Is socket cli compatible with tool version manager "asdf"?

[lschricke]

Hello,

Thanks for this great security tool!

I wanted to try it, but it seems it is not compatible with asdf. I'm using it to control the node/npm version my projet uses, and I'm getting this error when I execute socket npm install:
No preset version installed for command socket

Do you know what could be the issue with asdf? Do you plan to support it?

Cheers,
Lucas

[bmeck]

It looks like asdf does some shell scripts to try and intercept commands

https://github.com/asdf-vm/asdf/blob/bbcbddcdd4ffa0f49c3772b66d87331420fa5727/lib/utils.bash#L356-L366

It looks at the first argument in the CLI args and detects support based upon that. So for socket npm it would see socket and for socket-npm it would see socket-npm neither of which are known to it. We do not shadow npm's bin in PATH until socket npm is invoked and asdf appears to be doing processing before that. Aliasing socket-npm to npm might work reading the code or placing a symlink or script to socket-npm in your PATH before the real npm would also work. Unfortunately I don't see any way for us to alleviate this unless we provide some scripts to replace the original npm executable which is not currently planned.

[lschricke]

Hey @bmeck,

Thanks for your reply and explanation.
I'll give a try to your suggestions.

Cheers

[karfau]

I think it is also worth noticing that there is only support for "maintained" node versions (support for v14 is going to be dropped soon).

I think it would be great to mention this in the docs, especially when suggesting to create a general alias, since this will break any npm command (most likely with a cryptic syntax error) that is being run while an older node version is active (which is one of the use cases for using a node version manager).