Finish switch to IPC for flags

jdalton · jdalton · commit 61e9d0984bcb · 2025-01-17T09:44:09.000-05:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -63,7 +63,7 @@
     "@socketregistry/is-interactive": "^1.0.1",
     "@socketregistry/is-unicode-supported": "^1.0.0",
     "@socketsecurity/config": "^2.1.3",
-    "@socketsecurity/registry": "^1.0.72",
+    "@socketsecurity/registry": "^1.0.73",
     "@socketsecurity/sdk": "^1.4.5",
     "blessed": "^0.1.81",
     "blessed-contrib": "^4.11.0",
diff --git a/src/constants.ts b/src/constants.ts
@@ -6,8 +6,16 @@ import registryConstants from '@socketsecurity/registry/lib/constants'
 import { envAsBoolean } from '@socketsecurity/registry/lib/env'
 import { isObject } from '@socketsecurity/registry/lib/objects'
 
+import type { Serializable } from 'node:child_process'
+
 type RegistryEnv = typeof registryConstants.ENV
 
+type IPCObject = {
+  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: boolean
+  SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean
+  [key: string]: any
+}
+
 type Constants = {
   readonly API_V0_URL: 'https://api.socket.dev/v0'
   readonly BABEL_RUNTIME: '@babel/runtime'
@@ -17,10 +25,7 @@ type Constants = {
     SOCKET_CLI_DEBUG: boolean
   }
   readonly DIST_TYPE: 'module-sync' | 'require'
-  readonly IPC: () => Promise<{
-    SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: boolean
-    SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean
-  }>
+  readonly IPC: IPCObject
   readonly LOCK_EXT: '.lock'
   readonly MODULE_SYNC: 'module-sync'
   readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'
@@ -47,32 +52,12 @@ type Constants = {
 
 const { abortSignal } = registryConstants
 
-const IPC = (() => {
-  const promise = new Promise((resolve, reject) => {
-    process.once('message', ipcData => {
-      console.log('hi')
-      const {
-        [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: a,
-        [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: b
-      } = <any>{ __proto__: null, ...(isObject(ipcData) ? ipcData : {}) }
-      console.log('ok')
-      resolve({
-        [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: !!a,
-        [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: !!b
-      })
-    })
-    abortSignal.addEventListener('abort', reject, { once: true })
-  })
-  return function IPC() {
-    return promise
-  }
-})()
-
 const {
   PACKAGE_JSON,
   kInternalsSymbol,
   [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {
-    createConstantsObject
+    createConstantsObject,
+    defineGetter
   }
 } = registryConstants
 
@@ -106,6 +91,42 @@ const LAZY_ENV = () =>
     [SOCKET_CLI_DEBUG]: envAsBoolean(process.env[SOCKET_CLI_DEBUG])
   })
 
+const LAZY_IPC = (() => {
+  // Initialize and wire-up immediately.
+  const keys = [
+    SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
+    SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE
+  ]
+  const _ipc = (<unknown>{ __proto__: null }) as IPCObject
+  const ipc = (<unknown>{ __proto__: null }) as IPCObject
+  for (const key of keys) {
+    _ipc[key] = false
+    defineGetter(ipc, key, () => _ipc[key])
+  }
+  void new Promise<void>(resolve => {
+    const onmessage = (ipcData_: Serializable) => {
+      const ipcData: { [key: string]: any } = {
+        __proto__: null,
+        ...(isObject(ipcData_) ? ipcData_ : {})
+      }
+      for (const key of keys) {
+        _ipc[key] = ipcData[key]
+      }
+      resolve()
+    }
+    process.once('message', onmessage)
+    abortSignal.addEventListener(
+      'abort',
+      () => {
+        process.removeListener('message', onmessage)
+        resolve()
+      },
+      { once: true }
+    )
+  })
+  return () => Object.freeze(ipc)
+})()
+
 const lazyCdxgenBinPath = () =>
   // Lazily access constants.nmBinPath.
   path.join(constants.nmBinPath, 'cdxgen')
@@ -149,10 +170,10 @@ const constants = <Constants>createConstantsObject(
     BABEL_RUNTIME,
     BINARY_LOCK_EXT,
     BUN,
-    ENV: undefined,
     // Lazily defined values are initialized as `undefined` to keep their key order.
     DIST_TYPE: undefined,
-    IPC,
+    ENV: undefined,
+    IPC: undefined,
     LOCK_EXT,
     MODULE_SYNC,
     NPM_REGISTRY_URL,
@@ -180,6 +201,7 @@ const constants = <Constants>createConstantsObject(
     getters: {
       DIST_TYPE: LAZY_DIST_TYPE,
       ENV: LAZY_ENV,
+      IPC: LAZY_IPC,
       distPath: lazyDistPath,
       cdxgenBinPath: lazyCdxgenBinPath,
       nmBinPath: lazyNmBinPath,
diff --git a/src/shadow/arborist/lib/arborist/alerts.ts b/src/shadow/arborist/lib/arborist/alerts.ts
@@ -67,7 +67,6 @@ export type SocketArtifact = {
 
 const {
   API_V0_URL,
-  ENV,
   LOOP_SENTINEL,
   SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
   abortSignal
@@ -128,11 +127,15 @@ export function walk(
   diff_: Diff | null,
   options?: WalkOptions
 ): InstallEffect[] {
-  const { fix = ENV[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE] } = <WalkOptions>{
+  const {
+    // Lazily access constants.IPC.
+    fix = constants.IPC[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]
+  } = <WalkOptions>{
     __proto__: null,
     ...options
   }
   const needInfoOn: InstallEffect[] = []
+  // `diff_` is `null` when `npm install --package-lock-only` is passed.
   if (!diff_) {
     return needInfoOn
   }
diff --git a/src/shadow/arborist/lib/arborist/reify.ts b/src/shadow/arborist/lib/arborist/reify.ts
@@ -1,4 +1,5 @@
 import path from 'node:path'
+import process from 'node:process'
 
 import semver from 'semver'
 
@@ -38,7 +39,6 @@ type SocketPackageAlert = {
 const pacote: typeof import('pacote') = require(pacotePath)
 
 const {
-  ENV,
   LOOP_SENTINEL,
   NPM,
   NPM_REGISTRY_URL,
@@ -154,7 +154,8 @@ async function getPackagesAlerts(
               fixable: isFixable
             })
           }
-          if (!fixable && !ENV[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]) {
+          // Lazily access constants.IPC.
+          if (!fixable && !constants.IPC[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]) {
             // Before we ask about problematic issues, check to see if they
             // already existed in the old version if they did, be quiet.
             const existing = pkgs.find(p =>
@@ -321,7 +322,7 @@ async function updateAdvisoryDependencies(
       })
       node.package.version = targetVersion
       // Update resolved and clear integrity for the new version.
-      node.resolved = `https://registry.npmjs.org/${name}/-/${name}-${targetVersion}.tgz`
+      node.resolved = `${NPM_REGISTRY_URL}/${name}/-/${name}-${targetVersion}.tgz`
       if (node.integrity) {
         delete node.integrity
       }
@@ -360,24 +361,27 @@ export async function reify(
   this: SafeArborist,
   ...args: Parameters<InstanceType<ArboristClass>['reify']>
 ): Promise<SafeNode> {
-  // `this.diff` is `null` when `options.packageLockOnly`, --package-lock-only,
-  // is `true`.
-  const needInfoOn = walk(this.diff)
+  const needInfoOn = await walk(this.diff)
   if (
     needInfoOn.length! ||
     needInfoOn.findIndex(c => c.repository_url === NPM_REGISTRY_URL) === -1
   ) {
     // Nothing to check, hmmm already installed or all private?
     return await this[kRiskyReify](...args)
   }
-  const input = process.stdin
-  const output = process.stderr
+  // Lazily access constants.IPC.
+  const {
+    [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: bypassConfirms,
+    [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: bypassAlerts
+  } = constants.IPC
+  const { stderr: output, stdin: input } = process
+
   let alerts: SocketPackageAlert[] | undefined
   const proceed =
-    ENV[SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE] ||
+    bypassAlerts ||
     (await (async () => {
       alerts = await getPackagesAlerts(this, needInfoOn, { output })
-      if (!alerts.length || ENV[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]) {
+      if (bypassConfirms || !alerts.length) {
         return true
       }
       return await confirm(
@@ -395,7 +399,7 @@ export async function reify(
   if (proceed) {
     const fix =
       !!alerts?.length &&
-      (ENV[SOCKET_CLI_FIX_PACKAGE_LOCK_FILE] ||
+      (bypassConfirms ||
         (await confirm(
           {
             message: 'Try to fix alerts?',
@@ -416,9 +420,13 @@ export async function reify(
         ret = await this[kRiskyReify](...args)
         await this.loadActual()
         await this.buildIdealTree()
-        alerts = await getPackagesAlerts(this, walk(this.diff, { fix: true }), {
-          fixable: true
-        })
+        alerts = await getPackagesAlerts(
+          this,
+          await walk(this.diff, { fix: true }),
+          {
+            fixable: true
+          }
+        )
         alerts = alerts.filter(a => {
           const { key } = a
           if (prev.has(key)) {
diff --git a/src/utils/promise-fork.ts b/src/utils/promise-fork.ts
@@ -28,14 +28,11 @@ export type ForkResult<Output, Extra> = Promise<
   } & Extra
 > & { process: BuiltinForkResult; stdio: BuiltinForkResult['stdio'] }
 
-function isPipe(stdio: StdioOptions = 'pipe', fd: number) {
+function isPipe(stdio: StdioOptions = 'pipe', fd: number): boolean {
   if (stdio === 'pipe' || stdio === null) {
     return true
   }
-  if (Array.isArray(stdio)) {
-    return isPipe((stdio as any)[fd], fd)
-  }
-  return false
+  return Array.isArray(stdio) ? isPipe((stdio as any)[fd], fd) : false
 }
 
 function stdioResult(
