-token.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_GITHUB_TOKEN environment variable snapshot. 3 | * Overrides GitHub token for Socket CLI operations. 4 | */ 5 | 6 | import { getSocketCliGithubToken } from '@socketsecurity/lib/env/socket-cli' 7 | 8 | export const SOCKET_CLI_GITHUB_TOKEN = getSocketCliGithubToken() 9 | -------------------------------------------------------------------------------- /packages/lib-internal/src/package-default-node-range.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Default Node.js version range for packages. 3 | */ 4 | 5 | const maintainedNodeVersions = require('#lib/maintained-node-versions').default 6 | const semver = require('semver') 7 | 8 | export default `>=${semver.parse(maintainedNodeVersions.last).major}` 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-node-download-url.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_NODE_DOWNLOAD_URL environment variable snapshot. 3 | * Specifies the base URL for downloading Node.js binaries for SEA builds. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_NODE_DOWNLOAD_URL = env['SOCKET_CLI_NODE_DOWNLOAD_URL'] 9 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/node-env.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * NODE_ENV environment variable getter. 3 | * Indicates the Node.js environment mode (production, development, test). 4 | */ 5 | 6 | import { getEnvValue } from '#env/rewire' 7 | 8 | export function getNodeEnv(): string | undefined { 9 | return getEnvValue('NODE_ENV') 10 | } 11 | -------------------------------------------------------------------------------- /packages/sdk/docs/security.md: -------------------------------------------------------------------------------- 1 | # Reporting Security Issues 2 | 3 | **Report security vulnerabilities directly to [security@socket.dev](mailto:security@socket.dev).** 4 | 5 | All reports are taken seriously and addressed promptly. 6 | 7 | **Do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** 8 | -------------------------------------------------------------------------------- /vitest.config.simple.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Shared Vitest configuration for simple packages. 3 | * Used by packages with basic test needs (10s timeouts). 4 | */ 5 | import { defineConfig } from 'vitest/config' 6 | 7 | export default defineConfig({ 8 | test: { 9 | testTimeout: 10_000, 10 | hookTimeout: 10_000, 11 | }, 12 | }) 13 | -------------------------------------------------------------------------------- /packages/cli/src/commands/whoami/cmd-whoami.mts: -------------------------------------------------------------------------------- 1 | import { handleWhoami } from './handle-whoami.mts' 2 | 3 | export const CMD_NAME = 'whoami' 4 | 5 | const description = 'Check Socket CLI authentication status' 6 | 7 | const hidden = false 8 | 9 | export const cmdWhoami = { 10 | description, 11 | hidden, 12 | run: handleWhoami, 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-sea-node-version.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_SEA_NODE_VERSION environment variable snapshot. 3 | * Specifies the Node.js version to use for Single Executable Application (SEA) builds. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | export const SOCKET_CLI_SEA_NODE_VERSION = env['SOCKET_CLI_SEA_NODE_VERSION'] 9 | -------------------------------------------------------------------------------- /packages/sdk/.config/isolated-tests.json: -------------------------------------------------------------------------------- 1 | { 2 | "tests": [ 3 | "test/quota-utils-error-handling.test.mts", 4 | "test/json-parsing-edge-cases.test.mts", 5 | "test/getapi-sendapi-methods.test.mts", 6 | "test/socket-sdk-retry.test.mts", 7 | "test/entitlements.test.mts", 8 | "test/socket-sdk-batch.test.mts" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/node-auth-token.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * NODE_AUTH_TOKEN environment variable getter. 3 | * Authentication token for Node.js package registry access. 4 | */ 5 | 6 | import { getEnvValue } from '#env/rewire' 7 | 8 | export function getNodeAuthToken(): string | undefined { 9 | return getEnvValue('NODE_AUTH_TOKEN') 10 | } 11 | -------------------------------------------------------------------------------- /packages/sdk/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./.config/tsconfig.base.json", 3 | "compilerOptions": { 4 | "module": "esnext", 5 | "moduleResolution": "bundler", 6 | "outDir": "./dist", 7 | "rootDir": "./src", 8 | "noPropertyAccessFromIndexSignature": false, 9 | "noEmit": true 10 | }, 11 | "include": ["src/**/*.ts"] 12 | } 13 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-bootstrap-cache-dir.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_BOOTSTRAP_CACHE_DIR environment variable. 3 | * Cache directory path passed from bootstrap wrappers. 4 | */ 5 | 6 | import { getSocketCliBootstrapCacheDir } from '@socketsecurity/lib/env/socket-cli' 7 | 8 | export const SOCKET_CLI_BOOTSTRAP_CACHE_DIR = getSocketCliBootstrapCacheDir() 9 | -------------------------------------------------------------------------------- /packages/lib-internal/tsconfig.test.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.json", 3 | "compilerOptions": { 4 | "rootDir": ".", 5 | "types": ["node", "vitest"] 6 | }, 7 | "include": [ 8 | "test/**/*.ts", 9 | "test/**/*.mts", 10 | "src/**/*.ts", 11 | "vitest.config.ts" 12 | ], 13 | "exclude": ["node_modules", "dist/**/*"] 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/scripts/constants/versions.mjs: -------------------------------------------------------------------------------- 1 | /** @fileoverview Version and compatibility constants for Socket CLI. */ 2 | 3 | // Version string constant. 4 | export const LATEST = 'latest' 5 | 6 | // Maintained Node.js versions for testing and compatibility. 7 | // Re-export from registry if needed, or define here. 8 | export const maintainedNodeVersions = [18, 20, 22] 9 | -------------------------------------------------------------------------------- /packages/cli/src/env/disable-github-cache.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * DISABLE_GITHUB_CACHE environment variable snapshot. 3 | * Disables GitHub API caching in Socket CLI. 4 | */ 5 | 6 | import { env } from 'node:process' 7 | 8 | import { envAsBoolean } from '@socketsecurity/lib/env' 9 | 10 | export const DISABLE_GITHUB_CACHE = envAsBoolean(env['DISABLE_GITHUB_CACHE']) 11 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-bootstrap-spec.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_BOOTSTRAP_SPEC environment variable. 3 | * Package spec passed from bootstrap wrappers (e.g., @socketsecurity/cli@^2.0.11). 4 | */ 5 | 6 | import { getSocketCliBootstrapSpec } from '@socketsecurity/lib/env/socket-cli' 7 | 8 | export const SOCKET_CLI_BOOTSTRAP_SPEC = getSocketCliBootstrapSpec() 9 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/ci.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * CI environment variable getter. 3 | * Determines if code is running in a Continuous Integration environment. 4 | */ 5 | 6 | import { envAsBoolean } from '#env/helpers' 7 | import { getEnvValue } from '#env/rewire' 8 | 9 | export function getCI(): boolean { 10 | return envAsBoolean(getEnvValue('CI')) 11 | } 12 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/cdxgen/npm/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cdxgen-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for cdxgen command testing", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.21" 9 | }, 10 | "devDependencies": { 11 | "assert": "1.5.0" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/cdxgen/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cdxgen-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for cdxgen command testing", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.21" 9 | }, 10 | "devDependencies": { 11 | "assert": "1.5.0" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/pre-commit.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * PRE_COMMIT environment variable getter. 3 | * Whether running in a pre-commit hook context. 4 | */ 5 | 6 | import { envAsBoolean } from '#env/helpers' 7 | import { getEnvValue } from '#env/rewire' 8 | 9 | export function getPreCommit(): boolean { 10 | return envAsBoolean(getEnvValue('PRE_COMMIT')) 11 | } 12 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/cdxgen/pnpm/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cdxgen-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for cdxgen command testing", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.21" 9 | }, 10 | "devDependencies": { 11 | "assert": "1.5.0" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/cdxgen/yarn/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cdxgen-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for cdxgen command testing", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.21" 9 | }, 10 | "devDependencies": { 11 | "assert": "1.5.0" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /.config/esbuild-inject-import-meta.mjs: -------------------------------------------------------------------------------- 1 | /** 2 | * Polyfill for import.meta.url in CommonJS bundles. 3 | * This file is injected by esbuild's inject option. 4 | */ 5 | 6 | // Convert __filename to file:// URL format. 7 | export const __importMetaUrl = 8 | typeof __filename !== 'undefined' 9 | ? `file://${__filename.replace(/\\/g, '/')}` 10 | : 'file:///unknown' 11 | -------------------------------------------------------------------------------- /packages/cli/src/commands/install/handle-install-completion.mts: -------------------------------------------------------------------------------- 1 | import { outputInstallCompletion } from './output-install-completion.mts' 2 | import { setupTabCompletion } from './setup-tab-completion.mts' 3 | 4 | export async function handleInstallCompletion(targetName: string) { 5 | const result = await setupTabCompletion(targetName) 6 | await outputInstallCompletion(result) 7 | } 8 | -------------------------------------------------------------------------------- /packages/cli/.config/esbuild-inject-import-meta.mjs: -------------------------------------------------------------------------------- 1 | /** 2 | * Polyfill for import.meta.url in CommonJS bundles. 3 | * This file is injected by esbuild's inject option. 4 | */ 5 | 6 | // Convert __filename to file:// URL format. 7 | export const __importMetaUrl = 8 | typeof __filename !== 'undefined' 9 | ? `file://${__filename.replace(/\\/g, '/')}` 10 | : 'file:///unknown' 11 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/patch/npm/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "patch-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for patch command", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.20", 9 | "on-headers": "1.0.2" 10 | }, 11 | "devDependencies": { 12 | "axios": "1.3.2" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/optimize/pnpm/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "optimize-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for optimize command testing", 6 | "main": "index.js", 7 | "dependencies": { 8 | "gopd": "npm:@socketregistry/gopd@^1" 9 | }, 10 | "devDependencies": { 11 | "axios": "1.3.2" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/patch/pnpm/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "patch-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for patch command", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.20", 9 | "on-headers": "1.0.2" 10 | }, 11 | "devDependencies": { 12 | "axios": "1.3.2" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/patch/yarn/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "patch-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for patch command", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.20", 9 | "on-headers": "1.0.2" 10 | }, 11 | "devDependencies": { 12 | "axios": "1.3.2" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/src/commands/threat-feed/types.mts: -------------------------------------------------------------------------------- 1 | export interface ThreadFeedResponse { 2 | results: ThreatResult[] 3 | nextPage: string 4 | } 5 | 6 | export type ThreatResult = { 7 | createdAt: string 8 | description: string 9 | id: number 10 | locationHtmlUrl: string 11 | packageHtmlUrl: string 12 | purl: string 13 | removedAt: string | null 14 | threatType: string 15 | } 16 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/scan/reach/index.js: -------------------------------------------------------------------------------- 1 | const express = require('express') 2 | const lodash = require('lodash') 3 | 4 | const app = express() 5 | 6 | app.get('/', (req, res) => { 7 | const data = lodash.pick(req.query, ['name', 'age']) 8 | res.json(data) 9 | }) 10 | 11 | app.listen(3000, () => { 12 | console.log(`Test fixture ${__filename} running on port 3000`) 13 | }) 14 | -------------------------------------------------------------------------------- /packages/lib-internal/scripts/build-externals/stubs/encoding.cjs: -------------------------------------------------------------------------------- 1 | /** 2 | * Encoding/iconv-lite stub. 3 | * 4 | * These packages provide character encoding conversion (e.g., UTF-8 to Latin1). 5 | * We only work with UTF-8, so we stub them out to save ~100KB. 6 | * 7 | * Used by: make-fetch-happen, pacote (for legacy content-encoding) 8 | */ 9 | 'use strict' 10 | 11 | module.exports = {} 12 | -------------------------------------------------------------------------------- /packages/cli-with-sentry/.config/esbuild-inject-import-meta.mjs: -------------------------------------------------------------------------------- 1 | /** 2 | * Polyfill for import.meta.url in CommonJS bundles. 3 | * This file is injected by esbuild's inject option. 4 | */ 5 | 6 | // Convert __filename to file:// URL format. 7 | export const __importMetaUrl = 8 | typeof __filename !== 'undefined' 9 | ? `file://${__filename.replace(/\\/g, '/')}` 10 | : 'file:///unknown' 11 | -------------------------------------------------------------------------------- /packages/cli/src/constants/reporting.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Report level constants for security issue severity. 3 | */ 4 | 5 | export const FOLD_SETTING_VERSION = 'version' 6 | export const REPORT_LEVEL_DEFER = 'defer' 7 | export const REPORT_LEVEL_ERROR = 'error' 8 | export const REPORT_LEVEL_IGNORE = 'ignore' 9 | export const REPORT_LEVEL_MONITOR = 'monitor' 10 | export const REPORT_LEVEL_WARN = 'warn' 11 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/optimize/npm/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "optimize-test-fixture-npm", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for optimize command testing (npm)", 6 | "main": "index.js", 7 | "dependencies": { 8 | "gopd": "npm:@socketregistry/gopd@^1" 9 | }, 10 | "devDependencies": { 11 | "axios": "1.3.2" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/optimize/pnpm8/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "optimize-test-pnpm8", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for optimize command with pnpm v8", 6 | "main": "index.js", 7 | "dependencies": { 8 | "abab": "2.0.6", 9 | "pnpm": "^8.15.9" 10 | }, 11 | "devDependencies": { 12 | "axios": "1.3.2" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/optimize/pnpm9/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "optimize-test-pnpm9", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for optimize command with pnpm v9", 6 | "main": "index.js", 7 | "dependencies": { 8 | "abab": "2.0.6", 9 | "pnpm": "9.15.0" 10 | }, 11 | "devDependencies": { 12 | "axios": "1.3.2" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/scan/reach/npm/index.js: -------------------------------------------------------------------------------- 1 | const express = require('express') 2 | const lodash = require('lodash') 3 | 4 | const app = express() 5 | 6 | app.get('/', (req, res) => { 7 | const data = lodash.pick(req.query, ['name', 'age']) 8 | res.json(data) 9 | }) 10 | 11 | app.listen(3000, () => { 12 | console.log(`Test fixture ${__filename} running on port 3000`) 13 | }) 14 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/scan/reach/pnpm/index.js: -------------------------------------------------------------------------------- 1 | const express = require('express') 2 | const lodash = require('lodash') 3 | 4 | const app = express() 5 | 6 | app.get('/', (req, res) => { 7 | const data = lodash.pick(req.query, ['name', 'age']) 8 | res.json(data) 9 | }) 10 | 11 | app.listen(3000, () => { 12 | console.log(`Test fixture ${__filename} running on port 3000`) 13 | }) 14 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/scan/reach/yarn/index.js: -------------------------------------------------------------------------------- 1 | const express = require('express') 2 | const lodash = require('lodash') 3 | 4 | const app = express() 5 | 6 | app.get('/', (req, res) => { 7 | const data = lodash.pick(req.query, ['name', 'age']) 8 | res.json(data) 9 | }) 10 | 11 | app.listen(3000, () => { 12 | console.log(`Test fixture ${__filename} running on port 3000`) 13 | }) 14 | -------------------------------------------------------------------------------- /.env.example: -------------------------------------------------------------------------------- 1 | # Socket API key for e2e testing. 2 | # Get your API key from https://socket.dev/dashboard/settings 3 | SOCKET_SECURITY_API_KEY=your_api_key_here 4 | 5 | # Organization for local testing. 6 | SOCKET_CLI_ORG_SLUG=your_org_slug_here 7 | 8 | # Point to local depscan server for development. 9 | # Leave commented out to use production API. 10 | # SOCKET_CLI_API_BASE_URL=http://localhost:8866/v0 11 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: 'github-actions' 4 | directory: '/' 5 | schedule: 6 | interval: 'weekly' 7 | day: 'monday' 8 | cooldown: 9 | default-days: 7 10 | - package-ecosystem: 'npm' 11 | directory: '/' 12 | schedule: 13 | interval: 'weekly' 14 | day: 'monday' 15 | cooldown: 16 | default-days: 7 17 | -------------------------------------------------------------------------------- /packages/cli/src/constants/cache.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Caching, TTL, and timeout constants for Socket CLI. 3 | */ 4 | 5 | // Cache TTL (Time To Live) in milliseconds 6 | export const DLX_BINARY_CACHE_TTL = 7 * 24 * 60 * 60 * 1_000 // 7 days 7 | export const UPDATE_CHECK_TTL = 24 * 60 * 60 * 1_000 // 24 hours 8 | 9 | // Timeouts in milliseconds 10 | export const UPDATE_NOTIFIER_TIMEOUT = 10_000 // 10 seconds 11 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/optimize/yarn/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "optimize-test-fixture-yarn", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for optimize command testing (yarn)", 6 | "main": "index.js", 7 | "dependencies": { 8 | "gopd": "npm:@socketregistry/gopd@^1" 9 | }, 10 | "devDependencies": { 11 | "axios": "1.3.2" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/commands/organization/handle-quota.mts: -------------------------------------------------------------------------------- 1 | import { fetchQuota } from './fetch-quota.mts' 2 | import { outputQuota } from './output-quota.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleQuota( 7 | outputKind: OutputKind = 'text', 8 | ): Promise { 9 | const data = await fetchQuota() 10 | 11 | await outputQuota(data, outputKind) 12 | } 13 | -------------------------------------------------------------------------------- /packages/cli/src/commands/uninstall/handle-uninstall-completion.mts: -------------------------------------------------------------------------------- 1 | import { outputUninstallCompletion } from './output-uninstall-completion.mts' 2 | import { teardownTabCompletion } from './teardown-tab-completion.mts' 3 | 4 | export async function handleUninstallCompletion(targetName: string) { 5 | const result = await teardownTabCompletion(targetName) 6 | await outputUninstallCompletion(result, targetName) 7 | } 8 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/pnpm/vulnerable-deps/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "vulnerable-deps-test", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture with vulnerable dependencies", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.20", 9 | "on-headers": "1.0.2" 10 | }, 11 | "devDependencies": { 12 | "axios": "1.3.2" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/test/stubs/cve-to-ghsa-stub.mts: -------------------------------------------------------------------------------- 1 | // Simple synchronous function for testing compatibility. 2 | export function cveToGhsa(cveId: string): string | undefined { 3 | if (!cveId || typeof cveId !== 'string') { 4 | return undefined 5 | } 6 | // This is a stub for testing - real implementation needs API call. 7 | // Return undefined for now to match test expectations. 8 | return undefined 9 | } 10 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/handle-scan-config.mts: -------------------------------------------------------------------------------- 1 | import { outputScanConfigResult } from './output-scan-config-result.mts' 2 | import { setupScanConfig } from './setup-scan-config.mts' 3 | 4 | export async function handleScanConfig( 5 | cwd: string, 6 | defaultOnReadError = false, 7 | ) { 8 | const result = await setupScanConfig(cwd, defaultOnReadError) 9 | 10 | await outputScanConfigResult(result) 11 | } 12 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/yarn/minimal/yarn.lock: -------------------------------------------------------------------------------- 1 | # This file is generated by running "yarn install" inside your project. 2 | # Manual changes might be lost - proceed with caution! 3 | 4 | __metadata: 5 | version: 8 6 | cacheKey: 10c0 7 | 8 | "test-yarn-minimal@workspace:.": 9 | version: 0.0.0-use.local 10 | resolution: "test-yarn-minimal@workspace:." 11 | languageName: unknown 12 | linkType: soft 13 | -------------------------------------------------------------------------------- /packages/cli/src/constants/config.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Configuration key constants for Socket CLI settings. 3 | */ 4 | 5 | export const CONFIG_KEY_API_BASE_URL = 'apiBaseUrl' 6 | export const CONFIG_KEY_API_PROXY = 'apiProxy' 7 | export const CONFIG_KEY_API_TOKEN = 'apiToken' 8 | export const CONFIG_KEY_DEFAULT_ORG = 'defaultOrg' 9 | export const CONFIG_KEY_ENFORCED_ORGS = 'enforcedOrgs' 10 | export const CONFIG_KEY_ORG = 'org' 11 | -------------------------------------------------------------------------------- /packages/cli/src/utils/error/fail-msg-with-badge.mts: -------------------------------------------------------------------------------- 1 | import colors from 'yoctocolors-cjs' 2 | 3 | export function failMsgWithBadge( 4 | badge: string, 5 | message: string | undefined, 6 | ): string { 7 | const prefix = colors.bgRedBright( 8 | colors.bold(colors.red(` ${badge}${message ? ': ' : ''}`)), 9 | ) 10 | const postfix = message ? ` ${colors.bold(message)}` : '' 11 | return `${prefix}${postfix}` 12 | } 13 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/npm/vulnerable-deps/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "vulnerable-deps-test-npm", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture with vulnerable dependencies (npm)", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.20", 9 | "on-headers": "1.0.2" 10 | }, 11 | "devDependencies": { 12 | "axios": "1.3.2" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/yarn/vulnerable-deps/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "vulnerable-deps-test-yarn", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture with vulnerable dependencies (yarn)", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.20", 9 | "on-headers": "1.0.2" 10 | }, 11 | "devDependencies": { 12 | "axios": "1.3.2" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /packages/lib-internal/.config/knip.json: -------------------------------------------------------------------------------- 1 | { 2 | "entry": [ 3 | "perf/npm/json-stable-stringify.perf.ts", 4 | "registry/index.js", 5 | "registry/constants/index.js", 6 | "scripts/**/*.{js,ts}", 7 | "src/**/*.ts", 8 | "test/**/*.ts", 9 | "*.js" 10 | ], 11 | "project": ["perf/**", "registry/**", "scripts/**", "src/**", "test/**"], 12 | "ignore": ["packages/**", "test/npm/packages/**"] 13 | } 14 | -------------------------------------------------------------------------------- /packages/sdk/.config/tsconfig.check.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.base.json", 3 | "compilerOptions": { 4 | "module": "esnext", 5 | "moduleResolution": "bundler", 6 | "noEmit": true, 7 | "skipLibCheck": true, 8 | "types": ["vitest/globals", "node"], 9 | "verbatimModuleSyntax": false 10 | }, 11 | "include": ["../**/*.ts", "../**/*.mts"], 12 | "exclude": ["../**/node_modules/**/*"] 13 | } 14 | -------------------------------------------------------------------------------- /packages/lib-internal/.config/tsconfig.check.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../tsconfig.json", 3 | "compilerOptions": { 4 | "noEmit": true, 5 | "rootDir": "..", 6 | "types": ["node", "vitest"], 7 | "skipLibCheck": true, 8 | "strict": false, 9 | "noImplicitAny": false 10 | }, 11 | "include": ["../src/**/*.ts", "../test/**/*.ts", "../test/**/*.mts"], 12 | "exclude": ["../node_modules", "../dist/**/*"] 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/commands/manifest/handle-manifest-setup.mts: -------------------------------------------------------------------------------- 1 | import { outputManifestSetup } from './output-manifest-setup.mts' 2 | import { setupManifestConfig } from './setup-manifest-config.mts' 3 | 4 | export async function handleManifestSetup( 5 | cwd: string, 6 | defaultOnReadError: boolean, 7 | ): Promise { 8 | const result = await setupManifestConfig(cwd, defaultOnReadError) 9 | 10 | await outputManifestSetup(result) 11 | } 12 | -------------------------------------------------------------------------------- /packages/cli/src/constants/github.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * GitHub and GraphQL constants specific to Socket CLI. 3 | */ 4 | 5 | // GraphQL Pagination 6 | export const GQL_PAGE_SENTINEL = 100 7 | 8 | // GraphQL PR States 9 | export const GQL_PR_STATE_CLOSED = 'CLOSED' 10 | export const GQL_PR_STATE_MERGED = 'MERGED' 11 | export const GQL_PR_STATE_OPEN = 'OPEN' 12 | 13 | // Socket CLI GitHub Repository 14 | export const SOCKET_CLI_GITHUB_REPO = 'socket-cli' 15 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/manifest/conda/environment.yml: -------------------------------------------------------------------------------- 1 | name: my_stuff 2 | 3 | channels: 4 | - conda-thing 5 | - defaults 6 | dependencies: 7 | - python=3.8 8 | - pandas=1.3.4 9 | - numpy=1.19.0 10 | - scipy 11 | - mkl-service 12 | - libpython 13 | - m2w64-toolchain 14 | - pytest 15 | - requests 16 | - pip 17 | - pip: 18 | - qgrid==1.3.0 19 | - mplstereonet 20 | - pyqt5 21 | - gempy==2.1.0 22 | -------------------------------------------------------------------------------- /packages/lib-internal/src/constants/platform.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Platform detection and OS-specific constants. 3 | */ 4 | 5 | import { platform } from 'os' 6 | 7 | // Platform detection. 8 | const _platform = platform() 9 | export const DARWIN = _platform === 'darwin' 10 | export const WIN32 = _platform === 'win32' 11 | 12 | // File permission modes. 13 | export const S_IXUSR = 0o100 14 | export const S_IXGRP = 0o010 15 | export const S_IXOTH = 0o001 16 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-git-user-email.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_GIT_USER_EMAIL environment variable snapshot. 3 | * Overrides git user email for Socket CLI operations. 4 | * Falls back to 'github-actions[bot]@users.noreply.github.com' if not set. 5 | */ 6 | 7 | import { env } from 'node:process' 8 | 9 | export const SOCKET_CLI_GIT_USER_EMAIL = 10 | env['SOCKET_CLI_GIT_USER_EMAIL'] || 11 | 'github-actions[bot]@users.noreply.github.com' 12 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/scan/reach/npm/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "reach-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for reachability analysis", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.21", 9 | "express": "4.18.2", 10 | "axios": "1.4.0" 11 | }, 12 | "devDependencies": { 13 | "typescript": "5.0.4", 14 | "jest": "29.5.0" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/scan/reach/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "reach-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for reachability analysis", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.21", 9 | "express": "4.18.2", 10 | "axios": "1.4.0" 11 | }, 12 | "devDependencies": { 13 | "typescript": "5.0.4", 14 | "jest": "29.5.0" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/scan/reach/pnpm/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "reach-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for reachability analysis", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.21", 9 | "express": "4.18.2", 10 | "axios": "1.4.0" 11 | }, 12 | "devDependencies": { 13 | "typescript": "5.0.4", 14 | "jest": "29.5.0" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/scan/reach/yarn/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "reach-test-fixture", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "Test fixture for reachability analysis", 6 | "main": "index.js", 7 | "dependencies": { 8 | "lodash": "4.17.21", 9 | "express": "4.18.2", 10 | "axios": "1.4.0" 11 | }, 12 | "devDependencies": { 13 | "typescript": "5.0.4", 14 | "jest": "29.5.0" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /packages/sdk/src/types/registry.d.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Type declarations for @socketsecurity/lib when using local builds. 3 | * These declarations suppress module resolution errors during development. 4 | * At runtime, the Node.js loader resolves these imports correctly. 5 | */ 6 | 7 | // Declare the registry module and all its subpaths as valid modules 8 | declare module '@socketsecurity/lib/constants/*' 9 | declare module '@socketsecurity/lib/*' 10 | -------------------------------------------------------------------------------- /.env.local.example: -------------------------------------------------------------------------------- 1 | NODE_COMPILE_CACHE="./.cache" 2 | NODE_OPTIONS="--max-old-space-size=8192 --max-semi-space-size=1024" 3 | 4 | # Local depscan API server configuration 5 | # Uncomment to test against local depscan API server (port 8866) 6 | # Start server with: cd ../depscan/workspaces/api-v0 && pnpm test 7 | # SOCKET_CLI_API_BASE_URL=http://localhost:8866 8 | 9 | # Optional: Set a test API token for local testing 10 | # SOCKET_CLI_API_TOKEN=sktsec_test_xxxxx 11 | -------------------------------------------------------------------------------- /packages/cli/scripts/load.mjs: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Deprecated - use register.mjs instead. 3 | * 4 | * This file is kept for backward compatibility but should not be used. 5 | * Use register.mjs with --import flag instead. 6 | * 7 | * New usage: 8 | * node --import=./scripts/register.mjs script.mjs 9 | * 10 | * Wrapper usage (recommended): 11 | * node scripts/load script-name 12 | */ 13 | 14 | export { resolve } from './utils/alias-loader.mjs' 15 | -------------------------------------------------------------------------------- /packages/lib-internal/src/constants/encoding.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Character encodings and character codes. 3 | */ 4 | 5 | // Encoding. 6 | export const UTF8 = 'utf8' 7 | 8 | // Character codes. 9 | export const CHAR_BACKWARD_SLASH = 92 10 | export const CHAR_COLON = 58 11 | export const CHAR_FORWARD_SLASH = 47 12 | export const CHAR_LOWERCASE_A = 97 13 | export const CHAR_LOWERCASE_Z = 122 14 | export const CHAR_UPPERCASE_A = 65 15 | export const CHAR_UPPERCASE_Z = 90 16 | -------------------------------------------------------------------------------- /packages/cli/src/types/chalk-table.d.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Type declarations for chalk-table module. 3 | */ 4 | 5 | declare module 'chalk-table' { 6 | interface TableOptions { 7 | columns?: Array<{ 8 | field: string 9 | name?: string 10 | }> 11 | leftPad?: number 12 | intersectionCharacter?: string 13 | } 14 | 15 | function chalkTable(options: TableOptions | null, data: any[]): string 16 | 17 | export = chalkTable 18 | } 19 | -------------------------------------------------------------------------------- /packages/cli/src/types/registry.d.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Type declarations for @socketsecurity/registry when using local builds. 3 | * These declarations suppress module resolution errors during development. 4 | * At runtime, the Node.js loader resolves these imports correctly. 5 | */ 6 | 7 | // Declare the registry module and all its subpaths as valid modules 8 | declare module '@socketsecurity/lib/constants/*' 9 | declare module '@socketsecurity/registry/*' 10 | -------------------------------------------------------------------------------- /.config/tsconfig.external-aliases.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.check.json", 3 | "compilerOptions": { 4 | "paths": { 5 | "@socketsecurity/lib": ["../socket-lib/dist/index.d.ts"], 6 | "@socketsecurity/lib/*": ["../socket-lib/dist/*"], 7 | "@socketsecurity/registry": [ 8 | "../socket-registry/registry/dist/index.d.ts" 9 | ], 10 | "@socketsecurity/registry/*": ["../socket-registry/registry/dist/*"] 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /packages/lib-internal/.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | ._.DS_Store 3 | Thumbs.db 4 | /.claude 5 | /.env 6 | /.env.local 7 | /.env.*.local 8 | /.pnpmfile.cjs 9 | /.nvm 10 | /.type-coverage 11 | /.vscode 12 | /npm-debug.log 13 | /yarn.lock 14 | 15 | # Editor files 16 | *.swp 17 | *.swo 18 | #*# 19 | .#* 20 | **/.cache 21 | **/coverage 22 | **/dist 23 | **/html 24 | **/node_modules 25 | **/*.tgz 26 | **/*.tmp 27 | **/*.tsbuildinfo 28 | 29 | # Allow specific files 30 | !/.vscode/settings.json 31 | -------------------------------------------------------------------------------- /.github/workflows/claude-auto-review.yml: -------------------------------------------------------------------------------- 1 | name: 🤖 Claude Auto Review 2 | 3 | on: 4 | pull_request: 5 | types: [opened] 6 | workflow_dispatch: 7 | 8 | permissions: 9 | contents: read 10 | id-token: write 11 | pull-requests: read 12 | 13 | jobs: 14 | auto-review: 15 | uses: SocketDev/socket-registry/.github/workflows/claude-auto-review.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main 16 | secrets: 17 | anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} 18 | -------------------------------------------------------------------------------- /packages/cli/src/env/socket-cli-git-user-name.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * SOCKET_CLI_GIT_USER_NAME environment variable snapshot. 3 | * Overrides git user name for Socket CLI operations. 4 | * Checks SOCKET_CLI_GIT_USER_NAME, SOCKET_CLI_GIT_USERNAME, then falls back to 'github-actions[bot]'. 5 | */ 6 | 7 | import { env } from 'node:process' 8 | 9 | export const SOCKET_CLI_GIT_USER_NAME = 10 | env['SOCKET_CLI_GIT_USER_NAME'] || 11 | env['SOCKET_CLI_GIT_USERNAME'] || 12 | 'github-actions[bot]' 13 | -------------------------------------------------------------------------------- /packages/sdk/.config/tsconfig.dts.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.base.json", 3 | "compilerOptions": { 4 | "declaration": true, 5 | "declarationMap": false, 6 | "emitDeclarationOnly": true, 7 | "module": "esnext", 8 | "moduleResolution": "bundler", 9 | "outDir": "../dist", 10 | "rootDir": "../src", 11 | "noPropertyAccessFromIndexSignature": false, 12 | "skipLibCheck": true 13 | }, 14 | "include": ["../src/**/*.ts", "../types/**/*.ts"] 15 | } 16 | -------------------------------------------------------------------------------- /packages/cli/src/commands/repository/handle-view-repo.mts: -------------------------------------------------------------------------------- 1 | import { fetchViewRepo } from './fetch-view-repo.mts' 2 | import { outputViewRepo } from './output-view-repo.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleViewRepo( 7 | orgSlug: string, 8 | repoName: string, 9 | outputKind: OutputKind, 10 | ): Promise { 11 | const data = await fetchViewRepo(orgSlug, repoName) 12 | 13 | await outputViewRepo(data, outputKind) 14 | } 15 | -------------------------------------------------------------------------------- /packages/sdk/.config/tsconfig.check.local.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.check.json", 3 | "compilerOptions": { 4 | "paths": { 5 | "@socketsecurity/lib": ["../../socket-lib/dist/index.d.ts"], 6 | "@socketsecurity/lib/*": ["../../socket-lib/dist/*"], 7 | "@socketsecurity/registry": [ 8 | "../../socket-registry/registry/dist/index.d.ts" 9 | ], 10 | "@socketsecurity/registry/*": ["../../socket-registry/registry/dist/*"] 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/commands/organization/handle-license-policy.mts: -------------------------------------------------------------------------------- 1 | import { fetchLicensePolicy } from './fetch-license-policy.mts' 2 | import { outputLicensePolicy } from './output-license-policy.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleLicensePolicy( 7 | orgSlug: string, 8 | outputKind: OutputKind, 9 | ): Promise { 10 | const data = await fetchLicensePolicy(orgSlug) 11 | 12 | await outputLicensePolicy(data, outputKind) 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/commands/repository/handle-delete-repo.mts: -------------------------------------------------------------------------------- 1 | import { fetchDeleteRepo } from './fetch-delete-repo.mts' 2 | import { outputDeleteRepo } from './output-delete-repo.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleDeleteRepo( 7 | orgSlug: string, 8 | repoName: string, 9 | outputKind: OutputKind, 10 | ) { 11 | const data = await fetchDeleteRepo(orgSlug, repoName) 12 | 13 | await outputDeleteRepo(data, repoName, outputKind) 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/src/utils/data/walk-nested-map.mts: -------------------------------------------------------------------------------- 1 | type NestedMap = Map> 2 | 3 | export function* walkNestedMap( 4 | map: NestedMap, 5 | keys: string[] = [], 6 | ): Generator<{ keys: string[]; value: T }> { 7 | for (const { 0: key, 1: value } of map.entries()) { 8 | if (value instanceof Map) { 9 | yield* walkNestedMap(value as NestedMap, [...keys, key]) 10 | } else { 11 | yield { keys: [...keys, key], value: value } 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /.husky/pre-commit: -------------------------------------------------------------------------------- 1 | # Optional checks - can be bypassed with --no-verify for fast local commits. 2 | # Mandatory security checks run in pre-push hook. 3 | 4 | if [ -z "${DISABLE_PRECOMMIT_LINT}" ]; then 5 | pnpm lint --staged 6 | else 7 | echo "Skipping lint due to DISABLE_PRECOMMIT_LINT env var" 8 | fi 9 | 10 | if [ -z "${DISABLE_PRECOMMIT_TEST}" ]; then 11 | dotenvx -q run -f .env.precommit -- pnpm test --staged 12 | else 13 | echo "Skipping testing due to DISABLE_PRECOMMIT_TEST env var" 14 | fi 15 | -------------------------------------------------------------------------------- /packages/cli/src/commands/organization/handle-security-policy.mts: -------------------------------------------------------------------------------- 1 | import { fetchSecurityPolicy } from './fetch-security-policy.mts' 2 | import { outputSecurityPolicy } from './output-security-policy.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleSecurityPolicy( 7 | orgSlug: string, 8 | outputKind: OutputKind, 9 | ): Promise { 10 | const data = await fetchSecurityPolicy(orgSlug) 11 | 12 | await outputSecurityPolicy(data, outputKind) 13 | } 14 | -------------------------------------------------------------------------------- /packages/lib-internal/scripts/build-externals/stubs/throw.cjs: -------------------------------------------------------------------------------- 1 | /** 2 | * Throw stub - errors if called. 3 | * Used for dependencies that should never be reached in production. 4 | * Helps catch bugs if accidentally called. 5 | */ 6 | 'use strict' 7 | 8 | function throwStub(moduleName) { 9 | throw new Error( 10 | `Module '${moduleName}' is stubbed and should not be called. ` + 11 | 'This is likely a bundling error or unexpected code path.', 12 | ) 13 | } 14 | 15 | module.exports = throwStub 16 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/optimize/npm/package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "optimize-test-fixture-npm", 3 | "version": "1.0.0", 4 | "lockfileVersion": 3, 5 | "requires": true, 6 | "packages": { 7 | "": { 8 | "name": "optimize-test-fixture-npm", 9 | "version": "1.0.0", 10 | "license": "ISC", 11 | "dependencies": { 12 | "gopd": "npm:@socketregistry/gopd@^1" 13 | }, 14 | "devDependencies": { 15 | "axios": "1.3.2" 16 | } 17 | } 18 | } 19 | } -------------------------------------------------------------------------------- /packages/cli/src/utils/data/objects.mts: -------------------------------------------------------------------------------- 1 | export function createEnum>( 2 | obj: T, 3 | ): Readonly { 4 | return Object.freeze({ __proto__: null, ...obj }) as any 5 | } 6 | 7 | export function pick, K extends keyof T>( 8 | input: T, 9 | keys: K[] | readonly K[], 10 | ): Pick { 11 | const result: Partial> = {} 12 | for (const key of keys) { 13 | result[key] = input[key] 14 | } 15 | return result as Pick 16 | } 17 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/handle-delete-scan.mts: -------------------------------------------------------------------------------- 1 | import { fetchDeleteOrgFullScan } from './fetch-delete-org-full-scan.mts' 2 | import { outputDeleteScan } from './output-delete-scan.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleDeleteScan( 7 | orgSlug: string, 8 | scanId: string, 9 | outputKind: OutputKind, 10 | ): Promise { 11 | const data = await fetchDeleteOrgFullScan(orgSlug, scanId) 12 | 13 | await outputDeleteScan(data, outputKind) 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/handle-scan-metadata.mts: -------------------------------------------------------------------------------- 1 | import { fetchScanMetadata } from './fetch-scan-metadata.mts' 2 | import { outputScanMetadata } from './output-scan-metadata.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleOrgScanMetadata( 7 | orgSlug: string, 8 | scanId: string, 9 | outputKind: OutputKind, 10 | ): Promise { 11 | const data = await fetchScanMetadata(orgSlug, scanId) 12 | 13 | await outputScanMetadata(data, scanId, outputKind) 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/handle-scan-view.mts: -------------------------------------------------------------------------------- 1 | import { fetchScan } from './fetch-scan.mts' 2 | import { outputScanView } from './output-scan-view.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleScanView( 7 | orgSlug: string, 8 | scanId: string, 9 | filePath: string, 10 | outputKind: OutputKind, 11 | ): Promise { 12 | const data = await fetchScan(orgSlug, scanId) 13 | 14 | await outputScanView(data, orgSlug, scanId, filePath, outputKind) 15 | } 16 | -------------------------------------------------------------------------------- /packages/cli/src/commands/logout/apply-logout.mts: -------------------------------------------------------------------------------- 1 | import { 2 | CONFIG_KEY_API_BASE_URL, 3 | CONFIG_KEY_API_PROXY, 4 | CONFIG_KEY_API_TOKEN, 5 | CONFIG_KEY_ENFORCED_ORGS, 6 | } from '../../constants/config.mts' 7 | import { updateConfigValue } from '../../utils/config.mts' 8 | 9 | export function applyLogout() { 10 | updateConfigValue(CONFIG_KEY_API_TOKEN, null) 11 | updateConfigValue(CONFIG_KEY_API_BASE_URL, null) 12 | updateConfigValue(CONFIG_KEY_API_PROXY, null) 13 | updateConfigValue(CONFIG_KEY_ENFORCED_ORGS, null) 14 | } 15 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/npm/vulnerable-deps/package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "vulnerable-deps-test-npm", 3 | "version": "1.0.0", 4 | "lockfileVersion": 3, 5 | "requires": true, 6 | "packages": { 7 | "": { 8 | "name": "vulnerable-deps-test-npm", 9 | "version": "1.0.0", 10 | "license": "ISC", 11 | "dependencies": { 12 | "lodash": "4.17.20", 13 | "on-headers": "1.0.2" 14 | }, 15 | "devDependencies": { 16 | "axios": "1.3.2" 17 | } 18 | } 19 | } 20 | } -------------------------------------------------------------------------------- /packages/lib-internal/src/constants/typescript.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * TypeScript availability and type system checks. 3 | */ 4 | 5 | // TypeScript types/libs availability. 6 | export function getTsTypesAvailable(): boolean { 7 | try { 8 | require.resolve('typescript/lib/lib.d.ts') 9 | return true 10 | } catch { 11 | return false 12 | } 13 | } 14 | 15 | export function getTsLibsAvailable(): boolean { 16 | try { 17 | require.resolve('typescript/lib') 18 | return true 19 | } catch { 20 | return false 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /packages/cli/.env.e2e: -------------------------------------------------------------------------------- 1 | # E2E Test Environment Configuration 2 | # Used by all e2e tests (js, sea, smol, all) 3 | # The e2e.mjs script sets TEST_*_BINARY flags dynamically 4 | 5 | NODE_COMPILE_CACHE="./.cache" 6 | NODE_OPTIONS="--max-old-space-size=2048 --unhandled-rejections=warn" 7 | VITEST=1 8 | 9 | # Points to local @socketsecurity/cli JS dist 10 | SOCKET_CLI_JS_PATH="./dist/cli.js" 11 | 12 | # Enable E2E tests (requires Socket API token) 13 | RUN_E2E_TESTS=1 14 | 15 | # Note: TEST_SEA_BINARY and TEST_SMOL_BINARY are set by scripts/e2e.mjs 16 | -------------------------------------------------------------------------------- /patches/brace-expansion@2.0.2.patch: -------------------------------------------------------------------------------- 1 | diff --git a/index.js b/index.js 2 | index a27f81ce041e7cf9b7dd9d95533813527f918fb6..daa176639b8449966dc295b298bbe08366b88869 100644 3 | --- a/index.js 4 | +++ b/index.js 5 | @@ -104,7 +104,7 @@ function expand(str, isTop) { 6 | ? expand(m.post, false) 7 | : ['']; 8 | 9 | - if (/\$$/.test(m.pre)) { 10 | + if (m.pre.endsWith('\u0024' /*'$'*/)) { 11 | for (var k = 0; k < post.length; k++) { 12 | var expansion = pre+ '{' + m.body + '}' + post[k]; 13 | expansions.push(expansion); 14 | -------------------------------------------------------------------------------- /packages/cli/src/commands/config/handle-config-get.mts: -------------------------------------------------------------------------------- 1 | import { outputConfigGet } from './output-config-get.mts' 2 | import { getConfigValue } from '../../utils/config.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | import type { LocalConfig } from '../../utils/config.mts' 6 | 7 | export async function handleConfigGet({ 8 | key, 9 | outputKind, 10 | }: { 11 | key: keyof LocalConfig 12 | outputKind: OutputKind 13 | }) { 14 | const result = getConfigValue(key) 15 | 16 | await outputConfigGet(key, result, outputKind) 17 | } 18 | -------------------------------------------------------------------------------- /packages/cli/src/constants/http.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * HTTP status code constants and registry URLs. 3 | */ 4 | 5 | // Re-export NPM registry URL from registry for backward compatibility. 6 | export { NPM_REGISTRY_URL } from '@socketsecurity/lib/constants/agents' 7 | 8 | export const HTTP_STATUS_BAD_REQUEST = 400 9 | export const HTTP_STATUS_UNAUTHORIZED = 401 10 | export const HTTP_STATUS_FORBIDDEN = 403 11 | export const HTTP_STATUS_NOT_FOUND = 404 12 | export const HTTP_STATUS_TOO_MANY_REQUESTS = 429 13 | export const HTTP_STATUS_INTERNAL_SERVER_ERROR = 500 14 | -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./.config/tsconfig.base.json", 3 | "include": ["src/**/*.mts", "src/**/*.d.ts"], 4 | "exclude": [ 5 | "src/**/*.test.mts", 6 | "src/**/*.tsx", 7 | "src/commands/analytics/output-analytics.mts", 8 | "src/commands/audit-log/output-audit-log.mts", 9 | "src/commands/threat-feed/output-threat-feed.mts", 10 | "build/**", 11 | "binaries/**", 12 | "dist/**", 13 | "external/**", 14 | ".cache/**", 15 | ".claude/**", 16 | "node_modules/**", 17 | "pkg-binaries/**" 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /packages/cli/src/env/cli-name.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * CLI name getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding build metadata into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | export function getCliName(): string { 12 | return process.env['INLINED_SOCKET_CLI_NAME']! 13 | } 14 | -------------------------------------------------------------------------------- /packages/sdk/scripts/utils/path-helpers.mjs: -------------------------------------------------------------------------------- 1 | /** @fileoverview Path utility helpers for script operations. */ 2 | import path from 'node:path' 3 | import { fileURLToPath } from 'node:url' 4 | 5 | /** 6 | * Get directory name from import.meta.url. 7 | */ 8 | export function getDirname(importMetaUrl) { 9 | return path.dirname(fileURLToPath(importMetaUrl)) 10 | } 11 | 12 | /** 13 | * Get root directory path from current script location. 14 | */ 15 | export function getRootPath(importMetaUrl) { 16 | return path.join(getDirname(importMetaUrl), '..') 17 | } 18 | -------------------------------------------------------------------------------- /packages/lib-internal/src/constants/time.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Time-related constants including cache TTLs and timeouts. 3 | */ 4 | 5 | // Time unit multipliers (milliseconds). 6 | export const MILLISECONDS_PER_SECOND = 1000 7 | export const MILLISECONDS_PER_MINUTE = 60 * MILLISECONDS_PER_SECOND 8 | export const MILLISECONDS_PER_HOUR = 60 * MILLISECONDS_PER_MINUTE 9 | export const MILLISECONDS_PER_DAY = 24 * MILLISECONDS_PER_HOUR 10 | 11 | // Cache TTL values. 12 | // DLX binary cache expires after 7 days. 13 | export const DLX_BINARY_CACHE_TTL = 7 * MILLISECONDS_PER_DAY 14 | -------------------------------------------------------------------------------- /packages/cli/src/env/cli-version.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * CLI version getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding version info into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | export function getCliVersion(): string { 12 | return process.env['INLINED_SOCKET_CLI_VERSION']! 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/external/ink-table.mjs: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview ink-table wrapper for proper ESM/CommonJS interop. 3 | * 4 | * ink-table is a CommonJS module that needs special handling with 5 | * verbatimModuleSyntax to work properly in TypeScript ESM. 6 | * tsx files are treated as CommonJS by tsgo without package.json type:module. 7 | */ 8 | 9 | // @ts-ignore - tsx files treated as CJS by tsgo without package.json type:module 10 | import InkTableCJS from 'ink-table' 11 | 12 | export default InkTableCJS 13 | export const { Cell, Header, Skeleton } = InkTableCJS 14 | -------------------------------------------------------------------------------- /packages/cli/src/env/cli-homepage.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * CLI homepage getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding build metadata into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | export function getCliHomepage(): string { 12 | return process.env['INLINED_SOCKET_CLI_HOMEPAGE']! 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/env/synp-version.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Synp version getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding version info into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | export function getSynpVersion(): string { 12 | return process.env['INLINED_SOCKET_CLI_SYNP_VERSION']! 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/commands/config/handle-config-auto.mts: -------------------------------------------------------------------------------- 1 | import { discoverConfigValue } from './discover-config-value.mts' 2 | import { outputConfigAuto } from './output-config-auto.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | import type { LocalConfig } from '../../utils/config.mts' 6 | 7 | export async function handleConfigAuto({ 8 | key, 9 | outputKind, 10 | }: { 11 | key: keyof LocalConfig 12 | outputKind: OutputKind 13 | }) { 14 | const result = await discoverConfigValue(key) 15 | 16 | await outputConfigAuto(key, result, outputKind) 17 | } 18 | -------------------------------------------------------------------------------- /packages/cli/src/env/coana-version.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Coana version getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding version info into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | export function getCoanaVersion(): string { 12 | return process.env['INLINED_SOCKET_CLI_COANA_VERSION']! 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/env/pycli-version.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * PyCLI version getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding version info into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | export function getPyCliVersion(): string { 12 | return process.env['INLINED_SOCKET_CLI_PYCLI_VERSION']! 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/commands/config/handle-config-unset.mts: -------------------------------------------------------------------------------- 1 | import { outputConfigUnset } from './output-config-unset.mts' 2 | import { updateConfigValue } from '../../utils/config.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | import type { LocalConfig } from '../../utils/config.mts' 6 | 7 | export async function handleConfigUnset({ 8 | key, 9 | outputKind, 10 | }: { 11 | key: keyof LocalConfig 12 | outputKind: OutputKind 13 | }) { 14 | const updateResult = updateConfigValue(key, undefined) 15 | 16 | await outputConfigUnset(updateResult, outputKind) 17 | } 18 | -------------------------------------------------------------------------------- /packages/cli/src/env/cli-version-hash.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * CLI version hash getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding version info into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | export function getCliVersionHash(): string { 12 | return process.env['INLINED_SOCKET_CLI_VERSION_HASH']! 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/env/python-version.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Python version getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding version info into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | export function getPythonVersion(): string { 12 | return process.env['INLINED_SOCKET_CLI_PYTHON_VERSION']! 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/commands/self-update/cmd-self-update.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Self-update command for SEA binaries. 3 | * 4 | * This command is hidden when not running as a SEA binary and provides 5 | * automatic update functionality for self-contained executables. 6 | */ 7 | 8 | import { handleSelfUpdate } from './handle-self-update.mts' 9 | 10 | export const CMD_NAME = 'self-update' 11 | 12 | const description = 'Update Socket CLI to the latest version' 13 | const hidden = true 14 | 15 | export const cmdSelfUpdate = { 16 | description, 17 | hidden, 18 | run: handleSelfUpdate, 19 | } 20 | -------------------------------------------------------------------------------- /packages/cli/src/utils/data/map-to-object.mts: -------------------------------------------------------------------------------- 1 | interface NestedRecord { 2 | [key: string]: T | NestedRecord 3 | } 4 | 5 | /** 6 | * Convert a Map to a nested object of similar shape. 7 | * The goal is to serialize it with JSON.stringify, which Map can't do. 8 | */ 9 | export function mapToObject( 10 | map: Map>>, 11 | ): NestedRecord { 12 | return Object.fromEntries( 13 | Array.from(map.entries()).map(([k, v]) => [ 14 | k, 15 | v instanceof Map ? mapToObject(v) : v, 16 | ]), 17 | ) 18 | } 19 | -------------------------------------------------------------------------------- /packages/cli/src/constants/types.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Type definitions for constants module. 3 | */ 4 | 5 | import type ENV from './env.mts' 6 | 7 | // Re-export platform constants from registry 8 | export { WIN32 } from '@socketsecurity/lib/constants/platform' 9 | export type { Remap } from '@socketsecurity/lib/objects' 10 | export type { SpawnOptions } from '@socketsecurity/lib/spawn' 11 | export type { Agent } from '../utils/ecosystem/environment.mjs' 12 | 13 | export type RegistryEnv = typeof ENV 14 | 15 | export type ProcessEnv = { 16 | [K in keyof typeof ENV]?: string | undefined 17 | } 18 | -------------------------------------------------------------------------------- /packages/cli/src/env/cdxgen-version.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * CDXGen version getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding version info into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | export function getCdxgenVersion(): string { 12 | return process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION']! 13 | } 14 | -------------------------------------------------------------------------------- /packages/cli/src/env/python-build-tag.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Python build tag getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding build metadata into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | export function getPythonBuildTag(): string { 12 | return process.env['INLINED_SOCKET_CLI_PYTHON_BUILD_TAG']! 13 | } 14 | -------------------------------------------------------------------------------- /vitest.e2e.config.mts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config' 2 | 3 | export default defineConfig({ 4 | resolve: { 5 | preserveSymlinks: false, 6 | }, 7 | test: { 8 | include: ['**/*-e2e.test.mts'], 9 | coverage: { 10 | exclude: [ 11 | '**/{eslint,vitest}.config.*', 12 | '**/node_modules/**', 13 | '**/[.]**', 14 | '**/*.d.mts', 15 | '**/virtual:*', 16 | 'coverage/**', 17 | 'dist/**', 18 | 'scripts/**', 19 | 'src/**/types.mts', 20 | 'test/**', 21 | ], 22 | }, 23 | }, 24 | }) 25 | -------------------------------------------------------------------------------- /patches/string_decoder@0.10.31.patch: -------------------------------------------------------------------------------- 1 | diff --git a/index.js b/index.js 2 | index b00e54fb7909827a02b6fa96ef55bd4dd85a3fe7..36571dbb3d6d603e961921cc401f05449818e486 100644 3 | --- a/index.js 4 | +++ b/index.js 5 | @@ -139,7 +139,7 @@ StringDecoder.prototype.write = function(buffer) { 6 | 7 | charStr += buffer.toString(this.encoding, 0, end); 8 | 9 | - var end = charStr.length - 1; 10 | + end = charStr.length - 1; 11 | var charCode = charStr.charCodeAt(end); 12 | // CESU-8: lead surrogate (D800-DBFF) is also the incomplete character 13 | if (charCode >= 0xD800 && charCode <= 0xDBFF) { 14 | -------------------------------------------------------------------------------- /packages/socketbin-cli-linux-x64/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@socketbin/cli-linux-x64", 3 | "version": "0.0.0-replaced-by-prepublish-socketbin", 4 | "description": "Socket CLI binary", 5 | "private": true, 6 | "license": "MIT", 7 | "repository": { 8 | "type": "git", 9 | "url": "git+https://github.com/SocketDev/socket-cli.git" 10 | }, 11 | "bin": { 12 | "socket": "bin/socket" 13 | }, 14 | "os": [ 15 | "linux" 16 | ], 17 | "cpu": [ 18 | "x64" 19 | ], 20 | "files": [ 21 | "bin/socket" 22 | ], 23 | "publishConfig": { 24 | "access": "public" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /packages/lib-internal/src/lifecycle-script-names.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview NPM lifecycle script names. 3 | * 4 | * Standard npm lifecycle hooks that can be defined in package.json scripts. 5 | * https://docs.npmjs.com/cli/v10/using-npm/scripts#life-cycle-scripts 6 | */ 7 | 8 | export default new Set( 9 | [ 10 | 'dependencies', 11 | 'prepublishOnly', 12 | ...[ 13 | 'install', 14 | 'pack', 15 | 'prepare', 16 | 'publish', 17 | 'restart', 18 | 'start', 19 | 'stop', 20 | 'version', 21 | ].map(n => [`pre${n}`, n, `post${n}`]), 22 | ].flat(), 23 | ) 24 | -------------------------------------------------------------------------------- /packages/socketbin-cli-alpine-x64/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@socketbin/cli-alpine-x64", 3 | "version": "0.0.0-replaced-by-prepublish-socketbin", 4 | "description": "Socket CLI binary", 5 | "private": true, 6 | "license": "MIT", 7 | "repository": { 8 | "type": "git", 9 | "url": "git+https://github.com/SocketDev/socket-cli.git" 10 | }, 11 | "bin": { 12 | "socket": "bin/socket" 13 | }, 14 | "os": [ 15 | "linux" 16 | ], 17 | "cpu": [ 18 | "x64" 19 | ], 20 | "files": [ 21 | "bin/socket" 22 | ], 23 | "publishConfig": { 24 | "access": "public" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /packages/socketbin-cli-darwin-x64/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@socketbin/cli-darwin-x64", 3 | "version": "0.0.0-replaced-by-prepublish-socketbin", 4 | "description": "Socket CLI binary", 5 | "private": true, 6 | "license": "MIT", 7 | "repository": { 8 | "type": "git", 9 | "url": "git+https://github.com/SocketDev/socket-cli.git" 10 | }, 11 | "bin": { 12 | "socket": "bin/socket" 13 | }, 14 | "os": [ 15 | "darwin" 16 | ], 17 | "cpu": [ 18 | "x64" 19 | ], 20 | "files": [ 21 | "bin/socket" 22 | ], 23 | "publishConfig": { 24 | "access": "public" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /packages/socketbin-cli-linux-arm64/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@socketbin/cli-linux-arm64", 3 | "version": "0.0.0-replaced-by-prepublish-socketbin", 4 | "description": "Socket CLI binary", 5 | "private": true, 6 | "license": "MIT", 7 | "repository": { 8 | "type": "git", 9 | "url": "git+https://github.com/SocketDev/socket-cli.git" 10 | }, 11 | "bin": { 12 | "socket": "bin/socket" 13 | }, 14 | "os": [ 15 | "linux" 16 | ], 17 | "cpu": [ 18 | "arm64" 19 | ], 20 | "files": [ 21 | "bin/socket" 22 | ], 23 | "publishConfig": { 24 | "access": "public" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /packages/cli/test/helpers/index.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview Test utilities index. Re-exports all test utility functions for convenient importing. */ 2 | 3 | export * from './cli-execution.mts' 4 | export * from './constants.mts' 5 | export * from './environment.mts' 6 | export * from './fixtures.mts' 7 | export * from './handle-test-helpers.mts' 8 | export * from './local-server.mts' 9 | export * from './mock-setup.mts' 10 | export * from './mocks.mts' 11 | export * from './output-assertions.mts' 12 | export * from './result-assertions.mts' 13 | export * from './test-fixtures.mts' 14 | export * from './workspace-helper.mts' 15 | -------------------------------------------------------------------------------- /packages/socketbin-cli-alpine-arm64/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@socketbin/cli-alpine-arm64", 3 | "version": "0.0.0-replaced-by-prepublish-socketbin", 4 | "description": "Socket CLI binary", 5 | "private": true, 6 | "license": "MIT", 7 | "repository": { 8 | "type": "git", 9 | "url": "git+https://github.com/SocketDev/socket-cli.git" 10 | }, 11 | "bin": { 12 | "socket": "bin/socket" 13 | }, 14 | "os": [ 15 | "linux" 16 | ], 17 | "cpu": [ 18 | "arm64" 19 | ], 20 | "files": [ 21 | "bin/socket" 22 | ], 23 | "publishConfig": { 24 | "access": "public" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /packages/socketbin-cli-darwin-arm64/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@socketbin/cli-darwin-arm64", 3 | "version": "0.0.0-replaced-by-prepublish-socketbin", 4 | "description": "Socket CLI binary", 5 | "private": true, 6 | "license": "MIT", 7 | "repository": { 8 | "type": "git", 9 | "url": "git+https://github.com/SocketDev/socket-cli.git" 10 | }, 11 | "bin": { 12 | "socket": "bin/socket" 13 | }, 14 | "os": [ 15 | "darwin" 16 | ], 17 | "cpu": [ 18 | "arm64" 19 | ], 20 | "files": [ 21 | "bin/socket" 22 | ], 23 | "publishConfig": { 24 | "access": "public" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /packages/socketbin-cli-win32-x64/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@socketbin/cli-win32-x64", 3 | "version": "0.0.0-replaced-by-prepublish-socketbin", 4 | "description": "Socket CLI binary", 5 | "private": true, 6 | "license": "MIT", 7 | "repository": { 8 | "type": "git", 9 | "url": "git+https://github.com/SocketDev/socket-cli.git" 10 | }, 11 | "bin": { 12 | "socket": "bin/socket.exe" 13 | }, 14 | "os": [ 15 | "win32" 16 | ], 17 | "cpu": [ 18 | "x64" 19 | ], 20 | "files": [ 21 | "bin/socket.exe" 22 | ], 23 | "publishConfig": { 24 | "access": "public" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /packages/cli/.config/tsconfig.check.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.base.json", 3 | "compilerOptions": { 4 | "typeRoots": ["../node_modules/@types"] 5 | }, 6 | "include": ["../src/**/*.mts", "../*.config.mts", "./*.mts"], 7 | "exclude": [ 8 | "../**/*.tsx", 9 | "../**/*.d.mts", 10 | "../src/commands/analytics/output-analytics.mts", 11 | "../src/commands/audit-log/output-audit-log.mts", 12 | "../src/commands/threat-feed/output-threat-feed.mts", 13 | "../src/**/*.test.mts", 14 | "../src/test/**/*.mts", 15 | "../src/utils/test-mocks.mts", 16 | "../test/**/*.mts" 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /packages/socketbin-cli-win32-arm64/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@socketbin/cli-win32-arm64", 3 | "version": "0.0.0-replaced-by-prepublish-socketbin", 4 | "description": "Socket CLI binary", 5 | "private": true, 6 | "license": "MIT", 7 | "repository": { 8 | "type": "git", 9 | "url": "git+https://github.com/SocketDev/socket-cli.git" 10 | }, 11 | "bin": { 12 | "socket": "bin/socket.exe" 13 | }, 14 | "os": [ 15 | "win32" 16 | ], 17 | "cpu": [ 18 | "arm64" 19 | ], 20 | "files": [ 21 | "bin/socket.exe" 22 | ], 23 | "publishConfig": { 24 | "access": "public" 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /sd: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Node 22+ supports native TypeScript via --experimental-strip-types. 4 | # Node 20 and below use the build artifacts via pnpm run s. 5 | # Note: This doesn't rebuild - use `pnpm run build` first if you changed code. 6 | 7 | NODE_MAJOR=$(node -v | cut -d'v' -f2 | cut -d'.' -f1) 8 | 9 | if [ "$NODE_MAJOR" -lt 22 ]; then 10 | # Node 20 or older - use built artifacts. 11 | pnpm --filter @socketsecurity/cli run s -- "$@" 12 | else 13 | # Node 22+ - use native TypeScript support. 14 | cd "$(dirname "$0")" && node --experimental-strip-types --no-warnings packages/cli/src/cli.mts "$@" 15 | fi 16 | -------------------------------------------------------------------------------- /packages/cli/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "../../.config/tsconfig.base.json", 3 | "include": ["src/**/*.mts", "src/**/*.d.ts", "src/**/*.tsx", "test/helpers/**/*.mts"], 4 | "exclude": [ 5 | ".cache/**", 6 | ".claude/**", 7 | "build/**", 8 | "binaries/**", 9 | "dist/**", 10 | "external/**", 11 | "node_modules/**", 12 | "pkg-binaries/**", 13 | "src/**/*.test.mts", 14 | "src/commands/analytics/output-analytics.mts", 15 | "src/commands/audit-log/output-audit-log.mts", 16 | "src/commands/threat-feed/output-threat-feed.mts", 17 | "test/helpers/**/*.test.mts", 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /packages/sdk/.config/taze.config.mts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'taze' 2 | 3 | export default defineConfig({ 4 | // Exclude these packages (add as needed). 5 | exclude: ['eslint-plugin-unicorn', 'openapi-typescript'], 6 | // Interactive mode disabled for automation. 7 | interactive: false, 8 | // Use minimal logging similar to ncu loglevel. 9 | loglevel: 'warn', 10 | // Only update packages that have been stable for 7 days. 11 | maturityPeriod: 7, 12 | // Update mode: 'latest' is similar to ncu's default behavior. 13 | mode: 'latest', 14 | // Write to package.json automatically. 15 | write: true, 16 | }) 17 | -------------------------------------------------------------------------------- /packages/cli/src/cli-dispatch-with-sentry.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview CLI dispatch entry point with Sentry telemetry. 3 | * Imports Sentry instrumentation before running the CLI dispatcher. 4 | * This ensures Sentry is initialized before any CLI code runs. 5 | */ 6 | 7 | // CRITICAL: Import Sentry instrumentation FIRST (before any other CLI code). 8 | // This must be the first import to ensure Sentry captures all errors. 9 | import './instrument-with-sentry.mts' 10 | 11 | // Import and run the normal CLI dispatch. 12 | // The dispatch handles routing to the appropriate CLI based on invocation mode. 13 | import './cli-dispatch.mts' 14 | -------------------------------------------------------------------------------- /.github/workflows/claude.yml: -------------------------------------------------------------------------------- 1 | name: 🤖 Claude Code 2 | 3 | on: 4 | issue_comment: 5 | types: [created] 6 | pull_request_review_comment: 7 | types: [created] 8 | issues: 9 | types: [opened, assigned] 10 | pull_request_review: 11 | types: [submitted] 12 | workflow_dispatch: 13 | 14 | permissions: 15 | contents: read 16 | id-token: write 17 | issues: write 18 | pull-requests: write 19 | 20 | jobs: 21 | claude: 22 | uses: SocketDev/socket-registry/.github/workflows/claude.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main 23 | secrets: 24 | anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} 25 | -------------------------------------------------------------------------------- /packages/cli/src/commands/manifest/output-manifest-setup.mts: -------------------------------------------------------------------------------- 1 | import { getDefaultLogger } from '@socketsecurity/lib-internal/logger' 2 | 3 | import { failMsgWithBadge } from '../../utils/error/fail-msg-with-badge.mts' 4 | 5 | import type { CResult } from '../../types.mts' 6 | const logger = getDefaultLogger() 7 | 8 | export async function outputManifestSetup(result: CResult) { 9 | if (!result.ok) { 10 | process.exitCode = result.code ?? 1 11 | } 12 | 13 | if (!result.ok) { 14 | logger.fail(failMsgWithBadge(result.message, result.cause)) 15 | return 16 | } 17 | 18 | logger.success('Setup complete') 19 | } 20 | -------------------------------------------------------------------------------- /packages/cli/src/shadow/npm/bin.mts: -------------------------------------------------------------------------------- 1 | import { NPM } from '../../constants/agents.mts' 2 | import shadowNpmBase from '../npm-base.mts' 3 | 4 | import type { ShadowBinOptions, ShadowBinResult } from '../npm-base.mts' 5 | import type { SpawnExtra } from '@socketsecurity/lib/spawn' 6 | 7 | export type { ShadowBinOptions, ShadowBinResult } 8 | 9 | export default async function shadowNpmBin( 10 | args: string[] | readonly string[] = process.argv.slice(2), 11 | options?: ShadowBinOptions | undefined, 12 | extra?: SpawnExtra | undefined, 13 | ): Promise { 14 | return await shadowNpmBase(NPM, args, options, extra) 15 | } 16 | -------------------------------------------------------------------------------- /packages/cli/src/shadow/npx/bin.mts: -------------------------------------------------------------------------------- 1 | import { NPX } from '../../constants/agents.mts' 2 | import shadowNpmBase from '../npm-base.mts' 3 | 4 | import type { ShadowBinOptions, ShadowBinResult } from '../npm-base.mts' 5 | import type { SpawnExtra } from '@socketsecurity/lib/spawn' 6 | 7 | export type { ShadowBinOptions, ShadowBinResult } 8 | 9 | export default async function shadowNpxBin( 10 | args: string[] | readonly string[] = process.argv.slice(2), 11 | options?: ShadowBinOptions | undefined, 12 | extra?: SpawnExtra | undefined, 13 | ): Promise { 14 | return await shadowNpmBase(NPX, args, options, extra) 15 | } 16 | -------------------------------------------------------------------------------- /packages/cli/src/commands/whoami/output-whoami.mts: -------------------------------------------------------------------------------- 1 | import { getDefaultLogger } from '@socketsecurity/lib/logger' 2 | 3 | import { serializeResultJson } from '../../utils/output/result-json.mjs' 4 | 5 | import type { CResult } from '../../types.mts' 6 | 7 | const logger = getDefaultLogger() 8 | 9 | export interface WhoamiStatus { 10 | authenticated: boolean 11 | token: string | null 12 | location: string | null 13 | } 14 | 15 | export function outputWhoami(status: WhoamiStatus): void { 16 | const result: CResult = { 17 | ok: true, 18 | data: status, 19 | } 20 | logger.log(serializeResultJson(result)) 21 | } 22 | -------------------------------------------------------------------------------- /packages/cli/src/utils/organization.mts: -------------------------------------------------------------------------------- 1 | import type { 2 | EnterpriseOrganizations, 3 | Organizations, 4 | } from '../commands/organization/fetch-organization-list.mts' 5 | 6 | export function getEnterpriseOrgs( 7 | orgs: Organizations, 8 | ): EnterpriseOrganizations { 9 | return orgs.filter(o => 10 | o.plan.includes('enterprise'), 11 | ) as EnterpriseOrganizations 12 | } 13 | 14 | export function getOrgSlugs(orgs: Organizations): string[] { 15 | return orgs.map(o => o.slug) 16 | } 17 | 18 | export function hasEnterpriseOrgPlan(orgs: Organizations): boolean { 19 | return orgs.some(o => o.plan.includes('enterprise')) 20 | } 21 | -------------------------------------------------------------------------------- /packages/cli/src/constants/errors.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Error message constants for Socket CLI. 3 | */ 4 | 5 | export const ERROR_NO_MANIFEST_FILES = 'No manifest files found' 6 | export const ERROR_NO_PACKAGE_JSON = 'No package.json found' 7 | export const ERROR_NO_REPO_FOUND = 'No repo found' 8 | export const ERROR_NO_SOCKET_DIR = 'No .socket directory found' 9 | export const ERROR_UNABLE_RESOLVE_ORG = 10 | 'Unable to resolve a Socket account organization' 11 | 12 | /** 13 | * Sentinel value to detect infinite loops during tree traversal. 14 | * Used as a safety check when walking dependency trees. 15 | */ 16 | export const LOOP_SENTINEL = 50_000 17 | -------------------------------------------------------------------------------- /packages/cli/src/utils/npm/package-arg.mts: -------------------------------------------------------------------------------- 1 | import npmPackageArg from 'npm-package-arg' 2 | 3 | export type { 4 | AliasResult, 5 | FileResult, 6 | HostedGit, 7 | HostedGitResult, 8 | RegistryResult, 9 | Result, 10 | URLResult, 11 | } from 'npm-package-arg' 12 | 13 | /** 14 | * Safe wrapper for npm-package-arg that doesn't throw. 15 | * Returns undefined if parsing fails. 16 | */ 17 | export function safeNpa( 18 | ...args: Parameters 19 | ): ReturnType | undefined { 20 | try { 21 | return Reflect.apply(npmPackageArg, undefined, args) 22 | } catch {} 23 | return undefined 24 | } 25 | -------------------------------------------------------------------------------- /packages/cli/src/env/is-legacy-build.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Legacy build flag getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding build flags into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | import { envAsBoolean } from '@socketsecurity/lib/env' 12 | 13 | export function isLegacyBuild(): boolean { 14 | return envAsBoolean(process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']) 15 | } 16 | -------------------------------------------------------------------------------- /packages/cli/src/env/is-sentry-build.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Sentry build flag getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding build flags into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | import { envAsBoolean } from '@socketsecurity/lib/env' 12 | 13 | export function isSentryBuild(): boolean { 14 | return envAsBoolean(process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']) 15 | } 16 | -------------------------------------------------------------------------------- /packages/cli/src/polyfills/intl-stub.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Intl stub polyfill - backward compatibility entry point. 3 | * 4 | * This file re-exports from the modular intl-stub directory structure. 5 | * Import this file to automatically install Intl stubs if Intl is missing. 6 | */ 7 | 8 | export { 9 | CollatorStub, 10 | DateTimeFormatStub, 11 | DisplayNamesStub, 12 | ListFormatStub, 13 | LocaleStub, 14 | NumberFormatStub, 15 | PluralRulesStub, 16 | RelativeTimeFormatStub, 17 | SegmenterStub, 18 | } from './intl-stub/index.mts' 19 | 20 | // Import the index to trigger automatic installation. 21 | import './intl-stub/index.mts' 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Socket Mach-O compression tools 2 | CXX := /usr/bin/clang++ 3 | CXXFLAGS := -std=c++17 -O3 -Wall -Wextra -mmacosx-version-min=11.0 4 | LDFLAGS := -lcompression 5 | 6 | all: socket_macho_compress socket_macho_decompress 7 | 8 | socket_macho_compress: socket_macho_compress.cc 9 | $(CXX) $(CXXFLAGS) -o $@ $< $(LDFLAGS) 10 | @echo "✅ Built socket_macho_compress" 11 | 12 | socket_macho_decompress: socket_macho_decompress.cc 13 | $(CXX) $(CXXFLAGS) -o $@ $< $(LDFLAGS) 14 | @echo "✅ Built socket_macho_decompress" 15 | 16 | clean: 17 | rm -f socket_macho_compress socket_macho_decompress 18 | @echo "✅ Cleaned" 19 | 20 | .PHONY: all clean 21 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/helpers.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Environment variable type conversion helpers. 3 | */ 4 | 5 | export function envAsBoolean(value: string | undefined): boolean { 6 | if (!value) { 7 | return false 8 | } 9 | const lower = value.toLowerCase() 10 | return lower === 'true' || lower === '1' || lower === 'yes' 11 | } 12 | 13 | export function envAsNumber(value: string | undefined): number { 14 | if (!value) { 15 | return 0 16 | } 17 | const num = Number(value) 18 | return Number.isNaN(num) ? 0 : num 19 | } 20 | 21 | export function envAsString(value: string | undefined): string { 22 | return value || '' 23 | } 24 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/yarn/vulnerable-deps/yarn.lock: -------------------------------------------------------------------------------- 1 | # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. 2 | # yarn lockfile v1 3 | 4 | 5 | axios@1.3.2: 6 | version "1.3.2" 7 | resolved "https://registry.npmjs.org/axios/-/axios-1.3.2.tgz" 8 | integrity sha512-test-integrity-placeholder 9 | 10 | lodash@4.17.20: 11 | version "4.17.20" 12 | resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz" 13 | integrity sha512-test-integrity-placeholder 14 | 15 | on-headers@1.0.2: 16 | version "1.0.2" 17 | resolved "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz" 18 | integrity sha512-test-integrity-placeholder -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/output-scan-config-result.mts: -------------------------------------------------------------------------------- 1 | import { getDefaultLogger } from '@socketsecurity/lib-internal/logger' 2 | 3 | import { failMsgWithBadge } from '../../utils/error/fail-msg-with-badge.mts' 4 | 5 | import type { CResult } from '../../types.mts' 6 | const logger = getDefaultLogger() 7 | 8 | export async function outputScanConfigResult(result: CResult) { 9 | if (!result.ok) { 10 | process.exitCode = result.code ?? 1 11 | } 12 | 13 | if (!result.ok) { 14 | logger.fail(failMsgWithBadge(result.message, result.cause)) 15 | return 16 | } 17 | 18 | logger.log('') 19 | logger.log('Finished') 20 | logger.log('') 21 | } 22 | -------------------------------------------------------------------------------- /packages/cli/src/env/is-published-build.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Published build flag getter function. 3 | * Uses direct process.env access so esbuild define can inline values. 4 | * IMPORTANT: esbuild's define plugin can only replace direct process.env['KEY'] references. 5 | * If we imported from env modules, esbuild couldn't inline the values at build time. 6 | * This is critical for embedding build flags into the binary. 7 | */ 8 | 9 | import process from 'node:process' 10 | 11 | import { envAsBoolean } from '@socketsecurity/lib/env' 12 | 13 | export function isPublishedBuild(): boolean { 14 | return envAsBoolean(process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']) 15 | } 16 | -------------------------------------------------------------------------------- /packages/cli/src/shadow/stdio-ipc.mts: -------------------------------------------------------------------------------- 1 | import type { StdioOptions } from 'node:child_process' 2 | 3 | /** 4 | * Ensures stdio configuration includes IPC channel for process communication. 5 | * Converts various stdio formats to include 'ipc' as the fourth element. 6 | */ 7 | export function ensureIpcInStdio( 8 | stdio: StdioOptions | undefined, 9 | ): StdioOptions { 10 | if (typeof stdio === 'string') { 11 | return [stdio, stdio, stdio, 'ipc'] 12 | } 13 | if (Array.isArray(stdio)) { 14 | if (!stdio.includes('ipc')) { 15 | return stdio.concat('ipc') 16 | } 17 | return stdio.slice() 18 | } 19 | return ['pipe', 'pipe', 'pipe', 'ipc'] 20 | } 21 | -------------------------------------------------------------------------------- /packages/yoga-layout/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@socketsecurity/yoga-layout", 3 | "version": "3.1.0", 4 | "description": "Custom Yoga Layout WASM build optimized for Socket CLI", 5 | "type": "module", 6 | "private": true, 7 | "exports": { 8 | "./build/yoga.js": "./build/yoga.js", 9 | "./build/yoga.wasm": "./build/yoga.wasm" 10 | }, 11 | "scripts": { 12 | "build": "node scripts/build.mjs", 13 | "build:force": "node scripts/build.mjs --force", 14 | "clean": "node scripts/clean.mjs" 15 | }, 16 | "dependencies": { 17 | "@socketsecurity/build-infra": "workspace:*", 18 | "@socketsecurity/lib-internal": "workspace:*" 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /packages/cli/src/commands/manifest/handle-manifest-conda.mts: -------------------------------------------------------------------------------- 1 | import { convertCondaToRequirements } from './convert-conda-to-requirements.mts' 2 | import { outputRequirements } from './output-requirements.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleManifestConda({ 7 | cwd, 8 | filename, 9 | out, 10 | outputKind, 11 | verbose, 12 | }: { 13 | cwd: string 14 | filename: string 15 | out: string 16 | outputKind: OutputKind 17 | verbose: boolean 18 | }): Promise { 19 | const data = await convertCondaToRequirements(filename, cwd, verbose) 20 | 21 | await outputRequirements(data, outputKind, out) 22 | } 23 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/fix/e2e-test-js/package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "e2e-test-js", 3 | "version": "1.0.0", 4 | "lockfileVersion": 3, 5 | "requires": true, 6 | "packages": { 7 | "": { 8 | "name": "e2e-test-js", 9 | "version": "1.0.0", 10 | "dependencies": { 11 | "lodash": "4.17.20" 12 | } 13 | }, 14 | "node_modules/lodash": { 15 | "version": "4.17.20", 16 | "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz", 17 | "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==", 18 | "license": "MIT" 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /packages/cli/src/utils/ink.types.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Type definitions for Ink wrapper. 3 | */ 4 | 5 | /* eslint-disable */ 6 | 7 | import type { Box as InkBox, Text as InkText, render as inkRender } from 'ink' 8 | import type ReactImport from 'react' 9 | import type InkTableImport from '../external/ink-table.mjs' 10 | 11 | export declare const Box: typeof InkBox 12 | export declare const Text: typeof InkText 13 | export declare const render: typeof inkRender 14 | export declare const React: typeof ReactImport 15 | export declare const InkTable: typeof InkTableImport 16 | 17 | export type { BoxProps, TextProps } from 'ink' 18 | export type { default as ReactType } from 'react' 19 | -------------------------------------------------------------------------------- /packages/cli/src/commands/login/apply-login.mts: -------------------------------------------------------------------------------- 1 | import { 2 | CONFIG_KEY_API_BASE_URL, 3 | CONFIG_KEY_API_PROXY, 4 | CONFIG_KEY_API_TOKEN, 5 | CONFIG_KEY_ENFORCED_ORGS, 6 | } from '../../constants/config.mts' 7 | import { updateConfigValue } from '../../utils/config.mts' 8 | 9 | export function applyLogin( 10 | apiToken: string, 11 | enforcedOrgs: string[], 12 | apiBaseUrl: string | undefined, 13 | apiProxy: string | undefined, 14 | ) { 15 | updateConfigValue(CONFIG_KEY_ENFORCED_ORGS, enforcedOrgs) 16 | updateConfigValue(CONFIG_KEY_API_TOKEN, apiToken) 17 | updateConfigValue(CONFIG_KEY_API_BASE_URL, apiBaseUrl) 18 | updateConfigValue(CONFIG_KEY_API_PROXY, apiProxy) 19 | } 20 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/optimize/yarn/yarn.lock: -------------------------------------------------------------------------------- 1 | # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. 2 | # yarn lockfile v1 3 | 4 | 5 | "@socketregistry/gopd@^1": 6 | version "1.0.7" 7 | resolved "https://registry.npmjs.org/@socketregistry/gopd/-/gopd-1.0.7.tgz" 8 | integrity sha512-test-integrity-placeholder 9 | 10 | axios@1.3.2: 11 | version "1.3.2" 12 | resolved "https://registry.npmjs.org/axios/-/axios-1.3.2.tgz" 13 | integrity sha512-test-integrity-placeholder 14 | 15 | gopd@npm:@socketregistry/gopd@^1: 16 | version "1.0.7" 17 | resolved "https://registry.npmjs.org/@socketregistry/gopd/-/gopd-1.0.7.tgz" 18 | integrity sha512-test-integrity-placeholder -------------------------------------------------------------------------------- /packages/cli/src/utils/semver.mts: -------------------------------------------------------------------------------- 1 | import semver from 'semver' 2 | 3 | import type { SemVer } from 'semver' 4 | 5 | export const RangeStyles = ['pin', 'preserve'] 6 | 7 | export type RangeStyle = 'pin' | 'preserve' 8 | 9 | export type { SemVer } 10 | 11 | export function getMajor(version: unknown): number | undefined { 12 | try { 13 | const coerced = semver.coerce(version as string) 14 | return coerced ? semver.major(coerced) : undefined 15 | } catch {} 16 | return undefined 17 | } 18 | 19 | export function getMinVersion(range: unknown): SemVer | undefined { 20 | try { 21 | return semver.minVersion(range as string) ?? undefined 22 | } catch {} 23 | return undefined 24 | } 25 | -------------------------------------------------------------------------------- /packages/sdk/scripts/register-loader.mjs: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Register alias loader for local Socket packages. 3 | * This module uses the modern register() API to load the alias-loader. 4 | */ 5 | 6 | // eslint-disable-next-line n/no-unsupported-features/node-builtins -- Required for loader registration 7 | import { register } from 'node:module' 8 | import path from 'node:path' 9 | import { fileURLToPath, pathToFileURL } from 'node:url' 10 | 11 | const __dirname = path.dirname(fileURLToPath(import.meta.url)) 12 | const loaderPath = path.join(__dirname, 'utils', 'alias-loader.mjs') 13 | 14 | // Register the alias loader using the modern API 15 | register(pathToFileURL(loaderPath).href, import.meta.url) 16 | -------------------------------------------------------------------------------- /packages/node-sea-builder/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "dependencies": { 3 | "@socketsecurity/bootstrap": "workspace:*", 4 | "@socketsecurity/build-infra": "workspace:*" 5 | }, 6 | "description": "Native Node.js SEA binary builder (fallback)", 7 | "devDependencies": { 8 | "postject": "catalog:", 9 | "vitest": "catalog:" 10 | }, 11 | "license": "MIT", 12 | "name": "@socketbin/node-sea-builder", 13 | "private": true, 14 | "scripts": { 15 | "build": "node scripts/build.mjs", 16 | "build:all": "node scripts/build.mjs --all-platforms", 17 | "publish": "node scripts/publish.mjs", 18 | "test": "vitest run", 19 | "test:watch": "vitest" 20 | }, 21 | "version": "1.2.0" 22 | } 23 | -------------------------------------------------------------------------------- /packages/cli/src/utils/command/registry.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview Command registry system for Socket CLI. Provides declarative command definitions, middleware, and plugin support. */ 2 | 3 | export { CommandRegistry, registry } from './registry-core.mjs' 4 | export { defineCommand } from './registry-define.mjs' 5 | export { 6 | generateCommandHelp, 7 | generateGlobalHelp, 8 | isHelpRequested, 9 | } from './registry-help.mjs' 10 | 11 | export type { 12 | CommandContext, 13 | CommandDefinition, 14 | CommandPlugin, 15 | CommandRegistry as ICommandRegistry, 16 | FlagDefinition, 17 | FlagType, 18 | FlagValues, 19 | HookFn, 20 | MiddlewareFn, 21 | ValidationResult, 22 | } from './registry-types.mjs' 23 | -------------------------------------------------------------------------------- /packages/lib-internal/scripts/build-externals/stubs/debug.cjs: -------------------------------------------------------------------------------- 1 | /** 2 | * Debug stub - stubs out debug logging. 3 | * 4 | * Many npm packages include debug() calls for verbose logging. 5 | * In production, these are disabled via process.env.DEBUG. 6 | * This stub removes the debug module entirely. 7 | * 8 | * Used by: Various npm packages 9 | * Savings: ~9KB + removes debug dependency checks 10 | */ 11 | 'use strict' 12 | 13 | // Return a no-op function that accepts any arguments 14 | function debug() { 15 | return function noop() {} 16 | } 17 | 18 | // Common debug properties 19 | debug.enabled = false 20 | debug.names = [] 21 | debug.skips = [] 22 | debug.formatters = {} 23 | 24 | module.exports = debug 25 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/handle-diff-scan.mts: -------------------------------------------------------------------------------- 1 | import { fetchDiffScan } from './fetch-diff-scan.mts' 2 | import { outputDiffScan } from './output-diff-scan.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleDiffScan({ 7 | depth, 8 | file, 9 | id1, 10 | id2, 11 | orgSlug, 12 | outputKind, 13 | }: { 14 | depth: number 15 | file: string 16 | id1: string 17 | id2: string 18 | orgSlug: string 19 | outputKind: OutputKind 20 | }): Promise { 21 | const data = await fetchDiffScan({ 22 | id1, 23 | id2, 24 | orgSlug, 25 | }) 26 | 27 | await outputDiffScan(data, { 28 | depth, 29 | file, 30 | outputKind, 31 | }) 32 | } 33 | -------------------------------------------------------------------------------- /packages/cli/src/commands/logout/attempt-logout.mts: -------------------------------------------------------------------------------- 1 | import { getDefaultLogger } from '@socketsecurity/lib-internal/logger' 2 | 3 | import { applyLogout } from './apply-logout.mts' 4 | import { isConfigFromFlag } from '../../utils/config.mts' 5 | const logger = getDefaultLogger() 6 | 7 | export function attemptLogout() { 8 | try { 9 | applyLogout() 10 | logger.success('Successfully logged out') 11 | if (isConfigFromFlag()) { 12 | logger.log('') 13 | logger.warn( 14 | 'Note: config is in read-only mode, at least one key was overridden through flag/env, so the logout was not persisted!', 15 | ) 16 | } 17 | } catch { 18 | logger.fail('Failed to complete logout steps') 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /patches/graceful-fs@4.2.11.patch: -------------------------------------------------------------------------------- 1 | diff --git a/clone.js b/clone.js 2 | index dff3cc8c504b4cf14054b5d7bbc64b1696bc9fec..8b55fbe40411a4b7f504f06978e36fbb871d3196 100644 3 | --- a/clone.js 4 | +++ b/clone.js 5 | @@ -10,10 +10,9 @@ function clone (obj) { 6 | if (obj === null || typeof obj !== 'object') 7 | return obj 8 | 9 | - if (obj instanceof Object) 10 | - var copy = { __proto__: getPrototypeOf(obj) } 11 | - else 12 | - var copy = Object.create(null) 13 | + var copy = obj instanceof Object 14 | + ? { __proto__: getPrototypeOf(obj) } 15 | + : Object.create(null) 16 | 17 | Object.getOwnPropertyNames(obj).forEach(function (key) { 18 | Object.defineProperty(copy, key, Object.getOwnPropertyDescriptor(obj, key)) 19 | -------------------------------------------------------------------------------- /packages/lib-internal/.config/taze.config.mts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'taze' 2 | 3 | export default defineConfig({ 4 | // Exclude these packages. 5 | exclude: [ 6 | 'debug', 7 | 'eslint-plugin-unicorn', 8 | 'make-fetch-happen', 9 | 'minimatch', 10 | 'normalize-package-data', 11 | ], 12 | // Interactive mode disabled for automation. 13 | interactive: false, 14 | // Silent logging. 15 | loglevel: 'silent', 16 | // Only update packages that have been stable for 7 days. 17 | maturityPeriod: 7, 18 | // Update mode: 'latest'. 19 | mode: 'latest', 20 | // Recursive mode to handle all package.json files. 21 | recursive: true, 22 | // Write to package.json automatically. 23 | write: true, 24 | }) 25 | -------------------------------------------------------------------------------- /scripts/register.mjs: -------------------------------------------------------------------------------- 1 | /** 2 | * Module loader registration for Node.js --import flag. 3 | * 4 | * Registers our custom alias loader for @socketsecurity/* package imports. 5 | * This replaces the deprecated --loader flag with the new register() API. 6 | * 7 | * Usage: 8 | * node --import=./scripts/register.mjs script.mjs 9 | * 10 | * Compatible with Node.js 18.19+, 20.6+, and 22+ 11 | */ 12 | 13 | import { register } from 'node:module' 14 | import path from 'node:path' 15 | import { fileURLToPath } from 'node:url' 16 | 17 | const __dirname = path.dirname(fileURLToPath(import.meta.url)) 18 | 19 | // Register the alias loader using absolute path. 20 | 21 | register(path.join(__dirname, 'utils', 'alias-loader.mjs'), import.meta.url) 22 | -------------------------------------------------------------------------------- /packages/node-sea-builder/scripts/constants.mjs: -------------------------------------------------------------------------------- 1 | /** 2 | * Constants for SEA builder. 3 | * Environment variables can override defaults. 4 | */ 5 | 6 | import nodeVersionConfig from '@socketsecurity/bootstrap/node-version.json' with { type: 'json' } 7 | 8 | // Use versionSemver (without 'v' prefix) for URL construction. 9 | const { versionSemver: NODE_VERSION } = nodeVersionConfig 10 | 11 | // Environment variables (can override defaults). 12 | const ENV = { 13 | SOCKET_CLI_SEA_NODE_VERSION: process.env.SOCKET_CLI_SEA_NODE_VERSION || NODE_VERSION, 14 | SOCKET_CLI_NODE_DOWNLOAD_URL: process.env.SOCKET_CLI_NODE_DOWNLOAD_URL || 'https://nodejs.org/download/release', 15 | } 16 | 17 | export default { 18 | ENV, 19 | NODE_VERSION, 20 | } 21 | -------------------------------------------------------------------------------- /packages/lib-internal/.config/vitest-global-setup.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Global setup for Vitest. 3 | * Ensures necessary directories exist before running tests. 4 | */ 5 | 6 | import { mkdir } from 'node:fs/promises' 7 | import path from 'node:path' 8 | import { fileURLToPath } from 'node:url' 9 | 10 | const __dirname = path.dirname(fileURLToPath(import.meta.url)) 11 | const projectRoot = path.resolve(__dirname, '..') 12 | 13 | export async function setup() { 14 | // Ensure coverage/.tmp directory exists to prevent ENOENT errors 15 | // when vitest's v8 coverage provider writes temporary coverage files. 16 | const coverageTmpDir = path.join(projectRoot, 'coverage', '.tmp') 17 | await mkdir(coverageTmpDir, { recursive: true }) 18 | } 19 | -------------------------------------------------------------------------------- /packages/sdk/src/user-agent.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview User-Agent string generation utilities. 3 | * Creates standardized User-Agent headers from package.json data for API requests. 4 | */ 5 | 6 | /** 7 | * Generate a User-Agent string from package.json data. 8 | * Creates standardized User-Agent format with optional homepage URL. 9 | */ 10 | export function createUserAgentFromPkgJson(pkgData: { 11 | name: string 12 | version: string 13 | homepage?: string | undefined 14 | }): string { 15 | const { homepage } = pkgData 16 | const name = pkgData.name.replace('@', '').replace('/', '-') 17 | /* c8 ignore next - homepage URL is optional in package.json */ 18 | return `${name}/${pkgData.version}${homepage ? ` (${homepage})` : ''}` 19 | } 20 | -------------------------------------------------------------------------------- /packages/sdk/test/utils/fixtures.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview Test data fixtures and configurations. */ 2 | 3 | /** 4 | * Common test package.json configurations to reduce duplication across test files. 5 | */ 6 | export const TEST_PACKAGE_CONFIGS = { 7 | expressBasic: { 8 | name: 'test-package', 9 | version: '1.0.0', 10 | dependencies: { 11 | express: '^4.18.0', 12 | }, 13 | }, 14 | lodashBasic: { 15 | name: 'test-package', 16 | version: '1.0.0', 17 | dependencies: { 18 | lodash: '^4.17.21', 19 | }, 20 | }, 21 | multiPackage: { 22 | name: 'test-package', 23 | version: '1.0.0', 24 | dependencies: { 25 | express: '^4.18.0', 26 | lodash: '^4.17.21', 27 | }, 28 | }, 29 | } as const 30 | -------------------------------------------------------------------------------- /packages/cli/src/commands/fix/types.mts: -------------------------------------------------------------------------------- 1 | import type { OutputKind } from '../../types.mts' 2 | import type { RangeStyle } from '../../utils/semver.mts' 3 | import type { Spinner } from '@socketsecurity/lib-internal/spinner' 4 | 5 | export type FixConfig = { 6 | applyFixes: boolean 7 | autopilot: boolean 8 | cwd: string 9 | disableMajorUpdates: boolean 10 | exclude: string[] 11 | ghsas: string[] 12 | include: string[] 13 | limit: number 14 | minimumReleaseAge: string 15 | minSatisfying: boolean 16 | orgSlug: string 17 | outputFile: string 18 | outputKind: OutputKind 19 | prCheck: boolean 20 | rangeStyle: RangeStyle 21 | showAffectedDirectDependencies: boolean 22 | spinner: Spinner | undefined 23 | unknownFlags: string[] 24 | } 25 | -------------------------------------------------------------------------------- /packages/cli/src/commands/package/handle-purl-deep-score.mts: -------------------------------------------------------------------------------- 1 | import { debug, debugDir } from '@socketsecurity/lib-internal/debug' 2 | 3 | import { fetchPurlDeepScore } from './fetch-purl-deep-score.mts' 4 | import { outputPurlsDeepScore } from './output-purls-deep-score.mts' 5 | 6 | import type { OutputKind } from '../../types.mts' 7 | 8 | export async function handlePurlDeepScore( 9 | purl: string, 10 | outputKind: OutputKind, 11 | ) { 12 | debug(`Fetching deep score for ${purl}`) 13 | debugDir({ purl, outputKind }) 14 | 15 | const result = await fetchPurlDeepScore(purl) 16 | 17 | debug(`Deep score ${result.ok ? 'fetched successfully' : 'fetch failed'}`) 18 | debugDir({ result }) 19 | 20 | await outputPurlsDeepScore(purl, result, outputKind) 21 | } 22 | -------------------------------------------------------------------------------- /packages/cli/src/commands/organization/handle-organization-list.mts: -------------------------------------------------------------------------------- 1 | import { debug, debugDir } from '@socketsecurity/lib/debug' 2 | 3 | import { fetchOrganization } from './fetch-organization-list.mts' 4 | import { outputOrganizationList } from './output-organization-list.mts' 5 | 6 | import type { OutputKind } from '../../types.mts' 7 | 8 | export async function handleOrganizationList( 9 | outputKind: OutputKind = 'text', 10 | ): Promise { 11 | debug('Fetching organization list') 12 | debugDir({ outputKind }) 13 | 14 | const data = await fetchOrganization() 15 | 16 | debug( 17 | `Organization list ${data.ok ? 'fetched successfully' : 'fetch failed'}`, 18 | ) 19 | debugDir({ data }) 20 | 21 | await outputOrganizationList(data, outputKind) 22 | } 23 | -------------------------------------------------------------------------------- /packages/cli/src/commands/install/cmd-install.mts: -------------------------------------------------------------------------------- 1 | import { cmdInstallCompletion } from './cmd-install-completion.mts' 2 | import { meowWithSubcommands } from '../../utils/cli/with-subcommands.mjs' 3 | 4 | import type { CliSubcommand } from '../../utils/cli/with-subcommands.mjs' 5 | 6 | const description = 'Install Socket CLI tab completion' 7 | 8 | export const cmdInstall: CliSubcommand = { 9 | description, 10 | hidden: false, 11 | async run(argv, importMeta, { parentName }) { 12 | await meowWithSubcommands( 13 | { 14 | argv, 15 | name: `${parentName} install`, 16 | importMeta, 17 | subcommands: { 18 | completion: cmdInstallCompletion, 19 | }, 20 | }, 21 | { description }, 22 | ) 23 | }, 24 | } 25 | -------------------------------------------------------------------------------- /packages/node-sea-builder/README.md: -------------------------------------------------------------------------------- 1 | # @socketbin/node-sea-builder-builder 2 | 3 | Native Node.js SEA (Single Executable Application) binary builder. 4 | 5 | **This is a private package used for building Socket CLI binaries as a fallback.** 6 | 7 | ## What It Does 8 | 9 | Builds Socket CLI as a Node.js SEA binary using the official Node.js SEA feature. 10 | 11 | This is a fallback option when custom Node.js builds encounter issues. 12 | 13 | ## Building 14 | 15 | ```bash 16 | cd packages/node-sea-builder 17 | pnpm run build 18 | ``` 19 | 20 | ## Supported Platforms 21 | 22 | - macOS (x64, arm64) 23 | - Linux (x64, arm64) 24 | - Alpine Linux (x64, arm64) 25 | - Windows (x64, arm64) 26 | 27 | ## Output 28 | 29 | Built binaries in: `dist/` 30 | 31 | ## License 32 | 33 | MIT 34 | -------------------------------------------------------------------------------- /scripts/dev-local.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Helper script to run socket CLI against local depscan API server 3 | # 4 | # Usage: 5 | # ./scripts/dev-local.sh [socket command] 6 | # 7 | # Examples: 8 | # ./scripts/dev-local.sh --version 9 | # ./scripts/dev-local.sh patch discover 10 | # ./scripts/dev-local.sh scan create . 11 | 12 | # Load .env.local if it exists 13 | if [ -f .env.local ]; then 14 | export $(grep -v '^#' .env.local | grep -v '^$' | xargs) 15 | fi 16 | 17 | # Set default local API server URL if not already set 18 | export SOCKET_CLI_API_BASE_URL="${SOCKET_CLI_API_BASE_URL:-http://localhost:8866}" 19 | 20 | echo "🔧 Using API server: $SOCKET_CLI_API_BASE_URL" 21 | echo "" 22 | 23 | # Run the CLI with all arguments passed through 24 | ./bin/cli.js "$@" 25 | -------------------------------------------------------------------------------- /packages/lib-internal/data/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "npm": [ 3 | [ 4 | "pkg:npm/%40socketregistry/packageurl-js@latest", 5 | { 6 | "categories": ["levelup"], 7 | "engines": { "node": ">=18" }, 8 | "interop": ["cjs"], 9 | "license": "MIT", 10 | "name": "@socketregistry/packageurl-js", 11 | "package": "packageurl-js", 12 | "version": "latest" 13 | } 14 | ], 15 | [ 16 | "pkg:npm/shell-quote@latest", 17 | { 18 | "categories": ["tuneup"], 19 | "engines": { "node": ">=18" }, 20 | "interop": ["cjs"], 21 | "license": "MIT", 22 | "name": "shell-quote", 23 | "package": "shell-quote", 24 | "version": "latest" 25 | } 26 | ] 27 | ] 28 | } 29 | -------------------------------------------------------------------------------- /packages/cli/.env.test: -------------------------------------------------------------------------------- 1 | NODE_COMPILE_CACHE="./.cache" 2 | NODE_OPTIONS="--max-old-space-size=2048 --unhandled-rejections=warn" 3 | VITEST=1 4 | # Disable Node.js binary forwarding for tests 5 | SOCKET_CLI_DISABLE_NODE_FORWARDING=1 6 | # Points to local @socketsecurity/cli JS dist so stub binary doesn't download from npm 7 | SOCKET_CLI_JS_PATH="./dist/cli.js" 8 | # E2E test configuration 9 | # Set to 1 to enable E2E tests (requires Socket API token) 10 | # RUN_E2E_TESTS=1 11 | # Set to 1 to test smol Node.js binary (requires building first) 12 | # TEST_SMOL_BINARY=1 13 | # Set to 1 to test SEA binary (requires building first) 14 | # TEST_SEA_BINARY=1 15 | # Uncomment to test against built binary (must build first: pnpm run build --sea) 16 | # SOCKET_CLI_BIN_PATH="./dist/sea/socket-macos-arm64" 17 | -------------------------------------------------------------------------------- /packages/cli/src/commands/audit-log/handle-audit-log.mts: -------------------------------------------------------------------------------- 1 | import { fetchAuditLog } from './fetch-audit-log.mts' 2 | import { outputAuditLog } from './output-audit-log.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleAuditLog({ 7 | logType, 8 | orgSlug, 9 | outputKind, 10 | page, 11 | perPage, 12 | }: { 13 | logType: string 14 | outputKind: OutputKind 15 | orgSlug: string 16 | page: number 17 | perPage: number 18 | }): Promise { 19 | const auditLogs = await fetchAuditLog({ 20 | logType, 21 | orgSlug, 22 | outputKind, 23 | page, 24 | perPage, 25 | }) 26 | 27 | await outputAuditLog(auditLogs, { 28 | logType, 29 | orgSlug, 30 | outputKind, 31 | page, 32 | perPage, 33 | }) 34 | } 35 | -------------------------------------------------------------------------------- /packages/cli/src/commands/uninstall/cmd-uninstall.mts: -------------------------------------------------------------------------------- 1 | import { cmdUninstallCompletion } from './cmd-uninstall-completion.mts' 2 | import { meowWithSubcommands } from '../../utils/cli/with-subcommands.mjs' 3 | 4 | import type { CliSubcommand } from '../../utils/cli/with-subcommands.mjs' 5 | 6 | const description = 'Uninstall Socket CLI tab completion' 7 | 8 | export const cmdUninstall: CliSubcommand = { 9 | description, 10 | hidden: false, 11 | async run(argv, importMeta, { parentName }) { 12 | await meowWithSubcommands( 13 | { 14 | argv, 15 | name: `${parentName} uninstall`, 16 | importMeta, 17 | subcommands: { 18 | completion: cmdUninstallCompletion, 19 | }, 20 | }, 21 | { description }, 22 | ) 23 | }, 24 | } 25 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/suggest_target.mts: -------------------------------------------------------------------------------- 1 | import { select } from '@socketsecurity/lib-internal/stdio/prompts' 2 | 3 | export async function suggestTarget(): Promise { 4 | // We could prefill this with sub-dirs of the current 5 | // dir ... but is that going to be useful? 6 | const proceed = await select({ 7 | message: 'No TARGET given. Do you want to use the current directory?', 8 | choices: [ 9 | { 10 | name: 'Yes', 11 | value: true, 12 | description: 'Target the current directory', 13 | }, 14 | { 15 | name: 'No', 16 | value: false, 17 | description: 18 | 'Do not use the current directory (this will end in a no-op)', 19 | }, 20 | ], 21 | }) 22 | return proceed ? ['.'] : [] 23 | } 24 | -------------------------------------------------------------------------------- /.config/tsconfig.check.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "./tsconfig.base.json", 3 | "compilerOptions": { 4 | "typeRoots": ["../node_modules/@types"] 5 | }, 6 | "include": [ 7 | "../packages/cli/src/**/*.mts", 8 | "../packages/cli/*.config.mts", 9 | "../packages/cli/.config/*.mts" 10 | ], 11 | "exclude": [ 12 | "../packages/cli/**/*.tsx", 13 | "../packages/cli/**/*.d.mts", 14 | "../packages/cli/src/commands/analytics/output-analytics.mts", 15 | "../packages/cli/src/commands/audit-log/output-audit-log.mts", 16 | "../packages/cli/src/commands/threat-feed/output-threat-feed.mts", 17 | "../packages/cli/**/*.test.mts", 18 | "../packages/cli/src/test/**/*.mts", 19 | "../packages/cli/src/utils/test-mocks.mts", 20 | "../packages/cli/test/**/*.mts" 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/output-scan-github.mts: -------------------------------------------------------------------------------- 1 | import { getDefaultLogger } from '@socketsecurity/lib-internal/logger' 2 | 3 | import { failMsgWithBadge } from '../../utils/error/fail-msg-with-badge.mts' 4 | import { serializeResultJson } from '../../utils/output/result-json.mjs' 5 | 6 | import type { CResult, OutputKind } from '../../types.mts' 7 | const logger = getDefaultLogger() 8 | 9 | export async function outputScanGithub( 10 | result: CResult, 11 | outputKind: OutputKind, 12 | ) { 13 | if (outputKind === 'json') { 14 | logger.log(serializeResultJson(result)) 15 | return 16 | } 17 | 18 | if (!result.ok) { 19 | logger.fail(failMsgWithBadge(result.message, result.cause)) 20 | return 21 | } 22 | 23 | logger.log('') 24 | logger.success('Finished!') 25 | } 26 | -------------------------------------------------------------------------------- /packages/cli/src/utils/ecosystem/spec.mts: -------------------------------------------------------------------------------- 1 | import semver from 'semver' 2 | 3 | import { NPM } from '@socketsecurity/lib/constants/agents' 4 | 5 | import { stripPnpmPeerSuffix } from '../pnpm/lockfile.mts' 6 | 7 | import type { PackageURL } from '@socketregistry/packageurl-js' 8 | 9 | export function idToNpmPurl(id: string): string { 10 | return `pkg:${NPM}/${id}` 11 | } 12 | 13 | export function idToPurl(id: string, type: string): string { 14 | return `pkg:${type}/${id}` 15 | } 16 | 17 | export function resolvePackageVersion(purlObj: PackageURL): string { 18 | const { version } = purlObj 19 | if (!version) { 20 | return '' 21 | } 22 | const { type } = purlObj 23 | return ( 24 | semver.coerce(type === NPM ? stripPnpmPeerSuffix(version) : version) 25 | ?.version ?? '' 26 | ) 27 | } 28 | -------------------------------------------------------------------------------- /packages/cli/scripts/constants/build.mjs: -------------------------------------------------------------------------------- 1 | /** @fileoverview Build-related constants for Socket CLI. */ 2 | 3 | // Build configuration file names. 4 | export const BIOME_JSON = 'biome.json' 5 | export const TSCONFIG_JSON = 'tsconfig.json' 6 | 7 | // Build output names. 8 | export const INSTRUMENT_WITH_SENTRY = 'instrument-with-sentry' 9 | export const SHADOW_NPM_BIN = 'shadow-npm-bin' 10 | export const SHADOW_NPM_INJECT = 'shadow-npm-inject' 11 | export const SHADOW_NPX_BIN = 'shadow-npx-bin' 12 | export const SHADOW_PNPM_BIN = 'shadow-pnpm-bin' 13 | export const SHADOW_YARN_BIN = 'shadow-yarn-bin' 14 | 15 | // Rollup configuration. 16 | export const ROLLUP_EXTERNAL_SUFFIX = '?commonjs-external' 17 | 18 | // Encoding constants. 19 | export const UTF8 = 'utf8' 20 | 21 | // Test environment. 22 | export const VITEST = 'VITEST' 23 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/locale.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Locale and language environment variable getters. 3 | * Provides access to system locale settings. 4 | */ 5 | 6 | import { getEnvValue } from '#env/rewire' 7 | 8 | /** 9 | * LANG environment variable. 10 | * System locale and language settings. 11 | */ 12 | export function getLang(): string | undefined { 13 | return getEnvValue('LANG') 14 | } 15 | 16 | /** 17 | * LC_ALL environment variable. 18 | * Override for all locale settings. 19 | */ 20 | export function getLcAll(): string | undefined { 21 | return getEnvValue('LC_ALL') 22 | } 23 | 24 | /** 25 | * LC_MESSAGES environment variable. 26 | * Locale setting for message translations. 27 | */ 28 | export function getLcMessages(): string | undefined { 29 | return getEnvValue('LC_MESSAGES') 30 | } 31 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/temp-dir.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Temporary directory environment variable getters. 3 | * Different platforms use different environment variables for temp directories. 4 | */ 5 | 6 | import { getEnvValue } from '#env/rewire' 7 | 8 | /** 9 | * TMPDIR environment variable. 10 | * Unix/macOS temporary directory path. 11 | */ 12 | export function getTmpdir(): string | undefined { 13 | return getEnvValue('TMPDIR') 14 | } 15 | 16 | /** 17 | * TEMP environment variable. 18 | * Windows temporary directory path. 19 | */ 20 | export function getTemp(): string | undefined { 21 | return getEnvValue('TEMP') 22 | } 23 | 24 | /** 25 | * TMP environment variable. 26 | * Alternative temporary directory path. 27 | */ 28 | export function getTmp(): string | undefined { 29 | return getEnvValue('TMP') 30 | } 31 | -------------------------------------------------------------------------------- /taze.config.mts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'taze' 2 | 3 | export default defineConfig({ 4 | // Exclude these packages (migrated from .ncurc.json reject list). 5 | exclude: [ 6 | 'eslint-plugin-unicorn', 7 | 'terminal-link', 8 | 'yargs-parser', 9 | // Vendored npm workspace packages that don't exist on registry. 10 | '@npmcli/docs', 11 | '@npmcli/mock-globals', 12 | '@npmcli/mock-registry', 13 | ], 14 | // Interactive mode disabled for automation. 15 | interactive: false, 16 | // Use minimal logging similar to ncu loglevel. 17 | loglevel: 'warn', 18 | // Only update packages that have been stable for 7 days. 19 | maturityPeriod: 7, 20 | // Update mode: 'latest' is similar to ncu's default behavior. 21 | mode: 'latest', 22 | // Write to package.json automatically. 23 | write: true, 24 | }) 25 | -------------------------------------------------------------------------------- /packages/cli/test/fixtures/commands/json/socket.json: -------------------------------------------------------------------------------- 1 | { 2 | " _____ _ _ ": "Local config file for Socket CLI tool ( https://npmjs.org/socket ), to work with https://socket.dev", 3 | "| __|___ ___| |_ ___| |_ ": " The config in this file is used to set as defaults for flags or cmmand args when using the CLI", 4 | "|__ | . | _| '_| -_| _| ": " in this dir, often a repo root. You can choose commit or .ignore this file, both works.", 5 | "|_____|___|___|_,_|___|_|.dev": "Warning: This file may be overwritten without warning by `socket manifest setup` or other commands", 6 | "version": 1, 7 | "defaults": { 8 | "manifest": { 9 | "sbt": { 10 | "bin": "/bin/sbt", 11 | "outfile": "sbt.pom.xml", 12 | "stdout": false, 13 | "verbose": true 14 | } 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /packages/cli/src/commands/config/handle-config-set.mts: -------------------------------------------------------------------------------- 1 | import { debug, debugDir } from '@socketsecurity/lib/debug' 2 | 3 | import { outputConfigSet } from './output-config-set.mts' 4 | import { updateConfigValue } from '../../utils/config.mts' 5 | 6 | import type { OutputKind } from '../../types.mts' 7 | import type { LocalConfig } from '../../utils/config.mts' 8 | 9 | export async function handleConfigSet({ 10 | key, 11 | outputKind, 12 | value, 13 | }: { 14 | key: keyof LocalConfig 15 | outputKind: OutputKind 16 | value: string 17 | }) { 18 | debug(`Setting config ${key} = ${value}`) 19 | debugDir({ key, value, outputKind }) 20 | 21 | const result = updateConfigValue(key, value) 22 | 23 | debug(`Config update ${result.ok ? 'succeeded' : 'failed'}`) 24 | debugDir({ result }) 25 | 26 | await outputConfigSet(result, outputKind) 27 | } 28 | -------------------------------------------------------------------------------- /packages/lib-internal/src/constants/process.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Process control: abort signals and UI utilities. 3 | */ 4 | 5 | import type { Spinner } from '#lib/spinner' 6 | 7 | // Abort controller and signal. 8 | let _abortController: AbortController 9 | export function getAbortController(): AbortController { 10 | if (_abortController === undefined) { 11 | _abortController = new AbortController() 12 | } 13 | return _abortController 14 | } 15 | 16 | export function getAbortSignal(): AbortSignal { 17 | return getAbortController().signal 18 | } 19 | 20 | // Spinner instance. 21 | let _spinner: Spinner | null | undefined 22 | export function getSpinner(): Spinner | null { 23 | if (_spinner === undefined) { 24 | const { Spinner: SpinnerFn } = require('#lib/spinner') 25 | _spinner = SpinnerFn() ?? null 26 | } 27 | return _spinner ?? null 28 | } 29 | -------------------------------------------------------------------------------- /.github/workflows/socket-auto-pr.yml: -------------------------------------------------------------------------------- 1 | name: ⚡ Fix PR 2 | 3 | on: 4 | schedule: 5 | - cron: '0 0 * * *' # Run daily at midnight UTC 6 | - cron: '0 12 * * *' # Run daily at noon UTC 7 | workflow_dispatch: 8 | inputs: 9 | debug: 10 | description: 'Enable debug output' 11 | required: false 12 | default: '0' 13 | type: string 14 | options: 15 | - '0' 16 | - '1' 17 | 18 | permissions: 19 | contents: write 20 | pull-requests: write 21 | 22 | jobs: 23 | socket-auto-pr: 24 | uses: SocketDev/socket-registry/.github/workflows/socket-auto-pr.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main 25 | with: 26 | debug: ${{ inputs.debug }} 27 | autopilot: true 28 | secrets: 29 | socket_cli_api_token: ${{ secrets.SOCKET_CLI_API_TOKEN }} 30 | gh_token: ${{ secrets.GITHUB_TOKEN }} 31 | -------------------------------------------------------------------------------- /packages/cli/src/commands/optimize/deps-includes-by-agent.mts: -------------------------------------------------------------------------------- 1 | import { 2 | BUN, 3 | YARN_BERRY, 4 | YARN_CLASSIC, 5 | } from '@socketsecurity/lib/constants/agents' 6 | 7 | import type { EnvDetails } from '../../utils/ecosystem/environment.mjs' 8 | 9 | export function matchLsCmdViewHumanStdout(stdout: string, name: string) { 10 | return stdout.includes(` ${name}@`) 11 | } 12 | 13 | export function matchQueryCmdStdout(stdout: string, name: string) { 14 | return stdout.includes(`"${name}"`) 15 | } 16 | 17 | export function lsStdoutIncludes( 18 | pkgEnvDetails: EnvDetails, 19 | stdout: string, 20 | name: string, 21 | ): boolean { 22 | switch (pkgEnvDetails.agent) { 23 | case BUN: 24 | case YARN_BERRY: 25 | case YARN_CLASSIC: 26 | return matchLsCmdViewHumanStdout(stdout, name) 27 | default: 28 | return matchQueryCmdStdout(stdout, name) 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /packages/cli/src/commands/repository/handle-update-repo.mts: -------------------------------------------------------------------------------- 1 | import { fetchUpdateRepo } from './fetch-update-repo.mts' 2 | import { outputUpdateRepo } from './output-update-repo.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleUpdateRepo( 7 | { 8 | defaultBranch, 9 | description, 10 | homepage, 11 | orgSlug, 12 | repoName, 13 | visibility, 14 | }: { 15 | orgSlug: string 16 | repoName: string 17 | description: string 18 | homepage: string 19 | defaultBranch: string 20 | visibility: string 21 | }, 22 | outputKind: OutputKind, 23 | ): Promise { 24 | const data = await fetchUpdateRepo({ 25 | defaultBranch, 26 | description, 27 | homepage, 28 | orgSlug, 29 | repoName, 30 | visibility, 31 | }) 32 | 33 | await outputUpdateRepo(data, repoName, outputKind) 34 | } 35 | -------------------------------------------------------------------------------- /packages/sdk/test/utils/mock-helpers.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview Mock utilities for test setup. */ 2 | import { Readable } from 'node:stream' 3 | 4 | import { vi } from 'vitest' 5 | 6 | // Mock fs.createReadStream to prevent test-package.json from being created. 7 | vi.mock('node:fs', async () => { 8 | const actual = await vi.importActual('node:fs') 9 | return { 10 | ...actual, 11 | createReadStream: vi.fn((path: string) => { 12 | // Return a mock readable stream for test-package.json. 13 | if (path.includes('test-package.json')) { 14 | const stream = new Readable() 15 | stream.push('{"name": "test-package", "version": "1.0.0"}') 16 | stream.push(null) 17 | return stream 18 | } 19 | // For other files, use the actual createReadStream. 20 | return actual.createReadStream(path) 21 | }), 22 | } 23 | }) 24 | -------------------------------------------------------------------------------- /packages/cli/src/commands/organization/handle-dependencies.mts: -------------------------------------------------------------------------------- 1 | import { debug, debugDir } from '@socketsecurity/lib/debug' 2 | 3 | import { fetchDependencies } from './fetch-dependencies.mts' 4 | import { outputDependencies } from './output-dependencies.mts' 5 | 6 | import type { OutputKind } from '../../types.mts' 7 | 8 | export async function handleDependencies({ 9 | limit, 10 | offset, 11 | outputKind, 12 | }: { 13 | limit: number 14 | offset: number 15 | outputKind: OutputKind 16 | }): Promise { 17 | debug(`Fetching dependencies with limit=${limit}, offset=${offset}`) 18 | debugDir({ limit, offset, outputKind }) 19 | 20 | const result = await fetchDependencies({ limit, offset }) 21 | 22 | debug(`Dependencies ${result.ok ? 'fetched successfully' : 'fetch failed'}`) 23 | debugDir({ result }) 24 | 25 | await outputDependencies(result, { limit, offset, outputKind }) 26 | } 27 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/handle-list-scans.mts: -------------------------------------------------------------------------------- 1 | import { fetchOrgFullScanList } from './fetch-list-scans.mts' 2 | import { outputListScans } from './output-list-scans.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleListScans({ 7 | branch, 8 | direction, 9 | from_time, 10 | orgSlug, 11 | outputKind, 12 | page, 13 | perPage, 14 | repo, 15 | sort, 16 | }: { 17 | branch: string 18 | direction: string 19 | from_time: string 20 | orgSlug: string 21 | outputKind: OutputKind 22 | page: number 23 | perPage: number 24 | repo: string 25 | sort: string 26 | }): Promise { 27 | const data = await fetchOrgFullScanList({ 28 | branch, 29 | direction, 30 | from_time, 31 | orgSlug, 32 | page, 33 | perPage, 34 | repo, 35 | sort, 36 | }) 37 | 38 | await outputListScans(data, outputKind) 39 | } 40 | -------------------------------------------------------------------------------- /packages/cli/src/utils/fs/home-path.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Path tildification utilities for Socket CLI. 3 | * Abbreviates home directory paths with tilde notation. 4 | * 5 | * Key Functions: 6 | * - tildify: Replace home directory with ~ in paths 7 | * 8 | * Usage: 9 | * - Shortens absolute paths for display 10 | * - Converts absolute home paths to ~/... 11 | * - Common Unix convention for home directory 12 | */ 13 | 14 | import { normalizePath } from '@socketsecurity/lib/path' 15 | import { escapeRegExp } from '@socketsecurity/lib/regexps' 16 | 17 | import { homePath } from '../../constants/paths.mts' 18 | 19 | export function tildify(cwd: string) { 20 | // Normalize to forward slashes for consistent matching across platforms. 21 | const normalizedCwd = normalizePath(cwd) 22 | return normalizedCwd.replace( 23 | new RegExp(`^${escapeRegExp(homePath)}(?:/|$)`, 'i'), 24 | '~/', 25 | ) 26 | } 27 | -------------------------------------------------------------------------------- /packages/sdk/scripts/prettify-base-json.mjs: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview JSON prettification script for Socket API base files. 3 | * Formats and prettifies JSON configuration files for better readability. 4 | */ 5 | import fs from 'node:fs/promises' 6 | import path from 'node:path' 7 | 8 | import { getRootPath } from './utils/path-helpers.mjs' 9 | 10 | const rootPath = getRootPath(import.meta.url) 11 | const openApiJsonPath = path.join(rootPath, 'openapi.json') 12 | 13 | async function main() { 14 | try { 15 | const openApiData = await fs.readFile(openApiJsonPath, 'utf8') 16 | await fs.writeFile( 17 | openApiJsonPath, 18 | JSON.stringify(JSON.parse(openApiData), null, 2), 19 | ) 20 | } catch (e) { 21 | process.exitCode = 1 22 | console.error('Failed with error:', e.message) 23 | } 24 | } 25 | 26 | main().catch(e => { 27 | console.error(e) 28 | process.exitCode = 1 29 | }) 30 | -------------------------------------------------------------------------------- /packages/cli/src/commands/threat-feed/handle-threat-feed.mts: -------------------------------------------------------------------------------- 1 | import { fetchThreatFeed } from './fetch-threat-feed.mts' 2 | import { outputThreatFeed } from './output-threat-feed.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleThreatFeed({ 7 | direction, 8 | ecosystem, 9 | filter, 10 | orgSlug, 11 | outputKind, 12 | page, 13 | perPage, 14 | pkg, 15 | version, 16 | }: { 17 | direction: string 18 | ecosystem: string 19 | filter: string 20 | outputKind: OutputKind 21 | orgSlug: string 22 | page: string 23 | perPage: number 24 | pkg: string 25 | version: string 26 | }): Promise { 27 | const data = await fetchThreatFeed({ 28 | direction, 29 | ecosystem, 30 | filter, 31 | orgSlug, 32 | page, 33 | perPage, 34 | pkg, 35 | version, 36 | }) 37 | 38 | await outputThreatFeed(data, outputKind) 39 | } 40 | -------------------------------------------------------------------------------- /packages/cli/src/utils/terminal/ink.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Ink and React re-exports with tsgo workaround. 3 | * 4 | * tsx files are treated as CommonJS by tsgo without package.json type:module. 5 | * This wrapper centralizes the @ts-expect-error directives needed for tsx imports. 6 | */ 7 | 8 | import { Box as InkBox, Text as InkText, render as inkRender } from 'ink' 9 | import ReactImport from 'react' 10 | 11 | import InkTableImport from '../../external/ink-table.mjs' 12 | 13 | import type { FC } from 'react' 14 | 15 | export const Box: typeof InkBox = InkBox 16 | export const Text: typeof InkText = InkText 17 | export const render: typeof inkRender = inkRender 18 | export const React: typeof ReactImport = ReactImport 19 | export const InkTable: typeof InkTableImport = InkTableImport 20 | 21 | export type { BoxProps, TextProps } from 'ink' 22 | export type { FC } 23 | export type Element = ReturnType 24 | -------------------------------------------------------------------------------- /packages/lib-internal/src/regexps.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Regular expression utilities including escape-string-regexp implementation. 3 | * Provides regex escaping and pattern matching helpers. 4 | */ 5 | 6 | // Inlined escape-string-regexp: 7 | // https://socket.dev/npm/package/escape-string-regexp/overview/5.0.0 8 | // MIT License 9 | // Copyright (c) Sindre Sorhus (https://sindresorhus.com) 10 | 11 | /** 12 | * Escape special characters in a string for use in a regular expression. 13 | */ 14 | /*@__NO_SIDE_EFFECTS__*/ 15 | export function escapeRegExp(str: string): string { 16 | // Escape characters with special meaning either inside or outside character sets. 17 | // Use a simple backslash escape when it's always valid, and a `\xnn` escape when 18 | // the simpler form would be disallowed by Unicode patterns' stricter grammar. 19 | return str.replace(/[\\|{}()[\]^$+*?.]/g, '\\$&') 20 | } 21 | -------------------------------------------------------------------------------- /packages/sdk/test/utils/fast-test-config.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview Fast test configuration to speed up tests that use retry logic. */ 2 | 3 | /** 4 | * Fast test configuration that reduces delays and timeouts. 5 | * Use this for all tests unless specifically testing timeout/retry behavior. 6 | */ 7 | export const FAST_TEST_CONFIG = { 8 | retries: 5, 9 | // 10ms instead of default 1000ms 10 | retryDelay: 10, 11 | timeout: 5000, 12 | } 13 | 14 | /** 15 | * Minimal retry configuration for tests that need to verify retries happen. 16 | * Total time with exponential backoff: 10 + 20 + 40 = 70ms for 3 retries. 17 | */ 18 | export const MINIMAL_RETRY_CONFIG = { 19 | retries: 3, 20 | retryDelay: 10, 21 | timeout: 5000, 22 | } 23 | 24 | /** 25 | * No retry configuration for tests that should fail immediately. 26 | */ 27 | export const NO_RETRY_CONFIG = { 28 | retries: 0, 29 | retryDelay: 10, 30 | timeout: 5000, 31 | } 32 | -------------------------------------------------------------------------------- /packages/cli/src/utils/data/strings.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * String manipulation utilities for Socket CLI. 3 | * Provides common string transformations and formatting. 4 | * 5 | * Key Functions: 6 | * - camelToKebab: Convert camelCase to kebab-case 7 | * 8 | * Usage: 9 | * - Command name transformations 10 | * - Flag name conversions 11 | * - Consistent string formatting 12 | */ 13 | 14 | export function camelToKebab(str: string): string { 15 | return str === '' ? '' : str.replace(/([a-z])([A-Z])/g, '$1-$2').toLowerCase() 16 | } 17 | 18 | // Added for testing. 19 | export function kebabToCamel(str: string): string { 20 | return str.replace(/-([a-z])/g, (_, letter) => letter.toUpperCase()) 21 | } 22 | 23 | // Added for testing. 24 | export function pluralize( 25 | word: string, 26 | count: number, 27 | plural?: string, 28 | ): string { 29 | if (count === 1) { 30 | return word 31 | } 32 | return plural || `${word}s` 33 | } 34 | -------------------------------------------------------------------------------- /packages/cli/src/utils/ecosystem/requirements.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Requirements configuration utilities for Socket CLI. 3 | * Manages API permissions and quota requirements for commands. 4 | * 5 | * Key Functions: 6 | * - getRequirements: Load requirements configuration 7 | * - getRequirementsKey: Convert command path to requirements key 8 | * 9 | * Configuration: 10 | * - Loads from data/command-api-requirements.json 11 | * - Maps command paths to permission requirements 12 | * - Used for permission validation and help text 13 | */ 14 | 15 | import requirements from '../../../data/command-api-requirements.json' with { 16 | type: 'json', 17 | } 18 | 19 | export function getRequirements() { 20 | return requirements 21 | } 22 | 23 | /** 24 | * Convert command path to requirements key. 25 | */ 26 | export function getRequirementsKey(cmdPath: string): string { 27 | return cmdPath.replace(/^socket[: ]/, '').replace(/ +/g, ':') 28 | } 29 | -------------------------------------------------------------------------------- /.config/isolated-tests.json: -------------------------------------------------------------------------------- 1 | { 2 | "_comment": "Tests that require isolated module execution due to vi.mock(), vi.doMock(), or vi.resetModules() usage. These tests manipulate module state and need to run in isolation to avoid cross-test contamination.", 3 | "tests": [ 4 | "packages/cli/src/flags.test.mts", 5 | "packages/cli/src/npm-cli.test.mts", 6 | "packages/cli/src/npx-cli.test.mts", 7 | "packages/cli/src/pnpm-cli.test.mts", 8 | "packages/cli/src/shadow/npm/paths.test.mts", 9 | "packages/cli/src/utils/alert/translations.test.mts", 10 | "packages/cli/src/utils/dlx/detection.test.mts", 11 | "packages/cli/src/utils/git/github.test.mts", 12 | "packages/cli/src/utils/npm/paths.test.mts", 13 | "packages/cli/src/utils/pnpm/paths.test.mts", 14 | "packages/cli/src/utils/yarn/paths.test.mts", 15 | "packages/cli/src/utils/yarn/version.test.mts", 16 | "packages/cli/src/yarn-cli.test.mts" 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /packages/lib-internal/src/constants/core.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Core primitives and fundamental constants. 3 | * Goal: Minimize this module by finding proper semantic homes for all constants. 4 | */ 5 | 6 | // Internal implementation symbol. 7 | export const kInternalsSymbol = Symbol('@socketregistry.constants.internals') 8 | 9 | // Sentinel values. 10 | export const LOOP_SENTINEL = 1_000_000 11 | 12 | // Error and unknown values. 13 | export const UNKNOWN_ERROR = 'Unknown error' 14 | export const UNKNOWN_VALUE = '' 15 | 16 | // Empty values. 17 | export const EMPTY_FILE = '/* empty */\n' 18 | export const EMPTY_VALUE = '' 19 | 20 | // Undefined token. 21 | export const UNDEFINED_TOKEN: undefined = undefined 22 | 23 | // Miscellaneous. 24 | export const V = 'v' 25 | export const COLUMN_LIMIT = 80 26 | 27 | // Environment variable name constants. 28 | export const NODE_AUTH_TOKEN = 'NODE_AUTH_TOKEN' 29 | export const NODE_ENV = 'NODE_ENV' 30 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/xdg.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview XDG Base Directory Specification environment variable getters. 3 | * Provides access to XDG user directories on Unix systems. 4 | */ 5 | 6 | import { getEnvValue } from '#env/rewire' 7 | 8 | /** 9 | * XDG_CACHE_HOME environment variable. 10 | * XDG Base Directory specification cache directory. 11 | */ 12 | export function getXdgCacheHome(): string | undefined { 13 | return getEnvValue('XDG_CACHE_HOME') 14 | } 15 | 16 | /** 17 | * XDG_CONFIG_HOME environment variable. 18 | * XDG Base Directory specification config directory. 19 | */ 20 | export function getXdgConfigHome(): string | undefined { 21 | return getEnvValue('XDG_CONFIG_HOME') 22 | } 23 | 24 | /** 25 | * XDG_DATA_HOME environment variable. 26 | * Points to the user's data directory on Unix systems. 27 | */ 28 | export function getXdgDataHome(): string | undefined { 29 | return getEnvValue('XDG_DATA_HOME') 30 | } 31 | -------------------------------------------------------------------------------- /packages/cli/src/utils/home-cache-time.mts: -------------------------------------------------------------------------------- 1 | export function msAtHome(isoTimeStamp: string): string { 2 | const timeStart = Date.parse(isoTimeStamp) 3 | const timeEnd = Date.now() 4 | 5 | const rtf = new Intl.RelativeTimeFormat('en', { 6 | numeric: 'always', 7 | style: 'short', 8 | }) 9 | 10 | const delta = timeEnd - timeStart 11 | if (delta < 60 * 60 * 1000) { 12 | return rtf.format(-Math.round(delta / (60 * 1000)), 'minute') 13 | // return Math.round(delta / (60 * 1000)) + ' min ago' 14 | } 15 | if (delta < 24 * 60 * 60 * 1000) { 16 | return rtf.format(-(delta / (60 * 60 * 1000)).toFixed(1), 'hour') 17 | // return (delta / (60 * 60 * 1000)).toFixed(1) + ' hr ago' 18 | } 19 | if (delta < 7 * 24 * 60 * 60 * 1000) { 20 | return rtf.format(-(delta / (24 * 60 * 60 * 1000)).toFixed(1), 'day') 21 | // return (delta / (24 * 60 * 60 * 1000)).toFixed(1) + ' day ago' 22 | } 23 | return isoTimeStamp.slice(0, 10) 24 | } 25 | -------------------------------------------------------------------------------- /packages/sdk/.gitignore: -------------------------------------------------------------------------------- 1 | # OS files 2 | .DS_Store 3 | ._.DS_Store 4 | Thumbs.db 5 | desktop.ini 6 | *.lnk 7 | 8 | # Environment & config 9 | /.claude 10 | /.env 11 | /.env.local 12 | /.env.*.local 13 | /.pnpmfile.cjs 14 | /.nvm 15 | 16 | # Build artifacts 17 | /.type-coverage 18 | /coverage 19 | **/dist 20 | **/*.tsbuildinfo 21 | *.d.ts 22 | *.d.ts.map 23 | 24 | # Temporary files 25 | *.tmp 26 | .*.tmp 27 | **/*.tmp 28 | *.log 29 | *.pid 30 | *.seed 31 | *.pid.lock 32 | *~ 33 | .temp 34 | .tmp 35 | 36 | # Editor files 37 | /.vscode 38 | *.swp 39 | *.swo 40 | #*# 41 | .#* 42 | *# 43 | .*.sw? 44 | *.sublime-* 45 | .idea 46 | 47 | # Cache directories 48 | **/.cache 49 | .eslintcache 50 | .tsbuildinfo 51 | 52 | # Runtime 53 | node_modules 54 | **/node_modules 55 | 56 | # Misc temporary/generated files 57 | Do 58 | TODO 59 | NOTES 60 | scratch.* 61 | test-output.* 62 | 63 | # Allow specific files 64 | !/.vscode/extensions.json 65 | !api*.d.ts 66 | !src/types/**/*.d.ts 67 | -------------------------------------------------------------------------------- /packages/cli/src/polyfills/intl-stub/locale.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Intl.Locale stub - Simple locale representation. 3 | * 4 | * Real behavior: 5 | * - Parses and canonicalizes locale identifiers 6 | * - Provides properties like language, region, script, etc. 7 | * - Example: new Intl.Locale('en-GB') → {language: 'en', region: 'GB'} 8 | * 9 | * Stub behavior: 10 | * - Always returns 'en-US' as the base name 11 | * - Provides minimal properties with defaults 12 | * - Ignores all options 13 | * 14 | * Trade-off: Simple locale representation is sufficient for CLI tools. 15 | */ 16 | 17 | import { IntlBase } from './base.mts' 18 | 19 | export class LocaleStub extends IntlBase { 20 | baseName: string 21 | language: string 22 | 23 | constructor(_tag?: string, _options?: Intl.LocaleOptions) { 24 | super() 25 | this.baseName = 'en-US' 26 | this.language = 'en' 27 | } 28 | 29 | override toString(): string { 30 | return this.baseName 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /packages/sdk/scripts/generate-types.mjs: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview TypeScript type generation script for Socket API. 3 | * Generates type definitions from OpenAPI schema for Socket SDK. 4 | */ 5 | import path from 'node:path' 6 | 7 | import openapiTS from 'openapi-typescript' 8 | 9 | import { getRootPath } from './utils/path-helpers.mjs' 10 | 11 | const rootPath = getRootPath(import.meta.url) 12 | const openApiJsonPath = path.join(rootPath, 'openapi.json') 13 | 14 | async function main() { 15 | try { 16 | const output = await openapiTS(openApiJsonPath, { 17 | transform(schemaObject) { 18 | if ('format' in schemaObject && schemaObject.format === 'binary') { 19 | return 'never' 20 | } 21 | }, 22 | }) 23 | console.log(output) 24 | } catch (e) { 25 | process.exitCode = 1 26 | console.error('Failed with error:', e.message) 27 | } 28 | } 29 | 30 | main().catch(e => { 31 | console.error(e) 32 | process.exitCode = 1 33 | }) 34 | -------------------------------------------------------------------------------- /packages/socket/vitest.config.mts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vitest/config' 2 | 3 | export default defineConfig({ 4 | test: { 5 | coverage: { 6 | provider: 'v8', 7 | reporter: ['text', 'json', 'html'], 8 | exclude: ['test/**', '**/*.test.mjs', 'node_modules/**', 'dist/**'], 9 | // Note: Coverage thresholds disabled for this package because it's a thin wrapper 10 | // that delegates to spawned processes. The tests validate behavior end-to-end 11 | // by executing the bootstrap script, which v8 coverage can't instrument. 12 | // Test coverage is comprehensive (19 tests covering all code paths), but 13 | // traditional coverage metrics don't apply to this execution model. 14 | thresholds: { 15 | lines: 0, 16 | functions: 0, 17 | branches: 0, 18 | statements: 0, 19 | }, 20 | }, 21 | testTimeout: 120000, // 2 min for npm download tests. 22 | hookTimeout: 30000, 23 | }, 24 | }) 25 | -------------------------------------------------------------------------------- /packages/bootstrap/src/bootstrap-npm.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Bootstrap for Socket CLI npm wrapper. 3 | * 4 | * This runs when users execute `npx socket` or `npm install -g socket`. 5 | * It downloads @socketsecurity/cli from npm and executes it. 6 | */ 7 | 8 | // Load Intl polyfill FIRST for ICU-disabled builds. 9 | import '@socketsecurity/cli/src/polyfills/intl-stub/index.mts' 10 | 11 | import { getDefaultLogger } from '@socketsecurity/lib/logger' 12 | 13 | import { findAndExecuteCli, getArgs } from './shared/bootstrap-shared.mjs' 14 | 15 | async function main() { 16 | const args = getArgs() 17 | return await findAndExecuteCli(args) 18 | } 19 | 20 | // Run the bootstrap. 21 | main() 22 | .then((exitCode) => { 23 | // Exit with the code returned by the CLI. 24 | process.exit(exitCode) 25 | }) 26 | .catch((e) => { 27 | const logger = getDefaultLogger() 28 | logger.error(`Bootstrap error: ${e instanceof Error ? e.message : String(e)}`) 29 | process.exit(1) 30 | }) 31 | -------------------------------------------------------------------------------- /packages/cli/src/commands/organization/fetch-quota.mts: -------------------------------------------------------------------------------- 1 | import { handleApiCall } from '../../utils/socket/api.mjs' 2 | import { setupSdk } from '../../utils/socket/sdk.mjs' 3 | 4 | import type { CResult } from '../../types.mts' 5 | import type { SetupSdkOptions } from '../../utils/socket/sdk.mjs' 6 | import type { SocketSdkSuccessResult } from '@socketsecurity/sdk' 7 | 8 | export type FetchQuotaOptions = { 9 | sdkOpts?: SetupSdkOptions | undefined 10 | } 11 | 12 | export async function fetchQuota( 13 | options?: FetchQuotaOptions | undefined, 14 | ): Promise['data']>> { 15 | const { sdkOpts } = { __proto__: null, ...options } as FetchQuotaOptions 16 | 17 | const sockSdkCResult = await setupSdk(sdkOpts) 18 | if (!sockSdkCResult.ok) { 19 | return sockSdkCResult 20 | } 21 | const sockSdk = sockSdkCResult.data 22 | 23 | return await handleApiCall<'getQuota'>(sockSdk.getQuota(), { 24 | description: 'token quota', 25 | }) 26 | } 27 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/fetch-diff-scan.mts: -------------------------------------------------------------------------------- 1 | import { getDefaultLogger } from '@socketsecurity/lib-internal/logger' 2 | 3 | import { queryApiSafeJson } from '../../utils/socket/api.mjs' 4 | 5 | import type { CResult } from '../../types.mts' 6 | import type { SocketSdkSuccessResult } from '@socketsecurity/sdk' 7 | const logger = getDefaultLogger() 8 | 9 | export async function fetchDiffScan({ 10 | id1, 11 | id2, 12 | orgSlug, 13 | }: { 14 | id1: string 15 | id2: string 16 | orgSlug: string 17 | }): Promise['data']>> { 18 | logger.info('Scan ID 1:', id1) 19 | logger.info('Scan ID 2:', id2) 20 | logger.info('Note: this request may take some time if the scans are big') 21 | 22 | return await queryApiSafeJson< 23 | SocketSdkSuccessResult<'GetOrgDiffScan'>['data'] 24 | >( 25 | `orgs/${orgSlug}/full-scans/diff?before=${encodeURIComponent(id1)}&after=${encodeURIComponent(id2)}`, 26 | 'a scan diff', 27 | ) 28 | } 29 | -------------------------------------------------------------------------------- /packages/cli/src/commands/wrapper/check-socket-wrapper-setup.mts: -------------------------------------------------------------------------------- 1 | import fs from 'node:fs' 2 | 3 | import { getDefaultLogger } from '@socketsecurity/lib/logger' 4 | const logger = getDefaultLogger() 5 | 6 | export function checkSocketWrapperSetup(file: string): boolean { 7 | const fileContent = fs.readFileSync(file, 'utf8') 8 | const linesWithSocketAlias = fileContent 9 | .split('\n') 10 | .filter( 11 | l => l === 'alias npm="socket npm"' || l === 'alias npx="socket npx"', 12 | ) 13 | 14 | if (linesWithSocketAlias.length) { 15 | logger.log( 16 | `The Socket npm/npx wrapper is set up in your bash profile (${file}).`, 17 | ) 18 | logger.log('') 19 | logger.log( 20 | `If you haven't already since enabling; Restart your terminal or run this command to activate it in the current session:`, 21 | ) 22 | logger.log('') 23 | logger.log(` source ${file}`) 24 | logger.log('') 25 | 26 | return true 27 | } 28 | return false 29 | } 30 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/handle-create-github-scan.mts: -------------------------------------------------------------------------------- 1 | import { createScanFromGithub } from './create-scan-from-github.mts' 2 | import { outputScanGithub } from './output-scan-github.mts' 3 | 4 | import type { OutputKind } from '../../types.mts' 5 | 6 | export async function handleCreateGithubScan({ 7 | all, 8 | githubApiUrl, 9 | githubToken, 10 | interactive, 11 | orgGithub, 12 | orgSlug, 13 | outputKind, 14 | repos, 15 | }: { 16 | all: boolean 17 | githubApiUrl: string 18 | githubToken: string 19 | interactive: boolean 20 | orgSlug: string 21 | orgGithub: string 22 | outputKind: OutputKind 23 | repos: string 24 | }) { 25 | const ghScanCResult = await createScanFromGithub({ 26 | all: Boolean(all), 27 | githubApiUrl, 28 | githubToken, 29 | interactive: Boolean(interactive), 30 | orgSlug, 31 | orgGithub, 32 | outputKind, 33 | repos: String(repos || ''), 34 | }) 35 | 36 | await outputScanGithub(ghScanCResult, outputKind) 37 | } 38 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/output-delete-scan.mts: -------------------------------------------------------------------------------- 1 | import { getDefaultLogger } from '@socketsecurity/lib-internal/logger' 2 | 3 | import { failMsgWithBadge } from '../../utils/error/fail-msg-with-badge.mts' 4 | import { serializeResultJson } from '../../utils/output/result-json.mjs' 5 | 6 | import type { CResult, OutputKind } from '../../types.mts' 7 | import type { SocketSdkSuccessResult } from '@socketsecurity/sdk' 8 | const logger = getDefaultLogger() 9 | 10 | export async function outputDeleteScan( 11 | result: CResult['data']>, 12 | outputKind: OutputKind, 13 | ): Promise { 14 | if (!result.ok) { 15 | process.exitCode = result.code ?? 1 16 | } 17 | 18 | if (outputKind === 'json') { 19 | logger.log(serializeResultJson(result)) 20 | return 21 | } 22 | if (!result.ok) { 23 | logger.fail(failMsgWithBadge(result.message, result.cause)) 24 | return 25 | } 26 | 27 | logger.success('Scan deleted successfully') 28 | } 29 | -------------------------------------------------------------------------------- /packages/cli/src/utils/validation/filter-config.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Filter configuration utilities for Socket CLI. 3 | * Manages filter configuration normalization for security scanning. 4 | * 5 | * Key Functions: 6 | * - toFilterConfig: Normalize filter configuration objects 7 | * 8 | * Usage: 9 | * - Normalizes user-provided filter objects 10 | * - Ensures proper structure for filter configuration 11 | * - Validates boolean and array values 12 | */ 13 | 14 | import { isObject } from '@socketsecurity/lib/objects' 15 | 16 | export type FilterConfig = { 17 | [key: string]: boolean | string[] 18 | } 19 | 20 | export function toFilterConfig(obj: any): FilterConfig { 21 | const normalized = Object.create(null) as FilterConfig 22 | const keys = isObject(obj) ? Object.keys(obj) : [] 23 | for (const key of keys) { 24 | const value = obj[key] 25 | if (typeof value === 'boolean' || Array.isArray(value)) { 26 | normalized[key] = value 27 | } 28 | } 29 | return normalized 30 | } 31 | -------------------------------------------------------------------------------- /packages/cli/src/utils/output/mode.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * Output format detection utilities for Socket CLI. 3 | * Determines output format based on command flags. 4 | * 5 | * Key Functions: 6 | * - getOutputKind: Determine output format from flags 7 | * 8 | * Supported Formats: 9 | * - JSON: Machine-readable JSON output 10 | * - Markdown: Formatted markdown for reports 11 | * - Text: Plain text for terminal display 12 | * 13 | * Usage: 14 | * - Processes --json and --markdown flags 15 | * - Returns appropriate output format constant 16 | * - Defaults to text format for terminal display 17 | */ 18 | 19 | import { 20 | OUTPUT_JSON, 21 | OUTPUT_MARKDOWN, 22 | OUTPUT_TEXT, 23 | } from '../../constants/cli.mts' 24 | 25 | import type { OutputKind } from '../../types.mts' 26 | 27 | export function getOutputKind(json: unknown, markdown: unknown): OutputKind { 28 | if (json) { 29 | return OUTPUT_JSON 30 | } 31 | if (markdown) { 32 | return OUTPUT_MARKDOWN 33 | } 34 | return OUTPUT_TEXT 35 | } 36 | -------------------------------------------------------------------------------- /packages/sdk/test/utils/setup.mts: -------------------------------------------------------------------------------- 1 | /** @fileoverview Vitest setup file for test utilities. */ 2 | 3 | import nock from 'nock' 4 | 5 | import { getAbortSignal } from '@socketsecurity/lib/constants/process' 6 | import { setMaxEventTargetListeners } from '@socketsecurity/lib/suppress-warnings' 7 | 8 | const abortSignal = getAbortSignal() 9 | 10 | // Disable debug output during tests 11 | process.env['DEBUG'] = '' 12 | delete process.env['NODE_DEBUG'] 13 | 14 | // Explicitly disable nock verbose logging to prevent circular structure errors 15 | if (typeof nock.recorder !== 'undefined') { 16 | try { 17 | // @ts-expect-error - nock.recorder might not be typed 18 | nock.recorder.rec = false 19 | } catch { 20 | // Ignore if recorder doesn't exist or can't be configured 21 | } 22 | } 23 | 24 | // Increase max listeners for abortSignal to prevent warnings during high-concurrency tests. 25 | // The batchPackageStream method can add many concurrent abort listeners. 26 | setMaxEventTargetListeners(abortSignal, 50) 27 | -------------------------------------------------------------------------------- /packages/cli/src/commands/manifest/README.md: -------------------------------------------------------------------------------- 1 | # Manifest 2 | 3 | (At the time of writing...) 4 | 5 | ## Dev 6 | 7 | Run it like these examples: 8 | 9 | ``` 10 | # Scala: 11 | npm run bs manifest scala -- --bin ~/apps/sbt/bin/sbt ~/socket/repos/scala/akka 12 | # Gradle/Kotlin 13 | npm run bs manifest yolo -- --cwd ~/socket/repos/kotlin/kotlinx.coroutines 14 | ``` 15 | 16 | And upload with this: 17 | 18 | ``` 19 | npm exec socket scan create -- --repo=depscantmp --branch=mastertmp --tmp --cwd ~/socket/repos/scala/akka socketdev . 20 | npm exec socket scan create -- --repo=depscantmp --branch=mastertmp --tmp --cwd ~/socket/repos/kotlin/kotlinx.coroutines . 21 | ``` 22 | 23 | (The `cwd` option for `create` is necessary because we can't go to the dir and run `npm exec`). 24 | 25 | ## Prod 26 | 27 | User flow look something like this: 28 | 29 | ``` 30 | socket manifest scala . 31 | socket manifest kotlin . 32 | socket manifest yolo 33 | 34 | socket scan create --repo=depscantmp --branch=mastertmp --tmp socketdev . 35 | ``` 36 | -------------------------------------------------------------------------------- /packages/cli/src/polyfills/intl-stub/helpers.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Helper functions for Intl stub. 3 | */ 4 | 5 | /** 6 | * Returns canonical locales (always returns ['en-US'] for stub). 7 | */ 8 | export function getCanonicalLocales( 9 | locales?: string | readonly string[], 10 | ): string[] { 11 | if (Array.isArray(locales)) { 12 | return locales.length > 0 ? ['en-US'] : [] 13 | } 14 | return locales ? ['en-US'] : [] 15 | } 16 | 17 | /** 18 | * Returns supported values for various Intl properties. 19 | */ 20 | export function supportedValuesOf( 21 | key: 22 | | 'calendar' 23 | | 'collation' 24 | | 'currency' 25 | | 'numberingSystem' 26 | | 'timeZone' 27 | | 'unit', 28 | ): string[] { 29 | const values: Record = { 30 | calendar: ['gregory'], 31 | collation: ['default'], 32 | currency: ['USD'], 33 | numberingSystem: ['latn'], 34 | timeZone: ['UTC'], 35 | unit: ['meter', 'second', 'byte'], 36 | } 37 | return values[key] || [] 38 | } 39 | -------------------------------------------------------------------------------- /packages/cli/src/commands/scan/finalize-tier1-scan.mts: -------------------------------------------------------------------------------- 1 | import { sendApiRequest } from '../../utils/socket/api.mjs' 2 | 3 | import type { CResult } from '../../types.mts' 4 | 5 | export type FinalizeTier1ScanOptions = { 6 | tier1_reachability_scan_id: string 7 | report_run_id: string 8 | } 9 | 10 | /** 11 | * Finalize a tier1 reachability scan. 12 | * - Associates the tier1 reachability scan metadata with the full scan. 13 | * - Sets the tier1 reachability scan to "finalized" state. 14 | */ 15 | export async function finalizeTier1Scan( 16 | tier1ReachabilityScanId: string, 17 | scanId: string, 18 | ): Promise> { 19 | // we do not use the SDK here because the tier1-reachability-scan/finalize is a hidden 20 | // endpoint that is not part of the OpenAPI specification. 21 | return await sendApiRequest('tier1-reachability-scan/finalize', { 22 | method: 'POST', 23 | body: { 24 | tier1_reachability_scan_id: tier1ReachabilityScanId, 25 | report_run_id: scanId, 26 | }, 27 | }) 28 | } 29 | -------------------------------------------------------------------------------- /packages/cli/src/commands/optimize/get-dependency-entries.mts: -------------------------------------------------------------------------------- 1 | import type { EnvDetails } from '../../utils/ecosystem/environment.mjs' 2 | 3 | export function getDependencyEntries(pkgEnvDetails: EnvDetails) { 4 | const { 5 | dependencies, 6 | devDependencies, 7 | optionalDependencies, 8 | peerDependencies, 9 | } = pkgEnvDetails.editablePkgJson.content 10 | return [ 11 | [ 12 | 'dependencies', 13 | dependencies ? { __proto__: null, ...dependencies } : undefined, 14 | ], 15 | [ 16 | 'devDependencies', 17 | devDependencies ? { __proto__: null, ...devDependencies } : undefined, 18 | ], 19 | [ 20 | 'peerDependencies', 21 | peerDependencies ? { __proto__: null, ...peerDependencies } : undefined, 22 | ], 23 | [ 24 | 'optionalDependencies', 25 | optionalDependencies 26 | ? { __proto__: null, ...optionalDependencies } 27 | : undefined, 28 | ], 29 | ].filter(({ 1: o }) => o) as Array<[string, NonNullable]> 30 | } 31 | -------------------------------------------------------------------------------- /packages/cli/src/commands/package/handle-purls-shallow-score.mts: -------------------------------------------------------------------------------- 1 | import { debug, debugDir } from '@socketsecurity/lib-internal/debug' 2 | 3 | import { fetchPurlsShallowScore } from './fetch-purls-shallow-score.mts' 4 | import { outputPurlsShallowScore } from './output-purls-shallow-score.mts' 5 | 6 | import type { CResult, OutputKind } from '../../types.mts' 7 | import type { SocketArtifact } from '../../utils/alert/artifact.mts' 8 | 9 | export async function handlePurlsShallowScore({ 10 | outputKind, 11 | purls, 12 | }: { 13 | outputKind: OutputKind 14 | purls: string[] 15 | }) { 16 | debug(`Fetching shallow scores for ${purls.length} packages`) 17 | debugDir({ purls, outputKind }) 18 | 19 | const packageData = await fetchPurlsShallowScore(purls) 20 | 21 | debug( 22 | `Shallow scores ${packageData.ok ? 'fetched successfully' : 'fetch failed'}`, 23 | ) 24 | debugDir({ packageData }) 25 | 26 | outputPurlsShallowScore( 27 | purls, 28 | packageData as CResult, 29 | outputKind, 30 | ) 31 | } 32 | -------------------------------------------------------------------------------- /packages/cli/src/commands/repository/output-update-repo.mts: -------------------------------------------------------------------------------- 1 | import { getDefaultLogger } from '@socketsecurity/lib/logger' 2 | 3 | import { failMsgWithBadge } from '../../utils/error/fail-msg-with-badge.mts' 4 | import { serializeResultJson } from '../../utils/output/result-json.mjs' 5 | 6 | import type { CResult, OutputKind } from '../../types.mts' 7 | import type { SocketSdkSuccessResult } from '@socketsecurity/sdk' 8 | const logger = getDefaultLogger() 9 | 10 | export async function outputUpdateRepo( 11 | result: CResult['data']>, 12 | repoName: string, 13 | outputKind: OutputKind, 14 | ): Promise { 15 | if (!result.ok) { 16 | process.exitCode = result.code ?? 1 17 | } 18 | 19 | if (outputKind === 'json') { 20 | logger.log(serializeResultJson(result)) 21 | return 22 | } 23 | if (!result.ok) { 24 | logger.fail(failMsgWithBadge(result.message, result.cause)) 25 | return 26 | } 27 | 28 | logger.success(`Repository \`${repoName}\` updated successfully`) 29 | } 30 | -------------------------------------------------------------------------------- /packages/bootstrap/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@socketsecurity/bootstrap", 3 | "version": "1.0.0", 4 | "description": "Shared bootstrap for Socket CLI npm wrapper and smol binary", 5 | "private": true, 6 | "exports": { 7 | ".": "./dist/index.js", 8 | "./bootstrap-npm.js": "./dist/bootstrap-npm.js", 9 | "./bootstrap-sea.js": "./dist/bootstrap-sea.js", 10 | "./node-version.json": "./node-version.json" 11 | }, 12 | "scripts": { 13 | "build": "node scripts/build.mjs", 14 | "clean": "del-cli dist" 15 | }, 16 | "devDependencies": { 17 | "@babel/core": "catalog:", 18 | "@babel/generator": "catalog:", 19 | "@babel/parser": "catalog:", 20 | "@babel/traverse": "catalog:", 21 | "@babel/types": "catalog:", 22 | "@socketsecurity/build-infra": "workspace:*", 23 | "@socketsecurity/cli": "workspace:*", 24 | "@socketsecurity/lib-internal": "workspace:*", 25 | "del-cli": "catalog:", 26 | "esbuild": "catalog:", 27 | "magic-string": "catalog:", 28 | "semver": "catalog:" 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /packages/cli/src/commands/repository/output-delete-repo.mts: -------------------------------------------------------------------------------- 1 | import { getDefaultLogger } from '@socketsecurity/lib/logger' 2 | 3 | import { failMsgWithBadge } from '../../utils/error/fail-msg-with-badge.mts' 4 | import { serializeResultJson } from '../../utils/output/result-json.mjs' 5 | 6 | import type { CResult, OutputKind } from '../../types.mts' 7 | import type { SocketSdkSuccessResult } from '@socketsecurity/sdk' 8 | const logger = getDefaultLogger() 9 | 10 | export async function outputDeleteRepo( 11 | result: CResult['data']>, 12 | repoName: string, 13 | outputKind: OutputKind, 14 | ): Promise { 15 | if (!result.ok) { 16 | process.exitCode = result.code ?? 1 17 | } 18 | 19 | if (outputKind === 'json') { 20 | logger.log(serializeResultJson(result)) 21 | return 22 | } 23 | if (!result.ok) { 24 | logger.fail(failMsgWithBadge(result.message, result.cause)) 25 | return 26 | } 27 | 28 | logger.success(`OK. Repository \`${repoName}\` deleted successfully`) 29 | } 30 | -------------------------------------------------------------------------------- /packages/cli/src/commands/package/cmd-package.mts: -------------------------------------------------------------------------------- 1 | import { cmdPackageScore } from './cmd-package-score.mts' 2 | import { cmdPackageShallow } from './cmd-package-shallow.mts' 3 | import { meowWithSubcommands } from '../../utils/cli/with-subcommands.mjs' 4 | 5 | import type { CliSubcommand } from '../../utils/cli/with-subcommands.mjs' 6 | 7 | const description = 'Look up published package details' 8 | 9 | export const cmdPackage: CliSubcommand = { 10 | description, 11 | hidden: false, 12 | async run(argv, importMeta, { parentName }) { 13 | await meowWithSubcommands( 14 | { 15 | argv, 16 | name: `${parentName} package`, 17 | importMeta, 18 | subcommands: { 19 | score: cmdPackageScore, 20 | shallow: cmdPackageShallow, 21 | }, 22 | }, 23 | { 24 | aliases: { 25 | deep: { 26 | description, 27 | hidden: true, 28 | argv: ['score'], 29 | }, 30 | }, 31 | description, 32 | }, 33 | ) 34 | }, 35 | } 36 | -------------------------------------------------------------------------------- /packages/lib-internal/src/env/test.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Test environment variable getters and detection. 3 | * Provides access to test framework environment variables and utilities. 4 | */ 5 | 6 | import { envAsBoolean, envAsString } from '#env/helpers' 7 | import { getNodeEnv } from '#env/node-env' 8 | import { getEnvValue } from '#env/rewire' 9 | 10 | /** 11 | * JEST_WORKER_ID environment variable. 12 | * Set when running tests with Jest. 13 | */ 14 | export function getJestWorkerId(): string { 15 | return envAsString(getEnvValue('JEST_WORKER_ID')) 16 | } 17 | 18 | /** 19 | * VITEST environment variable. 20 | * Set when running tests with Vitest. 21 | */ 22 | export function getVitest(): boolean { 23 | return envAsBoolean(getEnvValue('VITEST')) 24 | } 25 | 26 | /** 27 | * Check if code is running in a test environment. 28 | * Checks NODE_ENV, VITEST, and JEST_WORKER_ID. 29 | */ 30 | export function isTest(): boolean { 31 | const nodeEnv = envAsString(getNodeEnv()) 32 | return nodeEnv === 'test' || getVitest() || !!getJestWorkerId() 33 | } 34 | -------------------------------------------------------------------------------- /packages/cli/src/npx-cli.mts: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | import { getDefaultLogger } from '@socketsecurity/lib-internal/logger' 4 | 5 | import shadowNpxBin from './shadow/npx/bin.mts' 6 | 7 | const logger = getDefaultLogger() 8 | 9 | export default async function runNpxCli() { 10 | process.exitCode = 1 11 | 12 | const { spawnPromise } = await shadowNpxBin(process.argv.slice(2), { 13 | stdio: 'inherit', 14 | }) 15 | 16 | // Wait for the spawn promise to resolve and handle the result. 17 | const result = await spawnPromise 18 | if (result.signal) { 19 | process.kill(process.pid, result.signal) 20 | } else if (typeof result.code === 'number') { 21 | // eslint-disable-next-line n/no-process-exit 22 | process.exit(result.code) 23 | } 24 | } 25 | 26 | // Run if invoked directly (not as a module). 27 | if (import.meta.url === `file://${process.argv[1]}`) { 28 | runNpxCli().catch(error => { 29 | logger.error('Socket npx wrapper error:', error) 30 | // eslint-disable-next-line n/no-process-exit 31 | process.exit(1) 32 | }) 33 | } 34 | -------------------------------------------------------------------------------- /packages/cli/src/external/ink-table.d.mts: -------------------------------------------------------------------------------- 1 | /** 2 | * @fileoverview Type definitions for ink-table wrapper. 3 | */ 4 | 5 | /* eslint-disable no-undef */ 6 | 7 | import type React from 'react' 8 | 9 | type Scalar = string | number | boolean | null | undefined 10 | 11 | type ScalarDict = { 12 | [key: string]: Scalar 13 | } 14 | 15 | export type CellProps = React.PropsWithChildren<{ 16 | column: number 17 | }> 18 | 19 | export type TableProps = { 20 | data: T[] 21 | columns: Array 22 | padding: number 23 | header: (props: React.PropsWithChildren<{}>) => JSX.Element 24 | cell: (props: CellProps) => JSX.Element 25 | skeleton: (props: React.PropsWithChildren<{}>) => JSX.Element 26 | } 27 | 28 | export default class Table extends React.Component< 29 | Pick, 'data'> & Partial> 30 | > {} 31 | 32 | export function Header(props: React.PropsWithChildren<{}>): JSX.Element 33 | export function Cell(props: CellProps): JSX.Element 34 | export function Skeleton(props: React.PropsWithChildren<{}>): JSX.Element 35 | --------------------------------------------------------------------------------