@socketsecurity/cli-with-sentry 0.14.55 → 0.14.56

package/dist/module-sync/cli.js

@@ -36,10 +36,11 @@ var contrib = _socketInterop(require('blessed-contrib'));
 var prompts = require('@socketsecurity/registry/lib/prompts');
 var yargsParse = _socketInterop(require('yargs-parser'));
 var words = require('@socketsecurity/registry/lib/words');
-var npm = require('@socketsecurity/registry/lib/npm');
+var shadowBin = require('./shadow-bin.js');
 var chalkTable = _socketInterop(require('chalk-table'));
 var util = require('node:util');
 var registry = require('@socketsecurity/registry');
+var npm = require('@socketsecurity/registry/lib/npm');
 var packages = require('@socketsecurity/registry/lib/packages');
 var registryConstants = require('@socketsecurity/registry/lib/constants');
 var isInteractive = require('@socketregistry/is-interactive/index.cjs');
@@ -1519,7 +1520,7 @@ function meowOrExit({
 }
 function getAsciiHeader(command) {
   const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['SOCKET_CLI_VERSION_HASH']".
-  "0.14.55:51de259:b691b88f:pub";
+  "0.14.56:5a261bf:186ce7ee:pub";
   const nodeVersion = process.version;
   const apiToken = index.getSetting('apiToken');
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
@@ -1643,6 +1644,35 @@ function mdTableStringNumber(title1, title2, obj) {
   lines.push(`| ${'-'.repeat(mw1)} | ${'-'.repeat(mw2)} |`);
   return lines.join('\n');
 }
+function mdTable(logs,
+// This is saying "an array of strings and the strings are a valid key of elements of T"
+// In turn, T is defined above as the audit log event type from our OpenAPI docs.
+cols) {
+  // Max col width required to fit all data in that column
+  const cws = cols.map(col => col.length);
+  for (const log of logs) {
+    for (let i = 0; i < cols.length; ++i) {
+      // @ts-ignore
+      const val = log[cols[i] ?? ''] ?? '';
+      cws[i] = Math.max(cws[i] ?? 0, String(val).length);
+    }
+  }
+  let div = '|';
+  for (const cw of cws) div += ' ' + '-'.repeat(cw) + ' |';
+  let header = '|';
+  for (let i = 0; i < cols.length; ++i) header += ' ' + String(cols[i]).padEnd(cws[i] ?? 0, ' ') + ' |';
+  let body = '';
+  for (const log of logs) {
+    body += '|';
+    for (let i = 0; i < cols.length; ++i) {
+      // @ts-ignore
+      const val = log[cols[i] ?? ''] ?? '';
+      body += ' ' + String(val).padEnd(cws[i] ?? 0, ' ') + ' |';
+    }
+    body += '\n';
+  }
+  return [div, header, div, body.trim(), div].filter(s => !!s.trim()).join('\n');
+}
 
 // Note: Widgets does not seem to actually work as code :'(
 
@@ -2075,35 +2105,6 @@ ${table}
     return;
   }
 }
-function mdTable(logs,
-// This is saying "an array of strings and the strings are a valid key of elements of T"
-// In turn, T is defined above as the audit log event type from our OpenAPI docs.
-cols) {
-  // Max col width required to fit all data in that column
-  const cws = cols.map(col => col.length);
-  for (const log of logs) {
-    for (let i = 0; i < cols.length; ++i) {
-      // @ts-ignore
-      const val = log[cols[i] ?? ''] ?? '';
-      cws[i] = Math.max(cws[i] ?? 0, String(val).length);
-    }
-  }
-  let div = '|';
-  for (const cw of cws) div += ' ' + '-'.repeat(cw) + ' |';
-  let header = '|';
-  for (let i = 0; i < cols.length; ++i) header += ' ' + String(cols[i]).padEnd(cws[i] ?? 0, ' ') + ' |';
-  let body = '';
-  for (const log of logs) {
-    body += '|';
-    for (let i = 0; i < cols.length; ++i) {
-      // @ts-ignore
-      const val = log[cols[i] ?? ''] ?? '';
-      body += ' ' + String(val).padEnd(cws[i] ?? 0, ' ') + ' |';
-    }
-    body += '\n';
-  }
-  return [div, header, div, body.trim(), div].filter(s => !!s.trim()).join('\n');
-}
 async function outputAsPrint(auditLogs, orgSlug, logType) {
   const data = [];
   const logDetails = {};
@@ -2248,18 +2249,10 @@ async function run$x(argv, importMeta, {
   });
 }
 
-const {
-  SBOM_SIGN_ALGORITHM,
-  // Algorithm. Example: RS512
-  SBOM_SIGN_PRIVATE_KEY,
-  // Location to the RSA private key
-  SBOM_SIGN_PUBLIC_KEY // Optional. Location to the RSA public key
-} = process$1.env;
 const {
   NPM: NPM$e,
-  PNPM: PNPM$8,
-  cdxgenBinPath,
-  synpBinPath
+  NPX: NPX$3,
+  PNPM: PNPM$8
 } = constants;
 const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$e, PNPM$8, 'ts', 'tsx', 'typescript']);
 async function runCycloneDX(yargv) {
@@ -2271,21 +2264,13 @@ async function runCycloneDX(yargv) {
       // Use synp to create a package-lock.json from the yarn.lock,
       // based on the node_modules folder, for a more accurate SBOM.
       try {
-        await npm.runBin(await fs.promises.realpath(synpBinPath), ['--source-file', './yarn.lock']);
+        await shadowBin(NPX$3, ['synp@1.9.14', '--', '--source-file', './yarn.lock'], 2);
         yargv.type = NPM$e;
         cleanupPackageLock = true;
       } catch {}
     }
   }
-  await npm.runBin(await fs.promises.realpath(cdxgenBinPath), argvToArray(yargv), {
-    env: {
-      NODE_ENV: '',
-      SBOM_SIGN_ALGORITHM,
-      SBOM_SIGN_PRIVATE_KEY,
-      SBOM_SIGN_PUBLIC_KEY
-    },
-    stdio: 'inherit'
-  });
+  await shadowBin(NPX$3, ['@cyclonedx/cdxgen@11.2.0', '--', ...argvToArray(yargv)], 2);
   if (cleanupPackageLock) {
     try {
       await fs.promises.rm('./package-lock.json');
@@ -2497,6 +2482,7 @@ async function findDependencies({
     logger.logger.log(result.data);
     return;
   }
+  logger.logger.log('Request details: Offset:', offset, ', limit:', limit, ', is there more data after this?', result.data.end ? 'no' : 'yes');
   const options = {
     columns: [{
       field: 'namespace',
@@ -2588,43 +2574,95 @@ async function run$v(argv, importMeta, {
 async function getDiffScan({
   after,
   before,
+  depth,
   file,
   orgSlug,
   outputJson
-}, apiToken) {
+}) {
+  const apiToken = index.getDefaultToken();
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await getDiffScanWithToken({
+    after,
+    before,
+    depth,
+    file,
+    orgSlug,
+    outputJson,
+    apiToken
+  });
+}
+async function getDiffScanWithToken({
+  after,
+  apiToken,
+  before,
+  depth,
+  file,
+  orgSlug,
+  outputJson
+}) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
   spinner.start('Getting diff scan...');
-  const response = await queryAPI(`${orgSlug}/full-scans/diff?before=${before}&after=${after}&preview`, apiToken);
-  const data = await response.json();
+  const response = await queryAPI(`orgs/${orgSlug}/full-scans/diff?before=${encodeURIComponent(before)}&after=${encodeURIComponent(after)}`, apiToken);
   if (!response.ok) {
     const err = await handleAPIError(response.status);
     spinner.errorAndStop(`${colors.bgRed(colors.white(response.statusText))}: ${err}`);
     return;
   }
+  const result = await handleApiCall(await response.json(), 'Deserializing json');
   spinner.stop();
-  if (file && !outputJson) {
-    fs.writeFile(file, JSON.stringify(data), err => {
-      err ? logger.logger.error(err) : logger.logger.log(`Data successfully written to ${file}`);
-    });
-    return;
-  }
-  if (outputJson) {
-    logger.logger.log(`\n Diff scan result: \n`);
-    logger.logger.log(util.inspect(data, {
-      showHidden: false,
-      depth: null,
-      colors: true
-    }));
-    logger.logger.log(`\n View this diff scan in the Socket dashboard: ${colors.cyan(data?.['diff_report_url'])}`);
+  const dashboardUrl = result?.['diff_report_url'];
+  const dashboardMessage = dashboardUrl ? `\n View this diff scan in the Socket dashboard: ${colors.cyan(dashboardUrl)}` : '';
+
+  // When forcing json, or dumping to file, serialize to string such that it
+  // won't get truncated. The only way to dump the full raw JSON to stdout is
+  // to use `--json --file -` (the dash is a standard notation for stdout)
+  if (outputJson || file) {
+    let json;
+    try {
+      json = JSON.stringify(result, null, 2);
+    } catch (e) {
+      // Most likely caused by a circular reference (or OOM)
+      logger.logger.error('There was a problem converting the data to JSON');
+      process.exitCode = 1;
+      return;
+    }
+    if (file && file !== '-') {
+      logger.logger.log(`Writing json to \`${file}\``);
+      fs.writeFile(file, JSON.stringify(result, null, 2), err => {
+        if (err) {
+          logger.logger.error(`Writing to \`${file}\` failed...`);
+          logger.logger.error(err);
+        } else {
+          logger.logger.log(`Data successfully written to \`${file}\``);
+        }
+        logger.logger.error(dashboardMessage);
+      });
+    } else {
+      // TODO: expose different method for writing to stderr when simply dodging stdout
+      logger.logger.error(`\n Diff scan result: \n`);
+      logger.logger.log(json);
+      logger.logger.error(dashboardMessage);
+    }
     return;
   }
+
+  // In this case neither the --json nor the --file flag was passed
+  // Dump the JSON to CLI and let NodeJS deal with truncation
+
   logger.logger.log('Diff scan result:');
-  logger.logger.log(data);
+  logger.logger.log(util.inspect(result, {
+    showHidden: false,
+    depth: depth > 0 ? depth : null,
+    colors: true,
+    maxArrayLength: null
+  }));
   logger.logger.log(`\n 📝 To display the detailed report in the terminal, use the --json flag \n`);
-  logger.logger.log(`\n View this diff scan in the Socket dashboard: ${colors.cyan(data?.['diff_report_url'])}`);
+  logger.logger.log(dashboardMessage);
 }
 
 const {
@@ -2636,36 +2674,44 @@ const config$u = {
   hidden: false,
   flags: {
     ...commonFlags,
+    after: {
+      type: 'string',
+      shortFlag: 'a',
+      default: '',
+      description: 'The full scan ID of the head scan'
+    },
     before: {
       type: 'string',
       shortFlag: 'b',
       default: '',
       description: 'The full scan ID of the base scan'
     },
-    after: {
-      type: 'string',
-      shortFlag: 'a',
-      default: '',
-      description: 'The full scan ID of the head scan'
+    depth: {
+      type: 'number',
+      default: 2,
+      description: 'Max depth of JSON to display before truncating, use zero for no limit (without --json/--file)'
     },
-    preview: {
+    json: {
       type: 'boolean',
-      shortFlag: 'p',
-      default: true,
-      description: 'A boolean flag to persist or not the diff scan result'
+      shortFlag: 'j',
+      default: false,
+      description: 'Output result as json. This can be big. Use --file to store it to disk without truncation.'
     },
     file: {
       type: 'string',
       shortFlag: 'f',
       default: '',
-      description: 'Path to a local file where the output should be saved'
-    },
-    ...outputFlags
+      description: 'Path to a local file where the output should be saved. Use `-` to force stdout.'
+    }
   },
   help: (command, config) => `
     Usage
       $ ${command} <org slug> --before=<before> --after=<after>
 
+    This command displays the package changes between two scans. The full output
+    can be pretty large depending on the size of your repo and time range. It is
+    best stored to disk to be further analyzed by other tools.
+
     Options
       ${getFlagListOutput(config.flags, 6)}
 
@@ -2698,6 +2744,7 @@ async function run$u(argv, importMeta, {
     logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
       - Specify a before and after full scan ID ${!before && !after ? colors.red('(missing before and after!)') : !before ? colors.red('(missing before!)') : !after ? colors.red('(missing after!)') : colors.green('(ok)')}\n
           - To get full scans IDs, you can run the command "socket scan list <your org slug>".
+            The args are expecting a full \`aaa0aa0a-aaaa-0000-0a0a-0000000a00a0\` ID.\n
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
     return;
   }
@@ -2705,24 +2752,24 @@ async function run$u(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$t);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
   await getDiffScan({
     outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
     before,
     after,
-    preview: Boolean(cli.flags['preview']),
+    depth: Number(cli.flags['depth']),
     orgSlug,
     file: String(cli.flags['file'] || '')
-  }, apiToken);
+  });
 }
 
 const description$3 = 'Diff scans related commands';
 const cmdDiffScan = {
   description: description$3,
+  // Hidden because it was broken all this time (nobody could be using it)
+  // and we're not sure if it's useful to anyone in its current state.
+  // Until we do, we'll hide this to keep the help tidier.
+  // And later, we may simply move this under `scan`, anyways.
+  hidden: true,
   async run(argv, importMeta, {
     parentName
   }) {
@@ -2954,7 +3001,12 @@ function getSeverityCount(issues, lowestToInclude) {
   return severityCount;
 }
 
-async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues, spinner) {
+async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start(pkgVersion === 'latest' ? `Looking up data for the latest version of ${pkgName}` : `Looking up data for version ${pkgVersion} of ${pkgName}`);
   const socketSdk = await index.setupSdk(index.getPublicToken());
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package');
   const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score');
@@ -2965,6 +3017,7 @@ async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues, spinner)
     return handleUnsuccessfulApiResponse('getScoreByNPMPackage', scoreResult, spinner);
   }
   const severityCount = getSeverityCount(result.data, includeAllIssues ? undefined : 'high');
+  spinner?.successAndStop('Data fetched');
   return {
     data: result.data,
     severityCount,
@@ -2981,49 +3034,54 @@ function formatPackageInfo({
   severityCount
 }, {
   name,
-  outputJson,
-  outputMarkdown,
+  outputKind,
   pkgName,
-  pkgVersion,
-  strict
-}, spinner) {
-  if (outputJson) {
+  pkgVersion
+}) {
+  if (outputKind === 'json') {
     logger.logger.log(JSON.stringify(data, undefined, 2));
+    return;
+  }
+  if (outputKind === 'markdown') {
+    logger.logger.log(`\n# Package report for ${pkgName}\n`);
+    logger.logger.log('Package report card:\n');
   } else {
-    logger.logger.log('\nPackage report card:');
-    const scoreResult = {
-      'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
-      Maintenance: Math.floor(score.maintenance.score * 100),
-      Quality: Math.floor(score.quality.score * 100),
-      Vulnerabilities: Math.floor(score.vulnerability.score * 100),
-      License: Math.floor(score.license.score * 100)
-    };
-    Object.entries(scoreResult).map(score => logger.logger.log(`- ${score[0]}: ${formatScore(score[1])}`));
-    logger.logger.log('\n');
-    if (objectSome(severityCount)) {
-      spinner[strict ? 'error' : 'success'](`Package has these issues: ${formatSeverityCount(severityCount)}`);
-      formatPackageIssuesDetails(data, outputMarkdown);
-    } else {
-      spinner.successAndStop('Package has no issues');
-    }
-    const format = new index.ColorOrMarkdown(!!outputMarkdown);
-    const url = index.getSocketDevPackageOverviewUrl(NPM$c, pkgName, pkgVersion);
-    logger.logger.log('\n');
-    if (pkgVersion === 'latest') {
-      logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName}`, url, {
-        fallbackToUrl: true
-      })}`);
-    } else {
-      logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName} v${pkgVersion}`, url, {
-        fallbackToUrl: true
-      })}`);
-    }
-    if (!outputMarkdown) {
-      logger.logger.log(colors.dim(`\nOr rerun ${colors.italic(name)} using the ${colors.italic('--json')} flag to get full JSON output`));
+    logger.logger.log(`\nPackage report card for ${pkgName}:\n`);
+  }
+  const scoreResult = {
+    'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
+    Maintenance: Math.floor(score.maintenance.score * 100),
+    Quality: Math.floor(score.quality.score * 100),
+    Vulnerabilities: Math.floor(score.vulnerability.score * 100),
+    License: Math.floor(score.license.score * 100)
+  };
+  Object.entries(scoreResult).map(score => logger.logger.log(`- ${score[0]}: ${formatScore(score[1])}`));
+  logger.logger.log('\n');
+  if (objectSome(severityCount)) {
+    if (outputKind === 'markdown') {
+      logger.logger.log('# Issues\n');
     }
+    logger.logger.log(`Package has these issues: ${formatSeverityCount(severityCount)}\n`);
+    formatPackageIssuesDetails(data, outputKind === 'markdown');
+  } else {
+    logger.logger.log('Package has no issues');
   }
-  if (strict && objectSome(severityCount)) {
-    process$1.exit(1);
+  const format = new index.ColorOrMarkdown(outputKind === 'markdown');
+  const url = index.getSocketDevPackageOverviewUrl(NPM$c, pkgName, pkgVersion);
+  logger.logger.log('\n');
+  if (pkgVersion === 'latest') {
+    logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName}`, url, {
+      fallbackToUrl: true
+    })}`);
+  } else {
+    logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName} v${pkgVersion}`, url, {
+      fallbackToUrl: true
+    })}`);
+  }
+  if (outputKind !== 'markdown') {
+    logger.logger.log(colors.dim(`\nOr rerun ${colors.italic(name)} using the ${colors.italic('--json')} flag to get full JSON output`));
+  } else {
+    logger.logger.log('');
   }
 }
 function formatPackageIssuesDetails(packageData, outputMarkdown) {
@@ -3044,7 +3102,7 @@ function formatPackageIssuesDetails(packageData, outputMarkdown) {
     }
     return acc;
   }, {});
-  const format = new index.ColorOrMarkdown(!!outputMarkdown);
+  const format = new index.ColorOrMarkdown(outputMarkdown);
   for (const issue of Object.keys(uniqueIssues)) {
     const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, index.getSocketDevAlertUrl(issue), {
       fallbackToUrl: true
@@ -3068,27 +3126,23 @@ function formatScore(score) {
 async function getPackageInfo({
   commandName,
   includeAllIssues,
-  outputJson,
-  outputMarkdown,
+  outputKind,
   pkgName,
   pkgVersion,
   strict
 }) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  spinner.start(pkgVersion === 'latest' ? `Looking up data for the latest version of ${pkgName}` : `Looking up data for version ${pkgVersion} of ${pkgName}`);
-  const packageData = await fetchPackageInfo(pkgName, pkgVersion, includeAllIssues, spinner);
+  const packageData = await fetchPackageInfo(pkgName, pkgVersion, includeAllIssues);
   if (packageData) {
     formatPackageInfo(packageData, {
       name: commandName,
-      outputJson,
-      outputMarkdown,
+      outputKind,
       pkgName,
-      pkgVersion,
-      strict
-    }, spinner);
+      pkgVersion
+    });
+    if (strict && objectSome(packageData.severityCount)) {
+      // Let NodeJS exit gracefully but with exit(1)
+      process$1.exitCode = 1;
+    }
   }
 }
 
@@ -3130,6 +3184,12 @@ async function run$s(argv, importMeta, {
     importMeta,
     parentName
   });
+  const {
+    all,
+    json,
+    markdown,
+    strict
+  } = cli.flags;
   const [rawPkgName = ''] = cli.input;
   if (!rawPkgName || cli.input.length > 1) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
@@ -3150,12 +3210,11 @@ async function run$s(argv, importMeta, {
   }
   await getPackageInfo({
     commandName: `${parentName} ${config$s.commandName}`,
-    includeAllIssues: Boolean(cli.flags['all']),
-    outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
+    includeAllIssues: Boolean(all),
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
     pkgName,
     pkgVersion,
-    strict: Boolean(cli.flags['strict'])
+    strict: Boolean(strict)
   });
 }
 
@@ -3188,7 +3247,7 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
       throw new index.AuthError();
     }
     orgs = result.data;
-    spinner.success('API key verified');
+    spinner.successAndStop('API key verified');
   } catch {
     spinner.errorAndStop('Invalid API key');
     return;
@@ -3229,8 +3288,10 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
   const oldToken = index.getSetting('apiToken');
   try {
     applyLogin(apiToken, enforcedOrgs, apiBaseUrl, apiProxy);
+    spinner.start();
     spinner.successAndStop(`API credentials ${oldToken ? 'updated' : 'set'}`);
   } catch {
+    spinner.start();
     spinner.errorAndStop(`API login failed`);
   }
 }
@@ -3365,7 +3426,6 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     logger.logger.log(`- src dir: \`${target}\``);
     logger.logger.groupEnd();
   }
-  spinner.start(`Converting gradle to maven from \`${bin}\` on \`${target}\`...`);
   try {
     // Run sbt with the init script we provide which should yield zero or more pom files.
     // We have to figure out where to store those pom files such that we can upload them and predict them through the GitHub API.
@@ -3375,8 +3435,9 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     const initLocation = path.join(constants.rootDistPath, 'init.gradle');
     const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
     if (verbose) {
-      spinner.log('[VERBOSE] Executing:', bin, commandArgs);
+      logger.logger.log('[VERBOSE] Executing:', bin, commandArgs);
     }
+    spinner.start(`Converting gradle to maven from \`${bin}\` on \`${target}\`...`);
     const output = await spawn.spawn(bin, commandArgs, {
       cwd: target || '.'
     });
@@ -3394,7 +3455,8 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
         logger.logger.error(output.stderr);
         logger.logger.groupEnd();
       }
-      process.exit(1);
+      process.exitCode = 1;
+      return;
     }
     logger.logger.success('Executed gradle successfully');
     logger.logger.log('Reported exports:');
@@ -3431,14 +3493,15 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     //   spinner.successAndStop(`OK. File should be available in \`${out}\``)
     // }
   } catch (e) {
-    spinner.stop();
-    logger.logger.error('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    spinner.errorAndStop('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
     if (verbose) {
       logger.logger.group('[VERBOSE] error:');
       logger.logger.log(e);
       logger.logger.groupEnd();
     }
-    process.exit(1);
+    process.exitCode = 1;
+  } finally {
+    spinner.stop();
   }
 }
 
@@ -3606,8 +3669,9 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
     // logger.log(`- dst dir: \`${out}\``)
     logger.logger.groupEnd();
   }
-  spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
   try {
+    spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
+
     // Run sbt with the init script we provide which should yield zero or more
     // pom files. We have to figure out where to store those pom files such that
     // we can upload them and predict them through the GitHub API. We could do a
@@ -3630,7 +3694,8 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
         logger.logger.error(output.stderr);
         logger.logger.groupEnd();
       }
-      process.exit(1);
+      process.exitCode = 1;
+      return;
     }
     const poms = [];
     output.stdout.replace(/Wrote (.*?.pom)\n/g, (_all, fn) => {
@@ -3639,7 +3704,8 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
     });
     if (!poms.length) {
       logger.logger.error('There were no errors from sbt but it seems to not have generated any poms either');
-      process.exit(1);
+      process.exitCode = 1;
+      return;
     }
     // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
     // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
@@ -3653,7 +3719,8 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
       logger.logger.error('Requested out target was stdout but there are multiple generated files');
       poms.forEach(fn => logger.logger.error('-', fn));
       logger.logger.error('Exiting now...');
-      process.exit(1);
+      process.exitCode = 1;
+      return;
     } else {
       // if (verbose) {
       //   logger.log(
@@ -3669,14 +3736,15 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
       logger.logger.success(`OK`);
     }
   } catch (e) {
-    spinner.stop();
-    logger.logger.error('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    spinner?.errorAndStop('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
     if (verbose) {
       logger.logger.group('[VERBOSE] error:');
       logger.logger.log(e);
       logger.logger.groupEnd();
     }
-    process.exit(1);
+    process.exitCode = 1;
+  } finally {
+    spinner.stop();
   }
 }
 
@@ -5484,13 +5552,10 @@ const config$f = {
   description: `Temporarily disable the Socket ${NPM} wrapper`,
   hidden: false,
   flags: {},
-  help: (command, config) => `
+  help: command => `
     Usage
       $ ${command} <command>
 
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
     Examples
       $ ${command} install
   `
@@ -5541,13 +5606,10 @@ const config$e = {
   description: `Temporarily disable the Socket ${NPX} wrapper`,
   hidden: false,
   flags: {},
-  help: (command, config) => `
+  help: command => `
     Usage
       $ ${command} <command>
 
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
     Examples
       $ ${command} install
   `
@@ -5594,10 +5656,8 @@ async function createReport(socketConfig, inputPaths, {
       cause
     });
   });
-  const packagePaths = await npmPaths.getPackageFiles(cwd, inputPaths, socketConfig, supportedFiles);
-  const {
-    length: packagePathsCount
-  } = packagePaths;
+  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, inputPaths, supportedFiles, socketConfig);
+  const packagePathsCount = packagePaths.length;
   if (packagePathsCount && debug.isDebug()) {
     for (const pkgPath of packagePaths) {
       debug.debugLog(`Uploading: ${pkgPath}`);
@@ -5718,7 +5778,7 @@ const {
 } = constants;
 const config$d = {
   commandName: 'create',
-  description: 'Create a project report',
+  description: '[Deprecated] Create a project report',
   hidden: false,
   flags: {
     ...commonFlags,
@@ -5736,27 +5796,9 @@ const config$d = {
       description: 'Will wait for and return the created report'
     }
   },
-  help: (command, config) => `
-    Usage
-      $ ${command} <paths-to-package-folders-and-files>
-
-    Uploads the specified "package.json" and lock files for JavaScript, Python, and Go dependency manifests.
-    If any folder is specified, the ones found in there recursively are uploaded.
-
-    Supports globbing such as "**/package.json", "**/requirements.txt", "**/pyproject.toml", and "**/go.mod".
-
-    Ignores any file specified in your project's ".gitignore", your project's
-    "socket.yml" file's "projectIgnorePaths" and also has a sensible set of
-    default ignores from the "ignore-by-default" module.
-
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
-    Examples
-      $ ${command} .
-      $ ${command} '**/package.json'
-      $ ${command} /path/to/a/package.json /path/to/another/package.json
-      $ ${command} . --view --json
+  help: () => `
+    This command is deprecated in favor of \`socket scan create\`.
+    It will be removed in the next major release of the CLI.
   `
 };
 const cmdReportCreate = {
@@ -5821,22 +5863,16 @@ const {
 } = constants;
 const config$c = {
   commandName: 'view',
-  description: 'View a project report',
+  description: '[Deprecated] View a project report',
   hidden: false,
   flags: {
     ...commonFlags,
     ...outputFlags,
     ...validationFlags
   },
-  help: (command, config) => `
-    Usage
-      $ ${command} <report-identifier>
-
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
-    Examples
-      $ ${command} QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
+  help: () => `
+    This command is deprecated in favor of \`socket scan view\`.
+    It will be removed in the next major release of the CLI.
   `
 };
 const cmdReportView = {
@@ -5884,6 +5920,8 @@ async function run$c(argv, importMeta, {
 const description$2 = '[Deprecated] Project report related commands';
 const cmdReport = {
   description: description$2,
+  hidden: true,
+  // Deprecated in favor of `scan`
   async run(argv, importMeta, {
     parentName
   }) {
@@ -6708,39 +6746,46 @@ async function createFullScan({
     targets = received ?? [];
     updatedInput = true;
   }
-  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, targets, supportedFiles);
+
+  // // TODO: we'll probably use socket.json or something else soon...
+  // const absoluteConfigPath = path.join(cwd, 'socket.yml')
+  // const socketConfig = await getSocketConfig(absoluteConfigPath)
+
+  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, targets, supportedFiles
+  // socketConfig
+  );
 
   // We're going to need an api token to suggest data because those suggestions
   // must come from data we already know. Don't error on missing api token yet.
   // If the api-token is not set, ignore it for the sake of suggestions.
   const apiToken = index.getDefaultToken();
-  if (apiToken && !orgSlug) {
-    const suggestion = await suggestOrgSlug(socketSdk);
-    if (suggestion) orgSlug = suggestion;
-    updatedInput = true;
-  }
 
   // If the current cwd is unknown and is used as a repo slug anyways, we will
   // first need to register the slug before we can use it.
   let repoDefaultBranch = '';
-
-  // (Don't bother asking for the rest if we didn't get an org slug above)
-  if (apiToken && orgSlug && !repoName) {
-    const suggestion = await suggestRepoSlug(socketSdk, orgSlug);
-    if (suggestion) {
-      ({
-        defaultBranch: repoDefaultBranch,
-        slug: repoName
-      } = suggestion);
+  if (apiToken) {
+    if (!orgSlug) {
+      const suggestion = await suggestOrgSlug(socketSdk);
+      if (suggestion) orgSlug = suggestion;
+      updatedInput = true;
+    }
+
+    // (Don't bother asking for the rest if we didn't get an org slug above)
+    if (orgSlug && !repoName) {
+      const suggestion = await suggestRepoSlug(socketSdk, orgSlug);
+      if (suggestion) {
+        repoDefaultBranch = suggestion.defaultBranch;
+        repoName = suggestion.slug;
+      }
+      updatedInput = true;
     }
-    updatedInput = true;
-  }
 
-  // (Don't bother asking for the rest if we didn't get an org/repo above)
-  if (apiToken && orgSlug && repoName && !branchName) {
-    const suggestion = await suggestBranchSlug(repoDefaultBranch);
-    if (suggestion) branchName = suggestion;
-    updatedInput = true;
+    // (Don't bother asking for the rest if we didn't get an org/repo above)
+    if (orgSlug && repoName && !branchName) {
+      const suggestion = await suggestBranchSlug(repoDefaultBranch);
+      if (suggestion) branchName = suggestion;
+      updatedInput = true;
+    }
   }
   if (!orgSlug || !repoName || !branchName || !packagePaths.length) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
@@ -6775,7 +6820,7 @@ async function createFullScan({
     logger.logger.log('[ReadOnly] Bailing now');
     return;
   }
-  spinner.start('Creating a scan...');
+  spinner.start(`Creating a scan with ${packagePaths.length} packages...`);
   const result = await handleApiCall(socketSdk.createOrgFullScan(orgSlug, {
     repo: repoName,
     branch: branchName,
@@ -6875,13 +6920,29 @@ const config$6 = {
       shortFlag: 't',
       default: false,
       description: 'Set the visibility (true/false) of the scan in your dashboard'
+    },
+    view: {
+      type: 'boolean',
+      shortFlag: 'v',
+      default: true,
+      description: 'Will wait for and return the created report. Use --no-view to disable.'
     }
   },
+  // TODO: your project's "socket.yml" file's "projectIgnorePaths"
   help: (command, config) => `
     Usage
       $ ${command} [...options] <org> <TARGET> [TARGET...]
 
-    Where TARGET is a FILE or DIR that _must_ be inside the CWD.
+    Uploads the specified "package.json" and lock files for JavaScript, Python,
+    Go, Scala, Gradle, and Kotlin dependency manifests.
+    If any folder is specified, the ones found in there recursively are uploaded.
+
+    Supports globbing such as "**/package.json", "**/requirements.txt", etc.
+
+    Ignores any file specified in your project's ".gitignore" and also has a
+    sensible set of default ignores from the "ignore-by-default" module.
+
+    TARGET should be a FILE or DIR that _must_ be inside the CWD.
 
     When a FILE is given only that FILE is targeted. Otherwise any eligible
     files in the given DIR will be considered.
@@ -6913,7 +6974,8 @@ async function run$6(argv, importMeta, {
     branch: branchName,
     repo: repoName
   } = cli.flags;
-  const apiToken = index.getDefaultToken();
+  const apiToken = index.getDefaultToken(); // This checks if we _can_ suggest anything
+
   if (!apiToken && (!orgSlug || !repoName || !branchName || !targets.length)) {
     // Without api token we cannot recover because we can't request more info
     // from the server, to match and help with the current cwd/git status.
@@ -6959,7 +7021,14 @@ async function run$6(argv, importMeta, {
   });
 }
 
-async function deleteOrgFullScan(orgSlug, fullScanId, apiToken) {
+async function deleteOrgFullScan(orgSlug, fullScanId) {
+  const apiToken = index.getDefaultToken();
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await deleteOrgFullScanWithToken(orgSlug, fullScanId, apiToken);
+}
+async function deleteOrgFullScanWithToken(orgSlug, fullScanId, apiToken) {
   // Lazily access constants.spinner.
   const {
     spinner
@@ -7027,26 +7096,66 @@ async function run$5(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$5);
     return;
   }
+  await deleteOrgFullScan(orgSlug, fullScanId);
+}
+
+// @ts-ignore
+async function listFullScans({
+  direction,
+  from_time,
+  orgSlug,
+  outputKind,
+  page,
+  per_page,
+  sort
+}) {
   const apiToken = index.getDefaultToken();
   if (!apiToken) {
     throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await deleteOrgFullScan(orgSlug, fullScanId, apiToken);
+  await listFullScansWithToken({
+    apiToken,
+    direction,
+    from_time,
+    orgSlug,
+    outputKind,
+    page,
+    per_page,
+    sort
+  });
 }
-
-// @ts-ignore
-async function listFullScans(orgSlug, input, apiToken) {
+async function listFullScansWithToken({
+  apiToken,
+  direction,
+  from_time,
+  orgSlug,
+  outputKind,
+  page,
+  per_page,
+  sort
+}) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Listing scans...');
+  spinner.start('Fetching list of scans...');
   const socketSdk = await index.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, input), 'Listing scans');
+  const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, {
+    sort,
+    direction,
+    per_page,
+    page,
+    from: from_time
+  }), 'Listing scans');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgFullScanList', result, spinner);
     return;
   }
+  spinner.stop(`Fetch complete`);
+  if (outputKind === 'json') {
+    logger.logger.log(result.data);
+    return;
+  }
   const options = {
     columns: [{
       field: 'id',
@@ -7074,7 +7183,6 @@ async function listFullScans(orgSlug, input, apiToken) {
       branch: d.branch
     };
   });
-  spinner.stop(`Listing scans for: ${orgSlug}`);
   logger.logger.log(chalkTable(options, formattedResults));
 }
 
@@ -7165,39 +7273,55 @@ async function run$4(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$4);
     return;
   }
+  await listFullScans({
+    direction: String(cli.flags['direction'] || ''),
+    from_time: String(cli.flags['fromTime'] || ''),
+    orgSlug,
+    outputKind: cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print',
+    page: Number(cli.flags['page'] || 1),
+    per_page: Number(cli.flags['perPage'] || 30),
+    sort: String(cli.flags['sort'] || '')
+  });
+}
+
+async function getOrgScanMetadata(orgSlug, scanId, outputKind) {
   const apiToken = index.getDefaultToken();
   if (!apiToken) {
     throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await listFullScans(orgSlug,
-  // TODO: refine this object to what we need
-  {
-    outputJson: cli.flags['json'],
-    outputMarkdown: cli.flags['markdown'],
-    orgSlug,
-    sort: cli.flags['sort'],
-    direction: cli.flags['direction'],
-    per_page: cli.flags['perPage'],
-    page: cli.flags['page'],
-    from_time: cli.flags['fromTime'],
-    until_time: cli.flags['untilTime']
-  }, apiToken);
+  await getOrgScanMetadataWithToken(orgSlug, scanId, apiToken, outputKind);
 }
-
-async function getOrgScanMetadata(orgSlug, scanId, apiToken) {
+async function getOrgScanMetadataWithToken(orgSlug, scanId, apiToken, outputKind) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start("Getting scan's metadata...");
+  spinner.start('Fetching meta data for a full scan...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrgFullScanMetadata(orgSlug, scanId), 'Listing scans');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgFullScanMetadata', result, spinner);
     return;
   }
-  spinner.stop('Scan metadata:');
-  logger.logger.log(result.data);
+  spinner?.successAndStop('Fetched the meta data\n');
+  if (outputKind === 'json') {
+    logger.logger.log(result.data);
+  } else {
+    // Markdown = print
+    if (outputKind === 'markdown') {
+      logger.logger.log('# Scan meta data\n');
+    }
+    logger.logger.log(`Scan ID: ${scanId}\n`);
+    for (const [key, value] of Object.entries(result.data)) {
+      if (['id', 'updated_at', 'organization_id', 'repository_id', 'commit_hash', 'html_report_url'].includes(key)) continue;
+      logger.logger.log(`- ${key}:`, value);
+    }
+    if (outputKind === 'markdown') {
+      logger.logger.log(`\nYou can view this report at: [${result.data.html_report_url}](${result.data.html_report_url})\n`);
+    } else {
+      logger.logger.log(`\nYou can view this report at: ${result.data.html_report_url}]\n`);
+    }
+  }
 }
 
 const {
@@ -7253,35 +7377,106 @@ async function run$3(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$3);
     return;
   }
+  await getOrgScanMetadata(orgSlug, fullScanId, cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print');
+}
+
+async function streamFullScan(orgSlug, fullScanId, file) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
   const apiToken = index.getDefaultToken();
   if (!apiToken) {
     throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await getOrgScanMetadata(orgSlug, fullScanId, apiToken);
+  spinner.start('Fetching scan...');
+  const socketSdk = await index.setupSdk(apiToken);
+  const data = await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file === '-' ? undefined : file), 'Fetching a scan');
+  if (!data?.success) {
+    handleUnsuccessfulApiResponse('getOrgFullScan', data, spinner);
+    return;
+  }
+  spinner?.successAndStop(file ? `Full scan details written to ${file}` : 'stdout');
+  return data;
 }
 
-async function getFullScan(orgSlug, fullScanId, file, apiToken) {
+async function getFullScan(orgSlug, fullScanId) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Streaming scan...');
-  const socketSdk = await index.setupSdk(apiToken);
-  const data = await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file === '-' ? undefined : file), 'Streaming a scan');
-  if (data?.success) {
-    spinner.stop(file ? `Full scan details written to ${file}` : '');
-  } else {
-    handleUnsuccessfulApiResponse('getOrgFullScan', data, spinner);
+  const apiToken = index.getDefaultToken();
+  if (!apiToken) {
+    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  spinner.start('Fetching full-scan...');
+  const response = await queryAPI(`orgs/${orgSlug}/full-scans/${encodeURIComponent(fullScanId)}`, apiToken);
+  spinner.stop('Fetch complete.');
+  if (!response.ok) {
+    const err = await handleAPIError(response.status);
+    logger.logger.error(`${colors.bgRed(colors.white(response.statusText))}: Fetch error: ${err}`);
+    return;
   }
+
+  // This is nd-json; each line is a json object
+  const jsons = await response.text();
+  const lines = jsons.split('\n').filter(Boolean);
+  const data = lines.map(line => {
+    try {
+      return JSON.parse(line);
+    } catch {
+      console.error('At least one line item was returned that could not be parsed as JSON...');
+      return {};
+    }
+  });
   return data;
 }
 
+async function viewFullScan(orgSlug, fullScanId, filePath) {
+  const artifacts = await getFullScan(orgSlug, fullScanId);
+  if (!artifacts) return;
+  const display = artifacts.map(art => {
+    const author = Array.isArray(art.author) ? `${art.author[0]}${art.author.length > 1 ? ' et.al.' : ''}` : art.author;
+    return {
+      type: art.type,
+      name: art.name,
+      version: art.version,
+      author,
+      score: JSON.stringify(art.score)
+    };
+  });
+  const md = mdTable(display, ['type', 'version', 'name', 'author', 'score']);
+  const report = `
+# Scan Details
+
+These are the artifacts and their scores found.
+
+Sscan ID: ${fullScanId}
+
+${md}
+
+View this report at: https://socket.dev/dashboard/org/${orgSlug}/sbom/${fullScanId}
+  `.trim() + '\n';
+  if (filePath && filePath !== '-') {
+    try {
+      await fs$1.writeFile(filePath, report, 'utf8');
+      logger.logger.log(`Data successfully written to ${filePath}`);
+    } catch (e) {
+      logger.logger.error('There was an error trying to write the json to disk');
+      logger.logger.error(e);
+      process.exitCode = 1;
+    }
+  } else {
+    logger.logger.log(report);
+  }
+}
+
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$2
 } = constants;
 const config$2 = {
-  commandName: 'stream',
-  description: 'Stream the output of a scan',
+  commandName: 'view',
+  description: 'View the raw results of a scan',
   hidden: false,
   flags: {
     ...commonFlags,
@@ -7300,7 +7495,7 @@ const config$2 = {
       $ ${command} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 ./stream.txt
   `
 };
-const cmdScanStream = {
+const cmdScanView = {
   description: config$2.description,
   hidden: config$2.hidden,
   run: run$2
@@ -7333,14 +7528,14 @@ async function run$2(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$2);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  if (cli.flags['json']) {
+    await streamFullScan(orgSlug, fullScanId, file);
+  } else {
+    await viewFullScan(orgSlug, fullScanId, file);
   }
-  await getFullScan(orgSlug, fullScanId, file, apiToken);
 }
 
-const description = 'Scans related commands';
+const description = 'Full Scan related commands';
 const cmdScan = {
   description,
   async run(argv, importMeta, {
@@ -7348,11 +7543,19 @@ const cmdScan = {
   }) {
     await meowWithSubcommands({
       create: cmdScanCreate,
-      stream: cmdScanStream,
       list: cmdScanList,
       del: cmdScanDel,
-      metadata: cmdScanMetadata
+      metadata: cmdScanMetadata,
+      view: cmdScanView
     }, {
+      aliases: {
+        // Backwards compat. TODO: Drop next major bump
+        stream: {
+          description: cmdScanView.description,
+          hidden: true,
+          argv: ['view'] // Original args will be appended (!)
+        }
+      },
       argv,
       description,
       importMeta,
@@ -7791,5 +7994,5 @@ void (async () => {
     await index.captureException(e);
   }
 })();
-//# debugId=e6a98767-74ff-4fd4-a15e-82ce65af55f8
+//# debugId=4fe0e5e5-54cb-444b-88dc-36bf76ff766a
 //# sourceMappingURL=cli.js.map