@socketsecurity/cli-with-sentry 0.14.52 → 0.14.55

package/dist/require/cli.js

@@ -27,6 +27,7 @@ var index = require('./index.js');
 var constants = require('./constants.js');
 var objects = require('@socketsecurity/registry/lib/objects');
 var regexps = require('@socketsecurity/registry/lib/regexps');
+var commonTags = _socketInterop(require('common-tags'));
 var fs$1 = require('node:fs/promises');
 var ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'));
 var contrib = _socketInterop(require('blessed-contrib'));
@@ -41,7 +42,7 @@ var packages = require('@socketsecurity/registry/lib/packages');
 var registryConstants = require('@socketsecurity/registry/lib/constants');
 var isInteractive = require('@socketregistry/is-interactive/index.cjs');
 var terminalLink = _socketInterop(require('terminal-link'));
-var spawn = _socketInterop(require('@npmcli/promise-spawn'));
+var spawn = require('@socketsecurity/registry/lib/spawn');
 var npa = _socketInterop(require('npm-package-arg'));
 var semver = _socketInterop(require('semver'));
 var tinyglobby = _socketInterop(require('tinyglobby'));
@@ -53,13 +54,11 @@ var sorts = require('@socketsecurity/registry/lib/sorts');
 var strings = require('@socketsecurity/registry/lib/strings');
 var yaml = _socketInterop(require('yaml'));
 var debug = require('@socketsecurity/registry/lib/debug');
-var npm$1 = require('./npm.js');
 var npmPaths = require('./npm-paths.js');
 var betterAjvErrors = _socketInterop(require('@apideck/better-ajv-errors'));
 var config$A = require('@socketsecurity/config');
 var assert = require('node:assert');
 var readline = require('node:readline/promises');
-var childProcess = require('node:child_process');
 var TableWidget = _socketInterop(require('blessed-contrib/lib/widget/table'));
 var readline$1 = require('node:readline');
 
@@ -1517,7 +1516,7 @@ function meowOrExit({
 }
 function getAsciiHeader(command) {
   const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['SOCKET_CLI_VERSION_HASH']".
-  "0.14.52:709a145:a30d9dfd:pub";
+  "0.14.55:51de259:b691b88f:pub";
   const nodeVersion = process.version;
   const apiToken = index.getSetting('apiToken');
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
@@ -1591,15 +1590,87 @@ async function run$z(argv, importMeta, {
   await runAction(githubEventBefore, githubEventAfter);
 }
 
+async function fetchOrgAnalyticsData(time, spinner, apiToken) {
+  const socketSdk = await index.setupSdk(apiToken);
+  const result = await handleApiCall(socketSdk.getOrgAnalytics(time.toString()), 'fetching analytics data');
+  if (result.success === false) {
+    handleUnsuccessfulApiResponse('getOrgAnalytics', result, spinner);
+    return undefined;
+  }
+  spinner.stop();
+  if (!result.data.length) {
+    logger.logger.log('No analytics data is available for this organization yet.');
+    return undefined;
+  }
+  return result.data;
+}
+
+async function fetchRepoAnalyticsData(repo, time, spinner, apiToken) {
+  const socketSdk = await index.setupSdk(apiToken);
+  const result = await handleApiCall(socketSdk.getRepoAnalytics(repo, time.toString()), 'fetching analytics data');
+  if (result.success === false) {
+    handleUnsuccessfulApiResponse('getRepoAnalytics', result, spinner);
+    return undefined;
+  }
+  spinner.stop();
+  if (!result.data.length) {
+    logger.logger.log('No analytics data is available for this organization yet.');
+    return undefined;
+  }
+  return result.data;
+}
+
+function mdTableStringNumber(title1, title2, obj) {
+  // | Date        | Counts |
+  // | ----------- | ------ |
+  // | Header      | 201464 |
+  // | Paragraph   |     18 |
+  let mw1 = title1.length;
+  let mw2 = title2.length;
+  for (const [key, value] of Object.entries(obj)) {
+    mw1 = Math.max(mw1, key.length);
+    mw2 = Math.max(mw2, String(value ?? '').length);
+  }
+  const lines = [];
+  lines.push(`| ${title1.padEnd(mw1, ' ')} | ${title2.padEnd(mw2)} |`);
+  lines.push(`| ${'-'.repeat(mw1)} | ${'-'.repeat(mw2)} |`);
+  for (const [key, value] of Object.entries(obj)) {
+    lines.push(`| ${key.padEnd(mw1, ' ')} | ${String(value ?? '').padStart(mw2, ' ')} |`);
+  }
+  lines.push(`| ${'-'.repeat(mw1)} | ${'-'.repeat(mw2)} |`);
+  return lines.join('\n');
+}
+
 // Note: Widgets does not seem to actually work as code :'(
 
+const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
+
 // Note: This maps `new Date(date).getMonth()` to English three letters
 const Months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'];
-const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
 async function displayAnalytics({
+  filePath,
+  outputKind,
+  repo,
+  scope,
+  time
+}) {
+  const apiToken = index.getDefaultToken();
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API token.');
+  }
+  await outputAnalyticsWithToken({
+    apiToken,
+    filePath,
+    outputKind,
+    repo,
+    scope,
+    time
+  });
+}
+async function outputAnalyticsWithToken({
   apiToken,
   filePath,
-  outputJson,
+  outputKind,
   repo,
   scope,
   time
@@ -1615,22 +1686,70 @@ async function displayAnalytics({
   } else if (repo) {
     data = await fetchRepoAnalyticsData(repo, time, spinner, apiToken);
   }
-  if (data) {
-    if (outputJson && !filePath) {
-      logger.logger.log(data);
-    } else if (filePath) {
+
+  // A message should already have been printed if we have no data here
+  if (!data) return;
+  if (outputKind === 'json') {
+    let serialized = renderJson(data);
+    if (!serialized) return;
+    if (filePath && filePath !== '-') {
       try {
-        await fs$1.writeFile(filePath, JSON.stringify(data), 'utf8');
+        await fs$1.writeFile(filePath, serialized, 'utf8');
         logger.logger.log(`Data successfully written to ${filePath}`);
       } catch (e) {
+        logger.logger.error('There was an error trying to write the json to disk');
         logger.logger.error(e);
+        process.exitCode = 1;
+      }
+    } else {
+      logger.logger.log(serialized);
+    }
+  } else {
+    const fdata = scope === 'org' ? formatDataOrg(data) : formatDataRepo(data);
+    if (outputKind === 'markdown') {
+      const serialized = renderMarkdown(fdata, time, repo);
+      if (filePath && filePath !== '-') {
+        try {
+          await fs$1.writeFile(filePath, serialized, 'utf8');
+          logger.logger.log(`Data successfully written to ${filePath}`);
+        } catch (e) {
+          logger.logger.error(e);
+        }
+      } else {
+        logger.logger.log(serialized);
       }
     } else {
-      const fdata = scope === 'org' ? formatData(data, 'org') : formatData(data, 'repo');
       displayAnalyticsScreen(fdata);
     }
   }
 }
+function renderJson(data) {
+  try {
+    return JSON.stringify(data, null, 2);
+  } catch (e) {
+    // This could be caused by circular references, which is an "us" problem
+    logger.logger.error('There was a problem converting the data set to JSON. Please try without --json or with --markdown');
+    process.exitCode = 1;
+    return;
+  }
+}
+function renderMarkdown(data, days, repoSlug) {
+  return commonTags.stripIndents`
+# Socket Alert Analytics
+
+These are the Socket.dev stats are analytics for the ${repoSlug ? `${repoSlug} repo` : 'org'} of the past ${days} days
+
+${[['Total critical alerts', mdTableStringNumber('Date', 'Counts', data['total_critical_alerts'])], ['Total high alerts', mdTableStringNumber('Date', 'Counts', data['total_high_alerts'])], ['Total critical alerts added to the main branch', mdTableStringNumber('Date', 'Counts', data['total_critical_added'])], ['Total high alerts added to the main branch', mdTableStringNumber('Date', 'Counts', data['total_high_added'])], ['Total critical alerts prevented from the main branch', mdTableStringNumber('Date', 'Counts', data['total_critical_prevented'])], ['Total high alerts prevented from the main branch', mdTableStringNumber('Date', 'Counts', data['total_high_prevented'])], ['Total medium alerts prevented from the main branch', mdTableStringNumber('Date', 'Counts', data['total_medium_prevented'])], ['Total low alerts prevented from the main branch', mdTableStringNumber('Date', 'Counts', data['total_low_prevented'])]].map(([title, table]) => commonTags.stripIndents`
+## ${title}
+
+${table}
+`).join('\n\n')}
+
+## Top 5 alert types
+
+${mdTableStringNumber('Name', 'Counts', data['top_five_alert_types'])}
+`;
+}
 function displayAnalyticsScreen(data) {
   const screen = new ScreenWidget({});
   const grid = new contrib.grid({
@@ -1663,91 +1782,69 @@ function displayAnalyticsScreen(data) {
   screen.render();
   screen.key(['escape', 'q', 'C-c'], () => process.exit(0));
 }
-async function fetchOrgAnalyticsData(time, spinner, apiToken) {
-  const socketSdk = await index.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getOrgAnalytics(time.toString()), 'fetching analytics data');
-  if (result.success === false) {
-    handleUnsuccessfulApiResponse('getOrgAnalytics', result, spinner);
-    return undefined;
+function formatDataRepo(data) {
+  const sortedTopFiveAlerts = {};
+  const totalTopAlerts = {};
+  const formattedData = {};
+  for (const metric of METRICS) {
+    formattedData[metric] = {};
   }
-  spinner.stop();
-  if (!result.data.length) {
-    logger.logger.log('No analytics data is available for this organization yet.');
-    return undefined;
+  for (const entry of data) {
+    const topFiveAlertTypes = entry['top_five_alert_types'];
+    for (const type of Object.keys(topFiveAlertTypes)) {
+      const count = topFiveAlertTypes[type] ?? 0;
+      if (!totalTopAlerts[type]) {
+        totalTopAlerts[type] = count;
+      } else if (count > (totalTopAlerts[type] ?? 0)) {
+        totalTopAlerts[type] = count;
+      }
+    }
   }
-  return result.data;
-}
-async function fetchRepoAnalyticsData(repo, time, spinner, apiToken) {
-  const socketSdk = await index.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getRepoAnalytics(repo, time.toString()), 'fetching analytics data');
-  if (result.success === false) {
-    handleUnsuccessfulApiResponse('getRepoAnalytics', result, spinner);
-    return undefined;
+  for (const entry of data) {
+    for (const metric of METRICS) {
+      formattedData[metric][formatDate(entry['created_at'])] = entry[metric];
+    }
   }
-  spinner.stop();
-  if (!result.data.length) {
-    logger.logger.log('No analytics data is available for this organization yet.');
-    return undefined;
+  const topFiveAlertEntries = Object.entries(totalTopAlerts).sort(([_keya, a], [_keyb, b]) => b - a).slice(0, 5);
+  for (const [key, value] of topFiveAlertEntries) {
+    sortedTopFiveAlerts[key] = value;
   }
-  return result.data;
+  return {
+    ...formattedData,
+    top_five_alert_types: sortedTopFiveAlerts
+  };
 }
-function formatData(data, scope) {
-  const formattedData = {};
+function formatDataOrg(data) {
   const sortedTopFiveAlerts = {};
   const totalTopAlerts = {};
+  const formattedData = {};
   for (const metric of METRICS) {
     formattedData[metric] = {};
   }
-  if (scope === 'org') {
-    for (const entry of data) {
-      const topFiveAlertTypes = entry['top_five_alert_types'];
-      for (const type of Object.keys(topFiveAlertTypes)) {
-        const count = topFiveAlertTypes[type] ?? 0;
-        if (!totalTopAlerts[type]) {
-          totalTopAlerts[type] = count;
-        } else {
-          totalTopAlerts[type] += count;
-        }
-      }
-    }
-    for (const metric of METRICS) {
-      const formatted = formattedData[metric];
-      for (const entry of data) {
-        const date = formatDate(entry['created_at']);
-        if (!formatted[date]) {
-          formatted[date] = entry[metric];
-        } else {
-          formatted[date] += entry[metric];
-        }
-      }
-    }
-  } else if (scope === 'repo') {
-    for (const entry of data) {
-      const topFiveAlertTypes = entry['top_five_alert_types'];
-      for (const type of Object.keys(topFiveAlertTypes)) {
-        const count = topFiveAlertTypes[type] ?? 0;
-        if (!totalTopAlerts[type]) {
-          totalTopAlerts[type] = count;
-        } else if (count > (totalTopAlerts[type] ?? 0)) {
-          totalTopAlerts[type] = count;
-        }
+  for (const entry of data) {
+    const topFiveAlertTypes = entry['top_five_alert_types'];
+    for (const type of Object.keys(topFiveAlertTypes)) {
+      const count = topFiveAlertTypes[type] ?? 0;
+      if (!totalTopAlerts[type]) {
+        totalTopAlerts[type] = count;
+      } else {
+        totalTopAlerts[type] += count;
       }
     }
+  }
+  for (const metric of METRICS) {
+    const formatted = formattedData[metric];
     for (const entry of data) {
-      for (const metric of METRICS) {
-        formattedData[metric][formatDate(entry['created_at'])] = entry[metric];
+      const date = formatDate(entry['created_at']);
+      if (!formatted[date]) {
+        formatted[date] = entry[metric];
+      } else {
+        formatted[date] += entry[metric];
       }
     }
   }
-  const topFiveAlertEntries = Object.entries(totalTopAlerts).sort(({
-    1: a
-  }, {
-    1: b
-  }) => b - a).slice(0, 5);
-  for (const {
-    0: key,
-    1: value
-  } of topFiveAlertEntries) {
+  const topFiveAlertEntries = Object.entries(totalTopAlerts).sort(([_keya, a], [_keyb, b]) => b - a).slice(0, 5);
+  for (const [key, value] of topFiveAlertEntries) {
     sortedTopFiveAlerts[key] = value;
   }
   return {
@@ -1792,6 +1889,18 @@ const config$y = {
   flags: {
     ...commonFlags,
     ...outputFlags,
+    file: {
+      type: 'string',
+      shortFlag: 'f',
+      default: '-',
+      description: 'Path to a local file to save the output. Only valid with --json/--markdown. Defaults to stdout.'
+    },
+    repo: {
+      type: 'string',
+      shortFlag: 'r',
+      default: '',
+      description: 'Name of the repository. Only valid when scope=repo'
+    },
     scope: {
       type: 'string',
       shortFlag: 's',
@@ -1803,18 +1912,6 @@ const config$y = {
       shortFlag: 't',
       default: 7,
       description: 'Time filter - either 7, 30 or 90, default: 7'
-    },
-    repo: {
-      type: 'string',
-      shortFlag: 'r',
-      default: '',
-      description: 'Name of the repository'
-    },
-    file: {
-      type: 'string',
-      shortFlag: 'f',
-      default: '',
-      description: 'Path to a local file to save the output'
     }
   },
   help: (command, {
@@ -1850,6 +1947,9 @@ async function run$y(argv, importMeta, {
     parentName
   });
   const {
+    file,
+    json,
+    markdown,
     repo,
     scope,
     time
@@ -1857,66 +1957,154 @@ async function run$y(argv, importMeta, {
   const badScope = scope !== 'org' && scope !== 'repo';
   const badTime = time !== 7 && time !== 30 && time !== 90;
   const badRepo = scope === 'repo' && !repo;
-  if (badScope || badTime || badRepo) {
+  const badFile = file !== '-' && !json && !markdown;
+  const badFlags = json && markdown;
+  if (badScope || badTime || badRepo || badFile || badFlags) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Scope must be "repo" or "org" ${badScope ? colors.red('(bad!)') : colors.green('(ok)')}\n
-      - The time filter must either be 7, 30 or 90 ${badTime ? colors.red('(bad!)') : colors.green('(ok)')}\n
-      - Repository name using --repo when scope is "repo" ${badRepo ? colors.red('(bad!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Scope must be "repo" or "org" ${badScope ? colors.red('(bad!)') : colors.green('(ok)')}
+
+      - The time filter must either be 7, 30 or 90 ${badTime ? colors.red('(bad!)') : colors.green('(ok)')}
+
+      ${scope === 'repo' ? `- Repository name using --repo when scope is "repo" ${badRepo ? colors.red('(bad!)') : colors.green('(ok)')}` : ''}
+
+      ${badFlags ? `- The \`--json\` and \`--markdown\` flags can not be used at the same time ${badFlags ? colors.red('(bad!)') : colors.green('(ok)')}` : ''}
+
+      ${badFile ? `- The \`--file\` flag is only valid when using \`--json\` or \`--markdown\` ${badFile ? colors.red('(bad!)') : colors.green('(ok)')}` : ''}
+    `.split('\n').filter(s => !!s.trim()).join('\n'));
     return;
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$x);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API token.');
-  }
   return await displayAnalytics({
-    apiToken,
     scope,
     time,
     repo: String(repo || ''),
-    outputJson: Boolean(cli.flags['json']),
-    filePath: String(cli.flags['file'] || '')
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
+    filePath: String(file || '')
   });
 }
 
 async function getAuditLog({
-  apiToken,
+  logType,
   orgSlug,
-  outputJson,
-  outputMarkdown,
+  outputKind,
   page,
-  perPage,
-  type
+  perPage
 }) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  spinner.start(`Looking up audit log for ${orgSlug}`);
-  const socketSdk = await index.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, {
-    outputJson,
-    outputMarkdown,
+  const apiToken = index.getDefaultToken();
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  const auditLogs = await getAuditLogWithToken({
+    apiToken,
     orgSlug,
-    type,
+    outputKind,
     page,
-    per_page: perPage
-  }), `Looking up audit log for ${orgSlug}\n`);
-  if (!result.success) {
-    handleUnsuccessfulApiResponse('getAuditLogEvents', result, spinner);
+    perPage,
+    logType
+  });
+  if (!auditLogs) return;
+  if (outputKind === 'json') await outputAsJson(auditLogs.results, orgSlug, logType, page, perPage);else if (outputKind === 'markdown') await outputAsMarkdown(auditLogs.results, orgSlug, logType, page, perPage);else await outputAsPrint(auditLogs.results, orgSlug, logType);
+}
+async function outputAsJson(auditLogs, orgSlug, logType, page, perPage) {
+  let json;
+  try {
+    json = JSON.stringify({
+      desc: 'Audit logs for given query',
+      generated: new Date().toISOString(),
+      org: orgSlug,
+      logType,
+      page,
+      perPage,
+      logs: auditLogs.map(log => {
+        // Note: The subset is pretty arbitrary
+        const {
+          created_at,
+          event_id,
+          ip_address,
+          type,
+          user_agent,
+          user_email
+        } = log;
+        return {
+          event_id,
+          created_at,
+          ip_address,
+          type,
+          user_agent,
+          user_email
+        };
+      })
+    }, null, 2);
+  } catch (e) {
+    logger.logger.error('There was a problem converting the logs to JSON, please try without the `--json` flag');
+    process.exitCode = 1;
     return;
   }
-  spinner.stop();
+  logger.logger.log(json);
+}
+async function outputAsMarkdown(auditLogs, orgSlug, logType, page, perPage) {
+  try {
+    const table = mdTable(auditLogs, ['event_id', 'created_at', 'type', 'user_email', 'ip_address', 'user_agent']);
+    logger.logger.log(commonTags.stripIndents`
+# Socket Audit Logs
+
+These are the Socket.dev audit logs as per requested query.
+- org: ${orgSlug}
+- type filter: ${logType || '(none)'}
+- page: ${page}
+- per page: ${perPage}
+- generated: ${new Date().toISOString()}
+
+${table}
+`);
+  } catch (e) {
+    logger.logger.error('There was a problem converting the logs to JSON, please try without the `--json` flag');
+    logger.logger.error(e);
+    process.exitCode = 1;
+    return;
+  }
+}
+function mdTable(logs,
+// This is saying "an array of strings and the strings are a valid key of elements of T"
+// In turn, T is defined above as the audit log event type from our OpenAPI docs.
+cols) {
+  // Max col width required to fit all data in that column
+  const cws = cols.map(col => col.length);
+  for (const log of logs) {
+    for (let i = 0; i < cols.length; ++i) {
+      // @ts-ignore
+      const val = log[cols[i] ?? ''] ?? '';
+      cws[i] = Math.max(cws[i] ?? 0, String(val).length);
+    }
+  }
+  let div = '|';
+  for (const cw of cws) div += ' ' + '-'.repeat(cw) + ' |';
+  let header = '|';
+  for (let i = 0; i < cols.length; ++i) header += ' ' + String(cols[i]).padEnd(cws[i] ?? 0, ' ') + ' |';
+  let body = '';
+  for (const log of logs) {
+    body += '|';
+    for (let i = 0; i < cols.length; ++i) {
+      // @ts-ignore
+      const val = log[cols[i] ?? ''] ?? '';
+      body += ' ' + String(val).padEnd(cws[i] ?? 0, ' ') + ' |';
+    }
+    body += '\n';
+  }
+  return [div, header, div, body.trim(), div].filter(s => !!s.trim()).join('\n');
+}
+async function outputAsPrint(auditLogs, orgSlug, logType) {
   const data = [];
   const logDetails = {};
-  for (const d of result.data.results) {
+  for (const d of auditLogs) {
     const {
       created_at
     } = d;
@@ -1933,11 +2121,42 @@ async function getAuditLog({
     }
   }
   logger.logger.log(logDetails[await prompts.select({
-    message: type ? `\n Audit log for: ${orgSlug} with type: ${type}\n` : `\n Audit log for: ${orgSlug}\n`,
+    message: logType ? `\n Audit log for: ${orgSlug} with type: ${logType}\n` : `\n Audit log for: ${orgSlug}\n`,
     choices: data,
     pageSize: 30
   })]);
 }
+async function getAuditLogWithToken({
+  apiToken,
+  logType,
+  orgSlug,
+  outputKind,
+  page,
+  perPage
+}) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start(`Looking up audit log for ${orgSlug}`);
+  const socketSdk = await index.setupSdk(apiToken);
+  const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, {
+    outputJson: outputKind === 'json',
+    // I'm not sure this is used at all
+    outputMarkdown: outputKind === 'markdown',
+    // I'm not sure this is used at all
+    orgSlug,
+    type: logType,
+    page,
+    per_page: perPage
+  }), `Looking up audit log for ${orgSlug}\n`);
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('getAuditLogEvents', result, spinner);
+    return;
+  }
+  spinner.stop();
+  return result.data;
+}
 
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$w
@@ -1993,33 +2212,36 @@ async function run$x(argv, importMeta, {
     importMeta,
     parentName
   });
-  const type = String(cli.flags['type'] || '');
+  const {
+    json,
+    markdown,
+    page,
+    perPage,
+    type
+  } = cli.flags;
+  const logType = String(type || '');
   const [orgSlug = ''] = cli.input;
   if (!orgSlug) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-    - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+    `);
     return;
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$w);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
   await getAuditLog({
-    apiToken,
     orgSlug,
-    outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
-    page: Number(cli.flags['page'] || 0),
-    perPage: Number(cli.flags['perPage'] || 0),
-    type: type.charAt(0).toUpperCase() + type.slice(1)
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
+    page: Number(page || 0),
+    perPage: Number(perPage || 0),
+    logType: logType.charAt(0).toUpperCase() + logType.slice(1)
   });
 }
 
@@ -2206,8 +2428,11 @@ async function run$w(argv, importMeta, {
   //
   //
   // if (cli.input.length)
-  //   logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-  //     - Unexpected arguments\n
+  //   logger.error(
+  //     stripIndents`
+  //       ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+  //
+  //       - Unexpected arguments
   //   `)
   //   config.help(parentName, config)
   //   return
@@ -2938,8 +3163,6 @@ function applyLogin(apiToken, enforcedOrgs, apiBaseUrl, apiProxy) {
   index.updateSetting('apiProxy', apiProxy);
 }
 
-// TODO: this type should come from a general Socket REST API type doc
-
 const {
   SOCKET_PUBLIC_API_TOKEN
 } = constants;
@@ -3151,7 +3374,7 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     if (verbose) {
       spinner.log('[VERBOSE] Executing:', bin, commandArgs);
     }
-    const output = await spawn(bin, commandArgs, {
+    const output = await spawn.spawn(bin, commandArgs, {
       cwd: target || '.'
     });
     spinner.stop();
@@ -3322,9 +3545,11 @@ async function run$p(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - The DIR arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}\n
-      - Can only accept one DIR (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - The DIR arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}
+
+      - Can only accept one DIR (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}`);
     return;
   }
   let bin;
@@ -3385,7 +3610,7 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
     // we can upload them and predict them through the GitHub API. We could do a
     // .socket folder. We could do a socket.pom.gz with all the poms, although
     // I'd prefer something plain-text if it is to be committed.
-    const output = await spawn(bin, ['makePom'].concat(sbtOpts), {
+    const output = await spawn.spawn(bin, ['makePom'].concat(sbtOpts), {
       cwd: target || '.'
     });
     spinner.stop();
@@ -3556,9 +3781,11 @@ async function run$o(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - The DIR or FILE arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}\n
-      - Can only accept one DIR or FILE (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - The DIR or FILE arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}
+
+      - Can only accept one DIR or FILE (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}`);
     return;
   }
   let bin = 'sbt';
@@ -3814,9 +4041,11 @@ async function run$m(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - The DIR arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}\n
-      - Can only accept one DIR (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - The DIR arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}
+
+      - Can only accept one DIR (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}`);
     return;
   }
   let bin;
@@ -4064,7 +4293,7 @@ async function getAgentVersion(agentExecPath, cwd) {
   try {
     result = semver.coerce(
     // All package managers support the "--version" flag.
-    (await spawn(agentExecPath, ['--version'], {
+    (await spawn.spawn(agentExecPath, ['--version'], {
       cwd
     })).stdout) ?? undefined;
   } catch {}
@@ -4119,7 +4348,7 @@ const readLockFileByAgent = (() => {
         // To print a Yarn lockfile to your console without writing it to disk
         // use `bun bun.lockb`.
         // https://bun.sh/guides/install/yarnlock
-        return (await spawn(agentExecPath, [lockPath])).stdout.trim();
+        return (await spawn.spawn(agentExecPath, [lockPath])).stdout.trim();
       }
       return undefined;
     }),
@@ -4518,7 +4747,7 @@ function parseableToQueryStdout(stdout) {
 async function npmQuery(npmExecPath, cwd) {
   let stdout = '';
   try {
-    stdout = (await spawn(npmExecPath, ['query', ':not(.dev)'], {
+    stdout = (await spawn.spawn(npmExecPath, ['query', ':not(.dev)'], {
       cwd
     })).stdout;
   } catch {}
@@ -4528,7 +4757,7 @@ async function lsBun(agentExecPath, cwd) {
   try {
     // Bun does not support filtering by production packages yet.
     // https://github.com/oven-sh/bun/issues/8283
-    return (await spawn(agentExecPath, ['pm', 'ls', '--all'], {
+    return (await spawn.spawn(agentExecPath, ['pm', 'ls', '--all'], {
       cwd
     })).stdout;
   } catch {}
@@ -4547,7 +4776,7 @@ async function lsPnpm(agentExecPath, cwd, options) {
   }
   let stdout = '';
   try {
-    stdout = (await spawn(agentExecPath, ['ls', '--parseable', '--prod', '--depth', 'Infinity'], {
+    stdout = (await spawn.spawn(agentExecPath, ['ls', '--parseable', '--prod', '--depth', 'Infinity'], {
       cwd
     })).stdout;
   } catch {}
@@ -4556,7 +4785,7 @@ async function lsPnpm(agentExecPath, cwd, options) {
 async function lsVlt(agentExecPath, cwd) {
   let stdout = '';
   try {
-    stdout = (await spawn(agentExecPath, ['ls', '--view', 'human', ':not(.dev)'], {
+    stdout = (await spawn.spawn(agentExecPath, ['ls', '--view', 'human', ':not(.dev)'], {
       cwd
     })).stdout;
   } catch {}
@@ -4567,7 +4796,7 @@ async function lsYarnBerry(agentExecPath, cwd) {
     return (
       // Yarn Berry does not support filtering by production packages yet.
       // https://github.com/yarnpkg/berry/issues/5117
-      (await spawn(agentExecPath, ['info', '--recursive', '--name-only'], {
+      (await spawn.spawn(agentExecPath, ['info', '--recursive', '--name-only'], {
         cwd
       })).stdout.trim()
     );
@@ -4580,7 +4809,7 @@ async function lsYarnClassic(agentExecPath, cwd) {
     // https://github.com/yarnpkg/yarn/releases/tag/v1.0.0
     // > Fix: Excludes dev dependencies from the yarn list output when the
     //   environment is production
-    return (await spawn(agentExecPath, ['list', '--prod'], {
+    return (await spawn.spawn(agentExecPath, ['list', '--prod'], {
       cwd
     })).stdout.trim();
   } catch {}
@@ -4705,14 +4934,73 @@ function pnpmUpdatePkgJson(editablePkgJson, overrides) {
 }
 const updateManifestByAgent = new Map([[BUN, updateResolutions], [NPM$4, updateOverrides], [PNPM$1, pnpmUpdatePkgJson], [VLT, updateOverrides], [YARN_BERRY, updateResolutions], [YARN_CLASSIC$1, updateResolutions]]);
 
+const {
+  SOCKET_IPC_HANDSHAKE
+} = constants;
+function safeNpmInstall(options) {
+  const {
+    args = [],
+    ipc,
+    spinner,
+    ...spawnOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const terminatorPos = args.indexOf('--');
+  const npmArgs = (terminatorPos === -1 ? args : args.slice(0, terminatorPos)).filter(a => !npm.isAuditFlag(a) && !npm.isFundFlag(a) && !npm.isProgressFlag(a));
+  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos);
+  const useIpc = objects.isObject(ipc);
+  const useDebug = debug.isDebug();
+  const isSilent = !useDebug && !npmArgs.some(npm.isLoglevelFlag);
+  const spawnPromise = spawn.spawn(
+  // Lazily access constants.execPath.
+  constants.execPath, [
+  // Lazily access constants.nodeNoWarningsFlags.
+  ...constants.nodeNoWarningsFlags, '--require',
+  // Lazily access constants.npmInjectionPath.
+  constants.npmInjectionPath, npmPaths.getNpmBinPath(), 'install',
+  // Even though the '--silent' flag is passed npm will still run through
+  // code paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund'
+  // flags are passed.
+  '--no-audit', '--no-fund',
+  // Add `--no-progress` and `--silent` flags to fix input being swallowed
+  // by the spinner when running the command with recent versions of npm.
+  '--no-progress',
+  // Add the '--silent' flag if a loglevel flag is not provided and the
+  // SOCKET_CLI_DEBUG environment variable is not truthy.
+  ...(isSilent ? ['--silent'] : []), ...npmArgs, ...otherArgs], {
+    spinner,
+    // Set stdio to include 'ipc'.
+    // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
+    // and https://github.com/nodejs/node/blob/v23.6.0/lib/internal/child_process.js#L238.
+    stdio: isSilent ?
+    // 'ignore'
+    useIpc ? ['ignore', 'ignore', 'ignore', 'ipc'] : 'ignore' :
+    // 'inherit'
+    useIpc ? [0, 1, 2, 'ipc'] : 'inherit',
+    ...spawnOptions,
+    env: {
+      ...process$1.env,
+      ...spawnOptions.env
+    }
+  });
+  if (useIpc) {
+    spawnPromise.process.send({
+      [SOCKET_IPC_HANDSHAKE]: ipc
+    });
+  }
+  return spawnPromise;
+}
+
 const {
   NPM: NPM$3,
-  abortSignal: abortSignal$2
+  abortSignal
 } = constants;
 function runAgentInstall(agent, agentExecPath, options) {
   // All package managers support the "install" command.
   if (agent === NPM$3) {
-    return npm$1.safeNpmInstall(options);
+    return safeNpmInstall(options);
   }
   const {
     args = [],
@@ -4723,12 +5011,9 @@ function runAgentInstall(agent, agentExecPath, options) {
     ...options
   };
   const isSilent = !debug.isDebug();
-  const isSpinning = spinner?.isSpinning ?? false;
-  if (!isSilent) {
-    spinner?.stop();
-  }
-  let spawnPromise = spawn(agentExecPath, ['install', ...args], {
-    signal: abortSignal$2,
+  return spawn.spawn(agentExecPath, ['install', ...args], {
+    signal: abortSignal,
+    spinner,
     stdio: isSilent ? 'ignore' : 'inherit',
     ...spawnOptions,
     env: {
@@ -4736,22 +5021,12 @@ function runAgentInstall(agent, agentExecPath, options) {
       ...spawnOptions.env
     }
   });
-  if (!isSilent && isSpinning) {
-    const oldSpawnPromise = spawnPromise;
-    spawnPromise = spawnPromise.finally(() => {
-      spinner?.start();
-    });
-    spawnPromise.process = oldSpawnPromise.process;
-    spawnPromise.stdin = spawnPromise.stdin;
-  }
-  return spawnPromise;
 }
 
 const {
   NPM: NPM$2
 } = constants;
 const COMMAND_TITLE$1 = 'Socket Optimize';
-const NPM_OVERRIDE_PR_URL = 'https://github.com/npm/cli/pull/8089';
 async function updatePackageLockJson(pkgEnvDetails, options) {
   const {
     logger,
@@ -4767,7 +5042,7 @@ async function updatePackageLockJson(pkgEnvDetails, options) {
     });
     spinner?.stop();
     if (pkgEnvDetails.agent === NPM$2) {
-      logger?.log(`💡 Re-run ${COMMAND_TITLE$1} whenever ${pkgEnvDetails.lockName} changes.\n   This can be skipped once npm ships ${NPM_OVERRIDE_PR_URL}.`);
+      logger?.log(`💡 Re-run ${COMMAND_TITLE$1} whenever ${pkgEnvDetails.lockName} changes.\n   This can be skipped once npm v11.2.0 is released.`);
     }
   } catch (e) {
     spinner?.stop();
@@ -5168,9 +5443,10 @@ async function run$g(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`
-      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - The json and markdown flags cannot be both set, pick one
+    logger.logger.error(commonTags.stripIndents`
+${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+  - The json and markdown flags cannot be both set, pick one
     `);
     return;
   }
@@ -5181,19 +5457,12 @@ async function run$g(argv, importMeta, {
   await getOrganization(json ? 'json' : markdown ? 'markdown' : 'text');
 }
 
-const {
-  abortSignal: abortSignal$1
-} = constants;
 async function runRawNpm(argv) {
-  const spawnPromise = spawn(npmPaths.getNpmBinPath(), argv.slice(0), {
-    signal: abortSignal$1,
+  const spawnPromise = spawn.spawn(npmPaths.getNpmBinPath(), argv, {
     stdio: 'inherit'
   });
   // See https://nodejs.org/api/all.html#all_child_process_event-exit.
   spawnPromise.process.on('exit', (code, signalName) => {
-    if (abortSignal$1.aborted) {
-      return;
-    }
     if (signalName) {
       process$1.kill(process$1.pid, signalName);
     } else if (code !== null) {
@@ -5245,19 +5514,12 @@ async function run$f(argv, importMeta, {
   await runRawNpm(argv);
 }
 
-const {
-  abortSignal
-} = constants;
 async function runRawNpx(argv) {
-  const spawnPromise = spawn(npmPaths.getNpxBinPath(), argv, {
-    signal: abortSignal,
+  const spawnPromise = spawn.spawn(npmPaths.getNpxBinPath(), argv, {
     stdio: 'inherit'
   });
   // See https://nodejs.org/api/all.html#all_child_process_event-exit.
   spawnPromise.process.on('exit', (code, signalName) => {
-    if (abortSignal.aborted) {
-      return;
-    }
     if (signalName) {
       process$1.kill(process$1.pid, signalName);
     } else if (code !== null) {
@@ -5422,11 +5684,12 @@ function formatReportDataOutput(reportId, data, commandName, outputJson, outputM
     logger.logger.log(JSON.stringify(data, undefined, 2));
   } else {
     const format = new index.ColorOrMarkdown(outputMarkdown);
-    logger.logger.log('\nDetailed info on socket.dev: ' + format.hyperlink(reportId, data.url, {
+    logger.logger.log(commonTags.stripIndents`
+      Detailed info on socket.dev: ${format.hyperlink(reportId, data.url, {
       fallbackToUrl: true
-    }));
+    })}`);
     if (!outputMarkdown) {
-      logger.logger.log(colors.dim(`\nOr rerun ${colors.italic(commandName)} using the ${colors.italic('--json')} flag to get full JSON output`));
+      logger.logger.log(colors.dim(`Or rerun ${colors.italic(commandName)} using the ${colors.italic('--json')} flag to get full JSON output`));
     }
   }
   if (strict && !data.healthy) {
@@ -5595,9 +5858,11 @@ async function run$c(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Need at least one report ID ${!reportId ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Can only handle a single report ID ${extraInput.length < 2 ? colors.red(`(received ${extraInput.length}!)`) : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Need at least one report ID ${!reportId ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Can only handle a single report ID ${extraInput.length < 2 ? colors.red(`(received ${extraInput.length}!)`) : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -5738,9 +6003,11 @@ async function run$b(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -5820,10 +6087,13 @@ async function run$a(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name as the second argument ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}\n
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name as the second argument ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}
+
+      - At least one TARGET (e.g. \`.\` or \`./package.json\``);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -5965,9 +6235,11 @@ async function run$9(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - At least one TARGET (e.g. \`.\` or \`./package.json\``);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -6097,10 +6369,13 @@ async function run$8(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}\n
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}
+
+      - At least one TARGET (e.g. \`.\` or \`./package.json\``);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -6207,9 +6482,13 @@ async function run$7(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}
+    `);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -6341,7 +6620,7 @@ function dirNameToSlug(name) {
 }
 
 async function suggestBranchSlug(repoDefaultBranch) {
-  const spawnResult = childProcess.spawnSync('git', ['branch', '--show-current']);
+  const spawnResult = spawn.spawnSync('git', ['branch', '--show-current']);
   const currentBranch = spawnResult.stdout.toString('utf8').trim();
   if (currentBranch && spawnResult.status === 0) {
     const proceed = await prompts.select({
@@ -6465,14 +6744,19 @@ async function createFullScan({
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process$1.exitCode = 2;
-    logger.logger.error(`
-      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!packagePaths.length ? colors.red(targets.length > 0 ? '(TARGET' + (targets.length ? 's' : '') + ' contained no matching/supported files!)' : '(missing)') : colors.green('(ok)')}\n
-      ${!apiToken ? 'Note: was unable to make suggestions because no API Token was found; this would make command fail regardless\n' : ''}
-    `);
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!packagePaths.length ? colors.red(targets.length > 0 ? '(TARGET' + (targets.length ? 's' : '') + ' contained no matching/supported files!)' : '(missing)') : colors.green('(ok)')}
+
+      ${!apiToken ? 'Note: was unable to make suggestions because no API Token was found; this would make command fail regardless' : ''}
+      `);
     return;
   }
   if (updatedInput) {
@@ -6634,13 +6918,18 @@ async function run$6(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process$1.exitCode = 2;
-    logger.logger.error(`
-      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!targets.length ? '(missing)' : colors.green('(ok)')}\n
-      (Additionally, no API Token was set so we cannot auto-discover these details)\n
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!targets.length ? '(missing)' : colors.green('(ok)')}
+
+      (Additionally, no API Token was set so we cannot auto-discover these details)
     `);
     return;
   }
@@ -6724,9 +7013,11 @@ async function run$5(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Full Scan ID to delete as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Full Scan ID to delete as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -6862,8 +7153,9 @@ async function run$4(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-    - Org name as the argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+    - Org name as the argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -6947,9 +7239,11 @@ async function run$3(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Full Scan ID to inspect as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Full Scan ID to inspect as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -7023,9 +7317,13 @@ async function run$2(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Full Scan ID to fetch as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Full Scan ID to fetch as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}
+    `);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -7224,7 +7522,7 @@ function addSocketWrapper(file) {
     }
     // TODO: pretty sure you need to source the file or restart
     //       any terminal session before changes are reflected.
-    logger.logger.log(`
+    logger.logger.log(commonTags.stripIndents`
 The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
 If you want to disable it at any time, run \`socket wrapper --disable\`
 `);
@@ -7377,8 +7675,11 @@ async function run(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required flags:\n
-      - Must use --enabled or --disabled\n`);
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required flags:
+
+      - Must use --enabled or --disabled
+    `);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -7487,5 +7788,5 @@ void (async () => {
     await index.captureException(e);
   }
 })();
-//# debugId=58e6ceed-07a5-4b32-b0e9-9fef0ceef6d7
+//# debugId=b11caea8-68eb-4110-977e-c8cc2d1f4464
 //# sourceMappingURL=cli.js.map