refactor: mark packages as private with placeholder versions

jdalton · jdalton · commit dd052bff9875 · 2025-10-30T00:54:48.000-04:00
Set all packages to private: true to prevent accidental publishing:
- packages/socket: private: true (version: 2.0.0)
- packages/cli: private: true, version: 0.0.0-copied-from-packages-socket
- packages/cli-with-sentry: private: true, version: 0.0.0-copied-from-packages-socket
- All 9 socketbin-* packages: private: true

Update provenance.yml workflow to:
- Remove private field before publishing
- Sync cli and cli-with-sentry versions from socket package version
- All three packages now publish with matching versions

This ensures packages can only be published through CI workflows,
preventing manual publishing mistakes and maintaining version consistency.
diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml
@@ -42,6 +42,20 @@ jobs:
       - run: pnpm install
 
       # Build and publish 'socket' package (default).
+      - name: Prepare socket package for publishing
+        run: |
+          SOCKET_VERSION=$(node -p "require('./packages/socket/package.json').version")
+          echo "Socket version: $SOCKET_VERSION"
+
+          # Remove private field from socket package
+          node -e "
+            const fs = require('fs');
+            const pkgPath = './packages/socket/package.json';
+            const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+            delete pkg.private;
+            fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
+          "
+          echo "SOCKET_VERSION=$SOCKET_VERSION" >> $GITHUB_ENV
       - name: Build socket package
         run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist
       - name: Validate socket package
@@ -54,6 +68,18 @@ jobs:
           SOCKET_CLI_DEBUG: ${{ inputs.debug }}
 
       # Build and publish '@socketsecurity/cli' package (legacy).
+      - name: Prepare @socketsecurity/cli package for publishing
+        run: |
+          # Remove private field and set version from socket package
+          node -e "
+            const fs = require('fs');
+            const pkgPath = './packages/cli/package.json';
+            const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+            delete pkg.private;
+            pkg.version = '${{ env.SOCKET_VERSION }}';
+            fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
+          "
+          echo "Synced @socketsecurity/cli to version ${{ env.SOCKET_VERSION }}"
       - name: Build @socketsecurity/cli package
         run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_LEGACY_BUILD=1 pnpm run build:dist
         env:
@@ -68,17 +94,18 @@ jobs:
           SOCKET_CLI_DEBUG: ${{ inputs.debug }}
 
       # Build and publish '@socketsecurity/cli-with-sentry' package.
-      - name: Sync @socketsecurity/cli-with-sentry version with @socketsecurity/cli
+      - name: Prepare @socketsecurity/cli-with-sentry package for publishing
         run: |
-          CLI_VERSION=$(node -p "require('./packages/cli/package.json').version")
-          echo "Syncing cli-with-sentry version to $CLI_VERSION"
+          # Remove private field and set version from socket package
           node -e "
             const fs = require('fs');
             const pkgPath = './packages/cli-with-sentry/package.json';
             const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
-            pkg.version = '$CLI_VERSION';
+            delete pkg.private;
+            pkg.version = '${{ env.SOCKET_VERSION }}';
             fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
           "
+          echo "Synced @socketsecurity/cli-with-sentry to version ${{ env.SOCKET_VERSION }}"
       - name: Build @socketsecurity/cli-with-sentry package
         run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 INLINED_SOCKET_CLI_SENTRY_BUILD=1 pnpm run build:dist
         env:
diff --git a/packages/cli-with-sentry/package.json b/packages/cli-with-sentry/package.json
@@ -1,7 +1,8 @@
 {
   "name": "@socketsecurity/cli-with-sentry",
-  "version": "2.0.0",
+  "version": "0.0.0-copied-from-packages-socket",
   "description": "Socket CLI with Sentry telemetry for enhanced error reporting",
+  "private": true,
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
   "repository": {
@@ -54,6 +55,5 @@
   "publishConfig": {
     "access": "public",
     "registry": "https://registry.npmjs.org/"
-  },
-  "private": true
+  }
 }
diff --git a/packages/cli/package.json b/packages/cli/package.json
@@ -1,7 +1,8 @@
 {
   "name": "@socketsecurity/cli",
-  "version": "2.0.0",
+  "version": "0.0.0-copied-from-packages-socket",
   "description": "CLI for Socket.dev",
+  "private": true,
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
   "repository": {
diff --git a/packages/socket/package.json b/packages/socket/package.json
@@ -2,6 +2,7 @@
   "name": "socket",
   "version": "2.0.0",
   "description": "CLI for Socket.dev",
+  "private": true,
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT",
   "repository": {
diff --git a/packages/socketbin-cli-alpine-arm64/package.json b/packages/socketbin-cli-alpine-arm64/package.json
@@ -2,6 +2,7 @@
   "name": "@socketbin/cli-alpine-arm64",
   "version": "0.0.0",
   "description": "Socket CLI binary",
+  "private": true,
   "license": "MIT",
   "bin": {
     "socket": "./bin/socket"
diff --git a/packages/socketbin-cli-alpine-x64/package.json b/packages/socketbin-cli-alpine-x64/package.json
@@ -2,6 +2,7 @@
   "name": "@socketbin/cli-alpine-x64",
   "version": "0.0.0",
   "description": "Socket CLI binary",
+  "private": true,
   "license": "MIT",
   "bin": {
     "socket": "./bin/socket"
diff --git a/packages/socketbin-cli-darwin-arm64/package.json b/packages/socketbin-cli-darwin-arm64/package.json
@@ -2,6 +2,7 @@
   "name": "@socketbin/cli-darwin-arm64",
   "version": "0.0.0",
   "description": "Socket CLI binary",
+  "private": true,
   "license": "MIT",
   "bin": {
     "socket": "./bin/socket"
diff --git a/packages/socketbin-cli-darwin-x64/package.json b/packages/socketbin-cli-darwin-x64/package.json
@@ -2,6 +2,7 @@
   "name": "@socketbin/cli-darwin-x64",
   "version": "0.0.0",
   "description": "Socket CLI binary",
+  "private": true,
   "license": "MIT",
   "bin": {
     "socket": "./bin/socket"
diff --git a/packages/socketbin-cli-linux-arm64/package.json b/packages/socketbin-cli-linux-arm64/package.json
@@ -2,6 +2,7 @@
   "name": "@socketbin/cli-linux-arm64",
   "version": "0.0.0",
   "description": "Socket CLI binary",
+  "private": true,
   "license": "MIT",
   "bin": {
     "socket": "./bin/socket"
diff --git a/packages/socketbin-cli-linux-x64/package.json b/packages/socketbin-cli-linux-x64/package.json
@@ -2,6 +2,7 @@
   "name": "@socketbin/cli-linux-x64",
   "version": "0.0.0",
   "description": "Socket CLI binary",
+  "private": true,
   "license": "MIT",
   "bin": {
     "socket": "./bin/socket"
diff --git a/packages/socketbin-cli-win32-arm64/package.json b/packages/socketbin-cli-win32-arm64/package.json
@@ -2,6 +2,7 @@
   "name": "@socketbin/cli-win32-arm64",
   "version": "0.0.0",
   "description": "Socket CLI binary",
+  "private": true,
   "license": "MIT",
   "bin": {
     "socket": "./bin/socket.exe"
diff --git a/packages/socketbin-cli-win32-x64/package.json b/packages/socketbin-cli-win32-x64/package.json
@@ -2,6 +2,7 @@
   "name": "@socketbin/cli-win32-x64",
   "version": "0.0.0",
   "description": "Socket CLI binary",
+  "private": true,
   "license": "MIT",
   "bin": {
     "socket": "./bin/socket.exe"
