@socketsecurity/cli-with-sentry 0.14.49 → 0.14.51

package/dist/module-sync/cli.js

@@ -15,6 +15,7 @@ var node_url = require('node:url');
 var ponyCause = _socketInterop(require('pony-cause'));
 var updateNotifier = _socketInterop(require('tiny-updater'));
 var colors = _socketInterop(require('yoctocolors-cjs'));
+var logger = require('@socketsecurity/registry/lib/logger');
 var micromatch = _socketInterop(require('micromatch'));
 var simpleGit = _socketInterop(require('simple-git'));
 var sdk = require('@socketsecurity/sdk');
@@ -58,8 +59,10 @@ var npmPaths = require('./npm-paths.js');
 var npm$1 = require('./npm.js');
 var betterAjvErrors = _socketInterop(require('@apideck/better-ajv-errors'));
 var config$A = require('@socketsecurity/config');
+var assert = require('node:assert');
 var readline = require('node:readline/promises');
 var open = _socketInterop(require('open'));
+var node_child_process = require('node:child_process');
 var TableWidget = _socketInterop(require('blessed-contrib/lib/widget/table'));
 var readline$1 = require('node:readline');
 
@@ -1296,7 +1299,7 @@ function handleUnsuccessfulApiResponse(_name, result, spinner) {
     spinner.stop();
     throw new index.AuthError(message);
   }
-  spinner.error(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
+  spinner.errorAndStop(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
   process$1.exit(1);
 }
 async function handleApiCall(value, description) {
@@ -1515,7 +1518,7 @@ function meowOrExit({
 }
 function getAsciiHeader(command) {
   const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['SOCKET_CLI_VERSION_HASH']".
-  "0.14.49:216163f:34d3aac1:pub";
+  "0.14.51:8252840:e7069cc4:pub";
   const nodeVersion = process.version;
   const apiToken = index.getSetting('apiToken');
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
@@ -2335,15 +2338,13 @@ async function getDiffScan({
   orgSlug,
   outputJson
 }, apiToken) {
-  const spinnerText = 'Getting diff scan... \n';
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Getting diff scan...');
   const response = await queryAPI(`${orgSlug}/full-scans/diff?before=${before}&after=${after}&preview`, apiToken);
   const data = await response.json();
   if (!response.ok) {
     const err = await handleAPIError(response.status);
-    spinner$1.error(`${colors.bgRed(colors.white(response.statusText))}: ${err}`);
+    spinner$1.errorAndStop(`${colors.bgRed(colors.white(response.statusText))}: ${err}`);
     return;
   }
   spinner$1.stop();
@@ -2515,9 +2516,7 @@ async function runFix() {
       const tree = arb.idealTree;
       const hasUpgrade = !!registry.getManifestData(NPM$d, name);
       if (hasUpgrade) {
-        spinner$1.stop();
-        console.log(`Skipping ${name}. Socket Optimize package exists.`);
-        spinner$1.start();
+        spinner$1.info(`Skipping ${name}. Socket Optimize package exists.`);
         continue;
       }
       const nodes = index.findPackageNodes(tree, name);
@@ -2543,10 +2542,10 @@ async function runFix() {
               try {
                 // eslint-disable-next-line no-await-in-loop
                 await npm.runScript('test', [], {
-                  stdio: 'pipe'
+                  spinner: spinner$1,
+                  stdio: 'ignore'
                 });
                 spinner$1.info(`Patched ${name} ${oldVersion} -> ${node.version}`);
-                spinner$1.start();
                 if (isTopLevel(tree, node)) {
                   for (const depField of ['dependencies', 'optionalDependencies', 'peerDependencies']) {
                     const oldVersion = editablePkgJson.content[depField]?.[name];
@@ -2560,13 +2559,10 @@ async function runFix() {
                 await editablePkgJson.save();
               } catch {
                 spinner$1.error(`Reverting ${name} to ${oldVersion}`);
-                spinner$1.start();
                 arb.idealTree = revertToIdealTree;
               }
             } else {
-              spinner$1.stop();
-              console.log(`Could not patch ${name} ${oldVersion}`);
-              spinner$1.start();
+              spinner$1.error(`Could not patch ${name} ${oldVersion}`);
             }
           }
         }
@@ -2739,7 +2735,7 @@ function formatPackageInfo({
       spinner[strict ? 'error' : 'success'](`Package has these issues: ${formatSeverityCount(severityCount)}`);
       formatPackageIssuesDetails(data, outputMarkdown);
     } else {
-      spinner.success('Package has no issues');
+      spinner.successAndStop('Package has no issues');
     }
     const format = new index.ColorOrMarkdown(!!outputMarkdown);
     const url = index.getSocketDevPackageOverviewUrl(NPM$c, pkgName, pkgVersion);
@@ -2907,9 +2903,8 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
   })) || SOCKET_PUBLIC_API_TOKEN;
   apiBaseUrl ??= index.getSetting('apiBaseUrl') ?? undefined;
   apiProxy ??= index.getSetting('apiProxy') ?? undefined;
-  const spinner$1 = new spinner.Spinner({
-    text: 'Verifying API key...'
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Verifying API key...');
   let orgs;
   try {
     const sdk = await index.setupSdk(apiToken, apiBaseUrl, apiProxy);
@@ -2920,7 +2915,7 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
     orgs = result.data;
     spinner$1.success('API key verified');
   } catch {
-    spinner$1.error('Invalid API key');
+    spinner$1.errorAndStop('Invalid API key');
     return;
   }
   const enforcedChoices = Object.values(orgs.organizations).filter(org => org?.plan === 'enterprise').map(org => ({
@@ -2936,6 +2931,8 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
         value: '',
         description: 'Pick "None" if this is a personal device'
       })
+    }, {
+      spinner: spinner$1
     });
     if (id) {
       enforcedOrgs = [id];
@@ -2944,6 +2941,8 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
     const confirmOrg = await prompts.confirm({
       message: `Should Socket enforce ${enforcedChoices[0]?.name}'s security policies system-wide?`,
       default: true
+    }, {
+      spinner: spinner$1
     });
     if (confirmOrg) {
       const existing = enforcedChoices[0];
@@ -2955,9 +2954,9 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
   const oldToken = index.getSetting('apiToken');
   try {
     applyLogin(apiToken, enforcedOrgs, apiBaseUrl, apiProxy);
-    spinner$1.success(`API credentials ${oldToken ? 'updated' : 'set'}`);
+    spinner$1.successAndStop(`API credentials ${oldToken ? 'updated' : 'set'}`);
   } catch {
-    spinner$1.error(`API login failed`);
+    spinner$1.errorAndStop(`API login failed`);
   }
 }
 
@@ -3025,9 +3024,9 @@ function applyLogout() {
 function attemptLogout() {
   try {
     applyLogout();
-    new spinner.Spinner().success('Successfully logged out');
+    logger.logger.success('Successfully logged out');
   } catch {
-    new spinner.Spinner().success('Failed to complete logout steps');
+    logger.logger.error('Failed to complete logout steps');
   }
 }
 
@@ -3094,19 +3093,18 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     const initLocation = path.join(constants.rootDistPath, 'init.gradle');
     const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
     if (verbose) {
-      console.log('\n[VERBOSE] Executing:', bin, commandArgs);
+      spinner$1.log('[VERBOSE] Executing:', bin, commandArgs);
     }
     const output = await spawn(bin, commandArgs, {
       cwd: target || '.'
     });
-    spinner$1.success();
     if (verbose) {
       console.group('[VERBOSE] gradle stdout:');
       console.log(output);
       console.groupEnd();
     }
     if (output.stderr) {
-      spinner$1.error('There were errors while running gradle');
+      spinner$1.errorAndStop('There were errors while running gradle');
       // (In verbose mode, stderr was printed above, no need to repeat it)
       if (!verbose) {
         console.group('[VERBOSE] stderr:');
@@ -3115,6 +3113,7 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
       }
       process.exit(1);
     }
+    spinner$1.successAndStop('Executed gradle successfully');
     console.log('Reported exports:');
     output.stdout.replace(/^POM file copied to: (.*)/gm, (_all, fn) => {
       console.log('- ', fn);
@@ -3123,7 +3122,7 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
 
     // const loc = output.stdout?.match(/Wrote (.*?.pom)\n/)?.[1]?.trim()
     // if (!loc) {
-    //   spinner.error(
+    //   console.error(
     //     'There were no errors from sbt but could not find the location of resulting .pom file either'
     //   )
     //   process.exit(1)
@@ -3131,25 +3130,25 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     //
     // // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
     // if (out === '-') {
-    //   spinner.start('Result:\n```').success()
+    //   spinner.start('Result:\n```')
     //   console.log(await safeReadFile(loc, 'utf8'))
     //   console.log('```')
-    //   spinner.start().success(`OK`)
+    //   spinner.successAndStop(`OK`)
     // } else {
+    //   spinner.start()
     //   if (verbose) {
-    //     spinner.start(
+    //     spinner.log(
     //       `Moving manifest file from \`${loc.replace(/^\/home\/[^/]*?\//, '~/')}\` to \`${out}\``
     //     )
     //   } else {
-    //     spinner.start('Moving output pom file')
+    //     spinner.log('Moving output pom file')
     //   }
     //   // TODO: do we prefer fs-extra? renaming can be gnarly on windows and fs-extra's version is better
     //   await renamep(loc, out)
-    //   spinner.success()
-    //   spinner.start().success(`OK. File should be available in \`${out}\``)
+    //   spinner.successAndStop(`OK. File should be available in \`${out}\``)
     // }
   } catch (e) {
-    spinner$1.error('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    spinner$1.errorAndStop('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
     if (verbose) {
       console.group('[VERBOSE] error:');
       console.log(e);
@@ -3317,21 +3316,22 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
   const spinner$1 = new spinner.Spinner();
   spinner$1.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
   try {
-    // Run sbt with the init script we provide which should yield zero or more pom files.
-    // We have to figure out where to store those pom files such that we can upload them and predict them through the GitHub API.
-    // We could do a .socket folder. We could do a socket.pom.gz with all the poms, although I'd prefer something plain-text if it is to be committed.
-
+    // Run sbt with the init script we provide which should yield zero or more
+    // pom files. We have to figure out where to store those pom files such that
+    // we can upload them and predict them through the GitHub API. We could do a
+    // .socket folder. We could do a socket.pom.gz with all the poms, although
+    // I'd prefer something plain-text if it is to be committed.
     const output = await spawn(bin, ['makePom'].concat(sbtOpts), {
       cwd: target || '.'
     });
-    spinner$1.success();
+    spinner$1.stop();
     if (verbose) {
       console.group('[VERBOSE] sbt stdout:');
       console.log(output);
       console.groupEnd();
     }
     if (output.stderr) {
-      spinner$1.error('There were errors while running sbt');
+      logger.logger.error('There were errors while running sbt');
       // (In verbose mode, stderr was printed above, no need to repeat it)
       if (!verbose) {
         console.group('[VERBOSE] stderr:');
@@ -3346,39 +3346,38 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
       return fn;
     });
     if (!poms.length) {
-      spinner$1.error('There were no errors from sbt but it seems to not have generated any poms either');
+      logger.logger.error('There were no errors from sbt but it seems to not have generated any poms either');
       process.exit(1);
     }
-
     // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
     // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
     // TODO: maybe we can add an option to target a specific file to dump to stdout
     if (out === '-' && poms.length === 1) {
-      spinner$1.start('Result:\n```').success();
+      logger.logger.log('Result:\n```');
       console.log(await index.safeReadFile(poms[0], 'utf8'));
-      console.log('```');
-      spinner$1.start().success(`OK`);
+      logger.logger.log('```');
+      logger.logger.success(`OK`);
     } else if (out === '-') {
-      spinner$1.start().error('Requested out target was stdout but there are multiple generated files');
+      logger.logger.error('Requested out target was stdout but there are multiple generated files');
       poms.forEach(fn => console.error('-', fn));
       console.error('Exiting now...');
       process.exit(1);
     } else {
       // if (verbose) {
-      //   spinner.start(
+      //   console.log(
       //     `Moving manifest file from \`${loc.replace(/^\/home\/[^/]*?\//, '~/')}\` to \`${out}\``
       //   )
       // } else {
-      //   spinner.start('Moving output pom file')
+      //   console.log('Moving output pom file')
       // }
       // TODO: do we prefer fs-extra? renaming can be gnarly on windows and fs-extra's version is better
       // await renamep(loc, out)
-      spinner$1.start().success(`Generated ${poms.length} pom files`);
+      logger.logger.success(`Generated ${poms.length} pom files`);
       poms.forEach(fn => console.log('-', fn));
-      spinner$1.start().success(`OK`);
+      logger.logger.success(`OK`);
     }
   } catch (e) {
-    spinner$1.error('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    spinner$1.errorAndStop('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
     if (verbose) {
       console.group('[VERBOSE] error:');
       console.log(e);
@@ -4800,9 +4799,7 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
   } else {
     overridesDataObjects.push(overridesDataByAgent.get(NPM$1)(pkgJson), overridesDataByAgent.get(YARN_CLASSIC)(pkgJson));
   }
-  if (spinner) {
-    spinner.text = `Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`;
-  }
+  spinner?.setText(`Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`);
   const depAliasMap = new Map();
   const nodeRange = `>=${pkgEnvDetails.minimumNodeVersion}`;
   const manifestEntries = manifestNpmOverrides.filter(({
@@ -4979,9 +4976,8 @@ async function getOrganization(format = 'text') {
   await printOrganizationsFromToken(apiToken, format);
 }
 async function printOrganizationsFromToken(apiToken, format = 'text') {
-  const spinner$1 = new spinner.Spinner({
-    text: 'Fetching organizations...'
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Fetching organizations...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrganizations(), 'looking up organizations');
   if (!result.success) {
@@ -5223,24 +5219,28 @@ async function createReport(socketConfig, inputPaths, {
     });
   });
   const packagePaths = await npmPaths.getPackageFiles(cwd, inputPaths, socketConfig, supportedFiles);
-  npmPaths.debugLog('Uploading:', packagePaths.join(`\n${npmPaths.getLogSymbols().info} Uploading: `));
+  const {
+    length: packagePathsCount
+  } = packagePaths;
+  if (packagePathsCount && npmPaths.isDebug()) {
+    for (const pkgPath of packagePaths) {
+      npmPaths.debugLog(`Uploading: ${pkgPath}`);
+    }
+  }
   if (dryRun) {
     npmPaths.debugLog('[dryRun] Skipped actual upload');
     return undefined;
-  } else {
-    const socketSdk = await index.setupSdk();
-    const spinner$1 = new spinner.Spinner({
-      text: `Creating report with ${packagePaths.length} package files`
-    }).start();
-    const apiCall = socketSdk.createReportFromFilePaths(packagePaths, cwd, socketConfig?.issueRules);
-    const result = await handleApiCall(apiCall, 'creating report');
-    if (!result.success) {
-      handleUnsuccessfulApiResponse('createReport', result, spinner$1);
-      return undefined;
-    }
-    spinner$1.success();
-    return result;
   }
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start(`Creating report with ${packagePathsCount} package ${words.pluralize('file', packagePathsCount)}`);
+  const apiCall = socketSdk.createReportFromFilePaths(packagePaths, cwd, socketConfig?.issueRules);
+  const result = await handleApiCall(apiCall, 'creating report');
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('createReport', result, spinner$1);
+    return undefined;
+  }
+  spinner$1.successAndStop();
+  return result;
 }
 
 async function getSocketConfig(absoluteConfigPath) {
@@ -5267,10 +5267,9 @@ async function getSocketConfig(absoluteConfigPath) {
 const MAX_TIMEOUT_RETRY = 5;
 const HTTP_CODE_TIMEOUT = 524;
 async function fetchReportData(reportId, includeAllIssues, strict) {
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start(`Fetching report with ID ${reportId} (this could take a while)`);
   const socketSdk = await index.setupSdk();
-  const spinner$1 = new spinner.Spinner({
-    text: `Fetching report with ID ${reportId} (this could take a while)`
-  }).start();
   let result;
   for (let retry = 1; !result; ++retry) {
     try {
@@ -5278,6 +5277,7 @@ async function fetchReportData(reportId, includeAllIssues, strict) {
       result = await handleApiCall(socketSdk.getReport(reportId), 'fetching report');
     } catch (err) {
       if (retry >= MAX_TIMEOUT_RETRY || !(err instanceof Error) || err.cause?.cause?.response?.statusCode !== HTTP_CODE_TIMEOUT) {
+        spinner$1.stop();
         throw err;
       }
     }
@@ -5286,8 +5286,7 @@ async function fetchReportData(reportId, includeAllIssues, strict) {
     return handleUnsuccessfulApiResponse('getReport', result, spinner$1);
   }
 
-  // Conclude the status of the API call
-
+  // Conclude the status of the API call.
   if (strict) {
     if (result.data.healthy) {
       spinner$1.success('Report result is healthy and great!');
@@ -5301,6 +5300,7 @@ async function fetchReportData(reportId, includeAllIssues, strict) {
   } else {
     spinner$1.success('Report has no issues');
   }
+  spinner$1.stop();
   return result.data;
 }
 
@@ -5522,10 +5522,8 @@ async function createRepo({
   repoName,
   visibility
 }) {
-  const spinnerText = 'Creating repository... \n';
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Creating repository...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.createOrgRepo(orgSlug, {
     outputJson,
@@ -5538,7 +5536,7 @@ async function createRepo({
     visibility
   }), 'creating repository');
   if (result.success) {
-    spinner$1.success('Repository created successfully');
+    spinner$1.successAndStop('Repository created successfully');
   } else {
     handleUnsuccessfulApiResponse('createOrgRepo', result, spinner$1);
   }
@@ -5640,14 +5638,12 @@ async function run$b(argv, importMeta, {
 }
 
 async function deleteRepo(orgSlug, repoName, apiToken) {
-  const spinnerText = 'Deleting repository... \n';
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Deleting repository...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.deleteOrgRepo(orgSlug, repoName), 'deleting repository');
   if (result.success) {
-    spinner$1.success('Repository deleted successfully');
+    spinner$1.successAndStop('Repository deleted successfully');
   } else {
     handleUnsuccessfulApiResponse('deleteOrgRepo', result, spinner$1);
   }
@@ -5736,6 +5732,18 @@ async function listRepos({
     handleUnsuccessfulApiResponse('getOrgRepoList', result, spinner$1);
     return;
   }
+  spinner$1.stop();
+  if (outputJson) {
+    const data = result.data.results.map(o => ({
+      id: o.id,
+      name: o.name,
+      visibility: o.visibility,
+      defaultBranch: o.default_branch,
+      archived: o.archived
+    }));
+    console.log(JSON.stringify(data, null, 2));
+    return;
+  }
   const options = {
     columns: [{
       field: 'id',
@@ -5754,7 +5762,7 @@ async function listRepos({
       name: colors.magenta('Archived')
     }]
   };
-  spinner$1.stop(chalkTable(options, result.data.results));
+  console.log(chalkTable(options, result.data.results));
 }
 
 const config$9 = {
@@ -5870,7 +5878,7 @@ async function updateRepo({
     visibility
   }), 'updating repository');
   if (result.success) {
-    spinner$1.success('Repository updated successfully');
+    spinner$1.successAndStop('Repository updated successfully');
   } else {
     handleUnsuccessfulApiResponse('updateOrgRepo', result, spinner$1);
   }
@@ -6087,8 +6095,149 @@ const cmdRepos = {
   }
 };
 
+async function suggestOrgSlug(socketSdk) {
+  const result = await handleApiCall(socketSdk.getOrganizations(), 'looking up organizations');
+  // Ignore a failed request here. It was not the primary goal of
+  // running this command and reporting it only leads to end-user confusion.
+  if (result.success) {
+    const proceed = await prompts.select({
+      message: 'Missing org name; do you want to use any of these orgs for this scan?',
+      choices: Array.from(Object.values(result.data.organizations)).map(({
+        name: slug
+      }) => ({
+        name: 'Yes [' + slug + ']',
+        value: slug,
+        description: `Use "${slug}" as the organization`
+      })).concat({
+        name: 'No',
+        value: '',
+        description: 'Do not use any of these organizations (will end in a no-op)'
+      })
+    });
+    if (proceed) {
+      return proceed;
+    }
+  }
+}
+
+async function suggestRepoSlug(socketSdk, orgSlug) {
+  // Same as above, but if there's a repo with the same name as cwd then
+  // default the selection to that name.
+  const result = await handleApiCall(socketSdk.getOrgRepoList(orgSlug, {
+    orgSlug,
+    sort: 'name',
+    direction: 'asc',
+    // There's no guarantee that the cwd is part of this page. If it's not
+    // then do an additional request and specific search for it instead.
+    // This way we can offer the tip of "do you want to create [cwd]?".
+    perPage: 10,
+    page: 0
+  }), 'looking up known repos');
+  // Ignore a failed request here. It was not the primary goal of
+  // running this command and reporting it only leads to end-user confusion.
+  if (result.success) {
+    const currentDirName = dirNameToSlug(path.basename(process$1.cwd()));
+    let cwdIsKnown = !!currentDirName && result.data.results.some(obj => obj.slug === currentDirName);
+    if (!cwdIsKnown && currentDirName) {
+      // Do an explicit request so we can assert that the cwd exists or not
+      const result = await handleApiCall(socketSdk.getOrgRepo(orgSlug, currentDirName), 'checking if current cwd is a known repo');
+      if (result.success) {
+        cwdIsKnown = true;
+      }
+    }
+    const proceed = await prompts.select({
+      message: 'Missing repo name; do you want to use any of these known repo names for this scan?',
+      choices:
+      // Put the CWD suggestion at the top, whether it exists or not
+      (currentDirName ? [{
+        name: `Yes, current dir [${cwdIsKnown ? currentDirName : `create repo for ${currentDirName}`}]`,
+        value: currentDirName,
+        description: cwdIsKnown ? 'Register a new repo name under the given org and use it' : 'Use current dir as repo'
+      }] : []).concat(result.data.results.filter(({
+        slug
+      }) => !!slug && slug !== currentDirName).map(({
+        slug
+      }) => ({
+        name: 'Yes [' + slug + ']',
+        value: slug || '',
+        // Filtered above but TS is like nah.
+        description: `Use "${slug}" as the repo name`
+      })), {
+        name: 'No',
+        value: '',
+        description: 'Do not use any of these repos (will end in a no-op)'
+      })
+    });
+    if (proceed) {
+      const repoName = proceed;
+      let repoDefaultBranch = '';
+      // Store the default branch to help with the branch name question next
+      result.data.results.some(obj => {
+        if (obj.slug === proceed && obj.default_branch) {
+          repoDefaultBranch = obj.default_branch;
+          return;
+        }
+      });
+      return {
+        slug: repoName,
+        defaultBranch: repoDefaultBranch
+      };
+    }
+  }
+}
+function dirNameToSlug(name) {
+  // Uses slug specs asserted by our servers
+  // Note: this can lead to collisions; eg. slug for `x--y` and `x---y` is `x-y`
+  return name.toLowerCase().replace(/[^[a-zA-Z0-9_.-]/g, '_').replace(/--+/g, '-').replace(/__+/g, '_').replace(/\.\.+/g, '.').replace(/[._-]+$/, '');
+}
+
+async function suggestBranchSlug(repoDefaultBranch) {
+  const spawnResult = node_child_process.spawnSync('git', ['branch', '--show-current']);
+  const currentBranch = spawnResult.stdout.toString('utf8').trim();
+  if (currentBranch && spawnResult.status === 0) {
+    const proceed = await prompts.select({
+      message: 'Use the current git branch as target branch name?',
+      choices: [{
+        name: `Yes [${currentBranch}]`,
+        value: currentBranch,
+        description: 'Use the current git branch for branch name'
+      }, ...(repoDefaultBranch && repoDefaultBranch !== currentBranch ? [{
+        name: `No, use the default branch [${repoDefaultBranch}]`,
+        value: repoDefaultBranch,
+        description: 'Use the default branch for target repo as the target branch name'
+      }] : []), {
+        name: 'No',
+        value: '',
+        description: 'Do not use the current git branch as name (will end in a no-op)'
+      }].filter(Boolean)
+    });
+    if (proceed) {
+      return proceed;
+    }
+  }
+}
+
+async function suggestTarget() {
+  // We could prefill this with sub-dirs of the current
+  // dir ... but is that going to be useful?
+  const proceed = await prompts.select({
+    message: 'No TARGET given. Do you want to use the current directory?',
+    choices: [{
+      name: 'Yes',
+      value: true,
+      description: 'Target the current directory'
+    }, {
+      name: 'No',
+      value: false,
+      description: 'Do not use the current directory (this will end in a no-op)'
+    }]
+  });
+  if (proceed) {
+    return ['.'];
+  }
+}
+
 async function createFullScan({
-  apiToken,
   branchName,
   commitHash: _commitHash,
   commitMessage,
@@ -6096,17 +6245,100 @@ async function createFullScan({
   cwd,
   defaultBranch,
   orgSlug,
-  packagePaths,
   pendingHead,
   pullRequest: _pullRequest,
+  readOnly,
   repoName,
+  targets,
   tmp
 }) {
+  const socketSdk = await index.setupSdk();
+  const supportedFiles = await socketSdk.getReportSupportedFiles().then(res => {
+    if (!res.success) {
+      handleUnsuccessfulApiResponse('getReportSupportedFiles', res, new spinner.Spinner());
+      assert(false, 'handleUnsuccessfulApiResponse should unconditionally throw');
+    }
+    return res.data;
+  }).catch(cause => {
+    throw new Error('Failed getting supported files for report', {
+      cause
+    });
+  });
+
+  // If we updated any inputs then we should print the command line to repeat
+  // the command without requiring user input, as a suggestion.
+  let updatedInput = false;
+  if (!targets.length) {
+    const received = await suggestTarget();
+    targets = received ?? [];
+    updatedInput = true;
+  }
+  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, targets, supportedFiles);
+
+  // We're going to need an api token to suggest data because those suggestions
+  // must come from data we already know. Don't error on missing api token yet.
+  // If the api-token is not set, ignore it for the sake of suggestions.
+  const apiToken = index.getDefaultToken();
+  if (apiToken && !orgSlug) {
+    const suggestion = await suggestOrgSlug(socketSdk);
+    if (suggestion) orgSlug = suggestion;
+    updatedInput = true;
+  }
+
+  // If the current cwd is unknown and is used as a repo slug anyways, we will
+  // first need to register the slug before we can use it.
+  let repoDefaultBranch = '';
+
+  // (Don't bother asking for the rest if we didn't get an org slug above)
+  if (apiToken && orgSlug && !repoName) {
+    const suggestion = await suggestRepoSlug(socketSdk, orgSlug);
+    if (suggestion) {
+      ({
+        defaultBranch: repoDefaultBranch,
+        slug: repoName
+      } = suggestion);
+    }
+    updatedInput = true;
+  }
+
+  // (Don't bother asking for the rest if we didn't get an org/repo above)
+  if (apiToken && orgSlug && repoName && !branchName) {
+    const suggestion = await suggestBranchSlug(repoDefaultBranch);
+    if (suggestion) branchName = suggestion;
+    updatedInput = true;
+  }
+  if (!orgSlug || !repoName || !branchName || !packagePaths.length) {
+    // Use exit status of 2 to indicate incorrect usage, generally invalid
+    // options or missing arguments.
+    // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
+    process$1.exitCode = 2;
+    console.error(`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
+      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}\n
+      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}\n
+      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!packagePaths.length ? colors.red(targets.length > 0 ? '(TARGET' + (targets.length ? 's' : '') + ' contained no matching/supported files!)' : '(missing)') : colors.green('(ok)')}\n
+      ${!apiToken ? 'Note: was unable to make suggestions because no API Token was found; this would make command fail regardless\n' : ''}
+    `);
+    return;
+  }
+  if (updatedInput) {
+    console.log('Note: You can invoke this command next time to skip the interactive questions:');
+    console.log('```');
+    console.log(`    socket scan create [other flags...] --repo ${repoName} --branch ${branchName} ${orgSlug} ${targets.join(' ')}`);
+    console.log('```');
+  }
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  if (readOnly) {
+    console.log('[ReadOnly] Bailing now');
+    return;
+  }
   const spinnerText = 'Creating a scan... \n';
   const spinner$1 = new spinner.Spinner({
     text: spinnerText
   }).start();
-  const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.createOrgFullScan(orgSlug, {
     repo: repoName,
     branch: branchName,
@@ -6119,7 +6351,7 @@ async function createFullScan({
     handleUnsuccessfulApiResponse('CreateOrgFullScan', result, spinner$1);
     return;
   }
-  spinner$1.success('Scan created successfully');
+  spinner$1.successAndStop('Scan created successfully');
   const link = colors.underline(colors.cyan(`${result.data.html_report_url}`));
   console.log(`Available at: ${link}`);
   const rl = readline.createInterface({
@@ -6193,6 +6425,11 @@ const config$6 = {
       default: false,
       description: 'Set as pending head'
     },
+    readOnly: {
+      type: 'boolean',
+      default: false,
+      description: 'Similar to --dry-run except it can read from remote, stops before it would create an actual report'
+    },
     tmp: {
       type: 'boolean',
       shortFlag: 't',
@@ -6232,71 +6469,60 @@ async function run$6(argv, importMeta, {
   });
   const [orgSlug = '', ...targets] = cli.input;
   const cwd = cli.flags['cwd'] && cli.flags['cwd'] !== 'process.cwd()' ? String(cli.flags['cwd']) : process$1.cwd();
-
-  // Note exiting earlier to skirt a hidden auth requirement
-  if (cli.flags['dryRun']) {
-    return console.log('[DryRun] Bailing now');
-  }
-  const socketSdk = await index.setupSdk();
-  const supportedFiles = await socketSdk.getReportSupportedFiles().then(res => {
-    if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res, new spinner.Spinner());
-    // TODO: verify type at runtime? Consider it trusted data and assume type?
-    return res.data;
-  }).catch(cause => {
-    throw new Error('Failed getting supported files for report', {
-      cause
-    });
-  });
-  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, targets, supportedFiles);
-  const {
+  let {
     branch: branchName,
     repo: repoName
   } = cli.flags;
-  if (!orgSlug || !repoName || !branchName || !packagePaths.length) {
+  const apiToken = index.getDefaultToken();
+  if (!apiToken && (!orgSlug || !repoName || !branchName || !targets.length)) {
+    // Without api token we cannot recover because we can't request more info
+    // from the server, to match and help with the current cwd/git status.
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process$1.exitCode = 2;
-    console.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-    - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-    - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-    - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-    - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!packagePaths.length ? colors.red(targets.length > 0 ? '(TARGET' + (targets.length ? 's' : '') + ' contained no matching/supported files!)' : '(missing)') : colors.green('(ok)')}\n`);
+    console.error(`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
+      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}\n
+      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}\n
+      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!targets.length ? '(missing)' : colors.green('(ok)')}\n
+      (Additionally, no API Token was set so we cannot auto-discover these details)\n
+    `);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+
+  // Note exiting earlier to skirt a hidden auth requirement
+  if (cli.flags['dryRun']) {
+    return console.log('[DryRun] Bailing now');
   }
   await createFullScan({
-    apiToken,
-    orgSlug,
-    repoName: repoName,
     branchName: branchName,
+    commitHash: cli.flags['commitHash'] ?? '',
     commitMessage: cli.flags['commitMessage'] ?? '',
+    committers: cli.flags['committers'] ?? '',
+    cwd,
     defaultBranch: Boolean(cli.flags['defaultBranch']),
+    orgSlug,
     pendingHead: Boolean(cli.flags['pendingHead']),
-    tmp: Boolean(cli.flags['tmp']),
-    packagePaths,
-    cwd,
-    commitHash: cli.flags['commitHash'] ?? '',
-    committers: cli.flags['committers'] ?? '',
-    pullRequest: cli.flags['pullRequest'] ?? undefined
+    pullRequest: cli.flags['pullRequest'] ?? undefined,
+    readOnly: Boolean(cli.flags['readOnly']),
+    repoName: repoName,
+    targets,
+    tmp: Boolean(cli.flags['tmp'])
   });
 }
 
 async function deleteOrgFullScan(orgSlug, fullScanId, apiToken) {
-  const spinnerText = 'Deleting scan...';
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Deleting scan...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.deleteOrgFullScan(orgSlug, fullScanId), 'Deleting scan');
-  if (result.success) {
-    spinner$1.success('Scan deleted successfully');
-  } else {
+  if (!result.success) {
     handleUnsuccessfulApiResponse('deleteOrgFullScan', result, spinner$1);
+    return;
   }
+  spinner$1.successAndStop('Scan deleted successfully');
 }
 
 const config$5 = {
@@ -6355,10 +6581,8 @@ async function run$5(argv, importMeta, {
 
 // @ts-ignore
 async function listFullScans(orgSlug, input, apiToken) {
-  const spinnerText = 'Listing scans... \n';
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Listing scans...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, input), 'Listing scans');
   if (!result.success) {
@@ -6498,10 +6722,8 @@ async function run$4(argv, importMeta, {
 }
 
 async function getOrgScanMetadata(orgSlug, scanId, apiToken) {
-  const spinnerText = "Getting scan's metadata... \n";
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start("Getting scan's metadata...");
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrgFullScanMetadata(orgSlug, scanId), 'Listing scans');
   if (!result.success) {
@@ -6567,9 +6789,8 @@ async function run$3(argv, importMeta, {
 }
 
 async function getFullScan(orgSlug, fullScanId, file, apiToken) {
-  const spinner$1 = new spinner.Spinner({
-    text: 'Streaming scan...'
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Streaming scan...');
   const socketSdk = await index.setupSdk(apiToken);
   const data = await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file === '-' ? undefined : file), 'Streaming a scan');
   if (data?.success) {
@@ -6665,9 +6886,8 @@ async function getThreatFeed({
   page,
   perPage
 }) {
-  const spinner$1 = new spinner.Spinner({
-    text: 'Looking up the threat feed'
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Looking up the threat feed');
   const formattedQueryParams = formatQueryParams({
     per_page: perPage,
     page,
@@ -7067,12 +7287,12 @@ void (async () => {
     } else {
       errorTitle = 'Unexpected error with no details';
     }
-    console.error(`${npmPaths.getLogSymbols().error} ${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
+    logger.logger.error(`${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
     if (errorBody) {
       console.error(`\n${errorBody}`);
     }
     await index.captureException(e);
   }
 })();
-//# debugId=6ae4973b-7dc0-42eb-ab1d-dce9b6cbc7d0
+//# debugId=1f05a078-d76c-4ba8-95d6-c7edc11b71ec
 //# sourceMappingURL=cli.js.map