@socketsecurity/cli-with-sentry 0.15.15 → 0.15.16

package/dist/cli.js

@@ -3516,7 +3516,7 @@ async function enablePrAutoMerge({
   if (error instanceof vendor.GraphqlResponseError && error.errors) {
     const details = error.errors.map(({
       message
-    }) => ` - ${message.trim()}`).join('\n');
+    }) => ` - ${message.trim()}`).join('\n').trim();
     message += `:\n${details}`;
   }
   logger.logger.error(message);
@@ -3686,11 +3686,18 @@ async function npmFix(pkgEnvDetails, {
   // Calling arb.reify() creates the arb.diff object, nulls-out arb.idealTree,
   // and populates arb.actualTree.
   let actualTree = await arb.reify();
-  const alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
-    limit
-  })) : await shadowInject.getAlertsMapFromArborist(arb, getAlertMapOptions({
-    limit
-  }));
+  let alertsMap;
+  try {
+    alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
+      limit
+    })) : await shadowInject.getAlertsMapFromArborist(arb, getAlertMapOptions({
+      limit
+    }));
+  } catch (e) {
+    spinner?.stop();
+    logger.logger.error(e?.message || 'Unknown Socket batch PURL API error');
+    return;
+  }
   const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
     limit
   });
@@ -3842,11 +3849,12 @@ async function npmFix(pkgEnvDetails, {
                 stdio: 'ignore'
               });
             }
-            spinner?.successAndStop(`Fixed ${name} in ${workspaceName}`);
+            spinner?.success(`Fixed ${name} in ${workspaceName}`);
           } catch (e) {
             errored = true;
             error = e;
           }
+          spinner?.stop();
           if (!errored && isCi) {
             const branch = getSocketBranchName(oldPurl, newVersion, workspaceName);
             try {
@@ -3912,10 +3920,14 @@ async function npmFix(pkgEnvDetails, {
                 const {
                   data
                 } = prResponse;
-                logger.logger.info(`Opened PR #${data.number}.`);
+                logger.logger.success(`Opened PR #${data.number}.`);
                 if (autoMerge) {
+                  logger.logger.indent();
+                  spinner?.indent();
                   // eslint-disable-next-line no-await-in-loop
                   await enablePrAutoMerge(data);
+                  logger.logger.dedent();
+                  spinner?.dedent();
                 }
               }
             } catch (e) {
@@ -3933,6 +3945,7 @@ async function npmFix(pkgEnvDetails, {
           }
           if (errored) {
             if (!isCi) {
+              spinner?.start();
               editablePkgJson.update(revertData);
               // eslint-disable-next-line no-await-in-loop
               await Promise.all([utils.removeNodeModules(cwd), editablePkgJson.save({
@@ -3942,8 +3955,9 @@ async function npmFix(pkgEnvDetails, {
               actualTree = await install$1(arb, {
                 cwd
               });
+              spinner?.stop();
             }
-            spinner?.failAndStop(`Update failed for ${oldId} in ${workspaceName}`, error);
+            logger.logger.fail(`Update failed for ${oldId} in ${workspaceName}`, error);
           }
           if (++count >= limit) {
             logger.logger.dedent();
@@ -3953,14 +3967,14 @@ async function npmFix(pkgEnvDetails, {
         }
       }
       if (!isLastPkgJsonPath && logger.logger.logCallCount > workspaceLogCallCount) {
-        logger.logger.log('');
+        logger.logger.logNewline();
       }
     }
     for (const warningText of warningsForAfter) {
       logger.logger.warn(warningText);
     }
     if (!isLastInfoEntry) {
-      logger.logger.log('');
+      logger.logger.logNewline();
     }
     logger.logger.dedent();
     spinner?.dedent();
@@ -4057,11 +4071,18 @@ async function pnpmFix(pkgEnvDetails, {
     logger.logger.error('Required pnpm-lock.yaml not found.');
     return;
   }
-  const alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
-    limit
-  })) : await utils.getAlertsMapFromPnpmLockfile(lockfile, getAlertMapOptions({
-    limit
-  }));
+  let alertsMap;
+  try {
+    alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
+      limit
+    })) : await utils.getAlertsMapFromPnpmLockfile(lockfile, getAlertMapOptions({
+      limit
+    }));
+  } catch (e) {
+    spinner?.stop();
+    logger.logger.error(e?.message || 'Unknown Socket batch PURL API error');
+    return;
+  }
   const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
     limit
   });
@@ -4248,12 +4269,12 @@ async function pnpmFix(pkgEnvDetails, {
                 stdio: 'ignore'
               });
             }
-            spinner?.successAndStop(`Fixed ${name} in ${workspaceName}`);
+            spinner?.success(`Fixed ${name} in ${workspaceName}`);
           } catch (e) {
             error = e;
             errored = true;
-            spinner?.stop();
           }
+          spinner?.stop();
           if (!errored && isCi) {
             const branch = getSocketBranchName(oldPurl, newVersion, workspaceName);
             try {
@@ -4322,10 +4343,14 @@ async function pnpmFix(pkgEnvDetails, {
                 const {
                   data
                 } = prResponse;
-                logger.logger.info(`Opened PR #${data.number}.`);
+                logger.logger.success(`Opened PR #${data.number}.`);
                 if (autoMerge) {
+                  logger.logger.indent();
+                  spinner?.indent();
                   // eslint-disable-next-line no-await-in-loop
                   await enablePrAutoMerge(data);
+                  logger.logger.dedent();
+                  spinner?.dedent();
                 }
               }
             } catch (e) {
@@ -4344,6 +4369,7 @@ async function pnpmFix(pkgEnvDetails, {
           }
           if (errored) {
             if (!isCi) {
+              spinner?.start();
               editablePkgJson.update(revertData);
               // eslint-disable-next-line no-await-in-loop
               await Promise.all([utils.removeNodeModules(cwd), editablePkgJson.save({
@@ -4354,8 +4380,9 @@ async function pnpmFix(pkgEnvDetails, {
                 cwd,
                 spinner
               });
+              spinner?.stop();
             }
-            spinner?.failAndStop(`Update failed for ${oldId} in ${workspaceName}`, error);
+            logger.logger.fail(`Update failed for ${oldId} in ${workspaceName}`, error);
           }
           if (++count >= limit) {
             logger.logger.dedent();
@@ -4365,14 +4392,14 @@ async function pnpmFix(pkgEnvDetails, {
         }
       }
       if (!isLastPkgJsonPath && logger.logger.logCallCount > workspaceLogCallCount) {
-        logger.logger.log('');
+        logger.logger.logNewline();
       }
     }
     for (const warningText of warningsForAfter) {
       logger.logger.warn(warningText);
     }
     if (!isLastInfoEntry) {
-      logger.logger.log('');
+      logger.logger.logNewline();
     }
     logger.logger.dedent();
     spinner?.dedent();
@@ -5153,6 +5180,247 @@ async function run$z(argv, importMeta, {
   attemptLogout();
 }
 
+async function convertGradleToMaven(target, bin, cwd, verbose, gradleOpts) {
+  // TODO: impl json/md
+  if (verbose) {
+    logger.logger.log('[VERBOSE] Resolving:', [cwd, bin]);
+  }
+  const rbin = path.resolve(cwd, bin);
+  if (verbose) {
+    logger.logger.log('[VERBOSE] Resolving:', [cwd, target]);
+  }
+  const rtarget = path.resolve(cwd, target);
+  const binExists = fs$1.existsSync(rbin);
+  const targetExists = fs$1.existsSync(rtarget);
+  logger.logger.group('gradle2maven:');
+  if (verbose || debug.isDebug()) {
+    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\` (${binExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
+    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\` (${targetExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
+  } else {
+    logger.logger.log(`- executing: \`${rbin}\``);
+    if (!binExists) {
+      logger.logger.warn('Warning: It appears the executable could not be found at this location. An error might be printed later because of that.');
+    }
+    logger.logger.log(`- src dir: \`${rtarget}\``);
+    if (!targetExists) {
+      logger.logger.warn('Warning: It appears the src dir could not be found at this location. An error might be printed later because of that.');
+    }
+  }
+  logger.logger.groupEnd();
+  try {
+    // Run gradlew with the init script we provide which should yield zero or more
+    // pom files. We have to figure out where to store those pom files such that
+    // we can upload them and predict them through the GitHub API. We could do a
+    // .socket folder. We could do a socket.pom.gz with all the poms, although
+    // I'd prefer something plain-text if it is to be committed.
+
+    // Note: init.gradle will be exported by .config/rollup.dist.config.mjs
+    const initLocation = path.join(constants.distPath, 'init.gradle');
+    const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
+    if (verbose) {
+      logger.logger.log('[VERBOSE] Executing:', [bin], ', args:', commandArgs);
+    }
+    logger.logger.log(`Converting gradle to maven from \`${bin}\` on \`${target}\` ...`);
+    const output = await execGradleWithSpinner(rbin, commandArgs, rtarget, cwd);
+    if (verbose) {
+      logger.logger.group('[VERBOSE] gradle stdout:');
+      logger.logger.log(output);
+      logger.logger.groupEnd();
+    }
+    if (output.code !== 0) {
+      process.exitCode = 1;
+      logger.logger.fail(`Gradle exited with exit code ${output.code}`);
+      // (In verbose mode, stderr was printed above, no need to repeat it)
+      if (!verbose) {
+        logger.logger.group('stderr:');
+        logger.logger.error(output.stderr);
+        logger.logger.groupEnd();
+      }
+      return;
+    }
+    logger.logger.success('Executed gradle successfully');
+    logger.logger.log('Reported exports:');
+    output.stdout.replace(/^POM file copied to: (.*)/gm, (_all, fn) => {
+      logger.logger.log('- ', fn);
+      return fn;
+    });
+    logger.logger.log('');
+    logger.logger.log('Next step is to generate a Scan by running the `socket scan create` command on the same directory');
+  } catch (e) {
+    process.exitCode = 1;
+    logger.logger.fail('There was an unexpected error while generating manifests' + (verbose ? '' : '  (use --verbose for details)'));
+    if (verbose) {
+      logger.logger.group('[VERBOSE] error:');
+      logger.logger.log(e);
+      logger.logger.groupEnd();
+    }
+  }
+}
+async function execGradleWithSpinner(bin, commandArgs, target, cwd) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  let pass = false;
+  try {
+    spinner.start(`Running gradlew... (this can take a while, it depends on how long gradlew has to run)`);
+    const output = await spawn.spawn(bin, commandArgs, {
+      // We can pipe the output through to have the user see the result
+      // of running gradlew, but then we can't (easily) gather the output
+      // to discover the generated files... probably a flag we should allow?
+      // stdio: isDebug() ? 'inherit' : undefined,
+      cwd: target || cwd
+    });
+    pass = true;
+    const {
+      code,
+      stderr,
+      stdout
+    } = output;
+    return {
+      code,
+      stdout,
+      stderr
+    };
+  } finally {
+    if (pass) {
+      spinner.successAndStop('Completed gradlew execution');
+    } else {
+      spinner.failAndStop('There was an error while trying to run gradlew.');
+    }
+  }
+}
+
+async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
+  // TODO: impl json/md
+
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  const rbin = path.resolve(bin);
+  const rtarget = path.resolve(target);
+  if (verbose) {
+    logger.logger.group('sbt2maven:');
+    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\``);
+    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\``);
+    // logger.log(`[VERBOSE] - Absolute out path: \`${rout}\``)
+    logger.logger.groupEnd();
+  } else {
+    logger.logger.group('sbt2maven:');
+    logger.logger.log(`- executing: \`${bin}\``);
+    logger.logger.log(`- src dir: \`${target}\``);
+    // logger.log(`- dst dir: \`${out}\``)
+    logger.logger.groupEnd();
+  }
+  try {
+    spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
+
+    // Run sbt with the init script we provide which should yield zero or more
+    // pom files. We have to figure out where to store those pom files such that
+    // we can upload them and predict them through the GitHub API. We could do a
+    // .socket folder. We could do a socket.pom.gz with all the poms, although
+    // I'd prefer something plain-text if it is to be committed.
+    const output = await spawn.spawn(bin, ['makePom'].concat(sbtOpts), {
+      cwd: target || '.'
+    });
+    spinner.stop();
+    if (verbose) {
+      logger.logger.group('[VERBOSE] sbt stdout:');
+      logger.logger.log(output);
+      logger.logger.groupEnd();
+    }
+    if (output.stderr) {
+      process.exitCode = 1;
+      logger.logger.fail('There were errors while running sbt');
+      // (In verbose mode, stderr was printed above, no need to repeat it)
+      if (!verbose) {
+        logger.logger.group('[VERBOSE] stderr:');
+        logger.logger.error(output.stderr);
+        logger.logger.groupEnd();
+      }
+      return;
+    }
+    const poms = [];
+    output.stdout.replace(/Wrote (.*?.pom)\n/g, (_all, fn) => {
+      poms.push(fn);
+      return fn;
+    });
+    if (!poms.length) {
+      process.exitCode = 1;
+      logger.logger.fail('There were no errors from sbt but it seems to not have generated any poms either');
+      return;
+    }
+    // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
+    // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
+    // TODO: maybe we can add an option to target a specific file to dump to stdout
+    if (out === '-' && poms.length === 1) {
+      logger.logger.log('Result:\n```');
+      logger.logger.log(await utils.safeReadFile(poms[0]));
+      logger.logger.log('```');
+      logger.logger.success(`OK`);
+    } else if (out === '-') {
+      process.exitCode = 1;
+      logger.logger.fail('Requested out target was stdout but there are multiple generated files');
+      poms.forEach(fn => logger.logger.error('-', fn));
+      logger.logger.info('Exiting now...');
+      return;
+    } else {
+      // if (verbose) {
+      //   logger.log(
+      //     `Moving manifest file from \`${loc.replace(/^\/home\/[^/]*?\//, '~/')}\` to \`${out}\``
+      //   )
+      // } else {
+      //   logger.log('Moving output pom file')
+      // }
+      // TODO: do we prefer fs-extra? renaming can be gnarly on windows and fs-extra's version is better
+      // await renamep(loc, out)
+      logger.logger.success(`Generated ${poms.length} pom files`);
+      poms.forEach(fn => logger.logger.log('-', fn));
+      logger.logger.success(`OK`);
+    }
+  } catch (e) {
+    process.exitCode = 1;
+    spinner.stop();
+    logger.logger.fail('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    if (verbose) {
+      logger.logger.group('[VERBOSE] error:');
+      logger.logger.log(e);
+      logger.logger.groupEnd();
+    }
+  }
+}
+
+// The point here is to attempt to detect the various supported manifest files
+// the CLI can generate. This would be environments that we can't do server side
+
+async function detectManifestActions(cwd = process.cwd()) {
+  const output = {
+    cdxgen: false,
+    // TODO
+    conda: false,
+    gradle: false,
+    sbt: false
+  };
+  if (fs$1.existsSync(path.join(cwd, 'build.sbt'))) {
+    debug.debugLog('Detected a Scala sbt build, running default Scala generator...');
+    output.sbt = true;
+  }
+  if (fs$1.existsSync(path.join(cwd, 'gradlew'))) {
+    debug.debugLog('Detected a gradle build, running default gradle generator...');
+    output.gradle = true;
+  }
+  const envyml = path.join(cwd, 'environment.yml');
+  const hasEnvyml = fs$1.existsSync(envyml);
+  const envyaml = path.join(cwd, 'environment.yaml');
+  const hasEnvyaml = !hasEnvyml && fs$1.existsSync(envyaml);
+  if (hasEnvyml || hasEnvyaml) {
+    debug.debugLog('Detected an environment.yml file, running default Conda generator...');
+    output.conda = true;
+  }
+  return output;
+}
+
 async function convertCondaToRequirements(target, cwd, verbose) {
   let contents;
   if (target === '-') {
@@ -5331,24 +5599,117 @@ const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$v
 } = constants;
 const config$y = {
-  commandName: 'conda',
-  description: '[beta] Convert a Conda environment.yml file to a python requirements.txt',
+  commandName: 'auto',
+  description: 'Auto-detect build and attempt to generate manifest file',
   hidden: false,
   flags: {
     ...utils.commonFlags,
-    ...utils.outputFlags,
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    out: {
-      type: 'string',
-      default: '-',
-      description: 'Output target (use `-` or omit to print to stdout)'
-    },
     verbose: {
       type: 'boolean',
-      description: 'Print debug messages'
+      default: false,
+      description: 'Enable debug output, may help when running into errors'
+    }
+  },
+  help: (command, config) => `
+    Usage
+      $ ${command}
+
+    Options
+      ${utils.getFlagListOutput(config.flags, 6)}
+
+    Tries to figure out what language your current repo uses. If it finds a
+    supported case then it will try to generate the manifest file for that
+    language with the default or detected settings.
+  `
+};
+const cmdManifestAuto = {
+  description: config$y.description,
+  hidden: config$y.hidden,
+  run: run$y
+};
+async function run$y(argv, importMeta, {
+  parentName
+}) {
+  const cli = utils.meowOrExit({
+    argv,
+    config: config$y,
+    importMeta,
+    parentName
+  });
+  const {
+    cwd: cwdFlag,
+    json,
+    markdown,
+    verbose: verboseFlag
+  } = cli.flags;
+  const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
+  const cwd = String(cwdFlag || process.cwd());
+  const verbose = !!verboseFlag;
+  if (verbose) {
+    logger.logger.group('- ', parentName, config$y.commandName, ':');
+    logger.logger.group('- flags:', cli.flags);
+    logger.logger.groupEnd();
+    logger.logger.log('- input:', cli.input);
+    logger.logger.log('- cwd:', cwd);
+    logger.logger.groupEnd();
+  }
+  const result = await detectManifestActions(String(cwd));
+  debug.debugLog(result);
+  if (cli.flags['dryRun']) {
+    logger.logger.log(DRY_RUN_BAILING_NOW$v);
+    return;
+  }
+  const found = Object.values(result).reduce((sum, now) => now ? sum + 1 : sum, 0);
+  if (!found) {
+    logger.logger.fail(' Was unable to discover any targets for which we can generate manifest files...');
+    logger.logger.log('');
+    logger.logger.log('- Make sure this script would work with your target build (see `socket manifest --help` for your target).');
+    logger.logger.log('- Make sure to run it from the correct dir (use --cwd to target another dir)');
+    logger.logger.log('- Make sure the necessary build tools are available (`PATH`)');
+    process.exitCode = 1;
+    return;
+  }
+  if (result.sbt) {
+    logger.logger.log('Detected a Scala sbt build, generating pom files with sbt...');
+    await convertSbtToMaven(cwd, 'sbt', './socket.sbt.pom.xml', verbose, []);
+  }
+  if (result.gradle) {
+    logger.logger.log('Detected a gradle build (Gradle, Kotlin, Scala), running default gradle generator...');
+    await convertGradleToMaven(cwd, path.join(cwd, 'gradlew'), cwd, verbose, []);
+  }
+  if (result.conda) {
+    logger.logger.log('Detected an environment.yml file, running default Conda generator...');
+    await handleManifestConda(cwd, '', outputKind, cwd, verbose);
+  }
+  logger.logger.success(`Finished. Should have attempted to generate manifest files for ${found} targets.`);
+}
+
+const {
+  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$u
+} = constants;
+const config$x = {
+  commandName: 'conda',
+  description: '[beta] Convert a Conda environment.yml file to a python requirements.txt',
+  hidden: false,
+  flags: {
+    ...utils.commonFlags,
+    ...utils.outputFlags,
+    cwd: {
+      type: 'string',
+      description: 'Set the cwd, defaults to process.cwd()'
+    },
+    out: {
+      type: 'string',
+      default: '-',
+      description: 'Output target (use `-` or omit to print to stdout)'
+    },
+    verbose: {
+      type: 'boolean',
+      description: 'Print debug messages'
     }
   },
   help: (command, config) => `
@@ -5373,16 +5734,16 @@ const config$y = {
   `
 };
 const cmdManifestConda = {
-  description: config$y.description,
-  hidden: config$y.hidden,
-  run: run$y
+  description: config$x.description,
+  hidden: config$x.hidden,
+  run: run$x
 };
-async function run$y(argv, importMeta, {
+async function run$x(argv, importMeta, {
   parentName
 }) {
   const cli = utils.meowOrExit({
     argv,
-    config: config$y,
+    config: config$x,
     importMeta,
     parentName
   });
@@ -5397,7 +5758,7 @@ async function run$y(argv, importMeta, {
 
   const [target = ''] = cli.input;
   if (verbose) {
-    logger.logger.group('- ', parentName, config$y.commandName, ':');
+    logger.logger.group('- ', parentName, config$x.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
     logger.logger.log('- target:', target);
@@ -5427,127 +5788,16 @@ async function run$y(argv, importMeta, {
   }
   logger.logger.warn('Warning: This will approximate your Conda dependencies using PyPI. We do not yet officially support Conda. Use at your own risk.');
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAILING_NOW$v);
+    logger.logger.log(DRY_RUN_BAILING_NOW$u);
     return;
   }
   await handleManifestConda(target, String(out || ''), json ? 'json' : markdown ? 'markdown' : 'text', String(cwd), Boolean(verbose));
 }
 
-async function convertGradleToMaven(target, bin, cwd, verbose, gradleOpts) {
-  // TODO: impl json/md
-  if (verbose) {
-    logger.logger.log('[VERBOSE] Resolving:', [cwd, bin]);
-  }
-  const rbin = path.resolve(cwd, bin);
-  if (verbose) {
-    logger.logger.log('[VERBOSE] Resolving:', [cwd, target]);
-  }
-  const rtarget = path.resolve(cwd, target);
-  const binExists = fs$1.existsSync(rbin);
-  const targetExists = fs$1.existsSync(rtarget);
-  logger.logger.group('gradle2maven:');
-  if (verbose || debug.isDebug()) {
-    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\` (${binExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
-    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\` (${targetExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
-  } else {
-    logger.logger.log(`- executing: \`${rbin}\``);
-    if (!binExists) {
-      logger.logger.warn('Warning: It appears the executable could not be found at this location. An error might be printed later because of that.');
-    }
-    logger.logger.log(`- src dir: \`${rtarget}\``);
-    if (!targetExists) {
-      logger.logger.warn('Warning: It appears the src dir could not be found at this location. An error might be printed later because of that.');
-    }
-  }
-  logger.logger.groupEnd();
-  try {
-    // Run gradlew with the init script we provide which should yield zero or more
-    // pom files. We have to figure out where to store those pom files such that
-    // we can upload them and predict them through the GitHub API. We could do a
-    // .socket folder. We could do a socket.pom.gz with all the poms, although
-    // I'd prefer something plain-text if it is to be committed.
-
-    // Note: init.gradle will be exported by .config/rollup.dist.config.mjs
-    const initLocation = path.join(constants.distPath, 'init.gradle');
-    const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
-    if (verbose) {
-      logger.logger.log('[VERBOSE] Executing:', [bin], ', args:', commandArgs);
-    }
-    logger.logger.log(`Converting gradle to maven from \`${bin}\` on \`${target}\` ...`);
-    const output = await execGradleWithSpinner(rbin, commandArgs, rtarget, cwd);
-    if (verbose) {
-      logger.logger.group('[VERBOSE] gradle stdout:');
-      logger.logger.log(output);
-      logger.logger.groupEnd();
-    }
-    if (output.code !== 0) {
-      process.exitCode = 1;
-      logger.logger.fail(`Gradle exited with exit code ${output.code}`);
-      // (In verbose mode, stderr was printed above, no need to repeat it)
-      if (!verbose) {
-        logger.logger.group('stderr:');
-        logger.logger.error(output.stderr);
-        logger.logger.groupEnd();
-      }
-      return;
-    }
-    logger.logger.success('Executed gradle successfully');
-    logger.logger.log('Reported exports:');
-    output.stdout.replace(/^POM file copied to: (.*)/gm, (_all, fn) => {
-      logger.logger.log('- ', fn);
-      return fn;
-    });
-    logger.logger.log('');
-    logger.logger.log('Next step is to generate a Scan by running the `socket scan create` command on the same directory');
-  } catch (e) {
-    process.exitCode = 1;
-    logger.logger.fail('There was an unexpected error while generating manifests' + (verbose ? '' : '  (use --verbose for details)'));
-    if (verbose) {
-      logger.logger.group('[VERBOSE] error:');
-      logger.logger.log(e);
-      logger.logger.groupEnd();
-    }
-  }
-}
-async function execGradleWithSpinner(bin, commandArgs, target, cwd) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  let pass = false;
-  try {
-    spinner.start(`Running gradlew... (this can take a while, it depends on how long gradlew has to run)`);
-    const output = await spawn.spawn(bin, commandArgs, {
-      // We can pipe the output through to have the user see the result
-      // of running gradlew, but then we can't (easily) gather the output
-      // to discover the generated files... probably a flag we should allow?
-      // stdio: isDebug() ? 'inherit' : undefined,
-      cwd: target || cwd
-    });
-    pass = true;
-    const {
-      code,
-      stderr,
-      stdout
-    } = output;
-    return {
-      code,
-      stdout,
-      stderr
-    };
-  } finally {
-    if (pass) {
-      spinner.successAndStop('Completed gradlew execution');
-    } else {
-      spinner.failAndStop('There was an error while trying to run gradlew.');
-    }
-  }
-}
-
 const {
-  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$u
+  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$t
 } = constants;
-const config$x = {
+const config$w = {
   commandName: 'gradle',
   description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Gradle/Java/Kotlin/etc project',
   hidden: false,
@@ -5610,16 +5860,16 @@ const config$x = {
   `
 };
 const cmdManifestGradle = {
-  description: config$x.description,
-  hidden: config$x.hidden,
-  run: run$x
+  description: config$w.description,
+  hidden: config$w.hidden,
+  run: run$w
 };
-async function run$x(argv, importMeta, {
+async function run$w(argv, importMeta, {
   parentName
 }) {
   const cli = utils.meowOrExit({
     argv,
-    config: config$x,
+    config: config$w,
     importMeta,
     parentName
   });
@@ -5631,7 +5881,7 @@ async function run$x(argv, importMeta, {
   const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
 
   if (verbose) {
-    logger.logger.group('- ', parentName, config$x.commandName, ':');
+    logger.logger.group('- ', parentName, config$w.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
     logger.logger.log('- input:', cli.input);
@@ -5673,143 +5923,44 @@ async function run$x(argv, importMeta, {
     gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAILING_NOW$u);
+    logger.logger.log(DRY_RUN_BAILING_NOW$t);
     return;
   }
   await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
 }
 
-async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
-  // TODO: impl json/md
-
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  const rbin = path.resolve(bin);
-  const rtarget = path.resolve(target);
-  if (verbose) {
-    logger.logger.group('sbt2maven:');
-    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\``);
-    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\``);
-    // logger.log(`[VERBOSE] - Absolute out path: \`${rout}\``)
-    logger.logger.groupEnd();
-  } else {
-    logger.logger.group('sbt2maven:');
-    logger.logger.log(`- executing: \`${bin}\``);
-    logger.logger.log(`- src dir: \`${target}\``);
-    // logger.log(`- dst dir: \`${out}\``)
-    logger.logger.groupEnd();
-  }
-  try {
-    spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
-
-    // Run sbt with the init script we provide which should yield zero or more
-    // pom files. We have to figure out where to store those pom files such that
-    // we can upload them and predict them through the GitHub API. We could do a
-    // .socket folder. We could do a socket.pom.gz with all the poms, although
-    // I'd prefer something plain-text if it is to be committed.
-    const output = await spawn.spawn(bin, ['makePom'].concat(sbtOpts), {
-      cwd: target || '.'
-    });
-    spinner.stop();
-    if (verbose) {
-      logger.logger.group('[VERBOSE] sbt stdout:');
-      logger.logger.log(output);
-      logger.logger.groupEnd();
-    }
-    if (output.stderr) {
-      process.exitCode = 1;
-      logger.logger.fail('There were errors while running sbt');
-      // (In verbose mode, stderr was printed above, no need to repeat it)
-      if (!verbose) {
-        logger.logger.group('[VERBOSE] stderr:');
-        logger.logger.error(output.stderr);
-        logger.logger.groupEnd();
-      }
-      return;
-    }
-    const poms = [];
-    output.stdout.replace(/Wrote (.*?.pom)\n/g, (_all, fn) => {
-      poms.push(fn);
-      return fn;
-    });
-    if (!poms.length) {
-      process.exitCode = 1;
-      logger.logger.fail('There were no errors from sbt but it seems to not have generated any poms either');
-      return;
-    }
-    // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
-    // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
-    // TODO: maybe we can add an option to target a specific file to dump to stdout
-    if (out === '-' && poms.length === 1) {
-      logger.logger.log('Result:\n```');
-      logger.logger.log(await utils.safeReadFile(poms[0]));
-      logger.logger.log('```');
-      logger.logger.success(`OK`);
-    } else if (out === '-') {
-      process.exitCode = 1;
-      logger.logger.fail('Requested out target was stdout but there are multiple generated files');
-      poms.forEach(fn => logger.logger.error('-', fn));
-      logger.logger.info('Exiting now...');
-      return;
-    } else {
-      // if (verbose) {
-      //   logger.log(
-      //     `Moving manifest file from \`${loc.replace(/^\/home\/[^/]*?\//, '~/')}\` to \`${out}\``
-      //   )
-      // } else {
-      //   logger.log('Moving output pom file')
-      // }
-      // TODO: do we prefer fs-extra? renaming can be gnarly on windows and fs-extra's version is better
-      // await renamep(loc, out)
-      logger.logger.success(`Generated ${poms.length} pom files`);
-      poms.forEach(fn => logger.logger.log('-', fn));
-      logger.logger.success(`OK`);
-    }
-  } catch (e) {
-    process.exitCode = 1;
-    spinner.stop();
-    logger.logger.fail('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
-    if (verbose) {
-      logger.logger.group('[VERBOSE] error:');
-      logger.logger.log(e);
-      logger.logger.groupEnd();
-    }
-  }
-}
-
 const {
-  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$t
+  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$s
 } = constants;
-const config$w = {
-  commandName: 'scala',
-  description: "[beta] Generate a manifest file (`pom.xml`) from Scala's `build.sbt` file",
+
+// TODO: we may want to dedupe some pieces for all gradle languages. I think it
+//       makes sense to have separate commands for them and I think it makes
+//       sense for the help panels to note the requested language, rather than
+//       `socket manifest kotlin` to print help screens with `gradle` as the
+//       command. Room for improvement.
+const config$v = {
+  commandName: 'kotlin',
+  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Kotlin project',
   hidden: false,
   flags: {
     ...utils.commonFlags,
     bin: {
       type: 'string',
-      default: 'sbt',
-      description: 'Location of sbt binary to use'
+      description: 'Location of gradlew binary to use, default: CWD/gradlew'
     },
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    out: {
+    gradleOpts: {
       type: 'string',
-      default: './socket.pom.xml',
-      description: 'Path of output file; where to store the resulting manifest, see also --stdout'
-    },
-    stdout: {
-      type: 'boolean',
-      description: 'Print resulting pom.xml to stdout (supersedes --out)'
+      default: '',
+      description: 'Additional options to pass on to ./gradlew, see `./gradlew --help`'
     },
-    sbtOpts: {
+    task: {
       type: 'string',
-      default: '',
-      description: 'Additional options to pass on to sbt, as per `sbt --help`'
+      default: 'all',
+      description: 'Task to target. By default targets all'
     },
     verbose: {
       type: 'boolean',
@@ -5818,153 +5969,38 @@ const config$w = {
   },
   help: (command, config) => `
     Usage
-      $ ${command} [--bin=path/to/sbt/binary] [--out=path/to/result] FILE|DIR
+      $ ${command} [--bin=path/to/gradle/binary] [--out=path/to/result] DIR
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
 
-    Uses \`sbt makePom\` to generate a \`pom.xml\` from your \`build.sbt\` file.
-    This xml file is the dependency manifest (like a package.json
-    for Node.js or requirements.txt for PyPi), but specifically for Scala.
-
-    There are some caveats with \`build.sbt\` to \`pom.xml\` conversion:
-
-    - the xml is exported as socket.pom.xml as to not confuse existing build tools
-      but it will first hit your /target/sbt<version> folder (as a different name)
-
-    - the pom.xml format (standard by Scala) does not support certain sbt features
-      - \`excludeAll()\`, \`dependencyOverrides\`, \`force()\`, \`relativePath\`
-      - For details: https://www.scala-sbt.org/1.x/docs/Library-Management.html
-
-    - it uses your sbt settings and local configuration verbatim
-
-    - it can only export one target per run, so if you have multiple targets like
-      development and production, you must run them separately.
-
-    You can optionally configure the path to the \`sbt\` bin to invoke.
-
-    Support is beta. Please report issues or give us feedback on what's missing.
-
-    This is only for SBT. If your Scala setup uses gradle, please see the help
-    sections for \`socket manifest gradle\` or \`socket cdxgen\`.
-
-    Examples
-
-      $ ${command} ./build.sbt
-      $ ${command} --bin=/usr/bin/sbt ./build.sbt
-  `
-};
-const cmdManifestScala = {
-  description: config$w.description,
-  hidden: config$w.hidden,
-  run: run$w
-};
-async function run$w(argv, importMeta, {
-  parentName
-}) {
-  const cli = utils.meowOrExit({
-    argv,
-    config: config$w,
-    importMeta,
-    parentName
-  });
-  const verbose = Boolean(cli.flags['verbose']);
-  const {
-    json,
-    markdown
-  } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
-
-  if (verbose) {
-    logger.logger.group('- ', parentName, config$w.commandName, ':');
-    logger.logger.group('- flags:', cli.flags);
-    logger.logger.groupEnd();
-    logger.logger.log('- input:', cli.input);
-    logger.logger.groupEnd();
-  }
-  const [target = ''] = cli.input;
+    Uses gradle, preferably through your local project \`gradlew\`, to generate a
+    \`pom.xml\` file for each task. If you have no \`gradlew\` you can try the
+    global \`gradle\` binary but that may not work (hard to predict).
 
-  // TODO: I'm not sure it's feasible to parse source file from stdin. We could
-  //       try, store contents in a file in some folder, target that folder... what
-  //       would the file name be?
+    The \`pom.xml\` is a manifest file similar to \`package.json\` for npm or
+    or requirements.txt for PyPi), but specifically for Maven, which is Java's
+    dependency repository. Languages like Kotlin and Scala piggy back on it too.
 
-  const wasValidInput = utils.checkCommandInput(outputKind, {
-    test: !!target && target !== '-',
-    message: 'The DIR arg is required',
-    pass: 'ok',
-    fail: target === '-' ? 'stdin is not supported' : 'missing'
-  }, {
-    nook: true,
-    test: cli.input.length <= 1,
-    message: 'Can only accept one DIR (make sure to escape spaces!)',
-    pass: 'ok',
-    fail: 'received ' + cli.input.length
-  });
-  if (!wasValidInput) {
-    return;
-  }
-  let bin = 'sbt';
-  if (cli.flags['bin']) {
-    bin = cli.flags['bin'];
-  }
-  let out = './socket.pom.xml';
-  if (cli.flags['out']) {
-    out = cli.flags['out'];
-  }
-  if (cli.flags['stdout']) {
-    out = '-';
-  }
-  if (verbose) {
-    logger.logger.group();
-    logger.logger.log('- target:', target);
-    logger.logger.log('- gradle bin:', bin);
-    logger.logger.log('- out:', out);
-    logger.logger.groupEnd();
-  }
-  let sbtOpts = [];
-  if (cli.flags['sbtOpts']) {
-    sbtOpts = cli.flags['sbtOpts'].split(' ').map(s => s.trim()).filter(Boolean);
-  }
-  if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAILING_NOW$t);
-    return;
-  }
-  await convertSbtToMaven(target, bin, out, verbose, sbtOpts);
-}
+    There are some caveats with the gradle to \`pom.xml\` conversion:
 
-const {
-  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$s
-} = constants;
-const config$v = {
-  commandName: 'auto',
-  description: 'Auto-detect build and attempt to generate manifest file',
-  hidden: false,
-  flags: {
-    ...utils.commonFlags,
-    cwd: {
-      type: 'string',
-      description: 'Set the cwd, defaults to process.cwd()'
-    },
-    verbose: {
-      type: 'boolean',
-      default: false,
-      description: 'Enable debug output, may help when running into errors'
-    }
-    // TODO: support output flags
-  },
-  help: (command, config) => `
-    Usage
-      $ ${command}
+    - each task will generate its own xml file and by default it generates one xml
+      for every task. (This may be a good thing!)
 
-    Options
-      ${utils.getFlagListOutput(config.flags, 6)}
+    - it's possible certain features don't translate well into the xml. If you
+      think something is missing that could be supported please reach out.
 
-    Tries to figure out what language your current repo uses. If it finds a
-    supported case then it will try to generate the manifest file for that
-    language with the default or detected settings.
+    - it works with your \`gradlew\` from your repo and local settings and config
+
+    Support is beta. Please report issues or give us feedback on what's missing.
+
+    Examples
+
+      $ ${command} .
+      $ ${command} --bin=../gradlew .
   `
 };
-const cmdManifestAuto = {
+const cmdManifestKotlin = {
   description: config$v.description,
   hidden: config$v.hidden,
   run: run$v
@@ -5978,127 +6014,93 @@ async function run$v(argv, importMeta, {
     importMeta,
     parentName
   });
-  const verbose = !!cli.flags['verbose'];
-  const cwd = cli.flags['cwd'] ?? process.cwd();
-  // TODO: impl json/md
+  const verbose = Boolean(cli.flags['verbose']);
+  const {
+    json,
+    markdown
+  } = cli.flags;
+  const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
 
   if (verbose) {
     logger.logger.group('- ', parentName, config$v.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
     logger.logger.log('- input:', cli.input);
-    logger.logger.log('- cwd:', cwd);
     logger.logger.groupEnd();
   }
-  const subArgs = [];
-  if (verbose) {
-    subArgs.push('--verbose');
-  }
-  const dir = cwd;
-  if (fs$1.existsSync(path.join(dir, 'build.sbt'))) {
-    logger.logger.log('Detected a Scala sbt build, running default Scala generator...');
-    if (cwd) {
-      subArgs.push('--cwd', cwd);
-    }
-    subArgs.push(dir);
-    if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAILING_NOW$s);
-      return;
-    }
-    await cmdManifestScala.run(subArgs, importMeta, {
-      parentName
-    });
+  const [target = ''] = cli.input;
+
+  // TODO: I'm not sure it's feasible to parse source file from stdin. We could
+  //       try, store contents in a file in some folder, target that folder... what
+  //       would the file name be?
+
+  const wasValidInput = utils.checkCommandInput(outputKind, {
+    test: !!target && target !== '-',
+    message: 'The DIR arg is required',
+    pass: 'ok',
+    fail: target === '-' ? 'stdin is not supported' : 'missing'
+  }, {
+    nook: true,
+    test: cli.input.length <= 1,
+    message: 'Can only accept one DIR (make sure to escape spaces!)',
+    pass: 'ok',
+    fail: 'received ' + cli.input.length
+  });
+  if (!wasValidInput) {
     return;
   }
-  if (fs$1.existsSync(path.join(dir, 'gradlew'))) {
-    logger.logger.log('Detected a gradle build, running default gradle generator...');
-    if (cwd) {
-      // This command takes the cwd as first arg.
-      subArgs.push(cwd);
-    }
-    if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAILING_NOW$s);
-      return;
-    }
-    await cmdManifestGradle.run(subArgs, importMeta, {
-      parentName
-    });
-    return;
+  const {
+    bin = path.join(target, 'gradlew'),
+    cwd = process.cwd()
+  } = cli.flags;
+  if (verbose) {
+    logger.logger.group();
+    logger.logger.log('- target:', target);
+    logger.logger.log('- gradle bin:', bin);
+    logger.logger.groupEnd();
   }
-  const envyml = path.join(dir, 'environment.yml');
-  const hasEnvyml = fs$1.existsSync(envyml);
-  const envyaml = path.join(dir, 'environment.yaml');
-  const hasEnvyaml = !hasEnvyml && fs$1.existsSync(envyaml);
-  if (hasEnvyml || hasEnvyaml) {
-    logger.logger.log('Detected an environment.yml file, running default Conda generator...');
-    // This command takes the TARGET as first arg.
-    subArgs.push(hasEnvyml ? envyml : hasEnvyaml ? envyaml : '');
-    if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAILING_NOW$s);
-      return;
-    }
-    await cmdManifestConda.run(subArgs, importMeta, {
-      parentName
-    });
-    return;
+  let gradleOpts = [];
+  if (cli.flags['gradleOpts']) {
+    gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$s);
     return;
   }
-
-  // Show new help screen and exit.
-  vendor.meow(`
-    $ ${parentName} ${config$v.commandName}
-
-    Unfortunately this script did not discover a supported language in the
-    current folder.
-
-    - Make sure this script would work with your target build
-    - Make sure to run it from the correct folder
-    - Make sure the necessary build tools are available (\`PATH\`)
-
-    If that doesn't work, see \`${parentName} <lang> --help\` for config details for
-    your target language.
-  `, {
-    argv: [],
-    description: config$v.description,
-    importMeta
-  }).showHelp();
+  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
 }
 
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$r
 } = constants;
-
-// TODO: we may want to dedupe some pieces for all gradle languages. I think it
-//       makes sense to have separate commands for them and I think it makes
-//       sense for the help panels to note the requested language, rather than
-//       `socket manifest kotlin` to print help screens with `gradle` as the
-//       command. Room for improvement.
 const config$u = {
-  commandName: 'kotlin',
-  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Kotlin project',
+  commandName: 'scala',
+  description: "[beta] Generate a manifest file (`pom.xml`) from Scala's `build.sbt` file",
   hidden: false,
   flags: {
     ...utils.commonFlags,
     bin: {
       type: 'string',
-      description: 'Location of gradlew binary to use, default: CWD/gradlew'
+      default: 'sbt',
+      description: 'Location of sbt binary to use'
     },
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    gradleOpts: {
+    out: {
       type: 'string',
-      default: '',
-      description: 'Additional options to pass on to ./gradlew, see `./gradlew --help`'
+      default: './socket.pom.xml',
+      description: 'Path of output file; where to store the resulting manifest, see also --stdout'
     },
-    task: {
+    stdout: {
+      type: 'boolean',
+      description: 'Print resulting pom.xml to stdout (supersedes --out)'
+    },
+    sbtOpts: {
       type: 'string',
-      default: 'all',
-      description: 'Task to target. By default targets all'
+      default: '',
+      description: 'Additional options to pass on to sbt, as per `sbt --help`'
     },
     verbose: {
       type: 'boolean',
@@ -6107,38 +6109,43 @@ const config$u = {
   },
   help: (command, config) => `
     Usage
-      $ ${command} [--bin=path/to/gradle/binary] [--out=path/to/result] DIR
+      $ ${command} [--bin=path/to/sbt/binary] [--out=path/to/result] FILE|DIR
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
 
-    Uses gradle, preferably through your local project \`gradlew\`, to generate a
-    \`pom.xml\` file for each task. If you have no \`gradlew\` you can try the
-    global \`gradle\` binary but that may not work (hard to predict).
+    Uses \`sbt makePom\` to generate a \`pom.xml\` from your \`build.sbt\` file.
+    This xml file is the dependency manifest (like a package.json
+    for Node.js or requirements.txt for PyPi), but specifically for Scala.
 
-    The \`pom.xml\` is a manifest file similar to \`package.json\` for npm or
-    or requirements.txt for PyPi), but specifically for Maven, which is Java's
-    dependency repository. Languages like Kotlin and Scala piggy back on it too.
+    There are some caveats with \`build.sbt\` to \`pom.xml\` conversion:
 
-    There are some caveats with the gradle to \`pom.xml\` conversion:
+    - the xml is exported as socket.pom.xml as to not confuse existing build tools
+      but it will first hit your /target/sbt<version> folder (as a different name)
 
-    - each task will generate its own xml file and by default it generates one xml
-      for every task. (This may be a good thing!)
+    - the pom.xml format (standard by Scala) does not support certain sbt features
+      - \`excludeAll()\`, \`dependencyOverrides\`, \`force()\`, \`relativePath\`
+      - For details: https://www.scala-sbt.org/1.x/docs/Library-Management.html
 
-    - it's possible certain features don't translate well into the xml. If you
-      think something is missing that could be supported please reach out.
+    - it uses your sbt settings and local configuration verbatim
 
-    - it works with your \`gradlew\` from your repo and local settings and config
+    - it can only export one target per run, so if you have multiple targets like
+      development and production, you must run them separately.
+
+    You can optionally configure the path to the \`sbt\` bin to invoke.
 
     Support is beta. Please report issues or give us feedback on what's missing.
 
+    This is only for SBT. If your Scala setup uses gradle, please see the help
+    sections for \`socket manifest gradle\` or \`socket cdxgen\`.
+
     Examples
 
-      $ ${command} .
-      $ ${command} --bin=../gradlew .
+      $ ${command} ./build.sbt
+      $ ${command} --bin=/usr/bin/sbt ./build.sbt
   `
 };
-const cmdManifestKotlin = {
+const cmdManifestScala = {
   description: config$u.description,
   hidden: config$u.hidden,
   run: run$u
@@ -6187,25 +6194,33 @@ async function run$u(argv, importMeta, {
   if (!wasValidInput) {
     return;
   }
-  const {
-    bin = path.join(target, 'gradlew'),
-    cwd = process.cwd()
-  } = cli.flags;
+  let bin = 'sbt';
+  if (cli.flags['bin']) {
+    bin = cli.flags['bin'];
+  }
+  let out = './socket.pom.xml';
+  if (cli.flags['out']) {
+    out = cli.flags['out'];
+  }
+  if (cli.flags['stdout']) {
+    out = '-';
+  }
   if (verbose) {
     logger.logger.group();
     logger.logger.log('- target:', target);
     logger.logger.log('- gradle bin:', bin);
+    logger.logger.log('- out:', out);
     logger.logger.groupEnd();
   }
-  let gradleOpts = [];
-  if (cli.flags['gradleOpts']) {
-    gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
+  let sbtOpts = [];
+  if (cli.flags['sbtOpts']) {
+    sbtOpts = cli.flags['sbtOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$r);
     return;
   }
-  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
+  await convertSbtToMaven(target, bin, out, verbose, sbtOpts);
 }
 
 const config$t = {
@@ -8743,6 +8758,50 @@ async function run$d(argv, importMeta, {
   await handleDeleteRepo(orgSlug, repoName, outputKind);
 }
 
+async function fetchListAllRepos({
+  direction,
+  orgSlug,
+  sort
+}) {
+  const sockSdkResult = await utils.setupSdk();
+  if (!sockSdkResult.ok) {
+    return sockSdkResult;
+  }
+  const sockSdk = sockSdkResult.data;
+  const rows = [];
+  let protection = 0;
+  let nextPage = 0;
+  while (nextPage >= 0) {
+    if (++protection > 100) {
+      return {
+        ok: false,
+        message: 'Infinite loop detected',
+        cause: `Either there are over 100 pages of results or the fetch has run into an infinite loop. Breaking it off now. nextPage=${nextPage}`
+      };
+    }
+    // eslint-disable-next-line no-await-in-loop
+    const result = await utils.handleApiCall(sockSdk.getOrgRepoList(orgSlug, {
+      sort,
+      direction,
+      per_page: String(100),
+      // max
+      page: String(nextPage)
+    }), 'list of repositories');
+    if (!result.ok) {
+      return result;
+    }
+    result.data.results.forEach(row => rows.push(row));
+    nextPage = result.data.nextPage ?? -1;
+  }
+  return {
+    ok: true,
+    data: {
+      results: rows,
+      nextPage: null
+    }
+  };
+}
+
 async function fetchListRepos({
   direction,
   orgSlug,
@@ -8764,18 +8823,33 @@ async function fetchListRepos({
 }
 
 // @ts-ignore
-async function outputListRepos(result, outputKind) {
+async function outputListRepos(result, outputKind, page, nextPage, sort, perPage, direction) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1;
   }
   if (outputKind === 'json') {
-    logger.logger.log(utils.serializeResultJson(result));
+    if (result.ok) {
+      logger.logger.log(utils.serializeResultJson({
+        ok: true,
+        data: {
+          data: result.data,
+          direction,
+          nextPage: nextPage ?? 0,
+          page,
+          perPage,
+          sort
+        }
+      }));
+    } else {
+      logger.logger.log(utils.serializeResultJson(result));
+    }
     return;
   }
   if (!result.ok) {
     logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
     return;
   }
+  logger.logger.log(`Result page: ${page}, results per page: ${perPage === Infinity ? 'all' : perPage}, sorted by: ${sort}, direction: ${direction}`);
   const options = {
     columns: [{
       field: 'id',
@@ -8795,9 +8869,18 @@ async function outputListRepos(result, outputKind) {
     }]
   };
   logger.logger.log(vendor.srcExports(options, result.data.results));
+  if (nextPage) {
+    logger.logger.info(`This is page ${page}. Server indicated there are more results available on page ${nextPage}...`);
+    logger.logger.info(`(Hint: you can use \`socket repos list --page ${nextPage}\`)`);
+  } else if (perPage === Infinity) {
+    logger.logger.info(`This should be the entire list available on the server.`);
+  } else {
+    logger.logger.info(`This is page ${page}. Server indicated this is the last page with results.`);
+  }
 }
 
 async function handleListRepos({
+  all,
   direction,
   orgSlug,
   outputKind,
@@ -8805,14 +8888,28 @@ async function handleListRepos({
   per_page,
   sort
 }) {
-  const data = await fetchListRepos({
-    direction,
-    orgSlug,
-    page,
-    per_page,
-    sort
-  });
-  await outputListRepos(data, outputKind);
+  if (all) {
+    const data = await fetchListAllRepos({
+      direction,
+      orgSlug,
+      sort
+    });
+    await outputListRepos(data, outputKind, 0, 0, sort, Infinity, direction);
+  } else {
+    const data = await fetchListRepos({
+      direction,
+      orgSlug,
+      page,
+      per_page,
+      sort
+    });
+    if (!data.ok) {
+      await outputListRepos(data, outputKind, 0, 0, '', 0, direction);
+    } else {
+      // Note: nextPage defaults to 0, is null when there's no next page
+      await outputListRepos(data, outputKind, page, data.data.nextPage, sort, per_page, direction);
+    }
+  }
 }
 
 const {
@@ -8825,11 +8922,10 @@ const config$c = {
   flags: {
     ...utils.commonFlags,
     ...utils.outputFlags,
-    sort: {
-      type: 'string',
-      shortFlag: 's',
-      default: 'created_at',
-      description: 'Sorting option'
+    all: {
+      type: 'boolean',
+      default: false,
+      description: 'By default view shows the last n repos. This flag allows you to fetch the entire list. Will ignore --page and --perPage.'
     },
     direction: {
       type: 'string',
@@ -8856,6 +8952,12 @@ const config$c = {
       shortFlag: 'p',
       default: 1,
       description: 'Page number'
+    },
+    sort: {
+      type: 'string',
+      shortFlag: 's',
+      default: 'created_at',
+      description: 'Sorting option'
     }
   },
   help: (command, config) => `
@@ -8888,15 +8990,15 @@ async function run$c(argv, importMeta, {
     parentName
   });
   const {
-    json,
-    markdown
-  } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
-  const {
+    all,
+    direction = 'desc',
     dryRun,
     interactive,
+    json,
+    markdown,
     org: orgFlag
   } = cli.flags;
+  const outputKind = utils.getOutputKind(json, markdown);
   const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), cli.input[0] || '', !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
   const wasValidInput = utils.checkCommandInput(outputKind, {
@@ -8917,6 +9019,12 @@ async function run$c(argv, importMeta, {
     message: 'You need to be logged in to use this command. See `socket login`.',
     pass: 'ok',
     fail: 'missing API token'
+  }, {
+    nook: true,
+    test: direction === 'asc' || direction === 'desc',
+    message: 'The --direction value must be "asc" or "desc"',
+    pass: 'ok',
+    fail: 'unexpected value'
   });
   if (!wasValidInput) {
     return;
@@ -8926,7 +9034,8 @@ async function run$c(argv, importMeta, {
     return;
   }
   await handleListRepos({
-    direction: cli.flags['direction'] === 'asc' ? 'asc' : 'desc',
+    all: Boolean(all),
+    direction: direction === 'asc' ? 'asc' : 'desc',
     orgSlug,
     outputKind,
     page: Number(cli.flags['page']) || 1,
@@ -9374,11 +9483,6 @@ const config$9 = {
       default: true,
       description: 'Allow for interactive elements, asking for input. Use --no-interactive to prevent any input questions, defaulting them to cancel/no.'
     },
-    pendingHead: {
-      type: 'boolean',
-      default: true,
-      description: 'Designate this full-scan as the latest scan of a given branch. This must be set to have it show up in the dashboard.'
-    },
     pullRequest: {
       type: 'number',
       shortFlag: 'pr',
@@ -9404,11 +9508,17 @@ const config$9 = {
       default: false,
       description: 'Wait for the scan creation to complete, then basically run `socket scan report` on it'
     },
+    setAsAlertsPage: {
+      type: 'boolean',
+      default: true,
+      aliases: ['pendingHead'],
+      description: 'When true and if this is the "default branch" then this Scan will be the one reflected on your alerts page. See help for details. Defaults to true.'
+    },
     tmp: {
       type: 'boolean',
       shortFlag: 't',
       default: false,
-      description: 'Set the visibility (true/false) of the scan in your dashboard. Can not be used when --pendingHead is set.'
+      description: 'Set the visibility (true/false) of the scan in your dashboard.'
     }
   },
   // TODO: your project's "socket.yml" file's "projectIgnorePaths"
@@ -9440,8 +9550,12 @@ const config$9 = {
     Note: for a first run you probably want to set --defaultBranch to indicate
           the default branch name, like "main" or "master".
 
-    Note: --pendingHead is enabled by default and makes a scan show up in your
-          dashboard. You can use \`--no-pendingHead\` to have it not show up.
+    The "alerts page" (https://socket.dev/dashboard/org/YOURORG/alerts) will show
+    the results from the last scan designated as the "pending head" on the branch
+    configured on Socket to be the "default branch". When creating a scan the
+    --setAsAlertsPage flag will default to true to update this. You can prevent
+    this by using --no-setAsAlertsPage. This flag is ignored for any branch that
+    is not designated as the "default branch". It is disabled when using --tmp.
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
@@ -9477,14 +9591,15 @@ async function run$9(argv, importMeta, {
     json,
     markdown,
     org: orgFlag,
-    pendingHead,
     pullRequest,
     readOnly,
     repo: repoName = 'socket-default-repository',
     report,
+    setAsAlertsPage: pendingHeadFlag,
     tmp
   } = cli.flags;
   const outputKind = utils.getOutputKind(json, markdown);
+  const pendingHead = tmp ? false : pendingHeadFlag;
   let [orgSlug, defaultOrgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), cli.input[0] || '', interactive, dryRun);
   if (!defaultOrgSlug) {
     // Tmp. just for TS. will drop this later.
@@ -9548,12 +9663,6 @@ async function run$9(argv, importMeta, {
     message: 'This command requires an API token for access',
     pass: 'ok',
     fail: 'missing (try `socket login`)'
-  }, {
-    nook: true,
-    test: !pendingHead || !tmp,
-    message: 'Can not use --pendingHead and --tmp at the same time',
-    pass: 'ok',
-    fail: 'remove at least one flag'
   }, {
     nook: true,
     test: !pendingHead || !!branchName,
@@ -11597,5 +11706,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=8c291e79-2d0e-444d-af3a-8be88558aeff
+//# debugId=58ee5340-de19-42ee-8faf-fef7b5047b56
 //# sourceMappingURL=cli.js.map