Fix critical issues in socket-sdk-js

- Fix silent exception swallowing in NDJSON parsing
- Fix unsafe file path resolution using __dirname
- Add error handling for stream operations
- Fix race condition in generator cleanup
- Add response validation before access
- Improve error context in retry logic

Author: jdalton

src/http-client.ts

@@ -337,27 +337,42 @@ export async function withRetry<T>(
     } catch (error) {
       lastError = error as Error
 
-      // Last attempt - throw error
+      // Last attempt - throw error with retry context.
       if (attempt === retries) {
-        break
+        const enhancedError = new Error(
+          `Request failed after ${retries + 1} attempts`,
+          { cause: lastError },
+        )
+        throw enhancedError
       }
 
-      // Check if error is retryable (network errors, 5xx responses)
+      // Check if error is retryable (network errors, 5xx responses).
       if (error instanceof ResponseError) {
         const status = error.response.statusCode
-        // Don't retry client errors (4xx)
+        // Don't retry client errors (4xx).
         if (status && status >= 400 && status < 500) {
           throw error
         }
+        debugLog(
+          'withRetry',
+          `Retrying after ${status} error (attempt ${attempt + 1}/${retries + 1})`,
+        )
+      } else {
+        debugLog(
+          'withRetry',
+          `Retrying after network error (attempt ${attempt + 1}/${retries + 1})`,
+        )
       }
 
-      // Exponential backoff
+      // Exponential backoff.
       const delayMs = retryDelay * 2 ** attempt
+      debugLog('withRetry', `Waiting ${delayMs}ms before retry`)
       // eslint-disable-next-line no-await-in-loop
       await new Promise(resolve => setTimeout(resolve, delayMs))
     }
   }
 
+  // Fallback error if lastError is somehow undefined.
   throw lastError || new Error('Request failed after retries')
 }
 

src/quota-utils.ts

@@ -25,8 +25,11 @@ function loadRequirements(): Requirements {
   }
 
   try {
-    // Resolve path relative to current working directory
-    const requirementsPath = join(process.cwd(), 'requirements.json')
+    // Resolve path relative to this module file location.
+    // When compiled, __dirname will point to dist/ directory.
+    // In source, __dirname points to src/ directory.
+    // requirements.json is always in the parent directory of dist/ or src/.
+    const requirementsPath = join(__dirname, '..', 'requirements.json')
     const data = readFileSync(requirementsPath, 'utf8')
     requirements = JSON.parse(data) as Requirements
     return requirements

src/socket-sdk-class.ts

@@ -143,9 +143,13 @@ export class SocketSdk {
       yield await this.#handleApiError<'batchPackageFetch'>(e)
       return
     }
+    // Validate response before processing.
+    if (!res) {
+      throw new Error('Failed to get response from batch PURL request')
+    }
     // Parse the newline delimited JSON response.
     const rli = readline.createInterface({
-      input: res!,
+      input: res,
       crlfDelay: Number.POSITIVE_INFINITY,
       signal: abortSignal,
     })
@@ -383,9 +387,13 @@ export class SocketSdk {
     } catch (e) {
       return await this.#handleApiError<'batchPackageFetch'>(e)
     }
+    // Validate response before processing.
+    if (!res) {
+      throw new Error('Failed to get response from batch PURL request')
+    }
     // Parse the newline delimited JSON response.
     const rli = readline.createInterface({
-      input: res!,
+      input: res,
       crlfDelay: Number.POSITIVE_INFINITY,
       signal: abortSignal,
     })
@@ -503,12 +511,13 @@ export class SocketSdk {
       const { generator, iteratorResult }: GeneratorStep = await Promise.race(
         running.map(entry => entry.promise),
       )
-      // Remove generator.
-      /* c8 ignore next 3 - Concurrent generator cleanup edge case. */
-      running.splice(
-        running.findIndex(entry => entry.generator === generator),
-        1,
-      )
+      // Remove generator with safe index lookup.
+      const index = running.findIndex(entry => entry.generator === generator)
+      /* c8 ignore next 3 - Defensive check for concurrent generator cleanup edge case. */
+      if (index === -1) {
+        continue
+      }
+      running.splice(index, 1)
       // Yield the value if one is given, even when done:true.
       if (iteratorResult.value) {
         yield iteratorResult.value
@@ -1776,11 +1785,20 @@ export class SocketSdk {
       }
 
       if (typeof output === 'string') {
-        // Stream to file
-        res.pipe(createWriteStream(output))
+        // Stream to file with error handling.
+        const writeStream = createWriteStream(output)
+        res.pipe(writeStream)
+        writeStream.on('error', error => {
+          throw new Error(`Failed to write to file: ${output}`, {
+            cause: error,
+          })
+        })
       } else if (output === true) {
-        // Stream to stdout
+        // Stream to stdout with error handling.
         res.pipe(process.stdout)
+        process.stdout.on('error', error => {
+          throw new Error('Failed to write to stdout', { cause: error })
+        })
       }
 
       // If output is false or undefined, just return the response without streaming
@@ -1827,7 +1845,10 @@ export class SocketSdk {
             try {
               const data = JSON.parse(line) as ArtifactPatches
               controller.enqueue(data)
-            } catch (e) {}
+            } catch (e) {
+              // Log parse errors for debugging invalid NDJSON lines.
+              debugLog('streamPatchesFromScan', `Failed to parse line: ${e}`)
+            }
           }
         })
 

test/http-client-retry.test.mts

@@ -55,7 +55,9 @@ describe('HTTP Client - Retry Functionality', () => {
         throw new Error('Persistent error')
       })
 
-      await expect(withRetry(fn, 3, 10)).rejects.toThrow('Persistent error')
+      await expect(withRetry(fn, 3, 10)).rejects.toThrow(
+        'Request failed after 4 attempts',
+      )
       // Initial + 3 retries
       expect(fn).toHaveBeenCalledTimes(4)
     })
@@ -141,7 +143,7 @@ describe('HTTP Client - Retry Functionality', () => {
       })
 
       await expect(withRetry(fn, 0, 10)).rejects.toThrow(
-        'Request failed after retries',
+        'Request failed after 1 attempts',
       )
     })
   })