@socketsecurity/cli-with-sentry 0.14.55 → 0.14.57

package/dist/require/cli.js

@@ -23,7 +23,7 @@ var events = require('node:events');
 var fs = require('node:fs');
 var path = require('node:path');
 var ndjson = _socketInterop(require('ndjson'));
-var index = require('./index.js');
+var shadowNpmInject = require('./shadow-npm-inject.js');
 var constants = require('./constants.js');
 var objects = require('@socketsecurity/registry/lib/objects');
 var regexps = require('@socketsecurity/registry/lib/regexps');
@@ -34,10 +34,11 @@ var contrib = _socketInterop(require('blessed-contrib'));
 var prompts = require('@socketsecurity/registry/lib/prompts');
 var yargsParse = _socketInterop(require('yargs-parser'));
 var words = require('@socketsecurity/registry/lib/words');
-var npm = require('@socketsecurity/registry/lib/npm');
+var shadowBin = require('./shadow-bin.js');
 var chalkTable = _socketInterop(require('chalk-table'));
 var require$$0$1 = require('node:util');
 var registry = require('@socketsecurity/registry');
+var npm = require('@socketsecurity/registry/lib/npm');
 var packages = require('@socketsecurity/registry/lib/packages');
 var registryConstants = require('@socketsecurity/registry/lib/constants');
 var isInteractive = require('@socketregistry/is-interactive/index.cjs');
@@ -54,7 +55,7 @@ var sorts = require('@socketsecurity/registry/lib/sorts');
 var strings = require('@socketsecurity/registry/lib/strings');
 var yaml = _socketInterop(require('yaml'));
 var debug = require('@socketsecurity/registry/lib/debug');
-var npmPaths = require('./npm-paths.js');
+var shadowNpmPaths = require('./shadow-npm-paths.js');
 var betterAjvErrors = _socketInterop(require('@apideck/better-ajv-errors'));
 var config$A = require('@socketsecurity/config');
 var assert = require('node:assert');
@@ -836,7 +837,7 @@ function getIgnoreOptions({
           ignoreCommands.push(data);
         }
       } catch (e) {
-        logger.logger.error(`Unable to process ignore command for ${comment}`);
+        logger.logger.fail(`Unable to process ignore command for ${comment}`);
         logger.logger.error(e);
       }
     }
@@ -1222,7 +1223,7 @@ function securityCommentTemplate(diff) {
 // TODO: is this a github action handler?
 async function runAction(githubEventBefore, githubEventAfter) {
   //TODO
-  const socket = new sdk.SocketSdk(index.getDefaultToken());
+  const socket = new sdk.SocketSdk(shadowNpmInject.getDefaultToken());
   const git = simpleGit.simpleGit();
   const changedFiles = (await git.diff(process.env['GITHUB_EVENT_NAME'] === 'pull_request' ? ['--name-only', 'HEAD^1', 'HEAD'] : ['--name-only', githubEventBefore, githubEventAfter])).split('\n');
   logger.logger.log({
@@ -1287,15 +1288,14 @@ async function runAction(githubEventBefore, githubEventAfter) {
 const {
   API_V0_URL
 } = constants;
-function handleUnsuccessfulApiResponse(_name, result, spinner) {
+function handleUnsuccessfulApiResponse(_name, result) {
   // SocketSdkErrorType['error'] is not typed.
   const resultErrorMessage = result.error?.message;
   const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
   if (result.status === 401 || result.status === 403) {
-    spinner.stop();
-    throw new index.AuthError(message);
+    throw new shadowNpmInject.AuthError(message);
   }
-  spinner.errorAndStop(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
+  logger.logger.fail(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
   process$1.exit(1);
 }
 async function handleApiCall(value, description) {
@@ -1474,8 +1474,8 @@ async function meowWithSubcommands(subcommands, options) {
     autoHelp: false // otherwise we can't exit(0)
   });
   if (!cli.flags['help'] && cli.flags['dryRun']) {
-    logger.logger.log(`${DRY_RUN_LABEL$1}: No-op, call a sub-command; ok`);
     process.exitCode = 0;
+    logger.logger.log(`${DRY_RUN_LABEL$1}: No-op, call a sub-command; ok`);
   } else {
     cli.showHelp();
   }
@@ -1516,9 +1516,9 @@ function meowOrExit({
 }
 function getAsciiHeader(command) {
   const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['SOCKET_CLI_VERSION_HASH']".
-  "0.14.55:51de259:b691b88f:pub";
+  "0.14.57:6783de7:236c7308:pub";
   const nodeVersion = process.version;
-  const apiToken = index.getSetting('apiToken');
+  const apiToken = shadowNpmInject.getSetting('apiToken');
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
   const relCwd = process.cwd().replace(new RegExp(`^${regexps.escapeRegExp(constants.homePath)}`, 'i'), '~/');
   const body = `
@@ -1591,10 +1591,10 @@ async function run$z(argv, importMeta, {
 }
 
 async function fetchOrgAnalyticsData(time, spinner, apiToken) {
-  const socketSdk = await index.setupSdk(apiToken);
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrgAnalytics(time.toString()), 'fetching analytics data');
   if (result.success === false) {
-    handleUnsuccessfulApiResponse('getOrgAnalytics', result, spinner);
+    handleUnsuccessfulApiResponse('getOrgAnalytics', result);
     return undefined;
   }
   spinner.stop();
@@ -1606,10 +1606,10 @@ async function fetchOrgAnalyticsData(time, spinner, apiToken) {
 }
 
 async function fetchRepoAnalyticsData(repo, time, spinner, apiToken) {
-  const socketSdk = await index.setupSdk(apiToken);
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getRepoAnalytics(repo, time.toString()), 'fetching analytics data');
   if (result.success === false) {
-    handleUnsuccessfulApiResponse('getRepoAnalytics', result, spinner);
+    handleUnsuccessfulApiResponse('getRepoAnalytics', result);
     return undefined;
   }
   spinner.stop();
@@ -1640,6 +1640,35 @@ function mdTableStringNumber(title1, title2, obj) {
   lines.push(`| ${'-'.repeat(mw1)} | ${'-'.repeat(mw2)} |`);
   return lines.join('\n');
 }
+function mdTable(logs,
+// This is saying "an array of strings and the strings are a valid key of elements of T"
+// In turn, T is defined above as the audit log event type from our OpenAPI docs.
+cols) {
+  // Max col width required to fit all data in that column
+  const cws = cols.map(col => col.length);
+  for (const log of logs) {
+    for (let i = 0; i < cols.length; ++i) {
+      // @ts-ignore
+      const val = log[cols[i] ?? ''] ?? '';
+      cws[i] = Math.max(cws[i] ?? 0, String(val).length);
+    }
+  }
+  let div = '|';
+  for (const cw of cws) div += ' ' + '-'.repeat(cw) + ' |';
+  let header = '|';
+  for (let i = 0; i < cols.length; ++i) header += ' ' + String(cols[i]).padEnd(cws[i] ?? 0, ' ') + ' |';
+  let body = '';
+  for (const log of logs) {
+    body += '|';
+    for (let i = 0; i < cols.length; ++i) {
+      // @ts-ignore
+      const val = log[cols[i] ?? ''] ?? '';
+      body += ' ' + String(val).padEnd(cws[i] ?? 0, ' ') + ' |';
+    }
+    body += '\n';
+  }
+  return [div, header, div, body.trim(), div].filter(s => !!s.trim()).join('\n');
+}
 
 // Note: Widgets does not seem to actually work as code :'(
 
@@ -1654,9 +1683,9 @@ async function displayAnalytics({
   scope,
   time
 }) {
-  const apiToken = index.getDefaultToken();
+  const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API token.');
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API token.');
   }
   await outputAnalyticsWithToken({
     apiToken,
@@ -1697,9 +1726,9 @@ async function outputAnalyticsWithToken({
         await fs$1.writeFile(filePath, serialized, 'utf8');
         logger.logger.log(`Data successfully written to ${filePath}`);
       } catch (e) {
-        logger.logger.error('There was an error trying to write the json to disk');
-        logger.logger.error(e);
         process.exitCode = 1;
+        logger.logger.fail('There was an error trying to write the json to disk');
+        logger.logger.error(e);
       }
     } else {
       logger.logger.log(serialized);
@@ -1727,9 +1756,9 @@ function renderJson(data) {
   try {
     return JSON.stringify(data, null, 2);
   } catch (e) {
-    // This could be caused by circular references, which is an "us" problem
-    logger.logger.error('There was a problem converting the data set to JSON. Please try without --json or with --markdown');
     process.exitCode = 1;
+    // This could be caused by circular references, which is an "us" problem
+    logger.logger.fail('There was a problem converting the data set to JSON. Please try without --json or with --markdown');
     return;
   }
 }
@@ -1964,7 +1993,7 @@ async function run$y(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Scope must be "repo" or "org" ${badScope ? colors.red('(bad!)') : colors.green('(ok)')}
 
@@ -1998,9 +2027,9 @@ async function getAuditLog({
   page,
   perPage
 }) {
-  const apiToken = index.getDefaultToken();
+  const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   const auditLogs = await getAuditLogWithToken({
     apiToken,
@@ -2044,8 +2073,8 @@ async function outputAsJson(auditLogs, orgSlug, logType, page, perPage) {
       })
     }, null, 2);
   } catch (e) {
-    logger.logger.error('There was a problem converting the logs to JSON, please try without the `--json` flag');
     process.exitCode = 1;
+    logger.logger.fail('There was a problem converting the logs to JSON, please try without the `--json` flag');
     return;
   }
   logger.logger.log(json);
@@ -2066,41 +2095,12 @@ These are the Socket.dev audit logs as per requested query.
 ${table}
 `);
   } catch (e) {
-    logger.logger.error('There was a problem converting the logs to JSON, please try without the `--json` flag');
-    logger.logger.error(e);
     process.exitCode = 1;
+    logger.logger.fail('There was a problem converting the logs to JSON, please try without the `--json` flag');
+    logger.logger.error(e);
     return;
   }
 }
-function mdTable(logs,
-// This is saying "an array of strings and the strings are a valid key of elements of T"
-// In turn, T is defined above as the audit log event type from our OpenAPI docs.
-cols) {
-  // Max col width required to fit all data in that column
-  const cws = cols.map(col => col.length);
-  for (const log of logs) {
-    for (let i = 0; i < cols.length; ++i) {
-      // @ts-ignore
-      const val = log[cols[i] ?? ''] ?? '';
-      cws[i] = Math.max(cws[i] ?? 0, String(val).length);
-    }
-  }
-  let div = '|';
-  for (const cw of cws) div += ' ' + '-'.repeat(cw) + ' |';
-  let header = '|';
-  for (let i = 0; i < cols.length; ++i) header += ' ' + String(cols[i]).padEnd(cws[i] ?? 0, ' ') + ' |';
-  let body = '';
-  for (const log of logs) {
-    body += '|';
-    for (let i = 0; i < cols.length; ++i) {
-      // @ts-ignore
-      const val = log[cols[i] ?? ''] ?? '';
-      body += ' ' + String(val).padEnd(cws[i] ?? 0, ' ') + ' |';
-    }
-    body += '\n';
-  }
-  return [div, header, div, body.trim(), div].filter(s => !!s.trim()).join('\n');
-}
 async function outputAsPrint(auditLogs, orgSlug, logType) {
   const data = [];
   const logDetails = {};
@@ -2139,7 +2139,7 @@ async function getAuditLogWithToken({
     spinner
   } = constants;
   spinner.start(`Looking up audit log for ${orgSlug}`);
-  const socketSdk = await index.setupSdk(apiToken);
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, {
     outputJson: outputKind === 'json',
     // I'm not sure this is used at all
@@ -2151,7 +2151,7 @@ async function getAuditLogWithToken({
     per_page: perPage
   }), `Looking up audit log for ${orgSlug}\n`);
   if (!result.success) {
-    handleUnsuccessfulApiResponse('getAuditLogEvents', result, spinner);
+    handleUnsuccessfulApiResponse('getAuditLogEvents', result);
     return;
   }
   spinner.stop();
@@ -2226,7 +2226,7 @@ async function run$x(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`
+    logger.logger.fail(commonTags.stripIndents`
       ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
     `);
@@ -2245,18 +2245,10 @@ async function run$x(argv, importMeta, {
   });
 }
 
-const {
-  SBOM_SIGN_ALGORITHM,
-  // Algorithm. Example: RS512
-  SBOM_SIGN_PRIVATE_KEY,
-  // Location to the RSA private key
-  SBOM_SIGN_PUBLIC_KEY // Optional. Location to the RSA public key
-} = process$1.env;
 const {
   NPM: NPM$e,
-  PNPM: PNPM$8,
-  cdxgenBinPath,
-  synpBinPath
+  NPX: NPX$3,
+  PNPM: PNPM$8
 } = constants;
 const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$e, PNPM$8, 'ts', 'tsx', 'typescript']);
 async function runCycloneDX(yargv) {
@@ -2268,21 +2260,13 @@ async function runCycloneDX(yargv) {
       // Use synp to create a package-lock.json from the yarn.lock,
       // based on the node_modules folder, for a more accurate SBOM.
       try {
-        await npm.runBin(await fs.promises.realpath(synpBinPath), ['--source-file', './yarn.lock']);
+        await shadowBin(NPX$3, ['synp@1.9.14', '--', '--source-file', './yarn.lock'], 2);
         yargv.type = NPM$e;
         cleanupPackageLock = true;
       } catch {}
     }
   }
-  await npm.runBin(await fs.promises.realpath(cdxgenBinPath), argvToArray(yargv), {
-    env: {
-      NODE_ENV: '',
-      SBOM_SIGN_ALGORITHM,
-      SBOM_SIGN_PRIVATE_KEY,
-      SBOM_SIGN_PUBLIC_KEY
-    },
-    stdio: 'inherit'
-  });
+  await shadowBin(NPX$3, ['@cyclonedx/cdxgen@11.2.0', '--', ...argvToArray(yargv)], 2);
   if (cleanupPackageLock) {
     try {
       await fs.promises.rm('./package-lock.json');
@@ -2428,7 +2412,7 @@ async function run$w(argv, importMeta, {
   //
   //
   // if (cli.input.length)
-  //   logger.error(
+  //   logger.fail(
   //     stripIndents`
   //       ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
   //
@@ -2452,7 +2436,7 @@ async function run$w(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process$1.exitCode = 2;
-    logger.logger.error(`Unknown ${words.pluralize('argument', unknownLength)}: ${yargv._.join(', ')}`);
+    logger.logger.fail(`Unknown ${words.pluralize('argument', unknownLength)}: ${yargv._.join(', ')}`);
     return;
   }
   if (yargv.output === undefined) {
@@ -2471,22 +2455,22 @@ async function findDependencies({
   offset,
   outputJson
 }) {
-  const apiToken = index.getDefaultToken();
+  const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
   spinner.start('Searching dependencies...');
-  const socketSdk = await index.setupSdk(apiToken);
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.searchDependencies({
     limit,
     offset
   }), 'Searching dependencies');
   if (!result.success) {
-    handleUnsuccessfulApiResponse('searchDependencies', result, spinner);
+    handleUnsuccessfulApiResponse('searchDependencies', result);
     return;
   }
   spinner.stop('Organization dependencies:');
@@ -2494,6 +2478,7 @@ async function findDependencies({
     logger.logger.log(result.data);
     return;
   }
+  logger.logger.log('Request details: Offset:', offset, ', limit:', limit, ', is there more data after this?', result.data.end ? 'no' : 'yes');
   const options = {
     columns: [{
       field: 'namespace',
@@ -2585,43 +2570,96 @@ async function run$v(argv, importMeta, {
 async function getDiffScan({
   after,
   before,
+  depth,
   file,
   orgSlug,
   outputJson
-}, apiToken) {
+}) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await getDiffScanWithToken({
+    after,
+    before,
+    depth,
+    file,
+    orgSlug,
+    outputJson,
+    apiToken
+  });
+}
+async function getDiffScanWithToken({
+  after,
+  apiToken,
+  before,
+  depth,
+  file,
+  orgSlug,
+  outputJson
+}) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
   spinner.start('Getting diff scan...');
-  const response = await queryAPI(`${orgSlug}/full-scans/diff?before=${before}&after=${after}&preview`, apiToken);
-  const data = await response.json();
+  const response = await queryAPI(`orgs/${orgSlug}/full-scans/diff?before=${encodeURIComponent(before)}&after=${encodeURIComponent(after)}`, apiToken);
   if (!response.ok) {
     const err = await handleAPIError(response.status);
     spinner.errorAndStop(`${colors.bgRed(colors.white(response.statusText))}: ${err}`);
     return;
   }
+  const result = await handleApiCall(await response.json(), 'Deserializing json');
   spinner.stop();
-  if (file && !outputJson) {
-    fs.writeFile(file, JSON.stringify(data), err => {
-      err ? logger.logger.error(err) : logger.logger.log(`Data successfully written to ${file}`);
-    });
-    return;
-  }
-  if (outputJson) {
-    logger.logger.log(`\n Diff scan result: \n`);
-    logger.logger.log(require$$0$1.inspect(data, {
-      showHidden: false,
-      depth: null,
-      colors: true
-    }));
-    logger.logger.log(`\n View this diff scan in the Socket dashboard: ${colors.cyan(data?.['diff_report_url'])}`);
+  const dashboardUrl = result?.['diff_report_url'];
+  const dashboardMessage = dashboardUrl ? `\n View this diff scan in the Socket dashboard: ${colors.cyan(dashboardUrl)}` : '';
+
+  // When forcing json, or dumping to file, serialize to string such that it
+  // won't get truncated. The only way to dump the full raw JSON to stdout is
+  // to use `--json --file -` (the dash is a standard notation for stdout)
+  if (outputJson || file) {
+    let json;
+    try {
+      json = JSON.stringify(result, null, 2);
+    } catch (e) {
+      process.exitCode = 1;
+      // Most likely caused by a circular reference (or OOM)
+      logger.logger.fail('There was a problem converting the data to JSON');
+      logger.logger.error(e);
+      return;
+    }
+    if (file && file !== '-') {
+      logger.logger.log(`Writing json to \`${file}\``);
+      fs.writeFile(file, JSON.stringify(result, null, 2), err => {
+        if (err) {
+          logger.logger.fail(`Writing to \`${file}\` failed...`);
+          logger.logger.error(err);
+        } else {
+          logger.logger.log(`Data successfully written to \`${file}\``);
+        }
+        logger.logger.error(dashboardMessage);
+      });
+    } else {
+      // TODO: expose different method for writing to stderr when simply dodging stdout
+      logger.logger.error(`\n Diff scan result: \n`);
+      logger.logger.log(json);
+      logger.logger.error(dashboardMessage);
+    }
     return;
   }
+
+  // In this case neither the --json nor the --file flag was passed
+  // Dump the JSON to CLI and let NodeJS deal with truncation
+
   logger.logger.log('Diff scan result:');
-  logger.logger.log(data);
+  logger.logger.log(require$$0$1.inspect(result, {
+    showHidden: false,
+    depth: depth > 0 ? depth : null,
+    colors: true,
+    maxArrayLength: null
+  }));
   logger.logger.log(`\n 📝 To display the detailed report in the terminal, use the --json flag \n`);
-  logger.logger.log(`\n View this diff scan in the Socket dashboard: ${colors.cyan(data?.['diff_report_url'])}`);
+  logger.logger.log(dashboardMessage);
 }
 
 const {
@@ -2633,36 +2671,44 @@ const config$u = {
   hidden: false,
   flags: {
     ...commonFlags,
+    after: {
+      type: 'string',
+      shortFlag: 'a',
+      default: '',
+      description: 'The full scan ID of the head scan'
+    },
     before: {
       type: 'string',
       shortFlag: 'b',
       default: '',
       description: 'The full scan ID of the base scan'
     },
-    after: {
-      type: 'string',
-      shortFlag: 'a',
-      default: '',
-      description: 'The full scan ID of the head scan'
+    depth: {
+      type: 'number',
+      default: 2,
+      description: 'Max depth of JSON to display before truncating, use zero for no limit (without --json/--file)'
     },
-    preview: {
+    json: {
       type: 'boolean',
-      shortFlag: 'p',
-      default: true,
-      description: 'A boolean flag to persist or not the diff scan result'
+      shortFlag: 'j',
+      default: false,
+      description: 'Output result as json. This can be big. Use --file to store it to disk without truncation.'
     },
     file: {
       type: 'string',
       shortFlag: 'f',
       default: '',
-      description: 'Path to a local file where the output should be saved'
-    },
-    ...outputFlags
+      description: 'Path to a local file where the output should be saved. Use `-` to force stdout.'
+    }
   },
   help: (command, config) => `
     Usage
       $ ${command} <org slug> --before=<before> --after=<after>
 
+    This command displays the package changes between two scans. The full output
+    can be pretty large depending on the size of your repo and time range. It is
+    best stored to disk to be further analyzed by other tools.
+
     Options
       ${getFlagListOutput(config.flags, 6)}
 
@@ -2692,9 +2738,10 @@ async function run$u(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
+    logger.logger.fail(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
       - Specify a before and after full scan ID ${!before && !after ? colors.red('(missing before and after!)') : !before ? colors.red('(missing before!)') : !after ? colors.red('(missing after!)') : colors.green('(ok)')}\n
           - To get full scans IDs, you can run the command "socket scan list <your org slug>".
+            The args are expecting a full \`aaa0aa0a-aaaa-0000-0a0a-0000000a00a0\` ID.\n
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}\n`);
     return;
   }
@@ -2702,24 +2749,24 @@ async function run$u(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$t);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
   await getDiffScan({
     outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
     before,
     after,
-    preview: Boolean(cli.flags['preview']),
+    depth: Number(cli.flags['depth']),
     orgSlug,
     file: String(cli.flags['file'] || '')
-  }, apiToken);
+  });
 }
 
 const description$3 = 'Diff scans related commands';
 const cmdDiffScan = {
   description: description$3,
+  // Hidden because it was broken all this time (nobody could be using it)
+  // and we're not sure if it's useful to anyone in its current state.
+  // Until we do, we'll hide this to keep the help tidier.
+  // And later, we may simply move this under `scan`, anyways.
+  hidden: true,
   async run(argv, importMeta, {
     parentName
   }) {
@@ -2754,17 +2801,17 @@ async function runFix() {
   });
   // const agentDetails = await detect()
 
-  const arb = new index.SafeArborist({
+  const arb = new shadowNpmInject.SafeArborist({
     path: cwd,
-    ...index.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
+    ...shadowNpmInject.SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES
   });
   await arb.reify();
-  const alerts = await index.getPackagesAlerts(arb, {
+  const alerts = await shadowNpmInject.getPackagesAlerts(arb, {
     consolidate: true,
     includeExisting: true,
     includeUnfixable: false
   });
-  const infoByPkg = index.getCveInfoByPackage(alerts);
+  const infoByPkg = shadowNpmInject.getCveInfoByPackage(alerts);
   await arb.buildIdealTree();
   if (infoByPkg) {
     for (const {
@@ -2781,7 +2828,7 @@ async function runFix() {
         spinner.info(`Skipping ${name}. Socket Optimize package exists.`);
         continue;
       }
-      const nodes = index.findPackageNodes(tree, name);
+      const nodes = shadowNpmInject.findPackageNodes(tree, name);
       const packument = nodes.length && infos.length ?
       // eslint-disable-next-line no-await-in-loop
       await packages.fetchPackagePackument(name) : null;
@@ -2800,7 +2847,7 @@ async function runFix() {
             const {
               version: oldVersion
             } = node;
-            if (index.updateNode(node, packument, vulnerableVersionRange)) {
+            if (shadowNpmInject.updateNode(node, packument, vulnerableVersionRange)) {
               try {
                 // eslint-disable-next-line no-await-in-loop
                 await npm.runScript('test', [], {
@@ -2831,7 +2878,7 @@ async function runFix() {
       }
     }
   }
-  const arb2 = new index.Arborist({
+  const arb2 = new shadowNpmInject.Arborist({
     path: cwd
   });
   arb2.idealTree = arb.idealTree;
@@ -2951,15 +2998,15 @@ function getSeverityCount(issues, lowestToInclude) {
   return severityCount;
 }
 
-async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues, spinner) {
-  const socketSdk = await index.setupSdk(index.getPublicToken());
+async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
+  const socketSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package');
   const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score');
   if (result.success === false) {
-    return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result, spinner);
+    return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result);
   }
   if (scoreResult.success === false) {
-    return handleUnsuccessfulApiResponse('getScoreByNPMPackage', scoreResult, spinner);
+    return handleUnsuccessfulApiResponse('getScoreByNPMPackage', scoreResult);
   }
   const severityCount = getSeverityCount(result.data, includeAllIssues ? undefined : 'high');
   return {
@@ -2978,49 +3025,54 @@ function formatPackageInfo({
   severityCount
 }, {
   name,
-  outputJson,
-  outputMarkdown,
+  outputKind,
   pkgName,
-  pkgVersion,
-  strict
-}, spinner) {
-  if (outputJson) {
+  pkgVersion
+}) {
+  if (outputKind === 'json') {
     logger.logger.log(JSON.stringify(data, undefined, 2));
+    return;
+  }
+  if (outputKind === 'markdown') {
+    logger.logger.log(`\n# Package report for ${pkgName}\n`);
+    logger.logger.log('Package report card:\n');
   } else {
-    logger.logger.log('\nPackage report card:');
-    const scoreResult = {
-      'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
-      Maintenance: Math.floor(score.maintenance.score * 100),
-      Quality: Math.floor(score.quality.score * 100),
-      Vulnerabilities: Math.floor(score.vulnerability.score * 100),
-      License: Math.floor(score.license.score * 100)
-    };
-    Object.entries(scoreResult).map(score => logger.logger.log(`- ${score[0]}: ${formatScore(score[1])}`));
-    logger.logger.log('\n');
-    if (objectSome(severityCount)) {
-      spinner[strict ? 'error' : 'success'](`Package has these issues: ${formatSeverityCount(severityCount)}`);
-      formatPackageIssuesDetails(data, outputMarkdown);
-    } else {
-      spinner.successAndStop('Package has no issues');
-    }
-    const format = new index.ColorOrMarkdown(!!outputMarkdown);
-    const url = index.getSocketDevPackageOverviewUrl(NPM$c, pkgName, pkgVersion);
-    logger.logger.log('\n');
-    if (pkgVersion === 'latest') {
-      logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName}`, url, {
-        fallbackToUrl: true
-      })}`);
-    } else {
-      logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName} v${pkgVersion}`, url, {
-        fallbackToUrl: true
-      })}`);
-    }
-    if (!outputMarkdown) {
-      logger.logger.log(colors.dim(`\nOr rerun ${colors.italic(name)} using the ${colors.italic('--json')} flag to get full JSON output`));
+    logger.logger.log(`\nPackage report card for ${pkgName}:\n`);
+  }
+  const scoreResult = {
+    'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
+    Maintenance: Math.floor(score.maintenance.score * 100),
+    Quality: Math.floor(score.quality.score * 100),
+    Vulnerabilities: Math.floor(score.vulnerability.score * 100),
+    License: Math.floor(score.license.score * 100)
+  };
+  Object.entries(scoreResult).map(score => logger.logger.log(`- ${score[0]}: ${formatScore(score[1])}`));
+  logger.logger.log('\n');
+  if (objectSome(severityCount)) {
+    if (outputKind === 'markdown') {
+      logger.logger.log('# Issues\n');
     }
+    logger.logger.log(`Package has these issues: ${formatSeverityCount(severityCount)}\n`);
+    formatPackageIssuesDetails(data, outputKind === 'markdown');
+  } else {
+    logger.logger.log('Package has no issues');
   }
-  if (strict && objectSome(severityCount)) {
-    process$1.exit(1);
+  const format = new shadowNpmInject.ColorOrMarkdown(outputKind === 'markdown');
+  const url = shadowNpmInject.getSocketDevPackageOverviewUrl(NPM$c, pkgName, pkgVersion);
+  logger.logger.log('\n');
+  if (pkgVersion === 'latest') {
+    logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName}`, url, {
+      fallbackToUrl: true
+    })}`);
+  } else {
+    logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName} v${pkgVersion}`, url, {
+      fallbackToUrl: true
+    })}`);
+  }
+  if (outputKind !== 'markdown') {
+    logger.logger.log(colors.dim(`\nOr rerun ${colors.italic(name)} using the ${colors.italic('--json')} flag to get full JSON output`));
+  } else {
+    logger.logger.log('');
   }
 }
 function formatPackageIssuesDetails(packageData, outputMarkdown) {
@@ -3041,9 +3093,9 @@ function formatPackageIssuesDetails(packageData, outputMarkdown) {
     }
     return acc;
   }, {});
-  const format = new index.ColorOrMarkdown(!!outputMarkdown);
+  const format = new shadowNpmInject.ColorOrMarkdown(outputMarkdown);
   for (const issue of Object.keys(uniqueIssues)) {
-    const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, index.getSocketDevAlertUrl(issue), {
+    const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, shadowNpmInject.getSocketDevAlertUrl(issue), {
       fallbackToUrl: true
     });
     if (uniqueIssues[issue]?.count === 1) {
@@ -3065,8 +3117,7 @@ function formatScore(score) {
 async function getPackageInfo({
   commandName,
   includeAllIssues,
-  outputJson,
-  outputMarkdown,
+  outputKind,
   pkgName,
   pkgVersion,
   strict
@@ -3076,16 +3127,19 @@ async function getPackageInfo({
     spinner
   } = constants;
   spinner.start(pkgVersion === 'latest' ? `Looking up data for the latest version of ${pkgName}` : `Looking up data for version ${pkgVersion} of ${pkgName}`);
-  const packageData = await fetchPackageInfo(pkgName, pkgVersion, includeAllIssues, spinner);
+  const packageData = await fetchPackageInfo(pkgName, pkgVersion, includeAllIssues);
+  spinner.successAndStop('Data fetched');
   if (packageData) {
     formatPackageInfo(packageData, {
       name: commandName,
-      outputJson,
-      outputMarkdown,
+      outputKind,
       pkgName,
-      pkgVersion,
-      strict
-    }, spinner);
+      pkgVersion
+    });
+    if (strict && objectSome(packageData.severityCount)) {
+      // Let NodeJS exit gracefully but with exit(1)
+      process$1.exitCode = 1;
+    }
   }
 }
 
@@ -3127,13 +3181,19 @@ async function run$s(argv, importMeta, {
     importMeta,
     parentName
   });
+  const {
+    all,
+    json,
+    markdown,
+    strict
+  } = cli.flags;
   const [rawPkgName = ''] = cli.input;
   if (!rawPkgName || cli.input.length > 1) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
+    logger.logger.fail(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
       - Expecting a package name ${!rawPkgName ? colors.red('(missing!)') : colors.green('(ok)')}\n
       - Can only accept one package at a time ${cli.input.length > 1 ? colors.red('(got ' + cli.input.length + '!)') : colors.green('(ok)')}\n`);
     return;
@@ -3147,28 +3207,27 @@ async function run$s(argv, importMeta, {
   }
   await getPackageInfo({
     commandName: `${parentName} ${config$s.commandName}`,
-    includeAllIssues: Boolean(cli.flags['all']),
-    outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
+    includeAllIssues: Boolean(all),
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
     pkgName,
     pkgVersion,
-    strict: Boolean(cli.flags['strict'])
+    strict: Boolean(strict)
   });
 }
 
 function applyLogin(apiToken, enforcedOrgs, apiBaseUrl, apiProxy) {
-  index.updateSetting('enforcedOrgs', enforcedOrgs);
-  index.updateSetting('apiToken', apiToken);
-  index.updateSetting('apiBaseUrl', apiBaseUrl);
-  index.updateSetting('apiProxy', apiProxy);
+  shadowNpmInject.updateSetting('enforcedOrgs', enforcedOrgs);
+  shadowNpmInject.updateSetting('apiToken', apiToken);
+  shadowNpmInject.updateSetting('apiBaseUrl', apiBaseUrl);
+  shadowNpmInject.updateSetting('apiProxy', apiProxy);
 }
 
 const {
   SOCKET_PUBLIC_API_TOKEN
 } = constants;
 async function attemptLogin(apiBaseUrl, apiProxy) {
-  apiBaseUrl ??= index.getSetting('apiBaseUrl') ?? undefined;
-  apiProxy ??= index.getSetting('apiProxy') ?? undefined;
+  apiBaseUrl ??= shadowNpmInject.getSetting('apiBaseUrl') ?? undefined;
+  apiProxy ??= shadowNpmInject.getSetting('apiProxy') ?? undefined;
   const apiToken = (await prompts.password({
     message: `Enter your ${terminalLink('Socket.dev API key', 'https://docs.socket.dev/docs/api-keys')} (leave blank for a public key)`
   })) || SOCKET_PUBLIC_API_TOKEN;
@@ -3179,10 +3238,10 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
   spinner.start('Verifying API key...');
   let orgs;
   try {
-    const sdk = await index.setupSdk(apiToken, apiBaseUrl, apiProxy);
+    const sdk = await shadowNpmInject.setupSdk(apiToken, apiBaseUrl, apiProxy);
     const result = await sdk.getOrganizations();
     if (!result.success) {
-      throw new index.AuthError();
+      throw new shadowNpmInject.AuthError();
     }
     orgs = result.data;
     spinner.success('API key verified');
@@ -3223,12 +3282,13 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
       }
     }
   }
-  const oldToken = index.getSetting('apiToken');
+  spinner.stop();
+  const oldToken = shadowNpmInject.getSetting('apiToken');
   try {
     applyLogin(apiToken, enforcedOrgs, apiBaseUrl, apiProxy);
-    spinner.successAndStop(`API credentials ${oldToken ? 'updated' : 'set'}`);
+    logger.logger.success(`API credentials ${oldToken ? 'updated' : 'set'}`);
   } catch {
-    spinner.errorAndStop(`API login failed`);
+    logger.logger.fail(`API login failed`);
   }
 }
 
@@ -3285,16 +3345,16 @@ async function run$r(argv, importMeta, {
     return;
   }
   if (!isInteractive()) {
-    throw new index.InputError('Cannot prompt for credentials in a non-interactive shell');
+    throw new shadowNpmInject.InputError('Cannot prompt for credentials in a non-interactive shell');
   }
   await attemptLogin(apiBaseUrl, apiProxy);
 }
 
 function applyLogout() {
-  index.updateSetting('apiToken', null);
-  index.updateSetting('apiBaseUrl', null);
-  index.updateSetting('apiProxy', null);
-  index.updateSetting('enforcedOrgs', null);
+  shadowNpmInject.updateSetting('apiToken', null);
+  shadowNpmInject.updateSetting('apiBaseUrl', null);
+  shadowNpmInject.updateSetting('apiProxy', null);
+  shadowNpmInject.updateSetting('enforcedOrgs', null);
 }
 
 function attemptLogout() {
@@ -3302,7 +3362,7 @@ function attemptLogout() {
     applyLogout();
     logger.logger.success('Successfully logged out');
   } catch {
-    logger.logger.error('Failed to complete logout steps');
+    logger.logger.fail('Failed to complete logout steps');
   }
 }
 
@@ -3362,7 +3422,6 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     logger.logger.log(`- src dir: \`${target}\``);
     logger.logger.groupEnd();
   }
-  spinner.start(`Converting gradle to maven from \`${bin}\` on \`${target}\`...`);
   try {
     // Run sbt with the init script we provide which should yield zero or more pom files.
     // We have to figure out where to store those pom files such that we can upload them and predict them through the GitHub API.
@@ -3372,8 +3431,9 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     const initLocation = path.join(constants.rootDistPath, 'init.gradle');
     const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
     if (verbose) {
-      spinner.log('[VERBOSE] Executing:', bin, commandArgs);
+      logger.logger.log('[VERBOSE] Executing:', bin, commandArgs);
     }
+    spinner.start(`Converting gradle to maven from \`${bin}\` on \`${target}\`...`);
     const output = await spawn.spawn(bin, commandArgs, {
       cwd: target || '.'
     });
@@ -3384,14 +3444,15 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
       logger.logger.groupEnd();
     }
     if (output.stderr) {
-      logger.logger.error('There were errors while running gradle');
+      process.exitCode = 1;
+      logger.logger.fail('There were errors while running gradle');
       // (In verbose mode, stderr was printed above, no need to repeat it)
       if (!verbose) {
         logger.logger.group('[VERBOSE] stderr:');
         logger.logger.error(output.stderr);
         logger.logger.groupEnd();
       }
-      process.exit(1);
+      return;
     }
     logger.logger.success('Executed gradle successfully');
     logger.logger.log('Reported exports:');
@@ -3402,7 +3463,7 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
 
     // const loc = output.stdout?.match(/Wrote (.*?.pom)\n/)?.[1]?.trim()
     // if (!loc) {
-    //   logger.error(
+    //   logger.fail(
     //     'There were no errors from sbt but could not find the location of resulting .pom file either'
     //   )
     //   process.exit(1)
@@ -3428,14 +3489,14 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     //   spinner.successAndStop(`OK. File should be available in \`${out}\``)
     // }
   } catch (e) {
+    process.exitCode = 1;
     spinner.stop();
-    logger.logger.error('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    logger.logger.fail('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
     if (verbose) {
       logger.logger.group('[VERBOSE] error:');
       logger.logger.log(e);
       logger.logger.groupEnd();
     }
-    process.exit(1);
   }
 }
 
@@ -3545,7 +3606,7 @@ async function run$p(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - The DIR arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}
 
@@ -3603,8 +3664,9 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
     // logger.log(`- dst dir: \`${out}\``)
     logger.logger.groupEnd();
   }
-  spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
   try {
+    spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
+
     // Run sbt with the init script we provide which should yield zero or more
     // pom files. We have to figure out where to store those pom files such that
     // we can upload them and predict them through the GitHub API. We could do a
@@ -3620,14 +3682,15 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
       logger.logger.groupEnd();
     }
     if (output.stderr) {
-      logger.logger.error('There were errors while running sbt');
+      process.exitCode = 1;
+      logger.logger.fail('There were errors while running sbt');
       // (In verbose mode, stderr was printed above, no need to repeat it)
       if (!verbose) {
         logger.logger.group('[VERBOSE] stderr:');
         logger.logger.error(output.stderr);
         logger.logger.groupEnd();
       }
-      process.exit(1);
+      return;
     }
     const poms = [];
     output.stdout.replace(/Wrote (.*?.pom)\n/g, (_all, fn) => {
@@ -3635,22 +3698,24 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
       return fn;
     });
     if (!poms.length) {
-      logger.logger.error('There were no errors from sbt but it seems to not have generated any poms either');
-      process.exit(1);
+      process.exitCode = 1;
+      logger.logger.fail('There were no errors from sbt but it seems to not have generated any poms either');
+      return;
     }
     // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
     // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
     // TODO: maybe we can add an option to target a specific file to dump to stdout
     if (out === '-' && poms.length === 1) {
       logger.logger.log('Result:\n```');
-      logger.logger.log(await index.safeReadFile(poms[0], 'utf8'));
+      logger.logger.log(await shadowNpmInject.safeReadFile(poms[0], 'utf8'));
       logger.logger.log('```');
       logger.logger.success(`OK`);
     } else if (out === '-') {
-      logger.logger.error('Requested out target was stdout but there are multiple generated files');
+      process.exitCode = 1;
+      logger.logger.fail('Requested out target was stdout but there are multiple generated files');
       poms.forEach(fn => logger.logger.error('-', fn));
       logger.logger.error('Exiting now...');
-      process.exit(1);
+      return;
     } else {
       // if (verbose) {
       //   logger.log(
@@ -3666,14 +3731,14 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
       logger.logger.success(`OK`);
     }
   } catch (e) {
+    process.exitCode = 1;
     spinner.stop();
-    logger.logger.error('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    logger.logger.fail('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
     if (verbose) {
       logger.logger.group('[VERBOSE] error:');
       logger.logger.log(e);
       logger.logger.groupEnd();
     }
-    process.exit(1);
   }
 }
 
@@ -3781,7 +3846,7 @@ async function run$o(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - The DIR or FILE arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}
 
@@ -4041,7 +4106,7 @@ async function run$m(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - The DIR arg is required ${!target ? colors.red('(missing!)') : target === '-' ? colors.red('(stdin is not supported)') : colors.green('(ok)')}
 
@@ -4116,12 +4181,11 @@ async function run$l(argv, importMeta, {
 }
 
 const {
-  NPM: NPM$b,
-  SHADOW_BIN: SHADOW_BIN$1
+  NPM: NPM$b
 } = constants;
 async function wrapNpm(argv) {
-  // Lazily access constants.distPath.
-  const shadowBin = require(`${constants.distPath}/${SHADOW_BIN$1}.js`);
+  // Lazily access constants.distShadowNpmBinPath.
+  const shadowBin = require(constants.distShadowNpmBinPath);
   await shadowBin(NPM$b, argv);
 }
 
@@ -4162,12 +4226,11 @@ async function run$k(argv, importMeta, {
 }
 
 const {
-  NPX: NPX$2,
-  SHADOW_BIN
+  NPX: NPX$2
 } = constants;
 async function wrapNpx(argv) {
-  // Lazily access constants.distPath.
-  const shadowBin = require(`${constants.distPath}/${SHADOW_BIN}.js`);
+  // Lazily access constants.distShadowNpmBinPath.
+  const shadowBin = require(constants.distShadowNpmBinPath);
   await shadowBin(NPX$2, argv);
 }
 
@@ -4330,8 +4393,8 @@ const readLockFileByAgent = (() => {
       return undefined;
     };
   }
-  const binaryReader = wrapReader(index.readFileBinary);
-  const defaultReader = wrapReader(async lockPath => await index.readFileUtf8(lockPath));
+  const binaryReader = wrapReader(shadowNpmInject.readFileBinary);
+  const defaultReader = wrapReader(async lockPath => await shadowNpmInject.readFileUtf8(lockPath));
   return {
     [BUN$5]: wrapReader(async (lockPath, agentExecPath) => {
       const ext = path.extname(lockPath);
@@ -4363,12 +4426,12 @@ async function detectPackageEnvironment({
   cwd = process$1.cwd(),
   onUnknown
 } = {}) {
-  let lockPath = await index.findUp(Object.keys(LOCKS), {
+  let lockPath = await shadowNpmInject.findUp(Object.keys(LOCKS), {
     cwd
   });
   let lockName = lockPath ? path.basename(lockPath) : undefined;
   const isHiddenLockFile = lockName === '.package-lock.json';
-  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await index.findUp('package.json', {
+  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await shadowNpmInject.findUp('package.json', {
     cwd
   });
   const pkgPath = pkgJsonPath && fs.existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
@@ -4480,36 +4543,36 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
   const details = await detectPackageEnvironment({
     cwd,
     onUnknown(pkgManager) {
-      logger?.warn(`⚠️ ${COMMAND_TITLE$2}: Unknown package manager${pkgManager ? ` ${pkgManager}` : ''}, defaulting to npm`);
+      logger?.warn(`${COMMAND_TITLE$2}: Unknown package manager${pkgManager ? ` ${pkgManager}` : ''}, defaulting to npm`);
     }
   });
   if (!details.supported) {
-    logger?.error(`✖️ ${COMMAND_TITLE$2}: No supported Node or browser range detected`);
+    logger?.fail(`${COMMAND_TITLE$2}: No supported Node or browser range detected`);
     return;
   }
   if (details.agent === VLT$4) {
-    logger?.error(`✖️ ${COMMAND_TITLE$2}: ${details.agent} does not support overrides. Soon, though ⚡`);
+    logger?.fail(`${COMMAND_TITLE$2}: ${details.agent} does not support overrides. Soon, though ⚡`);
     return;
   }
   const lockName = details.lockName ?? 'lock file';
   if (details.lockName === undefined || details.lockSrc === undefined) {
-    logger?.error(`✖️ ${COMMAND_TITLE$2}: No ${lockName} found`);
+    logger?.fail(`${COMMAND_TITLE$2}: No ${lockName} found`);
     return;
   }
   if (details.lockSrc.trim() === '') {
-    logger?.error(`✖️ ${COMMAND_TITLE$2}: ${lockName} is empty`);
+    logger?.fail(`${COMMAND_TITLE$2}: ${lockName} is empty`);
     return;
   }
   if (details.pkgPath === undefined) {
-    logger?.error(`✖️ ${COMMAND_TITLE$2}: No package.json found`);
+    logger?.fail(`${COMMAND_TITLE$2}: No package.json found`);
     return;
   }
   if (prod && (details.agent === BUN$4 || details.agent === YARN_BERRY$4)) {
-    logger?.error(`✖️ ${COMMAND_TITLE$2}: --prod not supported for ${details.agent}${details.agentVersion ? `@${details.agentVersion.toString()}` : ''}`);
+    logger?.fail(`${COMMAND_TITLE$2}: --prod not supported for ${details.agent}${details.agentVersion ? `@${details.agentVersion.toString()}` : ''}`);
     return;
   }
   if (details.lockPath && path.relative(cwd, details.lockPath).startsWith('.')) {
-    logger?.warn(`⚠️ ${COMMAND_TITLE$2}: Package ${lockName} found at ${details.lockPath}`);
+    logger?.warn(`${COMMAND_TITLE$2}: Package ${lockName} found at ${details.lockPath}`);
   }
   return details;
 }
@@ -4613,7 +4676,7 @@ async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
   if (agent === PNPM$4) {
     for (const workspacePath of [path.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), path.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
       // eslint-disable-next-line no-await-in-loop
-      const yml = await index.safeReadFile(workspacePath, 'utf8');
+      const yml = await shadowNpmInject.safeReadFile(workspacePath, 'utf8');
       if (yml) {
         try {
           workspacePatterns = yaml.parse(yml)?.packages;
@@ -4958,8 +5021,8 @@ function safeNpmInstall(options) {
   constants.execPath, [
   // Lazily access constants.nodeNoWarningsFlags.
   ...constants.nodeNoWarningsFlags, '--require',
-  // Lazily access constants.npmInjectionPath.
-  constants.npmInjectionPath, npmPaths.getNpmBinPath(), 'install',
+  // Lazily access constants.distShadowNpmInjectPath.
+  constants.distShadowNpmInjectPath, shadowNpmPaths.getNpmBinPath(), 'install',
   // Even though the '--silent' flag is passed npm will still run through
   // code paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund'
   // flags are passed.
@@ -5046,7 +5109,7 @@ async function updatePackageLockJson(pkgEnvDetails, options) {
     }
   } catch (e) {
     spinner?.stop();
-    logger?.error(`${COMMAND_TITLE$1}: ${pkgEnvDetails.agent} install failed to update ${pkgEnvDetails.lockName}`);
+    logger?.fail(`${COMMAND_TITLE$1}: ${pkgEnvDetails.agent} install failed to update ${pkgEnvDetails.lockName}`);
     logger?.error(e);
   }
 }
@@ -5146,7 +5209,7 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
   const isWorkspace = !!workspaceGlobs;
   if (isWorkspace && agent === PNPM && npmExecPath === NPM$1 && !state.warnedPnpmWorkspaceRequiresNpm) {
     state.warnedPnpmWorkspaceRequiresNpm = true;
-    logger?.warn(`⚠️ ${COMMAND_TITLE}: pnpm workspace support requires \`npm ls\`, falling back to \`pnpm list\``);
+    logger?.warn(`${COMMAND_TITLE}: pnpm workspace support requires \`npm ls\`, falling back to \`pnpm list\``);
   }
   const thingToScan = isLockScanned ? lockSrc : await lsByAgent[agent](agentExecPath, pkgPath, {
     npmExecPath
@@ -5337,9 +5400,9 @@ async function run$h(argv, importMeta, {
 }
 
 async function getOrganization(format = 'text') {
-  const apiToken = index.getDefaultToken();
+  const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   await printOrganizationsFromToken(apiToken, format);
 }
@@ -5349,10 +5412,10 @@ async function printOrganizationsFromToken(apiToken, format = 'text') {
     spinner
   } = constants;
   spinner.start('Fetching organizations...');
-  const socketSdk = await index.setupSdk(apiToken);
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrganizations(), 'looking up organizations');
   if (!result.success) {
-    handleUnsuccessfulApiResponse('getOrganizations', result, spinner);
+    handleUnsuccessfulApiResponse('getOrganizations', result);
     return;
   }
   spinner.stop();
@@ -5443,7 +5506,7 @@ async function run$g(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`
+    logger.logger.fail(commonTags.stripIndents`
 ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
   - The json and markdown flags cannot be both set, pick one
@@ -5458,7 +5521,7 @@ ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields
 }
 
 async function runRawNpm(argv) {
-  const spawnPromise = spawn.spawn(npmPaths.getNpmBinPath(), argv, {
+  const spawnPromise = spawn.spawn(shadowNpmPaths.getNpmBinPath(), argv, {
     stdio: 'inherit'
   });
   // See https://nodejs.org/api/all.html#all_child_process_event-exit.
@@ -5481,13 +5544,10 @@ const config$f = {
   description: `Temporarily disable the Socket ${NPM} wrapper`,
   hidden: false,
   flags: {},
-  help: (command, config) => `
+  help: command => `
     Usage
       $ ${command} <command>
 
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
     Examples
       $ ${command} install
   `
@@ -5515,7 +5575,7 @@ async function run$f(argv, importMeta, {
 }
 
 async function runRawNpx(argv) {
-  const spawnPromise = spawn.spawn(npmPaths.getNpxBinPath(), argv, {
+  const spawnPromise = spawn.spawn(shadowNpmPaths.getNpxBinPath(), argv, {
     stdio: 'inherit'
   });
   // See https://nodejs.org/api/all.html#all_child_process_event-exit.
@@ -5538,13 +5598,10 @@ const config$e = {
   description: `Temporarily disable the Socket ${NPX} wrapper`,
   hidden: false,
   flags: {},
-  help: (command, config) => `
+  help: command => `
     Usage
       $ ${command} <command>
 
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
     Examples
       $ ${command} install
   `
@@ -5582,19 +5639,17 @@ async function createReport(socketConfig, inputPaths, {
   const {
     spinner
   } = constants;
-  const socketSdk = await index.setupSdk();
+  const socketSdk = await shadowNpmInject.setupSdk();
   const supportedFiles = await socketSdk.getReportSupportedFiles().then(res => {
-    if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res, spinner);
+    if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res);
     return res.data;
   }).catch(cause => {
     throw new Error('Failed getting supported files for report', {
       cause
     });
   });
-  const packagePaths = await npmPaths.getPackageFiles(cwd, inputPaths, socketConfig, supportedFiles);
-  const {
-    length: packagePathsCount
-  } = packagePaths;
+  const packagePaths = await shadowNpmPaths.getPackageFilesFullScans(cwd, inputPaths, supportedFiles, socketConfig);
+  const packagePathsCount = packagePaths.length;
   if (packagePathsCount && debug.isDebug()) {
     for (const pkgPath of packagePaths) {
       debug.debugLog(`Uploading: ${pkgPath}`);
@@ -5608,7 +5663,7 @@ async function createReport(socketConfig, inputPaths, {
   const apiCall = socketSdk.createReportFromFilePaths(packagePaths, cwd, socketConfig?.issueRules);
   const result = await handleApiCall(apiCall, 'creating report');
   if (!result.success) {
-    handleUnsuccessfulApiResponse('createReport', result, spinner);
+    handleUnsuccessfulApiResponse('createReport', result);
     return undefined;
   }
   spinner.successAndStop();
@@ -5626,7 +5681,7 @@ async function getSocketConfig(absoluteConfigPath) {
         errors: cause.validationErrors,
         schema: cause.schema
       });
-      throw new index.InputError('The socket.yml config is not valid', betterErrors.map(err => `[${err.path}] ${err.message}.${err.suggestion ? err.suggestion : ''}`).join('\n'));
+      throw new shadowNpmInject.InputError('The socket.yml config is not valid', betterErrors.map(err => `[${err.path}] ${err.message}.${err.suggestion ? err.suggestion : ''}`).join('\n'));
     } else {
       throw new Error('Failed to read socket.yml config', {
         cause
@@ -5644,7 +5699,7 @@ async function fetchReportData(reportId, includeAllIssues, strict) {
     spinner
   } = constants;
   spinner.start(`Fetching report with ID ${reportId} (this could take a while)`);
-  const socketSdk = await index.setupSdk();
+  const socketSdk = await shadowNpmInject.setupSdk();
   let result;
   for (let retry = 1; !result; ++retry) {
     try {
@@ -5658,7 +5713,7 @@ async function fetchReportData(reportId, includeAllIssues, strict) {
     }
   }
   if (!result.success) {
-    return handleUnsuccessfulApiResponse('getReport', result, spinner);
+    return handleUnsuccessfulApiResponse('getReport', result);
   }
 
   // Conclude the status of the API call.
@@ -5683,7 +5738,7 @@ function formatReportDataOutput(reportId, data, commandName, outputJson, outputM
   if (outputJson) {
     logger.logger.log(JSON.stringify(data, undefined, 2));
   } else {
-    const format = new index.ColorOrMarkdown(outputMarkdown);
+    const format = new shadowNpmInject.ColorOrMarkdown(outputMarkdown);
     logger.logger.log(commonTags.stripIndents`
       Detailed info on socket.dev: ${format.hyperlink(reportId, data.url, {
       fallbackToUrl: true
@@ -5715,7 +5770,7 @@ const {
 } = constants;
 const config$d = {
   commandName: 'create',
-  description: 'Create a project report',
+  description: '[Deprecated] Create a project report',
   hidden: false,
   flags: {
     ...commonFlags,
@@ -5733,27 +5788,9 @@ const config$d = {
       description: 'Will wait for and return the created report'
     }
   },
-  help: (command, config) => `
-    Usage
-      $ ${command} <paths-to-package-folders-and-files>
-
-    Uploads the specified "package.json" and lock files for JavaScript, Python, and Go dependency manifests.
-    If any folder is specified, the ones found in there recursively are uploaded.
-
-    Supports globbing such as "**/package.json", "**/requirements.txt", "**/pyproject.toml", and "**/go.mod".
-
-    Ignores any file specified in your project's ".gitignore", your project's
-    "socket.yml" file's "projectIgnorePaths" and also has a sensible set of
-    default ignores from the "ignore-by-default" module.
-
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
-    Examples
-      $ ${command} .
-      $ ${command} '**/package.json'
-      $ ${command} /path/to/a/package.json /path/to/another/package.json
-      $ ${command} . --view --json
+  help: () => `
+    This command is deprecated in favor of \`socket scan create\`.
+    It will be removed in the next major release of the CLI.
   `
 };
 const cmdReportCreate = {
@@ -5805,7 +5842,7 @@ async function run$d(argv, importMeta, {
     } else if (json) {
       logger.logger.log(JSON.stringify(result.data, undefined, 2));
     } else {
-      const format = new index.ColorOrMarkdown(markdown);
+      const format = new shadowNpmInject.ColorOrMarkdown(markdown);
       logger.logger.log(`New report: ${format.hyperlink(result.data.id, result.data.url, {
         fallbackToUrl: true
       })}`);
@@ -5818,22 +5855,16 @@ const {
 } = constants;
 const config$c = {
   commandName: 'view',
-  description: 'View a project report',
+  description: '[Deprecated] View a project report',
   hidden: false,
   flags: {
     ...commonFlags,
     ...outputFlags,
     ...validationFlags
   },
-  help: (command, config) => `
-    Usage
-      $ ${command} <report-identifier>
-
-    Options
-      ${getFlagListOutput(config.flags, 6)}
-
-    Examples
-      $ ${command} QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
+  help: () => `
+    This command is deprecated in favor of \`socket scan view\`.
+    It will be removed in the next major release of the CLI.
   `
 };
 const cmdReportView = {
@@ -5858,7 +5889,7 @@ async function run$c(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Need at least one report ID ${!reportId ? colors.red('(missing!)') : colors.green('(ok)')}
 
@@ -5881,6 +5912,8 @@ async function run$c(argv, importMeta, {
 const description$2 = '[Deprecated] Project report related commands';
 const cmdReport = {
   description: description$2,
+  hidden: true,
+  // Deprecated in favor of `scan`
   async run(argv, importMeta, {
     parentName
   }) {
@@ -5897,13 +5930,33 @@ const cmdReport = {
 };
 
 async function createRepo({
+  default_branch,
+  description,
+  homepage,
+  orgSlug,
+  repoName,
+  visibility
+}) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await createRepoWithToken({
+    apiToken,
+    default_branch,
+    description,
+    homepage,
+    orgSlug,
+    repoName,
+    visibility
+  });
+}
+async function createRepoWithToken({
   apiToken,
   default_branch,
   description,
   homepage,
   orgSlug,
-  outputJson,
-  outputMarkdown,
   repoName,
   visibility
 }) {
@@ -5912,22 +5965,19 @@ async function createRepo({
     spinner
   } = constants;
   spinner.start('Creating repository...');
-  const socketSdk = await index.setupSdk(apiToken);
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.createOrgRepo(orgSlug, {
-    outputJson,
-    outputMarkdown,
-    orgSlug,
     name: repoName,
     description,
     homepage,
     default_branch,
     visibility
   }), 'creating repository');
-  if (result.success) {
-    spinner.successAndStop('Repository created successfully');
-  } else {
-    handleUnsuccessfulApiResponse('createOrgRepo', result, spinner);
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('createOrgRepo', result);
+    return;
   }
+  spinner.successAndStop('Repository created successfully');
 }
 
 const {
@@ -5939,7 +5989,6 @@ const config$b = {
   hidden: false,
   flags: {
     ...commonFlags,
-    ...outputFlags,
     repoName: {
       type: 'string',
       shortFlag: 'n',
@@ -6003,7 +6052,7 @@ async function run$b(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
 
@@ -6014,36 +6063,36 @@ async function run$b(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$b);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
   await createRepo({
-    outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
     orgSlug,
     repoName,
     description: String(cli.flags['repoDescription'] || ''),
     homepage: String(cli.flags['homepage'] || ''),
     default_branch: String(cli.flags['defaultBranch'] || ''),
-    visibility: String(cli.flags['visibility'] || 'private'),
-    apiToken
+    visibility: String(cli.flags['visibility'] || 'private')
   });
 }
 
-async function deleteRepo(orgSlug, repoName, apiToken) {
+async function deleteRepo(orgSlug, repoName) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await deleteRepoWithToken(orgSlug, repoName, apiToken);
+}
+async function deleteRepoWithToken(orgSlug, repoName, apiToken) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
   spinner.start('Deleting repository...');
-  const socketSdk = await index.setupSdk(apiToken);
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.deleteOrgRepo(orgSlug, repoName), 'deleting repository');
-  if (result.success) {
-    spinner.successAndStop('Repository deleted successfully');
-  } else {
-    handleUnsuccessfulApiResponse('deleteOrgRepo', result, spinner);
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('deleteOrgRepo', result);
+    return;
   }
+  spinner.successAndStop('Repository deleted successfully');
 }
 
 const {
@@ -6087,7 +6136,7 @@ async function run$a(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
 
@@ -6100,20 +6149,37 @@ async function run$a(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$a);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
-  await deleteRepo(orgSlug, repoName, apiToken);
+  await deleteRepo(orgSlug, repoName);
 }
 
 // @ts-ignore
 async function listRepos({
+  direction,
+  orgSlug,
+  outputKind,
+  page,
+  per_page,
+  sort
+}) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await listReposWithToken({
+    apiToken,
+    direction,
+    orgSlug,
+    outputKind,
+    page,
+    per_page,
+    sort
+  });
+}
+async function listReposWithToken({
   apiToken,
   direction,
   orgSlug,
-  outputJson,
-  outputMarkdown,
+  outputKind,
   page,
   per_page,
   sort
@@ -6122,23 +6188,20 @@ async function listRepos({
   const {
     spinner
   } = constants;
-  spinner.start('Listing repositories...');
-  const socketSdk = await index.setupSdk(apiToken);
+  spinner.start('Fetching list of repositories...');
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrgRepoList(orgSlug, {
-    outputJson,
-    outputMarkdown,
-    orgSlug,
     sort,
     direction,
     per_page,
     page
   }), 'listing repositories');
   if (!result.success) {
-    handleUnsuccessfulApiResponse('getOrgRepoList', result, spinner);
+    handleUnsuccessfulApiResponse('getOrgRepoList', result);
     return;
   }
-  spinner.stop();
-  if (outputJson) {
+  spinner.stop('Fetch complete.');
+  if (outputKind === 'json') {
     const data = result.data.results.map(o => ({
       id: o.id,
       name: o.name,
@@ -6235,7 +6298,7 @@ async function run$9(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
 
@@ -6246,30 +6309,44 @@ async function run$9(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$9);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
   await listRepos({
-    apiToken,
-    outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
-    orgSlug,
-    sort: String(cli.flags['sort'] || 'created_at'),
     direction: cli.flags['direction'] === 'asc' ? 'asc' : 'desc',
+    orgSlug,
+    outputKind: cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print',
     page: Number(cli.flags['page']) || 1,
-    per_page: Number(cli.flags['perPage']) || 30
+    per_page: Number(cli.flags['perPage']) || 30,
+    sort: String(cli.flags['sort'] || 'created_at')
   });
 }
 
 async function updateRepo({
+  default_branch,
+  description,
+  homepage,
+  orgSlug,
+  repoName,
+  visibility
+}) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await updateRepoWithToken({
+    apiToken,
+    default_branch,
+    description,
+    homepage,
+    orgSlug,
+    repoName,
+    visibility
+  });
+}
+async function updateRepoWithToken({
   apiToken,
   default_branch,
   description,
   homepage,
   orgSlug,
-  outputJson,
-  outputMarkdown,
   repoName,
   visibility
 }) {
@@ -6278,10 +6355,8 @@ async function updateRepo({
     spinner
   } = constants;
   spinner.start('Updating repository...');
-  const socketSdk = await index.setupSdk(apiToken);
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.updateOrgRepo(orgSlug, repoName, {
-    outputJson,
-    outputMarkdown,
     orgSlug,
     name: repoName,
     description,
@@ -6289,11 +6364,11 @@ async function updateRepo({
     default_branch,
     visibility
   }), 'updating repository');
-  if (result.success) {
-    spinner.successAndStop('Repository updated successfully');
-  } else {
-    handleUnsuccessfulApiResponse('updateOrgRepo', result, spinner);
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('updateOrgRepo', result);
+    return;
   }
+  spinner.successAndStop('Repository updated successfully');
 }
 
 const {
@@ -6305,7 +6380,6 @@ const config$8 = {
   hidden: false,
   flags: {
     ...commonFlags,
-    ...outputFlags,
     repoName: {
       type: 'string',
       shortFlag: 'n',
@@ -6369,7 +6443,7 @@ async function run$8(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
 
@@ -6382,14 +6456,7 @@ async function run$8(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$8);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
   await updateRepo({
-    apiToken,
-    outputJson: Boolean(cli.flags['json']),
-    outputMarkdown: Boolean(cli.flags['markdown']),
     orgSlug,
     repoName,
     description: String(cli.flags['repoDescription'] || ''),
@@ -6400,16 +6467,45 @@ async function run$8(argv, importMeta, {
 }
 
 // @ts-ignore
-async function viewRepo(orgSlug, repoName, apiToken) {
+async function viewRepo(orgSlug, repoName, outputKind) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await viewRepoWithToken(orgSlug, repoName, apiToken, outputKind);
+}
+async function viewRepoWithToken(orgSlug, repoName, apiToken, outputKind) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Fetching repository...');
-  const socketSdk = await index.setupSdk(apiToken);
+  spinner.start('Fetching repository data...');
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrgRepo(orgSlug, repoName), 'fetching repository');
   if (!result.success) {
-    handleUnsuccessfulApiResponse('getOrgRepo', result, spinner);
+    handleUnsuccessfulApiResponse('getOrgRepo', result);
+    return;
+  }
+  spinner.stop('Fetched repository data.');
+  if (outputKind === 'json') {
+    const {
+      archived,
+      created_at,
+      default_branch,
+      homepage,
+      id,
+      name,
+      visibility
+    } = result.data;
+    logger.logger.log(JSON.stringify({
+      id,
+      name,
+      visibility,
+      default_branch,
+      homepage,
+      archived,
+      created_at
+    }, null, 2));
     return;
   }
   const options = {
@@ -6436,7 +6532,7 @@ async function viewRepo(orgSlug, repoName, apiToken) {
       name: colors.magenta('Created at')
     }]
   };
-  spinner.stop(chalkTable(options, [result.data]));
+  logger.logger.log(chalkTable(options, [result.data]));
 }
 
 const {
@@ -6448,7 +6544,12 @@ const config$7 = {
   hidden: false,
   flags: {
     ...commonFlags,
-    ...outputFlags
+    ...outputFlags,
+    repoName: {
+      description: 'The repository to check',
+      default: '',
+      type: 'string'
+    }
   },
   help: (command, config) => `
     Usage
@@ -6482,7 +6583,7 @@ async function run$7(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`
+    logger.logger.fail(commonTags.stripIndents`
       ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
@@ -6495,11 +6596,7 @@ async function run$7(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$7);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
-  await viewRepo(orgSlug, repoName, apiToken);
+  await viewRepo(orgSlug, repoName, cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print');
 }
 
 const description$1 = 'Repositories related commands';
@@ -6684,10 +6781,10 @@ async function createFullScan({
   const {
     spinner
   } = constants;
-  const socketSdk = await index.setupSdk();
+  const socketSdk = await shadowNpmInject.setupSdk();
   const supportedFiles = await socketSdk.getReportSupportedFiles().then(res => {
     if (!res.success) {
-      handleUnsuccessfulApiResponse('getReportSupportedFiles', res, spinner);
+      handleUnsuccessfulApiResponse('getReportSupportedFiles', res);
       assert(false, 'handleUnsuccessfulApiResponse should unconditionally throw');
     }
     return res.data;
@@ -6705,46 +6802,53 @@ async function createFullScan({
     targets = received ?? [];
     updatedInput = true;
   }
-  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, targets, supportedFiles);
+
+  // // TODO: we'll probably use socket.json or something else soon...
+  // const absoluteConfigPath = path.join(cwd, 'socket.yml')
+  // const socketConfig = await getSocketConfig(absoluteConfigPath)
+
+  const packagePaths = await shadowNpmPaths.getPackageFilesFullScans(cwd, targets, supportedFiles
+  // socketConfig
+  );
 
   // We're going to need an api token to suggest data because those suggestions
   // must come from data we already know. Don't error on missing api token yet.
   // If the api-token is not set, ignore it for the sake of suggestions.
-  const apiToken = index.getDefaultToken();
-  if (apiToken && !orgSlug) {
-    const suggestion = await suggestOrgSlug(socketSdk);
-    if (suggestion) orgSlug = suggestion;
-    updatedInput = true;
-  }
+  const apiToken = shadowNpmInject.getDefaultToken();
 
   // If the current cwd is unknown and is used as a repo slug anyways, we will
   // first need to register the slug before we can use it.
   let repoDefaultBranch = '';
-
-  // (Don't bother asking for the rest if we didn't get an org slug above)
-  if (apiToken && orgSlug && !repoName) {
-    const suggestion = await suggestRepoSlug(socketSdk, orgSlug);
-    if (suggestion) {
-      ({
-        defaultBranch: repoDefaultBranch,
-        slug: repoName
-      } = suggestion);
+  if (apiToken) {
+    if (!orgSlug) {
+      const suggestion = await suggestOrgSlug(socketSdk);
+      if (suggestion) orgSlug = suggestion;
+      updatedInput = true;
+    }
+
+    // (Don't bother asking for the rest if we didn't get an org slug above)
+    if (orgSlug && !repoName) {
+      const suggestion = await suggestRepoSlug(socketSdk, orgSlug);
+      if (suggestion) {
+        repoDefaultBranch = suggestion.defaultBranch;
+        repoName = suggestion.slug;
+      }
+      updatedInput = true;
     }
-    updatedInput = true;
-  }
 
-  // (Don't bother asking for the rest if we didn't get an org/repo above)
-  if (apiToken && orgSlug && repoName && !branchName) {
-    const suggestion = await suggestBranchSlug(repoDefaultBranch);
-    if (suggestion) branchName = suggestion;
-    updatedInput = true;
+    // (Don't bother asking for the rest if we didn't get an org/repo above)
+    if (orgSlug && repoName && !branchName) {
+      const suggestion = await suggestBranchSlug(repoDefaultBranch);
+      if (suggestion) branchName = suggestion;
+      updatedInput = true;
+    }
   }
   if (!orgSlug || !repoName || !branchName || !packagePaths.length) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process$1.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`
+    logger.logger.fail(commonTags.stripIndents`
       ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
@@ -6766,13 +6870,13 @@ async function createFullScan({
     logger.logger.log('```');
   }
   if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   if (readOnly) {
     logger.logger.log('[ReadOnly] Bailing now');
     return;
   }
-  spinner.start('Creating a scan...');
+  spinner.start(`Creating a scan with ${packagePaths.length} packages...`);
   const result = await handleApiCall(socketSdk.createOrgFullScan(orgSlug, {
     repo: repoName,
     branch: branchName,
@@ -6782,7 +6886,7 @@ async function createFullScan({
     tmp
   }, packagePaths, cwd), 'Creating scan');
   if (!result.success) {
-    handleUnsuccessfulApiResponse('CreateOrgFullScan', result, spinner);
+    handleUnsuccessfulApiResponse('CreateOrgFullScan', result);
     return;
   }
   spinner.successAndStop('Scan created successfully');
@@ -6872,13 +6976,29 @@ const config$6 = {
       shortFlag: 't',
       default: false,
       description: 'Set the visibility (true/false) of the scan in your dashboard'
+    },
+    view: {
+      type: 'boolean',
+      shortFlag: 'v',
+      default: true,
+      description: 'Will wait for and return the created report. Use --no-view to disable.'
     }
   },
+  // TODO: your project's "socket.yml" file's "projectIgnorePaths"
   help: (command, config) => `
     Usage
       $ ${command} [...options] <org> <TARGET> [TARGET...]
 
-    Where TARGET is a FILE or DIR that _must_ be inside the CWD.
+    Uploads the specified "package.json" and lock files for JavaScript, Python,
+    Go, Scala, Gradle, and Kotlin dependency manifests.
+    If any folder is specified, the ones found in there recursively are uploaded.
+
+    Supports globbing such as "**/package.json", "**/requirements.txt", etc.
+
+    Ignores any file specified in your project's ".gitignore" and also has a
+    sensible set of default ignores from the "ignore-by-default" module.
+
+    TARGET should be a FILE or DIR that _must_ be inside the CWD.
 
     When a FILE is given only that FILE is targeted. Otherwise any eligible
     files in the given DIR will be considered.
@@ -6910,15 +7030,17 @@ async function run$6(argv, importMeta, {
     branch: branchName,
     repo: repoName
   } = cli.flags;
-  const apiToken = index.getDefaultToken();
+  const apiToken = shadowNpmInject.getDefaultToken(); // This checks if we _can_ suggest anything
+
   if (!apiToken && (!orgSlug || !repoName || !branchName || !targets.length)) {
     // Without api token we cannot recover because we can't request more info
     // from the server, to match and help with the current cwd/git status.
+    //
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process$1.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`
+    logger.logger.fail(commonTags.stripIndents`
       ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
@@ -6956,16 +7078,23 @@ async function run$6(argv, importMeta, {
   });
 }
 
-async function deleteOrgFullScan(orgSlug, fullScanId, apiToken) {
+async function deleteOrgFullScan(orgSlug, fullScanId) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await deleteOrgFullScanWithToken(orgSlug, fullScanId, apiToken);
+}
+async function deleteOrgFullScanWithToken(orgSlug, fullScanId, apiToken) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
   spinner.start('Deleting scan...');
-  const socketSdk = await index.setupSdk(apiToken);
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.deleteOrgFullScan(orgSlug, fullScanId), 'Deleting scan');
   if (!result.success) {
-    handleUnsuccessfulApiResponse('deleteOrgFullScan', result, spinner);
+    handleUnsuccessfulApiResponse('deleteOrgFullScan', result);
     return;
   }
   spinner.successAndStop('Scan deleted successfully');
@@ -7013,7 +7142,7 @@ async function run$5(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
 
@@ -7024,24 +7153,64 @@ async function run$5(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$5);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
-  await deleteOrgFullScan(orgSlug, fullScanId, apiToken);
+  await deleteOrgFullScan(orgSlug, fullScanId);
 }
 
 // @ts-ignore
-async function listFullScans(orgSlug, input, apiToken) {
+async function listFullScans({
+  direction,
+  from_time,
+  orgSlug,
+  outputKind,
+  page,
+  per_page,
+  sort
+}) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await listFullScansWithToken({
+    apiToken,
+    direction,
+    from_time,
+    orgSlug,
+    outputKind,
+    page,
+    per_page,
+    sort
+  });
+}
+async function listFullScansWithToken({
+  apiToken,
+  direction,
+  from_time,
+  orgSlug,
+  outputKind,
+  page,
+  per_page,
+  sort
+}) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Listing scans...');
-  const socketSdk = await index.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, input), 'Listing scans');
+  spinner.start('Fetching list of scans...');
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, {
+    sort,
+    direction,
+    per_page,
+    page,
+    from: from_time
+  }), 'Listing scans');
   if (!result.success) {
-    handleUnsuccessfulApiResponse('getOrgFullScanList', result, spinner);
+    handleUnsuccessfulApiResponse('getOrgFullScanList', result);
+    return;
+  }
+  spinner.stop(`Fetch complete`);
+  if (outputKind === 'json') {
+    logger.logger.log(result.data);
     return;
   }
   const options = {
@@ -7071,7 +7240,6 @@ async function listFullScans(orgSlug, input, apiToken) {
       branch: d.branch
     };
   });
-  spinner.stop(`Listing scans for: ${orgSlug}`);
   logger.logger.log(chalkTable(options, formattedResults));
 }
 
@@ -7153,7 +7321,7 @@ async function run$4(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
     - Org name as the argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}`);
     return;
@@ -7162,39 +7330,55 @@ async function run$4(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$4);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
-  await listFullScans(orgSlug,
-  // TODO: refine this object to what we need
-  {
-    outputJson: cli.flags['json'],
-    outputMarkdown: cli.flags['markdown'],
+  await listFullScans({
+    direction: String(cli.flags['direction'] || ''),
+    from_time: String(cli.flags['fromTime'] || ''),
     orgSlug,
-    sort: cli.flags['sort'],
-    direction: cli.flags['direction'],
-    per_page: cli.flags['perPage'],
-    page: cli.flags['page'],
-    from_time: cli.flags['fromTime'],
-    until_time: cli.flags['untilTime']
-  }, apiToken);
+    outputKind: cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print',
+    page: Number(cli.flags['page'] || 1),
+    per_page: Number(cli.flags['perPage'] || 30),
+    sort: String(cli.flags['sort'] || '')
+  });
 }
 
-async function getOrgScanMetadata(orgSlug, scanId, apiToken) {
+async function getOrgScanMetadata(orgSlug, scanId, outputKind) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  await getOrgScanMetadataWithToken(orgSlug, scanId, apiToken, outputKind);
+}
+async function getOrgScanMetadataWithToken(orgSlug, scanId, apiToken, outputKind) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start("Getting scan's metadata...");
-  const socketSdk = await index.setupSdk(apiToken);
+  spinner.start('Fetching meta data for a full scan...');
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrgFullScanMetadata(orgSlug, scanId), 'Listing scans');
   if (!result.success) {
-    handleUnsuccessfulApiResponse('getOrgFullScanMetadata', result, spinner);
+    handleUnsuccessfulApiResponse('getOrgFullScanMetadata', result);
     return;
   }
-  spinner.stop('Scan metadata:');
-  logger.logger.log(result.data);
+  spinner?.successAndStop('Fetched the meta data\n');
+  if (outputKind === 'json') {
+    logger.logger.log(result.data);
+  } else {
+    // Markdown = print
+    if (outputKind === 'markdown') {
+      logger.logger.log('# Scan meta data\n');
+    }
+    logger.logger.log(`Scan ID: ${scanId}\n`);
+    for (const [key, value] of Object.entries(result.data)) {
+      if (['id', 'updated_at', 'organization_id', 'repository_id', 'commit_hash', 'html_report_url'].includes(key)) continue;
+      logger.logger.log(`- ${key}:`, value);
+    }
+    if (outputKind === 'markdown') {
+      logger.logger.log(`\nYou can view this report at: [${result.data.html_report_url}](${result.data.html_report_url})\n`);
+    } else {
+      logger.logger.log(`\nYou can view this report at: ${result.data.html_report_url}]\n`);
+    }
+  }
 }
 
 const {
@@ -7239,7 +7423,7 @@ async function run$3(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
 
@@ -7250,35 +7434,106 @@ async function run$3(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$3);
     return;
   }
-  const apiToken = index.getDefaultToken();
+  await getOrgScanMetadata(orgSlug, fullScanId, cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print');
+}
+
+async function streamFullScan(orgSlug, fullScanId, file) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await getOrgScanMetadata(orgSlug, fullScanId, apiToken);
+  spinner.start('Fetching scan...');
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  const data = await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file === '-' ? undefined : file), 'Fetching a scan');
+  if (!data?.success) {
+    handleUnsuccessfulApiResponse('getOrgFullScan', data);
+    return;
+  }
+  spinner?.successAndStop(file ? `Full scan details written to ${file}` : 'stdout');
+  return data;
 }
 
-async function getFullScan(orgSlug, fullScanId, file, apiToken) {
+async function getFullScan(orgSlug, fullScanId) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Streaming scan...');
-  const socketSdk = await index.setupSdk(apiToken);
-  const data = await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file === '-' ? undefined : file), 'Streaming a scan');
-  if (data?.success) {
-    spinner.stop(file ? `Full scan details written to ${file}` : '');
-  } else {
-    handleUnsuccessfulApiResponse('getOrgFullScan', data, spinner);
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
+  spinner.start('Fetching full-scan...');
+  const response = await queryAPI(`orgs/${orgSlug}/full-scans/${encodeURIComponent(fullScanId)}`, apiToken);
+  spinner.stop('Fetch complete.');
+  if (!response.ok) {
+    const err = await handleAPIError(response.status);
+    logger.logger.fail(`${colors.bgRed(colors.white(response.statusText))}: Fetch error: ${err}`);
+    return;
+  }
+
+  // This is nd-json; each line is a json object
+  const jsons = await response.text();
+  const lines = jsons.split('\n').filter(Boolean);
+  const data = lines.map(line => {
+    try {
+      return JSON.parse(line);
+    } catch {
+      console.error('At least one line item was returned that could not be parsed as JSON...');
+      return {};
+    }
+  });
   return data;
 }
 
+async function viewFullScan(orgSlug, fullScanId, filePath) {
+  const artifacts = await getFullScan(orgSlug, fullScanId);
+  if (!artifacts) return;
+  const display = artifacts.map(art => {
+    const author = Array.isArray(art.author) ? `${art.author[0]}${art.author.length > 1 ? ' et.al.' : ''}` : art.author;
+    return {
+      type: art.type,
+      name: art.name,
+      version: art.version,
+      author,
+      score: JSON.stringify(art.score)
+    };
+  });
+  const md = mdTable(display, ['type', 'version', 'name', 'author', 'score']);
+  const report = `
+# Scan Details
+
+These are the artifacts and their scores found.
+
+Sscan ID: ${fullScanId}
+
+${md}
+
+View this report at: https://socket.dev/dashboard/org/${orgSlug}/sbom/${fullScanId}
+  `.trim() + '\n';
+  if (filePath && filePath !== '-') {
+    try {
+      await fs$1.writeFile(filePath, report, 'utf8');
+      logger.logger.log(`Data successfully written to ${filePath}`);
+    } catch (e) {
+      process.exitCode = 1;
+      logger.logger.fail('There was an error trying to write the json to disk');
+      logger.logger.error(e);
+    }
+  } else {
+    logger.logger.log(report);
+  }
+}
+
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$2
 } = constants;
 const config$2 = {
-  commandName: 'stream',
-  description: 'Stream the output of a scan',
+  commandName: 'view',
+  description: 'View the raw results of a scan',
   hidden: false,
   flags: {
     ...commonFlags,
@@ -7297,7 +7552,7 @@ const config$2 = {
       $ ${command} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 ./stream.txt
   `
 };
-const cmdScanStream = {
+const cmdScanView = {
   description: config$2.description,
   hidden: config$2.hidden,
   run: run$2
@@ -7317,7 +7572,7 @@ async function run$2(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`
+    logger.logger.fail(commonTags.stripIndents`
       ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
@@ -7330,14 +7585,14 @@ async function run$2(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$2);
     return;
   }
-  const apiToken = index.getDefaultToken();
-  if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  if (cli.flags['json']) {
+    await streamFullScan(orgSlug, fullScanId, file);
+  } else {
+    await viewFullScan(orgSlug, fullScanId, file);
   }
-  await getFullScan(orgSlug, fullScanId, file, apiToken);
 }
 
-const description = 'Scans related commands';
+const description = 'Full Scan related commands';
 const cmdScan = {
   description,
   async run(argv, importMeta, {
@@ -7345,11 +7600,19 @@ const cmdScan = {
   }) {
     await meowWithSubcommands({
       create: cmdScanCreate,
-      stream: cmdScanStream,
       list: cmdScanList,
       del: cmdScanDel,
-      metadata: cmdScanMetadata
+      metadata: cmdScanMetadata,
+      view: cmdScanView
     }, {
+      aliases: {
+        // Backwards compat. TODO: Drop next major bump
+        stream: {
+          description: cmdScanView.description,
+          hidden: true,
+          argv: ['view'] // Original args will be appended (!)
+        }
+      },
       argv,
       description,
       importMeta,
@@ -7501,9 +7764,9 @@ async function run$1(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$1);
     return;
   }
-  const apiToken = index.getDefaultToken();
+  const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
-    throw new index.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   await getThreatFeed({
     apiToken,
@@ -7598,7 +7861,7 @@ function askQuestion(rl, query) {
 function removeSocketWrapper(file) {
   return fs.readFile(file, 'utf8', function (err, data) {
     if (err) {
-      logger.logger.error('There was an error removing the alias:');
+      logger.logger.fail('There was an error removing the alias:');
       logger.logger.error(err);
       return;
     }
@@ -7675,7 +7938,7 @@ async function run(argv, importMeta, {
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.error(commonTags.stripIndents`
+    logger.logger.fail(commonTags.stripIndents`
       ${colors.bgRed(colors.white('Input error'))}: Please provide the required flags:
 
       - Must use --enabled or --disabled
@@ -7708,7 +7971,7 @@ async function run(argv, importMeta, {
     }
   }
   if (!fs.existsSync(bashRcPath) && !fs.existsSync(zshRcPath)) {
-    logger.logger.error('There was an issue setting up the alias in your bash profile');
+    logger.logger.fail('There was an issue setting up the alias in your bash profile');
   }
 }
 
@@ -7767,10 +8030,10 @@ void (async () => {
     let errorBody;
     let errorTitle;
     let errorMessage = '';
-    if (e instanceof index.AuthError) {
+    if (e instanceof shadowNpmInject.AuthError) {
       errorTitle = 'Authentication error';
       errorMessage = e.message;
-    } else if (e instanceof index.InputError) {
+    } else if (e instanceof shadowNpmInject.InputError) {
       errorTitle = 'Invalid input';
       errorMessage = e.message;
       errorBody = e.body;
@@ -7781,12 +8044,12 @@ void (async () => {
     } else {
       errorTitle = 'Unexpected error with no details';
     }
-    logger.logger.error(`${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
+    logger.logger.fail(`${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
     if (errorBody) {
       logger.logger.error(`\n${errorBody}`);
     }
-    await index.captureException(e);
+    await shadowNpmInject.captureException(e);
   }
 })();
-//# debugId=b11caea8-68eb-4110-977e-c8cc2d1f4464
+//# debugId=da32be80-6a12-4a4c-b9c4-0cfdd490ce52
 //# sourceMappingURL=cli.js.map