Merge branch 'main' of github.com:SocketDev/socket-cli into directory-target-fix

Author: mtorp

.config/babel.config.js

@@ -1,13 +1,19 @@
-'use strict'
-
 const path = require('node:path')
 
 const rootPath = path.join(__dirname, '..')
 const scriptsPath = path.join(rootPath, 'scripts')
 const babelPluginsPath = path.join(scriptsPath, 'babel')
 
 module.exports = {
-  presets: ['@babel/preset-typescript'],
+  presets: [
+    '@babel/preset-typescript',
+    [
+      '@babel/preset-react',
+      {
+        runtime: 'automatic',
+      },
+    ],
+  ],
   plugins: [
     '@babel/plugin-proposal-export-default-from',
     '@babel/plugin-transform-export-namespace-from',
@@ -21,7 +27,12 @@ module.exports = {
         version: '^7.27.1',
       },
     ],
-    path.join(babelPluginsPath, 'transform-set-proto-plugin.js'),
-    path.join(babelPluginsPath, 'transform-url-parse-plugin.js'),
+    // Run strict-mode transformations first to fix loose-mode code.
+    path.join(babelPluginsPath, 'babel-plugin-strict-mode.mjs'),
+    path.join(babelPluginsPath, 'babel-plugin-inline-require-calls.js'),
+    path.join(babelPluginsPath, 'transform-set-proto-plugin.mjs'),
+    path.join(babelPluginsPath, 'transform-url-parse-plugin.mjs'),
+    // Run --with-intl=none transforms last to handle Intl/locale APIs.
+    path.join(babelPluginsPath, 'babel-plugin-with-intl-none.mjs'),
   ],
 }

.config/esbuild-inject-import-meta.mjs

@@ -0,0 +1,10 @@
+/**
+ * Polyfill for import.meta.url in CommonJS bundles.
+ * This file is injected by esbuild's inject option.
+ */
+
+// Convert __filename to file:// URL format.
+export const __importMetaUrl =
+  typeof __filename !== 'undefined'
+    ? `file://${__filename.replace(/\\/g, '/')}`
+    : 'file:///unknown'

.config/esbuild.cli.build.mjs

@@ -0,0 +1,27 @@
+/**
+ * esbuild build script for Socket CLI.
+ */
+
+import { build } from 'esbuild'
+
+import config from './esbuild.cli.config.mjs'
+
+console.log('Building Socket CLI with esbuild...\n')
+
+try {
+  const result = await build(config)
+
+  console.log('✓ Build completed successfully')
+  console.log(`✓ Output: ${config.outfile}`)
+
+  if (result.metafile) {
+    const outputSize = Object.values(result.metafile.outputs)[0]?.bytes
+    if (outputSize) {
+      console.log(`✓ Bundle size: ${(outputSize / 1024 / 1024).toFixed(2)} MB`)
+    }
+  }
+} catch (error) {
+  console.error('Build failed:', error)
+  // eslint-disable-next-line n/no-process-exit
+  process.exit(1)
+}

.config/esbuild.cli.config.mjs

@@ -0,0 +1,248 @@
+/**
+ * esbuild configuration for building Socket CLI as a SINGLE unified file.
+ *
+ * esbuild is much faster than Rollup and doesn't have template literal corruption issues.
+ */
+
+import { execSync } from 'node:child_process'
+import { randomUUID } from 'node:crypto'
+import { existsSync, readFileSync } from 'node:fs'
+import { builtinModules } from 'node:module'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url))
+const rootPath = path.join(__dirname, '..')
+
+// Read package.json for version and metadata.
+const packageJson = JSON.parse(
+  readFileSync(path.join(rootPath, 'package.json'), 'utf-8'),
+)
+
+// Get current git commit hash.
+let gitHash = ''
+try {
+  gitHash = execSync('git rev-parse --short HEAD', {
+    cwd: rootPath,
+    encoding: 'utf-8',
+  }).trim()
+} catch {}
+
+// Get dependency versions from package.json devDependencies.
+const coanaVersion = packageJson.devDependencies?.['@coana-tech/cli'] || ''
+const cdxgenVersion = packageJson.devDependencies?.['@cyclonedx/cdxgen'] || ''
+const synpVersion = packageJson.devDependencies?.['synp'] || ''
+
+// Build-time constants that can be overridden by environment variables.
+const publishedBuild = process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'] === '1'
+const legacyBuild = process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'] === '1'
+const sentryBuild = process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'] === '1'
+
+// Compute version hash (matches Rollup implementation).
+const randUuidSegment = randomUUID().split('-')[0]
+const versionHash = `${packageJson.version}:${gitHash}:${randUuidSegment}${
+  publishedBuild ? '' : ':dev'
+}`
+
+// Get local Socket package paths.
+const socketPackages = {
+  '@socketsecurity/registry': path.join(
+    rootPath,
+    '..',
+    'socket-registry',
+    'registry',
+  ),
+  '@socketsecurity/sdk': path.join(rootPath, '..', 'socket-sdk-js'),
+  '@socketregistry/packageurl-js': path.join(
+    rootPath,
+    '..',
+    'socket-packageurl-js',
+  ),
+}
+
+// Resolve subpath from package.json exports.
+function resolvePackageSubpath(packagePath, subpath) {
+  try {
+    const pkgJsonPath = path.join(packagePath, 'package.json')
+    const pkgJson = JSON.parse(readFileSync(pkgJsonPath, 'utf-8'))
+    const exports = pkgJson.exports || {}
+
+    // Try exact export match.
+    const exportKey = subpath === '.' ? '.' : `./${subpath}`
+    if (exports[exportKey]) {
+      const exportValue = exports[exportKey]
+      // Handle conditional exports.
+      if (typeof exportValue === 'object' && exportValue.default) {
+        return path.join(packagePath, exportValue.default)
+      }
+      // Handle simple string exports.
+      if (typeof exportValue === 'string') {
+        return path.join(packagePath, exportValue)
+      }
+    }
+
+    // Fallback: try conventional paths.
+    const distPath = path.join(packagePath, 'dist', subpath)
+    if (existsSync(`${distPath}.js`)) {
+      return `${distPath}.js`
+    }
+    if (existsSync(`${distPath}.mjs`)) {
+      return `${distPath}.mjs`
+    }
+    if (existsSync(path.join(distPath, 'index.js'))) {
+      return path.join(distPath, 'index.js')
+    }
+    if (existsSync(path.join(distPath, 'index.mjs'))) {
+      return path.join(distPath, 'index.mjs')
+    }
+  } catch {}
+
+  return null
+}
+
+export default {
+  entryPoints: [path.join(rootPath, 'src/cli-dispatch.mts')],
+  bundle: true,
+  outfile: path.join(rootPath, 'dist/cli.js'),
+  platform: 'node',
+  target: 'node20',
+  format: 'cjs',
+
+  // Externalize Node.js built-ins.
+  external: [...builtinModules, ...builtinModules.map(m => `node:${m}`)],
+
+  // Add shebang.
+  banner: {
+    js: '#!/usr/bin/env node\n"use strict";',
+  },
+
+  // Source maps off for production.
+  sourcemap: false,
+
+  // Don't minify (keep readable for debugging).
+  minify: false,
+
+  // Keep names for better stack traces.
+  keepNames: true,
+
+  // Define environment variables and import.meta.
+  define: {
+    'process.env.NODE_ENV': '"production"',
+    'import.meta.url': '__importMetaUrl',
+    // Inject build metadata (replaces Rollup replace plugin).
+    'process.env.INLINED_SOCKET_CLI_VERSION': JSON.stringify(
+      packageJson.version,
+    ),
+    'process.env.INLINED_SOCKET_CLI_VERSION_HASH': JSON.stringify(versionHash),
+    'process.env.INLINED_SOCKET_CLI_NAME': JSON.stringify(packageJson.name),
+    'process.env.INLINED_SOCKET_CLI_HOMEPAGE': JSON.stringify(
+      packageJson.homepage,
+    ),
+    'process.env.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION':
+      JSON.stringify(coanaVersion),
+    'process.env.INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION':
+      JSON.stringify(cdxgenVersion),
+    'process.env.INLINED_SOCKET_CLI_SYNP_VERSION': JSON.stringify(synpVersion),
+    'process.env.INLINED_SOCKET_CLI_PUBLISHED_BUILD': JSON.stringify(
+      publishedBuild ? '1' : '',
+    ),
+    'process.env.INLINED_SOCKET_CLI_LEGACY_BUILD': JSON.stringify(
+      legacyBuild ? '1' : '',
+    ),
+    'process.env.INLINED_SOCKET_CLI_SENTRY_BUILD': JSON.stringify(
+      sentryBuild ? '1' : '',
+    ),
+    // Python version/tag are optional and typically empty for standard builds.
+    'process.env.INLINED_SOCKET_CLI_PYTHON_VERSION': JSON.stringify(''),
+    'process.env.INLINED_SOCKET_CLI_PYTHON_BUILD_TAG': JSON.stringify(''),
+  },
+
+  // Inject import.meta.url polyfill for CJS.
+  inject: [path.join(__dirname, 'esbuild-inject-import-meta.mjs')],
+
+  // Handle special cases with plugins.
+  plugins: [
+    {
+      name: 'resolve-socket-packages',
+      setup(build) {
+        // Resolve local Socket packages with subpath exports.
+        for (const [packageName, packagePath] of Object.entries(
+          socketPackages,
+        )) {
+          // Handle package root imports.
+          build.onResolve(
+            { filter: new RegExp(`^${packageName.replace('/', '\\/')}$`) },
+            () => {
+              if (!existsSync(packagePath)) {
+                return null
+              }
+              const resolved = resolvePackageSubpath(packagePath, '.')
+              if (resolved) {
+                return { path: resolved }
+              }
+              return null
+            },
+          )
+
+          // Handle subpath imports.
+          build.onResolve(
+            { filter: new RegExp(`^${packageName.replace('/', '\\/')}\\/`) },
+            args => {
+              if (!existsSync(packagePath)) {
+                return null
+              }
+              const subpath = args.path.slice(packageName.length + 1)
+              const resolved = resolvePackageSubpath(packagePath, subpath)
+              if (resolved) {
+                return { path: resolved }
+              }
+              return null
+            },
+          )
+        }
+      },
+    },
+
+    {
+      name: 'yoga-wasm-alias',
+      setup(build) {
+        // Redirect yoga-layout to our custom synchronous implementation.
+        build.onResolve({ filter: /^yoga-layout$/ }, () => {
+          return {
+            path: path.join(rootPath, 'external/yoga-sync.mjs'),
+          }
+        })
+      },
+    },
+
+    {
+      name: 'stub-problematic-packages',
+      setup(build) {
+        // Stub iconv-lite and encoding to avoid bundling issues.
+        build.onResolve({ filter: /^(iconv-lite|encoding)(\/|$)/ }, args => {
+          return {
+            path: args.path,
+            namespace: 'stub',
+          }
+        })
+
+        build.onLoad({ filter: /.*/, namespace: 'stub' }, () => {
+          return {
+            contents: 'module.exports = {}',
+            loader: 'js',
+          }
+        })
+      },
+    },
+
+    {
+      name: 'ignore-unsupported-files',
+      setup(build) {
+        // Ignore .cs files and other non-JS files.
+        build.onResolve({ filter: /\.(cs|node-gyp)$/ }, () => {
+          return { path: '/dev/null', external: true }
+        })
+      },
+    },
+  ],
+}