Make more clear which env vars are inlined

Author: jdalton

.config/rollup.base.config.mjs

@@ -33,19 +33,20 @@ const require = createRequire(import.meta.url)
 
 const {
   CONSTANTS,
+  INLINED_SOCKET_CLI_LEGACY_BUILD,
+  INLINED_SOCKET_CLI_PUBLISHED_BUILD,
+  INLINED_SOCKET_CLI_SENTRY_BUILD,
+  INLINED_SOCKET_CLI_VERSION,
+  INLINED_SOCKET_CLI_VERSION_HASH,
   LATEST,
   ROLLUP_ENTRY_SUFFIX,
   ROLLUP_EXTERNAL_SUFFIX,
   SLASH_NODE_MODULES_SLASH,
   SHADOW_NPM_BIN,
   SHADOW_NPM_INJECT,
   SHADOW_NPM_PATHS,
-  SOCKET_CLI_LEGACY_BUILD,
-  SOCKET_CLI_PUBLISHED_BUILD,
-  SOCKET_CLI_SENTRY_BUILD,
-  SOCKET_CLI_VERSION_HASH,
-  VITEST,
-  VENDOR
+  VENDOR,
+  VITEST
 } = constants
 
 export const INLINED_PACKAGES = ['@babel/runtime']
@@ -82,12 +83,20 @@ const requireUrlAssignmentRegExp =
 
 const splitUrlRequiresRegExp = /require\(["']u["']\s*\+\s*["']rl["']\)/g
 
+let _rootPkgJson
+function getRootPkgJsonSync() {
+  if (_rootPkgJson === undefined) {
+    // Lazily access constants.rootPath.
+    _rootPkgJson = readPackageJsonSync(constants.rootPath)
+  }
+  return _rootPkgJson
+}
+
 let _socketVersionHash
-function getSocketVersionHash() {
+function getSocketCliVersionHash() {
   if (_socketVersionHash === undefined) {
     const randUuidSegment = randomUUID().split('-')[0]
-    // Lazily access constants.rootPath.
-    const { version } = readPackageJsonSync(constants.rootPath)
+    const { version } = getRootPkgJsonSync()
     let gitHash = ''
     try {
       gitHash = spawnSync('git', ['rev-parse', '--short', 'HEAD'], {
@@ -98,8 +107,8 @@ function getSocketVersionHash() {
     // Mostly for development: confirms the build refreshed. For prod builds
     // the git hash should suffice to identify the build.
     _socketVersionHash = `${version}:${gitHash}:${randUuidSegment}${
-      // Lazily access constants.ENV[SOCKET_CLI_PUBLISHED_BUILD].
-      constants.ENV[SOCKET_CLI_PUBLISHED_BUILD] ? ':pub' : ':dev'
+      // Lazily access constants.ENV[INLINED_SOCKET_CLI_PUBLISHED_BUILD].
+      constants.ENV[INLINED_SOCKET_CLI_PUBLISHED_BUILD] ? ':pub' : ':dev'
     }`
   }
   return _socketVersionHash
@@ -275,33 +284,48 @@ export default function baseConfig(extendConfig = {}) {
         preventAssignment: true,
         values: [
           [
-            SOCKET_CLI_VERSION_HASH,
-            () => JSON.stringify(getSocketVersionHash())
+            INLINED_CYCLONEDX_CDXGEN_VERSION,
+            () =>
+              JSON.stringify(
+                getRootPkgJsonSync().devDependencies['@cyclonedx/cdxgen']
+              )
+          ],
+          [
+            INLINED_SOCKET_CLI_VERSION,
+            () => JSON.stringify(getRootPkgJsonSync().version)
           ],
           [
-            SOCKET_CLI_LEGACY_BUILD,
+            INLINED_SOCKET_CLI_VERSION_HASH,
+            () => JSON.stringify(getSocketCliVersionHash())
+          ],
+          [
+            INLINED_SOCKET_CLI_LEGACY_BUILD,
             () =>
               JSON.stringify(
-                // Lazily access constants.ENV[SOCKET_CLI_LEGACY_BUILD].
-                !!constants.ENV[SOCKET_CLI_LEGACY_BUILD]
+                // Lazily access constants.ENV[INLINED_SOCKET_CLI_LEGACY_BUILD].
+                !!constants.ENV[INLINED_SOCKET_CLI_LEGACY_BUILD]
               )
           ],
           [
-            SOCKET_CLI_PUBLISHED_BUILD,
+            INLINED_SOCKET_CLI_PUBLISHED_BUILD,
             () =>
               JSON.stringify(
-                // Lazily access constants.ENV[SOCKET_CLI_PUBLISHED_BUILD].
-                !!constants.ENV[SOCKET_CLI_PUBLISHED_BUILD]
+                // Lazily access constants.ENV[INLINED_SOCKET_CLI_PUBLISHED_BUILD].
+                !!constants.ENV[INLINED_SOCKET_CLI_PUBLISHED_BUILD]
               )
           ],
           [
-            SOCKET_CLI_SENTRY_BUILD,
+            INLINED_SOCKET_CLI_SENTRY_BUILD,
             () =>
               JSON.stringify(
-                // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
-                !!constants.ENV[SOCKET_CLI_SENTRY_BUILD]
+                // Lazily access constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD].
+                !!constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD]
               )
           ],
+          [
+            INLINED_SYNP_VERSION,
+            () => JSON.stringify(getRootPkgJsonSync().devDependencies['synp'])
+          ],
           [
             VITEST,
             () =>

.config/rollup.dist.config.mjs

@@ -26,6 +26,9 @@ import {
 
 const {
   CONSTANTS,
+  INLINED_SOCKET_CLI_LEGACY_BUILD,
+  INLINED_SOCKET_CLI_SENTRY_BUILD,
+  INLINED_SOCKET_CLI_TEST_DIST_BUILD,
   INSTRUMENT_WITH_SENTRY,
   MODULE_SYNC,
   REQUIRE,
@@ -34,18 +37,15 @@ const {
   SHADOW_NPM_INJECT,
   SOCKET_CLI_BIN_NAME,
   SOCKET_CLI_BIN_NAME_ALIAS,
-  SOCKET_CLI_LEGACY_BUILD,
   SOCKET_CLI_LEGACY_PACKAGE_NAME,
   SOCKET_CLI_NPM_BIN_NAME,
   SOCKET_CLI_NPX_BIN_NAME,
   SOCKET_CLI_PACKAGE_NAME,
   SOCKET_CLI_SENTRY_BIN_NAME,
   SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,
-  SOCKET_CLI_SENTRY_BUILD,
   SOCKET_CLI_SENTRY_NPM_BIN_NAME,
   SOCKET_CLI_SENTRY_NPX_BIN_NAME,
   SOCKET_CLI_SENTRY_PACKAGE_NAME,
-  SOCKET_CLI_TEST_DIST_BUILD,
   VENDOR,
   depStatsPath,
   rootDistPath,
@@ -84,7 +84,7 @@ const sharedPlugins = [
   replacePlugin({
     delimiters: ['(?<![\'"])\\b', '(?![\'"])'],
     preventAssignment: true,
-    values: [[SOCKET_CLI_TEST_DIST_BUILD, 'false']].reduce(
+    values: [[INLINED_SOCKET_CLI_TEST_DIST_BUILD, 'false']].reduce(
       (obj, { 0: name, 1: value }) => {
         obj[`process.env.${name}`] = value
         obj[`process.env['${name}']`] = value
@@ -205,8 +205,8 @@ async function updateDepStats(depStats) {
       delete depStats.dependencies[key]
     }
   }
-  // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
-  if (constants.ENV[SOCKET_CLI_SENTRY_BUILD]) {
+  // Lazily access constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD].
+  if (constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD]) {
     // Add Sentry as a direct dependency for this build.
     depStats.dependencies[SENTRY_NODE] = (await getSentryManifest()).version
   }
@@ -238,8 +238,8 @@ async function updatePackageJson() {
     bin,
     dependencies
   })
-  // Lazily access constants.ENV[SOCKET_CLI_LEGACY_BUILD].
-  if (constants.ENV[SOCKET_CLI_LEGACY_BUILD]) {
+  // Lazily access constants.ENV[INLINED_SOCKET_CLI_LEGACY_BUILD].
+  if (constants.ENV[INLINED_SOCKET_CLI_LEGACY_BUILD]) {
     editablePkgJson.update({
       name: SOCKET_CLI_LEGACY_PACKAGE_NAME,
       bin: {
@@ -248,8 +248,8 @@ async function updatePackageJson() {
       }
     })
   }
-  // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
-  else if (constants.ENV[SOCKET_CLI_SENTRY_BUILD]) {
+  // Lazily access constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD].
+  else if (constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD]) {
     editablePkgJson.update({
       name: SOCKET_CLI_SENTRY_PACKAGE_NAME,
       description: SOCKET_DESCRIPTION_WITH_SENTRY,
@@ -281,17 +281,17 @@ async function updatePackageLockFile() {
   rootPkg.name = SOCKET_CLI_PACKAGE_NAME
   rootPkg.bin = bin
   rootPkg.dependencies = dependencies
-  // Lazily access constants.ENV[SOCKET_CLI_LEGACY_BUILD].
-  if (constants.ENV[SOCKET_CLI_LEGACY_BUILD]) {
+  // Lazily access constants.ENV[INLINED_SOCKET_CLI_LEGACY_BUILD].
+  if (constants.ENV[INLINED_SOCKET_CLI_LEGACY_BUILD]) {
     lockJson.name = SOCKET_CLI_LEGACY_PACKAGE_NAME
     rootPkg.name = SOCKET_CLI_LEGACY_PACKAGE_NAME
     rootPkg.bin = toSortedObject({
       [SOCKET_CLI_BIN_NAME_ALIAS]: bin[SOCKET_CLI_BIN_NAME],
       ...bin
     })
   }
-  // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
-  else if (constants.ENV[SOCKET_CLI_SENTRY_BUILD]) {
+  // Lazily access constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD].
+  else if (constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD]) {
     lockJson.name = SOCKET_CLI_SENTRY_PACKAGE_NAME
     rootPkg.name = SOCKET_CLI_SENTRY_PACKAGE_NAME
     rootPkg.bin = {
@@ -312,8 +312,8 @@ export default () => {
   const moduleSyncConfig = baseConfig({
     input: {
       ...sharedInputs,
-      // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
-      ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD]
+      // Lazily access constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD].
+      ...(constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD]
         ? {
             [INSTRUMENT_WITH_SENTRY]: `${rootSrcPath}/${INSTRUMENT_WITH_SENTRY}.ts`
           }
@@ -419,8 +419,8 @@ export default () => {
           ])
           await Promise.all([
             removeDtsAndMapFiles(CONSTANTS, distModuleSyncPath),
-            // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
-            ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD]
+            // Lazily access constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD].
+            ...(constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD]
               ? [
                   moveDtsAndMapFiles(
                     INSTRUMENT_WITH_SENTRY,

.config/rollup.test.config.mjs

@@ -11,7 +11,7 @@ import {
   normalizeId
 } from '../scripts/utils/packages.js'
 
-const { ROLLUP_EXTERNAL_SUFFIX, SOCKET_CLI_TEST_DIST_BUILD } = constants
+const { INLINED_SOCKET_CLI_TEST_DIST_BUILD, ROLLUP_EXTERNAL_SUFFIX } = constants
 
 export default () => {
   // Lazily access constants.rootSrcPath
@@ -62,7 +62,7 @@ export default () => {
       replacePlugin({
         delimiters: ['(?<![\'"])\\b', '(?![\'"])'],
         preventAssignment: true,
-        values: [[SOCKET_CLI_TEST_DIST_BUILD, 'true']].reduce(
+        values: [[INLINED_SOCKET_CLI_TEST_DIST_BUILD, 'true']].reduce(
           (obj, { 0: name, 1: value }) => {
             obj[`process.env.${name}`] = value
             obj[`process.env['${name}']`] = value

.github/workflows/provenance.yml

@@ -21,15 +21,15 @@ jobs:
           scope: "@socketsecurity"
       - run: npm install -g npm@latest
       - run: npm ci
-      - run: SOCKET_CLI_PUBLISHED_BUILD=1 npm run build:dist
+      - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 npm run build:dist
       - run: npm publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-      - run: SOCKET_CLI_PUBLISHED_BUILD=1 SOCKET_CLI_LEGACY_BUILD=1 npm run build:dist
+      - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_LEGACY_BUILD=1 npm run build:dist
       - run: npm publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-      - run: SOCKET_CLI_PUBLISHED_BUILD=1 SOCKET_CLI_SENTRY_BUILD=1 npm run build:dist
+      - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_SENTRY_BUILD=1 npm run build:dist
       - run: npm publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

bin/cli.js

@@ -5,12 +5,12 @@ const process = require('node:process')
 
 const constants = require('../dist/constants')
 
-const { DIST_TYPE, SOCKET_CLI_SENTRY_BUILD } = constants
+const { DIST_TYPE, INLINED_SOCKET_CLI_SENTRY_BUILD } = constants
 
 if (
   DIST_TYPE === 'require' &&
-  // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
-  !constants.ENV[SOCKET_CLI_SENTRY_BUILD]
+  // Lazily access constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD].
+  !constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD]
 ) {
   // Lazily access constants.distCliPath.
   require(constants.distCliPath)
@@ -25,8 +25,8 @@ if (
       ...constants.nodeHardenFlags,
       // Lazily access constants.nodeNoWarningsFlags.
       ...constants.nodeNoWarningsFlags,
-      // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
-      ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD]
+      // Lazily access constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD].
+      ...(constants.ENV[INLINED_SOCKET_CLI_SENTRY_BUILD]
         ? [
             '--require',
             // Lazily access constants.distInstrumentWithSentryPath.

scripts/constants.js

@@ -18,6 +18,10 @@ const {
 const WITH_SENTRY = 'with-sentry'
 const CLI = 'cli'
 const CONSTANTS = 'constants'
+const INLINED_SOCKET_CLI_LEGACY_BUILD = 'INLINED_SOCKET_CLI_LEGACY_BUILD'
+const INLINED_SOCKET_CLI_PUBLISHED_BUILD = 'INLINED_SOCKET_CLI_PUBLISHED_BUILD'
+const INLINED_SOCKET_CLI_SENTRY_BUILD = 'INLINED_SOCKET_CLI_SENTRY_BUILD'
+const INLINED_SOCKET_CLI_TEST_DIST_BUILD = 'INLINED_SOCKET_CLI_TEST_DIST_BUILD'
 const INSTRUMENT_WITH_SENTRY = `instrument-${WITH_SENTRY}`
 const MODULE_SYNC = 'module-sync'
 const REQUIRE = 'require'
@@ -31,19 +35,14 @@ const SOCKET = 'socket'
 const SOCKET_CLI_BIN_NAME = SOCKET
 const SOCKET_CLI_BIN_NAME_ALIAS = CLI
 const SOCKET_CLI_SENTRY_BIN_NAME_ALIAS = `${SOCKET_CLI_BIN_NAME_ALIAS}-${WITH_SENTRY}`
-const SOCKET_CLI_LEGACY_BUILD = 'SOCKET_CLI_LEGACY_BUILD'
 const SOCKET_CLI_LEGACY_PACKAGE_NAME = `${SOCKET_SECURITY_SCOPE}/${CLI}`
 const SOCKET_CLI_NPM_BIN_NAME = `${SOCKET}-${NPM}`
 const SOCKET_CLI_NPX_BIN_NAME = `${SOCKET}-${NPX}`
 const SOCKET_CLI_PACKAGE_NAME = SOCKET
-const SOCKET_CLI_PUBLISHED_BUILD = 'SOCKET_CLI_PUBLISHED_BUILD'
 const SOCKET_CLI_SENTRY_BIN_NAME = `${SOCKET_CLI_BIN_NAME}-${WITH_SENTRY}`
-const SOCKET_CLI_SENTRY_BUILD = 'SOCKET_CLI_SENTRY_BUILD'
 const SOCKET_CLI_SENTRY_NPM_BIN_NAME = `${SOCKET_CLI_NPM_BIN_NAME}-${WITH_SENTRY}`
 const SOCKET_CLI_SENTRY_NPX_BIN_NAME = `${SOCKET_CLI_NPX_BIN_NAME}-${WITH_SENTRY}`
 const SOCKET_CLI_SENTRY_PACKAGE_NAME = `${SOCKET_CLI_LEGACY_PACKAGE_NAME}-${WITH_SENTRY}`
-const SOCKET_CLI_TEST_DIST_BUILD = 'SOCKET_CLI_TEST_DIST_BUILD'
-const SOCKET_CLI_VERSION_HASH = 'SOCKET_CLI_VERSION_HASH'
 const VENDOR = 'vendor'
 
 const LAZY_ENV = () => {
@@ -52,11 +51,17 @@ const LAZY_ENV = () => {
     // Lazily access registryConstants.ENV.
     ...registryConstants.ENV,
     // Flag set to determine if this is the Legacy build.
-    [SOCKET_CLI_LEGACY_BUILD]: envAsBoolean(env[SOCKET_CLI_LEGACY_BUILD]),
+    [INLINED_SOCKET_CLI_LEGACY_BUILD]: envAsBoolean(
+      env[INLINED_SOCKET_CLI_LEGACY_BUILD]
+    ),
     // Flag set to determine if this is a published build.
-    [SOCKET_CLI_PUBLISHED_BUILD]: envAsBoolean(env[SOCKET_CLI_PUBLISHED_BUILD]),
+    [INLINED_SOCKET_CLI_PUBLISHED_BUILD]: envAsBoolean(
+      env[INLINED_SOCKET_CLI_PUBLISHED_BUILD]
+    ),
     // Flag set to determine if this is the Sentry build.
-    [SOCKET_CLI_SENTRY_BUILD]: envAsBoolean(env[SOCKET_CLI_SENTRY_BUILD])
+    [INLINED_SOCKET_CLI_SENTRY_BUILD]: envAsBoolean(
+      env[INLINED_SOCKET_CLI_SENTRY_BUILD]
+    )
   })
 }
 
@@ -99,6 +104,10 @@ const constants = createConstantsObject(
     CLI,
     CONSTANTS,
     ENV: undefined,
+    INLINED_SOCKET_CLI_LEGACY_BUILD,
+    INLINED_SOCKET_CLI_PUBLISHED_BUILD,
+    INLINED_SOCKET_CLI_SENTRY_BUILD,
+    INLINED_SOCKET_CLI_TEST_DIST_BUILD,
     INSTRUMENT_WITH_SENTRY,
     MODULE_SYNC,
     REQUIRE,
@@ -112,19 +121,14 @@ const constants = createConstantsObject(
     SOCKET_CLI_BIN_NAME,
     SOCKET_CLI_BIN_NAME_ALIAS,
     SOCKET_CLI_SENTRY_BIN_NAME_ALIAS,
-    SOCKET_CLI_LEGACY_BUILD,
     SOCKET_CLI_LEGACY_PACKAGE_NAME,
     SOCKET_CLI_NPM_BIN_NAME,
     SOCKET_CLI_NPX_BIN_NAME,
     SOCKET_CLI_PACKAGE_NAME,
-    SOCKET_CLI_PUBLISHED_BUILD,
     SOCKET_CLI_SENTRY_BIN_NAME,
-    SOCKET_CLI_SENTRY_BUILD,
     SOCKET_CLI_SENTRY_NPM_BIN_NAME,
     SOCKET_CLI_SENTRY_NPX_BIN_NAME,
     SOCKET_CLI_SENTRY_PACKAGE_NAME,
-    SOCKET_CLI_TEST_DIST_BUILD,
-    SOCKET_CLI_VERSION_HASH,
     VENDOR,
     WITH_SENTRY,
     babelConfigPath: undefined,