SocketDev
diff --git a/‎.github/workflows/nodejs.yml
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/nodejs.yml
Lines changed: 1 addition & 2 deletions
diff --git a/‎.github/workflows/provenance.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/provenance.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/types.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/types.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.gitignore
Lines changed: 1 addition & 0 deletions b/‎.gitignore
Lines changed: 1 addition & 0 deletions
diff --git a/‎README.md
Lines changed: 5 additions & 0 deletions b/‎README.md
Lines changed: 5 additions & 0 deletions
diff --git a/‎cli.js
Lines changed: 10 additions & 1 deletion b/‎cli.js
Lines changed: 10 additions & 1 deletion
diff --git a/‎lib/commands/cyclonedx/index.js
Lines changed: 211 additions & 0 deletions b/‎lib/commands/cyclonedx/index.js
Lines changed: 211 additions & 0 deletions
diff --git a/‎lib/commands/index.js
Lines changed: 7 additions & 3 deletions b/‎lib/commands/index.js
Lines changed: 7 additions & 3 deletions
@@ -24,8 +24,7 @@ jobs:
     with:
       no-lockfile: true
       npm-test-script: 'test-ci'
-      # Node 16 has a SegFault from C8 when using --test
-      node-versions: '18,19'
+      node-versions: '20'
       # We currently have some issues on Windows that will have to wait to be fixed
       # os: 'ubuntu-latest,windows-latest'
       os: 'ubuntu-latest'
@@ -16,11 +16,11 @@ jobs:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v4
        with:
-         node-version: '18'
+         node-version: '20'
          registry-url: 'https://registry.npmjs.org'
          cache: npm
      - run: npm install -g npm@latest
      - run: npm ci
-     - run: npm publish --provenance --access public
+     - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -20,5 +20,5 @@ jobs:
     uses: SocketDev/workflows/.github/workflows/type-check.yml@master
     with:
       no-lockfile: true
-      ts-versions: ${{ github.event.schedule && 'next' || '4.9,next' }}
-      ts-libs: 'es2020;esnext'
+      ts-versions: ${{ github.event.schedule && 'next' || '5.4,next' }}
+      ts-libs: 'esnext'
@@ -2,6 +2,7 @@
 /coverage
 /coverage-ts
 /node_modules
+/.DS_Store
 /.env
 /.nyc_output
 /.vscode
 
@@ -18,6 +18,7 @@ socket --help
 socket info [email protected]
 socket report create package.json --view
 socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
+socket wrapper --enable
 ```
 
 ## Commands
@@ -35,6 +36,10 @@ socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
 
 * `socket report view <report-id>` - looks up issues and scores from a report
 
+* `socket wrapper --enable` and `socket wrapper --disable` - Enables and disables the Socket 'safe-npm' wrapper.
+
+* `socket raw-npm` and `socket raw-npx` - Temporarily disables the Socket 'safe-npm' wrapper.
+
 ## Aliases
 
 All aliases supports flags and arguments of the commands they alias.
 
@@ -15,8 +15,17 @@ import { initUpdateNotifier } from './lib/utils/update-notifier.js'
 initUpdateNotifier()
 
 try {
+  const formattedCliCommands = Object.fromEntries(Object.entries(cliCommands).map((entry) => {
+    if (entry[0] === 'rawNpm') {
+      entry[0] = 'raw-npm'
+    } else if (entry[0] === 'rawNpx') {
+      entry[0] = 'raw-npx'
+    }
+    return entry
+  }))
+
   await meowWithSubcommands(
-    cliCommands,
+    formattedCliCommands,
     {
       aliases: {
         ci: {
 
@@ -0,0 +1,211 @@
+/* eslint-disable no-console */
+
+import { existsSync, promises as fs } from 'node:fs'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+import chalk from 'chalk'
+import { $ } from 'execa'
+import yargsParse from 'yargs-parser'
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url))
+
+const {
+  SBOM_SIGN_ALGORITHM, // Algorithm. Example: RS512
+  SBOM_SIGN_PRIVATE_KEY, // Location to the RSA private key
+  SBOM_SIGN_PUBLIC_KEY // Optional. Location to the RSA public key
+} = process.env
+
+const toLower = (/** @type {string} */ arg) => arg.toLowerCase()
+const arrayToLower = (/** @type {string[]} */ arg) => arg.map(toLower)
+
+const execaConfig = {
+  env: { NODE_ENV: '' },
+  localDir: path.join(__dirname, 'node_modules'),
+}
+
+const nodejsPlatformTypes = [
+  'javascript',
+  'js',
+  'nodejs',
+  'npm',
+  'pnpm',
+  'ts',
+  'tsx',
+  'typescript'
+]
+
+const yargsConfig = {
+  configuration: {
+    'camel-case-expansion': false,
+    'strip-aliased': true,
+    'parse-numbers': false,
+    'populate--': true,
+    'unknown-options-as-args': true
+  },
+  coerce: {
+    author: arrayToLower,
+    filter: arrayToLower,
+    only: arrayToLower,
+    profile: toLower,
+    standard: arrayToLower,
+    type: toLower
+  },
+  default: {
+    //author: ['OWASP Foundation'],
+    //'auto-compositions': true,
+    //babel: true,
+    //evidence: false,
+    //'include-crypto': false,
+    //'include-formulation': false,
+    //'install-deps': true,
+    //output: 'bom.json',
+    //profile: 'generic',
+    //'project-version': '',
+    //recurse: true,
+    //'server-host': '127.0.0.1',
+    //'server-port': '9090',
+    //'spec-version': '1.5',
+    type: 'js',
+    //validate: true,
+  },
+  alias: {
+    help: ['h'],
+    output: ['o'],
+    print: ['p'],
+    recurse: ['r'],
+    'resolve-class': ['c'],
+    type: ['t'],
+    version: ['v'],
+  },
+  array: [
+    { key: 'author', type: 'string' },
+    { key: 'exclude', type: 'string' },
+    { key: 'filter', type: 'string' },
+    { key: 'only', type: 'string' },
+    { key: 'standard', type: 'string' }
+  ],
+  boolean: [
+    'auto-compositions',
+    'babel',
+    'deep',
+    'evidence',
+    'fail-on-error',
+    'generate-key-and-sign',
+    'help',
+    'include-formulation',
+    'include-crypto',
+    'install-deps',
+    'print',
+    'required-only',
+    'server',
+    'validate',
+    'version',
+  ],
+  string: [
+    'api-key',
+    'output',
+    'parent-project-id',
+    'profile',
+    'project-group',
+    'project-name',
+    'project-version',
+    'project-id',
+    'server-host',
+    'server-port',
+    'server-url',
+    'spec-version',
+  ]
+}
+
+/**
+ *
+ * @param {{ [key: string]: boolean | null | number | string | (string | number)[]}} argv
+ * @returns {string[]}
+ */
+function argvToArray (/** @type {any} */ argv) {
+  if (argv['help']) return ['--help']
+  const result = []
+  for (const { 0: key, 1: value } of Object.entries(argv)) {
+    if (key === '_' || key === '--') continue
+    if (key === 'babel' || key === 'install-deps' || key === 'validate') {
+      // cdxgen documents no-babel, no-install-deps, and no-validate flags so
+      // use them when relevant.
+      result.push(`--${value ? key : `no-${key}`}`)
+    } else if (value === true) {
+      result.push(`--${key}`)
+    } else if (typeof value === 'string') {
+      result.push(`--${key}=${value}`)
+    } else if (Array.isArray(value)) {
+      result.push(`--${key}`, ...value.map(String))
+    }
+  }
+  if (argv['--']) {
+    result.push('--', ...argv['--'])
+  }
+  return result
+}
+
+/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
+export const cyclonedx = {
+  description: 'Create an SBOM with CycloneDX generator (cdxgen)',
+  async run (argv_) {
+    const /** @type {any} */ yargv = {
+      __proto__: null,
+      // @ts-ignore
+      ...yargsParse(argv_, yargsConfig)
+    }
+
+    const /** @type {string[]} */ unknown = yargv._
+    const { length: unknownLength } = unknown
+    if (unknownLength) {
+      console.error(`Unknown argument${unknownLength > 1 ? 's' : ''}: ${yargv._.join(', ')}`)
+      process.exitCode = 1
+      return
+    }
+
+    let cleanupPackageLock = false
+    if (
+      yargv.type !== 'yarn' &&
+      nodejsPlatformTypes.includes(yargv.type) &&
+      existsSync('./yarn.lock')
+    ) {
+      if (existsSync('./package-lock.json')) {
+        yargv.type = 'npm'
+      } else {
+        // Use synp to create a package-lock.json from the yarn.lock,
+        // based on the node_modules folder, for a more accurate SBOM.
+        try {
+          await $(execaConfig)`synp --source-file ./yarn.lock`
+          yargv.type = 'npm'
+          cleanupPackageLock = true
+        } catch {}
+      }
+    }
+
+    if (yargv.output === undefined) {
+      yargv.output = 'socket-cyclonedx.json'
+    }
+
+    await $({
+      ...execaConfig,
+      env: {
+        NODE_ENV: '',
+        SBOM_SIGN_ALGORITHM,
+        SBOM_SIGN_PRIVATE_KEY,
+        SBOM_SIGN_PUBLIC_KEY
+      },
+      stdout: 'inherit'
+    })`cdxgen ${argvToArray(yargv)}`
+
+    if (cleanupPackageLock) {
+      try {
+        await fs.unlink('./package-lock.json')
+      } catch {}
+    }
+    const fullOutputPath = path.join(process.cwd(), yargv.output)
+    if (existsSync(fullOutputPath)) {
+      console.log(chalk.cyanBright(`${yargv.output} created!`))
+    }
+  }
+}
@@ -1,6 +1,10 @@
+export * from './cyclonedx/index.js'
 export * from './info/index.js'
-export * from './report/index.js'
-export * from './npm/index.js'
-export * from './npx/index.js'
 export * from './login/index.js'
 export * from './logout/index.js'
+export * from './npm/index.js'
+export * from './npx/index.js'
+export * from './raw-npm/index.js'
+export * from './raw-npx/index.js'
+export * from './report/index.js'
+export * from './wrapper/index.js'