@socketsecurity/cli-with-sentry 0.14.58 → 0.14.59

package/dist/require/cli.js

@@ -1522,7 +1522,7 @@ function emitBanner(name) {
 }
 function getAsciiHeader(command) {
   const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['SOCKET_CLI_VERSION_HASH']".
-  "0.14.58:f270068:05655527:pub";
+  "0.14.59:e40b009:5200cfd8:pub";
   const nodeVersion = process.version;
   const apiToken = shadowNpmInject.getSetting('apiToken');
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
@@ -2255,22 +2255,22 @@ async function run$x(argv, importMeta, {
 }
 
 const {
-  NPM: NPM$g,
+  NPM: NPM$f,
   NPX: NPX$3,
   PNPM: PNPM$a
 } = constants;
-const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$g, PNPM$a, 'ts', 'tsx', 'typescript']);
+const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$f, PNPM$a, 'ts', 'tsx', 'typescript']);
 async function runCycloneDX(yargv) {
   let cleanupPackageLock = false;
   if (yargv.type !== 'yarn' && nodejsPlatformTypes.has(yargv.type) && fs.existsSync('./yarn.lock')) {
     if (fs.existsSync('./package-lock.json')) {
-      yargv.type = NPM$g;
+      yargv.type = NPM$f;
     } else {
       // Use synp to create a package-lock.json from the yarn.lock,
       // based on the node_modules folder, for a more accurate SBOM.
       try {
         await shadowBin(NPX$3, ['synp@1.9.14', '--', '--source-file', './yarn.lock'], 2);
-        yargv.type = NPM$g;
+        yargv.type = NPM$f;
         cleanupPackageLock = true;
       } catch {}
     }
@@ -2791,7 +2791,7 @@ const cmdDiffScan = {
 };
 
 const {
-  NPM: NPM$f
+  NPM: NPM$e
 } = constants;
 function isTopLevel(tree, node) {
   return tree.children.get(node.name) === node;
@@ -2835,7 +2835,7 @@ async function npmFix(_pkgEnvDetails, cwd, options) {
     // eslint-disable-next-line no-await-in-loop
     await arb.buildIdealTree();
     const tree = arb.idealTree;
-    const hasUpgrade = !!registry.getManifestData(NPM$f, name);
+    const hasUpgrade = !!registry.getManifestData(NPM$e, name);
     if (hasUpgrade) {
       spinner?.info(`Skipping ${name}. Socket Optimize package exists.`);
       continue;
@@ -2952,8 +2952,13 @@ function cmdFlagsToString(args) {
   }
   return result.join(' ');
 }
+function cmdPrefixMessage(cmdName, text) {
+  const cmdPrefix = cmdName ? `${cmdName}: ` : '';
+  return `${cmdPrefix}${text}`;
+}
 
 const {
+  SOCKET_CLI_SENTRY_BUILD,
   SOCKET_IPC_HANDSHAKE
 } = constants;
 function safeNpmInstall(options) {
@@ -2980,7 +2985,11 @@ function safeNpmInstall(options) {
   // Lazily access constants.nodeHardenFlags.
   ...constants.nodeHardenFlags,
   // Lazily access constants.nodeNoWarningsFlags.
-  ...constants.nodeNoWarningsFlags, '--require',
+  ...constants.nodeNoWarningsFlags,
+  // Lazily access constants.ENV[SOCKET_CLI_SENTRY_BUILD].
+  ...(constants.ENV[SOCKET_CLI_SENTRY_BUILD] ? ['--require',
+  // Lazily access constants.distInstrumentWithSentryPath.
+  constants.distInstrumentWithSentryPath] : []), '--require',
   // Lazily access constants.distShadowNpmInjectPath.
   constants.distShadowNpmInjectPath, agentExecPath, 'install',
   // Avoid code paths for 'audit' and 'fund'.
@@ -3011,7 +3020,7 @@ function safeNpmInstall(options) {
 }
 
 const {
-  NPM: NPM$e
+  NPM: NPM$d
 } = constants;
 function runAgentInstall(pkgEnvDetails, options) {
   const {
@@ -3019,7 +3028,7 @@ function runAgentInstall(pkgEnvDetails, options) {
     agentExecPath
   } = pkgEnvDetails;
   // All package managers support the "install" command.
-  if (agent === NPM$e) {
+  if (agent === NPM$d) {
     return safeNpmInstall({
       agentExecPath,
       ...options
@@ -3050,7 +3059,7 @@ function runAgentInstall(pkgEnvDetails, options) {
 }
 
 const {
-  NPM: NPM$d,
+  NPM: NPM$c,
   OVERRIDES: OVERRIDES$2,
   PNPM: PNPM$9
 } = constants;
@@ -3098,7 +3107,7 @@ async function pnpmFix(pkgEnvDetails, cwd, options) {
     1: infos
   } of infoByPkg) {
     const tree = arb.actualTree;
-    const hasUpgrade = !!registry.getManifestData(NPM$d, name);
+    const hasUpgrade = !!registry.getManifestData(NPM$c, name);
     if (hasUpgrade) {
       spinner?.info(`Skipping ${name}. Socket Optimize package exists.`);
       continue;
@@ -3163,24 +3172,25 @@ async function pnpmFix(pkgEnvDetails, cwd, options) {
 
 const {
   BINARY_LOCK_EXT,
-  BUN: BUN$6,
+  BUN: BUN$5,
   LOCK_EXT: LOCK_EXT$1,
-  NPM: NPM$c,
+  NPM: NPM$b,
+  NPM_BUGGY_OVERRIDES_PATCHED_VERSION: NPM_BUGGY_OVERRIDES_PATCHED_VERSION$1,
   PNPM: PNPM$8,
-  VLT: VLT$6,
+  VLT: VLT$5,
   YARN,
-  YARN_BERRY: YARN_BERRY$6,
+  YARN_BERRY: YARN_BERRY$5,
   YARN_CLASSIC: YARN_CLASSIC$6
 } = constants;
-const AGENTS = [BUN$6, NPM$c, PNPM$8, YARN_BERRY$6, YARN_CLASSIC$6, VLT$6];
+const AGENTS = [BUN$5, NPM$b, PNPM$8, YARN_BERRY$5, YARN_CLASSIC$6, VLT$5];
 const binByAgent = {
   __proto__: null,
-  [BUN$6]: BUN$6,
-  [NPM$c]: NPM$c,
+  [BUN$5]: BUN$5,
+  [NPM$b]: NPM$b,
   [PNPM$8]: PNPM$8,
-  [YARN_BERRY$6]: YARN,
+  [YARN_BERRY$5]: YARN,
   [YARN_CLASSIC$6]: YARN,
-  [VLT$6]: VLT$6
+  [VLT$5]: VLT$5
 };
 async function getAgentExecPath(agent) {
   const binName = binByAgent[agent];
@@ -3202,24 +3212,24 @@ async function getAgentVersion(agentExecPath, cwd) {
 
 // The order of LOCKS properties IS significant as it affects iteration order.
 const LOCKS = {
-  [`bun${LOCK_EXT$1}`]: BUN$6,
-  [`bun${BINARY_LOCK_EXT}`]: BUN$6,
+  [`bun${LOCK_EXT$1}`]: BUN$5,
+  [`bun${BINARY_LOCK_EXT}`]: BUN$5,
   // If both package-lock.json and npm-shrinkwrap.json are present in the root
   // of a project, npm-shrinkwrap.json will take precedence and package-lock.json
   // will be ignored.
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#package-lockjson-vs-npm-shrinkwrapjson
-  'npm-shrinkwrap.json': NPM$c,
-  'package-lock.json': NPM$c,
+  'npm-shrinkwrap.json': NPM$b,
+  'package-lock.json': NPM$b,
   'pnpm-lock.yaml': PNPM$8,
   'pnpm-lock.yml': PNPM$8,
   [`yarn${LOCK_EXT$1}`]: YARN_CLASSIC$6,
-  'vlt-lock.json': VLT$6,
+  'vlt-lock.json': VLT$5,
   // Lastly, look for a hidden lock file which is present if .npmrc has package-lock=false:
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#hidden-lockfiles
   //
   // Unlike the other LOCKS keys this key contains a directory AND filename so
   // it has to be handled differently.
-  'node_modules/.package-lock.json': NPM$c
+  'node_modules/.package-lock.json': NPM$b
 };
 const readLockFileByAgent = (() => {
   function wrapReader(reader) {
@@ -3233,7 +3243,7 @@ const readLockFileByAgent = (() => {
   const binaryReader = wrapReader(shadowNpmInject.readFileBinary);
   const defaultReader = wrapReader(async lockPath => await shadowNpmInject.readFileUtf8(lockPath));
   return {
-    [BUN$6]: wrapReader(async (lockPath, agentExecPath) => {
+    [BUN$5]: wrapReader(async (lockPath, agentExecPath) => {
       const ext = path.extname(lockPath);
       if (ext === LOCK_EXT$1) {
         return await defaultReader(lockPath);
@@ -3252,10 +3262,10 @@ const readLockFileByAgent = (() => {
       }
       return undefined;
     }),
-    [NPM$c]: defaultReader,
+    [NPM$b]: defaultReader,
     [PNPM$8]: defaultReader,
-    [VLT$6]: defaultReader,
-    [YARN_BERRY$6]: defaultReader,
+    [VLT$5]: defaultReader,
+    [YARN_BERRY$5]: defaultReader,
     [YARN_CLASSIC$6]: defaultReader
   };
 })();
@@ -3296,16 +3306,16 @@ async function detectPackageEnvironment({
     agent = LOCKS[lockName];
   }
   if (agent === undefined) {
-    agent = NPM$c;
+    agent = NPM$b;
     onUnknown?.(pkgManager);
   }
   const agentExecPath = await getAgentExecPath(agent);
-  const npmExecPath = agent === NPM$c ? agentExecPath : await getAgentExecPath(NPM$c);
+  const npmExecPath = agent === NPM$b ? agentExecPath : await getAgentExecPath(NPM$b);
   if (agentVersion === undefined) {
     agentVersion = await getAgentVersion(agentExecPath, cwd);
   }
   if (agent === YARN_CLASSIC$6 && (agentVersion?.major ?? 0) > 1) {
-    agent = YARN_BERRY$6;
+    agent = YARN_BERRY$5;
   }
   const targets = {
     browser: false,
@@ -3347,6 +3357,8 @@ async function detectPackageEnvironment({
     lockName = undefined;
     lockPath = undefined;
   }
+  const pkgSupported = targets.browser || targets.node;
+  const npmBuggyOverrides = agent === NPM$b && !!agentVersion && semver.lt(agentVersion, NPM_BUGGY_OVERRIDES_PATCHED_VERSION$1);
   return {
     agent,
     agentExecPath,
@@ -3358,19 +3370,16 @@ async function detectPackageEnvironment({
     npmExecPath,
     pkgJson: editablePkgJson,
     pkgPath,
-    supported: targets.browser || targets.node,
+    pkgSupported,
+    features: {
+      npmBuggyOverrides
+    },
     targets
   };
 }
-
-const {
-  BUN: BUN$5,
-  VLT: VLT$5,
-  YARN_BERRY: YARN_BERRY$5
-} = constants;
-const COMMAND_TITLE$2 = 'Socket Optimize';
 async function detectAndValidatePackageEnvironment(cwd, options) {
   const {
+    cmdName = '',
     logger,
     prod
   } = {
@@ -3380,44 +3389,45 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
   const details = await detectPackageEnvironment({
     cwd,
     onUnknown(pkgManager) {
-      logger?.warn(`${COMMAND_TITLE$2}: Unknown package manager${pkgManager ? ` ${pkgManager}` : ''}, defaulting to npm`);
+      logger?.warn(cmdPrefixMessage(cmdName, `Unknown package manager${pkgManager ? ` ${pkgManager}` : ''}, defaulting to npm`));
     }
   });
-  if (!details.supported) {
-    logger?.fail(`${COMMAND_TITLE$2}: No supported Node or browser range detected`);
+  if (!details.pkgSupported) {
+    logger?.fail(cmdPrefixMessage(cmdName, 'No supported Node or browser range detected'));
     return;
   }
   if (details.agent === VLT$5) {
-    logger?.fail(`${COMMAND_TITLE$2}: ${details.agent} does not support overrides. Soon, though ⚡`);
+    logger?.fail(cmdPrefixMessage(cmdName, `${details.agent} does not support overrides. Soon, though ⚡`));
     return;
   }
   const lockName = details.lockName ?? 'lock file';
   if (details.lockName === undefined || details.lockSrc === undefined) {
-    logger?.fail(`${COMMAND_TITLE$2}: No ${lockName} found`);
+    logger?.fail(cmdPrefixMessage(cmdName, `No ${lockName} found`));
     return;
   }
   if (details.lockSrc.trim() === '') {
-    logger?.fail(`${COMMAND_TITLE$2}: ${lockName} is empty`);
+    logger?.fail(cmdPrefixMessage(cmdName, `${lockName} is empty`));
     return;
   }
   if (details.pkgPath === undefined) {
-    logger?.fail(`${COMMAND_TITLE$2}: No package.json found`);
+    logger?.fail(cmdPrefixMessage(cmdName, 'No package.json found'));
     return;
   }
   if (prod && (details.agent === BUN$5 || details.agent === YARN_BERRY$5)) {
-    logger?.fail(`${COMMAND_TITLE$2}: --prod not supported for ${details.agent}${details.agentVersion ? `@${details.agentVersion.toString()}` : ''}`);
+    logger?.fail(cmdPrefixMessage(cmdName, `--prod not supported for ${details.agent}${details.agentVersion ? `@${details.agentVersion.version}` : ''}`));
     return;
   }
   if (details.lockPath && path.relative(cwd, details.lockPath).startsWith('.')) {
-    logger?.warn(`${COMMAND_TITLE$2}: Package ${lockName} found at ${details.lockPath}`);
+    logger?.warn(cmdPrefixMessage(cmdName, `Package ${lockName} found at ${details.lockPath}`));
   }
   return details;
 }
 
 const {
-  NPM: NPM$b,
+  NPM: NPM$a,
   PNPM: PNPM$7
 } = constants;
+const CMD_NAME$1 = 'socket fix';
 async function runFix() {
   // Lazily access constants.spinner.
   const {
@@ -3426,6 +3436,7 @@ async function runFix() {
   spinner.start();
   const cwd = process.cwd();
   const pkgEnvDetails = await detectAndValidatePackageEnvironment(cwd, {
+    cmdName: CMD_NAME$1,
     logger: logger.logger
   });
   if (!pkgEnvDetails) {
@@ -3433,7 +3444,7 @@ async function runFix() {
     return;
   }
   switch (pkgEnvDetails.agent) {
-    case NPM$b:
+    case NPM$a:
       {
         await npmFix(pkgEnvDetails, cwd);
         break;
@@ -3505,7 +3516,7 @@ async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
 }
 
 const {
-  NPM: NPM$a
+  NPM: NPM$9
 } = registryConstants;
 function formatScore(score) {
   if (score > 80) {
@@ -3589,7 +3600,7 @@ function logPackageInfo({
     logger.logger.log('Package has no issues');
   }
   const format = new shadowNpmInject.ColorOrMarkdown(outputKind === 'markdown');
-  const url = shadowNpmInject.getSocketDevPackageOverviewUrl(NPM$a, pkgName, pkgVersion);
+  const url = shadowNpmInject.getSocketDevPackageOverviewUrl(NPM$9, pkgName, pkgVersion);
   logger.logger.log('\n');
   if (pkgVersion === 'latest') {
     logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName}`, url, {
@@ -4677,21 +4688,21 @@ async function run$l(argv, importMeta, {
 }
 
 const {
-  NPM: NPM$9
+  NPM: NPM$8
 } = constants;
 async function wrapNpm(argv) {
   // Lazily access constants.distShadowNpmBinPath.
   const shadowBin = require(constants.distShadowNpmBinPath);
-  await shadowBin(NPM$9, argv);
+  await shadowBin(NPM$8, argv);
 }
 
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$k,
-  NPM: NPM$8
+  NPM: NPM$7
 } = constants;
 const config$k = {
   commandName: 'npm',
-  description: `${NPM$8} wrapper functionality`,
+  description: `${NPM$7} wrapper functionality`,
   hidden: false,
   flags: {},
   help: (command, _config) => `
@@ -4806,7 +4817,7 @@ async function run$i(argv, importMeta, {
 
 const {
   BUN: BUN$4,
-  NPM: NPM$7,
+  NPM: NPM$6,
   PNPM: PNPM$6,
   VLT: VLT$4,
   YARN_BERRY: YARN_BERRY$4,
@@ -4818,7 +4829,7 @@ function matchLsCmdViewHumanStdout(stdout, name) {
 function matchQueryCmdStdout(stdout, name) {
   return stdout.includes(`"${name}"`);
 }
-const depsIncludesByAgent = new Map([[BUN$4, matchLsCmdViewHumanStdout], [NPM$7, matchQueryCmdStdout], [PNPM$6, matchQueryCmdStdout], [VLT$4, matchQueryCmdStdout], [YARN_BERRY$4, matchLsCmdViewHumanStdout], [YARN_CLASSIC$5, matchLsCmdViewHumanStdout]]);
+const depsIncludesByAgent = new Map([[BUN$4, matchLsCmdViewHumanStdout], [NPM$6, matchQueryCmdStdout], [PNPM$6, matchQueryCmdStdout], [VLT$4, matchQueryCmdStdout], [YARN_BERRY$4, matchLsCmdViewHumanStdout], [YARN_CLASSIC$5, matchLsCmdViewHumanStdout]]);
 
 function getDependencyEntries(pkgJson) {
   const {
@@ -4846,7 +4857,7 @@ function getDependencyEntries(pkgJson) {
 
 const {
   BUN: BUN$3,
-  NPM: NPM$6,
+  NPM: NPM$5,
   OVERRIDES: OVERRIDES$1,
   PNPM: PNPM$5,
   RESOLUTIONS: RESOLUTIONS$1,
@@ -4867,7 +4878,7 @@ function getOverridesDataBun(pkgJson) {
 function getOverridesDataNpm(pkgJson) {
   const overrides = pkgJson?.[OVERRIDES$1] ?? {};
   return {
-    type: NPM$6,
+    type: NPM$5,
     overrides
   };
 }
@@ -4908,7 +4919,7 @@ function getOverridesDataClassic(pkgJson) {
     overrides
   };
 }
-const overridesDataByAgent = new Map([[BUN$3, getOverridesDataBun], [NPM$6, getOverridesDataNpm], [PNPM$5, getOverridesDataPnpm], [VLT$3, getOverridesDataVlt], [YARN_BERRY$3, getOverridesDataYarn], [YARN_CLASSIC$4, getOverridesDataClassic]]);
+const overridesDataByAgent = new Map([[BUN$3, getOverridesDataBun], [NPM$5, getOverridesDataNpm], [PNPM$5, getOverridesDataPnpm], [VLT$3, getOverridesDataVlt], [YARN_BERRY$3, getOverridesDataYarn], [YARN_CLASSIC$4, getOverridesDataClassic]]);
 
 const {
   PNPM: PNPM$4
@@ -4956,7 +4967,7 @@ function workspacePatternToGlobPattern(workspace) {
 const {
   BUN: BUN$2,
   LOCK_EXT,
-  NPM: NPM$5,
+  NPM: NPM$4,
   PNPM: PNPM$3,
   VLT: VLT$2,
   YARN_BERRY: YARN_BERRY$2,
@@ -5000,11 +5011,11 @@ function includesYarn(lockSrc, name) {
   //   , name@
   `(?<=(?:^\\s*|,\\s*)"?)${escapedName}(?=@)`, 'm').test(lockSrc);
 }
-const lockfileIncludesByAgent = new Map([[BUN$2, includesBun], [NPM$5, includesNpm], [PNPM$3, includesPnpm], [VLT$2, includesVlt], [YARN_BERRY$2, includesYarn], [YARN_CLASSIC$3, includesYarn]]);
+const lockfileIncludesByAgent = new Map([[BUN$2, includesBun], [NPM$4, includesNpm], [PNPM$3, includesPnpm], [VLT$2, includesVlt], [YARN_BERRY$2, includesYarn], [YARN_CLASSIC$3, includesYarn]]);
 
 const {
   BUN: BUN$1,
-  NPM: NPM$4,
+  NPM: NPM$3,
   PNPM: PNPM$2,
   VLT: VLT$1,
   YARN_BERRY: YARN_BERRY$1,
@@ -5074,7 +5085,7 @@ async function lsNpm(agentExecPath, cwd) {
 }
 async function lsPnpm(agentExecPath, cwd, options) {
   const npmExecPath = options?.npmExecPath;
-  if (npmExecPath && npmExecPath !== NPM$4) {
+  if (npmExecPath && npmExecPath !== NPM$3) {
     const result = await npmQuery(npmExecPath, cwd);
     if (result) {
       return result;
@@ -5125,14 +5136,14 @@ async function lsYarnClassic(agentExecPath, cwd) {
   } catch {}
   return '';
 }
-const lsByAgent = new Map([[BUN$1, lsBun], [NPM$4, lsNpm], [PNPM$2, lsPnpm], [VLT$1, lsVlt], [YARN_BERRY$1, lsYarnBerry], [YARN_CLASSIC$2, lsYarnClassic]]);
+const lsByAgent = new Map([[BUN$1, lsBun], [NPM$3, lsNpm], [PNPM$2, lsPnpm], [VLT$1, lsVlt], [YARN_BERRY$1, lsYarnBerry], [YARN_CLASSIC$2, lsYarnClassic]]);
 
 const {
-  NPM: NPM$3
+  NPM_BUGGY_OVERRIDES_PATCHED_VERSION
 } = constants;
-const COMMAND_TITLE$1 = 'Socket Optimize';
 async function updateLockfile(pkgEnvDetails, options) {
   const {
+    cmdName = '',
     logger,
     spinner
   } = {
@@ -5145,12 +5156,12 @@ async function updateLockfile(pkgEnvDetails, options) {
       spinner
     });
     spinner?.stop();
-    if (pkgEnvDetails.agent === NPM$3) {
-      logger?.log(`💡 Re-run ${COMMAND_TITLE$1} whenever ${pkgEnvDetails.lockName} changes.\n   This can be skipped once npm v11.2.0 is released.`);
+    if (pkgEnvDetails.features.npmBuggyOverrides) {
+      logger?.log(`💡 Re-run ${cmdName ? `${cmdName} ` : ''}whenever ${pkgEnvDetails.lockName} changes.\n   This can be skipped for ${pkgEnvDetails.agent} >=${NPM_BUGGY_OVERRIDES_PATCHED_VERSION}.`);
     }
   } catch (e) {
     spinner?.stop();
-    logger?.fail(`${COMMAND_TITLE$1}: ${pkgEnvDetails.agent} install failed to update ${pkgEnvDetails.lockName}`);
+    logger?.fail(cmdPrefixMessage(cmdName, `${pkgEnvDetails.agent} install failed to update ${pkgEnvDetails.lockName}`));
     logger?.error(e);
   }
 }
@@ -5270,7 +5281,7 @@ const {
   PNPM,
   YARN_CLASSIC
 } = constants;
-const COMMAND_TITLE = 'Socket Optimize';
+const CMD_NAME = 'socket optimize';
 const manifestNpmOverrides = registry.getManifestData(NPM$1);
 async function addOverrides(pkgPath, pkgEnvDetails, options) {
   const {
@@ -5315,7 +5326,7 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
   const isWorkspace = !!workspaceGlobs;
   if (isWorkspace && agent === PNPM && npmExecPath === NPM$1 && !state.warnedPnpmWorkspaceRequiresNpm) {
     state.warnedPnpmWorkspaceRequiresNpm = true;
-    logger?.warn(`${COMMAND_TITLE}: pnpm workspace support requires \`npm ls\`, falling back to \`pnpm list\``);
+    logger?.warn(cmdPrefixMessage(CMD_NAME, 'pnpm workspace support requires `npm ls`, falling back to `pnpm list`'));
   }
   const thingToScan = isLockScanned ? lockSrc : await lsByAgent.get(agent)(agentExecPath, pkgPath, {
     npmExecPath
@@ -5455,6 +5466,7 @@ function createActionMessage(verb, overrideCount, workspaceCount) {
 }
 async function applyOptimization(cwd, pin, prod) {
   const pkgEnvDetails = await detectAndValidatePackageEnvironment(cwd, {
+    cmdName: CMD_NAME,
     logger: logger.logger,
     prod
   });
@@ -5486,10 +5498,9 @@ async function applyOptimization(cwd, pin, prod) {
   } else {
     logger.logger?.log('Congratulations! Already Socket.dev optimized 🎉');
   }
-  if (pkgEnvDetails.agent === NPM$1 || pkgJsonChanged) {
-    // Always update package-lock.json until the npm overrides PR lands:
-    // https://github.com/npm/cli/pull/8089
+  if (pkgJsonChanged || pkgEnvDetails.features.npmBuggyOverrides) {
     await updateLockfile(pkgEnvDetails, {
+      cmdName: CMD_NAME,
       logger: logger.logger,
       spinner
     });
@@ -8226,14 +8237,14 @@ async function run(argv, importMeta, {
 }
 
 const {
-  SOCKET,
+  SOCKET_CLI_BIN_NAME,
   rootPkgJsonPath
 } = constants;
 
 // TODO: Add autocompletion using https://socket.dev/npm/package/omelette
 void (async () => {
   await vendor.updater({
-    name: SOCKET,
+    name: SOCKET_CLI_BIN_NAME,
     version: require(rootPkgJsonPath).version,
     ttl: 86_400_000 /* 24 hours in milliseconds */
   });
@@ -8270,7 +8281,7 @@ void (async () => {
         }
       },
       argv: process$1.argv.slice(2),
-      name: SOCKET,
+      name: SOCKET_CLI_BIN_NAME,
       importMeta: {
         url: `${require$$0.pathToFileURL(__filename)}`
       }
@@ -8294,12 +8305,12 @@ void (async () => {
     } else {
       errorTitle = 'Unexpected error with no details';
     }
-    logger.logger.fail(`${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
+    logger.logger.fail(`${colors.bgRed(colors.white(`${errorTitle}:`))} ${errorMessage}`);
     if (errorBody) {
       logger.logger.error(`\n${errorBody}`);
     }
     await shadowNpmInject.captureException(e);
   }
 })();
-//# debugId=b5131c8e-e05e-4ce0-8d35-03afa5b09043
+//# debugId=2e8d9d04-20b0-4f47-8b02-b404f72bd2d
 //# sourceMappingURL=cli.js.map