refactor: adopt @socketsecurity/lib/primordials

Migrates the 20 call sites flagged by `pnpm prim audit` to the
shared primordials surface from socket-lib 5.25.0:

  - 4× StringPrototypeTrim (replaces .trim())
  - 9× DateNow (replaces Date.now() in http-client timing)
  - 2× SetCtor (replaces new Set(...))
  - 2× ErrorCtor (replaces new Error(...))
  - 2× ArrayIsArray (replaces Array.isArray)
  - 2× PromiseWithResolvers (replaces Promise.withResolvers)
  - 1× MapCtor (replaces new Map(...))
  - 1× TypeErrorCtor (replaces new TypeError(...))
  - 1× StringPrototypeToLowerCase (replaces .toLowerCase())
  - 1× StringPrototypeEndsWith (replaces .endsWith())
  - 1× URLSearchParamsCtor (replaces new URLSearchParams(...))

After: prim audit reports zero migration candidates.

Author: jdalton

src/constants.ts

@@ -3,6 +3,8 @@
  * Provides default values, HTTP agents, and public policy configurations for API interactions.
  */
 
+import { MapCtor, SetCtor } from '@socketsecurity/lib/primordials'
+
 import rootPkgJson from '../package.json' with { type: 'json' }
 import { createUserAgentFromPkgJson } from './user-agent'
 
@@ -60,10 +62,10 @@ export const SOCKET_FIREWALL_API_URL = 'https://firewall-api.socket.dev/purl'
 
 // https://github.com/sindresorhus/got/blob/v14.4.6/documentation/2-options.md#agent
 // Valid HTTP agent names for Got-style agent configuration compatibility.
-export const httpAgentNames = new Set(['http', 'https', 'http2'])
+export const httpAgentNames = new SetCtor(['http', 'https', 'http2'])
 
 // Public security policy.
-export const publicPolicy = new Map<ALERT_TYPE, ALERT_ACTION>([
+export const publicPolicy = new MapCtor<ALERT_TYPE, ALERT_ACTION>([
   // error (1):
   ['malware', 'error'],
   // warn (7):

src/http-client.ts

@@ -3,6 +3,11 @@ import { isError } from '@socketsecurity/lib/errors'
 import { httpRequest } from '@socketsecurity/lib/http-request'
 import { jsonParse } from '@socketsecurity/lib/json/parse'
 import { perfTimer } from '@socketsecurity/lib/performance'
+import {
+  DateNow,
+  SetCtor,
+  StringPrototypeTrim,
+} from '@socketsecurity/lib/primordials'
 
 import {
   MAX_RESPONSE_SIZE,
@@ -44,7 +49,7 @@ export async function createDeleteRequest(
   urlPath: string,
   options?: RequestOptionsWithHooks | undefined,
 ): Promise<HttpResponse> {
-  const startTime = Date.now()
+  const startTime = DateNow()
   const url = `${baseUrl}${urlPath}`
   const method = 'DELETE'
   const { hooks, ...rawOpts } = {
@@ -74,7 +79,7 @@ export async function createDeleteRequest(
       hooks.onResponse({
         method,
         url,
-        duration: Date.now() - startTime,
+        duration: DateNow() - startTime,
         status: response.status,
         statusText: response.statusText,
         headers: sanitizeHeaders(response.headers),
@@ -87,7 +92,7 @@ export async function createDeleteRequest(
       hooks.onResponse({
         method,
         url,
-        duration: Date.now() - startTime,
+        duration: DateNow() - startTime,
         error: e as Error,
       })
     }
@@ -101,7 +106,7 @@ export async function createGetRequest(
   urlPath: string,
   options?: RequestOptionsWithHooks | undefined,
 ): Promise<HttpResponse> {
-  const startTime = Date.now()
+  const startTime = DateNow()
   const url = `${baseUrl}${urlPath}`
   const method = 'GET'
   const stopTimer = perfTimer('http:get', { urlPath })
@@ -133,7 +138,7 @@ export async function createGetRequest(
       hooks.onResponse({
         method,
         url,
-        duration: Date.now() - startTime,
+        duration: DateNow() - startTime,
         status: response.status,
         statusText: response.statusText,
         headers: sanitizeHeaders(response.headers),
@@ -148,7 +153,7 @@ export async function createGetRequest(
       hooks.onResponse({
         method,
         url,
-        duration: Date.now() - startTime,
+        duration: DateNow() - startTime,
         error: e as Error,
       })
     }
@@ -164,7 +169,7 @@ export async function createRequestWithJson(
   json: unknown,
   options?: RequestOptionsWithHooks | undefined,
 ): Promise<HttpResponse> {
-  const startTime = Date.now()
+  const startTime = DateNow()
   const url = `${baseUrl}${urlPath}`
   const stopTimer = perfTimer(`http:${method.toLowerCase()}`, {
     urlPath,
@@ -203,7 +208,7 @@ export async function createRequestWithJson(
       hooks.onResponse({
         method,
         url,
-        duration: Date.now() - startTime,
+        duration: DateNow() - startTime,
         status: response.status,
         statusText: response.statusText,
         headers: sanitizeHeaders(response.headers),
@@ -218,7 +223,7 @@ export async function createRequestWithJson(
       hooks.onResponse({
         method,
         url,
-        duration: Date.now() - startTime,
+        duration: DateNow() - startTime,
         error: e as Error,
       })
     }
@@ -335,9 +340,10 @@ export function reshapeArtifactForPublicPolicy<
   policy?: Map<string, string> | undefined,
 ): T {
   if (!isAuthenticated) {
-    const allowedActions = actions?.trim()
-      ? new Set(actions.split(','))
-      : undefined
+    const allowedActions =
+      actions && StringPrototypeTrim(actions)
+        ? new SetCtor(actions.split(','))
+        : undefined
     const resolvedPolicy = policy ?? defaultPublicPolicy
 
     const reshapeArtifact = (artifact: SocketArtifactWithExtras) => ({

src/quota-utils.ts

@@ -3,6 +3,7 @@ import { existsSync, readFileSync } from 'node:fs'
 import { join } from 'node:path'
 
 import { memoize, once } from '@socketsecurity/lib/memoization'
+import { ErrorCtor } from '@socketsecurity/lib/primordials'
 
 import type { SocketSdkOperations } from './types'
 
@@ -43,7 +44,7 @@ const loadRequirements = once((): Requirements => {
     return JSON.parse(data) as Requirements
   } catch (e) {
     /* c8 ignore next 2 - Error wrapping tested in isolation but memoization prevents coverage in main test run */
-    throw new Error('Failed to load SDK method requirements', { cause: e })
+    throw new ErrorCtor('Failed to load SDK method requirements', { cause: e })
   }
 })
 

src/socket-sdk-class.ts

@@ -14,6 +14,12 @@ import { validateFiles } from '@socketsecurity/lib/fs'
 import { jsonParse } from '@socketsecurity/lib/json/parse'
 import { getOwn, isObjectObject } from '@socketsecurity/lib/objects'
 import { pRetry } from '@socketsecurity/lib/promises'
+import {
+  ArrayIsArray,
+  ErrorCtor,
+  StringPrototypeTrim,
+  TypeErrorCtor,
+} from '@socketsecurity/lib/primordials'
 import { setMaxEventTargetListeners } from '@socketsecurity/lib/suppress-warnings'
 import { urlSearchParamAsBoolean } from '@socketsecurity/lib/url'
 
@@ -144,11 +150,11 @@ export class SocketSdk {
     // Input validation for API token.
     const MAX_API_TOKEN_LENGTH = 1024
     if (typeof apiToken !== 'string') {
-      throw new TypeError('"apiToken" is required and must be a string')
+      throw new TypeErrorCtor('"apiToken" is required and must be a string')
     }
-    const trimmedToken = apiToken.trim()
+    const trimmedToken = StringPrototypeTrim(apiToken)
     if (!trimmedToken) {
-      throw new Error('"apiToken" cannot be empty or whitespace-only')
+      throw new ErrorCtor('"apiToken" cannot be empty or whitespace-only')
     }
     if (trimmedToken.length > MAX_API_TOKEN_LENGTH) {
       throw new Error(
@@ -480,7 +486,7 @@ export class SocketSdk {
       }
     }
     if (!(error instanceof ResponseError)) {
-      throw new Error('Unexpected Socket API error', {
+      throw new ErrorCtor('Unexpected Socket API error', {
         cause: error,
       })
     }
@@ -656,7 +662,7 @@ export class SocketSdk {
     }
 
     // Handle array of values (take first).
-    const value = Array.isArray(retryAfterValue)
+    const value = ArrayIsArray(retryAfterValue)
       ? retryAfterValue[0]
       : retryAfterValue
 

src/utils.ts

@@ -7,6 +7,13 @@ import process from 'node:process'
 
 import { memoize } from '@socketsecurity/lib/memoization'
 import { normalizePath } from '@socketsecurity/lib/paths/normalize'
+import {
+  PromiseWithResolvers,
+  StringPrototypeEndsWith,
+  StringPrototypeToLowerCase,
+  StringPrototypeTrim,
+  URLSearchParamsCtor,
+} from '@socketsecurity/lib/primordials'
 
 import type { QueryParams } from './types'
 
@@ -18,7 +25,7 @@ import type { QueryParams } from './types'
  * @returns Set of normalized words
  */
 function normalizeToWordSet(s: string): Set<string> {
-  const words = s.toLowerCase().match(/\w+/g)
+  const words = StringPrototypeToLowerCase(s).match(/\w+/g)
   return new Set(words ?? [])
 }
 
@@ -97,7 +104,7 @@ export function filterRedundantCause(
   errorCause: string | undefined,
   threshold = 0.6,
 ): string | undefined {
-  if (!errorCause || !errorCause.trim()) {
+  if (!errorCause || !StringPrototypeTrim(errorCause)) {
     return undefined
   }
 
@@ -122,7 +129,7 @@ export function filterRedundantCause(
  */
 export const normalizeBaseUrl = memoize(
   (baseUrl: string): string => {
-    return baseUrl.endsWith('/') ? baseUrl : `${baseUrl}/`
+    return StringPrototypeEndsWith(baseUrl, '/') ? baseUrl : `${baseUrl}/`
   },
   { name: 'normalizeBaseUrl' },
 )
@@ -135,8 +142,8 @@ export function promiseWithResolvers<T>(): ReturnType<
   typeof Promise.withResolvers<T>
 > {
   /* c8 ignore next 3 - polyfill for older Node versions without Promise.withResolvers */
-  if (Promise.withResolvers) {
-    return Promise.withResolvers<T>()
+  if (PromiseWithResolvers) {
+    return PromiseWithResolvers<T>()
   }
 
   /* c8 ignore next 7 - polyfill implementation for older Node versions */
@@ -162,8 +169,8 @@ export function queryToSearchParams(
     | null
     | undefined,
 ): URLSearchParams {
-  const params = new URLSearchParams(
-    init as ConstructorParameters<typeof URLSearchParams>[0],
+  const params = new URLSearchParamsCtor(
+    init as ConstructorParameters<typeof URLSearchParamsCtor>[0],
   )
   // Check if normalization is needed before creating a second instance.
   let needsNormalization = false
@@ -245,7 +252,7 @@ export function shouldOmitReason(
   threshold = 0.6,
 ): boolean {
   // Omit empty/whitespace-only reasons
-  if (!reason || !reason.trim()) {
+  if (!reason || !StringPrototypeTrim(reason)) {
     return true
   }
 

src/utils/header-sanitization.ts

@@ -2,6 +2,7 @@
  * @fileoverview HTTP header sanitization utilities for secure logging.
  * Provides functions to redact sensitive header values from logs.
  */
+import { ArrayIsArray } from '@socketsecurity/lib/primordials'
 
 /**
  * List of sensitive HTTP headers that should be redacted in logs.
@@ -29,7 +30,7 @@ export function sanitizeHeaders(
   }
 
   // Handle readonly string[] case - this shouldn't normally happen for headers.
-  if (Array.isArray(headers)) {
+  if (ArrayIsArray(headers)) {
     return { headers: headers.join(', ') }
   }