fix: update lib to 5.4.0 and modernize asset extraction #1025
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates @socketsecurity/lib from 5.3.0 to 5.4.0 to enable glob pattern support for asset downloads. Modernizes extraction scripts to use lib utilities consistently. Fixes CI failures where all test jobs failed during build phase with ENOENT errors when trying to write yoga-sync.mjs. Changes: - Bump @socketsecurity/lib to 5.4.0 for glob pattern support - Replace ensureOutputDir with safeMkdir from @socketsecurity/lib/fs - Inline socket-btm-releases helpers into extract-yoga-wasm.mjs - Add defensive directory creation before all file writes Resolves build failures in Integration Tests, E2E Tests, and Unit Tests.
Add dedicated generate-packages.mjs script and prebuild hook to ensure template packages (cli-with-sentry, socket, socketbin) are generated before the CLI build runs. This fixes ENOENT errors in CI when trying to read packages/package-builder/build/socket/package.json during the build. Previous approach used --skip-prereqs flag which was unnecessary since we don't need to verify Node/pnpm versions during build - they're guaranteed to exist in the build environment.
jdalton
force-pushed
the
fix/lib-5.4.0-asset-helpers
branch
from
12de118 to
c429c1c
Compare
The build now always copies build/cli.js to dist/cli.js, not just in production mode. This is required because dist/index.js (the entry point) loads cli.js from its own directory. Previously, running 'pnpm build' would create dist/index.js but not dist/cli.js, causing integration tests to fail with MODULE_NOT_FOUND errors. This fixes integration test failures where dist/index.js couldn't find cli.js.
When --help or other Node.js CLI flags were passed, they were being forwarded to the Python CLI before the Node.js CLI could handle them. This caused integration tests to fail because they received Python's socketcli help output instead of the Node.js CLI help. Added a whitelist of Node.js CLI flags (--help, --version, --config, etc.) that should not be forwarded to Python CLI. This allows the Node.js CLI to handle its own built-in flags correctly.
jdalton
force-pushed
the
fix/lib-5.4.0-asset-helpers
branch
from
cd9ebe3 to
13b549b
Compare
The @socketsecurity/[email protected] package has a bundling issue with the debug module that causes 'import_debug210.default.enable is not a function' errors when the CLI re-bundles the already-bundled lib code. Changes: - Reverted @socketsecurity/lib from 5.4.0 to 5.3.0 - Modified extract-yoga-wasm.mjs to download 'assets' directory and manually find the yoga-sync-*.mjs file instead of using glob patterns - This works around the glob pattern limitation in lib 5.3.0 while avoiding the debug bundling bug in lib 5.4.0 - Fixed lint issues (import order)
jdalton
force-pushed
the
fix/lib-5.4.0-asset-helpers
branch
from
13b549b to
ba52603
Compare
The [email protected] bundles a stub for the debug module that was missing the `enable()` and `disable()` methods. When the CLI re-bundles this code, it fails with "import_debug2.default.enable is not a function". This patch adds the missing methods as no-op functions to the stub.
…ble/disable" This reverts commit 403d806.
The [email protected] has helpers for asset downloads that the CLI needs. The lib's bundled debug stub was missing enable/disable methods, which caused errors when the CLI re-bundled the code. This patch adds the missing methods to the debug stub.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Contributor
Author
|
Superseded by direct merge to main - @socketsecurity/lib updated to 5.4.1 which includes the external bundling fixes (debug, supports-color, etc.) and asset helper improvements. |
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Updates
@socketsecurity/libfrom 5.3.0 to 5.4.0 and modernizes extraction scripts to use lib utilities consistently.Fixes CI failures where all test jobs failed during build phase with ENOENT errors when trying to write
yoga-sync.mjs.Changes
@socketsecurity/libto 5.4.0 for glob pattern supportensureOutputDirwithsafeMkdirfrom@socketsecurity/lib/fssocket-btm-releaseshelpers intoextract-yoga-wasm.mjsRoot Cause
The extraction scripts used glob pattern syntax (
yoga-sync-*.mjs) that requires lib 5.4.0, but the project was pinned to 5.3.0. Pattern matching failed, triggering fallback placeholder generation which crashed because thebuild/directory didn't exist in CI.Fixes
Resolves failures in Integration Tests, E2E Tests (shards 1-2), and Unit Tests (shards 1-3).
Note
Modernizes build-time asset extraction and bumps core lib.
@socketsecurity/libto5.4.0across workspace/lockfilesafeMkdir/safeMkdirSyncfor robust directory creation inextract-models.mjsandextract-onnx-runtime.mjsextract-yoga-wasm.mjsto use globbed downloads (yoga-sync-*.mjs), inlinecomputeFileHash/generateHeader, add version check/caching, and generate a safer placeholder; ensures output dirs before writesscripts/utils/socket-btm-releases.mjs(helpers now inlined)Written by Cursor Bugbot for commit 083e692. Configure here.