@socketsecurity/cli-with-sentry 0.14.53 → 0.14.56

package/dist/require/cli.js

@@ -27,16 +27,18 @@ var index = require('./index.js');
 var constants = require('./constants.js');
 var objects = require('@socketsecurity/registry/lib/objects');
 var regexps = require('@socketsecurity/registry/lib/regexps');
+var commonTags = _socketInterop(require('common-tags'));
 var fs$1 = require('node:fs/promises');
 var ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'));
 var contrib = _socketInterop(require('blessed-contrib'));
 var prompts = require('@socketsecurity/registry/lib/prompts');
 var yargsParse = _socketInterop(require('yargs-parser'));
 var words = require('@socketsecurity/registry/lib/words');
-var npm = require('@socketsecurity/registry/lib/npm');
+var shadowBin = require('./shadow-bin.js');
 var chalkTable = _socketInterop(require('chalk-table'));
 var require$$0$1 = require('node:util');
 var registry = require('@socketsecurity/registry');
+var npm = require('@socketsecurity/registry/lib/npm');
 var packages = require('@socketsecurity/registry/lib/packages');
 var registryConstants = require('@socketsecurity/registry/lib/constants');
 var isInteractive = require('@socketregistry/is-interactive/index.cjs');
@@ -1515,7 +1517,7 @@ function meowOrExit({
 }
 function getAsciiHeader(command) {
   const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['SOCKET_CLI_VERSION_HASH']".
-  "0.14.53:e7fcb39:b41fef49:pub";
+  "0.14.56:5a261bf:186ce7ee:pub";
   const nodeVersion = process.version;
   const apiToken = index.getSetting('apiToken');
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
@@ -1589,15 +1591,116 @@ async function run$z(argv, importMeta, {
   await runAction(githubEventBefore, githubEventAfter);
 }
 
+async function fetchOrgAnalyticsData(time, spinner, apiToken) {
+  const socketSdk = await index.setupSdk(apiToken);
+  const result = await handleApiCall(socketSdk.getOrgAnalytics(time.toString()), 'fetching analytics data');
+  if (result.success === false) {
+    handleUnsuccessfulApiResponse('getOrgAnalytics', result, spinner);
+    return undefined;
+  }
+  spinner.stop();
+  if (!result.data.length) {
+    logger.logger.log('No analytics data is available for this organization yet.');
+    return undefined;
+  }
+  return result.data;
+}
+
+async function fetchRepoAnalyticsData(repo, time, spinner, apiToken) {
+  const socketSdk = await index.setupSdk(apiToken);
+  const result = await handleApiCall(socketSdk.getRepoAnalytics(repo, time.toString()), 'fetching analytics data');
+  if (result.success === false) {
+    handleUnsuccessfulApiResponse('getRepoAnalytics', result, spinner);
+    return undefined;
+  }
+  spinner.stop();
+  if (!result.data.length) {
+    logger.logger.log('No analytics data is available for this organization yet.');
+    return undefined;
+  }
+  return result.data;
+}
+
+function mdTableStringNumber(title1, title2, obj) {
+  // | Date        | Counts |
+  // | ----------- | ------ |
+  // | Header      | 201464 |
+  // | Paragraph   |     18 |
+  let mw1 = title1.length;
+  let mw2 = title2.length;
+  for (const [key, value] of Object.entries(obj)) {
+    mw1 = Math.max(mw1, key.length);
+    mw2 = Math.max(mw2, String(value ?? '').length);
+  }
+  const lines = [];
+  lines.push(`| ${title1.padEnd(mw1, ' ')} | ${title2.padEnd(mw2)} |`);
+  lines.push(`| ${'-'.repeat(mw1)} | ${'-'.repeat(mw2)} |`);
+  for (const [key, value] of Object.entries(obj)) {
+    lines.push(`| ${key.padEnd(mw1, ' ')} | ${String(value ?? '').padStart(mw2, ' ')} |`);
+  }
+  lines.push(`| ${'-'.repeat(mw1)} | ${'-'.repeat(mw2)} |`);
+  return lines.join('\n');
+}
+function mdTable(logs,
+// This is saying "an array of strings and the strings are a valid key of elements of T"
+// In turn, T is defined above as the audit log event type from our OpenAPI docs.
+cols) {
+  // Max col width required to fit all data in that column
+  const cws = cols.map(col => col.length);
+  for (const log of logs) {
+    for (let i = 0; i < cols.length; ++i) {
+      // @ts-ignore
+      const val = log[cols[i] ?? ''] ?? '';
+      cws[i] = Math.max(cws[i] ?? 0, String(val).length);
+    }
+  }
+  let div = '|';
+  for (const cw of cws) div += ' ' + '-'.repeat(cw) + ' |';
+  let header = '|';
+  for (let i = 0; i < cols.length; ++i) header += ' ' + String(cols[i]).padEnd(cws[i] ?? 0, ' ') + ' |';
+  let body = '';
+  for (const log of logs) {
+    body += '|';
+    for (let i = 0; i < cols.length; ++i) {
+      // @ts-ignore
+      const val = log[cols[i] ?? ''] ?? '';
+      body += ' ' + String(val).padEnd(cws[i] ?? 0, ' ') + ' |';
+    }
+    body += '\n';
+  }
+  return [div, header, div, body.trim(), div].filter(s => !!s.trim()).join('\n');
+}
+
 // Note: Widgets does not seem to actually work as code :'(
 
+const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
+
 // Note: This maps `new Date(date).getMonth()` to English three letters
 const Months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'];
-const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
 async function displayAnalytics({
+  filePath,
+  outputKind,
+  repo,
+  scope,
+  time
+}) {
+  const apiToken = index.getDefaultToken();
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API token.');
+  }
+  await outputAnalyticsWithToken({
+    apiToken,
+    filePath,
+    outputKind,
+    repo,
+    scope,
+    time
+  });
+}
+async function outputAnalyticsWithToken({
   apiToken,
   filePath,
-  outputJson,
+  outputKind,
   repo,
   scope,
   time
@@ -1613,22 +1716,70 @@ async function displayAnalytics({
   } else if (repo) {
     data = await fetchRepoAnalyticsData(repo, time, spinner, apiToken);
   }
-  if (data) {
-    if (outputJson && !filePath) {
-      logger.logger.log(data);
-    } else if (filePath) {
+
+  // A message should already have been printed if we have no data here
+  if (!data) return;
+  if (outputKind === 'json') {
+    let serialized = renderJson(data);
+    if (!serialized) return;
+    if (filePath && filePath !== '-') {
       try {
-        await fs$1.writeFile(filePath, JSON.stringify(data), 'utf8');
+        await fs$1.writeFile(filePath, serialized, 'utf8');
         logger.logger.log(`Data successfully written to ${filePath}`);
       } catch (e) {
+        logger.logger.error('There was an error trying to write the json to disk');
         logger.logger.error(e);
+        process.exitCode = 1;
+      }
+    } else {
+      logger.logger.log(serialized);
+    }
+  } else {
+    const fdata = scope === 'org' ? formatDataOrg(data) : formatDataRepo(data);
+    if (outputKind === 'markdown') {
+      const serialized = renderMarkdown(fdata, time, repo);
+      if (filePath && filePath !== '-') {
+        try {
+          await fs$1.writeFile(filePath, serialized, 'utf8');
+          logger.logger.log(`Data successfully written to ${filePath}`);
+        } catch (e) {
+          logger.logger.error(e);
+        }
+      } else {
+        logger.logger.log(serialized);
       }
     } else {
-      const fdata = scope === 'org' ? formatData(data, 'org') : formatData(data, 'repo');
       displayAnalyticsScreen(fdata);
     }
   }
 }
+function renderJson(data) {
+  try {
+    return JSON.stringify(data, null, 2);
+  } catch (e) {
+    // This could be caused by circular references, which is an "us" problem
+    logger.logger.error('There was a problem converting the data set to JSON. Please try without --json or with --markdown');
+    process.exitCode = 1;
+    return;
+  }
+}
+function renderMarkdown(data, days, repoSlug) {
+  return commonTags.stripIndents`
+# Socket Alert Analytics
+
+These are the Socket.dev stats are analytics for the ${repoSlug ? `${repoSlug} repo` : 'org'} of the past ${days} days
+
+${[['Total critical alerts', mdTableStringNumber('Date', 'Counts', data['total_critical_alerts'])], ['Total high alerts', mdTableStringNumber('Date', 'Counts', data['total_high_alerts'])], ['Total critical alerts added to the main branch', mdTableStringNumber('Date', 'Counts', data['total_critical_added'])], ['Total high alerts added to the main branch', mdTableStringNumber('Date', 'Counts', data['total_high_added'])], ['Total critical alerts prevented from the main branch', mdTableStringNumber('Date', 'Counts', data['total_critical_prevented'])], ['Total high alerts prevented from the main branch', mdTableStringNumber('Date', 'Counts', data['total_high_prevented'])], ['Total medium alerts prevented from the main branch', mdTableStringNumber('Date', 'Counts', data['total_medium_prevented'])], ['Total low alerts prevented from the main branch', mdTableStringNumber('Date', 'Counts', data['total_low_prevented'])]].map(([title, table]) => commonTags.stripIndents`
+## ${title}
+
+${table}
+`).join('\n\n')}
+
+## Top 5 alert types
+
+${mdTableStringNumber('Name', 'Counts', data['top_five_alert_types'])}
+`;
+}
 function displayAnalyticsScreen(data) {
   const screen = new ScreenWidget({});
   const grid = new contrib.grid({
@@ -1661,91 +1812,69 @@ function displayAnalyticsScreen(data) {
   screen.render();
   screen.key(['escape', 'q', 'C-c'], () => process.exit(0));
 }
-async function fetchOrgAnalyticsData(time, spinner, apiToken) {
-  const socketSdk = await index.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getOrgAnalytics(time.toString()), 'fetching analytics data');
-  if (result.success === false) {
-    handleUnsuccessfulApiResponse('getOrgAnalytics', result, spinner);
-    return undefined;
+function formatDataRepo(data) {
+  const sortedTopFiveAlerts = {};
+  const totalTopAlerts = {};
+  const formattedData = {};
+  for (const metric of METRICS) {
+    formattedData[metric] = {};
   }
-  spinner.stop();
-  if (!result.data.length) {
-    logger.logger.log('No analytics data is available for this organization yet.');
-    return undefined;
+  for (const entry of data) {
+    const topFiveAlertTypes = entry['top_five_alert_types'];
+    for (const type of Object.keys(topFiveAlertTypes)) {
+      const count = topFiveAlertTypes[type] ?? 0;
+      if (!totalTopAlerts[type]) {
+        totalTopAlerts[type] = count;
+      } else if (count > (totalTopAlerts[type] ?? 0)) {
+        totalTopAlerts[type] = count;
+      }
+    }
   }
-  return result.data;
-}
-async function fetchRepoAnalyticsData(repo, time, spinner, apiToken) {
-  const socketSdk = await index.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getRepoAnalytics(repo, time.toString()), 'fetching analytics data');
-  if (result.success === false) {
-    handleUnsuccessfulApiResponse('getRepoAnalytics', result, spinner);
-    return undefined;
+  for (const entry of data) {
+    for (const metric of METRICS) {
+      formattedData[metric][formatDate(entry['created_at'])] = entry[metric];
+    }
   }
-  spinner.stop();
-  if (!result.data.length) {
-    logger.logger.log('No analytics data is available for this organization yet.');
-    return undefined;
+  const topFiveAlertEntries = Object.entries(totalTopAlerts).sort(([_keya, a], [_keyb, b]) => b - a).slice(0, 5);
+  for (const [key, value] of topFiveAlertEntries) {
+    sortedTopFiveAlerts[key] = value;
   }
-  return result.data;
+  return {
+    ...formattedData,
+    top_five_alert_types: sortedTopFiveAlerts
+  };
 }
-function formatData(data, scope) {
-  const formattedData = {};
+function formatDataOrg(data) {
   const sortedTopFiveAlerts = {};
   const totalTopAlerts = {};
+  const formattedData = {};
   for (const metric of METRICS) {
     formattedData[metric] = {};
   }
-  if (scope === 'org') {
-    for (const entry of data) {
-      const topFiveAlertTypes = entry['top_five_alert_types'];
-      for (const type of Object.keys(topFiveAlertTypes)) {
-        const count = topFiveAlertTypes[type] ?? 0;
-        if (!totalTopAlerts[type]) {
-          totalTopAlerts[type] = count;
-        } else {
-          totalTopAlerts[type] += count;
-        }
-      }
-    }
-    for (const metric of METRICS) {
-      const formatted = formattedData[metric];
-      for (const entry of data) {
-        const date = formatDate(entry['created_at']);
-        if (!formatted[date]) {
-          formatted[date] = entry[metric];
-        } else {
-          formatted[date] += entry[metric];
-        }
-      }
-    }
-  } else if (scope === 'repo') {
-    for (const entry of data) {
-      const topFiveAlertTypes = entry['top_five_alert_types'];
-      for (const type of Object.keys(topFiveAlertTypes)) {
-        const count = topFiveAlertTypes[type] ?? 0;
-        if (!totalTopAlerts[type]) {
-          totalTopAlerts[type] = count;
-        } else if (count > (totalTopAlerts[type] ?? 0)) {
-          totalTopAlerts[type] = count;
-        }
+  for (const entry of data) {
+    const topFiveAlertTypes = entry['top_five_alert_types'];
+    for (const type of Object.keys(topFiveAlertTypes)) {
+      const count = topFiveAlertTypes[type] ?? 0;
+      if (!totalTopAlerts[type]) {
+        totalTopAlerts[type] = count;
+      } else {
+        totalTopAlerts[type] += count;
       }
     }
+  }
+  for (const metric of METRICS) {
+    const formatted = formattedData[metric];
     for (const entry of data) {
-      for (const metric of METRICS) {
-        formattedData[metric][formatDate(entry['created_at'])] = entry[metric];
+      const date = formatDate(entry['created_at']);
+      if (!formatted[date]) {
+        formatted[date] = entry[metric];
+      } else {
+        formatted[date] += entry[metric];
       }
     }
   }
-  const topFiveAlertEntries = Object.entries(totalTopAlerts).sort(({
-    1: a
-  }, {
-    1: b
-  }) => b - a).slice(0, 5);
-  for (const {
-    0: key,
-    1: value
-  } of topFiveAlertEntries) {
+  const topFiveAlertEntries = Object.entries(totalTopAlerts).sort(([_keya, a], [_keyb, b]) => b - a).slice(0, 5);
+  for (const [key, value] of topFiveAlertEntries) {
     sortedTopFiveAlerts[key] = value;
   }
   return {
@@ -1790,6 +1919,18 @@ const config$y = {
   flags: {
     ...commonFlags,
     ...outputFlags,
+    file: {
+      type: 'string',
+      shortFlag: 'f',
+      default: '-',
+      description: 'Path to a local file to save the output. Only valid with --json/--markdown. Defaults to stdout.'
+    },
+    repo: {
+      type: 'string',
+      shortFlag: 'r',
+      default: '',
+      description: 'Name of the repository. Only valid when scope=repo'
+    },
     scope: {
       type: 'string',
       shortFlag: 's',
@@ -1801,18 +1942,6 @@ const config$y = {
       shortFlag: 't',
       default: 7,
       description: 'Time filter - either 7, 30 or 90, default: 7'
-    },
-    repo: {
-      type: 'string',
-      shortFlag: 'r',
-      default: '',
-      description: 'Name of the repository'
-    },
-    file: {
-      type: 'string',
-      shortFlag: 'f',
-      default: '',
-      description: 'Path to a local file to save the output'
     }
   },
   help: (command, {
@@ -1848,6 +1977,9 @@ async function run$y(argv, importMeta, {
     parentName
   });
   const {
+    file,
+    json,
+    markdown,
     repo,
     scope,
     time
@@ -1855,66 +1987,125 @@ async function run$y(argv, importMeta, {
   const badScope = scope !== 'org' && scope !== 'repo';
   const badTime = time !== 7 && time !== 30 && time !== 90;
   const badRepo = scope === 'repo' && !repo;
-  if (badScope || badTime || badRepo) {
+  const badFile = file !== '-' && !json && !markdown;
+  const badFlags = json && markdown;
+  if (badScope || badTime || badRepo || badFile || badFlags) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Scope must be "repo" or "org" ${badScope ? colors.red('(bad!)') : colors.green('(ok)')}\n
-      - The time filter must either be 7, 30 or 90 ${badTime ? colors.red('(bad!)') : colors.green('(ok)')}\n
-      - Repository name using --repo when scope is "repo" ${badRepo ? colors.red('(bad!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Scope must be "repo" or "org" ${badScope ? colors.red('(bad!)') : colors.green('(ok)')}
+
+      - The time filter must either be 7, 30 or 90 ${badTime ? colors.red('(bad!)') : colors.green('(ok)')}
+
+      ${scope === 'repo' ? `- Repository name using --repo when scope is "repo" ${badRepo ? colors.red('(bad!)') : colors.green('(ok)')}` : ''}
+
+      ${badFlags ? `- The \`--json\` and \`--markdown\` flags can not be used at the same time ${badFlags ? colors.red('(bad!)') : colors.green('(ok)')}` : ''}
+
+      ${badFile ? `- The \`--file\` flag is only valid when using \`--json\` or \`--markdown\` ${badFile ? colors.red('(bad!)') : colors.green('(ok)')}` : ''}
+    `.split('\n').filter(s => !!s.trim()).join('\n'));
     return;
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$x);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API token.');
-  }
   return await displayAnalytics({
-    apiToken,
     scope,
     time,
     repo: String(repo || ''),
-    outputJson: Boolean(cli.flags['json']),
-    filePath: String(cli.flags['file'] || '')
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
+    filePath: String(file || '')
   });
 }
 
 async function getAuditLog({
-  apiToken,
+  logType,
   orgSlug,
-  outputJson,
-  outputMarkdown,
+  outputKind,
   page,
-  perPage,
-  type
+  perPage
 }) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  spinner.start(`Looking up audit log for ${orgSlug}`);
-  const socketSdk = await index.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, {
-    outputJson,
-    outputMarkdown,
+  const apiToken = index.getDefaultToken();
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  const auditLogs = await getAuditLogWithToken({
+    apiToken,
     orgSlug,
-    type,
+    outputKind,
     page,
-    per_page: perPage
-  }), `Looking up audit log for ${orgSlug}\n`);
-  if (!result.success) {
-    handleUnsuccessfulApiResponse('getAuditLogEvents', result, spinner);
+    perPage,
+    logType
+  });
+  if (!auditLogs) return;
+  if (outputKind === 'json') await outputAsJson(auditLogs.results, orgSlug, logType, page, perPage);else if (outputKind === 'markdown') await outputAsMarkdown(auditLogs.results, orgSlug, logType, page, perPage);else await outputAsPrint(auditLogs.results, orgSlug, logType);
+}
+async function outputAsJson(auditLogs, orgSlug, logType, page, perPage) {
+  let json;
+  try {
+    json = JSON.stringify({
+      desc: 'Audit logs for given query',
+      generated: new Date().toISOString(),
+      org: orgSlug,
+      logType,
+      page,
+      perPage,
+      logs: auditLogs.map(log => {
+        // Note: The subset is pretty arbitrary
+        const {
+          created_at,
+          event_id,
+          ip_address,
+          type,
+          user_agent,
+          user_email
+        } = log;
+        return {
+          event_id,
+          created_at,
+          ip_address,
+          type,
+          user_agent,
+          user_email
+        };
+      })
+    }, null, 2);
+  } catch (e) {
+    logger.logger.error('There was a problem converting the logs to JSON, please try without the `--json` flag');
+    process.exitCode = 1;
     return;
   }
-  spinner.stop();
+  logger.logger.log(json);
+}
+async function outputAsMarkdown(auditLogs, orgSlug, logType, page, perPage) {
+  try {
+    const table = mdTable(auditLogs, ['event_id', 'created_at', 'type', 'user_email', 'ip_address', 'user_agent']);
+    logger.logger.log(commonTags.stripIndents`
+# Socket Audit Logs
+
+These are the Socket.dev audit logs as per requested query.
+- org: ${orgSlug}
+- type filter: ${logType || '(none)'}
+- page: ${page}
+- per page: ${perPage}
+- generated: ${new Date().toISOString()}
+
+${table}
+`);
+  } catch (e) {
+    logger.logger.error('There was a problem converting the logs to JSON, please try without the `--json` flag');
+    logger.logger.error(e);
+    process.exitCode = 1;
+    return;
+  }
+}
+async function outputAsPrint(auditLogs, orgSlug, logType) {
   const data = [];
   const logDetails = {};
-  for (const d of result.data.results) {
+  for (const d of auditLogs) {
     const {
       created_at
     } = d;
@@ -1931,11 +2122,42 @@ async function getAuditLog({
     }
   }
   logger.logger.log(logDetails[await prompts.select({
-    message: type ? `\n Audit log for: ${orgSlug} with type: ${type}\n` : `\n Audit log for: ${orgSlug}\n`,
+    message: logType ? `\n Audit log for: ${orgSlug} with type: ${logType}\n` : `\n Audit log for: ${orgSlug}\n`,
     choices: data,
     pageSize: 30
   })]);
 }
+async function getAuditLogWithToken({
+  apiToken,
+  logType,
+  orgSlug,
+  outputKind,
+  page,
+  perPage
+}) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start(`Looking up audit log for ${orgSlug}`);
+  const socketSdk = await index.setupSdk(apiToken);
+  const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, {
+    outputJson: outputKind === 'json',
+    // I'm not sure this is used at all
+    outputMarkdown: outputKind === 'markdown',
+    // I'm not sure this is used at all
+    orgSlug,
+    type: logType,
+    page,
+    per_page: perPage
+  }), `Looking up audit log for ${orgSlug}\n`);
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('getAuditLogEvents', result, spinner);
+    return;
+  }
+  spinner.stop();
+  return result.data;
+}
 
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$w
@@ -1991,48 +2213,43 @@ async function run$x(argv, importMeta, {
     importMeta,
     parentName
   });
-  const type = String(cli.flags['type'] || '');
+  const {
+    json,
+    markdown,
+    page,
+    perPage,
+    type
+  } = cli.flags;
+  const logType = String(type || '');
   const [orgSlug = ''] = cli.input;
   if (!orgSlug) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-    - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+    `);
     return;
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$w);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
   await getAuditLog({
-    apiToken,
     orgSlug,
-    outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
-    page: Number(cli.flags['page'] || 0),
-    perPage: Number(cli.flags['perPage'] || 0),
-    type: type.charAt(0).toUpperCase() + type.slice(1)
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
+    page: Number(page || 0),
+    perPage: Number(perPage || 0),
+    logType: logType.charAt(0).toUpperCase() + logType.slice(1)
   });
 }
 
-const {
-  SBOM_SIGN_ALGORITHM,
-  // Algorithm. Example: RS512
-  SBOM_SIGN_PRIVATE_KEY,
-  // Location to the RSA private key
-  SBOM_SIGN_PUBLIC_KEY // Optional. Location to the RSA public key
-} = process$1.env;
 const {
   NPM: NPM$e,
-  PNPM: PNPM$8,
-  cdxgenBinPath,
-  synpBinPath
+  NPX: NPX$3,
+  PNPM: PNPM$8
 } = constants;
 const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$e, PNPM$8, 'ts', 'tsx', 'typescript']);
 async function runCycloneDX(yargv) {
@@ -2044,21 +2261,13 @@ async function runCycloneDX(yargv) {
       // Use synp to create a package-lock.json from the yarn.lock,
       // based on the node_modules folder, for a more accurate SBOM.
       try {
-        await npm.runBin(await fs.promises.realpath(synpBinPath), ['--source-file', './yarn.lock']);
+        await shadowBin(NPX$3, ['synp@1.9.14', '--', '--source-file', './yarn.lock'], 2);
         yargv.type = NPM$e;
         cleanupPackageLock = true;
       } catch {}
     }
   }
-  await npm.runBin(await fs.promises.realpath(cdxgenBinPath), argvToArray(yargv), {
-    env: {
-      NODE_ENV: '',
-      SBOM_SIGN_ALGORITHM,
-      SBOM_SIGN_PRIVATE_KEY,
-      SBOM_SIGN_PUBLIC_KEY
-    },
-    stdio: 'inherit'
-  });
+  await shadowBin(NPX$3, ['@cyclonedx/cdxgen@11.2.0', '--', ...argvToArray(yargv)], 2);
   if (cleanupPackageLock) {
     try {
       await fs.promises.rm('./package-lock.json');
@@ -2204,8 +2413,11 @@ async function run$w(argv, importMeta, {
   //
   //
   // if (cli.input.length)
-  //   logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-  //     - Unexpected arguments\n
+  //   logger.error(
+  //     stripIndents`
+  //       ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+  //
+  //       - Unexpected arguments
   //   `)
   //   config.help(parentName, config)
   //   return
@@ -2267,6 +2479,7 @@ async function findDependencies({
     logger.logger.log(result.data);
     return;
   }
+  logger.logger.log('Request details: Offset:', offset, ', limit:', limit, ', is there more data after this?', result.data.end ? 'no' : 'yes');
   const options = {
     columns: [{
       field: 'namespace',
@@ -2358,43 +2571,95 @@ async function run$v(argv, importMeta, {
 async function getDiffScan({
   after,
   before,
+  depth,
   file,
   orgSlug,
   outputJson
-}, apiToken) {
+}) {
+  const apiToken = index.getDefaultToken();
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await getDiffScanWithToken({
+    after,
+    before,
+    depth,
+    file,
+    orgSlug,
+    outputJson,
+    apiToken
+  });
+}
+async function getDiffScanWithToken({
+  after,
+  apiToken,
+  before,
+  depth,
+  file,
+  orgSlug,
+  outputJson
+}) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
   spinner.start('Getting diff scan...');
-  const response = await queryAPI(`${orgSlug}/full-scans/diff?before=${before}&after=${after}&preview`, apiToken);
-  const data = await response.json();
+  const response = await queryAPI(`orgs/${orgSlug}/full-scans/diff?before=${encodeURIComponent(before)}&after=${encodeURIComponent(after)}`, apiToken);
   if (!response.ok) {
     const err = await handleAPIError(response.status);
     spinner.errorAndStop(`${colors.bgRed(colors.white(response.statusText))}: ${err}`);
     return;
   }
+  const result = await handleApiCall(await response.json(), 'Deserializing json');
   spinner.stop();
-  if (file && !outputJson) {
-    fs.writeFile(file, JSON.stringify(data), err => {
-      err ? logger.logger.error(err) : logger.logger.log(`Data successfully written to ${file}`);
-    });
-    return;
-  }
-  if (outputJson) {
-    logger.logger.log(`\n Diff scan result: \n`);
-    logger.logger.log(require$$0$1.inspect(data, {
-      showHidden: false,
-      depth: null,
-      colors: true
-    }));
-    logger.logger.log(`\n View this diff scan in the Socket dashboard: ${colors.cyan(data?.['diff_report_url'])}`);
+  const dashboardUrl = result?.['diff_report_url'];
+  const dashboardMessage = dashboardUrl ? `\n View this diff scan in the Socket dashboard: ${colors.cyan(dashboardUrl)}` : '';
+
+  // When forcing json, or dumping to file, serialize to string such that it
+  // won't get truncated. The only way to dump the full raw JSON to stdout is
+  // to use `--json --file -` (the dash is a standard notation for stdout)
+  if (outputJson || file) {
+    let json;
+    try {
+      json = JSON.stringify(result, null, 2);
+    } catch (e) {
+      // Most likely caused by a circular reference (or OOM)
+      logger.logger.error('There was a problem converting the data to JSON');
+      process.exitCode = 1;
+      return;
+    }
+    if (file && file !== '-') {
+      logger.logger.log(`Writing json to \`${file}\``);
+      fs.writeFile(file, JSON.stringify(result, null, 2), err => {
+        if (err) {
+          logger.logger.error(`Writing to \`${file}\` failed...`);
+          logger.logger.error(err);
+        } else {
+          logger.logger.log(`Data successfully written to \`${file}\``);
+        }
+        logger.logger.error(dashboardMessage);
+      });
+    } else {
+      // TODO: expose different method for writing to stderr when simply dodging stdout
+      logger.logger.error(`\n Diff scan result: \n`);
+      logger.logger.log(json);
+      logger.logger.error(dashboardMessage);
+    }
     return;
   }
+
+  // In this case neither the --json nor the --file flag was passed
+  // Dump the JSON to CLI and let NodeJS deal with truncation
+
   logger.logger.log('Diff scan result:');
-  logger.logger.log(data);
+  logger.logger.log(require$$0$1.inspect(result, {
+    showHidden: false,
+    depth: depth > 0 ? depth : null,
+    colors: true,
+    maxArrayLength: null
+  }));
   logger.logger.log(`\n 📝 To display the detailed report in the terminal, use the --json flag \n`);
-  logger.logger.log(`\n View this diff scan in the Socket dashboard: ${colors.cyan(data?.['diff_report_url'])}`);
+  logger.logger.log(dashboardMessage);
 }
 
 const {
@@ -2406,36 +2671,44 @@ const config$u = {
   hidden: false,
   flags: {
     ...commonFlags,
+    after: {
+      type: 'string',
+      shortFlag: 'a',
+      default: '',
+      description: 'The full scan ID of the head scan'
+    },
     before: {
       type: 'string',
       shortFlag: 'b',
       default: '',
       description: 'The full scan ID of the base scan'
     },
-    after: {
-      type: 'string',
-      shortFlag: 'a',
-      default: '',
-      description: 'The full scan ID of the head scan'
+    depth: {
+      type: 'number',
+      default: 2,
+      description: 'Max depth of JSON to display before truncating, use zero for no limit (without --json/--file)'
     },
-    preview: {
+    json: {
       type: 'boolean',
-      shortFlag: 'p',
-      default: true,
-      description: 'A boolean flag to persist or not the diff scan result'
+      shortFlag: 'j',
+      default: false,
+      description: 'Output result as json. This can be big. Use --file to store it to disk without truncation.'
     },
     file: {
       type: 'string',
       shortFlag: 'f',
       default: '',
-      description: 'Path to a local file where the output should be saved'
-    },
-    ...outputFlags
+      description: 'Path to a local file where the output should be saved. Use `-` to force stdout.'
+    }
   },
   help: (command, config) => `
     Usage
       $ ${command} <org slug> --before=<before> --after=<after>
 
+    This command displays the package changes between two scans. The full output
+    can be pretty large depending on the size of your repo and time range. It is
+    best stored to disk to be further analyzed by other tools.
+
     Options
       ${getFlagListOutput(config.flags, 6)}
 
@@ -2468,6 +2741,7 @@ async function run$u(argv, importMeta, {
     logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
       - Specify a before and after full scan ID ${!before && !after ? colors.red('(missing before and after!)') : !before ? colors.red('(missing before!)') : !after ? colors.red('(missing after!)') : colors.green('(ok)')}\n
           - To get full scans IDs, you can run the command "socket scan list <your org slug>".
+            The args are expecting a full \`aaa0aa0a-aaaa-0000-0a0a-0000000a00a0\` ID.\n
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
     return;
   }
@@ -2475,24 +2749,24 @@ async function run$u(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$t);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
   await getDiffScan({
     outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
     before,
     after,
-    preview: Boolean(cli.flags['preview']),
+    depth: Number(cli.flags['depth']),
     orgSlug,
     file: String(cli.flags['file'] || '')
-  }, apiToken);
+  });
 }
 
 const description$3 = 'Diff scans related commands';
 const cmdDiffScan = {
   description: description$3,
+  // Hidden because it was broken all this time (nobody could be using it)
+  // and we're not sure if it's useful to anyone in its current state.
+  // Until we do, we'll hide this to keep the help tidier.
+  // And later, we may simply move this under `scan`, anyways.
+  hidden: true,
   async run(argv, importMeta, {
     parentName
   }) {
@@ -2724,7 +2998,12 @@ function getSeverityCount(issues, lowestToInclude) {
   return severityCount;
 }
 
-async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues, spinner) {
+async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start(pkgVersion === 'latest' ? `Looking up data for the latest version of ${pkgName}` : `Looking up data for version ${pkgVersion} of ${pkgName}`);
   const socketSdk = await index.setupSdk(index.getPublicToken());
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package');
   const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score');
@@ -2735,6 +3014,7 @@ async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues, spinner)
     return handleUnsuccessfulApiResponse('getScoreByNPMPackage', scoreResult, spinner);
   }
   const severityCount = getSeverityCount(result.data, includeAllIssues ? undefined : 'high');
+  spinner?.successAndStop('Data fetched');
   return {
     data: result.data,
     severityCount,
@@ -2750,50 +3030,55 @@ function formatPackageInfo({
   score,
   severityCount
 }, {
-  name,
-  outputJson,
-  outputMarkdown,
+  name,
+  outputKind,
   pkgName,
-  pkgVersion,
-  strict
-}, spinner) {
-  if (outputJson) {
+  pkgVersion
+}) {
+  if (outputKind === 'json') {
     logger.logger.log(JSON.stringify(data, undefined, 2));
+    return;
+  }
+  if (outputKind === 'markdown') {
+    logger.logger.log(`\n# Package report for ${pkgName}\n`);
+    logger.logger.log('Package report card:\n');
   } else {
-    logger.logger.log('\nPackage report card:');
-    const scoreResult = {
-      'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
-      Maintenance: Math.floor(score.maintenance.score * 100),
-      Quality: Math.floor(score.quality.score * 100),
-      Vulnerabilities: Math.floor(score.vulnerability.score * 100),
-      License: Math.floor(score.license.score * 100)
-    };
-    Object.entries(scoreResult).map(score => logger.logger.log(`- ${score[0]}: ${formatScore(score[1])}`));
-    logger.logger.log('\n');
-    if (objectSome(severityCount)) {
-      spinner[strict ? 'error' : 'success'](`Package has these issues: ${formatSeverityCount(severityCount)}`);
-      formatPackageIssuesDetails(data, outputMarkdown);
-    } else {
-      spinner.successAndStop('Package has no issues');
-    }
-    const format = new index.ColorOrMarkdown(!!outputMarkdown);
-    const url = index.getSocketDevPackageOverviewUrl(NPM$c, pkgName, pkgVersion);
-    logger.logger.log('\n');
-    if (pkgVersion === 'latest') {
-      logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName}`, url, {
-        fallbackToUrl: true
-      })}`);
-    } else {
-      logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName} v${pkgVersion}`, url, {
-        fallbackToUrl: true
-      })}`);
-    }
-    if (!outputMarkdown) {
-      logger.logger.log(colors.dim(`\nOr rerun ${colors.italic(name)} using the ${colors.italic('--json')} flag to get full JSON output`));
-    }
+    logger.logger.log(`\nPackage report card for ${pkgName}:\n`);
+  }
+  const scoreResult = {
+    'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
+    Maintenance: Math.floor(score.maintenance.score * 100),
+    Quality: Math.floor(score.quality.score * 100),
+    Vulnerabilities: Math.floor(score.vulnerability.score * 100),
+    License: Math.floor(score.license.score * 100)
+  };
+  Object.entries(scoreResult).map(score => logger.logger.log(`- ${score[0]}: ${formatScore(score[1])}`));
+  logger.logger.log('\n');
+  if (objectSome(severityCount)) {
+    if (outputKind === 'markdown') {
+      logger.logger.log('# Issues\n');
+    }
+    logger.logger.log(`Package has these issues: ${formatSeverityCount(severityCount)}\n`);
+    formatPackageIssuesDetails(data, outputKind === 'markdown');
+  } else {
+    logger.logger.log('Package has no issues');
   }
-  if (strict && objectSome(severityCount)) {
-    process$1.exit(1);
+  const format = new index.ColorOrMarkdown(outputKind === 'markdown');
+  const url = index.getSocketDevPackageOverviewUrl(NPM$c, pkgName, pkgVersion);
+  logger.logger.log('\n');
+  if (pkgVersion === 'latest') {
+    logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName}`, url, {
+      fallbackToUrl: true
+    })}`);
+  } else {
+    logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName} v${pkgVersion}`, url, {
+      fallbackToUrl: true
+    })}`);
+  }
+  if (outputKind !== 'markdown') {
+    logger.logger.log(colors.dim(`\nOr rerun ${colors.italic(name)} using the ${colors.italic('--json')} flag to get full JSON output`));
+  } else {
+    logger.logger.log('');
   }
 }
 function formatPackageIssuesDetails(packageData, outputMarkdown) {
@@ -2814,7 +3099,7 @@ function formatPackageIssuesDetails(packageData, outputMarkdown) {
     }
     return acc;
   }, {});
-  const format = new index.ColorOrMarkdown(!!outputMarkdown);
+  const format = new index.ColorOrMarkdown(outputMarkdown);
   for (const issue of Object.keys(uniqueIssues)) {
     const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, index.getSocketDevAlertUrl(issue), {
       fallbackToUrl: true
@@ -2838,27 +3123,23 @@ function formatScore(score) {
 async function getPackageInfo({
   commandName,
   includeAllIssues,
-  outputJson,
-  outputMarkdown,
+  outputKind,
   pkgName,
   pkgVersion,
   strict
 }) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  spinner.start(pkgVersion === 'latest' ? `Looking up data for the latest version of ${pkgName}` : `Looking up data for version ${pkgVersion} of ${pkgName}`);
-  const packageData = await fetchPackageInfo(pkgName, pkgVersion, includeAllIssues, spinner);
+  const packageData = await fetchPackageInfo(pkgName, pkgVersion, includeAllIssues);
   if (packageData) {
     formatPackageInfo(packageData, {
       name: commandName,
-      outputJson,
-      outputMarkdown,
+      outputKind,
       pkgName,
-      pkgVersion,
-      strict
-    }, spinner);
+      pkgVersion
+    });
+    if (strict && objectSome(packageData.severityCount)) {
+      // Let NodeJS exit gracefully but with exit(1)
+      process$1.exitCode = 1;
+    }
   }
 }
 
@@ -2900,6 +3181,12 @@ async function run$s(argv, importMeta, {
     importMeta,
     parentName
   });
+  const {
+    all,
+    json,
+    markdown,
+    strict
+  } = cli.flags;
   const [rawPkgName = ''] = cli.input;
   if (!rawPkgName || cli.input.length > 1) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
@@ -2920,12 +3207,11 @@ async function run$s(argv, importMeta, {
   }
   await getPackageInfo({
     commandName: `${parentName} ${config$s.commandName}`,
-    includeAllIssues: Boolean(cli.flags['all']),
-    outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
+    includeAllIssues: Boolean(all),
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
     pkgName,
     pkgVersion,
-    strict: Boolean(cli.flags['strict'])
+    strict: Boolean(strict)
   });
 }
 
@@ -2958,7 +3244,7 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
       throw new index.AuthError();
     }
     orgs = result.data;
-    spinner.success('API key verified');
+    spinner.successAndStop('API key verified');
   } catch {
     spinner.errorAndStop('Invalid API key');
     return;
@@ -2999,8 +3285,10 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
   const oldToken = index.getSetting('apiToken');
   try {
     applyLogin(apiToken, enforcedOrgs, apiBaseUrl, apiProxy);
+    spinner.start();
     spinner.successAndStop(`API credentials ${oldToken ? 'updated' : 'set'}`);
   } catch {
+    spinner.start();
     spinner.errorAndStop(`API login failed`);
   }
 }
@@ -3135,7 +3423,6 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     logger.logger.log(`- src dir: \`${target}\``);
     logger.logger.groupEnd();
   }
-  spinner.start(`Converting gradle to maven from \`${bin}\` on \`${target}\`...`);
   try {
     // Run sbt with the init script we provide which should yield zero or more pom files.
     // We have to figure out where to store those pom files such that we can upload them and predict them through the GitHub API.
@@ -3145,8 +3432,9 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     const initLocation = path.join(constants.rootDistPath, 'init.gradle');
     const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
     if (verbose) {
-      spinner.log('[VERBOSE] Executing:', bin, commandArgs);
+      logger.logger.log('[VERBOSE] Executing:', bin, commandArgs);
     }
+    spinner.start(`Converting gradle to maven from \`${bin}\` on \`${target}\`...`);
     const output = await spawn.spawn(bin, commandArgs, {
       cwd: target || '.'
     });
@@ -3164,7 +3452,8 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
         logger.logger.error(output.stderr);
         logger.logger.groupEnd();
       }
-      process.exit(1);
+      process.exitCode = 1;
+      return;
     }
     logger.logger.success('Executed gradle successfully');
     logger.logger.log('Reported exports:');
@@ -3201,14 +3490,15 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     //   spinner.successAndStop(`OK. File should be available in \`${out}\``)
     // }
   } catch (e) {
-    spinner.stop();
-    logger.logger.error('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    spinner.errorAndStop('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
     if (verbose) {
       logger.logger.group('[VERBOSE] error:');
       logger.logger.log(e);
       logger.logger.groupEnd();
     }
-    process.exit(1);
+    process.exitCode = 1;
+  } finally {
+    spinner.stop();
   }
 }
 
@@ -3318,9 +3608,11 @@ async function run$p(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - The DIR arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}\n
-      - Can only accept one DIR (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - The DIR arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}
+
+      - Can only accept one DIR (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}`);
     return;
   }
   let bin;
@@ -3374,8 +3666,9 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
     // logger.log(`- dst dir: \`${out}\``)
     logger.logger.groupEnd();
   }
-  spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
   try {
+    spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
+
     // Run sbt with the init script we provide which should yield zero or more
     // pom files. We have to figure out where to store those pom files such that
     // we can upload them and predict them through the GitHub API. We could do a
@@ -3398,7 +3691,8 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
         logger.logger.error(output.stderr);
         logger.logger.groupEnd();
       }
-      process.exit(1);
+      process.exitCode = 1;
+      return;
     }
     const poms = [];
     output.stdout.replace(/Wrote (.*?.pom)\n/g, (_all, fn) => {
@@ -3407,7 +3701,8 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
     });
     if (!poms.length) {
       logger.logger.error('There were no errors from sbt but it seems to not have generated any poms either');
-      process.exit(1);
+      process.exitCode = 1;
+      return;
     }
     // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
     // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
@@ -3421,7 +3716,8 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
       logger.logger.error('Requested out target was stdout but there are multiple generated files');
       poms.forEach(fn => logger.logger.error('-', fn));
       logger.logger.error('Exiting now...');
-      process.exit(1);
+      process.exitCode = 1;
+      return;
     } else {
       // if (verbose) {
       //   logger.log(
@@ -3437,14 +3733,15 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
       logger.logger.success(`OK`);
     }
   } catch (e) {
-    spinner.stop();
-    logger.logger.error('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    spinner?.errorAndStop('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
     if (verbose) {
       logger.logger.group('[VERBOSE] error:');
       logger.logger.log(e);
       logger.logger.groupEnd();
     }
-    process.exit(1);
+    process.exitCode = 1;
+  } finally {
+    spinner.stop();
   }
 }
 
@@ -3552,9 +3849,11 @@ async function run$o(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - The DIR or FILE arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}\n
-      - Can only accept one DIR or FILE (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - The DIR or FILE arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}
+
+      - Can only accept one DIR or FILE (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}`);
     return;
   }
   let bin = 'sbt';
@@ -3810,9 +4109,11 @@ async function run$m(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - The DIR arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}\n
-      - Can only accept one DIR (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - The DIR arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}
+
+      - Can only accept one DIR (make sure to escape spaces!) ${cli.input.length > 1 ? colors.red(`(received ${cli.input.length}!)`) : colors.green('(ok)')}`);
     return;
   }
   let bin;
@@ -5210,9 +5511,10 @@ async function run$g(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`
-      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - The json and markdown flags cannot be both set, pick one
+    logger.logger.error(commonTags.stripIndents`
+${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+  - The json and markdown flags cannot be both set, pick one
     `);
     return;
   }
@@ -5247,13 +5549,10 @@ const config$f = {
   description: `Temporarily disable the Socket ${NPM} wrapper`,
   hidden: false,
   flags: {},
-  help: (command, config) => `
+  help: command => `
     Usage
       $ ${command} <command>
 
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
     Examples
       $ ${command} install
   `
@@ -5304,13 +5603,10 @@ const config$e = {
   description: `Temporarily disable the Socket ${NPX} wrapper`,
   hidden: false,
   flags: {},
-  help: (command, config) => `
+  help: command => `
     Usage
       $ ${command} <command>
 
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
     Examples
       $ ${command} install
   `
@@ -5357,10 +5653,8 @@ async function createReport(socketConfig, inputPaths, {
       cause
     });
   });
-  const packagePaths = await npmPaths.getPackageFiles(cwd, inputPaths, socketConfig, supportedFiles);
-  const {
-    length: packagePathsCount
-  } = packagePaths;
+  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, inputPaths, supportedFiles, socketConfig);
+  const packagePathsCount = packagePaths.length;
   if (packagePathsCount && debug.isDebug()) {
     for (const pkgPath of packagePaths) {
       debug.debugLog(`Uploading: ${pkgPath}`);
@@ -5450,11 +5744,12 @@ function formatReportDataOutput(reportId, data, commandName, outputJson, outputM
     logger.logger.log(JSON.stringify(data, undefined, 2));
   } else {
     const format = new index.ColorOrMarkdown(outputMarkdown);
-    logger.logger.log('\nDetailed info on socket.dev: ' + format.hyperlink(reportId, data.url, {
+    logger.logger.log(commonTags.stripIndents`
+      Detailed info on socket.dev: ${format.hyperlink(reportId, data.url, {
       fallbackToUrl: true
-    }));
+    })}`);
     if (!outputMarkdown) {
-      logger.logger.log(colors.dim(`\nOr rerun ${colors.italic(commandName)} using the ${colors.italic('--json')} flag to get full JSON output`));
+      logger.logger.log(colors.dim(`Or rerun ${colors.italic(commandName)} using the ${colors.italic('--json')} flag to get full JSON output`));
     }
   }
   if (strict && !data.healthy) {
@@ -5480,7 +5775,7 @@ const {
 } = constants;
 const config$d = {
   commandName: 'create',
-  description: 'Create a project report',
+  description: '[Deprecated] Create a project report',
   hidden: false,
   flags: {
     ...commonFlags,
@@ -5498,27 +5793,9 @@ const config$d = {
       description: 'Will wait for and return the created report'
     }
   },
-  help: (command, config) => `
-    Usage
-      $ ${command} <paths-to-package-folders-and-files>
-
-    Uploads the specified "package.json" and lock files for JavaScript, Python, and Go dependency manifests.
-    If any folder is specified, the ones found in there recursively are uploaded.
-
-    Supports globbing such as "**/package.json", "**/requirements.txt", "**/pyproject.toml", and "**/go.mod".
-
-    Ignores any file specified in your project's ".gitignore", your project's
-    "socket.yml" file's "projectIgnorePaths" and also has a sensible set of
-    default ignores from the "ignore-by-default" module.
-
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
-    Examples
-      $ ${command} .
-      $ ${command} '**/package.json'
-      $ ${command} /path/to/a/package.json /path/to/another/package.json
-      $ ${command} . --view --json
+  help: () => `
+    This command is deprecated in favor of \`socket scan create\`.
+    It will be removed in the next major release of the CLI.
   `
 };
 const cmdReportCreate = {
@@ -5583,22 +5860,16 @@ const {
 } = constants;
 const config$c = {
   commandName: 'view',
-  description: 'View a project report',
+  description: '[Deprecated] View a project report',
   hidden: false,
   flags: {
     ...commonFlags,
     ...outputFlags,
     ...validationFlags
   },
-  help: (command, config) => `
-    Usage
-      $ ${command} <report-identifier>
-
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
-    Examples
-      $ ${command} QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
+  help: () => `
+    This command is deprecated in favor of \`socket scan view\`.
+    It will be removed in the next major release of the CLI.
   `
 };
 const cmdReportView = {
@@ -5623,9 +5894,11 @@ async function run$c(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Need at least one report ID ${!reportId ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Can only handle a single report ID ${extraInput.length < 2 ? colors.red(`(received ${extraInput.length}!)`) : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Need at least one report ID ${!reportId ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Can only handle a single report ID ${extraInput.length < 2 ? colors.red(`(received ${extraInput.length}!)`) : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -5644,6 +5917,8 @@ async function run$c(argv, importMeta, {
 const description$2 = '[Deprecated] Project report related commands';
 const cmdReport = {
   description: description$2,
+  hidden: true,
+  // Deprecated in favor of `scan`
   async run(argv, importMeta, {
     parentName
   }) {
@@ -5766,9 +6041,11 @@ async function run$b(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -5848,10 +6125,13 @@ async function run$a(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name as the second argument ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}\n
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name as the second argument ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}
+
+      - At least one TARGET (e.g. \`.\` or \`./package.json\``);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -5993,9 +6273,11 @@ async function run$9(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - At least one TARGET (e.g. \`.\` or \`./package.json\``);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -6125,10 +6407,13 @@ async function run$8(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}\n
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}
+
+      - At least one TARGET (e.g. \`.\` or \`./package.json\``);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -6235,9 +6520,13 @@ async function run$7(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name using --repoName ${!repoName ? colors.red('(missing!)') : typeof repoName !== 'string' ? colors.red('(invalid!)') : colors.green('(ok)')}
+    `);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -6454,53 +6743,65 @@ async function createFullScan({
     targets = received ?? [];
     updatedInput = true;
   }
-  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, targets, supportedFiles);
+
+  // // TODO: we'll probably use socket.json or something else soon...
+  // const absoluteConfigPath = path.join(cwd, 'socket.yml')
+  // const socketConfig = await getSocketConfig(absoluteConfigPath)
+
+  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, targets, supportedFiles
+  // socketConfig
+  );
 
   // We're going to need an api token to suggest data because those suggestions
   // must come from data we already know. Don't error on missing api token yet.
   // If the api-token is not set, ignore it for the sake of suggestions.
   const apiToken = index.getDefaultToken();
-  if (apiToken && !orgSlug) {
-    const suggestion = await suggestOrgSlug(socketSdk);
-    if (suggestion) orgSlug = suggestion;
-    updatedInput = true;
-  }
 
   // If the current cwd is unknown and is used as a repo slug anyways, we will
   // first need to register the slug before we can use it.
   let repoDefaultBranch = '';
-
-  // (Don't bother asking for the rest if we didn't get an org slug above)
-  if (apiToken && orgSlug && !repoName) {
-    const suggestion = await suggestRepoSlug(socketSdk, orgSlug);
-    if (suggestion) {
-      ({
-        defaultBranch: repoDefaultBranch,
-        slug: repoName
-      } = suggestion);
+  if (apiToken) {
+    if (!orgSlug) {
+      const suggestion = await suggestOrgSlug(socketSdk);
+      if (suggestion) orgSlug = suggestion;
+      updatedInput = true;
+    }
+
+    // (Don't bother asking for the rest if we didn't get an org slug above)
+    if (orgSlug && !repoName) {
+      const suggestion = await suggestRepoSlug(socketSdk, orgSlug);
+      if (suggestion) {
+        repoDefaultBranch = suggestion.defaultBranch;
+        repoName = suggestion.slug;
+      }
+      updatedInput = true;
     }
-    updatedInput = true;
-  }
 
-  // (Don't bother asking for the rest if we didn't get an org/repo above)
-  if (apiToken && orgSlug && repoName && !branchName) {
-    const suggestion = await suggestBranchSlug(repoDefaultBranch);
-    if (suggestion) branchName = suggestion;
-    updatedInput = true;
+    // (Don't bother asking for the rest if we didn't get an org/repo above)
+    if (orgSlug && repoName && !branchName) {
+      const suggestion = await suggestBranchSlug(repoDefaultBranch);
+      if (suggestion) branchName = suggestion;
+      updatedInput = true;
+    }
   }
   if (!orgSlug || !repoName || !branchName || !packagePaths.length) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process$1.exitCode = 2;
-    logger.logger.error(`
-      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!packagePaths.length ? colors.red(targets.length > 0 ? '(TARGET' + (targets.length ? 's' : '') + ' contained no matching/supported files!)' : '(missing)') : colors.green('(ok)')}\n
-      ${!apiToken ? 'Note: was unable to make suggestions because no API Token was found; this would make command fail regardless\n' : ''}
-    `);
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!packagePaths.length ? colors.red(targets.length > 0 ? '(TARGET' + (targets.length ? 's' : '') + ' contained no matching/supported files!)' : '(missing)') : colors.green('(ok)')}
+
+      ${!apiToken ? 'Note: was unable to make suggestions because no API Token was found; this would make command fail regardless' : ''}
+      `);
     return;
   }
   if (updatedInput) {
@@ -6516,7 +6817,7 @@ async function createFullScan({
     logger.logger.log('[ReadOnly] Bailing now');
     return;
   }
-  spinner.start('Creating a scan...');
+  spinner.start(`Creating a scan with ${packagePaths.length} packages...`);
   const result = await handleApiCall(socketSdk.createOrgFullScan(orgSlug, {
     repo: repoName,
     branch: branchName,
@@ -6616,13 +6917,29 @@ const config$6 = {
       shortFlag: 't',
       default: false,
       description: 'Set the visibility (true/false) of the scan in your dashboard'
+    },
+    view: {
+      type: 'boolean',
+      shortFlag: 'v',
+      default: true,
+      description: 'Will wait for and return the created report. Use --no-view to disable.'
     }
   },
+  // TODO: your project's "socket.yml" file's "projectIgnorePaths"
   help: (command, config) => `
     Usage
       $ ${command} [...options] <org> <TARGET> [TARGET...]
 
-    Where TARGET is a FILE or DIR that _must_ be inside the CWD.
+    Uploads the specified "package.json" and lock files for JavaScript, Python,
+    Go, Scala, Gradle, and Kotlin dependency manifests.
+    If any folder is specified, the ones found in there recursively are uploaded.
+
+    Supports globbing such as "**/package.json", "**/requirements.txt", etc.
+
+    Ignores any file specified in your project's ".gitignore" and also has a
+    sensible set of default ignores from the "ignore-by-default" module.
+
+    TARGET should be a FILE or DIR that _must_ be inside the CWD.
 
     When a FILE is given only that FILE is targeted. Otherwise any eligible
     files in the given DIR will be considered.
@@ -6654,7 +6971,8 @@ async function run$6(argv, importMeta, {
     branch: branchName,
     repo: repoName
   } = cli.flags;
-  const apiToken = index.getDefaultToken();
+  const apiToken = index.getDefaultToken(); // This checks if we _can_ suggest anything
+
   if (!apiToken && (!orgSlug || !repoName || !branchName || !targets.length)) {
     // Without api token we cannot recover because we can't request more info
     // from the server, to match and help with the current cwd/git status.
@@ -6662,13 +6980,18 @@ async function run$6(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process$1.exitCode = 2;
-    logger.logger.error(`
-      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!targets.length ? '(missing)' : colors.green('(ok)')}\n
-      (Additionally, no API Token was set so we cannot auto-discover these details)\n
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!targets.length ? '(missing)' : colors.green('(ok)')}
+
+      (Additionally, no API Token was set so we cannot auto-discover these details)
     `);
     return;
   }
@@ -6695,7 +7018,14 @@ async function run$6(argv, importMeta, {
   });
 }
 
-async function deleteOrgFullScan(orgSlug, fullScanId, apiToken) {
+async function deleteOrgFullScan(orgSlug, fullScanId) {
+  const apiToken = index.getDefaultToken();
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await deleteOrgFullScanWithToken(orgSlug, fullScanId, apiToken);
+}
+async function deleteOrgFullScanWithToken(orgSlug, fullScanId, apiToken) {
   // Lazily access constants.spinner.
   const {
     spinner
@@ -6752,35 +7082,77 @@ async function run$5(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Full Scan ID to delete as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Full Scan ID to delete as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$5);
     return;
   }
+  await deleteOrgFullScan(orgSlug, fullScanId);
+}
+
+// @ts-ignore
+async function listFullScans({
+  direction,
+  from_time,
+  orgSlug,
+  outputKind,
+  page,
+  per_page,
+  sort
+}) {
   const apiToken = index.getDefaultToken();
   if (!apiToken) {
     throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await deleteOrgFullScan(orgSlug, fullScanId, apiToken);
+  await listFullScansWithToken({
+    apiToken,
+    direction,
+    from_time,
+    orgSlug,
+    outputKind,
+    page,
+    per_page,
+    sort
+  });
 }
-
-// @ts-ignore
-async function listFullScans(orgSlug, input, apiToken) {
+async function listFullScansWithToken({
+  apiToken,
+  direction,
+  from_time,
+  orgSlug,
+  outputKind,
+  page,
+  per_page,
+  sort
+}) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Listing scans...');
+  spinner.start('Fetching list of scans...');
   const socketSdk = await index.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, input), 'Listing scans');
+  const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, {
+    sort,
+    direction,
+    per_page,
+    page,
+    from: from_time
+  }), 'Listing scans');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgFullScanList', result, spinner);
     return;
   }
+  spinner.stop(`Fetch complete`);
+  if (outputKind === 'json') {
+    logger.logger.log(result.data);
+    return;
+  }
   const options = {
     columns: [{
       field: 'id',
@@ -6808,7 +7180,6 @@ async function listFullScans(orgSlug, input, apiToken) {
       branch: d.branch
     };
   });
-  spinner.stop(`Listing scans for: ${orgSlug}`);
   logger.logger.log(chalkTable(options, formattedResults));
 }
 
@@ -6890,47 +7261,64 @@ async function run$4(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-    - Org name as the argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+    - Org name as the argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$4);
     return;
   }
+  await listFullScans({
+    direction: String(cli.flags['direction'] || ''),
+    from_time: String(cli.flags['fromTime'] || ''),
+    orgSlug,
+    outputKind: cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print',
+    page: Number(cli.flags['page'] || 1),
+    per_page: Number(cli.flags['perPage'] || 30),
+    sort: String(cli.flags['sort'] || '')
+  });
+}
+
+async function getOrgScanMetadata(orgSlug, scanId, outputKind) {
   const apiToken = index.getDefaultToken();
   if (!apiToken) {
     throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await listFullScans(orgSlug,
-  // TODO: refine this object to what we need
-  {
-    outputJson: cli.flags['json'],
-    outputMarkdown: cli.flags['markdown'],
-    orgSlug,
-    sort: cli.flags['sort'],
-    direction: cli.flags['direction'],
-    per_page: cli.flags['perPage'],
-    page: cli.flags['page'],
-    from_time: cli.flags['fromTime'],
-    until_time: cli.flags['untilTime']
-  }, apiToken);
+  await getOrgScanMetadataWithToken(orgSlug, scanId, apiToken, outputKind);
 }
-
-async function getOrgScanMetadata(orgSlug, scanId, apiToken) {
+async function getOrgScanMetadataWithToken(orgSlug, scanId, apiToken, outputKind) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start("Getting scan's metadata...");
+  spinner.start('Fetching meta data for a full scan...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrgFullScanMetadata(orgSlug, scanId), 'Listing scans');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgFullScanMetadata', result, spinner);
     return;
   }
-  spinner.stop('Scan metadata:');
-  logger.logger.log(result.data);
+  spinner?.successAndStop('Fetched the meta data\n');
+  if (outputKind === 'json') {
+    logger.logger.log(result.data);
+  } else {
+    // Markdown = print
+    if (outputKind === 'markdown') {
+      logger.logger.log('# Scan meta data\n');
+    }
+    logger.logger.log(`Scan ID: ${scanId}\n`);
+    for (const [key, value] of Object.entries(result.data)) {
+      if (['id', 'updated_at', 'organization_id', 'repository_id', 'commit_hash', 'html_report_url'].includes(key)) continue;
+      logger.logger.log(`- ${key}:`, value);
+    }
+    if (outputKind === 'markdown') {
+      logger.logger.log(`\nYou can view this report at: [${result.data.html_report_url}](${result.data.html_report_url})\n`);
+    } else {
+      logger.logger.log(`\nYou can view this report at: ${result.data.html_report_url}]\n`);
+    }
+  }
 }
 
 const {
@@ -6975,44 +7363,117 @@ async function run$3(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Full Scan ID to inspect as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Full Scan ID to inspect as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$3);
     return;
   }
+  await getOrgScanMetadata(orgSlug, fullScanId, cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print');
+}
+
+async function streamFullScan(orgSlug, fullScanId, file) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
   const apiToken = index.getDefaultToken();
   if (!apiToken) {
     throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await getOrgScanMetadata(orgSlug, fullScanId, apiToken);
+  spinner.start('Fetching scan...');
+  const socketSdk = await index.setupSdk(apiToken);
+  const data = await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file === '-' ? undefined : file), 'Fetching a scan');
+  if (!data?.success) {
+    handleUnsuccessfulApiResponse('getOrgFullScan', data, spinner);
+    return;
+  }
+  spinner?.successAndStop(file ? `Full scan details written to ${file}` : 'stdout');
+  return data;
 }
 
-async function getFullScan(orgSlug, fullScanId, file, apiToken) {
+async function getFullScan(orgSlug, fullScanId) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Streaming scan...');
-  const socketSdk = await index.setupSdk(apiToken);
-  const data = await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file === '-' ? undefined : file), 'Streaming a scan');
-  if (data?.success) {
-    spinner.stop(file ? `Full scan details written to ${file}` : '');
-  } else {
-    handleUnsuccessfulApiResponse('getOrgFullScan', data, spinner);
+  const apiToken = index.getDefaultToken();
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  spinner.start('Fetching full-scan...');
+  const response = await queryAPI(`orgs/${orgSlug}/full-scans/${encodeURIComponent(fullScanId)}`, apiToken);
+  spinner.stop('Fetch complete.');
+  if (!response.ok) {
+    const err = await handleAPIError(response.status);
+    logger.logger.error(`${colors.bgRed(colors.white(response.statusText))}: Fetch error: ${err}`);
+    return;
   }
+
+  // This is nd-json; each line is a json object
+  const jsons = await response.text();
+  const lines = jsons.split('\n').filter(Boolean);
+  const data = lines.map(line => {
+    try {
+      return JSON.parse(line);
+    } catch {
+      console.error('At least one line item was returned that could not be parsed as JSON...');
+      return {};
+    }
+  });
   return data;
 }
 
+async function viewFullScan(orgSlug, fullScanId, filePath) {
+  const artifacts = await getFullScan(orgSlug, fullScanId);
+  if (!artifacts) return;
+  const display = artifacts.map(art => {
+    const author = Array.isArray(art.author) ? `${art.author[0]}${art.author.length > 1 ? ' et.al.' : ''}` : art.author;
+    return {
+      type: art.type,
+      name: art.name,
+      version: art.version,
+      author,
+      score: JSON.stringify(art.score)
+    };
+  });
+  const md = mdTable(display, ['type', 'version', 'name', 'author', 'score']);
+  const report = `
+# Scan Details
+
+These are the artifacts and their scores found.
+
+Sscan ID: ${fullScanId}
+
+${md}
+
+View this report at: https://socket.dev/dashboard/org/${orgSlug}/sbom/${fullScanId}
+  `.trim() + '\n';
+  if (filePath && filePath !== '-') {
+    try {
+      await fs$1.writeFile(filePath, report, 'utf8');
+      logger.logger.log(`Data successfully written to ${filePath}`);
+    } catch (e) {
+      logger.logger.error('There was an error trying to write the json to disk');
+      logger.logger.error(e);
+      process.exitCode = 1;
+    }
+  } else {
+    logger.logger.log(report);
+  }
+}
+
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$2
 } = constants;
 const config$2 = {
-  commandName: 'stream',
-  description: 'Stream the output of a scan',
+  commandName: 'view',
+  description: 'View the raw results of a scan',
   hidden: false,
   flags: {
     ...commonFlags,
@@ -7031,7 +7492,7 @@ const config$2 = {
       $ ${command} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 ./stream.txt
   `
 };
-const cmdScanStream = {
+const cmdScanView = {
   description: config$2.description,
   hidden: config$2.hidden,
   run: run$2
@@ -7051,23 +7512,27 @@ async function run$2(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n
-      - Full Scan ID to fetch as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
+
+      - Full Scan ID to fetch as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}
+    `);
     return;
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$2);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  if (cli.flags['json']) {
+    await streamFullScan(orgSlug, fullScanId, file);
+  } else {
+    await viewFullScan(orgSlug, fullScanId, file);
   }
-  await getFullScan(orgSlug, fullScanId, file, apiToken);
 }
 
-const description = 'Scans related commands';
+const description = 'Full Scan related commands';
 const cmdScan = {
   description,
   async run(argv, importMeta, {
@@ -7075,11 +7540,19 @@ const cmdScan = {
   }) {
     await meowWithSubcommands({
       create: cmdScanCreate,
-      stream: cmdScanStream,
       list: cmdScanList,
       del: cmdScanDel,
-      metadata: cmdScanMetadata
+      metadata: cmdScanMetadata,
+      view: cmdScanView
     }, {
+      aliases: {
+        // Backwards compat. TODO: Drop next major bump
+        stream: {
+          description: cmdScanView.description,
+          hidden: true,
+          argv: ['view'] // Original args will be appended (!)
+        }
+      },
       argv,
       description,
       importMeta,
@@ -7252,7 +7725,7 @@ function addSocketWrapper(file) {
     }
     // TODO: pretty sure you need to source the file or restart
     //       any terminal session before changes are reflected.
-    logger.logger.log(`
+    logger.logger.log(commonTags.stripIndents`
 The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
 If you want to disable it at any time, run \`socket wrapper --disable\`
 `);
@@ -7405,8 +7878,11 @@ async function run(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required flags:\n
-      - Must use --enabled or --disabled\n`);
+    logger.logger.error(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: Please provide the required flags:
+
+      - Must use --enabled or --disabled
+    `);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -7515,5 +7991,5 @@ void (async () => {
     await index.captureException(e);
   }
 })();
-//# debugId=f23df080-286e-4174-a361-db1fa42ece1
+//# debugId=c0b42b8b-128e-4ec9-a7f4-e4313aab0875
 //# sourceMappingURL=cli.js.map