fix(hooks): repair @socketsecurityhook- regression in package names + sync canonical formatting

jdalton · jdalton · commit a3d456e19d2f · 2026-04-27T07:50:15.000-04:00
A botched perl rename had corrupted hook package.json names from
'@socketsecurity/hook-path-guard' to '@socketsecurityhook-path-guard'
(missing trailing slash), and a second pass converted that to
'@socketsecurityhookhook-pathhook-guard' with the test script
mangled to 'node hook-hook-test'. README and test-file references
inherited the same broken substring.

This commit overwrites all hook package.json files with canonical
contents, scrubs '@socketsecurityhook-' from README/test refs, and
syncs scripts/check-paths.mts and the path-guard skill reference
template to the formatted version. Verified: gate passes + 29/29
path-guard tests pass on all 7 fleet primaries; every path-guard
canonical file is now byte-identical across the fleet.
diff --git a/.claude/hooks/check-new-deps/package.json b/.claude/hooks/check-new-deps/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "@socketsecurityhook-check-new-deps",
+  "name": "hook-check-new-deps",
   "private": true,
   "type": "module",
   "main": "./index.mts",
@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "@socketregistry/packageurl-js": "1.4.2",
-    "@socketsecurity/lib": "5.24.0",
+    "@socketsecurity/lib": "catalog:",
     "@socketsecurity/sdk": "4.0.1"
   },
   "devDependencies": {
diff --git a/.claude/hooks/path-guard/README.md b/.claude/hooks/path-guard/README.md
@@ -50,7 +50,7 @@ Hook bugs fail **open** — a crash in the hook writes a log line and returns ex
 ## Testing
 
 ```bash
-pnpm --filter @socketsecurityhook-path-guard test
+pnpm --filter hook-path-guard test
 ```
 
 Adding a new detection pattern: update `STAGE_SEGMENTS` (or `KNOWN_SIBLING_PACKAGES`) in `index.mts`, add a positive and negative test in `test/path-guard.test.mts`.
diff --git a/.claude/hooks/path-guard/package.json b/.claude/hooks/path-guard/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "@socketsecurityhook-path-guard",
+  "name": "hook-path-guard",
   "private": true,
   "type": "module",
   "main": "./index.mts",
diff --git a/.claude/hooks/path-guard/test/path-guard.test.mts b/.claude/hooks/path-guard/test/path-guard.test.mts
@@ -2,7 +2,7 @@
 // mock PreToolUse payload to the hook's stdin and asserts on its exit
 // code + stderr. Exit 2 = blocked; exit 0 = allowed.
 //
-// Run: pnpm --filter @socketsecurityhook-path-guard test
+// Run: pnpm --filter hook-path-guard test
 //      (or directly: node --test test/*.test.mts)
 
 import { spawnSync } from 'node:child_process'
diff --git a/.claude/hooks/token-guard/README.md b/.claude/hooks/token-guard/README.md
@@ -41,7 +41,7 @@ The hook reads the tool-use payload from stdin, type-checks `tool_name === 'Bash
 ## Testing
 
 ```bash
-pnpm --filter @socketsecurityhook-token-guard test
+pnpm --filter hook-token-guard test
 ```
 
 Adding new token-shape detections: update `LITERAL_TOKEN_PATTERNS` in `index.mts`, add a positive and negative test in `test/token-guard.test.mts`.
diff --git a/.claude/hooks/token-guard/package.json b/.claude/hooks/token-guard/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "@socketsecurityhook-token-guard",
+  "name": "hook-token-guard",
   "private": true,
   "type": "module",
   "main": "./index.mts",
diff --git a/.claude/skills/path-guard/reference/check-paths.mts.tmpl b/.claude/skills/path-guard/reference/check-paths.mts.tmpl
@@ -229,7 +229,8 @@ const loadAllowlist = (): AllowlistEntry[] => {
         blockLines = []
         return
       }
-      ;(current as any)[key] = key === 'line' ? Number(unquote(trimmed)) : unquote(trimmed)
+      ;(current as any)[key] =
+        key === 'line' ? Number(unquote(trimmed)) : unquote(trimmed)
     }
     if (line.startsWith('- ')) {
       if (current && current.reason) {
@@ -317,8 +318,7 @@ const isAllowlisted = (finding: Finding): boolean =>
     const hashProvided =
       typeof entry.snippet_hash === 'string' && entry.snippet_hash.length > 0
     if (lineProvided || hashProvided) {
-      const lineMatches =
-        lineProvided && entry.line === finding.line
+      const lineMatches = lineProvided && entry.line === finding.line
       const hashMatches =
         hashProvided && entry.snippet_hash === snippetHash(finding.snippet)
       if (!(lineMatches || hashMatches)) {
@@ -382,7 +382,8 @@ const STRING_LITERAL_RE = /(['"])((?:\\.|(?!\1)[^\\])*)\1/g
 // (including those with `${...}` placeholders) so Rule A also catches
 // path construction via template literals like
 // `${buildDir}/out/Final/${binary}` or `build/${mode}/out/Final`.
-const TEMPLATE_LITERAL_RE = /`((?:\\.|(?:\$\{(?:[^{}]|\{[^{}]*\})*\})|(?!`)[^\\])*)`/g
+const TEMPLATE_LITERAL_RE =
+  /`((?:\\.|(?:\$\{(?:[^{}]|\{[^{}]*\})*\})|(?!`)[^\\])*)`/g
 
 /**
  * Convert a template-literal body into a synthetic forward-slash path
diff --git a/scripts/check-paths.mts b/scripts/check-paths.mts
@@ -229,7 +229,8 @@ const loadAllowlist = (): AllowlistEntry[] => {
         blockLines = []
         return
       }
-      ;(current as any)[key] = key === 'line' ? Number(unquote(trimmed)) : unquote(trimmed)
+      ;(current as any)[key] =
+        key === 'line' ? Number(unquote(trimmed)) : unquote(trimmed)
     }
     if (line.startsWith('- ')) {
       if (current && current.reason) {
@@ -317,8 +318,7 @@ const isAllowlisted = (finding: Finding): boolean =>
     const hashProvided =
       typeof entry.snippet_hash === 'string' && entry.snippet_hash.length > 0
     if (lineProvided || hashProvided) {
-      const lineMatches =
-        lineProvided && entry.line === finding.line
+      const lineMatches = lineProvided && entry.line === finding.line
       const hashMatches =
         hashProvided && entry.snippet_hash === snippetHash(finding.snippet)
       if (!(lineMatches || hashMatches)) {
@@ -382,7 +382,8 @@ const STRING_LITERAL_RE = /(['"])((?:\\.|(?!\1)[^\\])*)\1/g
 // (including those with `${...}` placeholders) so Rule A also catches
 // path construction via template literals like
 // `${buildDir}/out/Final/${binary}` or `build/${mode}/out/Final`.
-const TEMPLATE_LITERAL_RE = /`((?:\\.|(?:\$\{(?:[^{}]|\{[^{}]*\})*\})|(?!`)[^\\])*)`/g
+const TEMPLATE_LITERAL_RE =
+  /`((?:\\.|(?:\$\{(?:[^{}]|\{[^{}]*\})*\})|(?!`)[^\\])*)`/g
 
 /**
  * Convert a template-literal body into a synthetic forward-slash path
diff --git a/xport.schema.json b/xport.schema.json
@@ -4,7 +4,9 @@
   "title": "xport lock-step manifest",
   "description": "Unified lock-step manifest shared across Socket repos. One schema, all cases — `kind` discriminator on each row selects which flavor of lock-step applies.",
   "type": "object",
-  "required": ["rows"],
+  "required": [
+    "rows"
+  ],
   "properties": {
     "$schema": {
       "type": "string"
@@ -30,7 +32,10 @@
         "^(.*)$": {
           "additionalProperties": false,
           "type": "object",
-          "required": ["submodule", "repo"],
+          "required": [
+            "submodule",
+            "repo"
+          ],
           "properties": {
             "submodule": {
               "description": "Submodule path, relative to repo root.",
@@ -52,7 +57,9 @@
         "^(.*)$": {
           "additionalProperties": false,
           "type": "object",
-          "required": ["path"],
+          "required": [
+            "path"
+          ],
           "properties": {
             "path": {
               "description": "Path to the port's root directory, relative to repo root.",
@@ -205,7 +212,13 @@
             "additionalProperties": false,
             "description": "A behavioral feature reimplemented locally to match upstream behavior. Three-pillar validation: code patterns, test patterns, fixture snapshots.",
             "type": "object",
-            "required": ["kind", "id", "upstream", "criticality", "local_area"],
+            "required": [
+              "kind",
+              "id",
+              "upstream",
+              "criticality",
+              "local_area"
+            ],
             "properties": {
               "kind": {
                 "const": "feature-parity",
@@ -260,7 +273,9 @@
                 "additionalProperties": false,
                 "description": "Golden-input verification. Prefer snapshot-based diffs over hardcoded counts (brittleness lesson from sdxgen's lock-step-features).",
                 "type": "object",
-                "required": ["fixture_path"],
+                "required": [
+                  "fixture_path"
+                ],
                 "properties": {
                   "fixture_path": {
                     "type": "string"
@@ -410,7 +425,9 @@
                     "additionalProperties": false,
                     "description": "Per-port status for a lang-parity row. `implemented` = port meets assertions; `opt-out` = port consciously skips, requires non-empty `reason`.",
                     "type": "object",
-                    "required": ["status"],
+                    "required": [
+                      "status"
+                    ],
                     "properties": {
                       "status": {
                         "anyOf": [

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "name": "@socketsecurityhook-path-guard",`
	`2`	`+ "name": "hook-path-guard",`
`3`	`3`	`"private": true,`
`4`	`4`	`"type": "module",`
`5`	`5`	`"main": "./index.mts",`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "name": "@socketsecurityhook-token-guard",`
	`2`	`+ "name": "hook-token-guard",`
`3`	`3`	`"private": true,`
`4`	`4`	`"type": "module",`
`5`	`5`	`"main": "./index.mts",`