Pin all dependencies to exact versions and add gh CLI check

jdalton · jdalton · commit 3b4bd32f9498 · 2025-10-09T08:42:16.000-04:00
diff --git a/package.json b/package.json
@@ -193,39 +193,39 @@
       "@rollup/plugin-commonjs": "28.0.6",
       "@socketsecurity/registry": "$@socketsecurity/registry",
       "@types/node": "24.6.2",
-      "aggregate-error": "npm:@socketregistry/aggregate-error@^1.0.15",
+      "aggregate-error": "npm:@socketregistry/aggregate-error@1.0.15",
       "ansi-regex": "6.1.0",
       "ansi-term": "0.0.2",
       "brace-expansion": "2.0.2",
-      "es-define-property": "npm:@socketregistry/es-define-property@^1.0.7",
-      "es-set-tostringtag": "npm:@socketregistry/es-set-tostringtag@^1.0.10",
-      "function-bind": "npm:@socketregistry/function-bind@^1.0.7",
-      "globalthis": "npm:@socketregistry/globalthis@^1.0.8",
-      "gopd": "npm:@socketregistry/gopd@^1.0.7",
+      "es-define-property": "npm:@socketregistry/es-define-property@1.0.7",
+      "es-set-tostringtag": "npm:@socketregistry/es-set-tostringtag@1.0.10",
+      "function-bind": "npm:@socketregistry/function-bind@1.0.7",
+      "globalthis": "npm:@socketregistry/globalthis@1.0.8",
+      "gopd": "npm:@socketregistry/gopd@1.0.7",
       "graceful-fs": "4.2.11",
-      "has-property-descriptors": "npm:@socketregistry/has-property-descriptors@^1.0.7",
-      "has-proto": "npm:@socketregistry/has-proto@^1.0.7",
-      "has-symbols": "npm:@socketregistry/has-symbols@^1.0.7",
-      "has-tostringtag": "npm:@socketregistry/has-tostringtag@^1.0.7",
-      "hasown": "npm:@socketregistry/hasown@^1.0.7",
-      "indent-string": "npm:@socketregistry/indent-string@^1.0.14",
-      "is-core-module": "npm:@socketregistry/is-core-module@^1.0.11",
-      "isarray": "npm:@socketregistry/isarray@^1.0.8",
+      "has-property-descriptors": "npm:@socketregistry/has-property-descriptors@1.0.7",
+      "has-proto": "npm:@socketregistry/has-proto@1.0.7",
+      "has-symbols": "npm:@socketregistry/has-symbols@1.0.7",
+      "has-tostringtag": "npm:@socketregistry/has-tostringtag@1.0.7",
+      "hasown": "npm:@socketregistry/hasown@1.0.7",
+      "indent-string": "npm:@socketregistry/indent-string@1.0.14",
+      "is-core-module": "npm:@socketregistry/is-core-module@1.0.11",
+      "isarray": "npm:@socketregistry/isarray@1.0.8",
       "lodash": "4.17.21",
       "meow": "13.2.0",
       "npm-package-arg": "$npm-package-arg",
-      "packageurl-js": "npm:@socketregistry/packageurl-js@^1.3.0",
-      "path-parse": "npm:@socketregistry/path-parse@^1.0.8",
+      "packageurl-js": "npm:@socketregistry/packageurl-js@1.3.0",
+      "path-parse": "npm:@socketregistry/path-parse@1.0.8",
       "rollup": "4.50.1",
-      "safe-buffer": "npm:@socketregistry/safe-buffer@^1.0.9",
-      "safer-buffer": "npm:@socketregistry/safer-buffer@^1.0.10",
+      "safe-buffer": "npm:@socketregistry/safe-buffer@1.0.9",
+      "safer-buffer": "npm:@socketregistry/safer-buffer@1.0.10",
       "semver": "$semver",
-      "set-function-length": "npm:@socketregistry/set-function-length@^1.0.10",
-      "shell-quote": "npm:shell-quote@^1.8.3",
-      "side-channel": "npm:@socketregistry/side-channel@^1.0.10",
+      "set-function-length": "npm:@socketregistry/set-function-length@1.0.10",
+      "shell-quote": "npm:shell-quote@1.8.3",
+      "side-channel": "npm:@socketregistry/side-channel@1.0.10",
       "string_decoder": "0.10.31",
       "tiny-colors": "$yoctocolors-cjs",
-      "typedarray": "npm:@socketregistry/typedarray@^1.0.8",
+      "typedarray": "npm:@socketregistry/typedarray@1.0.8",
       "undici": "6.21.3",
       "vite": "7.1.7",
       "xml2js": "0.6.2",
diff --git a/scripts/claude.mjs b/scripts/claude.mjs
@@ -1065,15 +1065,21 @@ ${JSON.stringify(packageJson.devDependencies || {}, null, 2)}
 Outdated packages:
 ${JSON.stringify(outdatedPackages, null, 2)}
 
+IMPORTANT Socket Requirements:
+- All dependencies MUST be pinned to exact versions (no ^ or ~ prefixes)
+- Use pnpm add <pkg> --save-exact for all new dependencies
+- GitHub CLI (gh) is required but installed separately (not via npm)
+
 Provide:
-1. Security vulnerability analysis
-2. Unused dependency detection
-3. Update recommendations with migration notes
-4. License compatibility check
-5. Bundle size impact analysis
-6. Alternative package suggestions
+1. Version pinning issues (identify any deps with ^ or ~ prefixes)
+2. Security vulnerability analysis
+3. Unused dependency detection
+4. Update recommendations with migration notes (using exact versions)
+5. License compatibility check
+6. Bundle size impact analysis
+7. Alternative package suggestions
 
-Focus on actionable recommendations.`
+Focus on actionable recommendations. Always recommend exact versions when suggesting updates.`
 
   await runCommand(claudeCmd, prepareClaudeArgs([], opts), {
     input: prompt,
@@ -1615,6 +1621,17 @@ Provide specific file edits or commands to fix this issue.`
     return true
   }
 
+  // Check for GitHub CLI
+  const ghCheck = await runCommandWithOutput('which', ['gh'])
+  if (ghCheck.exitCode !== 0) {
+    log.error('GitHub CLI (gh) is required for CI monitoring')
+    log.info('Install with:')
+    log.substep('macOS: brew install gh')
+    log.substep('Linux: See https://github.com/cli/cli/blob/trunk/docs/install_linux.md')
+    log.substep('Windows: winget install --id GitHub.cli')
+    return false
+  }
+
   // Get current commit SHA
   const shaResult = await runCommandWithOutput('git', ['rev-parse', 'HEAD'], {
     cwd: rootPath
