@socketsecurity/cli-with-sentry 0.15.14 → 0.15.16

package/dist/cli.js

@@ -3516,7 +3516,7 @@ async function enablePrAutoMerge({
   if (error instanceof vendor.GraphqlResponseError && error.errors) {
     const details = error.errors.map(({
       message
-    }) => ` - ${message.trim()}`).join('\n');
+    }) => ` - ${message.trim()}`).join('\n').trim();
     message += `:\n${details}`;
   }
   logger.logger.error(message);
@@ -3686,11 +3686,18 @@ async function npmFix(pkgEnvDetails, {
   // Calling arb.reify() creates the arb.diff object, nulls-out arb.idealTree,
   // and populates arb.actualTree.
   let actualTree = await arb.reify();
-  const alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
-    limit
-  })) : await shadowInject.getAlertsMapFromArborist(arb, getAlertMapOptions({
-    limit
-  }));
+  let alertsMap;
+  try {
+    alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
+      limit
+    })) : await shadowInject.getAlertsMapFromArborist(arb, getAlertMapOptions({
+      limit
+    }));
+  } catch (e) {
+    spinner?.stop();
+    logger.logger.error(e?.message || 'Unknown Socket batch PURL API error');
+    return;
+  }
   const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
     limit
   });
@@ -3713,11 +3720,11 @@ async function npmFix(pkgEnvDetails, {
   infoEntriesLoop: for (let i = 0, {
       length
     } = sortedInfoEntries; i < length; i += 1) {
+    const isLastInfoEntry = i === length - 1;
     const {
       0: name,
       1: infos
     } = sortedInfoEntries[i];
-    const isLastInfoEntry = i === length - 1;
     logger.logger.log(`Processing vulnerable package: ${name}`);
     logger.logger.indent();
     spinner?.indent();
@@ -3736,17 +3743,14 @@ async function npmFix(pkgEnvDetails, {
     const warningsForAfter = new Set();
 
     // eslint-disable-next-line no-unused-labels
-    for (const pkgJsonPath of pkgJsonPaths) {
+    for (let j = 0, {
+        length: length_j
+      } = pkgJsonPaths; j < length_j; j += 1) {
+      const isLastPkgJsonPath = j === length_j - 1;
+      const pkgJsonPath = pkgJsonPaths[j];
       const pkgPath = path.dirname(pkgJsonPath);
       const isWorkspaceRoot = pkgJsonPath === pkgEnvDetails.editablePkgJson.filename;
       const workspaceName = isWorkspaceRoot ? 'root' : path.relative(rootPath, pkgPath);
-      logger.logger.log(`Checking workspace: ${workspaceName}`);
-      const workspaceLogCallCount = logger.logger.logCallCount;
-
-      // eslint-disable-next-line no-await-in-loop
-      actualTree = await install$1(arb, {
-        cwd
-      });
       const oldVersions = arrays.arrayUnique(shadowInject.findPackageNodes(actualTree, name).map(n => n.target?.version ?? n.version).filter(Boolean));
       if (!oldVersions.length) {
         logger.logger.warn(`Unexpected condition: Lockfile entries not found for ${name}.\n`);
@@ -3762,12 +3766,21 @@ async function npmFix(pkgEnvDetails, {
       const editablePkgJson = await packages.readPackageJson(pkgJsonPath, {
         editable: true
       });
+      let hasAnnouncedWorkspace = false;
+      let workspaceLogCallCount = logger.logger.logCallCount;
+      if (debug.isDebug()) {
+        debug.debugLog(`Checking workspace: ${workspaceName}`);
+        hasAnnouncedWorkspace = true;
+        workspaceLogCallCount = logger.logger.logCallCount;
+      }
       oldVersionsLoop: for (const oldVersion of oldVersions) {
         const oldId = `${name}@${oldVersion}`;
         const oldPurl = utils.idToPurl(oldId);
         const node = shadowInject.findPackageNode(actualTree, name, oldVersion);
         if (!node) {
-          logger.logger.warn(`Unexpected condition: Arborist node not found, skipping ${oldId}`);
+          if (hasAnnouncedWorkspace) {
+            logger.logger.warn(`Unexpected condition: Arborist node not found, skipping ${oldId}`);
+          }
           continue oldVersionsLoop;
         }
         infosLoop: for (const {
@@ -3807,18 +3820,18 @@ async function npmFix(pkgEnvDetails, {
           if (!(await editablePkgJson.save({
             ignoreWhitespace: true
           }))) {
-            logger.logger.info(`${workspaceName}/package.json not changed, skipping`);
+            debug.debugLog(`${workspaceName}/package.json not changed, skipping`);
             // Reset things just in case.
             if (isCi) {
               // eslint-disable-next-line no-await-in-loop
               await gitResetAndClean(baseBranch, cwd);
-              // eslint-disable-next-line no-await-in-loop
-              actualTree = await install$1(arb, {
-                cwd
-              });
             }
             continue infosLoop;
           }
+          if (!hasAnnouncedWorkspace) {
+            hasAnnouncedWorkspace = true;
+            workspaceLogCallCount = logger.logger.logCallCount;
+          }
           spinner?.start();
           spinner?.info(`Installing ${newId} in ${workspaceName}`);
           let error;
@@ -3836,14 +3849,25 @@ async function npmFix(pkgEnvDetails, {
                 stdio: 'ignore'
               });
             }
-            spinner?.successAndStop(`Fixed ${name} in ${workspaceName}`);
+            spinner?.success(`Fixed ${name} in ${workspaceName}`);
           } catch (e) {
             errored = true;
             error = e;
           }
+          spinner?.stop();
           if (!errored && isCi) {
             const branch = getSocketBranchName(oldPurl, newVersion, workspaceName);
             try {
+              const moddedFilepaths =
+              // eslint-disable-next-line no-await-in-loop
+              (await gitUnstagedModifiedFiles(cwd)).filter(p => {
+                const basename = path.basename(p);
+                return basename === 'package.json' || basename === 'package-lock.json';
+              });
+              if (!moddedFilepaths.length) {
+                logger.logger.warn('Unexpected condition: Nothing to commit, skipping PR creation.');
+                continue infosLoop;
+              }
               const {
                 owner,
                 repo
@@ -3851,27 +3875,35 @@ async function npmFix(pkgEnvDetails, {
               // eslint-disable-next-line no-await-in-loop
               if (await prExistForBranch(owner, repo, branch)) {
                 debug.debugLog(`Branch "${branch}" exists, skipping PR creation.`);
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install$1(arb, {
+                  cwd
+                });
                 continue infosLoop;
               }
               // eslint-disable-next-line no-await-in-loop
               if (await gitRemoteBranchExists(branch, cwd)) {
                 debug.debugLog(`Remote branch "${branch}" exists, skipping PR creation.`);
-                continue infosLoop;
-              }
-              const moddedFilepaths =
-              // eslint-disable-next-line no-await-in-loop
-              (await gitUnstagedModifiedFiles(cwd)).filter(p => {
-                const basename = path.basename(p);
-                return basename === 'package.json' || basename === 'package-lock.json';
-              });
-              if (!moddedFilepaths.length) {
-                logger.logger.warn('Unexpected condition: Nothing to commit, skipping PR creation.');
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install$1(arb, {
+                  cwd
+                });
                 continue infosLoop;
               }
               if (
               // eslint-disable-next-line no-await-in-loop
               !(await gitCreateAndPushBranch(branch, getSocketCommitMessage(oldPurl, newVersion, workspaceName), moddedFilepaths, cwd))) {
                 logger.logger.warn('Unexpected condition: Push failed, skipping PR creation.');
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install$1(arb, {
+                  cwd
+                });
                 continue infosLoop;
               }
               // eslint-disable-next-line no-await-in-loop
@@ -3888,10 +3920,14 @@ async function npmFix(pkgEnvDetails, {
                 const {
                   data
                 } = prResponse;
-                logger.logger.info(`Opened PR #${data.number}.`);
+                logger.logger.success(`Opened PR #${data.number}.`);
                 if (autoMerge) {
+                  logger.logger.indent();
+                  spinner?.indent();
                   // eslint-disable-next-line no-await-in-loop
                   await enablePrAutoMerge(data);
+                  logger.logger.dedent();
+                  spinner?.dedent();
                 }
               }
             } catch (e) {
@@ -3909,6 +3945,7 @@ async function npmFix(pkgEnvDetails, {
           }
           if (errored) {
             if (!isCi) {
+              spinner?.start();
               editablePkgJson.update(revertData);
               // eslint-disable-next-line no-await-in-loop
               await Promise.all([utils.removeNodeModules(cwd), editablePkgJson.save({
@@ -3918,8 +3955,9 @@ async function npmFix(pkgEnvDetails, {
               actualTree = await install$1(arb, {
                 cwd
               });
+              spinner?.stop();
             }
-            spinner?.failAndStop(`Update failed for ${oldId} in ${workspaceName}`, error);
+            logger.logger.fail(`Update failed for ${oldId} in ${workspaceName}`, error);
           }
           if (++count >= limit) {
             logger.logger.dedent();
@@ -3928,15 +3966,15 @@ async function npmFix(pkgEnvDetails, {
           }
         }
       }
-      if (logger.logger.logCallCount > workspaceLogCallCount) {
-        logger.logger.log('');
+      if (!isLastPkgJsonPath && logger.logger.logCallCount > workspaceLogCallCount) {
+        logger.logger.logNewline();
       }
     }
     for (const warningText of warningsForAfter) {
       logger.logger.warn(warningText);
     }
     if (!isLastInfoEntry) {
-      logger.logger.log('');
+      logger.logger.logNewline();
     }
     logger.logger.dedent();
     spinner?.dedent();
@@ -4026,17 +4064,25 @@ async function pnpmFix(pkgEnvDetails, {
     });
     lockfile = await utils.readPnpmLockfile(lockfilePath);
   }
+
   // Exit early if pnpm-lock.yaml is not found.
   if (!lockfile) {
     spinner?.stop();
     logger.logger.error('Required pnpm-lock.yaml not found.');
     return;
   }
-  const alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
-    limit
-  })) : await utils.getAlertsMapFromPnpmLockfile(lockfile, getAlertMapOptions({
-    limit
-  }));
+  let alertsMap;
+  try {
+    alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
+      limit
+    })) : await utils.getAlertsMapFromPnpmLockfile(lockfile, getAlertMapOptions({
+      limit
+    }));
+  } catch (e) {
+    spinner?.stop();
+    logger.logger.error(e?.message || 'Unknown Socket batch PURL API error');
+    return;
+  }
   const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
     limit
   });
@@ -4059,11 +4105,11 @@ async function pnpmFix(pkgEnvDetails, {
   infoEntriesLoop: for (let i = 0, {
       length
     } = sortedInfoEntries; i < length; i += 1) {
+    const isLastInfoEntry = i === length - 1;
     const {
       0: name,
       1: infos
     } = sortedInfoEntries[i];
-    const isLastInfoEntry = i === length - 1;
     logger.logger.log(`Processing vulnerable package: ${name}`);
     logger.logger.indent();
     spinner?.indent();
@@ -4082,18 +4128,26 @@ async function pnpmFix(pkgEnvDetails, {
     const warningsForAfter = new Set();
 
     // eslint-disable-next-line no-unused-labels
-    for (const pkgJsonPath of pkgJsonPaths) {
+    for (let j = 0, {
+        length: length_j
+      } = pkgJsonPaths; j < length_j; j += 1) {
+      const isLastPkgJsonPath = j === length_j - 1;
+      const pkgJsonPath = pkgJsonPaths[j];
       const pkgPath = path.dirname(pkgJsonPath);
       const isWorkspaceRoot = pkgJsonPath === pkgEnvDetails.editablePkgJson.filename;
       const workspaceName = isWorkspaceRoot ? 'root' : path.relative(rootPath, pkgPath);
-      logger.logger.log(`Checking workspace: ${workspaceName}`);
-      const workspaceLogCallCount = logger.logger.logCallCount;
 
-      // eslint-disable-next-line no-await-in-loop
-      actualTree = await install(pkgEnvDetails, {
-        cwd,
-        spinner
-      });
+      // actualTree may not be defined on the first iteration of pkgJsonPathsLoop.
+      if (!actualTree) {
+        actualTree = fs$1.existsSync(path.join(rootPath, 'node_modules')) ?
+        // eslint-disable-next-line no-await-in-loop
+        await getActualTree(cwd) :
+        // eslint-disable-next-line no-await-in-loop
+        await install(pkgEnvDetails, {
+          cwd,
+          spinner
+        });
+      }
       const oldVersions = arrays.arrayUnique(shadowInject.findPackageNodes(actualTree, name).map(n => n.version).filter(Boolean));
       if (!oldVersions.length) {
         logger.logger.warn(`Unexpected condition: Lockfile entries not found for ${name}.\n`);
@@ -4109,15 +4163,24 @@ async function pnpmFix(pkgEnvDetails, {
       const editablePkgJson = await packages.readPackageJson(pkgJsonPath, {
         editable: true
       });
-      // Get current overrides for revert logic
+      // Get current overrides for revert logic.
       const oldPnpmSection = editablePkgJson.content[PNPM$7];
       const oldOverrides = oldPnpmSection?.[OVERRIDES$2];
+      let hasAnnouncedWorkspace = false;
+      let workspaceLogCallCount = logger.logger.logCallCount;
+      if (debug.isDebug()) {
+        debug.debugLog(`Checking workspace: ${workspaceName}`);
+        hasAnnouncedWorkspace = true;
+        workspaceLogCallCount = logger.logger.logCallCount;
+      }
       oldVersionsLoop: for (const oldVersion of oldVersions) {
         const oldId = `${name}@${oldVersion}`;
         const oldPurl = utils.idToPurl(oldId);
         const node = shadowInject.findPackageNode(actualTree, name, oldVersion);
         if (!node) {
-          logger.logger.warn(`Unexpected condition: Arborist node not found, skipping ${oldId}`);
+          if (hasAnnouncedWorkspace) {
+            logger.logger.warn(`Unexpected condition: Arborist node not found, skipping ${oldId}`);
+          }
           continue oldVersionsLoop;
         }
         infosLoop: for (const {
@@ -4176,19 +4239,18 @@ async function pnpmFix(pkgEnvDetails, {
           if (!(await editablePkgJson.save({
             ignoreWhitespace: true
           }))) {
-            logger.logger.info(`${workspaceName}/package.json not changed, skipping`);
+            debug.debugLog(`${workspaceName}/package.json not changed, skipping`);
             // Reset things just in case.
             if (isCi) {
               // eslint-disable-next-line no-await-in-loop
               await gitResetAndClean(baseBranch, cwd);
-              // eslint-disable-next-line no-await-in-loop
-              actualTree = await install(pkgEnvDetails, {
-                cwd,
-                spinner
-              });
             }
             continue infosLoop;
           }
+          if (!hasAnnouncedWorkspace) {
+            hasAnnouncedWorkspace = true;
+            workspaceLogCallCount = logger.logger.logCallCount;
+          }
           spinner?.start();
           spinner?.info(`Installing ${newId} in ${workspaceName}`);
           let error;
@@ -4207,15 +4269,25 @@ async function pnpmFix(pkgEnvDetails, {
                 stdio: 'ignore'
               });
             }
-            spinner?.successAndStop(`Fixed ${name} in ${workspaceName}`);
+            spinner?.success(`Fixed ${name} in ${workspaceName}`);
           } catch (e) {
             error = e;
             errored = true;
-            spinner?.stop();
           }
+          spinner?.stop();
           if (!errored && isCi) {
             const branch = getSocketBranchName(oldPurl, newVersion, workspaceName);
             try {
+              const moddedFilepaths =
+              // eslint-disable-next-line no-await-in-loop
+              (await gitUnstagedModifiedFiles(cwd)).filter(p => {
+                const basename = path.basename(p);
+                return basename === 'package.json' || basename === 'pnpm-lock.yaml';
+              });
+              if (!moddedFilepaths.length) {
+                logger.logger.warn('Unexpected condition: Nothing to commit, skipping PR creation.');
+                continue infosLoop;
+              }
               const {
                 owner,
                 repo
@@ -4223,27 +4295,38 @@ async function pnpmFix(pkgEnvDetails, {
               // eslint-disable-next-line no-await-in-loop
               if (await prExistForBranch(owner, repo, branch)) {
                 debug.debugLog(`Branch "${branch}" exists, skipping PR creation.`);
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install(pkgEnvDetails, {
+                  cwd,
+                  spinner
+                });
                 continue infosLoop;
               }
               // eslint-disable-next-line no-await-in-loop
               if (await gitRemoteBranchExists(branch, cwd)) {
                 debug.debugLog(`Remote branch "${branch}" exists, skipping PR creation.`);
-                continue infosLoop;
-              }
-              const moddedFilepaths =
-              // eslint-disable-next-line no-await-in-loop
-              (await gitUnstagedModifiedFiles(cwd)).filter(p => {
-                const basename = path.basename(p);
-                return basename === 'package.json' || basename === 'pnpm-lock.yaml';
-              });
-              if (!moddedFilepaths.length) {
-                logger.logger.warn('Unexpected condition: Nothing to commit, skipping PR creation.');
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install(pkgEnvDetails, {
+                  cwd,
+                  spinner
+                });
                 continue infosLoop;
               }
               if (
               // eslint-disable-next-line no-await-in-loop
               !(await gitCreateAndPushBranch(branch, getSocketCommitMessage(oldPurl, newVersion, workspaceName), moddedFilepaths, cwd))) {
                 logger.logger.warn('Unexpected condition: Push failed, skipping PR creation.');
+                // eslint-disable-next-line no-await-in-loop
+                await gitResetAndClean(baseBranch, cwd);
+                // eslint-disable-next-line no-await-in-loop
+                actualTree = await install(pkgEnvDetails, {
+                  cwd,
+                  spinner
+                });
                 continue infosLoop;
               }
               // eslint-disable-next-line no-await-in-loop
@@ -4260,10 +4343,14 @@ async function pnpmFix(pkgEnvDetails, {
                 const {
                   data
                 } = prResponse;
-                logger.logger.info(`Opened PR #${data.number}.`);
+                logger.logger.success(`Opened PR #${data.number}.`);
                 if (autoMerge) {
+                  logger.logger.indent();
+                  spinner?.indent();
                   // eslint-disable-next-line no-await-in-loop
                   await enablePrAutoMerge(data);
+                  logger.logger.dedent();
+                  spinner?.dedent();
                 }
               }
             } catch (e) {
@@ -4282,6 +4369,7 @@ async function pnpmFix(pkgEnvDetails, {
           }
           if (errored) {
             if (!isCi) {
+              spinner?.start();
               editablePkgJson.update(revertData);
               // eslint-disable-next-line no-await-in-loop
               await Promise.all([utils.removeNodeModules(cwd), editablePkgJson.save({
@@ -4292,8 +4380,9 @@ async function pnpmFix(pkgEnvDetails, {
                 cwd,
                 spinner
               });
+              spinner?.stop();
             }
-            spinner?.failAndStop(`Update failed for ${oldId} in ${workspaceName}`, error);
+            logger.logger.fail(`Update failed for ${oldId} in ${workspaceName}`, error);
           }
           if (++count >= limit) {
             logger.logger.dedent();
@@ -4302,15 +4391,15 @@ async function pnpmFix(pkgEnvDetails, {
           }
         }
       }
-      if (logger.logger.logCallCount > workspaceLogCallCount) {
-        logger.logger.log('');
+      if (!isLastPkgJsonPath && logger.logger.logCallCount > workspaceLogCallCount) {
+        logger.logger.logNewline();
       }
     }
     for (const warningText of warningsForAfter) {
       logger.logger.warn(warningText);
     }
     if (!isLastInfoEntry) {
-      logger.logger.log('');
+      logger.logger.logNewline();
     }
     logger.logger.dedent();
     spinner?.dedent();
@@ -5091,80 +5180,321 @@ async function run$z(argv, importMeta, {
   attemptLogout();
 }
 
-async function convertCondaToRequirements(target, cwd, verbose) {
-  let contents;
-  if (target === '-') {
-    if (verbose) {
-      logger.logger.info(`[VERBOSE] reading input from stdin`);
+async function convertGradleToMaven(target, bin, cwd, verbose, gradleOpts) {
+  // TODO: impl json/md
+  if (verbose) {
+    logger.logger.log('[VERBOSE] Resolving:', [cwd, bin]);
+  }
+  const rbin = path.resolve(cwd, bin);
+  if (verbose) {
+    logger.logger.log('[VERBOSE] Resolving:', [cwd, target]);
+  }
+  const rtarget = path.resolve(cwd, target);
+  const binExists = fs$1.existsSync(rbin);
+  const targetExists = fs$1.existsSync(rtarget);
+  logger.logger.group('gradle2maven:');
+  if (verbose || debug.isDebug()) {
+    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\` (${binExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
+    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\` (${targetExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
+  } else {
+    logger.logger.log(`- executing: \`${rbin}\``);
+    if (!binExists) {
+      logger.logger.warn('Warning: It appears the executable could not be found at this location. An error might be printed later because of that.');
     }
-    const buf = [];
-    contents = await new Promise((resolve, reject) => {
-      process.stdin.on('data', chunk => {
-        const input = chunk.toString();
-        buf.push(input);
-      });
-      process.stdin.on('end', () => {
-        resolve(buf.join(''));
-      });
-      process.stdin.on('error', e => {
-        if (verbose) {
-          logger.logger.error('Unexpected error while reading from stdin:', e);
-        }
-        reject(e);
-      });
-      process.stdin.on('close', () => {
-        if (buf.length === 0) {
-          if (verbose) {
-            logger.logger.error('stdin closed explicitly without data received');
-          }
-          reject(new Error('No data received from stdin'));
-        } else {
-          if (verbose) {
-            logger.logger.error('warning: stdin closed explicitly with some data received');
-          }
-          resolve(buf.join(''));
-        }
-      });
-    });
-    if (!contents) {
-      return {
-        ok: false,
-        message: 'Manifest Generation Failed',
-        cause: 'No data received from stdin'
-      };
+    logger.logger.log(`- src dir: \`${rtarget}\``);
+    if (!targetExists) {
+      logger.logger.warn('Warning: It appears the src dir could not be found at this location. An error might be printed later because of that.');
     }
-  } else {
-    const f = path.resolve(cwd, target);
+  }
+  logger.logger.groupEnd();
+  try {
+    // Run gradlew with the init script we provide which should yield zero or more
+    // pom files. We have to figure out where to store those pom files such that
+    // we can upload them and predict them through the GitHub API. We could do a
+    // .socket folder. We could do a socket.pom.gz with all the poms, although
+    // I'd prefer something plain-text if it is to be committed.
+
+    // Note: init.gradle will be exported by .config/rollup.dist.config.mjs
+    const initLocation = path.join(constants.distPath, 'init.gradle');
+    const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
     if (verbose) {
-      logger.logger.info(`[VERBOSE] target file: ${f}`);
+      logger.logger.log('[VERBOSE] Executing:', [bin], ', args:', commandArgs);
     }
-    if (!fs$1.existsSync(f)) {
-      return {
-        ok: false,
-        message: 'Manifest Generation Failed',
-        cause: `Input file not found at ${f}`
-      };
+    logger.logger.log(`Converting gradle to maven from \`${bin}\` on \`${target}\` ...`);
+    const output = await execGradleWithSpinner(rbin, commandArgs, rtarget, cwd);
+    if (verbose) {
+      logger.logger.group('[VERBOSE] gradle stdout:');
+      logger.logger.log(output);
+      logger.logger.groupEnd();
     }
-    contents = fs$1.readFileSync(target, 'utf8');
-    if (!contents) {
-      return {
-        ok: false,
-        message: 'Manifest Generation Failed',
-        cause: 'File is empty'
-      };
+    if (output.code !== 0) {
+      process.exitCode = 1;
+      logger.logger.fail(`Gradle exited with exit code ${output.code}`);
+      // (In verbose mode, stderr was printed above, no need to repeat it)
+      if (!verbose) {
+        logger.logger.group('stderr:');
+        logger.logger.error(output.stderr);
+        logger.logger.groupEnd();
+      }
+      return;
+    }
+    logger.logger.success('Executed gradle successfully');
+    logger.logger.log('Reported exports:');
+    output.stdout.replace(/^POM file copied to: (.*)/gm, (_all, fn) => {
+      logger.logger.log('- ', fn);
+      return fn;
+    });
+    logger.logger.log('');
+    logger.logger.log('Next step is to generate a Scan by running the `socket scan create` command on the same directory');
+  } catch (e) {
+    process.exitCode = 1;
+    logger.logger.fail('There was an unexpected error while generating manifests' + (verbose ? '' : '  (use --verbose for details)'));
+    if (verbose) {
+      logger.logger.group('[VERBOSE] error:');
+      logger.logger.log(e);
+      logger.logger.groupEnd();
     }
   }
-  return {
-    ok: true,
-    data: {
-      contents,
-      pip: convertCondaToRequirementsFromInput(contents)
+}
+async function execGradleWithSpinner(bin, commandArgs, target, cwd) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  let pass = false;
+  try {
+    spinner.start(`Running gradlew... (this can take a while, it depends on how long gradlew has to run)`);
+    const output = await spawn.spawn(bin, commandArgs, {
+      // We can pipe the output through to have the user see the result
+      // of running gradlew, but then we can't (easily) gather the output
+      // to discover the generated files... probably a flag we should allow?
+      // stdio: isDebug() ? 'inherit' : undefined,
+      cwd: target || cwd
+    });
+    pass = true;
+    const {
+      code,
+      stderr,
+      stdout
+    } = output;
+    return {
+      code,
+      stdout,
+      stderr
+    };
+  } finally {
+    if (pass) {
+      spinner.successAndStop('Completed gradlew execution');
+    } else {
+      spinner.failAndStop('There was an error while trying to run gradlew.');
     }
-  };
+  }
 }
 
-// Just extract the first pip block, if one exists at all.
-function convertCondaToRequirementsFromInput(input) {
+async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
+  // TODO: impl json/md
+
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  const rbin = path.resolve(bin);
+  const rtarget = path.resolve(target);
+  if (verbose) {
+    logger.logger.group('sbt2maven:');
+    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\``);
+    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\``);
+    // logger.log(`[VERBOSE] - Absolute out path: \`${rout}\``)
+    logger.logger.groupEnd();
+  } else {
+    logger.logger.group('sbt2maven:');
+    logger.logger.log(`- executing: \`${bin}\``);
+    logger.logger.log(`- src dir: \`${target}\``);
+    // logger.log(`- dst dir: \`${out}\``)
+    logger.logger.groupEnd();
+  }
+  try {
+    spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
+
+    // Run sbt with the init script we provide which should yield zero or more
+    // pom files. We have to figure out where to store those pom files such that
+    // we can upload them and predict them through the GitHub API. We could do a
+    // .socket folder. We could do a socket.pom.gz with all the poms, although
+    // I'd prefer something plain-text if it is to be committed.
+    const output = await spawn.spawn(bin, ['makePom'].concat(sbtOpts), {
+      cwd: target || '.'
+    });
+    spinner.stop();
+    if (verbose) {
+      logger.logger.group('[VERBOSE] sbt stdout:');
+      logger.logger.log(output);
+      logger.logger.groupEnd();
+    }
+    if (output.stderr) {
+      process.exitCode = 1;
+      logger.logger.fail('There were errors while running sbt');
+      // (In verbose mode, stderr was printed above, no need to repeat it)
+      if (!verbose) {
+        logger.logger.group('[VERBOSE] stderr:');
+        logger.logger.error(output.stderr);
+        logger.logger.groupEnd();
+      }
+      return;
+    }
+    const poms = [];
+    output.stdout.replace(/Wrote (.*?.pom)\n/g, (_all, fn) => {
+      poms.push(fn);
+      return fn;
+    });
+    if (!poms.length) {
+      process.exitCode = 1;
+      logger.logger.fail('There were no errors from sbt but it seems to not have generated any poms either');
+      return;
+    }
+    // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
+    // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
+    // TODO: maybe we can add an option to target a specific file to dump to stdout
+    if (out === '-' && poms.length === 1) {
+      logger.logger.log('Result:\n```');
+      logger.logger.log(await utils.safeReadFile(poms[0]));
+      logger.logger.log('```');
+      logger.logger.success(`OK`);
+    } else if (out === '-') {
+      process.exitCode = 1;
+      logger.logger.fail('Requested out target was stdout but there are multiple generated files');
+      poms.forEach(fn => logger.logger.error('-', fn));
+      logger.logger.info('Exiting now...');
+      return;
+    } else {
+      // if (verbose) {
+      //   logger.log(
+      //     `Moving manifest file from \`${loc.replace(/^\/home\/[^/]*?\//, '~/')}\` to \`${out}\``
+      //   )
+      // } else {
+      //   logger.log('Moving output pom file')
+      // }
+      // TODO: do we prefer fs-extra? renaming can be gnarly on windows and fs-extra's version is better
+      // await renamep(loc, out)
+      logger.logger.success(`Generated ${poms.length} pom files`);
+      poms.forEach(fn => logger.logger.log('-', fn));
+      logger.logger.success(`OK`);
+    }
+  } catch (e) {
+    process.exitCode = 1;
+    spinner.stop();
+    logger.logger.fail('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    if (verbose) {
+      logger.logger.group('[VERBOSE] error:');
+      logger.logger.log(e);
+      logger.logger.groupEnd();
+    }
+  }
+}
+
+// The point here is to attempt to detect the various supported manifest files
+// the CLI can generate. This would be environments that we can't do server side
+
+async function detectManifestActions(cwd = process.cwd()) {
+  const output = {
+    cdxgen: false,
+    // TODO
+    conda: false,
+    gradle: false,
+    sbt: false
+  };
+  if (fs$1.existsSync(path.join(cwd, 'build.sbt'))) {
+    debug.debugLog('Detected a Scala sbt build, running default Scala generator...');
+    output.sbt = true;
+  }
+  if (fs$1.existsSync(path.join(cwd, 'gradlew'))) {
+    debug.debugLog('Detected a gradle build, running default gradle generator...');
+    output.gradle = true;
+  }
+  const envyml = path.join(cwd, 'environment.yml');
+  const hasEnvyml = fs$1.existsSync(envyml);
+  const envyaml = path.join(cwd, 'environment.yaml');
+  const hasEnvyaml = !hasEnvyml && fs$1.existsSync(envyaml);
+  if (hasEnvyml || hasEnvyaml) {
+    debug.debugLog('Detected an environment.yml file, running default Conda generator...');
+    output.conda = true;
+  }
+  return output;
+}
+
+async function convertCondaToRequirements(target, cwd, verbose) {
+  let contents;
+  if (target === '-') {
+    if (verbose) {
+      logger.logger.info(`[VERBOSE] reading input from stdin`);
+    }
+    const buf = [];
+    contents = await new Promise((resolve, reject) => {
+      process.stdin.on('data', chunk => {
+        const input = chunk.toString();
+        buf.push(input);
+      });
+      process.stdin.on('end', () => {
+        resolve(buf.join(''));
+      });
+      process.stdin.on('error', e => {
+        if (verbose) {
+          logger.logger.error('Unexpected error while reading from stdin:', e);
+        }
+        reject(e);
+      });
+      process.stdin.on('close', () => {
+        if (buf.length === 0) {
+          if (verbose) {
+            logger.logger.error('stdin closed explicitly without data received');
+          }
+          reject(new Error('No data received from stdin'));
+        } else {
+          if (verbose) {
+            logger.logger.error('warning: stdin closed explicitly with some data received');
+          }
+          resolve(buf.join(''));
+        }
+      });
+    });
+    if (!contents) {
+      return {
+        ok: false,
+        message: 'Manifest Generation Failed',
+        cause: 'No data received from stdin'
+      };
+    }
+  } else {
+    const f = path.resolve(cwd, target);
+    if (verbose) {
+      logger.logger.info(`[VERBOSE] target file: ${f}`);
+    }
+    if (!fs$1.existsSync(f)) {
+      return {
+        ok: false,
+        message: 'Manifest Generation Failed',
+        cause: `Input file not found at ${f}`
+      };
+    }
+    contents = fs$1.readFileSync(target, 'utf8');
+    if (!contents) {
+      return {
+        ok: false,
+        message: 'Manifest Generation Failed',
+        cause: 'File is empty'
+      };
+    }
+  }
+  return {
+    ok: true,
+    data: {
+      contents,
+      pip: convertCondaToRequirementsFromInput(contents)
+    }
+  };
+}
+
+// Just extract the first pip block, if one exists at all.
+function convertCondaToRequirementsFromInput(input) {
   const keeping = [];
   let collecting = false;
   let delim = '-';
@@ -5269,48 +5599,34 @@ const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$v
 } = constants;
 const config$y = {
-  commandName: 'conda',
-  description: '[beta] Convert a Conda environment.yml file to a python requirements.txt',
+  commandName: 'auto',
+  description: 'Auto-detect build and attempt to generate manifest file',
   hidden: false,
   flags: {
     ...utils.commonFlags,
-    ...utils.outputFlags,
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    out: {
-      type: 'string',
-      default: '-',
-      description: 'Output target (use `-` or omit to print to stdout)'
-    },
     verbose: {
       type: 'boolean',
-      description: 'Print debug messages'
+      default: false,
+      description: 'Enable debug output, may help when running into errors'
     }
   },
   help: (command, config) => `
     Usage
-      $ ${command} FILE
-
-    Warning: While we don't support Conda necessarily, this tool extracts the pip
-             block from an environment.yml and outputs it as a requirements.txt
-             which you can scan as if it were a pypi package.
-
-    USE AT YOUR OWN RISK
-
-    Note: FILE can be a dash (-) to indicate stdin. This way you can pipe the
-          contents of a file to have it processed.
+      $ ${command}
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
 
-    Examples
-
-      $ ${command} ./environment.yml
+    Tries to figure out what language your current repo uses. If it finds a
+    supported case then it will try to generate the manifest file for that
+    language with the default or detected settings.
   `
 };
-const cmdManifestConda = {
+const cmdManifestAuto = {
   description: config$y.description,
   hidden: config$y.hidden,
   run: run$y
@@ -5325,189 +5641,71 @@ async function run$y(argv, importMeta, {
     parentName
   });
   const {
-    cwd = process.cwd(),
-    json = false,
-    markdown = false,
-    out = '-',
-    verbose = false
+    cwd: cwdFlag,
+    json,
+    markdown,
+    verbose: verboseFlag
   } = cli.flags;
   const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
-
-  const [target = ''] = cli.input;
+  const cwd = String(cwdFlag || process.cwd());
+  const verbose = !!verboseFlag;
   if (verbose) {
     logger.logger.group('- ', parentName, config$y.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
-    logger.logger.log('- target:', target);
-    logger.logger.log('- output:', out);
+    logger.logger.log('- input:', cli.input);
+    logger.logger.log('- cwd:', cwd);
     logger.logger.groupEnd();
   }
-  const wasValidInput = utils.checkCommandInput(outputKind, {
-    test: !!target,
-    message: 'The FILE arg is required',
-    pass: 'ok',
-    fail: 'missing'
-  }, {
-    nook: true,
-    test: cli.input.length <= 1,
-    message: 'Can only accept one DIR (make sure to escape spaces!)',
-    pass: 'ok',
-    fail: 'received ' + cli.input.length
-  }, {
-    nook: true,
-    test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
-    pass: 'ok',
-    fail: 'bad'
-  });
-  if (!wasValidInput) {
-    return;
-  }
-  logger.logger.warn('Warning: This will approximate your Conda dependencies using PyPI. We do not yet officially support Conda. Use at your own risk.');
+  const result = await detectManifestActions(String(cwd));
+  debug.debugLog(result);
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$v);
     return;
   }
-  await handleManifestConda(target, String(out || ''), json ? 'json' : markdown ? 'markdown' : 'text', String(cwd), Boolean(verbose));
-}
-
-async function convertGradleToMaven(target, bin, cwd, verbose, gradleOpts) {
-  // TODO: impl json/md
-  if (verbose) {
-    logger.logger.log('[VERBOSE] Resolving:', [cwd, bin]);
-  }
-  const rbin = path.resolve(cwd, bin);
-  if (verbose) {
-    logger.logger.log('[VERBOSE] Resolving:', [cwd, target]);
-  }
-  const rtarget = path.resolve(cwd, target);
-  const binExists = fs$1.existsSync(rbin);
-  const targetExists = fs$1.existsSync(rtarget);
-  logger.logger.group('gradle2maven:');
-  if (verbose || debug.isDebug()) {
-    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\` (${binExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
-    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\` (${targetExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
-  } else {
-    logger.logger.log(`- executing: \`${rbin}\``);
-    if (!binExists) {
-      logger.logger.warn('Warning: It appears the executable could not be found at this location. An error might be printed later because of that.');
-    }
-    logger.logger.log(`- src dir: \`${rtarget}\``);
-    if (!targetExists) {
-      logger.logger.warn('Warning: It appears the src dir could not be found at this location. An error might be printed later because of that.');
-    }
-  }
-  logger.logger.groupEnd();
-  try {
-    // Run gradlew with the init script we provide which should yield zero or more
-    // pom files. We have to figure out where to store those pom files such that
-    // we can upload them and predict them through the GitHub API. We could do a
-    // .socket folder. We could do a socket.pom.gz with all the poms, although
-    // I'd prefer something plain-text if it is to be committed.
-
-    // Note: init.gradle will be exported by .config/rollup.dist.config.mjs
-    const initLocation = path.join(constants.distPath, 'init.gradle');
-    const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
-    if (verbose) {
-      logger.logger.log('[VERBOSE] Executing:', [bin], ', args:', commandArgs);
-    }
-    logger.logger.log(`Converting gradle to maven from \`${bin}\` on \`${target}\` ...`);
-    const output = await execGradleWithSpinner(rbin, commandArgs, rtarget, cwd);
-    if (verbose) {
-      logger.logger.group('[VERBOSE] gradle stdout:');
-      logger.logger.log(output);
-      logger.logger.groupEnd();
-    }
-    if (output.code !== 0) {
-      process.exitCode = 1;
-      logger.logger.fail(`Gradle exited with exit code ${output.code}`);
-      // (In verbose mode, stderr was printed above, no need to repeat it)
-      if (!verbose) {
-        logger.logger.group('stderr:');
-        logger.logger.error(output.stderr);
-        logger.logger.groupEnd();
-      }
-      return;
-    }
-    logger.logger.success('Executed gradle successfully');
-    logger.logger.log('Reported exports:');
-    output.stdout.replace(/^POM file copied to: (.*)/gm, (_all, fn) => {
-      logger.logger.log('- ', fn);
-      return fn;
-    });
+  const found = Object.values(result).reduce((sum, now) => now ? sum + 1 : sum, 0);
+  if (!found) {
+    logger.logger.fail(' Was unable to discover any targets for which we can generate manifest files...');
     logger.logger.log('');
-    logger.logger.log('Next step is to generate a Scan by running the `socket scan create` command on the same directory');
-  } catch (e) {
+    logger.logger.log('- Make sure this script would work with your target build (see `socket manifest --help` for your target).');
+    logger.logger.log('- Make sure to run it from the correct dir (use --cwd to target another dir)');
+    logger.logger.log('- Make sure the necessary build tools are available (`PATH`)');
     process.exitCode = 1;
-    logger.logger.fail('There was an unexpected error while generating manifests' + (verbose ? '' : '  (use --verbose for details)'));
-    if (verbose) {
-      logger.logger.group('[VERBOSE] error:');
-      logger.logger.log(e);
-      logger.logger.groupEnd();
-    }
+    return;
   }
-}
-async function execGradleWithSpinner(bin, commandArgs, target, cwd) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  let pass = false;
-  try {
-    spinner.start(`Running gradlew... (this can take a while, it depends on how long gradlew has to run)`);
-    const output = await spawn.spawn(bin, commandArgs, {
-      // We can pipe the output through to have the user see the result
-      // of running gradlew, but then we can't (easily) gather the output
-      // to discover the generated files... probably a flag we should allow?
-      // stdio: isDebug() ? 'inherit' : undefined,
-      cwd: target || cwd
-    });
-    pass = true;
-    const {
-      code,
-      stderr,
-      stdout
-    } = output;
-    return {
-      code,
-      stdout,
-      stderr
-    };
-  } finally {
-    if (pass) {
-      spinner.successAndStop('Completed gradlew execution');
-    } else {
-      spinner.failAndStop('There was an error while trying to run gradlew.');
-    }
+  if (result.sbt) {
+    logger.logger.log('Detected a Scala sbt build, generating pom files with sbt...');
+    await convertSbtToMaven(cwd, 'sbt', './socket.sbt.pom.xml', verbose, []);
+  }
+  if (result.gradle) {
+    logger.logger.log('Detected a gradle build (Gradle, Kotlin, Scala), running default gradle generator...');
+    await convertGradleToMaven(cwd, path.join(cwd, 'gradlew'), cwd, verbose, []);
+  }
+  if (result.conda) {
+    logger.logger.log('Detected an environment.yml file, running default Conda generator...');
+    await handleManifestConda(cwd, '', outputKind, cwd, verbose);
   }
+  logger.logger.success(`Finished. Should have attempted to generate manifest files for ${found} targets.`);
 }
 
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$u
 } = constants;
 const config$x = {
-  commandName: 'gradle',
-  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Gradle/Java/Kotlin/etc project',
+  commandName: 'conda',
+  description: '[beta] Convert a Conda environment.yml file to a python requirements.txt',
   hidden: false,
   flags: {
     ...utils.commonFlags,
-    bin: {
-      type: 'string',
-      description: 'Location of gradlew binary to use, default: CWD/gradlew'
-    },
+    ...utils.outputFlags,
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    gradleOpts: {
-      type: 'string',
-      default: '',
-      description: 'Additional options to pass on to ./gradlew, see `./gradlew --help`'
-    },
-    task: {
+    out: {
       type: 'string',
-      default: 'all',
-      description: 'Task to target. By default targets all'
+      default: '-',
+      description: 'Output target (use `-` or omit to print to stdout)'
     },
     verbose: {
       type: 'boolean',
@@ -5516,38 +5714,26 @@ const config$x = {
   },
   help: (command, config) => `
     Usage
-      $ ${command} [--bin=path/to/gradle/binary] [--out=path/to/result] DIR
-
-    Options
-      ${utils.getFlagListOutput(config.flags, 6)}
-
-    Uses gradle, preferably through your local project \`gradlew\`, to generate a
-    \`pom.xml\` file for each task. If you have no \`gradlew\` you can try the
-    global \`gradle\` binary but that may not work (hard to predict).
-
-    The \`pom.xml\` is a manifest file similar to \`package.json\` for npm or
-    or requirements.txt for PyPi), but specifically for Maven, which is Java's
-    dependency repository. Languages like Kotlin and Scala piggy back on it too.
-
-    There are some caveats with the gradle to \`pom.xml\` conversion:
+      $ ${command} FILE
 
-    - each task will generate its own xml file and by default it generates one xml
-      for every task.
+    Warning: While we don't support Conda necessarily, this tool extracts the pip
+             block from an environment.yml and outputs it as a requirements.txt
+             which you can scan as if it were a pypi package.
 
-    - it's possible certain features don't translate well into the xml. If you
-      think something is missing that could be supported please reach out.
+    USE AT YOUR OWN RISK
 
-    - it works with your \`gradlew\` from your repo and local settings and config
+    Note: FILE can be a dash (-) to indicate stdin. This way you can pipe the
+          contents of a file to have it processed.
 
-    Support is beta. Please report issues or give us feedback on what's missing.
+    Options
+      ${utils.getFlagListOutput(config.flags, 6)}
 
     Examples
 
-      $ ${command} .
-      $ ${command} --bin=../gradlew .
+      $ ${command} ./environment.yml
   `
 };
-const cmdManifestGradle = {
+const cmdManifestConda = {
   description: config$x.description,
   hidden: config$x.hidden,
   run: run$x
@@ -5561,193 +5747,79 @@ async function run$x(argv, importMeta, {
     importMeta,
     parentName
   });
-  const verbose = Boolean(cli.flags['verbose']);
   const {
-    json,
-    markdown
+    cwd = process.cwd(),
+    json = false,
+    markdown = false,
+    out = '-',
+    verbose = false
   } = cli.flags;
   const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
 
+  const [target = ''] = cli.input;
   if (verbose) {
     logger.logger.group('- ', parentName, config$x.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
-    logger.logger.log('- input:', cli.input);
+    logger.logger.log('- target:', target);
+    logger.logger.log('- output:', out);
     logger.logger.groupEnd();
   }
-  const [target = ''] = cli.input;
-
-  // TODO: I'm not sure it's feasible to parse source file from stdin. We could
-  //       try, store contents in a file in some folder, target that folder... what
-  //       would the file name be?
-
   const wasValidInput = utils.checkCommandInput(outputKind, {
-    test: !!target && target !== '-',
-    message: 'The DIR arg is required',
+    test: !!target,
+    message: 'The FILE arg is required',
     pass: 'ok',
-    fail: target === '-' ? 'stdin is not supported' : 'missing'
+    fail: 'missing'
   }, {
     nook: true,
     test: cli.input.length <= 1,
     message: 'Can only accept one DIR (make sure to escape spaces!)',
     pass: 'ok',
     fail: 'received ' + cli.input.length
+  }, {
+    nook: true,
+    test: !json || !markdown,
+    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    pass: 'ok',
+    fail: 'bad'
   });
   if (!wasValidInput) {
     return;
   }
-  const {
-    bin = path.join(target, 'gradlew'),
-    cwd = process.cwd()
-  } = cli.flags;
-  if (verbose) {
-    logger.logger.group();
-    logger.logger.log('- target:', target);
-    logger.logger.log('- gradle bin:', bin);
-    logger.logger.groupEnd();
-  }
-  let gradleOpts = [];
-  if (cli.flags['gradleOpts']) {
-    gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
-  }
+  logger.logger.warn('Warning: This will approximate your Conda dependencies using PyPI. We do not yet officially support Conda. Use at your own risk.');
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$u);
     return;
   }
-  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
-}
-
-async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
-  // TODO: impl json/md
-
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  const rbin = path.resolve(bin);
-  const rtarget = path.resolve(target);
-  if (verbose) {
-    logger.logger.group('sbt2maven:');
-    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\``);
-    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\``);
-    // logger.log(`[VERBOSE] - Absolute out path: \`${rout}\``)
-    logger.logger.groupEnd();
-  } else {
-    logger.logger.group('sbt2maven:');
-    logger.logger.log(`- executing: \`${bin}\``);
-    logger.logger.log(`- src dir: \`${target}\``);
-    // logger.log(`- dst dir: \`${out}\``)
-    logger.logger.groupEnd();
-  }
-  try {
-    spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
-
-    // Run sbt with the init script we provide which should yield zero or more
-    // pom files. We have to figure out where to store those pom files such that
-    // we can upload them and predict them through the GitHub API. We could do a
-    // .socket folder. We could do a socket.pom.gz with all the poms, although
-    // I'd prefer something plain-text if it is to be committed.
-    const output = await spawn.spawn(bin, ['makePom'].concat(sbtOpts), {
-      cwd: target || '.'
-    });
-    spinner.stop();
-    if (verbose) {
-      logger.logger.group('[VERBOSE] sbt stdout:');
-      logger.logger.log(output);
-      logger.logger.groupEnd();
-    }
-    if (output.stderr) {
-      process.exitCode = 1;
-      logger.logger.fail('There were errors while running sbt');
-      // (In verbose mode, stderr was printed above, no need to repeat it)
-      if (!verbose) {
-        logger.logger.group('[VERBOSE] stderr:');
-        logger.logger.error(output.stderr);
-        logger.logger.groupEnd();
-      }
-      return;
-    }
-    const poms = [];
-    output.stdout.replace(/Wrote (.*?.pom)\n/g, (_all, fn) => {
-      poms.push(fn);
-      return fn;
-    });
-    if (!poms.length) {
-      process.exitCode = 1;
-      logger.logger.fail('There were no errors from sbt but it seems to not have generated any poms either');
-      return;
-    }
-    // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
-    // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
-    // TODO: maybe we can add an option to target a specific file to dump to stdout
-    if (out === '-' && poms.length === 1) {
-      logger.logger.log('Result:\n```');
-      logger.logger.log(await utils.safeReadFile(poms[0]));
-      logger.logger.log('```');
-      logger.logger.success(`OK`);
-    } else if (out === '-') {
-      process.exitCode = 1;
-      logger.logger.fail('Requested out target was stdout but there are multiple generated files');
-      poms.forEach(fn => logger.logger.error('-', fn));
-      logger.logger.info('Exiting now...');
-      return;
-    } else {
-      // if (verbose) {
-      //   logger.log(
-      //     `Moving manifest file from \`${loc.replace(/^\/home\/[^/]*?\//, '~/')}\` to \`${out}\``
-      //   )
-      // } else {
-      //   logger.log('Moving output pom file')
-      // }
-      // TODO: do we prefer fs-extra? renaming can be gnarly on windows and fs-extra's version is better
-      // await renamep(loc, out)
-      logger.logger.success(`Generated ${poms.length} pom files`);
-      poms.forEach(fn => logger.logger.log('-', fn));
-      logger.logger.success(`OK`);
-    }
-  } catch (e) {
-    process.exitCode = 1;
-    spinner.stop();
-    logger.logger.fail('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
-    if (verbose) {
-      logger.logger.group('[VERBOSE] error:');
-      logger.logger.log(e);
-      logger.logger.groupEnd();
-    }
-  }
+  await handleManifestConda(target, String(out || ''), json ? 'json' : markdown ? 'markdown' : 'text', String(cwd), Boolean(verbose));
 }
 
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$t
 } = constants;
 const config$w = {
-  commandName: 'scala',
-  description: "[beta] Generate a manifest file (`pom.xml`) from Scala's `build.sbt` file",
+  commandName: 'gradle',
+  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Gradle/Java/Kotlin/etc project',
   hidden: false,
   flags: {
     ...utils.commonFlags,
     bin: {
       type: 'string',
-      default: 'sbt',
-      description: 'Location of sbt binary to use'
+      description: 'Location of gradlew binary to use, default: CWD/gradlew'
     },
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    out: {
+    gradleOpts: {
       type: 'string',
-      default: './socket.pom.xml',
-      description: 'Path of output file; where to store the resulting manifest, see also --stdout'
-    },
-    stdout: {
-      type: 'boolean',
-      description: 'Print resulting pom.xml to stdout (supersedes --out)'
+      default: '',
+      description: 'Additional options to pass on to ./gradlew, see `./gradlew --help`'
     },
-    sbtOpts: {
+    task: {
       type: 'string',
-      default: '',
-      description: 'Additional options to pass on to sbt, as per `sbt --help`'
+      default: 'all',
+      description: 'Task to target. By default targets all'
     },
     verbose: {
       type: 'boolean',
@@ -5756,43 +5828,38 @@ const config$w = {
   },
   help: (command, config) => `
     Usage
-      $ ${command} [--bin=path/to/sbt/binary] [--out=path/to/result] FILE|DIR
+      $ ${command} [--bin=path/to/gradle/binary] [--out=path/to/result] DIR
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
 
-    Uses \`sbt makePom\` to generate a \`pom.xml\` from your \`build.sbt\` file.
-    This xml file is the dependency manifest (like a package.json
-    for Node.js or requirements.txt for PyPi), but specifically for Scala.
-
-    There are some caveats with \`build.sbt\` to \`pom.xml\` conversion:
+    Uses gradle, preferably through your local project \`gradlew\`, to generate a
+    \`pom.xml\` file for each task. If you have no \`gradlew\` you can try the
+    global \`gradle\` binary but that may not work (hard to predict).
 
-    - the xml is exported as socket.pom.xml as to not confuse existing build tools
-      but it will first hit your /target/sbt<version> folder (as a different name)
+    The \`pom.xml\` is a manifest file similar to \`package.json\` for npm or
+    or requirements.txt for PyPi), but specifically for Maven, which is Java's
+    dependency repository. Languages like Kotlin and Scala piggy back on it too.
 
-    - the pom.xml format (standard by Scala) does not support certain sbt features
-      - \`excludeAll()\`, \`dependencyOverrides\`, \`force()\`, \`relativePath\`
-      - For details: https://www.scala-sbt.org/1.x/docs/Library-Management.html
+    There are some caveats with the gradle to \`pom.xml\` conversion:
 
-    - it uses your sbt settings and local configuration verbatim
+    - each task will generate its own xml file and by default it generates one xml
+      for every task.
 
-    - it can only export one target per run, so if you have multiple targets like
-      development and production, you must run them separately.
+    - it's possible certain features don't translate well into the xml. If you
+      think something is missing that could be supported please reach out.
 
-    You can optionally configure the path to the \`sbt\` bin to invoke.
+    - it works with your \`gradlew\` from your repo and local settings and config
 
     Support is beta. Please report issues or give us feedback on what's missing.
 
-    This is only for SBT. If your Scala setup uses gradle, please see the help
-    sections for \`socket manifest gradle\` or \`socket cdxgen\`.
-
     Examples
 
-      $ ${command} ./build.sbt
-      $ ${command} --bin=/usr/bin/sbt ./build.sbt
+      $ ${command} .
+      $ ${command} --bin=../gradlew .
   `
 };
-const cmdManifestScala = {
+const cmdManifestGradle = {
   description: config$w.description,
   hidden: config$w.hidden,
   run: run$w
@@ -5841,68 +5908,99 @@ async function run$w(argv, importMeta, {
   if (!wasValidInput) {
     return;
   }
-  let bin = 'sbt';
-  if (cli.flags['bin']) {
-    bin = cli.flags['bin'];
-  }
-  let out = './socket.pom.xml';
-  if (cli.flags['out']) {
-    out = cli.flags['out'];
-  }
-  if (cli.flags['stdout']) {
-    out = '-';
-  }
+  const {
+    bin = path.join(target, 'gradlew'),
+    cwd = process.cwd()
+  } = cli.flags;
   if (verbose) {
     logger.logger.group();
     logger.logger.log('- target:', target);
     logger.logger.log('- gradle bin:', bin);
-    logger.logger.log('- out:', out);
     logger.logger.groupEnd();
   }
-  let sbtOpts = [];
-  if (cli.flags['sbtOpts']) {
-    sbtOpts = cli.flags['sbtOpts'].split(' ').map(s => s.trim()).filter(Boolean);
+  let gradleOpts = [];
+  if (cli.flags['gradleOpts']) {
+    gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$t);
     return;
   }
-  await convertSbtToMaven(target, bin, out, verbose, sbtOpts);
+  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
 }
 
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$s
 } = constants;
+
+// TODO: we may want to dedupe some pieces for all gradle languages. I think it
+//       makes sense to have separate commands for them and I think it makes
+//       sense for the help panels to note the requested language, rather than
+//       `socket manifest kotlin` to print help screens with `gradle` as the
+//       command. Room for improvement.
 const config$v = {
-  commandName: 'auto',
-  description: 'Auto-detect build and attempt to generate manifest file',
+  commandName: 'kotlin',
+  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Kotlin project',
   hidden: false,
   flags: {
     ...utils.commonFlags,
+    bin: {
+      type: 'string',
+      description: 'Location of gradlew binary to use, default: CWD/gradlew'
+    },
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
+    gradleOpts: {
+      type: 'string',
+      default: '',
+      description: 'Additional options to pass on to ./gradlew, see `./gradlew --help`'
+    },
+    task: {
+      type: 'string',
+      default: 'all',
+      description: 'Task to target. By default targets all'
+    },
     verbose: {
       type: 'boolean',
-      default: false,
-      description: 'Enable debug output, may help when running into errors'
+      description: 'Print debug messages'
     }
-    // TODO: support output flags
   },
   help: (command, config) => `
     Usage
-      $ ${command}
+      $ ${command} [--bin=path/to/gradle/binary] [--out=path/to/result] DIR
+
+    Options
+      ${utils.getFlagListOutput(config.flags, 6)}
+
+    Uses gradle, preferably through your local project \`gradlew\`, to generate a
+    \`pom.xml\` file for each task. If you have no \`gradlew\` you can try the
+    global \`gradle\` binary but that may not work (hard to predict).
+
+    The \`pom.xml\` is a manifest file similar to \`package.json\` for npm or
+    or requirements.txt for PyPi), but specifically for Maven, which is Java's
+    dependency repository. Languages like Kotlin and Scala piggy back on it too.
+
+    There are some caveats with the gradle to \`pom.xml\` conversion:
+
+    - each task will generate its own xml file and by default it generates one xml
+      for every task. (This may be a good thing!)
 
-    Options
-      ${utils.getFlagListOutput(config.flags, 6)}
+    - it's possible certain features don't translate well into the xml. If you
+      think something is missing that could be supported please reach out.
 
-    Tries to figure out what language your current repo uses. If it finds a
-    supported case then it will try to generate the manifest file for that
-    language with the default or detected settings.
+    - it works with your \`gradlew\` from your repo and local settings and config
+
+    Support is beta. Please report issues or give us feedback on what's missing.
+
+    Examples
+
+      $ ${command} .
+      $ ${command} --bin=../gradlew .
   `
 };
-const cmdManifestAuto = {
+const cmdManifestKotlin = {
   description: config$v.description,
   hidden: config$v.hidden,
   run: run$v
@@ -5916,127 +6014,93 @@ async function run$v(argv, importMeta, {
     importMeta,
     parentName
   });
-  const verbose = !!cli.flags['verbose'];
-  const cwd = cli.flags['cwd'] ?? process.cwd();
-  // TODO: impl json/md
+  const verbose = Boolean(cli.flags['verbose']);
+  const {
+    json,
+    markdown
+  } = cli.flags;
+  const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
 
   if (verbose) {
     logger.logger.group('- ', parentName, config$v.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
     logger.logger.log('- input:', cli.input);
-    logger.logger.log('- cwd:', cwd);
     logger.logger.groupEnd();
   }
-  const subArgs = [];
-  if (verbose) {
-    subArgs.push('--verbose');
-  }
-  const dir = cwd;
-  if (fs$1.existsSync(path.join(dir, 'build.sbt'))) {
-    logger.logger.log('Detected a Scala sbt build, running default Scala generator...');
-    if (cwd) {
-      subArgs.push('--cwd', cwd);
-    }
-    subArgs.push(dir);
-    if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAILING_NOW$s);
-      return;
-    }
-    await cmdManifestScala.run(subArgs, importMeta, {
-      parentName
-    });
+  const [target = ''] = cli.input;
+
+  // TODO: I'm not sure it's feasible to parse source file from stdin. We could
+  //       try, store contents in a file in some folder, target that folder... what
+  //       would the file name be?
+
+  const wasValidInput = utils.checkCommandInput(outputKind, {
+    test: !!target && target !== '-',
+    message: 'The DIR arg is required',
+    pass: 'ok',
+    fail: target === '-' ? 'stdin is not supported' : 'missing'
+  }, {
+    nook: true,
+    test: cli.input.length <= 1,
+    message: 'Can only accept one DIR (make sure to escape spaces!)',
+    pass: 'ok',
+    fail: 'received ' + cli.input.length
+  });
+  if (!wasValidInput) {
     return;
   }
-  if (fs$1.existsSync(path.join(dir, 'gradlew'))) {
-    logger.logger.log('Detected a gradle build, running default gradle generator...');
-    if (cwd) {
-      // This command takes the cwd as first arg.
-      subArgs.push(cwd);
-    }
-    if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAILING_NOW$s);
-      return;
-    }
-    await cmdManifestGradle.run(subArgs, importMeta, {
-      parentName
-    });
-    return;
+  const {
+    bin = path.join(target, 'gradlew'),
+    cwd = process.cwd()
+  } = cli.flags;
+  if (verbose) {
+    logger.logger.group();
+    logger.logger.log('- target:', target);
+    logger.logger.log('- gradle bin:', bin);
+    logger.logger.groupEnd();
   }
-  const envyml = path.join(dir, 'environment.yml');
-  const hasEnvyml = fs$1.existsSync(envyml);
-  const envyaml = path.join(dir, 'environment.yaml');
-  const hasEnvyaml = !hasEnvyml && fs$1.existsSync(envyaml);
-  if (hasEnvyml || hasEnvyaml) {
-    logger.logger.log('Detected an environment.yml file, running default Conda generator...');
-    // This command takes the TARGET as first arg.
-    subArgs.push(hasEnvyml ? envyml : hasEnvyaml ? envyaml : '');
-    if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAILING_NOW$s);
-      return;
-    }
-    await cmdManifestConda.run(subArgs, importMeta, {
-      parentName
-    });
-    return;
+  let gradleOpts = [];
+  if (cli.flags['gradleOpts']) {
+    gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$s);
     return;
   }
-
-  // Show new help screen and exit.
-  vendor.meow(`
-    $ ${parentName} ${config$v.commandName}
-
-    Unfortunately this script did not discover a supported language in the
-    current folder.
-
-    - Make sure this script would work with your target build
-    - Make sure to run it from the correct folder
-    - Make sure the necessary build tools are available (\`PATH\`)
-
-    If that doesn't work, see \`${parentName} <lang> --help\` for config details for
-    your target language.
-  `, {
-    argv: [],
-    description: config$v.description,
-    importMeta
-  }).showHelp();
+  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
 }
 
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$r
 } = constants;
-
-// TODO: we may want to dedupe some pieces for all gradle languages. I think it
-//       makes sense to have separate commands for them and I think it makes
-//       sense for the help panels to note the requested language, rather than
-//       `socket manifest kotlin` to print help screens with `gradle` as the
-//       command. Room for improvement.
 const config$u = {
-  commandName: 'kotlin',
-  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Kotlin project',
+  commandName: 'scala',
+  description: "[beta] Generate a manifest file (`pom.xml`) from Scala's `build.sbt` file",
   hidden: false,
   flags: {
     ...utils.commonFlags,
     bin: {
       type: 'string',
-      description: 'Location of gradlew binary to use, default: CWD/gradlew'
+      default: 'sbt',
+      description: 'Location of sbt binary to use'
     },
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    gradleOpts: {
+    out: {
       type: 'string',
-      default: '',
-      description: 'Additional options to pass on to ./gradlew, see `./gradlew --help`'
+      default: './socket.pom.xml',
+      description: 'Path of output file; where to store the resulting manifest, see also --stdout'
     },
-    task: {
+    stdout: {
+      type: 'boolean',
+      description: 'Print resulting pom.xml to stdout (supersedes --out)'
+    },
+    sbtOpts: {
       type: 'string',
-      default: 'all',
-      description: 'Task to target. By default targets all'
+      default: '',
+      description: 'Additional options to pass on to sbt, as per `sbt --help`'
     },
     verbose: {
       type: 'boolean',
@@ -6045,38 +6109,43 @@ const config$u = {
   },
   help: (command, config) => `
     Usage
-      $ ${command} [--bin=path/to/gradle/binary] [--out=path/to/result] DIR
+      $ ${command} [--bin=path/to/sbt/binary] [--out=path/to/result] FILE|DIR
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
 
-    Uses gradle, preferably through your local project \`gradlew\`, to generate a
-    \`pom.xml\` file for each task. If you have no \`gradlew\` you can try the
-    global \`gradle\` binary but that may not work (hard to predict).
+    Uses \`sbt makePom\` to generate a \`pom.xml\` from your \`build.sbt\` file.
+    This xml file is the dependency manifest (like a package.json
+    for Node.js or requirements.txt for PyPi), but specifically for Scala.
 
-    The \`pom.xml\` is a manifest file similar to \`package.json\` for npm or
-    or requirements.txt for PyPi), but specifically for Maven, which is Java's
-    dependency repository. Languages like Kotlin and Scala piggy back on it too.
+    There are some caveats with \`build.sbt\` to \`pom.xml\` conversion:
 
-    There are some caveats with the gradle to \`pom.xml\` conversion:
+    - the xml is exported as socket.pom.xml as to not confuse existing build tools
+      but it will first hit your /target/sbt<version> folder (as a different name)
 
-    - each task will generate its own xml file and by default it generates one xml
-      for every task. (This may be a good thing!)
+    - the pom.xml format (standard by Scala) does not support certain sbt features
+      - \`excludeAll()\`, \`dependencyOverrides\`, \`force()\`, \`relativePath\`
+      - For details: https://www.scala-sbt.org/1.x/docs/Library-Management.html
 
-    - it's possible certain features don't translate well into the xml. If you
-      think something is missing that could be supported please reach out.
+    - it uses your sbt settings and local configuration verbatim
 
-    - it works with your \`gradlew\` from your repo and local settings and config
+    - it can only export one target per run, so if you have multiple targets like
+      development and production, you must run them separately.
+
+    You can optionally configure the path to the \`sbt\` bin to invoke.
 
     Support is beta. Please report issues or give us feedback on what's missing.
 
+    This is only for SBT. If your Scala setup uses gradle, please see the help
+    sections for \`socket manifest gradle\` or \`socket cdxgen\`.
+
     Examples
 
-      $ ${command} .
-      $ ${command} --bin=../gradlew .
+      $ ${command} ./build.sbt
+      $ ${command} --bin=/usr/bin/sbt ./build.sbt
   `
 };
-const cmdManifestKotlin = {
+const cmdManifestScala = {
   description: config$u.description,
   hidden: config$u.hidden,
   run: run$u
@@ -6125,25 +6194,33 @@ async function run$u(argv, importMeta, {
   if (!wasValidInput) {
     return;
   }
-  const {
-    bin = path.join(target, 'gradlew'),
-    cwd = process.cwd()
-  } = cli.flags;
+  let bin = 'sbt';
+  if (cli.flags['bin']) {
+    bin = cli.flags['bin'];
+  }
+  let out = './socket.pom.xml';
+  if (cli.flags['out']) {
+    out = cli.flags['out'];
+  }
+  if (cli.flags['stdout']) {
+    out = '-';
+  }
   if (verbose) {
     logger.logger.group();
     logger.logger.log('- target:', target);
     logger.logger.log('- gradle bin:', bin);
+    logger.logger.log('- out:', out);
     logger.logger.groupEnd();
   }
-  let gradleOpts = [];
-  if (cli.flags['gradleOpts']) {
-    gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
+  let sbtOpts = [];
+  if (cli.flags['sbtOpts']) {
+    sbtOpts = cli.flags['sbtOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$r);
     return;
   }
-  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
+  await convertSbtToMaven(target, bin, out, verbose, sbtOpts);
 }
 
 const config$t = {
@@ -8681,6 +8758,50 @@ async function run$d(argv, importMeta, {
   await handleDeleteRepo(orgSlug, repoName, outputKind);
 }
 
+async function fetchListAllRepos({
+  direction,
+  orgSlug,
+  sort
+}) {
+  const sockSdkResult = await utils.setupSdk();
+  if (!sockSdkResult.ok) {
+    return sockSdkResult;
+  }
+  const sockSdk = sockSdkResult.data;
+  const rows = [];
+  let protection = 0;
+  let nextPage = 0;
+  while (nextPage >= 0) {
+    if (++protection > 100) {
+      return {
+        ok: false,
+        message: 'Infinite loop detected',
+        cause: `Either there are over 100 pages of results or the fetch has run into an infinite loop. Breaking it off now. nextPage=${nextPage}`
+      };
+    }
+    // eslint-disable-next-line no-await-in-loop
+    const result = await utils.handleApiCall(sockSdk.getOrgRepoList(orgSlug, {
+      sort,
+      direction,
+      per_page: String(100),
+      // max
+      page: String(nextPage)
+    }), 'list of repositories');
+    if (!result.ok) {
+      return result;
+    }
+    result.data.results.forEach(row => rows.push(row));
+    nextPage = result.data.nextPage ?? -1;
+  }
+  return {
+    ok: true,
+    data: {
+      results: rows,
+      nextPage: null
+    }
+  };
+}
+
 async function fetchListRepos({
   direction,
   orgSlug,
@@ -8702,18 +8823,33 @@ async function fetchListRepos({
 }
 
 // @ts-ignore
-async function outputListRepos(result, outputKind) {
+async function outputListRepos(result, outputKind, page, nextPage, sort, perPage, direction) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1;
   }
   if (outputKind === 'json') {
-    logger.logger.log(utils.serializeResultJson(result));
+    if (result.ok) {
+      logger.logger.log(utils.serializeResultJson({
+        ok: true,
+        data: {
+          data: result.data,
+          direction,
+          nextPage: nextPage ?? 0,
+          page,
+          perPage,
+          sort
+        }
+      }));
+    } else {
+      logger.logger.log(utils.serializeResultJson(result));
+    }
     return;
   }
   if (!result.ok) {
     logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
     return;
   }
+  logger.logger.log(`Result page: ${page}, results per page: ${perPage === Infinity ? 'all' : perPage}, sorted by: ${sort}, direction: ${direction}`);
   const options = {
     columns: [{
       field: 'id',
@@ -8733,9 +8869,18 @@ async function outputListRepos(result, outputKind) {
     }]
   };
   logger.logger.log(vendor.srcExports(options, result.data.results));
+  if (nextPage) {
+    logger.logger.info(`This is page ${page}. Server indicated there are more results available on page ${nextPage}...`);
+    logger.logger.info(`(Hint: you can use \`socket repos list --page ${nextPage}\`)`);
+  } else if (perPage === Infinity) {
+    logger.logger.info(`This should be the entire list available on the server.`);
+  } else {
+    logger.logger.info(`This is page ${page}. Server indicated this is the last page with results.`);
+  }
 }
 
 async function handleListRepos({
+  all,
   direction,
   orgSlug,
   outputKind,
@@ -8743,14 +8888,28 @@ async function handleListRepos({
   per_page,
   sort
 }) {
-  const data = await fetchListRepos({
-    direction,
-    orgSlug,
-    page,
-    per_page,
-    sort
-  });
-  await outputListRepos(data, outputKind);
+  if (all) {
+    const data = await fetchListAllRepos({
+      direction,
+      orgSlug,
+      sort
+    });
+    await outputListRepos(data, outputKind, 0, 0, sort, Infinity, direction);
+  } else {
+    const data = await fetchListRepos({
+      direction,
+      orgSlug,
+      page,
+      per_page,
+      sort
+    });
+    if (!data.ok) {
+      await outputListRepos(data, outputKind, 0, 0, '', 0, direction);
+    } else {
+      // Note: nextPage defaults to 0, is null when there's no next page
+      await outputListRepos(data, outputKind, page, data.data.nextPage, sort, per_page, direction);
+    }
+  }
 }
 
 const {
@@ -8763,11 +8922,10 @@ const config$c = {
   flags: {
     ...utils.commonFlags,
     ...utils.outputFlags,
-    sort: {
-      type: 'string',
-      shortFlag: 's',
-      default: 'created_at',
-      description: 'Sorting option'
+    all: {
+      type: 'boolean',
+      default: false,
+      description: 'By default view shows the last n repos. This flag allows you to fetch the entire list. Will ignore --page and --perPage.'
     },
     direction: {
       type: 'string',
@@ -8794,6 +8952,12 @@ const config$c = {
       shortFlag: 'p',
       default: 1,
       description: 'Page number'
+    },
+    sort: {
+      type: 'string',
+      shortFlag: 's',
+      default: 'created_at',
+      description: 'Sorting option'
     }
   },
   help: (command, config) => `
@@ -8826,15 +8990,15 @@ async function run$c(argv, importMeta, {
     parentName
   });
   const {
-    json,
-    markdown
-  } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
-  const {
+    all,
+    direction = 'desc',
     dryRun,
     interactive,
+    json,
+    markdown,
     org: orgFlag
   } = cli.flags;
+  const outputKind = utils.getOutputKind(json, markdown);
   const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), cli.input[0] || '', !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
   const wasValidInput = utils.checkCommandInput(outputKind, {
@@ -8855,6 +9019,12 @@ async function run$c(argv, importMeta, {
     message: 'You need to be logged in to use this command. See `socket login`.',
     pass: 'ok',
     fail: 'missing API token'
+  }, {
+    nook: true,
+    test: direction === 'asc' || direction === 'desc',
+    message: 'The --direction value must be "asc" or "desc"',
+    pass: 'ok',
+    fail: 'unexpected value'
   });
   if (!wasValidInput) {
     return;
@@ -8864,7 +9034,8 @@ async function run$c(argv, importMeta, {
     return;
   }
   await handleListRepos({
-    direction: cli.flags['direction'] === 'asc' ? 'asc' : 'desc',
+    all: Boolean(all),
+    direction: direction === 'asc' ? 'asc' : 'desc',
     orgSlug,
     outputKind,
     page: Number(cli.flags['page']) || 1,
@@ -9312,11 +9483,6 @@ const config$9 = {
       default: true,
       description: 'Allow for interactive elements, asking for input. Use --no-interactive to prevent any input questions, defaulting them to cancel/no.'
     },
-    pendingHead: {
-      type: 'boolean',
-      default: true,
-      description: 'Designate this full-scan as the latest scan of a given branch. This must be set to have it show up in the dashboard.'
-    },
     pullRequest: {
       type: 'number',
       shortFlag: 'pr',
@@ -9342,11 +9508,17 @@ const config$9 = {
       default: false,
       description: 'Wait for the scan creation to complete, then basically run `socket scan report` on it'
     },
+    setAsAlertsPage: {
+      type: 'boolean',
+      default: true,
+      aliases: ['pendingHead'],
+      description: 'When true and if this is the "default branch" then this Scan will be the one reflected on your alerts page. See help for details. Defaults to true.'
+    },
     tmp: {
       type: 'boolean',
       shortFlag: 't',
       default: false,
-      description: 'Set the visibility (true/false) of the scan in your dashboard. Can not be used when --pendingHead is set.'
+      description: 'Set the visibility (true/false) of the scan in your dashboard.'
     }
   },
   // TODO: your project's "socket.yml" file's "projectIgnorePaths"
@@ -9378,8 +9550,12 @@ const config$9 = {
     Note: for a first run you probably want to set --defaultBranch to indicate
           the default branch name, like "main" or "master".
 
-    Note: --pendingHead is enabled by default and makes a scan show up in your
-          dashboard. You can use \`--no-pendingHead\` to have it not show up.
+    The "alerts page" (https://socket.dev/dashboard/org/YOURORG/alerts) will show
+    the results from the last scan designated as the "pending head" on the branch
+    configured on Socket to be the "default branch". When creating a scan the
+    --setAsAlertsPage flag will default to true to update this. You can prevent
+    this by using --no-setAsAlertsPage. This flag is ignored for any branch that
+    is not designated as the "default branch". It is disabled when using --tmp.
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
@@ -9415,14 +9591,15 @@ async function run$9(argv, importMeta, {
     json,
     markdown,
     org: orgFlag,
-    pendingHead,
     pullRequest,
     readOnly,
     repo: repoName = 'socket-default-repository',
     report,
+    setAsAlertsPage: pendingHeadFlag,
     tmp
   } = cli.flags;
   const outputKind = utils.getOutputKind(json, markdown);
+  const pendingHead = tmp ? false : pendingHeadFlag;
   let [orgSlug, defaultOrgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), cli.input[0] || '', interactive, dryRun);
   if (!defaultOrgSlug) {
     // Tmp. just for TS. will drop this later.
@@ -9486,12 +9663,6 @@ async function run$9(argv, importMeta, {
     message: 'This command requires an API token for access',
     pass: 'ok',
     fail: 'missing (try `socket login`)'
-  }, {
-    nook: true,
-    test: !pendingHead || !tmp,
-    message: 'Can not use --pendingHead and --tmp at the same time',
-    pass: 'ok',
-    fail: 'remove at least one flag'
   }, {
     nook: true,
     test: !pendingHead || !!branchName,
@@ -11535,5 +11706,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=f795e75b-2414-4f4b-8612-273af979480d
+//# debugId=58ee5340-de19-42ee-8faf-fef7b5047b56
 //# sourceMappingURL=cli.js.map