Fix Windows support and update Node test workflow

Author: jdalton

.config/rollup.base.config.mjs

@@ -293,8 +293,8 @@ function ${SOCKET_INTEROP}(e) {
   ).map(o => ({
     ...o,
     chunkFileNames: '[name].js',
-    manualChunks: id =>
-      id.includes(SLASH_NODE_MODULES_SLASH) ? 'vendor' : null
+    manualChunks: id_ =>
+      normalizeId(id_).includes(SLASH_NODE_MODULES_SLASH) ? 'vendor' : null
   }))
 
   // Replace hard-coded absolute paths in source with hard-coded relative paths.

.github/workflows/test.yml

@@ -24,7 +24,5 @@ jobs:
     with:
       no-lockfile: true
       npm-test-script: 'test-ci'
-      node-versions: '20'
-      # We currently have some issues on Windows that will have to wait to be fixed
-      # os: 'ubuntu-latest,windows-latest'
-      os: 'ubuntu-latest'
+      node-versions: '20,22'
+      os: 'ubuntu-latest,windows-latest'

package.json

@@ -51,11 +51,11 @@
     "lint:fix": "npm run lint -- --fix && npm run lint:fix:fast",
     "lint:fix:fast": "prettier --cache --log-level warn --write .",
     "prepare": "husky && custompatch",
-    "test": "run-s check build:* test:*",
-    "test:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
+    "test": "run-s check build:* test:* test:coverage:*",
     "test-ci": "run-s build:* test:*",
     "test:unit": "tap-run",
-    "test:coverage": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
+    "test:coverage:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
+    "test:coverage:merge": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
   },
   "dependencies": {
     "@apideck/better-ajv-errors": "^0.3.6",

src/commands/cdxgen.ts

@@ -1,9 +1,9 @@
 import { existsSync, promises as fs } from 'node:fs'
 import path from 'node:path'
 
-import spawn from '@npmcli/promise-spawn'
 import colors from 'yoctocolors-cjs'
 import yargsParse from 'yargs-parser'
+import { runBin } from '@socketsecurity/registry/lib/npm'
 import { pluralize } from '@socketsecurity/registry/lib/words'
 
 import constants from '../constants'
@@ -12,8 +12,6 @@ import type { CliSubcommand } from '../utils/meow-with-subcommands'
 
 const { cdxgenBinPath, synpBinPath } = constants
 
-const { execPath } = process
-
 const {
   SBOM_SIGN_ALGORITHM, // Algorithm. Example: RS512
   SBOM_SIGN_PRIVATE_KEY, // Location to the RSA private key
@@ -176,11 +174,10 @@ export const cdxgen: CliSubcommand = {
         // Use synp to create a package-lock.json from the yarn.lock,
         // based on the node_modules folder, for a more accurate SBOM.
         try {
-          await spawn(
-            execPath,
-            [await fs.realpath(synpBinPath), '--source-file', './yarn.lock'],
-            { shell: true }
-          )
+          await runBin(await fs.realpath(synpBinPath), [
+            '--source-file',
+            './yarn.lock'
+          ])
           yargv.type = 'npm'
           cleanupPackageLock = true
         } catch {}
@@ -189,23 +186,18 @@ export const cdxgen: CliSubcommand = {
     if (yargv.output === undefined) {
       yargv.output = 'socket-cdx.json'
     }
-    await spawn(
-      execPath,
-      [await fs.realpath(cdxgenBinPath), ...argvToArray(yargv)],
-      {
-        env: {
-          NODE_ENV: '',
-          SBOM_SIGN_ALGORITHM,
-          SBOM_SIGN_PRIVATE_KEY,
-          SBOM_SIGN_PUBLIC_KEY
-        },
-        shell: true,
-        stdio: 'inherit'
-      }
-    )
+    await runBin(await fs.realpath(cdxgenBinPath), argvToArray(yargv), {
+      env: {
+        NODE_ENV: '',
+        SBOM_SIGN_ALGORITHM,
+        SBOM_SIGN_PRIVATE_KEY,
+        SBOM_SIGN_PUBLIC_KEY
+      },
+      stdio: 'inherit'
+    })
     if (cleanupPackageLock) {
       try {
-        await fs.unlink('./package-lock.json')
+        await fs.rm('./package-lock.json')
       } catch {}
     }
     const fullOutputPath = path.join(process.cwd(), yargv.output)

src/commands/npm.ts

@@ -6,7 +6,7 @@ import constants from '../constants'
 
 import type { CliSubcommand } from '../utils/meow-with-subcommands'
 
-const { distPath } = constants
+const { distPath, execPath } = constants
 
 const description = 'npm wrapper functionality'
 
@@ -16,7 +16,7 @@ export const npm: CliSubcommand = {
     const wrapperPath = path.join(distPath, 'npm-cli.js')
     process.exitCode = 1
     const spawnPromise = spawn(
-      process.execPath,
+      execPath,
       [
         // Lazily access constants.nodeNoWarningsFlags.
         ...constants.nodeNoWarningsFlags,

src/commands/npx.ts

@@ -6,7 +6,7 @@ import constants from '../constants'
 
 import type { CliSubcommand } from '../utils/meow-with-subcommands'
 
-const { distPath } = constants
+const { distPath, execPath } = constants
 
 const description = 'npx wrapper functionality'
 
@@ -16,7 +16,7 @@ export const npx: CliSubcommand = {
     const wrapperPath = path.join(distPath, 'npx-cli.js')
     process.exitCode = 1
     const spawnPromise = spawn(
-      process.execPath,
+      execPath,
       [
         // Lazily access constants.nodeNoWarningsFlags.
         ...constants.nodeNoWarningsFlags,

src/commands/optimize.ts

@@ -42,7 +42,8 @@ import type { Spinner } from '@socketregistry/yocto-spinner'
 
 type PackageJson = Awaited<ReturnType<typeof readPackageJson>>
 
-const { UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE, distPath } = constants
+const { UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE, distPath, execPath } =
+  constants
 
 const COMMAND_TITLE = 'Socket Optimize'
 const OVERRIDES_FIELD_NAME = 'overrides'
@@ -902,15 +903,15 @@ export const optimize: CliSubcommand = {
             }
           }
           await spawn(
-            process.execPath,
+            execPath,
             [wrapperPath, 'install', '--silent'],
             npmSpawnOptions
           )
           // TODO: This is a temporary workaround for a `npm ci` bug where it
           // will error out after Socket Optimize generates a lock file. More
           // investigation is needed.
           await spawn(
-            process.execPath,
+            execPath,
             [
               wrapperPath,
               'install',

src/shadow/npm-cli.ts

@@ -9,7 +9,7 @@ import constants from '../constants'
 import { installLinks } from './link'
 import { findRoot } from '../utils/path-resolve'
 
-const { distPath, shadowBinPath } = constants
+const { distPath, execPath, shadowBinPath } = constants
 
 const npmPath = installLinks(shadowBinPath, 'npm')
 const injectionPath = path.join(distPath, 'npm-injection.js')
@@ -40,7 +40,7 @@ if (
 
 process.exitCode = 1
 const spawnPromise = spawn(
-  process.execPath,
+  execPath,
   [
     // Lazily access constants.nodeNoWarningsFlags.
     ...constants.nodeNoWarningsFlags,

src/shadow/npx-cli.ts

@@ -7,14 +7,14 @@ import spawn from '@npmcli/promise-spawn'
 import constants from '../constants'
 import { installLinks } from './link'
 
-const { distPath, shadowBinPath } = constants
+const { distPath, execPath, shadowBinPath } = constants
 
 const npxPath = installLinks(shadowBinPath, 'npx')
 const injectionPath = path.join(distPath, 'npm-injection.js')
 
 process.exitCode = 1
 const spawnPromise = spawn(
-  process.execPath,
+  execPath,
   [
     // Lazily access constants.nodeNoWarningsFlags.
     ...constants.nodeNoWarningsFlags,