@@ -33,7 +33,10 @@ import type { SocketArtifact } from '../../../../utils/alert/artifact'
33
33
import type { SafeNode } from '../node'
34
34
import type { Writable } from 'node:stream'
35
35
36
- type Packument = Awaited < ReturnType < typeof fetchPackagePackument > >
36
+ type Packument = Exclude <
37
+ Awaited < ReturnType < typeof fetchPackagePackument > > ,
38
+ null
39
+ >
37
40
38
41
type SocketPackageAlert = {
39
42
key : string
@@ -284,25 +287,24 @@ async function updateAdvisoryDependencies(
284
287
for ( const name of Object . keys ( patchDataByPkg ) ) {
285
288
const nodes = findPackageNodes ( tree , name )
286
289
const patchData = patchDataByPkg [ name ] !
287
- if ( ! nodes . length || ! patchData . length ) {
288
- continue
289
- }
290
- // eslint-disable-next-line no-await-in-loop
291
- const packument = await fetchPackagePackument ( name )
292
- if ( ! packument ) {
293
- continue
294
- }
295
- for ( const node of nodes ) {
296
- for ( const {
297
- firstPatchedVersionIdentifier,
298
- vulnerableVersionRange
299
- } of patchData ) {
300
- updateNode (
301
- node ,
302
- packument ,
303
- vulnerableVersionRange ,
304
- firstPatchedVersionIdentifier
305
- )
290
+ const packument =
291
+ nodes . length && patchData . length
292
+ ? // eslint-disable-next-line no-await-in-loop
293
+ await fetchPackagePackument ( name )
294
+ : null
295
+ if ( packument ) {
296
+ for ( const node of nodes ) {
297
+ for ( const {
298
+ firstPatchedVersionIdentifier,
299
+ vulnerableVersionRange
300
+ } of patchData ) {
301
+ updateNode (
302
+ node ,
303
+ packument ,
304
+ vulnerableVersionRange ,
305
+ firstPatchedVersionIdentifier
306
+ )
307
+ }
306
308
}
307
309
}
308
310
}
@@ -314,16 +316,14 @@ async function updateSocketRegistryDependencies(arb: SafeArborist) {
314
316
const tree = arb . idealTree !
315
317
for ( const { 1 : data } of manifest ) {
316
318
const nodes = findPackageNodes ( tree , data . name )
317
- if ( ! nodes . length ) {
318
- continue
319
- }
320
- // eslint-disable-next-line no-await-in-loop
321
- const packument = await fetchPackagePackument ( data . name )
322
- if ( ! packument ) {
323
- continue
324
- }
325
- for ( const node of nodes ) {
326
- updateNode ( node , packument )
319
+ const packument = nodes . length
320
+ ? // eslint-disable-next-line no-await-in-loop
321
+ await fetchPackagePackument ( data . name )
322
+ : null
323
+ if ( packument ) {
324
+ for ( const node of nodes ) {
325
+ updateNode ( node , packument )
326
+ }
327
327
}
328
328
}
329
329
}
@@ -336,7 +336,7 @@ function updateNode(
336
336
) {
337
337
const { version } = node
338
338
const majorVerNum = semver . major ( version )
339
- const availableVersions = packument ? Object . keys ( packument . versions ) : [ ]
339
+ const availableVersions = Object . keys ( packument . versions )
340
340
// Find the highest non-vulnerable version within the same major range
341
341
const targetVersion = findBestPatchVersion (
342
342
node . name ,
@@ -346,7 +346,7 @@ function updateNode(
346
346
firstPatchedVersionIdentifier
347
347
)
348
348
const targetPackument = targetVersion
349
- ? packument ! . versions [ targetVersion ]
349
+ ? packument . versions [ targetVersion ]
350
350
: undefined
351
351
// Check !targetVersion to make TypeScript happy.
352
352
if ( ! targetVersion || ! targetPackument ) {
0 commit comments