@coana-tech/cli 14.12.207 → 14.12.208

package/cli.mjs

@@ -12993,7 +12993,7 @@ var require_form_data = __commonJS({
     var util5 = __require("util");
     var path9 = __require("path");
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var parseUrl = __require("url").parse;
     var fs11 = __require("fs");
     var Stream2 = __require("stream").Stream;
@@ -13262,7 +13262,7 @@ var require_form_data = __commonJS({
       }
       options.headers = this.getHeaders(params.headers);
       if (options.protocol === "https:") {
-        request = https2.request(options);
+        request = https3.request(options);
       } else {
         request = http2.request(options);
       }
@@ -14160,7 +14160,7 @@ var require_follow_redirects = __commonJS({
     var url2 = __require("url");
     var URL3 = url2.URL;
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var Writable = __require("stream").Writable;
     var assert17 = __require("assert");
     var debug = require_debug();
@@ -14645,7 +14645,7 @@ var require_follow_redirects = __commonJS({
     function isURL(value2) {
       return URL3 && value2 instanceof URL3;
     }
-    module2.exports = wrap2({ http: http2, https: https2 });
+    module2.exports = wrap2({ http: http2, https: https3 });
     module2.exports.wrap = wrap2;
   }
 });
@@ -25169,7 +25169,7 @@ var require_http = __commonJS({
   "../../node_modules/.pnpm/winston@3.16.0/node_modules/winston/lib/winston/transports/http.js"(exports2, module2) {
     "use strict";
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var { Stream: Stream2 } = require_readable();
     var TransportStream = require_winston_transport();
     var { configure } = require_safe_stable_stringify();
@@ -25361,7 +25361,7 @@ var require_http = __commonJS({
         if (auth && auth.bearer) {
           headers.Authorization = `Bearer ${auth.bearer}`;
         }
-        const req = (this.ssl ? https2 : http2).request({
+        const req = (this.ssl ? https3 : http2).request({
           ...this.options,
           method: "POST",
           host: this.host,
@@ -27084,7 +27084,7 @@ var require_is_retry_allowed = __commonJS({
 var require_hpagent = __commonJS({
   "../../node_modules/.pnpm/hpagent@1.2.0/node_modules/hpagent/index.js"(exports2, module2) {
     "use strict";
-    var https2 = __require("https");
+    var https3 = __require("https");
     var http2 = __require("http");
     var { URL: URL3 } = __require("url");
     var HttpProxyAgent2 = class extends http2.Agent {
@@ -27113,7 +27113,7 @@ var require_hpagent = __commonJS({
         if (this.proxy.protocol === "https:") {
           requestOptions.servername = this.proxy.hostname;
         }
-        const request = (this.proxy.protocol === "http:" ? http2 : https2).request(requestOptions);
+        const request = (this.proxy.protocol === "http:" ? http2 : https3).request(requestOptions);
         request.once("connect", (response, socket, head) => {
           request.removeAllListeners();
           socket.removeAllListeners();
@@ -27134,7 +27134,7 @@ var require_hpagent = __commonJS({
         request.end();
       }
     };
-    var HttpsProxyAgent2 = class extends https2.Agent {
+    var HttpsProxyAgent2 = class extends https3.Agent {
       constructor(options) {
         const { proxy, proxyRequestOptions, ...opts } = options;
         super(opts);
@@ -27160,7 +27160,7 @@ var require_hpagent = __commonJS({
         if (this.proxy.protocol === "https:") {
           requestOptions.servername = this.proxy.hostname;
         }
-        const request = (this.proxy.protocol === "http:" ? http2 : https2).request(requestOptions);
+        const request = (this.proxy.protocol === "http:" ? http2 : https3).request(requestOptions);
         request.once("connect", (response, socket, head) => {
           request.removeAllListeners();
           socket.removeAllListeners();
@@ -59319,7 +59319,7 @@ var require_dist3 = __commonJS({
     "use strict";
     exports2 = module2.exports = fetch2;
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var zlib2 = __require("zlib");
     var Stream2 = __require("stream");
     var dataUriToBuffer = require_src2();
@@ -60074,7 +60074,7 @@ var require_dist3 = __commonJS({
           resolve45(response2);
           return;
         }
-        const send = (options.protocol === "https:" ? https2 : http2).request;
+        const send = (options.protocol === "https:" ? https3 : http2).request;
         const { signal } = request;
         let response = null;
         const abort = () => {
@@ -66148,7 +66148,7 @@ var require_agent5 = __commonJS({
     function getNonProxyAgent(uri, opts) {
       const parsedUri = new url_1.URL(uri);
       const isHttps2 = parsedUri.protocol === "https:";
-      const { ca, cert, key: certKey } = {
+      const { ca: ca2, cert, key: certKey } = {
         ...opts,
         ...(0, network_config_1.pickSettingByUrl)(opts.clientCertificates, uri)
       };
@@ -66156,7 +66156,7 @@ var require_agent5 = __commonJS({
         `https:${isHttps2.toString()}`,
         `local-address:${opts.localAddress ?? ">no-local-address<"}`,
         `strict-ssl:${isHttps2 ? Boolean(opts.strictSsl).toString() : ">no-strict-ssl<"}`,
-        `ca:${isHttps2 && ca?.toString() || ">no-ca<"}`,
+        `ca:${isHttps2 && ca2?.toString() || ">no-ca<"}`,
         `cert:${isHttps2 && cert?.toString() || ">no-cert<"}`,
         `key:${isHttps2 && certKey?.toString() || ">no-key<"}`
       ].join(":");
@@ -66165,7 +66165,7 @@ var require_agent5 = __commonJS({
       }
       const agentTimeout = typeof opts.timeout !== "number" || opts.timeout === 0 ? 0 : opts.timeout + 1;
       const agent = isHttps2 ? new HttpsAgent({
-        ca,
+        ca: ca2,
         cert,
         key: certKey,
         localAddress: opts.localAddress,
@@ -100367,7 +100367,7 @@ var require_tunnel = __commonJS({
     var net = __require("net");
     var tls = __require("tls");
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var events = __require("events");
     var assert17 = __require("assert");
     var util5 = __require("util");
@@ -100389,12 +100389,12 @@ var require_tunnel = __commonJS({
     }
     function httpOverHttps(options) {
       var agent = new TunnelingAgent(options);
-      agent.request = https2.request;
+      agent.request = https3.request;
       return agent;
     }
     function httpsOverHttps(options) {
       var agent = new TunnelingAgent(options);
-      agent.request = https2.request;
+      agent.request = https3.request;
       agent.createSocket = createSecureSocket;
       agent.defaultPort = 443;
       return agent;
@@ -117417,7 +117417,7 @@ var require_lib28 = __commonJS({
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.HttpClient = exports2.isHttps = exports2.HttpClientResponse = exports2.HttpClientError = exports2.getProxyUrl = exports2.MediaTypes = exports2.Headers = exports2.HttpCodes = void 0;
     var http2 = __importStar(__require("http"));
-    var https2 = __importStar(__require("https"));
+    var https3 = __importStar(__require("https"));
     var pm = __importStar(require_proxy());
     var tunnel = __importStar(require_tunnel2());
     var undici_1 = require_undici();
@@ -117808,7 +117808,7 @@ var require_lib28 = __commonJS({
         const info = {};
         info.parsedUrl = requestUrl;
         const usingSsl = info.parsedUrl.protocol === "https:";
-        info.httpModule = usingSsl ? https2 : http2;
+        info.httpModule = usingSsl ? https3 : http2;
         const defaultPort = usingSsl ? 443 : 80;
         info.options = {};
         info.options.host = info.parsedUrl.hostname;
@@ -117878,7 +117878,7 @@ var require_lib28 = __commonJS({
         }
         if (!agent) {
           const options = { keepAlive: this._keepAlive, maxSockets };
-          agent = usingSsl ? new https2.Agent(options) : new http2.Agent(options);
+          agent = usingSsl ? new https3.Agent(options) : new http2.Agent(options);
           this._agent = agent;
         }
         if (usingSsl && this._ignoreSslError) {
@@ -193948,7 +193948,7 @@ var require_axios = __commonJS({
     var url2 = __require("url");
     var proxyFromEnv2 = require_proxy_from_env();
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var util5 = __require("util");
     var followRedirects2 = require_follow_redirects();
     var zlib2 = __require("zlib");
@@ -193962,7 +193962,7 @@ var require_axios = __commonJS({
     var url__default = /* @__PURE__ */ _interopDefaultLegacy(url2);
     var proxyFromEnv__default = /* @__PURE__ */ _interopDefaultLegacy(proxyFromEnv2);
     var http__default = /* @__PURE__ */ _interopDefaultLegacy(http2);
-    var https__default = /* @__PURE__ */ _interopDefaultLegacy(https2);
+    var https__default = /* @__PURE__ */ _interopDefaultLegacy(https3);
     var util__default = /* @__PURE__ */ _interopDefaultLegacy(util5);
     var followRedirects__default = /* @__PURE__ */ _interopDefaultLegacy(followRedirects2);
     var zlib__default = /* @__PURE__ */ _interopDefaultLegacy(zlib2);
@@ -197280,7 +197280,7 @@ var require_form_data2 = __commonJS({
     var util5 = __require("util");
     var path9 = __require("path");
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var parseUrl = __require("url").parse;
     var fs11 = __require("fs");
     var mime = require_mime_types();
@@ -197546,7 +197546,7 @@ var require_form_data2 = __commonJS({
       }
       options.headers = this.getHeaders(params.headers);
       if (options.protocol == "https:") {
-        request = https2.request(options);
+        request = https3.request(options);
       } else {
         request = http2.request(options);
       }
@@ -204079,6 +204079,11 @@ axiosRetry.exponentialDelay = exponentialDelay;
 axiosRetry.isRetryableError = isRetryableError;
 var esm_default = axiosRetry;
 
+// ../utils/src/dashboard-api/axios-aux.ts
+import https2 from "node:https";
+import { readFileSync } from "node:fs";
+import { rootCertificates } from "node:tls";
+
 // ../../node_modules/.pnpm/hpagent@1.2.0/node_modules/hpagent/index.mjs
 var import_index2 = __toESM(require_hpagent(), 1);
 var HttpProxyAgent = import_index2.default.HttpProxyAgent;
@@ -204088,7 +204093,20 @@ var HttpsProxyAgent = import_index2.default.HttpsProxyAgent;
 var import_lodash = __toESM(require_lodash(), 1);
 var { pickBy } = import_lodash.default;
 function getProxyUrl() {
-  return process.env.SOCKET_CLI_API_PROXY;
+  return process.env.SOCKET_CLI_API_PROXY ?? process.env.HTTPS_PROXY ?? process.env.https_proxy ?? process.env.HTTP_PROXY ?? process.env.http_proxy;
+}
+function getExtraCaCerts() {
+  if (process.env.NODE_EXTRA_CA_CERTS) {
+    return void 0;
+  }
+  const certPath = process.env.SSL_CERT_FILE;
+  if (!certPath) return void 0;
+  try {
+    const extraCerts = readFileSync(certPath, "utf-8");
+    return [...rootCertificates, extraCerts];
+  } catch {
+    return void 0;
+  }
 }
 function handleError(error, errorMessage, throwErr = true) {
   if (error instanceof AxiosError2) {
@@ -204101,9 +204119,15 @@ function handleError(error, errorMessage, throwErr = true) {
   }
 }
 var proxyUrl = getProxyUrl();
+var ca = getExtraCaCerts();
 var axiosClient = axios_default.create({
-  httpsAgent: proxyUrl ? new HttpsProxyAgent({ proxy: proxyUrl }) : void 0,
-  httpAgent: proxyUrl ? new HttpProxyAgent({ proxy: proxyUrl }) : void 0
+  httpsAgent: proxyUrl ? new HttpsProxyAgent({ proxy: proxyUrl, ...ca ? { ca, proxyConnectOptions: { ca } } : {} }) : ca ? new https2.Agent({ ca }) : void 0,
+  httpAgent: proxyUrl ? new HttpProxyAgent({ proxy: proxyUrl }) : void 0,
+  // Disable axios's built-in proxy detection from HTTPS_PROXY/HTTP_PROXY env vars.
+  // When hpagent is configured, axios's own proxy handling would conflict with it.
+  // When no proxy is configured, we don't want axios silently routing through an env proxy
+  // without proper TLS/CA handling.
+  proxy: false
 });
 esm_default(axiosClient, {
   retries: 7,
@@ -204685,7 +204709,7 @@ function getSocketAPI() {
 
 // ../utils/src/tool-extractor.ts
 import { createHash } from "node:crypto";
-import { createReadStream, createWriteStream as createWriteStream3, readFileSync, statSync as statSync2 } from "node:fs";
+import { createReadStream, createWriteStream as createWriteStream3, readFileSync as readFileSync2, statSync as statSync2 } from "node:fs";
 import { copyFile, cp as cp2, mkdir as mkdir4, writeFile as writeFile2 } from "node:fs/promises";
 import { tmpdir as tmpdir2 } from "node:os";
 import { basename as basename3, dirname as dirname5, join as join5 } from "node:path";
@@ -211677,7 +211701,7 @@ function getCliVersion() {
   if (cliVersion) return cliVersion;
   try {
     const packageJsonPath = isNexeMode() ? join5(NEXE_VIRTUAL_FS_ROOT, "package.json") : join5(dirname5(dirname5(dirname5(dirname5(__filename)))), "npm-package-cli", "package.json");
-    const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf-8"));
+    const packageJson = JSON.parse(readFileSync2(packageJsonPath, "utf-8"));
     if (process.env.ALWAYS_REEXTRACT_TOOLS === "true") {
       logger.info("ALWAYS_REEXTRACT_TOOLS is set to true, re-extracting tools");
       const randomVersion = Math.random().toString().slice(2, 8);
@@ -211706,7 +211730,7 @@ function loadChecksums() {
       throw new Error("Tool extraction is only supported in nexe mode");
     }
     const checksumsPath = join5(NEXE_VIRTUAL_FS_ROOT, "checksums.json");
-    return JSON.parse(readFileSync(checksumsPath, "utf-8"));
+    return JSON.parse(readFileSync2(checksumsPath, "utf-8"));
   } catch (error) {
     logger.warn("Failed to load checksums.json:", error);
     throw new Error(
@@ -224978,7 +225002,7 @@ async function runCommandResolveStdOut4(cmd, dir, options) {
 
 // ../utils/dist/package-utils.js
 import { parse as parse5, join as join11, resolve as resolve17, normalize as normalize2, dirname as dirname12, basename as basename5, relative as relative5 } from "path";
-import { existsSync as existsSync11, readFileSync as readFileSync2, readdirSync as readdirSync2, statSync as statSync3, writeFileSync } from "fs";
+import { existsSync as existsSync11, readFileSync as readFileSync3, readdirSync as readdirSync2, statSync as statSync3, writeFileSync } from "fs";
 function getPackageJsonObject(workspaceRoot) {
   const packageJSONContent = getPackageJsonContent(workspaceRoot);
   if (!packageJSONContent)
@@ -224988,7 +225012,7 @@ function getPackageJsonObject(workspaceRoot) {
 function getPackageJsonContent(workspaceRoot) {
   const packageJsonPath = getPackageJSONPath(workspaceRoot);
   if (existsSync11(packageJsonPath))
-    return readFileSync2(packageJsonPath, "utf8");
+    return readFileSync3(packageJsonPath, "utf8");
   return void 0;
 }
 function getPackageJSONPath(workspaceRoot) {
@@ -225598,7 +225622,7 @@ import { relative as relative9, resolve as resolve23 } from "path";
 
 // ../utils/src/package-utils.ts
 import { parse as parse7, join as join13, resolve as resolve22, normalize as normalize3, dirname as dirname13, basename as basename6, relative as relative8 } from "path";
-import { existsSync as existsSync15, readFileSync as readFileSync3, readdirSync as readdirSync3, statSync as statSync4, writeFileSync as writeFileSync2 } from "fs";
+import { existsSync as existsSync15, readFileSync as readFileSync4, readdirSync as readdirSync3, statSync as statSync4, writeFileSync as writeFileSync2 } from "fs";
 function setFieldInPackageJson(workspaceRoot, field, value2) {
   const packageJSONContentObj = getPackageJsonObject2(workspaceRoot);
   if (!packageJSONContentObj) return void 0;
@@ -225615,7 +225639,7 @@ function writePackageJsonContent(workspaceRoot, packageJsonContent) {
 }
 function getPackageJsonContent2(workspaceRoot) {
   const packageJsonPath = getPackageJSONPath2(workspaceRoot);
-  if (existsSync15(packageJsonPath)) return readFileSync3(packageJsonPath, "utf8");
+  if (existsSync15(packageJsonPath)) return readFileSync4(packageJsonPath, "utf8");
   return void 0;
 }
 function getPackageJSONPath2(workspaceRoot) {
@@ -230426,7 +230450,7 @@ import assert14 from "node:assert";
 var import_good_enough_parser4 = __toESM(require_cjs(), 1);
 init_ruby_lang();
 import { resolve as resolve32, dirname as dirname21, relative as relative14 } from "node:path";
-import { existsSync as existsSync20, readFileSync as readFileSync4, readdirSync as readdirSync4 } from "node:fs";
+import { existsSync as existsSync20, readFileSync as readFileSync5, readdirSync as readdirSync4 } from "node:fs";
 init_gemspec_utils();
 var booleanQuery2 = import_good_enough_parser4.query.alt(
   import_good_enough_parser4.query.sym(/^true|false$/, (ctx, { value: value2, offset }) => {
@@ -230542,7 +230566,7 @@ var evalGemfileQuery = import_good_enough_parser4.query.sym("eval_gemfile").join
   const rootDir = ctx.gemfile.rootDir;
   const file = relative14(rootDir, resolve32(rootDir, dirname21(ctx.gemfile.file), pathEvaluated));
   if (!existsSync20(resolve32(rootDir, file))) return ctx;
-  const sourceText = readFileSync4(resolve32(rootDir, file), "utf-8");
+  const sourceText = readFileSync5(resolve32(rootDir, file), "utf-8");
   const parser2 = import_good_enough_parser4.lang.createLang(lang3);
   const cursor = parser2.parse(sourceText);
   const otherCtx = parser2.query(cursor, treeQuery4, {
@@ -230634,7 +230658,7 @@ var gemspecQuery = import_good_enough_parser4.query.sym("gemspec").opt(
   const gemspecFullPath = resolve32(searchDir, gemspecFile);
   const gemspecRelativePath = relative14(rootDir, gemspecFullPath);
   try {
-    const sourceText = readFileSync4(gemspecFullPath, "utf-8");
+    const sourceText = readFileSync5(gemspecFullPath, "utf-8");
     const gemspec = parseGemspec(rootDir, gemspecRelativePath, sourceText);
     ctx.gemspecs.push(gemspec);
     ctx.gems.push(...gemspec.dependencies);
@@ -251718,7 +251742,7 @@ async function onlineScan(dependencyTree, apiKey, timeout) {
 }
 
 // dist/version.js
-var version3 = "14.12.207";
+var version3 = "14.12.208";
 
 // dist/cli-core.js
 var { mapValues, omit, partition, pickBy: pickBy2 } = import_lodash15.default;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coana-tech/cli",
-  "version": "14.12.207",
+  "version": "14.12.208",
   "description": "Coana CLI",
   "type": "module",
   "bin": {

package/reachability-analyzers-cli.mjs

@@ -12036,7 +12036,7 @@ var require_http = __commonJS({
   "../../node_modules/.pnpm/winston@3.16.0/node_modules/winston/lib/winston/transports/http.js"(exports, module) {
     "use strict";
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var { Stream: Stream2 } = require_readable();
     var TransportStream = require_winston_transport();
     var { configure } = require_safe_stable_stringify();
@@ -12228,7 +12228,7 @@ var require_http = __commonJS({
         if (auth && auth.bearer) {
           headers.Authorization = `Bearer ${auth.bearer}`;
         }
-        const req = (this.ssl ? https2 : http2).request({
+        const req = (this.ssl ? https3 : http2).request({
           ...this.options,
           method: "POST",
           host: this.host,
@@ -33790,7 +33790,7 @@ var require_form_data = __commonJS({
     var util6 = __require("util");
     var path10 = __require("path");
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var parseUrl = __require("url").parse;
     var fs12 = __require("fs");
     var Stream2 = __require("stream").Stream;
@@ -34059,7 +34059,7 @@ var require_form_data = __commonJS({
       }
       options.headers = this.getHeaders(params.headers);
       if (options.protocol === "https:") {
-        request = https2.request(options);
+        request = https3.request(options);
       } else {
         request = http2.request(options);
       }
@@ -34944,7 +34944,7 @@ var require_follow_redirects = __commonJS({
     var url2 = __require("url");
     var URL3 = url2.URL;
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var Writable = __require("stream").Writable;
     var assert11 = __require("assert");
     var debug = require_debug();
@@ -35429,7 +35429,7 @@ var require_follow_redirects = __commonJS({
     function isURL(value2) {
       return URL3 && value2 instanceof URL3;
     }
-    module.exports = wrap2({ http: http2, https: https2 });
+    module.exports = wrap2({ http: http2, https: https3 });
     module.exports.wrap = wrap2;
   }
 });
@@ -35479,7 +35479,7 @@ var require_is_retry_allowed = __commonJS({
 var require_hpagent = __commonJS({
   "../../node_modules/.pnpm/hpagent@1.2.0/node_modules/hpagent/index.js"(exports, module) {
     "use strict";
-    var https2 = __require("https");
+    var https3 = __require("https");
     var http2 = __require("http");
     var { URL: URL3 } = __require("url");
     var HttpProxyAgent2 = class extends http2.Agent {
@@ -35508,7 +35508,7 @@ var require_hpagent = __commonJS({
         if (this.proxy.protocol === "https:") {
           requestOptions.servername = this.proxy.hostname;
         }
-        const request = (this.proxy.protocol === "http:" ? http2 : https2).request(requestOptions);
+        const request = (this.proxy.protocol === "http:" ? http2 : https3).request(requestOptions);
         request.once("connect", (response, socket, head) => {
           request.removeAllListeners();
           socket.removeAllListeners();
@@ -35529,7 +35529,7 @@ var require_hpagent = __commonJS({
         request.end();
       }
     };
-    var HttpsProxyAgent2 = class extends https2.Agent {
+    var HttpsProxyAgent2 = class extends https3.Agent {
       constructor(options) {
         const { proxy, proxyRequestOptions, ...opts } = options;
         super(opts);
@@ -35555,7 +35555,7 @@ var require_hpagent = __commonJS({
         if (this.proxy.protocol === "https:") {
           requestOptions.servername = this.proxy.hostname;
         }
-        const request = (this.proxy.protocol === "http:" ? http2 : https2).request(requestOptions);
+        const request = (this.proxy.protocol === "http:" ? http2 : https3).request(requestOptions);
         request.once("connect", (response, socket, head) => {
           request.removeAllListeners();
           socket.removeAllListeners();
@@ -36168,7 +36168,7 @@ var require_tunnel = __commonJS({
     var net = __require("net");
     var tls = __require("tls");
     var http2 = __require("http");
-    var https2 = __require("https");
+    var https3 = __require("https");
     var events = __require("events");
     var assert11 = __require("assert");
     var util6 = __require("util");
@@ -36190,12 +36190,12 @@ var require_tunnel = __commonJS({
     }
     function httpOverHttps(options) {
       var agent = new TunnelingAgent(options);
-      agent.request = https2.request;
+      agent.request = https3.request;
       return agent;
     }
     function httpsOverHttps(options) {
       var agent = new TunnelingAgent(options);
-      agent.request = https2.request;
+      agent.request = https3.request;
       agent.createSocket = createSecureSocket;
       agent.defaultPort = 443;
       return agent;
@@ -53218,7 +53218,7 @@ var require_lib = __commonJS({
     Object.defineProperty(exports, "__esModule", { value: true });
     exports.HttpClient = exports.isHttps = exports.HttpClientResponse = exports.HttpClientError = exports.getProxyUrl = exports.MediaTypes = exports.Headers = exports.HttpCodes = void 0;
     var http2 = __importStar(__require("http"));
-    var https2 = __importStar(__require("https"));
+    var https3 = __importStar(__require("https"));
     var pm = __importStar(require_proxy());
     var tunnel = __importStar(require_tunnel2());
     var undici_1 = require_undici();
@@ -53609,7 +53609,7 @@ var require_lib = __commonJS({
         const info = {};
         info.parsedUrl = requestUrl;
         const usingSsl = info.parsedUrl.protocol === "https:";
-        info.httpModule = usingSsl ? https2 : http2;
+        info.httpModule = usingSsl ? https3 : http2;
         const defaultPort = usingSsl ? 443 : 80;
         info.options = {};
         info.options.host = info.parsedUrl.hostname;
@@ -53679,7 +53679,7 @@ var require_lib = __commonJS({
         }
         if (!agent) {
           const options = { keepAlive: this._keepAlive, maxSockets };
-          agent = usingSsl ? new https2.Agent(options) : new http2.Agent(options);
+          agent = usingSsl ? new https3.Agent(options) : new http2.Agent(options);
           this._agent = agent;
         }
         if (usingSsl && this._ignoreSslError) {
@@ -79558,6 +79558,11 @@ axiosRetry.exponentialDelay = exponentialDelay;
 axiosRetry.isRetryableError = isRetryableError;
 var esm_default = axiosRetry;
 
+// ../utils/src/dashboard-api/axios-aux.ts
+import https2 from "node:https";
+import { readFileSync } from "node:fs";
+import { rootCertificates } from "node:tls";
+
 // ../../node_modules/.pnpm/hpagent@1.2.0/node_modules/hpagent/index.mjs
 var import_index2 = __toESM(require_hpagent(), 1);
 var HttpProxyAgent = import_index2.default.HttpProxyAgent;
@@ -79567,7 +79572,20 @@ var HttpsProxyAgent = import_index2.default.HttpsProxyAgent;
 var import_lodash2 = __toESM(require_lodash(), 1);
 var { pickBy } = import_lodash2.default;
 function getProxyUrl() {
-  return process.env.SOCKET_CLI_API_PROXY;
+  return process.env.SOCKET_CLI_API_PROXY ?? process.env.HTTPS_PROXY ?? process.env.https_proxy ?? process.env.HTTP_PROXY ?? process.env.http_proxy;
+}
+function getExtraCaCerts() {
+  if (process.env.NODE_EXTRA_CA_CERTS) {
+    return void 0;
+  }
+  const certPath = process.env.SSL_CERT_FILE;
+  if (!certPath) return void 0;
+  try {
+    const extraCerts = readFileSync(certPath, "utf-8");
+    return [...rootCertificates, extraCerts];
+  } catch {
+    return void 0;
+  }
 }
 function handleError(error, errorMessage, throwErr = true) {
   if (error instanceof AxiosError2) {
@@ -79580,9 +79598,15 @@ function handleError(error, errorMessage, throwErr = true) {
   }
 }
 var proxyUrl = getProxyUrl();
+var ca = getExtraCaCerts();
 var axiosClient = axios_default.create({
-  httpsAgent: proxyUrl ? new HttpsProxyAgent({ proxy: proxyUrl }) : void 0,
-  httpAgent: proxyUrl ? new HttpProxyAgent({ proxy: proxyUrl }) : void 0
+  httpsAgent: proxyUrl ? new HttpsProxyAgent({ proxy: proxyUrl, ...ca ? { ca, proxyConnectOptions: { ca } } : {} }) : ca ? new https2.Agent({ ca }) : void 0,
+  httpAgent: proxyUrl ? new HttpProxyAgent({ proxy: proxyUrl }) : void 0,
+  // Disable axios's built-in proxy detection from HTTPS_PROXY/HTTP_PROXY env vars.
+  // When hpagent is configured, axios's own proxy handling would conflict with it.
+  // When no proxy is configured, we don't want axios silently routing through an env proxy
+  // without proper TLS/CA handling.
+  proxy: false
 });
 esm_default(axiosClient, {
   retries: 7,
@@ -88442,7 +88466,7 @@ import { basename as basename3, join as join8, relative as relative3, resolve as
 
 // ../utils/src/package-utils.ts
 import { parse as parse2, join as join7, resolve as resolve4, normalize as normalize2, dirname as dirname3, basename as basename2, relative as relative2 } from "path";
-import { existsSync as existsSync5, readFileSync, readdirSync as readdirSync2, statSync, writeFileSync } from "fs";
+import { existsSync as existsSync5, readFileSync as readFileSync2, readdirSync as readdirSync2, statSync, writeFileSync } from "fs";
 function getPackageJsonObject(workspaceRoot) {
   const packageJSONContent = getPackageJsonContent(workspaceRoot);
   if (!packageJSONContent) return void 0;
@@ -88450,7 +88474,7 @@ function getPackageJsonObject(workspaceRoot) {
 }
 function getPackageJsonContent(workspaceRoot) {
   const packageJsonPath = getPackageJSONPath(workspaceRoot);
-  if (existsSync5(packageJsonPath)) return readFileSync(packageJsonPath, "utf8");
+  if (existsSync5(packageJsonPath)) return readFileSync2(packageJsonPath, "utf8");
   return void 0;
 }
 function getPackageJSONPath(workspaceRoot) {
@@ -88750,7 +88774,7 @@ var ToolPathResolver = class {
 
 // dist/whole-program-code-aware-vulnerability-scanner/code-aware-vulnerability-scanner.js
 var import_lodash14 = __toESM(require_lodash(), 1);
-import { readFileSync as readFileSync3 } from "fs";
+import { readFileSync as readFileSync4 } from "fs";
 import { resolve as resolve18 } from "path";
 
 // dist/whole-program-code-aware-vulnerability-scanner/dotnet/dotnet-code-aware-vulnerability-scanner.js
@@ -88767,7 +88791,7 @@ function getUrlForPackage(packageName, version3) {
 
 // ../utils/src/tool-extractor.ts
 import { createHash } from "node:crypto";
-import { createReadStream, createWriteStream as createWriteStream3, readFileSync as readFileSync2, statSync as statSync3 } from "node:fs";
+import { createReadStream, createWriteStream as createWriteStream3, readFileSync as readFileSync3, statSync as statSync3 } from "node:fs";
 import { copyFile as copyFile2, cp as cp4, mkdir as mkdir4, writeFile as writeFile4 } from "node:fs/promises";
 import { tmpdir as tmpdir3 } from "node:os";
 import { basename as basename5, dirname as dirname8, join as join11 } from "node:path";
@@ -93931,7 +93955,7 @@ function getCliVersion() {
   if (cliVersion) return cliVersion;
   try {
     const packageJsonPath = isNexeMode() ? join11(NEXE_VIRTUAL_FS_ROOT, "package.json") : join11(dirname8(dirname8(dirname8(dirname8(__filename)))), "npm-package-cli", "package.json");
-    const packageJson = JSON.parse(readFileSync2(packageJsonPath, "utf-8"));
+    const packageJson = JSON.parse(readFileSync3(packageJsonPath, "utf-8"));
     if (process.env.ALWAYS_REEXTRACT_TOOLS === "true") {
       logger.info("ALWAYS_REEXTRACT_TOOLS is set to true, re-extracting tools");
       const randomVersion = Math.random().toString().slice(2, 8);
@@ -93960,7 +93984,7 @@ function loadChecksums() {
       throw new Error("Tool extraction is only supported in nexe mode");
     }
     const checksumsPath = join11(NEXE_VIRTUAL_FS_ROOT, "checksums.json");
-    return JSON.parse(readFileSync2(checksumsPath, "utf-8"));
+    return JSON.parse(readFileSync3(checksumsPath, "utf-8"));
   } catch (error) {
     logger.warn("Failed to load checksums.json:", error);
     throw new Error(
@@ -113058,7 +113082,7 @@ async function runWithJSHeuristics(cb) {
 function getCurrentCommitHash(project) {
   const headShaPath = resolve18(COANA_REPOS_PATH(), project, "HEAD_SHA");
   try {
-    const content = readFileSync3(headShaPath, "utf-8").trim();
+    const content = readFileSync4(headShaPath, "utf-8").trim();
     const colonIndex = content.indexOf(":");
     return colonIndex !== -1 ? content.slice(colonIndex + 1) : content;
   } catch {