Use more @socketsecurity/registry

Author: jdalton

.dep-stats.json

@@ -3,11 +3,10 @@
     "@apideck/better-ajv-errors": "^0.3.6",
     "@cyclonedx/cdxgen": "^10.11.0",
     "@inquirer/prompts": "^7.0.1",
-    "@npmcli/package-json": "6.0.1",
     "@npmcli/promise-spawn": "^8.0.2",
     "@socketregistry/hyrious__bun.lockb": "1.0.4",
     "@socketsecurity/config": "^2.1.3",
-    "@socketsecurity/registry": "^1.0.16",
+    "@socketsecurity/registry": "^1.0.22",
     "@socketsecurity/sdk": "^1.3.0",
     "blessed": "^0.1.81",
     "blessed-contrib": "^4.11.0",
@@ -62,11 +61,10 @@
     "@apideck/better-ajv-errors": "^0.3.6",
     "@cyclonedx/cdxgen": "^10.11.0",
     "@inquirer/prompts": "^7.0.1",
-    "@npmcli/package-json": "6.0.1",
     "@npmcli/promise-spawn": "^8.0.2",
     "@socketregistry/hyrious__bun.lockb": "1.0.4",
     "@socketsecurity/config": "^2.1.3",
-    "@socketsecurity/registry": "^1.0.16",
+    "@socketsecurity/registry": "^1.0.22",
     "@socketsecurity/sdk": "^1.3.0",
     "blessed": "^0.1.81",
     "blessed-contrib": "^4.11.0",

package-lock.json

@@ -42,11 +42,10 @@
     "@apideck/better-ajv-errors": "^0.3.6",
     "@cyclonedx/cdxgen": "^10.11.0",
     "@inquirer/prompts": "^7.0.1",
-    "@npmcli/package-json": "6.0.1",
     "@npmcli/promise-spawn": "^8.0.2",
     "@socketregistry/hyrious__bun.lockb": "1.0.4",
     "@socketsecurity/config": "^2.1.3",
-    "@socketsecurity/registry": "^1.0.16",
+    "@socketsecurity/registry": "^1.0.22",
     "@socketsecurity/sdk": "^1.3.0",
     "blessed": "^0.1.81",
     "blessed-contrib": "^4.11.0",
@@ -91,7 +90,6 @@
     "@types/mock-fs": "^4.13.4",
     "@types/node": "^22.9.0",
     "@types/npmcli__arborist": "^5.6.11",
-    "@types/npmcli__package-json": "^4.0.4",
     "@types/npmcli__promise-spawn": "^6.0.3",
     "@types/proc-log": "^3.0.4",
     "@types/semver": "^7.5.8",

package.json

@@ -1,7 +1,6 @@
 import fs from 'fs/promises'
 import path from 'node:path'
 
-import EditablePackageJson from '@npmcli/package-json'
 import spawn from '@npmcli/promise-spawn'
 import meow from 'meow'
 import npa from 'npm-package-arg'
@@ -16,7 +15,7 @@ import {
   isObject,
   toSortedObject
 } from '@socketsecurity/registry/lib/objects'
-import { fetchPackageManifest } from '@socketsecurity/registry/lib/packages'
+import { fetchPackageManifest, readPackageJson } from '@socketsecurity/registry/lib/packages'
 import { pEach } from '@socketsecurity/registry/lib/promises'
 import { escapeRegExp } from '@socketsecurity/registry/lib/regexps'
 import { isNonEmptyString } from '@socketsecurity/registry/lib/strings'
@@ -31,10 +30,12 @@ import type {
   Agent,
   StringKeyValueObject
 } from '../utils/package-manager-detector'
-import type { Content as NPMCliPackageJson } from '@npmcli/package-json'
 import type { ManifestEntry } from '@socketsecurity/registry'
+import type { EditablePackageJson } from '@socketsecurity/registry/lib/packages'
 import type { Ora } from 'ora'
 
+type PackageJson = Awaited<ReturnType<typeof readPackageJson>>
+
 const COMMAND_TITLE = 'Socket Optimize'
 const OVERRIDES_FIELD_NAME = 'overrides'
 const PNPM_FIELD_NAME = 'pnpm'
@@ -47,42 +48,42 @@ const manifestNpmOverrides = getManifestData('npm')!
 type NpmOverrides = { [key: string]: string | StringKeyValueObject }
 type PnpmOrYarnOverrides = { [key: string]: string }
 type Overrides = NpmOverrides | PnpmOrYarnOverrides
-type GetOverrides = (pkgJson: NPMCliPackageJson) => GetOverridesResult
+type GetOverrides = (pkgJson: PackageJson) => GetOverridesResult
 type GetOverridesResult = {
   type: Agent
   overrides: Overrides
 }
 
 const getOverridesDataByAgent: Record<Agent, GetOverrides> = {
-  bun(pkgJson: NPMCliPackageJson) {
+  bun(pkgJson: PackageJson) {
     const overrides = (pkgJson as any)?.resolutions ?? {}
     return { type: 'yarn/berry', overrides }
   },
   // npm overrides documentation:
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-json#overrides
-  npm(pkgJson: NPMCliPackageJson) {
+  npm(pkgJson: PackageJson) {
     const overrides = (pkgJson as any)?.overrides ?? {}
     return { type: 'npm', overrides }
   },
   // pnpm overrides documentation:
   // https://pnpm.io/package_json#pnpmoverrides
-  pnpm(pkgJson: NPMCliPackageJson) {
+  pnpm(pkgJson: PackageJson) {
     const overrides = (pkgJson as any)?.pnpm?.overrides ?? {}
     return { type: 'pnpm', overrides }
   },
-  vlt(pkgJson: NPMCliPackageJson) {
+  vlt(pkgJson: PackageJson) {
     const overrides = (pkgJson as any)?.overrides ?? {}
     return { type: 'vlt', overrides }
   },
   // Yarn resolutions documentation:
   // https://yarnpkg.com/configuration/manifest#resolutions
-  'yarn/berry'(pkgJson: NPMCliPackageJson) {
+  'yarn/berry'(pkgJson: PackageJson) {
     const overrides = (pkgJson as any)?.resolutions ?? {}
     return { type: 'yarn/berry', overrides }
   },
   // Yarn resolutions documentation:
   // https://classic.yarnpkg.com/en/docs/selective-version-resolutions
-  'yarn/classic'(pkgJson: NPMCliPackageJson) {
+  'yarn/classic'(pkgJson: PackageJson) {
     const overrides = (pkgJson as any)?.resolutions ?? {}
     return { type: 'yarn/classic', overrides }
   }
@@ -182,7 +183,7 @@ const updateManifestByAgent: Record<Agent, AgentModifyManifestFn> = (() => {
     if (oldValue) {
       // The field already exists so we simply update the field value.
       if (field === PNPM_FIELD_NAME) {
-        editablePkgJson.update({
+        editablePkgJson['update']({
           [field]: {
             ...(isObject(oldValue) ? oldValue : {}),
             overrides: value
@@ -437,7 +438,7 @@ function createActionMessage(
   return `${verb} ${overrideCount} Socket.dev optimized overrides${workspaceCount ? ` in ${workspaceCount} workspace${workspaceCount > 1 ? 's' : ''}` : ''}`
 }
 
-function getDependencyEntries(pkgJson: NPMCliPackageJson) {
+function getDependencyEntries(pkgJson: PackageJson) {
   const {
     dependencies,
     devDependencies,
@@ -469,7 +470,7 @@ function getDependencyEntries(pkgJson: NPMCliPackageJson) {
 async function getWorkspaceGlobs(
   agent: Agent,
   pkgPath: string,
-  pkgJson: NPMCliPackageJson
+  pkgJson: PackageJson
 ): Promise<string[] | undefined> {
   let workspacePatterns
   if (agent === 'pnpm') {
@@ -570,10 +571,10 @@ async function addOverrides(
   state = createAddOverridesState()
 ): Promise<AddOverridesState> {
   if (editablePkgJson === undefined) {
-    editablePkgJson = await EditablePackageJson.load(pkgPath)
+    editablePkgJson = await readPackageJson(pkgPath, { editable: true })
   }
   const { spinner } = state
-  const pkgJson: Readonly<NPMCliPackageJson> = editablePkgJson.content
+  const { content: pkgJson } = editablePkgJson
   const isRoot = pkgPath === rootPath
   const isLockScanned = isRoot && !prod
   const workspaceName = path.relative(rootPath, pkgPath)
@@ -723,7 +724,7 @@ async function addOverrides(
     })
   }
   if (state.added.size > 0 || state.updated.size > 0) {
-    editablePkgJson.update(<NPMCliPackageJson>Object.fromEntries(depEntries))
+    editablePkgJson.update(<PackageJson>Object.fromEntries(depEntries))
     for (const { overrides, type } of overridesDataObjects) {
       updateManifestByAgent[type](editablePkgJson, toSortedObject(overrides))
     }

src/commands/optimize.ts

@@ -1,6 +1,5 @@
 import path from 'node:path'
 
-import EditablePackageJson from '@npmcli/package-json'
 import spawn from '@npmcli/promise-spawn'
 import browserslist from 'browserslist'
 import semver from 'semver'
@@ -9,11 +8,12 @@ import which from 'which'
 import { parse as parseBunLockb } from '@socketregistry/hyrious__bun.lockb'
 import constants from '@socketsecurity/registry/lib/constants'
 import { isObjectObject } from '@socketsecurity/registry/lib/objects'
+import { readPackageJson } from '@socketsecurity/registry/lib/packages'
 import { isNonEmptyString } from '@socketsecurity/registry/lib/strings'
 
 import { existsSync, findUp, readFileBinary, readFileUtf8 } from './fs'
 
-import type { Content as NPMCliPackageJson } from '@npmcli/package-json'
+import type { EditablePackageJson } from '@socketsecurity/registry/lib/packages'
 import type { SemVer } from 'semver'
 
 export const AGENTS = [
@@ -152,10 +152,9 @@ export async function detect({
     ? path.dirname(pkgJsonPath)
     : undefined
   const editablePkgJson = pkgPath
-    ? await EditablePackageJson.load(pkgPath)
+    ? await readPackageJson(pkgPath, { editable: true })
     : undefined
-  const pkgJson: Readonly<NPMCliPackageJson> | undefined =
-    editablePkgJson?.content
+  const pkgJson = editablePkgJson?.content
   // Read Corepack `packageManager` field in package.json:
   // https://nodejs.org/api/packages.html#packagemanager
   const pkgManager = isNonEmptyString(pkgJson?.packageManager)