Skip to content

Commit 48a4b16

Browse files
committed
chore: cascade — socket-registry refs + @socketsecurity/lib 5.20.1 + workspace hooks + lib-stub expansion
Squash of the full cascade sync branch: 1. socket-registry action refs bumped to @3362af95fadd1e325cb48e9ad6daff21c112bd72. Cascades the pnpm 11.0.0-rc.0 → 11.0.0-rc.2 bump from socket-registry. 2. .github/workflows/weekly-update.yml reduced to a thin 20-line delegator calling SocketDev/socket-registry/.github/workflows/weekly-update.yml. 3. @socketsecurity/lib bumped 5.18.2 → 5.20.1 (via 5.19.0, 5.19.1). Hook manifest .claude/hooks/check-new-deps/package.json kept in lockstep. Brings the new dlx pin pipeline, pacote shim fix, DlxBinaryOptions.hash, and stdio/prompts restoration. 4. pnpm-workspace.yaml packages glob now includes .claude/hooks/* so taze bumps hook manifests automatically. 5. createLibStubPlugin in .config/esbuild.config.mts also stubs external/del.js + external/cacache.js (eagerly loaded by lib/fs + lib/cacache but unused by the SDK). 6. fix(publish): gate --provenance on GITHUB_ACTIONS so local publish runs don't break. 7. Fixes pre-existing printFooter imports in scripts/build.mts + scripts/check.mts that pulled from lib/stdio/header where printFooter never lived. 5.18.2's loose subpath exports hid the bug; 5.19.x surfaces it. Folds PR #601 (socket-registry 3362af95 bump) into this cascade.
1 parent ebb9c49 commit 48a4b16

File tree

12 files changed

+121
-396
lines changed

12 files changed

+121
-396
lines changed

.claude/hooks/check-new-deps/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
},
1212
"dependencies": {
1313
"@socketregistry/packageurl-js": "1.4.2",
14-
"@socketsecurity/lib": "5.18.2",
14+
"@socketsecurity/lib": "5.20.1",
1515
"@socketsecurity/sdk": "4.0.1"
1616
},
1717
"devDependencies": {

.config/esbuild.config.mts

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -241,8 +241,21 @@ function createNodeProtocolPlugin() {
241241
* minimal lookup covering just those types.
242242
*/
243243
function createLibStubPlugin() {
244+
// Heavy lib modules that are eagerly required but never exercised
245+
// by the SDK's actual code paths.
246+
//
247+
// Never-reached by SDK gateway modules:
248+
// - globs.js / sorts.js → only used by fs helpers the SDK skips
249+
// - external/npm-pack.js / pico-pack.js → Arborist/pacote/fast-glob,
250+
// SDK only needs validateFiles() from fs
251+
//
252+
// Never-reached transitive external shims:
253+
// - external/cacache.js → destructures from npm-pack (already stubbed),
254+
// SDK's cache-with-ttl path degrades gracefully
255+
// - external/del.js → pulled in by fs's lazy getDel() for safeDelete,
256+
// SDK never calls safeDelete/safeDeleteSync
244257
const libStubPattern =
245-
/@socketsecurity\/lib\/dist\/(globs|sorts|external\/(npm-pack|pico-pack))\.js$/
258+
/@socketsecurity\/lib\/dist\/(globs|sorts|external\/(npm-pack|pico-pack|cacache|del))\.js$/
246259

247260
const mimeDbPattern = /mime-db\/db\.json$/
248261

.github/workflows/ci.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,6 @@ concurrency:
2121
jobs:
2222
ci:
2323
name: Run CI Pipeline
24-
uses: SocketDev/socket-registry/.github/workflows/ci.yml@bbe46386c0a2bc6baefd02916234956a38e622d5 # main
24+
uses: SocketDev/socket-registry/.github/workflows/ci.yml@3362af95fadd1e325cb48e9ad6daff21c112bd72 # main
2525
with:
2626
test-script: 'pnpm run test --all --skip-build'

.github/workflows/generate.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -46,14 +46,14 @@ jobs:
4646
echo "Sleeping for $delay seconds..."
4747
sleep $delay
4848
49-
- uses: SocketDev/socket-registry/.github/actions/setup-and-install@bbe46386c0a2bc6baefd02916234956a38e622d5 # main
49+
- uses: SocketDev/socket-registry/.github/actions/setup-and-install@3362af95fadd1e325cb48e9ad6daff21c112bd72 # main
5050

5151
- name: Configure push credentials
5252
env:
5353
GH_TOKEN: ${{ github.token }}
5454
run: git remote set-url origin "https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }}.git"
5555

56-
- uses: SocketDev/socket-registry/.github/actions/setup-git-signing@bbe46386c0a2bc6baefd02916234956a38e622d5 # main
56+
- uses: SocketDev/socket-registry/.github/actions/setup-git-signing@3362af95fadd1e325cb48e9ad6daff21c112bd72 # main
5757
with:
5858
gpg-private-key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
5959

@@ -145,5 +145,5 @@ jobs:
145145
> \`\`\`
146146
EOF
147147
148-
- uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@bbe46386c0a2bc6baefd02916234956a38e622d5 # main
148+
- uses: SocketDev/socket-registry/.github/actions/cleanup-git-signing@3362af95fadd1e325cb48e9ad6daff21c112bd72 # main
149149
if: always()

.github/workflows/provenance.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ jobs:
3030
permissions:
3131
contents: write # To create GitHub releases
3232
id-token: write # For npm trusted publishing via OIDC
33-
uses: SocketDev/socket-registry/.github/workflows/provenance.yml@bbe46386c0a2bc6baefd02916234956a38e622d5 # main
33+
uses: SocketDev/socket-registry/.github/workflows/provenance.yml@3362af95fadd1e325cb48e9ad6daff21c112bd72 # main
3434
with:
3535
debug: ${{ inputs.debug }}
3636
dist-tag: ${{ inputs.dist-tag }}

0 commit comments

Comments
 (0)