From f201d966d4cb69c9067c015faff09f4d1f9e6a75 Mon Sep 17 00:00:00 2001 From: Ricky Reusser <572717+rreusser@users.noreply.github.com> Date: Mon, 18 May 2026 15:55:13 -0400 Subject: [PATCH 1/5] Add bun and vlt lockfiles --- socketsecurity/core/utils.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/socketsecurity/core/utils.py b/socketsecurity/core/utils.py index 6e9fb09..df70d20 100644 --- a/socketsecurity/core/utils.py +++ b/socketsecurity/core/utils.py @@ -38,6 +38,12 @@ }, "pnpm-workspace.yml": { "pattern": "pnpm-workspace.yml" + }, + "bun.lock": { + "pattern": "bun.lock" + }, + "vlt-lock.json": { + "pattern": "vlt-lock.json" } }, "pypi": { @@ -105,4 +111,4 @@ "pattern": "packages.lock.json" } } -} \ No newline at end of file +} From 1a3edc0d8359905d6a51292f8955c9e1aa8348d6 Mon Sep 17 00:00:00 2001 From: Ricky Reusser <572717+rreusser@users.noreply.github.com> Date: Mon, 18 May 2026 16:42:46 -0400 Subject: [PATCH 2/5] Add bun.lockb --- socketsecurity/core/utils.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/socketsecurity/core/utils.py b/socketsecurity/core/utils.py index df70d20..9485ec8 100644 --- a/socketsecurity/core/utils.py +++ b/socketsecurity/core/utils.py @@ -42,6 +42,9 @@ "bun.lock": { "pattern": "bun.lock" }, + "bun.lockb": { + "pattern": "bun.lockb" + }, "vlt-lock.json": { "pattern": "vlt-lock.json" } From c8b4563cb101635953a8afef381dc1e5505918c0 Mon Sep 17 00:00:00 2001 From: lelia <2418071+lelia@users.noreply.github.com> Date: Mon, 18 May 2026 17:22:48 -0400 Subject: [PATCH 3/5] Add unit tests for bun.lock, bun.lockb, and vlt-lock.json manifest matching Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> --- tests/core/test_has_manifest_files.py | 43 +++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tests/core/test_has_manifest_files.py b/tests/core/test_has_manifest_files.py index 150ffbd..228253f 100644 --- a/tests/core/test_has_manifest_files.py +++ b/tests/core/test_has_manifest_files.py @@ -1,6 +1,7 @@ from unittest.mock import patch from socketsecurity.core import Core +from socketsecurity.core.utils import socket_globs # Minimal patterns matching what the Socket API returns MOCK_PATTERNS = { @@ -8,6 +9,9 @@ "packagejson": {"pattern": "package.json"}, "packagelockjson": {"pattern": "package-lock.json"}, "yarnlock": {"pattern": "yarn.lock"}, + "bunlock": {"pattern": "bun.lock"}, + "bunlockb": {"pattern": "bun.lockb"}, + "vltlockjson": {"pattern": "vlt-lock.json"}, }, "pypi": { "requirements": {"pattern": "*requirements.txt"}, @@ -66,3 +70,42 @@ def test_dot_slash_prefix_normalized(self, mock_patterns): def test_pom_xml_root(self, mock_patterns): core = Core.__new__(Core) assert core.has_manifest_files(["pom.xml"]) is True + + def test_bun_lock_root(self, mock_patterns): + core = Core.__new__(Core) + assert core.has_manifest_files(["bun.lock"]) is True + + def test_bun_lockb_root(self, mock_patterns): + core = Core.__new__(Core) + assert core.has_manifest_files(["bun.lockb"]) is True + + def test_vlt_lock_json_root(self, mock_patterns): + core = Core.__new__(Core) + assert core.has_manifest_files(["vlt-lock.json"]) is True + + def test_bun_lock_subdirectory(self, mock_patterns): + core = Core.__new__(Core) + assert core.has_manifest_files(["apps/web/bun.lock"]) is True + + +@patch.object(Core, "get_supported_patterns", side_effect=RuntimeError("API unreachable")) +@patch.object(Core, "__init__", lambda self, *a, **kw: None) +class TestHasManifestFilesFallback: + """Exercises the socket_globs fallback path used when the Socket API is unreachable.""" + + def test_fallback_matches_bun_lock(self, mock_patterns): + core = Core.__new__(Core) + assert core.has_manifest_files(["bun.lock"]) is True + + def test_fallback_matches_bun_lockb(self, mock_patterns): + core = Core.__new__(Core) + assert core.has_manifest_files(["bun.lockb"]) is True + + def test_fallback_matches_vlt_lock_json(self, mock_patterns): + core = Core.__new__(Core) + assert core.has_manifest_files(["vlt-lock.json"]) is True + + def test_fallback_patterns_dict_contains_new_entries(self, mock_patterns): + assert "bun.lock" in socket_globs["npm"] + assert "bun.lockb" in socket_globs["npm"] + assert "vlt-lock.json" in socket_globs["npm"] From eedc8b89b281699bb095b5bc4d2829d50c4779a9 Mon Sep 17 00:00:00 2001 From: lelia <2418071+lelia@users.noreply.github.com> Date: Mon, 18 May 2026 17:24:24 -0400 Subject: [PATCH 4/5] Bump version to 2.2.87 Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> --- socketsecurity/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py index c816fab..69d6f7b 100644 --- a/socketsecurity/__init__.py +++ b/socketsecurity/__init__.py @@ -1,3 +1,3 @@ __author__ = 'socket.dev' -__version__ = '2.2.86' +__version__ = '2.2.87' USER_AGENT = f'SocketPythonCLI/{__version__}' From ce24f4067601b57bce148363ac4f747fa5d126a7 Mon Sep 17 00:00:00 2001 From: lelia <2418071+lelia@users.noreply.github.com> Date: Mon, 18 May 2026 17:27:21 -0400 Subject: [PATCH 5/5] Add missing version refs Signed-off-by: lelia <2418071+lelia@users.noreply.github.com> --- pyproject.toml | 2 +- socketsecurity/__init__.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 49bb294..50b0518 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ build-backend = "hatchling.build" [project] name = "socketsecurity" -version = "2.2.86" +version = "2.2.88" requires-python = ">= 3.11" license = {"file" = "LICENSE"} dependencies = [ diff --git a/socketsecurity/__init__.py b/socketsecurity/__init__.py index 69d6f7b..a7dcdfb 100644 --- a/socketsecurity/__init__.py +++ b/socketsecurity/__init__.py @@ -1,3 +1,3 @@ __author__ = 'socket.dev' -__version__ = '2.2.87' +__version__ = '2.2.88' USER_AGENT = f'SocketPythonCLI/{__version__}'