Every subpath exported by @socketsecurity/lib-stable, grouped by namespace.
Each entry links to the source module and shows the first sentence of its @fileoverview.
Regenerate with
pnpm run docsafter adding or removing exports. Do not edit this file by hand.
Jump to: Top-level · abort/ · ai/ · ansi/ · archives/ · argv/ · arrays/ · bin/ · cacache/ · cache/ · checks/ · cli/ · colors/ · compression/ · config/ · constants/ · cover/ · crypto/ · debug/ · dlx/ · eco/ · effects/ · env/ · errors/ · events/ · external-tools/ · fleet/ · fs/ · git/ · github/ · globs/ · http-request/ · ipc-cli/ · ipc/ · json/ · links/ · logger/ · memo/ · native-messaging/ · node/ · objects/ · packages/ · paths/ · perf/ · pkg-ext/ · primordials/ · process/ · promises/ · regexps/ · releases/ · schema/ · sea/ · secrets/ · shadow/ · shell/ · smol/ · sorts/ · spinner/ · stdio/ · streams/ · strings/ · tables/ · temporal/ · themes/ · url/ · versions/ · words/
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/errors |
Human-readable error-message extractor. |
@socketsecurity/lib-stable/http-request |
Node-side HTTP request layer — the public surface (httpJson, httpText, httpRequest, HttpResponseError) for consumers on Node. |
@socketsecurity/lib-stable/integrity |
Integrity + checksum helpers. |
@socketsecurity/lib-stable/logger |
Node-side Logger class — owns per-instance state (parent, bound stream, indent buffers, theme) and exposes the public surface as thin delegators over sibling free-function leaves. |
@socketsecurity/lib-stable/native-messaging |
(no description) |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/abort/signal |
Abort signal utilities — composite signal construction from multiple sources and timeout-driven signal creation. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/ai/agent-context |
(no description) |
@socketsecurity/lib-stable/ai/backends |
(no description) |
@socketsecurity/lib-stable/ai/credentials |
(no description) |
@socketsecurity/lib-stable/ai/discover |
(no description) |
@socketsecurity/lib-stable/ai/exec |
(no description) |
@socketsecurity/lib-stable/ai/http |
(no description) |
@socketsecurity/lib-stable/ai/profiles |
(no description) |
@socketsecurity/lib-stable/ai/route |
(no description) |
@socketsecurity/lib-stable/ai/spawn |
(no description) |
@socketsecurity/lib-stable/ai/subagent-status |
(no description) |
@socketsecurity/lib-stable/ai/tier |
(no description) |
@socketsecurity/lib-stable/ai/types |
(no description) |
@socketsecurity/lib-stable/ai/worktree |
(no description) |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/ansi/constants |
ANSI escape code constants. |
@socketsecurity/lib-stable/ansi/strip |
ANSI escape-code regex factory and stripping helper. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/archives/detect |
Format detection by file extension. |
@socketsecurity/lib-stable/archives/extract |
extractArchive — format-detecting dispatcher that routes to extractTar / extractTarGz / extractZip. |
@socketsecurity/lib-stable/archives/tar |
Tar / tar.gz extraction with security limits and symlink rejection. |
@socketsecurity/lib-stable/archives/types |
Public type surface for archives/* modules — the ArchiveFormat union and the ExtractOptions security-limit record. |
@socketsecurity/lib-stable/archives/zip |
Zip extraction with security limits and path traversal validation. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/argv/flag-predicates |
Flag predicates — is* checks across parsed FlagValues, raw process.argv, or no input. |
@socketsecurity/lib-stable/argv/flag-types |
Types + COMMON_FLAGS table for argv flag parsing. |
@socketsecurity/lib-stable/argv/parse |
Argument parsing utilities for CLI applications. |
@socketsecurity/lib-stable/argv/parse-args-string |
Tokenize a shell-style command string into an argv array. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/arrays/chunk |
Split an array into fixed-size chunks. |
@socketsecurity/lib-stable/arrays/join |
Grammatical list joiners via Intl.ListFormat — Oxford-comma aware and locale-correct. |
@socketsecurity/lib-stable/arrays/predicates |
Array type-guard predicates. |
@socketsecurity/lib-stable/arrays/unique |
Deduplicate an array via Set. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/bin/exec |
execBin — spawn a binary with PATH resolution, wrapper-script unwrapping, and Windows shell handling. |
@socketsecurity/lib-stable/bin/find |
Find specific package-manager binaries with platform- aware fallbacks. |
@socketsecurity/lib-stable/bin/resolve |
Resolve a binary path to the underlying script file. |
@socketsecurity/lib-stable/bin/shadow |
Shadow-bin detection. |
@socketsecurity/lib-stable/bin/types |
Public type surface for bin/* modules — the WhichOptions interface that callers pass to which, whichSync, whichReal, and whichRealSync. |
@socketsecurity/lib-stable/bin/which |
Look up binaries on PATH. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/cacache/clear |
Bulk-clear entries from the Socket shared cacache — clear() plus its wildcard helper createPatternMatcher. |
@socketsecurity/lib-stable/cacache/read |
Cache read entrypoints — get (throws on miss) and safeGet (returns undefined on miss). |
@socketsecurity/lib-stable/cacache/tmp |
withTmp — run a callback with a freshly-created temp directory under the cacache root. |
@socketsecurity/lib-stable/cacache/types |
Public type surface for cacache/* modules — the CacheEntry row shape returned by reads and the option bags consumed by clear / get / put. |
@socketsecurity/lib-stable/cacache/write |
Cache write entrypoints — put (insert/replace by key) and remove (single-key delete). |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/cache/ttl/store |
createTtlCache — generic TTL-based cache built on top of cacache (persistent) plus an in-memory LRU memo layer. |
@socketsecurity/lib-stable/cache/ttl/types |
Public type surface for cache/ttl/* modules — the TtlCache interface (the seven-method API returned by createTtlCache), the TtlCacheEntry storage shape, and the TtlCacheOptions / ClearOptions configuration... |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/checks/primordials |
Primordials drift check — generic core. |
@socketsecurity/lib-stable/checks/primordials-defaults |
GENERATED — do not edit by hand. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/cli/check |
socket-lib check <name> subcommand group. |
@socketsecurity/lib-stable/cli/check-primordials |
socket-lib check primordials handler. |
@socketsecurity/lib-stable/cli/socket-lib |
socket-lib CLI entry point — top-level dispatcher. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/colors/convert |
Color conversion helpers — isRgbTuple() narrows a ColorValue to the RGB-tuple branch, and toRgb() resolves a named color or passes through an existing tuple. |
@socketsecurity/lib-stable/colors/palette |
Named-color palette — maps each ColorName to its canonical RGB tuple. |
@socketsecurity/lib-stable/colors/socket-palette |
Socket terminal-color palette — mirrors the CSS design tokens defined in the fleet's template/styles/tokens.css (light / dark / synthwave themes). |
@socketsecurity/lib-stable/colors/types |
Public type surface for colors/* modules — the ColorInherit literal, the ColorName named-color union, the ColorRgb tuple, and the ColorValue super-union. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/compression/brotli |
Brotli compression / decompression — in-memory, file-to-file, and raw-stream variants. |
@socketsecurity/lib-stable/compression/gzip |
Gzip compression / decompression — same calling shapes as brotli: in-memory, file-to-file, and raw-stream variants. |
@socketsecurity/lib-stable/compression/types |
Public type surface for compression/* modules — the CompressOptions accepted by every compression entrypoint and CompressFileOptions which extends it with inPlace. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/config/layers |
Read a layered config — a base config that higher layers may override or extend. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/cover/code |
Code coverage utilities for parsing v8 coverage data. |
@socketsecurity/lib-stable/cover/formatters |
Coverage output formatters. |
@socketsecurity/lib-stable/cover/type |
TypeScript type coverage utilities. |
@socketsecurity/lib-stable/cover/types |
Type definitions for coverage utilities. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/crypto/hash |
Crypto hash helpers that prefer Node builtins where available. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/debug/caller-info |
getCallerInfo — extract the caller's function name from the V8 stack trace at a given offset. |
@socketsecurity/lib-stable/debug/namespace |
Namespace-handling helpers — extractOptions normalises the polymorphic first argument that every *Ns function takes, getDebugJsInstance per-namespace caches the underlying debug-js instance with customLog pa... |
@socketsecurity/lib-stable/debug/output |
Output entrypoints — debug / debugCache / debugDir / debugLog and their *Ns namespace variants, plus debuglog (node-util-compatible) and debugtime (start/end timers). |
@socketsecurity/lib-stable/debug/types |
Public type surface for debug/* modules — the options bag accepted by every debug*Ns entrypoint and the InspectOptions mirror of node:util's shape (the public subset we accept; not the full thing). |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/dlx/arborist |
Safe Arborist wrapper for dlx installs and lockfile-only resolution. |
@socketsecurity/lib-stable/dlx/binary |
DLX binary execution utilities for Socket ecosystem. |
@socketsecurity/lib-stable/dlx/binary-cache |
On-disk cache metadata helpers for dlx binaries. |
@socketsecurity/lib-stable/dlx/binary-download |
Download helpers for dlx binaries — fetch tarballs from URLs, verify integrity, cache to disk with concurrency locking. |
@socketsecurity/lib-stable/dlx/binary-resolution |
Binary resolution for installed dlx packages. |
@socketsecurity/lib-stable/dlx/binary-types |
Public option / result interfaces for dlx binary operations. |
@socketsecurity/lib-stable/dlx/cache |
Cache key generation utilities for DLX package installations. |
@socketsecurity/lib-stable/dlx/detect |
Executable type detection for DLX and local filesystem paths. |
@socketsecurity/lib-stable/dlx/dir |
Directory management utilities for DLX installations. |
@socketsecurity/lib-stable/dlx/firewall |
Socket Firewall integration for dlx installs. |
@socketsecurity/lib-stable/dlx/lockfile |
Package pin generation for dlx installs. |
@socketsecurity/lib-stable/dlx/manifest |
DLX manifest storage utilities. |
@socketsecurity/lib-stable/dlx/package |
DLX package execution — install and execute npm packages. |
@socketsecurity/lib-stable/dlx/packages |
Package management utilities for DLX installations. |
@socketsecurity/lib-stable/dlx/paths |
Path utilities for DLX package installations. |
@socketsecurity/lib-stable/dlx/spec |
Parse package@version specs into {name, version}. |
@socketsecurity/lib-stable/dlx/types |
Public option / result interfaces for dlx package operations. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/eco/cargo/lockfile-format |
Format descriptor for Cargo.lock — Rust's Cargo-managed lockfile. |
@socketsecurity/lib-stable/eco/cargo/manifest-format |
Format descriptor for Cargo.toml — Rust's package manifest. |
@socketsecurity/lib-stable/eco/cargo/parse-lockfile |
parseCargoLock(content) — parses a Rust Cargo.lock (v1/v2/v3/v4) into a ParsedLockfile. |
@socketsecurity/lib-stable/eco/manifest/analyze-lockfile |
analyzeLockfile(lockfile) — returns a LockfileStats summary (counts by dep type, total packages, per-ecosystem breakdown). |
@socketsecurity/lib-stable/eco/manifest/detect-format |
detectFormat(filename) — maps a filename (or path) to its FormatDescriptor (ecosystem + manifest/lockfile + lockfile format), or returns undefined if nothing matched. |
@socketsecurity/lib-stable/eco/manifest/find-packages |
findPackages(lockfile, pattern) — returns all PackageRefs whose name matches the regex/string pattern. |
@socketsecurity/lib-stable/eco/manifest/get-package |
getPackage(lockfile, name) — O(1) lookup of the first matching PackageRef by name in a ParsedLockfile. |
@socketsecurity/lib-stable/eco/manifest/get-package-versions |
getPackageVersions(lockfile, name) — returns all PackageRefs that match the given name in a ParsedLockfile. |
@socketsecurity/lib-stable/eco/manifest/manifest-error |
ManifestError — the error class every parser in src/eco/<pm>/parse-* and every dispatcher in src/eco/manifest/* throws on invalid / unsupported input. |
@socketsecurity/lib-stable/eco/manifest/parse |
parse(filename, content) — auto-detects format from filename then dispatches to parseManifest or parseLockfile. |
@socketsecurity/lib-stable/eco/manifest/parse-lockfile |
parseLockfile(content, ecosystem, format?) — dispatches to the right per-PM lockfile parser. |
@socketsecurity/lib-stable/eco/manifest/parse-manifest |
parseManifest(content, ecosystem) — dispatches to the right per-ecosystem manifest parser. |
@socketsecurity/lib-stable/eco/manifest/types |
Shared types for manifest + lockfile parsing. |
@socketsecurity/lib-stable/eco/npm/bun/exec |
Bun tool surface. |
@socketsecurity/lib-stable/eco/npm/manifest-format |
Format descriptor for package.json — the manifest shape shared across the entire npm-family ecosystem (npm, pnpm, yarn, bun, vlt). |
@socketsecurity/lib-stable/eco/npm/npm/exec |
Execute npm commands with optimized flags and security defaults. |
@socketsecurity/lib-stable/eco/npm/npm/extract-package-name-from-path |
extractPackageNameFromPath(pkgPath) — given an npm v2/v3 lockfile entry key like node_modules/a/node_modules/b, returns the final package name (b), preserving scoped-package boundaries (@scope/name stays joined). |
@socketsecurity/lib-stable/eco/npm/npm/flags |
Npm CLI flag predicates. |
@socketsecurity/lib-stable/eco/npm/npm/lockfile-format |
Format descriptor for npm lockfiles — covers both package-lock.json and npm-shrinkwrap.json (npm v1/v2/v3 lock formats share the parser). |
@socketsecurity/lib-stable/eco/npm/npm/parse-git-url |
parseGitUrl(resolved) — extracts { url, commit } from a resolved field on an npm lockfile entry when it points to a git source (git+… or git://…). |
@socketsecurity/lib-stable/eco/npm/npm/parse-lockfile |
parsePackageLock(content) — parses an npm package-lock.json / npm-shrinkwrap.json (v1/v2/v3) into a ParsedLockfile. |
@socketsecurity/lib-stable/eco/npm/parse-package-json |
parsePackageJson(content) — parses a package.json string into a ParsedManifest. |
@socketsecurity/lib-stable/eco/npm/pnpm/detect-pnpm-version |
detectPnpmVersion(content) — scans a pnpm-lock.yaml for its lockfileVersion: line and returns 5, 6, or 9. |
@socketsecurity/lib-stable/eco/npm/pnpm/exec |
Execute pnpm commands with optimized flags and security defaults. |
@socketsecurity/lib-stable/eco/npm/pnpm/flags |
Pnpm CLI flag predicates. |
@socketsecurity/lib-stable/eco/npm/pnpm/lockfile-format |
Format descriptor for pnpm-lock.yaml — pnpm's YAML-formatted lockfile (v5/v6/v9). |
@socketsecurity/lib-stable/eco/npm/pnpm/parse-lockfile |
parsePnpmLock(content) — parses a pnpm-lock.yaml (v5, v6, or v9) into a ParsedLockfile. |
@socketsecurity/lib-stable/eco/npm/pnpm/parse-pnpm-package-id-v5 |
parsePnpmPackageIdV5(pkgId) — extracts { name, version } from a pnpm v5 package key. |
@socketsecurity/lib-stable/eco/npm/pnpm/parse-pnpm-package-id-v6-v9 |
parsePnpmPackageIdV6V9(pkgId) — extracts { name, version } from a pnpm v6/v9 package key. |
@socketsecurity/lib-stable/eco/npm/script |
Cross-tool script runner — picks the right package manager by detecting the nearest lockfile and dispatches to its exec function. |
@socketsecurity/lib-stable/eco/npm/vlt/exec |
Vlt tool surface. |
@socketsecurity/lib-stable/eco/npm/yarnpkg/yarn/exec |
Execute Yarn Classic (v1.x) commands with optimized flags and security defaults. |
@socketsecurity/lib-stable/eco/npm/yarnpkg/yarn/lockfile-format |
Format descriptor for yarn.lock — yarn's lockfile (Classic v1 + Berry v6 share the filename; the parser auto-discriminates on __metadata: presence). |
@socketsecurity/lib-stable/eco/npm/yarnpkg/yarn/parse-lockfile |
parseYarnLock(content) — parses a yarn.lock (Classic v1 or Berry v6) into a ParsedLockfile. |
@socketsecurity/lib-stable/eco/npm/yarnpkg/yarn/parse-yarn-descriptor |
parseYarnDescriptor(descriptor) — extracts the package name from a yarn lockfile spec key. |
@socketsecurity/lib-stable/eco/purl |
PURL (Package URL) ecosystem identifiers shared across every package manager Socket understands. |
@socketsecurity/lib-stable/eco/types |
Socket Registry ecosystem schema types — tags for packages and the manifest entries the registry build pipeline emits. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/effects/pulse-frames |
Socket pulse animation frames generator. |
@socketsecurity/lib-stable/effects/shimmer |
Shimmer animation engine — pure functions, zero deps. |
@socketsecurity/lib-stable/effects/shimmer-keyframes |
SVG keyframe batcher for the shimmer engine. |
@socketsecurity/lib-stable/effects/shimmer-terminal |
Terminal renderer for the shimmer engine. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/env/boolean |
envAsBoolean — coerce an env-var-shaped value into a boolean. |
@socketsecurity/lib-stable/env/case-insensitive |
Case-insensitive environment-variable key lookup — findCaseInsensitiveEnvKey walks Object.keys(env) with an O(1) length-prefilter before the (expensive) toUpperCase comparison. |
@socketsecurity/lib-stable/env/ci |
CI environment variable getter. |
@socketsecurity/lib-stable/env/debug |
DEBUG environment variable getter. |
@socketsecurity/lib-stable/env/github |
GitHub Actions environment variable getters. |
@socketsecurity/lib-stable/env/github-status |
Probe githubstatus.com to detect platform degradation before making GitHub API calls. |
@socketsecurity/lib-stable/env/home |
HOME environment variable getter with Windows fallback. |
@socketsecurity/lib-stable/env/locale |
Locale and language environment variable getters. |
@socketsecurity/lib-stable/env/node-auth-token |
NODE_AUTH_TOKEN environment variable getter. |
@socketsecurity/lib-stable/env/node-env |
NODE_ENV environment variable getter. |
@socketsecurity/lib-stable/env/node-version-managers |
Detect which Node version manager is active on this machine and emit a targeted upgrade hint. |
@socketsecurity/lib-stable/env/npm |
NPM environment variable getters. |
@socketsecurity/lib-stable/env/number |
envAsNumber — coerce an env-var-shaped value into a number. |
@socketsecurity/lib-stable/env/package-manager |
Package manager environment detection. |
@socketsecurity/lib-stable/env/path |
PATH environment variable getter. |
@socketsecurity/lib-stable/env/pre-commit |
PRE_COMMIT environment variable getter. |
@socketsecurity/lib-stable/env/proxy |
createEnvProxy — wrap process.env (or any env-like record) in a Proxy that adds case-insensitive lookups for known-Windows-sensitive keys (PATH, APPDATA, etc.) and an overrides layer. |
@socketsecurity/lib-stable/env/rewire |
Environment variable rewiring utilities for testing. |
@socketsecurity/lib-stable/env/shell |
SHELL environment variable getter. |
@socketsecurity/lib-stable/env/socket |
Socket Security environment variable getters. |
@socketsecurity/lib-stable/env/socket-cli |
Socket CLI environment variables. |
@socketsecurity/lib-stable/env/socket-mcp |
Socket MCP HTTP server environment variable getters. |
@socketsecurity/lib-stable/env/string |
envAsString — coerce an env-var-shaped value into a string. |
@socketsecurity/lib-stable/env/temp-dir |
Temporary directory environment variable getters. |
@socketsecurity/lib-stable/env/term |
TERM environment variable getter. |
@socketsecurity/lib-stable/env/test |
Test environment variable getters and detection. |
@socketsecurity/lib-stable/env/types |
Public type surface for the cross-cutting env/* leaves split out of the legacy single-file env.ts — option bags consumed by envAsBoolean / envAsNumber / envAsString. |
@socketsecurity/lib-stable/env/windows |
Windows environment variable getters. |
@socketsecurity/lib-stable/env/xdg |
XDG Base Directory Specification environment variable getters. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/errors/message |
Human-readable error-message extractor. |
@socketsecurity/lib-stable/errors/predicates |
Error type-guard predicates — isError (with the isErrorBuiltin / isErrorShim building blocks) and the libuv errno-code narrower isErrnoException. |
@socketsecurity/lib-stable/errors/stack |
Stack-trace extractor with cause-chain support. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/events/exit/handler |
onExit — register a callback for process exit / signal. |
@socketsecurity/lib-stable/events/exit/intercept |
Process-method interceptors — processEmit replaces process.emit and processReallyExit replaces process.reallyExit while load() is active. |
@socketsecurity/lib-stable/events/exit/lifecycle |
load and unload — install and remove the signal-exit listeners. |
@socketsecurity/lib-stable/events/exit/signals |
signals() — list the signals this process is watching. |
@socketsecurity/lib-stable/events/exit/types |
Public type surface for events/exit/* modules — the OnExitOptions consumed by onExit, plus the shared internal types for the signal emitter, emitted-signal map, and listener map. |
@socketsecurity/lib-stable/events/warning/handler |
Bump the max-listener cap on an EventTarget (or AbortSignal). |
@socketsecurity/lib-stable/events/warning/suppress |
process.emitWarning suppression. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/external-tools/bazel/asset-names |
Upstream Bazel release asset-name mapping per platform-arch. |
@socketsecurity/lib-stable/external-tools/bazel/from-download |
bazelFromDownload() — fetches the upstream Bazel binary and returns a ResolvedBazel pointing at the cached executable. |
@socketsecurity/lib-stable/external-tools/bazel/from-path |
bazelFromPath() — looks for bazelisk first, then bazel, on the system PATH. |
@socketsecurity/lib-stable/external-tools/bazel/read-bazel-version-file |
readBazelVersionFile(workspaceDir) — walks up from workspaceDir looking for a .bazelversion file (the Bazel/Bazelisk convention for pinning the project's Bazel version). |
@socketsecurity/lib-stable/external-tools/bazel/resolve |
resolveBazel() — Bazel resolution entry point. |
@socketsecurity/lib-stable/external-tools/bazel/resolve-asset-url |
resolveBazelAssetUrl(version, platformArch) — builds the upstream GitHub Releases download URL for a Bazel binary. |
@socketsecurity/lib-stable/external-tools/bazel/resolve-bazel-version |
resolveBazelVersion({ cwd }) — picks the Bazel version to run for a project, matching the bazelisk precedence: 1. |
@socketsecurity/lib-stable/external-tools/bazel/types |
Shared types for Bazel resolution. |
@socketsecurity/lib-stable/external-tools/cdxgen/asset-names |
Upstream cdxgen release asset-name mapping per platform-arch. |
@socketsecurity/lib-stable/external-tools/cdxgen/from-download |
cdxgenFromDownload() — fetches the upstream cdxgen SEA binary (slim by default) and returns a ResolvedCdxgen pointing at the cached executable. |
@socketsecurity/lib-stable/external-tools/cdxgen/from-path |
cdxgenFromPath() — looks for cdxgen on the system PATH. |
@socketsecurity/lib-stable/external-tools/cdxgen/from-vfs |
cdxgenFromVfs() — extracts cdxgen from the smol binary's VFS. |
@socketsecurity/lib-stable/external-tools/cdxgen/resolve |
resolveCdxgen() — cdxgen resolution entry point. |
@socketsecurity/lib-stable/external-tools/cdxgen/types |
Shared types for cdxgen resolution. |
@socketsecurity/lib-stable/external-tools/from-download |
Generic "download tier" for external-tools resolvers. |
@socketsecurity/lib-stable/external-tools/from-pip-venv |
Generic "venv-install tier" for external-tools resolvers. |
@socketsecurity/lib-stable/external-tools/janus/asset-names |
Upstream janus release asset-name mapping per platform-arch. |
@socketsecurity/lib-stable/external-tools/janus/from-download |
janusFromDownload() — fetches upstream janus and returns a ResolvedJanus pointing at the extracted binary. |
@socketsecurity/lib-stable/external-tools/janus/from-path |
janusFromPath() — looks for janus on the system PATH. |
@socketsecurity/lib-stable/external-tools/janus/from-vfs |
janusFromVfs() — extracts the janus binary from the smol binary's VFS. |
@socketsecurity/lib-stable/external-tools/janus/resolve |
resolveJanus() — janus resolution entry point. |
@socketsecurity/lib-stable/external-tools/janus/types |
Shared types for janus resolution. |
@socketsecurity/lib-stable/external-tools/jre/asset-names |
Adoptium API platform-arch → asset-query mappings. |
@socketsecurity/lib-stable/external-tools/jre/detect-platform-arch |
getJreArch() — resolves the current machine to a platform-arch string suitable for the Adoptium ADOPTIUM_QUERY_MAP keys (e.g. |
@socketsecurity/lib-stable/external-tools/jre/from-download |
jreFromDownload() — fetches Adoptium JRE and returns a ResolvedJre pointing at the extracted java binary. |
@socketsecurity/lib-stable/external-tools/jre/from-java-home |
jreFromJavaHome() — checks $JAVA_HOME for an existing JRE/JDK. |
@socketsecurity/lib-stable/external-tools/jre/from-path |
jreFromPath() — looks for java (or java.exe) on the system PATH via socket-lib's which. |
@socketsecurity/lib-stable/external-tools/jre/from-vfs |
jreFromVfs() — extracts the JRE directory tree from the smol binary's VFS and returns the resolved-shape pointing into the extracted directory. |
@socketsecurity/lib-stable/external-tools/jre/resolve |
resolveJre() — the JRE resolution entry point. |
@socketsecurity/lib-stable/external-tools/jre/types |
Shared types for JRE resolution. |
@socketsecurity/lib-stable/external-tools/manifest |
Reader for external-tools.json — the fleet manifest describing downloadable external binaries (sfw, zizmor, etc.) with pinned versions, per-platform asset names, and integrity hashes. |
@socketsecurity/lib-stable/external-tools/opengrep/asset-names |
Upstream OpenGrep release asset-name mapping per platform-arch. |
@socketsecurity/lib-stable/external-tools/opengrep/from-download |
opengrepFromDownload() — fetches upstream OpenGrep and returns a ResolvedOpengrep pointing at the cached binary. |
@socketsecurity/lib-stable/external-tools/opengrep/from-path |
opengrepFromPath() — looks for opengrep on the system PATH. |
@socketsecurity/lib-stable/external-tools/opengrep/from-vfs |
opengrepFromVfs() — extracts the OpenGrep binary from the smol binary's VFS. |
@socketsecurity/lib-stable/external-tools/opengrep/resolve |
resolveOpengrep() — OpenGrep resolution entry point. |
@socketsecurity/lib-stable/external-tools/opengrep/types |
Shared types for OpenGrep resolution. |
@socketsecurity/lib-stable/external-tools/python/asset-names |
Python-build-standalone release asset mapping. |
@socketsecurity/lib-stable/external-tools/python/dlx |
One-call dlx convenience wrappers for python: resolve (or download) a CPython into the known dlx location, then run a pip primitive against it — so callers don't thread pythonBin by hand. |
@socketsecurity/lib-stable/external-tools/python/from-download |
pythonFromDownload() — fetches a python-build-standalone CPython into the DLX cache and returns a ResolvedPython pointing at the interpreter. |
@socketsecurity/lib-stable/external-tools/python/from-path |
pythonFromPath() — looks for a CPython interpreter on the system PATH. |
@socketsecurity/lib-stable/external-tools/python/pin |
resolvePipPackagePin() — the Python mirror of resolveNpmPackagePin() (dlx/lockfile). |
@socketsecurity/lib-stable/external-tools/python/pip-install |
downloadPipPackage() — the Python mirror of dlx/package.ts's downloadNpmPackage(). |
@socketsecurity/lib-stable/external-tools/python/resolve |
resolvePython() — CPython resolution entry point. |
@socketsecurity/lib-stable/external-tools/python/types |
Types for the python-build-standalone DLX resolver. |
@socketsecurity/lib-stable/external-tools/python/uv-install |
Uv project install helpers — the locked-source-of-truth half of the "uv project + dlx materialize" model. |
@socketsecurity/lib-stable/external-tools/sbt/asset-names |
SBT distribution download-URL builder. |
@socketsecurity/lib-stable/external-tools/sbt/from-download |
sbtFromDownload() — fetches the SBT launcher tarball, extracts it, and returns a ResolvedSbt pointing at the bin/sbt script. |
@socketsecurity/lib-stable/external-tools/sbt/from-path |
sbtFromPath() — looks for the sbt shell script on the system PATH. |
@socketsecurity/lib-stable/external-tools/sbt/from-vfs |
sbtFromVfs() — extracts the SBT launcher jar from the smol binary's VFS. |
@socketsecurity/lib-stable/external-tools/sbt/resolve |
resolveSbt() — SBT resolution entry point. |
@socketsecurity/lib-stable/external-tools/sbt/types |
Shared types for SBT resolution. |
@socketsecurity/lib-stable/external-tools/skillspector/from-dlx |
skillspectorFromDlx() — DLX-venv tier of SkillSpector resolution. |
@socketsecurity/lib-stable/external-tools/skillspector/from-path |
skillspectorFromPath() — which skillspector lookup. |
@socketsecurity/lib-stable/external-tools/skillspector/from-uv |
skillspectorFromUv() — locked-uv-project tier of SkillSpector resolution. |
@socketsecurity/lib-stable/external-tools/skillspector/from-vfs |
skillspectorFromVfs() — extracts SkillSpector from the smol Node VFS if it's bundled. |
@socketsecurity/lib-stable/external-tools/skillspector/resolve |
resolveSkillSpector() — SkillSpector resolution entry point. |
@socketsecurity/lib-stable/external-tools/skillspector/types |
Shared types for SkillSpector resolution. |
@socketsecurity/lib-stable/external-tools/synp/asset-names |
Upstream synp package coordinates. |
@socketsecurity/lib-stable/external-tools/synp/from-download |
synpFromDownload() — installs the pinned synp npm package via dlx/package and returns a ResolvedSynp pointing at the resolved bin shim. |
@socketsecurity/lib-stable/external-tools/synp/from-path |
synpFromPath() — looks for synp on the system PATH. |
@socketsecurity/lib-stable/external-tools/synp/from-vfs |
synpFromVfs() — extracts synp from the smol binary's VFS. |
@socketsecurity/lib-stable/external-tools/synp/resolve |
resolveSynp() — synp resolution entry point. |
@socketsecurity/lib-stable/external-tools/synp/types |
Shared types for synp resolution. |
@socketsecurity/lib-stable/external-tools/trivy/asset-names |
Upstream Trivy release asset-name mapping per platform-arch. |
@socketsecurity/lib-stable/external-tools/trivy/from-download |
trivyFromDownload() — fetches upstream Trivy and returns a ResolvedTrivy pointing at the extracted binary. |
@socketsecurity/lib-stable/external-tools/trivy/from-path |
trivyFromPath() — looks for trivy on the system PATH. |
@socketsecurity/lib-stable/external-tools/trivy/from-vfs |
trivyFromVfs() — extracts the Trivy binary from the smol binary's VFS. |
@socketsecurity/lib-stable/external-tools/trivy/resolve |
resolveTrivy() — Trivy resolution entry point. |
@socketsecurity/lib-stable/external-tools/trivy/types |
Shared types for Trivy resolution. |
@socketsecurity/lib-stable/external-tools/trufflehog/asset-names |
Upstream TruffleHog release asset-name mapping per platform-arch. |
@socketsecurity/lib-stable/external-tools/trufflehog/from-download |
trufflehogFromDownload() — fetches upstream TruffleHog and returns a ResolvedTrufflehog pointing at the extracted binary. |
@socketsecurity/lib-stable/external-tools/trufflehog/from-path |
trufflehogFromPath() — looks for trufflehog on the system PATH via socket-lib's which. |
@socketsecurity/lib-stable/external-tools/trufflehog/from-vfs |
trufflehogFromVfs() — extracts the TruffleHog binary from the smol binary's VFS. |
@socketsecurity/lib-stable/external-tools/trufflehog/resolve |
resolveTrufflehog() — TruffleHog resolution entry point. |
@socketsecurity/lib-stable/external-tools/trufflehog/types |
Shared types for TruffleHog resolution. |
@socketsecurity/lib-stable/external-tools/uv/asset-names |
Upstream uv release asset-name mapping per platform-arch. |
@socketsecurity/lib-stable/external-tools/uv/from-download |
uvFromDownload() — fetches upstream uv and returns a ResolvedUv pointing at the extracted binary. |
@socketsecurity/lib-stable/external-tools/uv/from-path |
uvFromPath() — looks for uv on the system PATH. |
@socketsecurity/lib-stable/external-tools/uv/from-vfs |
uvFromVfs() — extracts the uv binary from the smol binary's VFS. |
@socketsecurity/lib-stable/external-tools/uv/resolve |
resolveUv() — uv resolution entry point. |
@socketsecurity/lib-stable/external-tools/uv/types |
Shared types for uv resolution. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/fleet/repo-config |
Fleet-convention config reader: a per-repo override (.config/repo) layered over the cascaded fleet default (.config/fleet). |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/fs/access |
Synchronous file-access predicates — boolean "can this process do X to this path?" checks over fs.accessSync. |
@socketsecurity/lib-stable/fs/allowed-dirs-cache |
Cache-invalidation entry point for the allowed-directories list used by safeDelete / safeDeleteSync. |
@socketsecurity/lib-stable/fs/encoding |
Encoding-name normalization. |
@socketsecurity/lib-stable/fs/find |
Walk parent directories to locate a file or directory by name. |
@socketsecurity/lib-stable/fs/inspect |
Filesystem inspection helpers — stat / lstat wrappers that return undefined instead of throwing, and the directory / symlink / emptiness predicates layered on top. |
@socketsecurity/lib-stable/fs/read-dir |
Async/sync directory listing — returns directory names only (filtering out files), with optional emptiness suppression and natural-order sorting. |
@socketsecurity/lib-stable/fs/read-file |
File-content readers — UTF-8 / binary / safe variants (sync + async). |
@socketsecurity/lib-stable/fs/read-json |
Read-and-parse helpers for JSON files. |
@socketsecurity/lib-stable/fs/read-json-cache |
Process-scoped LRU cache for readJson / readJsonSync results, keyed by absolute path + stat (ino + size + mtimeMs). |
@socketsecurity/lib-stable/fs/resolve-module |
require.resolve-from-an-arbitrary-base. |
@socketsecurity/lib-stable/fs/safe |
Safe deletion + idempotent directory creation. |
@socketsecurity/lib-stable/fs/types |
Public type surface for fs/* modules — option shapes, encoding union, and result records. |
@socketsecurity/lib-stable/fs/unique |
Generate a unique filepath by appending -1, -2, … before the extension until the path is free. |
@socketsecurity/lib-stable/fs/validate |
Pre-flight readability check for file lists. |
@socketsecurity/lib-stable/fs/write-json |
JSON writers that match the wire-format conventions a tool ecosystem expects: configurable indentation, configurable EOL, trailing newline by default. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/git/changed |
"Anything different from HEAD" helpers — the broad-strokes git status --porcelain view that lumps staged, unstaged, and untracked paths together. |
@socketsecurity/lib-stable/git/repo |
Git repository discovery + foundational lazy fs/path/cwd helpers shared across git/* leaves. |
@socketsecurity/lib-stable/git/staged |
"Ready for the next commit" helpers — git diff --cached over only the index. |
@socketsecurity/lib-stable/git/tracked |
Tracked-status + submodule-membership probes for a working-tree path. |
@socketsecurity/lib-stable/git/types |
Public type surface for git/* modules — the FilterPackagesByChangesOptions and GitDiffOptions configuration records. |
@socketsecurity/lib-stable/git/unstaged |
"Edited but not yet staged" helpers — git diff over the working tree only. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/github/constants |
GitHub API URL + cache-TTL constants. |
@socketsecurity/lib-stable/github/errors |
Named errors thrown by github/* helpers. |
@socketsecurity/lib-stable/github/ghsa |
GitHub Security Advisory (GHSA) lookups. |
@socketsecurity/lib-stable/github/refs |
Resolve GitHub git refs (tag / branch / commit) to full commit SHAs. |
@socketsecurity/lib-stable/github/refs-cache |
TtlCache singleton for github/refs. |
@socketsecurity/lib-stable/github/refs-graphql |
Resolve a GitHub git ref via GraphQL. |
@socketsecurity/lib-stable/github/refs-rest |
Resolve a GitHub git ref via REST tier-cascade. |
@socketsecurity/lib-stable/github/request |
Authenticated GitHub REST fetch. |
@socketsecurity/lib-stable/github/token |
GitHub token resolution. |
@socketsecurity/lib-stable/github/types |
Public type surface for github/* modules — pure interfaces. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/globs/defaults |
The npm-packlist-derived defaultIgnore list. |
@socketsecurity/lib-stable/globs/match |
glob (async) and globSync — fast-glob wrappers with a node:fs.glob fast-path when the option surface lines up. |
@socketsecurity/lib-stable/globs/matcher |
getGlobMatcher — picomatch-backed sync predicate with an LRU-memoized matcher cache. |
@socketsecurity/lib-stable/globs/stream |
globStreamLicenses — license-file discovery as an async stream. |
@socketsecurity/lib-stable/globs/types |
Public type surface for globs/* modules — the Pattern alias, the FastGlobOptions mirror of fast-glob's option surface, and the GlobOptions extension that adds Socket-specific recursive / ignoreOriginals fl... |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/http-request/browser |
Browser-safe HTTP request layer — mirrors the public surface of @socketsecurity/lib/http-request (httpJson, httpText, httpRequest, HttpResponseError) but uses the browser's fetch API instead of Node's `nod... |
@socketsecurity/lib-stable/http-request/checksum-file |
Checksum file fetching + parsing for download verification. |
@socketsecurity/lib-stable/http-request/download |
Streaming file downloads with retries, progress callbacks, and SHA-256 verification. |
@socketsecurity/lib-stable/http-request/download-types |
Types for HTTP download + checksum-fetch operations. |
@socketsecurity/lib-stable/http-request/errors |
Error-message enrichment for HTTP/HTTPS requests. |
@socketsecurity/lib-stable/http-request/fetch/browser |
Thin wrapper over the global fetch() so tests can mock the network layer via vi.mock('@socketsecurity/lib/http-request/fetch/browser') without monkey-patching globalThis.fetch (which conflicts with the project's... |
@socketsecurity/lib-stable/http-request/headers |
Header utilities for HTTP/HTTPS requests. |
@socketsecurity/lib-stable/http-request/http-request |
Node-side HTTP request layer — the public surface (httpJson, httpText, httpRequest, HttpResponseError) for consumers on Node. |
@socketsecurity/lib-stable/http-request/node |
Node-side HTTP request layer — the public surface (httpJson, httpText, httpRequest, HttpResponseError) for consumers on Node. |
@socketsecurity/lib-stable/http-request/request |
Core HTTP/HTTPS request loop — the retry orchestrator. |
@socketsecurity/lib-stable/http-request/request-attempt |
Single HTTP request attempt — the workhorse beneath the retrying httpRequest orchestrator. |
@socketsecurity/lib-stable/http-request/request-types |
Types for HTTP request configuration — options, hooks, and Node IncomingMessage aliases. |
@socketsecurity/lib-stable/http-request/response-reader |
Read a raw Node IncomingMessage into our HttpResponse shape. |
@socketsecurity/lib-stable/http-request/response-types |
Types for HTTP response surface — HttpResponse with its fetch-like body accessors, and HttpResponseError for throwOnError. |
@socketsecurity/lib-stable/http-request/user-agent |
User-Agent header generation for socket-lib's outbound HTTP requests. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/ipc-cli/get |
Socket CLI child-process IPC object getter. |
@socketsecurity/lib-stable/ipc-cli/types |
Public type surface for ipc-cli/* modules — the IpcObject record describing the SOCKET_CLI_* env-var shape forwarded from a parent Socket CLI to a child process. |
| Subpath | Description |
| --------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | -------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| @socketsecurity/lib-stable/ipc/directory | Stub-directory creation + permission audit. |
| @socketsecurity/lib-stable/ipc/paths | IPC stub path resolution. |
| @socketsecurity/lib-stable/ipc/types | Public type surface for ipc/* modules — the IpcStub shape that backs the file-based handoff. |
| @socketsecurity/lib-stable/ipc/write | Atomic stub write — O_CREAT | O_WRONLY | O_EXCL | O_NOFOLLOW so we refuse to overwrite a pre-existing stub (collision with attacker-planted file or PID reuse) and refuse to follow symlinks at the final path component. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/json/edit |
Editable JSON file manipulation with formatting preservation. |
@socketsecurity/lib-stable/json/format |
Shared utilities for JSON formatting preservation and manipulation. |
@socketsecurity/lib-stable/json/parse |
JSON parsing utilities with Buffer detection and BOM stripping. |
@socketsecurity/lib-stable/json/types |
JSON type definitions and interfaces. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/links/create |
Themed hyperlink utilities for terminal output. |
@socketsecurity/lib-stable/links/types |
Public type surface for links/* modules — the LinkOptions record. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/logger/browser |
Browser-safe Logger implementation — mirrors the public success / fail / warn / error / info / log surface of the Node Logger (see ./node) but backed by the global console so it works in Chrome MV3... |
@socketsecurity/lib-stable/logger/colors |
Color application helpers for logger/* modules. |
@socketsecurity/lib-stable/logger/console |
Lazy Console construction + dynamic prototype mirroring for Logger. |
@socketsecurity/lib-stable/logger/console-methods |
Free-function bodies for the Logger methods that are thin, chainable mirrors of the underlying node:console API (assert, count, dir, dirxml, table, time, timeEnd, timeLog, trace). |
@socketsecurity/lib-stable/logger/default |
Shared-default Logger singleton. |
@socketsecurity/lib-stable/logger/indentation-methods |
Free-function bodies for the Logger indentation-domain methods (indent, dedent, resetIndent, group, groupCollapsed, groupEnd). |
@socketsecurity/lib-stable/logger/logger |
Node-side Logger class — owns per-instance state (parent, bound stream, indent buffers, theme) and exposes the public surface as thin delegators over sibling free-function leaves. |
@socketsecurity/lib-stable/logger/node |
Node-side Logger class — owns per-instance state (parent, bound stream, indent buffers, theme) and exposes the public surface as thin delegators over sibling free-function leaves. |
@socketsecurity/lib-stable/logger/options |
Constructor-options parsing for the Logger class. |
@socketsecurity/lib-stable/logger/semantic-methods |
Free-function bodies for the symbol-prefixed semantic Logger methods (done, fail, info, skip, step, success, warn). |
@socketsecurity/lib-stable/logger/stream |
Terminal stream resolution + line-clearing helpers shared by the Node-side Logger methods that write directly to a stream (clearLine, clearVisible, progress). |
@socketsecurity/lib-stable/logger/stream-methods |
Free-function bodies for the Logger methods that write to or clear a raw stream rather than going through the indented #apply path (clearLine, clearVisible, progress, write). |
@socketsecurity/lib-stable/logger/symbols |
Symbol exports + the LOG_SYMBOLS proxy. |
@socketsecurity/lib-stable/logger/symbols-builder |
Free-function helpers for per-instance log-symbol construction + symbol stripping. |
@socketsecurity/lib-stable/logger/types |
Public type surface for logger/* modules — the LogSymbols shape, the LoggerMethods mapped type that mirrors console, and the Task interface returned by Logger.createTask. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/memo/async |
memoizeAsync — async-aware memoizer with the same LRU+TTL contract as memoize, plus thundering-herd dedup. |
@socketsecurity/lib-stable/memo/clear |
clearAllMemoizationCaches — fan out to every per-cache clear function registered in _internal.cacheRegistry. |
@socketsecurity/lib-stable/memo/decorator |
Memoize — class-method decorator that wraps the decorated method via memoize. |
@socketsecurity/lib-stable/memo/memoize |
memoize — synchronous function memoizer with LRU eviction (Map insertion-order based), optional TTL, and optional custom key generator. |
@socketsecurity/lib-stable/memo/once |
once — zero-argument memoizer. |
@socketsecurity/lib-stable/memo/types |
Public type surface for memo/* modules — MemoizeOptions is the user-facing options bag accepted by every memoize entrypoint, CacheEntry<T> is the internal row stored in each per-function cache. |
@socketsecurity/lib-stable/memo/weak |
memoizeWeak — memoizer keyed by an object reference via WeakMap. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/native-messaging/host |
Chrome native messaging host entry point. |
@socketsecurity/lib-stable/native-messaging/install |
Install the Socket native messaging host manifest so Chrome can find and launch the host when the extension calls connectNative(). |
@socketsecurity/lib-stable/native-messaging/rate-limit |
Token-bucket rate limit for the Chrome native-messaging host. |
@socketsecurity/lib-stable/native-messaging/run |
Native messaging host entry point. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/objects/getters |
Lazy-getter primitives + createConstantsObject. |
@socketsecurity/lib-stable/objects/inspect |
Object inspection helpers — getKeys, getOwn, getOwnPropertyValues. |
@socketsecurity/lib-stable/objects/mutate |
Object mutation helpers — merge (deep recursive), objectAssign (alias for native), objectFreeze (alias for native). |
@socketsecurity/lib-stable/objects/predicates |
Object type guards: hasKeys, hasOwn, isObject, isPlainObject. |
@socketsecurity/lib-stable/objects/sort |
Sorted-object helpers: entryKeyComparator, objectEntries, toSortedObject, toSortedObjectFromEntries. |
@socketsecurity/lib-stable/objects/types |
Public type surface for objects/* modules — getter definition shapes and the Remap type helper. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/packages/edit |
Editable package.json manipulation utilities. |
@socketsecurity/lib-stable/packages/edit-class |
The EditablePackageJson class factory. |
@socketsecurity/lib-stable/packages/exports |
Package exports field utilities. |
@socketsecurity/lib-stable/packages/fetch |
Network-facing package helpers: the lazily-initialized make-fetch-happen fetcher (shared cache) and GitHub tarball-URL resolution for a package spec. |
@socketsecurity/lib-stable/packages/find |
Find the nearest package.json (or other marker) walking up from an import.meta — the package-domain wrapper over the generic findUpSync lookup in fs/find. |
@socketsecurity/lib-stable/packages/isolation |
Package isolation utilities for testing. |
@socketsecurity/lib-stable/packages/licenses |
SPDX license parsing and analysis utilities. |
@socketsecurity/lib-stable/packages/manifest |
Package manifest and packument fetching utilities. |
@socketsecurity/lib-stable/packages/metadata-extensions |
Package-extension lookup: match a package name + version against the packageExtensions overrides table (the same data pnpm/yarn use to patch missing dependency metadata) and merge the matching entries. |
@socketsecurity/lib-stable/packages/normalize |
Package.json normalization utilities. |
@socketsecurity/lib-stable/packages/provenance |
Package provenance and attestation verification utilities. |
@socketsecurity/lib-stable/packages/read |
Read + parse a package.json. |
@socketsecurity/lib-stable/packages/specs |
Package spec parsing, name resolution, and GitHub URL utilities. |
@socketsecurity/lib-stable/packages/tarball |
Package tarball operations: extract a package to a directory and pack a spec into a tarball, both via pacote/libnpmpack with the shared packument cache. |
@socketsecurity/lib-stable/packages/types |
Public type surface for packages/* modules — the PackageJson shape (npm-extended with a socket field) plus option bags consumed across edit / manifest / normalize / operations / provenance / licenses. |
@socketsecurity/lib-stable/packages/validation |
Package name validation utilities. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/paths/conversion |
Path conversion utilities — MSYS↔native bridging and string-shape helpers. |
@socketsecurity/lib-stable/paths/dirnames |
Directory name and path pattern constants. |
@socketsecurity/lib-stable/paths/exts |
File extension constants. |
@socketsecurity/lib-stable/paths/filenames |
File name constants. |
@socketsecurity/lib-stable/paths/globs |
Glob pattern constants. |
@socketsecurity/lib-stable/paths/normalize |
Path normalization — the core normalizePath and its MSYS drive-letter helper. |
@socketsecurity/lib-stable/paths/packages |
Package.json path resolution utilities. |
@socketsecurity/lib-stable/paths/predicates |
Path predicates — is* checks for path shape and kind. |
@socketsecurity/lib-stable/paths/resolve |
Path resolution utilities — resolve, relative, relativeResolve. |
@socketsecurity/lib-stable/paths/rewire |
Path rewiring utilities for testing. |
@socketsecurity/lib-stable/paths/socket |
Path utilities for Socket ecosystem directories. |
@socketsecurity/lib-stable/paths/walk |
Walk parent directories. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/perf/enabled |
Feature-flag check — isPerfEnabled() returns true when DEBUG=perf is set in the environment. |
@socketsecurity/lib-stable/perf/metrics |
Read-side helpers — getPerformanceMetrics returns a shallow copy of the recorded rows, getPerformanceSummary rolls them up per operation (count / total / avg / min / max), and clearPerformanceMetrics empties the... |
@socketsecurity/lib-stable/perf/report |
Report-side helpers — generatePerformanceReport returns a multi-line ASCII-bordered report string; printPerformanceSummary writes a one-line-per-op summary through debugLog. |
@socketsecurity/lib-stable/perf/timer |
Recording-side helpers — perfTimer (returns a stop() closure), measure / measureSync (timed wrappers around an async / sync function), perfCheckpoint (zero-duration marker), and trackMemory (records heap-use... |
@socketsecurity/lib-stable/perf/types |
Public type surface for perf/* modules — the PerformanceMetrics row shape pushed onto the shared metrics array by perfTimer / measure / measureSync / perfCheckpoint / trackMemory. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/pkg-ext/data |
Package extensions for compatibility adjustments. |
@socketsecurity/lib-stable/pkg-ext/types |
Public type surface for pkg-ext/* modules — the PackageExtension tuple shape used by the merged Yarn / Socket-curated extensions list. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/primordials/array |
Safe references to Array, typed-array, ArrayBuffer, DataView, Atomics, and shared iterator-prototype primordials. |
@socketsecurity/lib-stable/primordials/buffer |
Safe references to Node's Buffer global. |
@socketsecurity/lib-stable/primordials/date |
Safe references to Date. |
@socketsecurity/lib-stable/primordials/error |
Safe references to Error and its subclass constructors, plus V8's stack-trace API. |
@socketsecurity/lib-stable/primordials/function |
Safe references to Function.prototype methods. |
@socketsecurity/lib-stable/primordials/globals |
Safe references to top-level globals that don't fit a larger primordials leaf — primitive constructors (Boolean, BigInt), Proxy, SharedArrayBuffer, language-level constants (Infinity, NaN, globalThis), a... |
@socketsecurity/lib-stable/primordials/headers |
Safe references to the Fetch Headers constructor and its Headers.prototype methods. |
@socketsecurity/lib-stable/primordials/intl |
Safe references to Intl constructors. |
@socketsecurity/lib-stable/primordials/json |
Safe references to JSON.parse / JSON.stringify. |
@socketsecurity/lib-stable/primordials/map-set |
Safe references to Map, Set, WeakMap, WeakSet, and WeakRef. |
@socketsecurity/lib-stable/primordials/math |
Safe references to Math constants and methods. |
@socketsecurity/lib-stable/primordials/number |
Safe references to Number, its constants, predicates, and parse helpers. |
@socketsecurity/lib-stable/primordials/object |
Safe references to Object static methods and prototype methods. |
@socketsecurity/lib-stable/primordials/process |
Safe call-through accessors for the process global's methods and value reads. |
@socketsecurity/lib-stable/primordials/promise |
Safe references to Promise static methods, prototype methods, and the ES2024 withResolvers factory. |
@socketsecurity/lib-stable/primordials/reflect |
Safe references to Reflect.*. |
@socketsecurity/lib-stable/primordials/regexp |
Safe references to RegExp and its prototype methods. |
@socketsecurity/lib-stable/primordials/string |
Safe references to String static methods and prototype methods. |
@socketsecurity/lib-stable/primordials/symbol |
Safe references to Symbol, well-known symbols, and Symbol.prototype. |
@socketsecurity/lib-stable/primordials/uncurry |
uncurryThis and the cluster of helpers built atop it. |
@socketsecurity/lib-stable/primordials/url |
Safe references to URL, URLSearchParams, and the URLSearchParams.prototype methods. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/process/abort |
Process control helpers. |
@socketsecurity/lib-stable/process/lock-instance |
Singleton processLock instance — the canonical cross-cutting lock manager. |
@socketsecurity/lib-stable/process/lock-manager |
ProcessLockManager — the class that owns active locks, touch timers, and the exit-handler registration. |
@socketsecurity/lib-stable/process/lock-types |
Public type surface for process/lock-* modules — the ProcessLockOptions bag accepted by processLock.acquire and processLock.withLock. |
@socketsecurity/lib-stable/process/spawn/child |
Child process spawning utilities with cross-platform support. |
@socketsecurity/lib-stable/process/spawn/errors |
Spawn error classification and enhancement. |
@socketsecurity/lib-stable/process/spawn/kill-tree |
Cross-platform process-tree termination. |
@socketsecurity/lib-stable/process/spawn/stdio |
Stdio configuration helpers for spawn callers. |
@socketsecurity/lib-stable/process/spawn/types |
Public type surface for spawn/* modules. |
@socketsecurity/lib-stable/process/transient |
Temporary package executor detection utilities for Socket ecosystem. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/promises/iterate |
Concurrency-controlled async iteration helpers: pEach, pEachChunk, pFilter, pFilterChunk. |
@socketsecurity/lib-stable/promises/options |
Option-shape normalizers for the iteration / retry helpers. |
@socketsecurity/lib-stable/promises/queue |
Bounded concurrency promise queue. |
@socketsecurity/lib-stable/promises/resolvers |
ECMA-262 standalone async helpers — withResolvers (Promise.withResolvers) and fromAsync (Array.fromAsync). |
@socketsecurity/lib-stable/promises/retry |
pRetry — exponential-backoff retry with optional jitter, abort-signal support, and an onRetry hook for customizing delays or canceling retries entirely. |
@socketsecurity/lib-stable/promises/timers |
Browser-compatible promise-based timer helpers. |
@socketsecurity/lib-stable/promises/types |
Public type surface for promises/* modules: RetryOptions, IterationOptions, PromiseWithResolvers, and the QueuedTask storage shape used by the bounded-concurrency PromiseQueue. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/regexps/escape |
Public escapeRegExp entry — binds to native RegExp.escape (TC39 Stage 4, Node 24+ / V8 13.7) when available, otherwise falls back to the spec-compliant implementation in ./spec. |
@socketsecurity/lib-stable/regexps/hex |
Hex-encoding helpers — fixed-width \xHH (hex2) and \uHHHH (hex4) producers used by the spec-compliant RegExp.escape fallback to emit canonical escape sequences. |
@socketsecurity/lib-stable/regexps/spec |
Spec-compliant fallback for the TC39 RegExp.escape (https://tc39.es/ecma262/#sec-regexp.escape). |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/releases/github-archives |
GitHub release archive download + extraction. |
@socketsecurity/lib-stable/releases/github-asset-url |
Per-release asset-URL discovery for GitHub releases. |
@socketsecurity/lib-stable/releases/github-assets |
Asset matching helpers for GitHub releases. |
@socketsecurity/lib-stable/releases/github-auth |
GitHub API authentication header helpers. |
@socketsecurity/lib-stable/releases/github-downloads |
GitHub release asset downloads. |
@socketsecurity/lib-stable/releases/github-listing |
GitHub release listing via REST + GraphQL. |
@socketsecurity/lib-stable/releases/github-retry-config |
Shared retry configuration for the GitHub release helpers (github-listing, github-asset-url). |
@socketsecurity/lib-stable/releases/github-types |
Public types for GitHub release download utilities. |
@socketsecurity/lib-stable/releases/socket-btm |
Socket-btm release download utilities. |
@socketsecurity/lib-stable/releases/socket-btm-binary-naming |
Socket-btm binary asset/platform-arch naming helpers. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/schema/parse |
Throwing twin of validateSchema. |
@socketsecurity/lib-stable/schema/types |
Shared types for schema validation. |
@socketsecurity/lib-stable/schema/validate |
Universal schema validator — non-throwing. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/sea/detect |
SEA (Single Executable Application) binary detection + path accessor. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/secrets/broker |
Proteus broker client. |
@socketsecurity/lib-stable/secrets/compare |
Constant-time secret comparison. |
@socketsecurity/lib-stable/secrets/find |
Resolve a secret from the canonical fleet precedence order: process env → OS keychain. |
@socketsecurity/lib-stable/secrets/keychain |
Cross-platform secret-storage helper. |
@socketsecurity/lib-stable/secrets/linux |
Linux Secret Service backend via secret-tool. |
@socketsecurity/lib-stable/secrets/macos |
MacOS Keychain backend via security(1). |
@socketsecurity/lib-stable/secrets/rc |
Write a managed export VAR='<value>' block to the user's shell rc ("run commands") file. |
@socketsecurity/lib-stable/secrets/socket-api-token |
Convenience helper for reading the Socket API token from the canonical env → keychain precedence order. |
@socketsecurity/lib-stable/secrets/types |
Public type surface for secrets/*. |
@socketsecurity/lib-stable/secrets/windows |
Windows backend via PowerShell CredentialManager module, with a DPAPI-encrypted file fallback. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/shadow/skip |
Shadow binary installation utilities for Socket ecosystem. |
@socketsecurity/lib-stable/shadow/types |
Public type surface for shadow/* modules — the ShadowInstallationOptions record. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/shell/parse |
Tokenize a shell command line into typed entries (bare strings, operators, comments, globs). |
@socketsecurity/lib-stable/shell/quote |
Escape an argv array into a single shell-safe command string. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/smol/detect |
Smol detection + lazy-loader for node:smol-util. |
@socketsecurity/lib-stable/smol/http |
Lazy-loader for socket-btm's node:smol-http. |
@socketsecurity/lib-stable/smol/https |
Lazy-loader for socket-btm's node:smol-https. |
@socketsecurity/lib-stable/smol/manifest |
Lazy-loader for socket-btm's node:smol-manifest. |
@socketsecurity/lib-stable/smol/path |
Lazy-loader for socket-btm's node:smol-path — native fast paths for the hot path-string primitives (dirname, normalize, …) and, per the socket-btm node-smol-path Phase 4 plan, batched filesystem ops (access,... |
@socketsecurity/lib-stable/smol/primordial |
Lazy-loader for socket-btm's node:smol-primordial binding. |
@socketsecurity/lib-stable/smol/purl |
Lazy-loader for socket-btm's node:smol-purl binding. |
@socketsecurity/lib-stable/smol/versions |
Lazy-loader for socket-btm's node:smol-versions. |
@socketsecurity/lib-stable/smol/vfs |
Lazy-loader for socket-btm's node:smol-vfs. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/sorts/natural |
Locale-aware + numeric-aware comparison via Intl.Collator, plus the naturalSorter helper that wires the fast-sort engine to the natural comparator. |
@socketsecurity/lib-stable/sorts/semver |
Semver-aware string comparison. |
@socketsecurity/lib-stable/sorts/strings |
Plain string comparison. |
@socketsecurity/lib-stable/sorts/types |
Public type surface for sorts/* modules — the FastSortFunction shape returned by naturalSorter. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/spinner/create-spinner-class |
Builds the lazy-init Socket Spinner class that extends the live yocto-spinner constructor. |
@socketsecurity/lib-stable/spinner/default |
Spinner-style registry — exposes the union of the standard cli-spinners collection and Socket's custom socket pulse animation, plus a lazy default-spinner singleton. |
@socketsecurity/lib-stable/spinner/format |
Stateless helpers shared by spinner/* modules — the ciSpinner constant for non-interactive output, the COLOR_INHERIT sentinel for shimmer color references, plus pure formatters (desc, formatProgress, `normal... |
@socketsecurity/lib-stable/spinner/spinner |
Spinner factory — lazily builds the Socket Spinner class that wraps yocto-spinner with Socket-specific behaviors (custom RGB color pipeline, shimmer, progress bar, indented step messages, status methods that don't... |
@socketsecurity/lib-stable/spinner/spinner-internals |
Pure helpers extracted from the Socket Spinner class body: option parsing (theme/color resolution, shimmer config) and the shimmer rendering pass. |
@socketsecurity/lib-stable/spinner/spinner-shimmer-methods |
Shimmer-configuration methods for the Socket Spinner class, split out of create-spinner-class.ts to keep that module under the file-size cap. |
@socketsecurity/lib-stable/spinner/spinner-status-methods |
Status-presentation methods for the Socket Spinner class, split out of create-spinner-class.ts to keep that module under the file-size cap. |
@socketsecurity/lib-stable/spinner/types |
Public type surface for spinner/* modules — the Spinner instance shape, configuration option records, progress and shimmer state types, plus the withSpinner* option records. |
@socketsecurity/lib-stable/spinner/with |
Lifecycle wrappers around Spinner — withSpinner (async, push-pop options + auto-stop), withSpinnerRestore (conditionally restart a previously-spinning instance), and withSpinnerSync (sync sibling of `withSpinn... |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/stdio/clear |
Terminal clearing and cursor utilities. |
@socketsecurity/lib-stable/stdio/divider |
Console divider and separator utilities. |
@socketsecurity/lib-stable/stdio/footer |
Console footer/summary formatting utilities. |
@socketsecurity/lib-stable/stdio/header |
Console header/banner formatting utilities. |
@socketsecurity/lib-stable/stdio/progress |
Progress bar utilities for CLI applications. |
@socketsecurity/lib-stable/stdio/prompts |
User prompt utilities for interactive scripts. |
@socketsecurity/lib-stable/stdio/stderr |
Standard error stream utilities. |
@socketsecurity/lib-stable/stdio/stdout |
Standard output stream utilities. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/streams/parallel |
Parallel iteration helpers — parallelMap() and the fire-and-forget parallelEach(). |
@socketsecurity/lib-stable/streams/transform |
Streaming transform helper — transform() wraps streaming-iterables.transform with the project's pRetry per-item retry policy. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/strings/format |
Line formatting helpers: applyLinePrefix, centerText, indentString, repeatString. |
@socketsecurity/lib-stable/strings/predicates |
String predicates: isBlankString and isNonEmptyString. |
@socketsecurity/lib-stable/strings/search |
search — like String.prototype.search but with a configurable starting index. |
@socketsecurity/lib-stable/strings/transform |
String transformations: stripBom, toKebabCase, trimNewlines. |
@socketsecurity/lib-stable/strings/types |
Public type surface for strings/* modules — branded string types and option interfaces. |
@socketsecurity/lib-stable/strings/width |
stringWidth — calculate visual terminal width. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/tables/bordered |
Bordered table renderer using Unicode box-drawing characters (┌, ─, │, ┴, …). |
@socketsecurity/lib-stable/tables/padding |
Cell padding + display-width measurement — shared helpers used by both the simple and bordered table renderers. |
@socketsecurity/lib-stable/tables/simple |
Borderless table renderer — columns separated by two spaces, header underlined with ─. |
@socketsecurity/lib-stable/tables/types |
Public type surface for tables/* modules — the ColumnAlignment union + TableColumn config record. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/temporal/instant |
Spec clause 8 — Temporal.Instant Objects. |
@socketsecurity/lib-stable/temporal/now |
Spec clause 6 — Temporal.Now. |
@socketsecurity/lib-stable/temporal/slots |
Internal-slot machinery for Temporal objects. |
@socketsecurity/lib-stable/temporal/system |
Spec clause 21.x host hook — wallclock reader. |
@socketsecurity/lib-stable/temporal/temporal |
Public aggregator for the Temporal surface. |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/themes/context |
Elegant theme context management. |
@socketsecurity/lib-stable/themes/resolve |
Theme utilities — color resolution and composition. |
@socketsecurity/lib-stable/themes/themes |
Elegant theme definitions for Socket libraries. |
@socketsecurity/lib-stable/themes/types |
Elegant theme type system. |
| Subpath | Description |
| ----------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | --------------------------------------------------------------------------------------- |
| @socketsecurity/lib-stable/url/assert-safe | SSRF guard for operator- or issuer-supplied URLs — assertSafeHttpUrl parses a raw URL, rejects non-HTTP(S) schemes, and refuses hosts that resolve to loopback / private / link-local ranges (cloud metadata, redis, in... |
| @socketsecurity/lib-stable/url/parse | URL parsing helpers — parseUrl (safe new URL(...) wrapper that returns undefined instead of throwing) and createRelativeUrl (compose a relative path against an optional base). |
| @socketsecurity/lib-stable/url/predicates | URL type-guard predicates — isUrl answers whether a value parses as a valid URL via parseUrl. |
| @socketsecurity/lib-stable/url/search-params | URL search-param coercion helpers — urlSearchParamsAs* normalise a raw string | null | undefined value into a typed shape (array / boolean / number / string) with a default. |
| @socketsecurity/lib-stable/url/types | Public type surface for url/* modules — option interfaces consumed by createRelativeUrl, urlSearchParamsAs*, and urlSearchParamsGet*. |
| Subpath | Description |
| --------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | ------- | -------------------------------------------------------------------------- |
| @socketsecurity/lib-stable/versions/compare | Version comparison operators aligned with node:smol-versions (the C++-accelerated multi-ecosystem version helper shipped by the smol Node binary). |
| @socketsecurity/lib-stable/versions/modify | Mutation helpers — incrementVersion bumps a version by release type ('major' | 'minor' | 'patch' | 'pre*'), and versionDiff returns the kind of step between two versions. |
| @socketsecurity/lib-stable/versions/parse | Parsing helpers — coerceVersion rounds a sloppy input ("1.2") up to a valid semver triple, parseVersion returns {major, minor, patch, prerelease, build}, and the getMajor* / getMinor* / getPatchVersion acc... |
| @socketsecurity/lib-stable/versions/range | Range / set helpers — satisfiesVersion / filterVersions check membership against a semver range, maxVersion / minVersion pick the bounds of an arbitrary version array. |
| @socketsecurity/lib-stable/versions/types | Public type surface for versions/* modules — the parsed-version shape returned by parseVersion (a stable subset of semver's SemVer instance, exposed as a structural type rather than leaking the upstream class). |
| Subpath | Description |
|---|---|
@socketsecurity/lib-stable/words/article |
Indefinite-article picker — determineArticle() returns 'a' or 'an' based on the leading vowel of a word. |
@socketsecurity/lib-stable/words/capitalize |
Word-case helpers — capitalize() produces an upper-first / lower-rest variant that iterates by code point so surrogate pairs aren't split. |
@socketsecurity/lib-stable/words/pluralize |
Count-based pluralization. |
@socketsecurity/lib-stable/words/types |
Public type surface for words/* modules — the PluralizeOptions record and its PluralForms companion. |