Add Sentry integration for error reporting

[pvdz]

This creates a separate published build for the CLI that includes Sentry for error reporting.

The package will be published to @socketsecurity/socket-with-sentry and expose bins that have -with-sentry appended to them for clarity.

We've chosen for a separate build to be very explicit about the inclusion of Sentry. This way the default package does not need anything of the sorts, making it very clear that it doesn't contain or depend any Sentry things.

See the provinance for details but basically to create a build:

• SOCKET_WITH_SENTRY=1 will generate a special build (it will modify the package json!)
• IS_PUBLISH=1 will set a flag in the build to recognize that the build is published to npm

I've updated the rollup config to generate some kind of version scheme at the top of the cli.js file (in either build). It contains a few things:

• The version string listed in the package.json at the time of building
• The git commit hash at the time of building
• A random nonce, sliced of a generated uuid
• The version string, which combines the three above
• A boolean, tells you whether this build was generated for npm publishing

The nonce can be used to either confirm that the build-file changed after a rebuild locally, or to confirm whether various build artifacts belong together. The git commit SHA does not suffice locally for local dev since your repo may be dirty and/or out of sync with main.

Also updated the rollup config to inline process.env['SOCKET_IS_PUBLISHED'] and process.env['SOCKET_VERSION'].

Also added a hidden socket oops command that will trigger an exception. May remove that later.

[socket-security-staging]

No dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No dependency changes detected in pull request

[jdalton]

Looks good to start!

Update: We'll go with a scoped package approach. Something like @socketsecurity/cli-sentry.

major changes.