@socketsecurity/cli-with-sentry 0.15.15 → 0.15.17

package/dist/cli.js

@@ -14,6 +14,7 @@ var fs$1 = require('node:fs');
 var path = require('node:path');
 var shadowBin = require('./shadow-bin.js');
 var prompts = require('../external/@socketsecurity/registry/lib/prompts');
+var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var util = require('node:util');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
 var registry = require('../external/@socketsecurity/registry');
@@ -22,7 +23,6 @@ var packages = require('../external/@socketsecurity/registry/lib/packages');
 var sorts = require('../external/@socketsecurity/registry/lib/sorts');
 var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
-var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var fs$2 = require('../external/@socketsecurity/registry/lib/fs');
 var shadowInject = require('./shadow-inject.js');
 var objects = require('../external/@socketsecurity/registry/lib/objects');
@@ -1769,165 +1769,621 @@ async function outputCreateNewScan(result, outputKind, interactive) {
   }
 }
 
-async function handleCreateNewScan({
-  branchName,
-  commitHash,
-  commitMessage,
-  committers,
-  cwd,
-  defaultBranch,
-  interactive,
-  orgSlug,
-  outputKind,
-  pendingHead,
-  pullRequest,
-  readOnly,
-  repoName,
-  report,
-  targets,
-  tmp
-}) {
-  const supportedFileNames = await fetchSupportedScanFileNames();
-  if (!supportedFileNames.ok) {
-    await outputCreateNewScan(supportedFileNames, outputKind, interactive);
-    return;
-  }
-  const packagePaths = await utils.getPackageFilesForScan(cwd, targets, supportedFileNames.data);
-  const wasValidInput = utils.checkCommandInput(outputKind, {
-    nook: true,
-    test: packagePaths.length > 0,
-    pass: 'ok',
-    fail: 'found no eligible files to scan',
-    message: 'TARGET (file/dir) must contain matching / supported file types for a scan'
-  });
-  if (!wasValidInput) {
-    return;
+// The point here is to attempt to detect the various supported manifest files
+// the CLI can generate. This would be environments that we can't do server side
+
+async function detectManifestActions(cwd = process.cwd()) {
+  const output = {
+    cdxgen: false,
+    // TODO
+    count: 0,
+    conda: false,
+    gradle: false,
+    sbt: false
+  };
+  if (fs$1.existsSync(path.join(cwd, 'build.sbt'))) {
+    debug.debugLog('Detected a Scala sbt build, running default Scala generator...');
+    output.sbt = true;
+    output.count += 1;
   }
-  if (readOnly) {
-    logger.logger.log('[ReadOnly] Bailing now');
-    return;
+  if (fs$1.existsSync(path.join(cwd, 'gradlew'))) {
+    debug.debugLog('Detected a gradle build, running default gradle generator...');
+    output.gradle = true;
+    output.count += 1;
   }
-  const data = await fetchCreateOrgFullScan(packagePaths, orgSlug, defaultBranch, pendingHead, tmp, cwd, {
-    commitHash,
-    commitMessage,
-    committers,
-    pullRequest,
-    repoName,
-    branchName
-  });
-  if (data.ok && report) {
-    if (data.data?.id) {
-      await handleScanReport({
-        filePath: '-',
-        fold: 'version',
-        includeLicensePolicy: true,
-        orgSlug,
-        outputKind,
-        reportLevel: 'error',
-        scanId: data.data.id,
-        short: false
-      });
-    } else {
-      await outputCreateNewScan({
-        ok: false,
-        message: 'Missing Scan ID',
-        cause: 'Server did not respond with a scan ID',
-        data: data.data
-      }, outputKind, interactive);
-    }
-  } else {
-    await outputCreateNewScan(data, outputKind, interactive);
+  const envyml = path.join(cwd, 'environment.yml');
+  const hasEnvyml = fs$1.existsSync(envyml);
+  const envyaml = path.join(cwd, 'environment.yaml');
+  const hasEnvyaml = !hasEnvyml && fs$1.existsSync(envyaml);
+  if (hasEnvyml || hasEnvyaml) {
+    debug.debugLog('Detected an environment.yml file, running default Conda generator...');
+    output.conda = true;
+    output.count += 1;
   }
+  return output;
 }
 
-async function handleCI() {
-  // ci: {
-  //   description: 'Alias for "report create --view --strict"',
-  //     argv: ['report', 'create', '--view', '--strict']
-  // }
-  const result = await getDefaultOrgSlug();
-  if (!result.ok) {
-    process.exitCode = result.code ?? 1;
-    // Always assume json mode
-    logger.logger.log(utils.serializeResultJson(result));
-    return;
+async function convertGradleToMaven(target, bin, cwd, verbose, gradleOpts) {
+  // TODO: impl json/md
+  if (verbose) {
+    logger.logger.log('[VERBOSE] Resolving:', [cwd, bin]);
   }
+  const rbin = path.resolve(cwd, bin);
+  if (verbose) {
+    logger.logger.log('[VERBOSE] Resolving:', [cwd, target]);
+  }
+  const rtarget = path.resolve(cwd, target);
+  const binExists = fs$1.existsSync(rbin);
+  const targetExists = fs$1.existsSync(rtarget);
+  logger.logger.group('gradle2maven:');
+  if (verbose || debug.isDebug()) {
+    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\` (${binExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
+    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\` (${targetExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
+  } else {
+    logger.logger.log(`- executing: \`${rbin}\``);
+    if (!binExists) {
+      logger.logger.warn('Warning: It appears the executable could not be found at this location. An error might be printed later because of that.');
+    }
+    logger.logger.log(`- src dir: \`${rtarget}\``);
+    if (!targetExists) {
+      logger.logger.warn('Warning: It appears the src dir could not be found at this location. An error might be printed later because of that.');
+    }
+  }
+  logger.logger.groupEnd();
+  try {
+    // Run gradlew with the init script we provide which should yield zero or more
+    // pom files. We have to figure out where to store those pom files such that
+    // we can upload them and predict them through the GitHub API. We could do a
+    // .socket folder. We could do a socket.pom.gz with all the poms, although
+    // I'd prefer something plain-text if it is to be committed.
 
-  // TODO: does it make sense to discover the commit details from local git?
-  // TODO: does it makes sense to use custom branch/repo names here? probably socket.yml, right
-  await handleCreateNewScan({
-    branchName: 'socket-default-branch',
-    commitMessage: '',
-    commitHash: '',
-    committers: '',
-    cwd: process.cwd(),
-    defaultBranch: false,
-    interactive: false,
-    orgSlug: result.data,
-    outputKind: 'json',
-    pendingHead: true,
-    // when true, requires branch name set, tmp false
-    pullRequest: 0,
-    repoName: 'socket-default-repository',
-    readOnly: false,
-    report: true,
-    targets: ['.'],
-    tmp: false // don't set when pendingHead is true
-  });
-}
-
-const {
-  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$H
-} = constants;
-const config$L = {
-  commandName: 'ci',
-  description: 'Create a new scan and report whether it passes your security policy',
-  hidden: true,
-  flags: {
-    ...utils.commonFlags
-  },
-  help: (parentName, _config) => `
-    Usage
-      $ ${parentName}
-
-    This command is intended to use in CI runs to allow automated systems to
-    accept or reject a current build. When the scan does not pass your security
-    policy, the exit code will be non-zero.
-
-    It will use the default org for the set API token.
-  `
-};
-const cmdCI = {
-  description: config$L.description,
-  hidden: config$L.hidden,
-  run: run$L
-};
-async function run$L(argv, importMeta, {
-  parentName
-}) {
-  const cli = utils.meowOrExit({
-    argv,
-    config: config$L,
-    importMeta,
-    parentName
-  });
-  if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAILING_NOW$H);
-    return;
+    // Note: init.gradle will be exported by .config/rollup.dist.config.mjs
+    const initLocation = path.join(constants.distPath, 'init.gradle');
+    const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
+    if (verbose) {
+      logger.logger.log('[VERBOSE] Executing:', [bin], ', args:', commandArgs);
+    }
+    logger.logger.log(`Converting gradle to maven from \`${bin}\` on \`${target}\` ...`);
+    const output = await execGradleWithSpinner(rbin, commandArgs, rtarget, cwd);
+    if (verbose) {
+      logger.logger.group('[VERBOSE] gradle stdout:');
+      logger.logger.log(output);
+      logger.logger.groupEnd();
+    }
+    if (output.code !== 0) {
+      process.exitCode = 1;
+      logger.logger.fail(`Gradle exited with exit code ${output.code}`);
+      // (In verbose mode, stderr was printed above, no need to repeat it)
+      if (!verbose) {
+        logger.logger.group('stderr:');
+        logger.logger.error(output.stderr);
+        logger.logger.groupEnd();
+      }
+      return;
+    }
+    logger.logger.success('Executed gradle successfully');
+    logger.logger.log('Reported exports:');
+    output.stdout.replace(/^POM file copied to: (.*)/gm, (_all, fn) => {
+      logger.logger.log('- ', fn);
+      return fn;
+    });
+    logger.logger.log('');
+    logger.logger.log('Next step is to generate a Scan by running the `socket scan create` command on the same directory');
+  } catch (e) {
+    process.exitCode = 1;
+    logger.logger.fail('There was an unexpected error while generating manifests' + (verbose ? '' : '  (use --verbose for details)'));
+    if (verbose) {
+      logger.logger.group('[VERBOSE] error:');
+      logger.logger.log(e);
+      logger.logger.groupEnd();
+    }
   }
-  await handleCI();
 }
-
-async function discoverConfigValue(key) {
-  // This will have to be a specific implementation per key because certain
-  // keys should request information from particular API endpoints while
-  // others should simply return their default value, like endpoint URL.
-
-  if (!utils.supportedConfigKeys.has(key)) {
+async function execGradleWithSpinner(bin, commandArgs, target, cwd) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  let pass = false;
+  try {
+    spinner.start(`Running gradlew... (this can take a while, it depends on how long gradlew has to run)`);
+    const output = await spawn.spawn(bin, commandArgs, {
+      // We can pipe the output through to have the user see the result
+      // of running gradlew, but then we can't (easily) gather the output
+      // to discover the generated files... probably a flag we should allow?
+      // stdio: isDebug() ? 'inherit' : undefined,
+      cwd: target || cwd
+    });
+    pass = true;
+    const {
+      code,
+      stderr,
+      stdout
+    } = output;
     return {
-      ok: false,
-      message: 'Auto discover failed',
-      cause: 'Requested key is not a valid config key.'
+      code,
+      stdout,
+      stderr
+    };
+  } finally {
+    if (pass) {
+      spinner.successAndStop('Completed gradlew execution');
+    } else {
+      spinner.failAndStop('There was an error while trying to run gradlew.');
+    }
+  }
+}
+
+async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
+  // TODO: impl json/md
+
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  const rbin = path.resolve(bin);
+  const rtarget = path.resolve(target);
+  if (verbose) {
+    logger.logger.group('sbt2maven:');
+    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\``);
+    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\``);
+    // logger.log(`[VERBOSE] - Absolute out path: \`${rout}\``)
+    logger.logger.groupEnd();
+  } else {
+    logger.logger.group('sbt2maven:');
+    logger.logger.log(`- executing: \`${bin}\``);
+    logger.logger.log(`- src dir: \`${target}\``);
+    // logger.log(`- dst dir: \`${out}\``)
+    logger.logger.groupEnd();
+  }
+  try {
+    spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
+
+    // Run sbt with the init script we provide which should yield zero or more
+    // pom files. We have to figure out where to store those pom files such that
+    // we can upload them and predict them through the GitHub API. We could do a
+    // .socket folder. We could do a socket.pom.gz with all the poms, although
+    // I'd prefer something plain-text if it is to be committed.
+    const output = await spawn.spawn(bin, ['makePom'].concat(sbtOpts), {
+      cwd: target || '.'
+    });
+    spinner.stop();
+    if (verbose) {
+      logger.logger.group('[VERBOSE] sbt stdout:');
+      logger.logger.log(output);
+      logger.logger.groupEnd();
+    }
+    if (output.stderr) {
+      process.exitCode = 1;
+      logger.logger.fail('There were errors while running sbt');
+      // (In verbose mode, stderr was printed above, no need to repeat it)
+      if (!verbose) {
+        logger.logger.group('[VERBOSE] stderr:');
+        logger.logger.error(output.stderr);
+        logger.logger.groupEnd();
+      }
+      return;
+    }
+    const poms = [];
+    output.stdout.replace(/Wrote (.*?.pom)\n/g, (_all, fn) => {
+      poms.push(fn);
+      return fn;
+    });
+    if (!poms.length) {
+      process.exitCode = 1;
+      logger.logger.fail('There were no errors from sbt but it seems to not have generated any poms either');
+      return;
+    }
+    // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
+    // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
+    // TODO: maybe we can add an option to target a specific file to dump to stdout
+    if (out === '-' && poms.length === 1) {
+      logger.logger.log('Result:\n```');
+      logger.logger.log(await utils.safeReadFile(poms[0]));
+      logger.logger.log('```');
+      logger.logger.success(`OK`);
+    } else if (out === '-') {
+      process.exitCode = 1;
+      logger.logger.fail('Requested out target was stdout but there are multiple generated files');
+      poms.forEach(fn => logger.logger.error('-', fn));
+      logger.logger.info('Exiting now...');
+      return;
+    } else {
+      // if (verbose) {
+      //   logger.log(
+      //     `Moving manifest file from \`${loc.replace(/^\/home\/[^/]*?\//, '~/')}\` to \`${out}\``
+      //   )
+      // } else {
+      //   logger.log('Moving output pom file')
+      // }
+      // TODO: do we prefer fs-extra? renaming can be gnarly on windows and fs-extra's version is better
+      // await renamep(loc, out)
+      logger.logger.success(`Generated ${poms.length} pom files`);
+      poms.forEach(fn => logger.logger.log('-', fn));
+      logger.logger.success(`OK`);
+    }
+  } catch (e) {
+    process.exitCode = 1;
+    spinner.stop();
+    logger.logger.fail('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
+    if (verbose) {
+      logger.logger.group('[VERBOSE] error:');
+      logger.logger.log(e);
+      logger.logger.groupEnd();
+    }
+  }
+}
+
+async function convertCondaToRequirements(target, cwd, verbose) {
+  let contents;
+  if (target === '-') {
+    if (verbose) {
+      logger.logger.info(`[VERBOSE] reading input from stdin`);
+    }
+    const buf = [];
+    contents = await new Promise((resolve, reject) => {
+      process.stdin.on('data', chunk => {
+        const input = chunk.toString();
+        buf.push(input);
+      });
+      process.stdin.on('end', () => {
+        resolve(buf.join(''));
+      });
+      process.stdin.on('error', e => {
+        if (verbose) {
+          logger.logger.error('Unexpected error while reading from stdin:', e);
+        }
+        reject(e);
+      });
+      process.stdin.on('close', () => {
+        if (buf.length === 0) {
+          if (verbose) {
+            logger.logger.error('stdin closed explicitly without data received');
+          }
+          reject(new Error('No data received from stdin'));
+        } else {
+          if (verbose) {
+            logger.logger.error('warning: stdin closed explicitly with some data received');
+          }
+          resolve(buf.join(''));
+        }
+      });
+    });
+    if (!contents) {
+      return {
+        ok: false,
+        message: 'Manifest Generation Failed',
+        cause: 'No data received from stdin'
+      };
+    }
+  } else {
+    const f = path.resolve(cwd, target);
+    if (verbose) {
+      logger.logger.info(`[VERBOSE] target file: ${f}`);
+    }
+    if (!fs$1.existsSync(f)) {
+      return {
+        ok: false,
+        message: 'Manifest Generation Failed',
+        cause: `Input file not found at ${f}`
+      };
+    }
+    contents = fs$1.readFileSync(target, 'utf8');
+    if (!contents) {
+      return {
+        ok: false,
+        message: 'Manifest Generation Failed',
+        cause: 'File is empty'
+      };
+    }
+  }
+  return {
+    ok: true,
+    data: {
+      contents,
+      pip: convertCondaToRequirementsFromInput(contents)
+    }
+  };
+}
+
+// Just extract the first pip block, if one exists at all.
+function convertCondaToRequirementsFromInput(input) {
+  const keeping = [];
+  let collecting = false;
+  let delim = '-';
+  let indent = '';
+  input.split('\n').some(line => {
+    if (!line) {
+      // Ignore empty lines
+      return;
+    }
+    if (collecting) {
+      if (line.startsWith('#')) {
+        // Ignore comment lines (keep?)
+        return;
+      }
+      if (line.startsWith(delim)) {
+        // In this case we have a line with the same indentation as the
+        // `- pip:` line, so we have reached the end of the pip block.
+        return true; // the end
+      } else {
+        if (!indent) {
+          // Store the indentation of the block
+          if (line.trim().startsWith('-')) {
+            indent = line.split('-')[0] + '-';
+            if (indent.length <= delim.length) {
+              // The first line after the `pip:` line does not indent further
+              // than that so the block is empty?
+              return true;
+            }
+          }
+        }
+        if (line.startsWith(indent)) {
+          keeping.push(line.slice(indent.length).trim());
+        } else {
+          // Unexpected input. bail.
+          return true;
+        }
+      }
+    } else {
+      // Note: the line may end with a line comment so don't === it.
+      if (line.trim().startsWith('- pip:')) {
+        delim = line.split('-')[0] + '-';
+        collecting = true;
+      }
+    }
+  });
+  return keeping.join('\n');
+}
+
+async function outputRequirements(result, outputKind, out) {
+  if (!result.ok) {
+    process.exitCode = result.code ?? 1;
+  }
+  if (!result.ok) {
+    if (outputKind === 'json') {
+      logger.logger.log(utils.serializeResultJson(result));
+      return;
+    }
+    logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
+    return;
+  }
+  if (outputKind === 'json') {
+    const json = utils.serializeResultJson(result);
+    if (out === '-') {
+      logger.logger.log(json);
+    } else {
+      fs$1.writeFileSync(out, json, 'utf8');
+    }
+    return;
+  }
+  if (outputKind === 'markdown') {
+    const arr = [];
+    arr.push('# Converted Conda file');
+    arr.push('');
+    arr.push('This is the Conda `environment.yml` file converted to python `requirements.txt`:');
+    arr.push('');
+    arr.push('```file=requirements.txt');
+    arr.push(result.data.pip);
+    arr.push('```');
+    arr.push('');
+    const md = arr.join('\n');
+    if (out === '-') {
+      logger.logger.log(md);
+    } else {
+      fs$1.writeFileSync(out, md, 'utf8');
+    }
+    return;
+  }
+  if (out === '-') {
+    logger.logger.log(result.data.pip);
+    logger.logger.log('');
+  } else {
+    fs$1.writeFileSync(out, result.data.pip, 'utf8');
+  }
+}
+
+async function handleManifestConda(target, out, outputKind, cwd, verbose) {
+  const data = await convertCondaToRequirements(target, cwd, verbose);
+  await outputRequirements(data, outputKind, out);
+}
+
+async function generateAutoManifest(detected, cwd, verbose, outputKind) {
+  if (detected.sbt) {
+    logger.logger.log('Detected a Scala sbt build, generating pom files with sbt...');
+    await convertSbtToMaven(cwd, 'sbt', './socket.sbt.pom.xml', verbose, []);
+  }
+  if (detected.gradle) {
+    logger.logger.log('Detected a gradle build (Gradle, Kotlin, Scala), running default gradle generator...');
+    await convertGradleToMaven(cwd, path.join(cwd, 'gradlew'), cwd, verbose, []);
+  }
+  if (detected.conda) {
+    logger.logger.log('Detected an environment.yml file, running default Conda generator...');
+    await handleManifestConda(cwd, '', outputKind, cwd, verbose);
+  }
+}
+
+async function handleCreateNewScan({
+  autoManifest,
+  branchName,
+  commitHash,
+  commitMessage,
+  committers,
+  cwd,
+  defaultBranch,
+  interactive,
+  orgSlug,
+  outputKind,
+  pendingHead,
+  pullRequest,
+  readOnly,
+  repoName,
+  report,
+  targets,
+  tmp
+}) {
+  if (autoManifest) {
+    logger.logger.info('Auto generating manifest files ...');
+    const detected = await detectManifestActions(cwd);
+    await generateAutoManifest(detected, cwd, false, outputKind);
+    logger.logger.info('Auto generation finished. Proceeding with Scan creation.');
+  }
+  const supportedFileNames = await fetchSupportedScanFileNames();
+  if (!supportedFileNames.ok) {
+    await outputCreateNewScan(supportedFileNames, outputKind, interactive);
+    return;
+  }
+  const packagePaths = await utils.getPackageFilesForScan(cwd, targets, supportedFileNames.data);
+  const wasValidInput = utils.checkCommandInput(outputKind, {
+    nook: true,
+    test: packagePaths.length > 0,
+    pass: 'ok',
+    fail: 'found no eligible files to scan',
+    message: 'TARGET (file/dir) must contain matching / supported file types for a scan'
+  });
+  if (!wasValidInput) {
+    return;
+  }
+  if (readOnly) {
+    logger.logger.log('[ReadOnly] Bailing now');
+    return;
+  }
+  const data = await fetchCreateOrgFullScan(packagePaths, orgSlug, defaultBranch, pendingHead, tmp, cwd, {
+    commitHash,
+    commitMessage,
+    committers,
+    pullRequest,
+    repoName,
+    branchName
+  });
+  if (data.ok && report) {
+    if (data.data?.id) {
+      await handleScanReport({
+        filePath: '-',
+        fold: 'version',
+        includeLicensePolicy: true,
+        orgSlug,
+        outputKind,
+        reportLevel: 'error',
+        scanId: data.data.id,
+        short: false
+      });
+    } else {
+      await outputCreateNewScan({
+        ok: false,
+        message: 'Missing Scan ID',
+        cause: 'Server did not respond with a scan ID',
+        data: data.data
+      }, outputKind, interactive);
+    }
+  } else {
+    await outputCreateNewScan(data, outputKind, interactive);
+  }
+}
+
+async function handleCI(autoManifest) {
+  // ci: {
+  //   description: 'Alias for "report create --view --strict"',
+  //     argv: ['report', 'create', '--view', '--strict']
+  // }
+  const result = await getDefaultOrgSlug();
+  if (!result.ok) {
+    process.exitCode = result.code ?? 1;
+    // Always assume json mode
+    logger.logger.log(utils.serializeResultJson(result));
+    return;
+  }
+
+  // TODO: does it make sense to discover the commit details from local git?
+  // TODO: does it makes sense to use custom branch/repo names here? probably socket.yml, right
+  await handleCreateNewScan({
+    autoManifest,
+    branchName: 'socket-default-branch',
+    commitMessage: '',
+    commitHash: '',
+    committers: '',
+    cwd: process.cwd(),
+    defaultBranch: false,
+    interactive: false,
+    orgSlug: result.data,
+    outputKind: 'json',
+    pendingHead: true,
+    // when true, requires branch name set, tmp false
+    pullRequest: 0,
+    repoName: 'socket-default-repository',
+    readOnly: false,
+    report: true,
+    targets: ['.'],
+    tmp: false // don't set when pendingHead is true
+  });
+}
+
+const {
+  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$H
+} = constants;
+const config$L = {
+  commandName: 'ci',
+  description: 'Create a new scan and report whether it passes your security policy',
+  hidden: true,
+  flags: {
+    ...utils.commonFlags,
+    autoManifest: {
+      type: 'boolean',
+      default: false,
+      // dev tools is not likely to be set up so this is safer
+      description: 'Auto generate manifest files where detected? See autoManifest flag in `socket scan create`'
+    }
+  },
+  help: (parentName, _config) => `
+    Usage
+      $ ${parentName}
+
+    Options
+      ${utils.getFlagListOutput(config$L.flags, 6)}
+
+    This command is intended to use in CI runs to allow automated systems to
+    accept or reject a current build. When the scan does not pass your security
+    policy, the exit code will be non-zero.
+
+    It will use the default org for the set API token.
+
+    The --autoManifest flag does the same as the one from \`socket scan create\`
+    but is not enabled by default since the CI is less likely to be set up with
+    all the necessary dev tooling. Enable it if you want the scan to include
+    locally generated manifests like for gradle and sbt.
+  `
+};
+const cmdCI = {
+  description: config$L.description,
+  hidden: config$L.hidden,
+  run: run$L
+};
+async function run$L(argv, importMeta, {
+  parentName
+}) {
+  const cli = utils.meowOrExit({
+    argv,
+    config: config$L,
+    importMeta,
+    parentName
+  });
+  if (cli.flags['dryRun']) {
+    logger.logger.log(DRY_RUN_BAILING_NOW$H);
+    return;
+  }
+  await handleCI(Boolean(cli.flags['autoManifest']));
+}
+
+async function discoverConfigValue(key) {
+  // This will have to be a specific implementation per key because certain
+  // keys should request information from particular API endpoints while
+  // others should simply return their default value, like endpoint URL.
+
+  if (!utils.supportedConfigKeys.has(key)) {
+    return {
+      ok: false,
+      message: 'Auto discover failed',
+      cause: 'Requested key is not a valid config key.'
     };
   }
   if (key === 'apiBaseUrl') {
@@ -3516,7 +3972,7 @@ async function enablePrAutoMerge({
   if (error instanceof vendor.GraphqlResponseError && error.errors) {
     const details = error.errors.map(({
       message
-    }) => ` - ${message.trim()}`).join('\n');
+    }) => ` - ${message.trim()}`).join('\n').trim();
     message += `:\n${details}`;
   }
   logger.logger.error(message);
@@ -3686,11 +4142,18 @@ async function npmFix(pkgEnvDetails, {
   // Calling arb.reify() creates the arb.diff object, nulls-out arb.idealTree,
   // and populates arb.actualTree.
   let actualTree = await arb.reify();
-  const alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
-    limit
-  })) : await shadowInject.getAlertsMapFromArborist(arb, getAlertMapOptions({
-    limit
-  }));
+  let alertsMap;
+  try {
+    alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
+      limit
+    })) : await shadowInject.getAlertsMapFromArborist(arb, getAlertMapOptions({
+      limit
+    }));
+  } catch (e) {
+    spinner?.stop();
+    logger.logger.error(e?.message || 'Unknown Socket batch PURL API error.');
+    return;
+  }
   const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
     limit
   });
@@ -3842,11 +4305,12 @@ async function npmFix(pkgEnvDetails, {
                 stdio: 'ignore'
               });
             }
-            spinner?.successAndStop(`Fixed ${name} in ${workspaceName}`);
+            spinner?.success(`Fixed ${name} in ${workspaceName}`);
           } catch (e) {
             errored = true;
             error = e;
           }
+          spinner?.stop();
           if (!errored && isCi) {
             const branch = getSocketBranchName(oldPurl, newVersion, workspaceName);
             try {
@@ -3912,10 +4376,14 @@ async function npmFix(pkgEnvDetails, {
                 const {
                   data
                 } = prResponse;
-                logger.logger.info(`Opened PR #${data.number}.`);
+                logger.logger.success(`Opened PR #${data.number}.`);
                 if (autoMerge) {
+                  logger.logger.indent();
+                  spinner?.indent();
                   // eslint-disable-next-line no-await-in-loop
                   await enablePrAutoMerge(data);
+                  logger.logger.dedent();
+                  spinner?.dedent();
                 }
               }
             } catch (e) {
@@ -3933,6 +4401,7 @@ async function npmFix(pkgEnvDetails, {
           }
           if (errored) {
             if (!isCi) {
+              spinner?.start();
               editablePkgJson.update(revertData);
               // eslint-disable-next-line no-await-in-loop
               await Promise.all([utils.removeNodeModules(cwd), editablePkgJson.save({
@@ -3942,8 +4411,9 @@ async function npmFix(pkgEnvDetails, {
               actualTree = await install$1(arb, {
                 cwd
               });
+              spinner?.stop();
             }
-            spinner?.failAndStop(`Update failed for ${oldId} in ${workspaceName}`, error);
+            logger.logger.fail(`Update failed for ${oldId} in ${workspaceName}`, error);
           }
           if (++count >= limit) {
             logger.logger.dedent();
@@ -3953,14 +4423,14 @@ async function npmFix(pkgEnvDetails, {
         }
       }
       if (!isLastPkgJsonPath && logger.logger.logCallCount > workspaceLogCallCount) {
-        logger.logger.log('');
+        logger.logger.logNewline();
       }
     }
     for (const warningText of warningsForAfter) {
       logger.logger.warn(warningText);
     }
     if (!isLastInfoEntry) {
-      logger.logger.log('');
+      logger.logger.logNewline();
     }
     logger.logger.dedent();
     spinner?.dedent();
@@ -4057,11 +4527,18 @@ async function pnpmFix(pkgEnvDetails, {
     logger.logger.error('Required pnpm-lock.yaml not found.');
     return;
   }
-  const alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
-    limit
-  })) : await utils.getAlertsMapFromPnpmLockfile(lockfile, getAlertMapOptions({
-    limit
-  }));
+  let alertsMap;
+  try {
+    alertsMap = purls.length ? await utils.getAlertsMapFromPurls(purls, getAlertMapOptions({
+      limit
+    })) : await utils.getAlertsMapFromPnpmLockfile(lockfile, getAlertMapOptions({
+      limit
+    }));
+  } catch (e) {
+    spinner?.stop();
+    logger.logger.error(e?.message || 'Unknown Socket batch PURL API error.');
+    return;
+  }
   const infoByPkgName = utils.getCveInfoFromAlertsMap(alertsMap, {
     limit
   });
@@ -4248,12 +4725,12 @@ async function pnpmFix(pkgEnvDetails, {
                 stdio: 'ignore'
               });
             }
-            spinner?.successAndStop(`Fixed ${name} in ${workspaceName}`);
+            spinner?.success(`Fixed ${name} in ${workspaceName}`);
           } catch (e) {
             error = e;
             errored = true;
-            spinner?.stop();
           }
+          spinner?.stop();
           if (!errored && isCi) {
             const branch = getSocketBranchName(oldPurl, newVersion, workspaceName);
             try {
@@ -4322,10 +4799,14 @@ async function pnpmFix(pkgEnvDetails, {
                 const {
                   data
                 } = prResponse;
-                logger.logger.info(`Opened PR #${data.number}.`);
+                logger.logger.success(`Opened PR #${data.number}.`);
                 if (autoMerge) {
+                  logger.logger.indent();
+                  spinner?.indent();
                   // eslint-disable-next-line no-await-in-loop
                   await enablePrAutoMerge(data);
+                  logger.logger.dedent();
+                  spinner?.dedent();
                 }
               }
             } catch (e) {
@@ -4344,6 +4825,7 @@ async function pnpmFix(pkgEnvDetails, {
           }
           if (errored) {
             if (!isCi) {
+              spinner?.start();
               editablePkgJson.update(revertData);
               // eslint-disable-next-line no-await-in-loop
               await Promise.all([utils.removeNodeModules(cwd), editablePkgJson.save({
@@ -4354,8 +4836,9 @@ async function pnpmFix(pkgEnvDetails, {
                 cwd,
                 spinner
               });
+              spinner?.stop();
             }
-            spinner?.failAndStop(`Update failed for ${oldId} in ${workspaceName}`, error);
+            logger.logger.fail(`Update failed for ${oldId} in ${workspaceName}`, error);
           }
           if (++count >= limit) {
             logger.logger.dedent();
@@ -4365,14 +4848,14 @@ async function pnpmFix(pkgEnvDetails, {
         }
       }
       if (!isLastPkgJsonPath && logger.logger.logCallCount > workspaceLogCallCount) {
-        logger.logger.log('');
+        logger.logger.logNewline();
       }
     }
     for (const warningText of warningsForAfter) {
       logger.logger.warn(warningText);
     }
     if (!isLastInfoEntry) {
-      logger.logger.log('');
+      logger.logger.logNewline();
     }
     logger.logger.dedent();
     spinner?.dedent();
@@ -5149,230 +5632,42 @@ async function run$z(argv, importMeta, {
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$w);
     return;
-  }
-  attemptLogout();
-}
-
-async function convertCondaToRequirements(target, cwd, verbose) {
-  let contents;
-  if (target === '-') {
-    if (verbose) {
-      logger.logger.info(`[VERBOSE] reading input from stdin`);
-    }
-    const buf = [];
-    contents = await new Promise((resolve, reject) => {
-      process.stdin.on('data', chunk => {
-        const input = chunk.toString();
-        buf.push(input);
-      });
-      process.stdin.on('end', () => {
-        resolve(buf.join(''));
-      });
-      process.stdin.on('error', e => {
-        if (verbose) {
-          logger.logger.error('Unexpected error while reading from stdin:', e);
-        }
-        reject(e);
-      });
-      process.stdin.on('close', () => {
-        if (buf.length === 0) {
-          if (verbose) {
-            logger.logger.error('stdin closed explicitly without data received');
-          }
-          reject(new Error('No data received from stdin'));
-        } else {
-          if (verbose) {
-            logger.logger.error('warning: stdin closed explicitly with some data received');
-          }
-          resolve(buf.join(''));
-        }
-      });
-    });
-    if (!contents) {
-      return {
-        ok: false,
-        message: 'Manifest Generation Failed',
-        cause: 'No data received from stdin'
-      };
-    }
-  } else {
-    const f = path.resolve(cwd, target);
-    if (verbose) {
-      logger.logger.info(`[VERBOSE] target file: ${f}`);
-    }
-    if (!fs$1.existsSync(f)) {
-      return {
-        ok: false,
-        message: 'Manifest Generation Failed',
-        cause: `Input file not found at ${f}`
-      };
-    }
-    contents = fs$1.readFileSync(target, 'utf8');
-    if (!contents) {
-      return {
-        ok: false,
-        message: 'Manifest Generation Failed',
-        cause: 'File is empty'
-      };
-    }
-  }
-  return {
-    ok: true,
-    data: {
-      contents,
-      pip: convertCondaToRequirementsFromInput(contents)
-    }
-  };
-}
-
-// Just extract the first pip block, if one exists at all.
-function convertCondaToRequirementsFromInput(input) {
-  const keeping = [];
-  let collecting = false;
-  let delim = '-';
-  let indent = '';
-  input.split('\n').some(line => {
-    if (!line) {
-      // Ignore empty lines
-      return;
-    }
-    if (collecting) {
-      if (line.startsWith('#')) {
-        // Ignore comment lines (keep?)
-        return;
-      }
-      if (line.startsWith(delim)) {
-        // In this case we have a line with the same indentation as the
-        // `- pip:` line, so we have reached the end of the pip block.
-        return true; // the end
-      } else {
-        if (!indent) {
-          // Store the indentation of the block
-          if (line.trim().startsWith('-')) {
-            indent = line.split('-')[0] + '-';
-            if (indent.length <= delim.length) {
-              // The first line after the `pip:` line does not indent further
-              // than that so the block is empty?
-              return true;
-            }
-          }
-        }
-        if (line.startsWith(indent)) {
-          keeping.push(line.slice(indent.length).trim());
-        } else {
-          // Unexpected input. bail.
-          return true;
-        }
-      }
-    } else {
-      // Note: the line may end with a line comment so don't === it.
-      if (line.trim().startsWith('- pip:')) {
-        delim = line.split('-')[0] + '-';
-        collecting = true;
-      }
-    }
-  });
-  return keeping.join('\n');
-}
-
-async function outputRequirements(result, outputKind, out) {
-  if (!result.ok) {
-    process.exitCode = result.code ?? 1;
-  }
-  if (!result.ok) {
-    if (outputKind === 'json') {
-      logger.logger.log(utils.serializeResultJson(result));
-      return;
-    }
-    logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
-    return;
-  }
-  if (outputKind === 'json') {
-    const json = utils.serializeResultJson(result);
-    if (out === '-') {
-      logger.logger.log(json);
-    } else {
-      fs$1.writeFileSync(out, json, 'utf8');
-    }
-    return;
-  }
-  if (outputKind === 'markdown') {
-    const arr = [];
-    arr.push('# Converted Conda file');
-    arr.push('');
-    arr.push('This is the Conda `environment.yml` file converted to python `requirements.txt`:');
-    arr.push('');
-    arr.push('```file=requirements.txt');
-    arr.push(result.data.pip);
-    arr.push('```');
-    arr.push('');
-    const md = arr.join('\n');
-    if (out === '-') {
-      logger.logger.log(md);
-    } else {
-      fs$1.writeFileSync(out, md, 'utf8');
-    }
-    return;
-  }
-  if (out === '-') {
-    logger.logger.log(result.data.pip);
-    logger.logger.log('');
-  } else {
-    fs$1.writeFileSync(out, result.data.pip, 'utf8');
-  }
-}
-
-async function handleManifestConda(target, out, outputKind, cwd, verbose) {
-  const data = await convertCondaToRequirements(target, cwd, verbose);
-  await outputRequirements(data, outputKind, out);
+  }
+  attemptLogout();
 }
 
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$v
 } = constants;
 const config$y = {
-  commandName: 'conda',
-  description: '[beta] Convert a Conda environment.yml file to a python requirements.txt',
+  commandName: 'auto',
+  description: 'Auto-detect build and attempt to generate manifest file',
   hidden: false,
   flags: {
     ...utils.commonFlags,
-    ...utils.outputFlags,
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    out: {
-      type: 'string',
-      default: '-',
-      description: 'Output target (use `-` or omit to print to stdout)'
-    },
     verbose: {
       type: 'boolean',
-      description: 'Print debug messages'
+      default: false,
+      description: 'Enable debug output, may help when running into errors'
     }
   },
   help: (command, config) => `
     Usage
-      $ ${command} FILE
-
-    Warning: While we don't support Conda necessarily, this tool extracts the pip
-             block from an environment.yml and outputs it as a requirements.txt
-             which you can scan as if it were a pypi package.
-
-    USE AT YOUR OWN RISK
-
-    Note: FILE can be a dash (-) to indicate stdin. This way you can pipe the
-          contents of a file to have it processed.
+      $ ${command}
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
 
-    Examples
-
-      $ ${command} ./environment.yml
+    Tries to figure out what language your current repo uses. If it finds a
+    supported case then it will try to generate the manifest file for that
+    language with the default or detected settings.
   `
 };
-const cmdManifestConda = {
+const cmdManifestAuto = {
   description: config$y.description,
   hidden: config$y.hidden,
   run: run$y
@@ -5387,189 +5682,59 @@ async function run$y(argv, importMeta, {
     parentName
   });
   const {
-    cwd = process.cwd(),
-    json = false,
-    markdown = false,
-    out = '-',
-    verbose = false
+    cwd: cwdFlag,
+    json,
+    markdown,
+    verbose: verboseFlag
   } = cli.flags;
   const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
-
-  const [target = ''] = cli.input;
+  const cwd = String(cwdFlag || process.cwd());
+  const verbose = !!verboseFlag;
   if (verbose) {
     logger.logger.group('- ', parentName, config$y.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
-    logger.logger.log('- target:', target);
-    logger.logger.log('- output:', out);
+    logger.logger.log('- input:', cli.input);
+    logger.logger.log('- cwd:', cwd);
     logger.logger.groupEnd();
   }
-  const wasValidInput = utils.checkCommandInput(outputKind, {
-    test: !!target,
-    message: 'The FILE arg is required',
-    pass: 'ok',
-    fail: 'missing'
-  }, {
-    nook: true,
-    test: cli.input.length <= 1,
-    message: 'Can only accept one DIR (make sure to escape spaces!)',
-    pass: 'ok',
-    fail: 'received ' + cli.input.length
-  }, {
-    nook: true,
-    test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
-    pass: 'ok',
-    fail: 'bad'
-  });
-  if (!wasValidInput) {
-    return;
-  }
-  logger.logger.warn('Warning: This will approximate your Conda dependencies using PyPI. We do not yet officially support Conda. Use at your own risk.');
+  const detected = await detectManifestActions(String(cwd));
+  debug.debugLog(detected);
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$v);
     return;
   }
-  await handleManifestConda(target, String(out || ''), json ? 'json' : markdown ? 'markdown' : 'text', String(cwd), Boolean(verbose));
-}
-
-async function convertGradleToMaven(target, bin, cwd, verbose, gradleOpts) {
-  // TODO: impl json/md
-  if (verbose) {
-    logger.logger.log('[VERBOSE] Resolving:', [cwd, bin]);
-  }
-  const rbin = path.resolve(cwd, bin);
-  if (verbose) {
-    logger.logger.log('[VERBOSE] Resolving:', [cwd, target]);
-  }
-  const rtarget = path.resolve(cwd, target);
-  const binExists = fs$1.existsSync(rbin);
-  const targetExists = fs$1.existsSync(rtarget);
-  logger.logger.group('gradle2maven:');
-  if (verbose || debug.isDebug()) {
-    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\` (${binExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
-    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\` (${targetExists ? 'found' : vendor.yoctocolorsCjsExports.red('not found!')})`);
-  } else {
-    logger.logger.log(`- executing: \`${rbin}\``);
-    if (!binExists) {
-      logger.logger.warn('Warning: It appears the executable could not be found at this location. An error might be printed later because of that.');
-    }
-    logger.logger.log(`- src dir: \`${rtarget}\``);
-    if (!targetExists) {
-      logger.logger.warn('Warning: It appears the src dir could not be found at this location. An error might be printed later because of that.');
-    }
-  }
-  logger.logger.groupEnd();
-  try {
-    // Run gradlew with the init script we provide which should yield zero or more
-    // pom files. We have to figure out where to store those pom files such that
-    // we can upload them and predict them through the GitHub API. We could do a
-    // .socket folder. We could do a socket.pom.gz with all the poms, although
-    // I'd prefer something plain-text if it is to be committed.
-
-    // Note: init.gradle will be exported by .config/rollup.dist.config.mjs
-    const initLocation = path.join(constants.distPath, 'init.gradle');
-    const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
-    if (verbose) {
-      logger.logger.log('[VERBOSE] Executing:', [bin], ', args:', commandArgs);
-    }
-    logger.logger.log(`Converting gradle to maven from \`${bin}\` on \`${target}\` ...`);
-    const output = await execGradleWithSpinner(rbin, commandArgs, rtarget, cwd);
-    if (verbose) {
-      logger.logger.group('[VERBOSE] gradle stdout:');
-      logger.logger.log(output);
-      logger.logger.groupEnd();
-    }
-    if (output.code !== 0) {
-      process.exitCode = 1;
-      logger.logger.fail(`Gradle exited with exit code ${output.code}`);
-      // (In verbose mode, stderr was printed above, no need to repeat it)
-      if (!verbose) {
-        logger.logger.group('stderr:');
-        logger.logger.error(output.stderr);
-        logger.logger.groupEnd();
-      }
-      return;
-    }
-    logger.logger.success('Executed gradle successfully');
-    logger.logger.log('Reported exports:');
-    output.stdout.replace(/^POM file copied to: (.*)/gm, (_all, fn) => {
-      logger.logger.log('- ', fn);
-      return fn;
-    });
+  if (!detected.count) {
+    logger.logger.fail('Was unable to discover any targets for which we can generate manifest files...');
     logger.logger.log('');
-    logger.logger.log('Next step is to generate a Scan by running the `socket scan create` command on the same directory');
-  } catch (e) {
+    logger.logger.log('- Make sure this script would work with your target build (see `socket manifest --help` for your target).');
+    logger.logger.log('- Make sure to run it from the correct dir (use --cwd to target another dir)');
+    logger.logger.log('- Make sure the necessary build tools are available (`PATH`)');
     process.exitCode = 1;
-    logger.logger.fail('There was an unexpected error while generating manifests' + (verbose ? '' : '  (use --verbose for details)'));
-    if (verbose) {
-      logger.logger.group('[VERBOSE] error:');
-      logger.logger.log(e);
-      logger.logger.groupEnd();
-    }
-  }
-}
-async function execGradleWithSpinner(bin, commandArgs, target, cwd) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  let pass = false;
-  try {
-    spinner.start(`Running gradlew... (this can take a while, it depends on how long gradlew has to run)`);
-    const output = await spawn.spawn(bin, commandArgs, {
-      // We can pipe the output through to have the user see the result
-      // of running gradlew, but then we can't (easily) gather the output
-      // to discover the generated files... probably a flag we should allow?
-      // stdio: isDebug() ? 'inherit' : undefined,
-      cwd: target || cwd
-    });
-    pass = true;
-    const {
-      code,
-      stderr,
-      stdout
-    } = output;
-    return {
-      code,
-      stdout,
-      stderr
-    };
-  } finally {
-    if (pass) {
-      spinner.successAndStop('Completed gradlew execution');
-    } else {
-      spinner.failAndStop('There was an error while trying to run gradlew.');
-    }
+    return;
   }
+  await generateAutoManifest(detected, cwd, verbose, outputKind);
+  logger.logger.success(`Finished. Should have attempted to generate manifest files for ${detected.count} targets.`);
 }
 
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$u
 } = constants;
 const config$x = {
-  commandName: 'gradle',
-  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Gradle/Java/Kotlin/etc project',
+  commandName: 'conda',
+  description: '[beta] Convert a Conda environment.yml file to a python requirements.txt',
   hidden: false,
   flags: {
     ...utils.commonFlags,
-    bin: {
-      type: 'string',
-      description: 'Location of gradlew binary to use, default: CWD/gradlew'
-    },
+    ...utils.outputFlags,
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    gradleOpts: {
-      type: 'string',
-      default: '',
-      description: 'Additional options to pass on to ./gradlew, see `./gradlew --help`'
-    },
-    task: {
+    out: {
       type: 'string',
-      default: 'all',
-      description: 'Task to target. By default targets all'
+      default: '-',
+      description: 'Output target (use `-` or omit to print to stdout)'
     },
     verbose: {
       type: 'boolean',
@@ -5578,38 +5743,26 @@ const config$x = {
   },
   help: (command, config) => `
     Usage
-      $ ${command} [--bin=path/to/gradle/binary] [--out=path/to/result] DIR
-
-    Options
-      ${utils.getFlagListOutput(config.flags, 6)}
-
-    Uses gradle, preferably through your local project \`gradlew\`, to generate a
-    \`pom.xml\` file for each task. If you have no \`gradlew\` you can try the
-    global \`gradle\` binary but that may not work (hard to predict).
-
-    The \`pom.xml\` is a manifest file similar to \`package.json\` for npm or
-    or requirements.txt for PyPi), but specifically for Maven, which is Java's
-    dependency repository. Languages like Kotlin and Scala piggy back on it too.
-
-    There are some caveats with the gradle to \`pom.xml\` conversion:
+      $ ${command} FILE
 
-    - each task will generate its own xml file and by default it generates one xml
-      for every task.
+    Warning: While we don't support Conda necessarily, this tool extracts the pip
+             block from an environment.yml and outputs it as a requirements.txt
+             which you can scan as if it were a pypi package.
 
-    - it's possible certain features don't translate well into the xml. If you
-      think something is missing that could be supported please reach out.
+    USE AT YOUR OWN RISK
 
-    - it works with your \`gradlew\` from your repo and local settings and config
+    Note: FILE can be a dash (-) to indicate stdin. This way you can pipe the
+          contents of a file to have it processed.
 
-    Support is beta. Please report issues or give us feedback on what's missing.
+    Options
+      ${utils.getFlagListOutput(config.flags, 6)}
 
     Examples
 
-      $ ${command} .
-      $ ${command} --bin=../gradlew .
+      $ ${command} ./environment.yml
   `
 };
-const cmdManifestGradle = {
+const cmdManifestConda = {
   description: config$x.description,
   hidden: config$x.hidden,
   run: run$x
@@ -5623,193 +5776,79 @@ async function run$x(argv, importMeta, {
     importMeta,
     parentName
   });
-  const verbose = Boolean(cli.flags['verbose']);
   const {
-    json,
-    markdown
+    cwd = process.cwd(),
+    json = false,
+    markdown = false,
+    out = '-',
+    verbose = false
   } = cli.flags;
   const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
 
+  const [target = ''] = cli.input;
   if (verbose) {
     logger.logger.group('- ', parentName, config$x.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
-    logger.logger.log('- input:', cli.input);
+    logger.logger.log('- target:', target);
+    logger.logger.log('- output:', out);
     logger.logger.groupEnd();
   }
-  const [target = ''] = cli.input;
-
-  // TODO: I'm not sure it's feasible to parse source file from stdin. We could
-  //       try, store contents in a file in some folder, target that folder... what
-  //       would the file name be?
-
   const wasValidInput = utils.checkCommandInput(outputKind, {
-    test: !!target && target !== '-',
-    message: 'The DIR arg is required',
+    test: !!target,
+    message: 'The FILE arg is required',
     pass: 'ok',
-    fail: target === '-' ? 'stdin is not supported' : 'missing'
+    fail: 'missing'
   }, {
     nook: true,
     test: cli.input.length <= 1,
     message: 'Can only accept one DIR (make sure to escape spaces!)',
     pass: 'ok',
     fail: 'received ' + cli.input.length
+  }, {
+    nook: true,
+    test: !json || !markdown,
+    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    pass: 'ok',
+    fail: 'bad'
   });
   if (!wasValidInput) {
     return;
   }
-  const {
-    bin = path.join(target, 'gradlew'),
-    cwd = process.cwd()
-  } = cli.flags;
-  if (verbose) {
-    logger.logger.group();
-    logger.logger.log('- target:', target);
-    logger.logger.log('- gradle bin:', bin);
-    logger.logger.groupEnd();
-  }
-  let gradleOpts = [];
-  if (cli.flags['gradleOpts']) {
-    gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
-  }
+  logger.logger.warn('Warning: This will approximate your Conda dependencies using PyPI. We do not yet officially support Conda. Use at your own risk.');
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$u);
     return;
   }
-  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
-}
-
-async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
-  // TODO: impl json/md
-
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  const rbin = path.resolve(bin);
-  const rtarget = path.resolve(target);
-  if (verbose) {
-    logger.logger.group('sbt2maven:');
-    logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\``);
-    logger.logger.log(`[VERBOSE] - Absolute target path: \`${rtarget}\``);
-    // logger.log(`[VERBOSE] - Absolute out path: \`${rout}\``)
-    logger.logger.groupEnd();
-  } else {
-    logger.logger.group('sbt2maven:');
-    logger.logger.log(`- executing: \`${bin}\``);
-    logger.logger.log(`- src dir: \`${target}\``);
-    // logger.log(`- dst dir: \`${out}\``)
-    logger.logger.groupEnd();
-  }
-  try {
-    spinner.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
-
-    // Run sbt with the init script we provide which should yield zero or more
-    // pom files. We have to figure out where to store those pom files such that
-    // we can upload them and predict them through the GitHub API. We could do a
-    // .socket folder. We could do a socket.pom.gz with all the poms, although
-    // I'd prefer something plain-text if it is to be committed.
-    const output = await spawn.spawn(bin, ['makePom'].concat(sbtOpts), {
-      cwd: target || '.'
-    });
-    spinner.stop();
-    if (verbose) {
-      logger.logger.group('[VERBOSE] sbt stdout:');
-      logger.logger.log(output);
-      logger.logger.groupEnd();
-    }
-    if (output.stderr) {
-      process.exitCode = 1;
-      logger.logger.fail('There were errors while running sbt');
-      // (In verbose mode, stderr was printed above, no need to repeat it)
-      if (!verbose) {
-        logger.logger.group('[VERBOSE] stderr:');
-        logger.logger.error(output.stderr);
-        logger.logger.groupEnd();
-      }
-      return;
-    }
-    const poms = [];
-    output.stdout.replace(/Wrote (.*?.pom)\n/g, (_all, fn) => {
-      poms.push(fn);
-      return fn;
-    });
-    if (!poms.length) {
-      process.exitCode = 1;
-      logger.logger.fail('There were no errors from sbt but it seems to not have generated any poms either');
-      return;
-    }
-    // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
-    // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
-    // TODO: maybe we can add an option to target a specific file to dump to stdout
-    if (out === '-' && poms.length === 1) {
-      logger.logger.log('Result:\n```');
-      logger.logger.log(await utils.safeReadFile(poms[0]));
-      logger.logger.log('```');
-      logger.logger.success(`OK`);
-    } else if (out === '-') {
-      process.exitCode = 1;
-      logger.logger.fail('Requested out target was stdout but there are multiple generated files');
-      poms.forEach(fn => logger.logger.error('-', fn));
-      logger.logger.info('Exiting now...');
-      return;
-    } else {
-      // if (verbose) {
-      //   logger.log(
-      //     `Moving manifest file from \`${loc.replace(/^\/home\/[^/]*?\//, '~/')}\` to \`${out}\``
-      //   )
-      // } else {
-      //   logger.log('Moving output pom file')
-      // }
-      // TODO: do we prefer fs-extra? renaming can be gnarly on windows and fs-extra's version is better
-      // await renamep(loc, out)
-      logger.logger.success(`Generated ${poms.length} pom files`);
-      poms.forEach(fn => logger.logger.log('-', fn));
-      logger.logger.success(`OK`);
-    }
-  } catch (e) {
-    process.exitCode = 1;
-    spinner.stop();
-    logger.logger.fail('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
-    if (verbose) {
-      logger.logger.group('[VERBOSE] error:');
-      logger.logger.log(e);
-      logger.logger.groupEnd();
-    }
-  }
+  await handleManifestConda(target, String(out || ''), json ? 'json' : markdown ? 'markdown' : 'text', String(cwd), Boolean(verbose));
 }
 
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$t
 } = constants;
 const config$w = {
-  commandName: 'scala',
-  description: "[beta] Generate a manifest file (`pom.xml`) from Scala's `build.sbt` file",
+  commandName: 'gradle',
+  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Gradle/Java/Kotlin/etc project',
   hidden: false,
   flags: {
     ...utils.commonFlags,
     bin: {
       type: 'string',
-      default: 'sbt',
-      description: 'Location of sbt binary to use'
+      description: 'Location of gradlew binary to use, default: CWD/gradlew'
     },
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    out: {
+    gradleOpts: {
       type: 'string',
-      default: './socket.pom.xml',
-      description: 'Path of output file; where to store the resulting manifest, see also --stdout'
-    },
-    stdout: {
-      type: 'boolean',
-      description: 'Print resulting pom.xml to stdout (supersedes --out)'
+      default: '',
+      description: 'Additional options to pass on to ./gradlew, see `./gradlew --help`'
     },
-    sbtOpts: {
+    task: {
       type: 'string',
-      default: '',
-      description: 'Additional options to pass on to sbt, as per `sbt --help`'
+      default: 'all',
+      description: 'Task to target. By default targets all'
     },
     verbose: {
       type: 'boolean',
@@ -5818,43 +5857,38 @@ const config$w = {
   },
   help: (command, config) => `
     Usage
-      $ ${command} [--bin=path/to/sbt/binary] [--out=path/to/result] FILE|DIR
+      $ ${command} [--bin=path/to/gradle/binary] [--out=path/to/result] DIR
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
 
-    Uses \`sbt makePom\` to generate a \`pom.xml\` from your \`build.sbt\` file.
-    This xml file is the dependency manifest (like a package.json
-    for Node.js or requirements.txt for PyPi), but specifically for Scala.
-
-    There are some caveats with \`build.sbt\` to \`pom.xml\` conversion:
+    Uses gradle, preferably through your local project \`gradlew\`, to generate a
+    \`pom.xml\` file for each task. If you have no \`gradlew\` you can try the
+    global \`gradle\` binary but that may not work (hard to predict).
 
-    - the xml is exported as socket.pom.xml as to not confuse existing build tools
-      but it will first hit your /target/sbt<version> folder (as a different name)
+    The \`pom.xml\` is a manifest file similar to \`package.json\` for npm or
+    or requirements.txt for PyPi), but specifically for Maven, which is Java's
+    dependency repository. Languages like Kotlin and Scala piggy back on it too.
 
-    - the pom.xml format (standard by Scala) does not support certain sbt features
-      - \`excludeAll()\`, \`dependencyOverrides\`, \`force()\`, \`relativePath\`
-      - For details: https://www.scala-sbt.org/1.x/docs/Library-Management.html
+    There are some caveats with the gradle to \`pom.xml\` conversion:
 
-    - it uses your sbt settings and local configuration verbatim
+    - each task will generate its own xml file and by default it generates one xml
+      for every task.
 
-    - it can only export one target per run, so if you have multiple targets like
-      development and production, you must run them separately.
+    - it's possible certain features don't translate well into the xml. If you
+      think something is missing that could be supported please reach out.
 
-    You can optionally configure the path to the \`sbt\` bin to invoke.
+    - it works with your \`gradlew\` from your repo and local settings and config
 
     Support is beta. Please report issues or give us feedback on what's missing.
 
-    This is only for SBT. If your Scala setup uses gradle, please see the help
-    sections for \`socket manifest gradle\` or \`socket cdxgen\`.
-
     Examples
 
-      $ ${command} ./build.sbt
-      $ ${command} --bin=/usr/bin/sbt ./build.sbt
+      $ ${command} .
+      $ ${command} --bin=../gradlew .
   `
 };
-const cmdManifestScala = {
+const cmdManifestGradle = {
   description: config$w.description,
   hidden: config$w.hidden,
   run: run$w
@@ -5903,68 +5937,99 @@ async function run$w(argv, importMeta, {
   if (!wasValidInput) {
     return;
   }
-  let bin = 'sbt';
-  if (cli.flags['bin']) {
-    bin = cli.flags['bin'];
-  }
-  let out = './socket.pom.xml';
-  if (cli.flags['out']) {
-    out = cli.flags['out'];
-  }
-  if (cli.flags['stdout']) {
-    out = '-';
-  }
+  const {
+    bin = path.join(target, 'gradlew'),
+    cwd = process.cwd()
+  } = cli.flags;
   if (verbose) {
     logger.logger.group();
     logger.logger.log('- target:', target);
     logger.logger.log('- gradle bin:', bin);
-    logger.logger.log('- out:', out);
     logger.logger.groupEnd();
   }
-  let sbtOpts = [];
-  if (cli.flags['sbtOpts']) {
-    sbtOpts = cli.flags['sbtOpts'].split(' ').map(s => s.trim()).filter(Boolean);
+  let gradleOpts = [];
+  if (cli.flags['gradleOpts']) {
+    gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$t);
     return;
   }
-  await convertSbtToMaven(target, bin, out, verbose, sbtOpts);
+  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
 }
 
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$s
 } = constants;
+
+// TODO: we may want to dedupe some pieces for all gradle languages. I think it
+//       makes sense to have separate commands for them and I think it makes
+//       sense for the help panels to note the requested language, rather than
+//       `socket manifest kotlin` to print help screens with `gradle` as the
+//       command. Room for improvement.
 const config$v = {
-  commandName: 'auto',
-  description: 'Auto-detect build and attempt to generate manifest file',
+  commandName: 'kotlin',
+  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Kotlin project',
   hidden: false,
   flags: {
     ...utils.commonFlags,
+    bin: {
+      type: 'string',
+      description: 'Location of gradlew binary to use, default: CWD/gradlew'
+    },
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
+    gradleOpts: {
+      type: 'string',
+      default: '',
+      description: 'Additional options to pass on to ./gradlew, see `./gradlew --help`'
+    },
+    task: {
+      type: 'string',
+      default: 'all',
+      description: 'Task to target. By default targets all'
+    },
     verbose: {
       type: 'boolean',
-      default: false,
-      description: 'Enable debug output, may help when running into errors'
+      description: 'Print debug messages'
     }
-    // TODO: support output flags
   },
   help: (command, config) => `
     Usage
-      $ ${command}
+      $ ${command} [--bin=path/to/gradle/binary] [--out=path/to/result] DIR
+
+    Options
+      ${utils.getFlagListOutput(config.flags, 6)}
+
+    Uses gradle, preferably through your local project \`gradlew\`, to generate a
+    \`pom.xml\` file for each task. If you have no \`gradlew\` you can try the
+    global \`gradle\` binary but that may not work (hard to predict).
+
+    The \`pom.xml\` is a manifest file similar to \`package.json\` for npm or
+    or requirements.txt for PyPi), but specifically for Maven, which is Java's
+    dependency repository. Languages like Kotlin and Scala piggy back on it too.
+
+    There are some caveats with the gradle to \`pom.xml\` conversion:
+
+    - each task will generate its own xml file and by default it generates one xml
+      for every task. (This may be a good thing!)
+
+    - it's possible certain features don't translate well into the xml. If you
+      think something is missing that could be supported please reach out.
 
-    Options
-      ${utils.getFlagListOutput(config.flags, 6)}
+    - it works with your \`gradlew\` from your repo and local settings and config
 
-    Tries to figure out what language your current repo uses. If it finds a
-    supported case then it will try to generate the manifest file for that
-    language with the default or detected settings.
+    Support is beta. Please report issues or give us feedback on what's missing.
+
+    Examples
+
+      $ ${command} .
+      $ ${command} --bin=../gradlew .
   `
 };
-const cmdManifestAuto = {
+const cmdManifestKotlin = {
   description: config$v.description,
   hidden: config$v.hidden,
   run: run$v
@@ -5978,127 +6043,93 @@ async function run$v(argv, importMeta, {
     importMeta,
     parentName
   });
-  const verbose = !!cli.flags['verbose'];
-  const cwd = cli.flags['cwd'] ?? process.cwd();
-  // TODO: impl json/md
+  const verbose = Boolean(cli.flags['verbose']);
+  const {
+    json,
+    markdown
+  } = cli.flags;
+  const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
 
   if (verbose) {
     logger.logger.group('- ', parentName, config$v.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
     logger.logger.log('- input:', cli.input);
-    logger.logger.log('- cwd:', cwd);
     logger.logger.groupEnd();
   }
-  const subArgs = [];
-  if (verbose) {
-    subArgs.push('--verbose');
-  }
-  const dir = cwd;
-  if (fs$1.existsSync(path.join(dir, 'build.sbt'))) {
-    logger.logger.log('Detected a Scala sbt build, running default Scala generator...');
-    if (cwd) {
-      subArgs.push('--cwd', cwd);
-    }
-    subArgs.push(dir);
-    if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAILING_NOW$s);
-      return;
-    }
-    await cmdManifestScala.run(subArgs, importMeta, {
-      parentName
-    });
+  const [target = ''] = cli.input;
+
+  // TODO: I'm not sure it's feasible to parse source file from stdin. We could
+  //       try, store contents in a file in some folder, target that folder... what
+  //       would the file name be?
+
+  const wasValidInput = utils.checkCommandInput(outputKind, {
+    test: !!target && target !== '-',
+    message: 'The DIR arg is required',
+    pass: 'ok',
+    fail: target === '-' ? 'stdin is not supported' : 'missing'
+  }, {
+    nook: true,
+    test: cli.input.length <= 1,
+    message: 'Can only accept one DIR (make sure to escape spaces!)',
+    pass: 'ok',
+    fail: 'received ' + cli.input.length
+  });
+  if (!wasValidInput) {
     return;
   }
-  if (fs$1.existsSync(path.join(dir, 'gradlew'))) {
-    logger.logger.log('Detected a gradle build, running default gradle generator...');
-    if (cwd) {
-      // This command takes the cwd as first arg.
-      subArgs.push(cwd);
-    }
-    if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAILING_NOW$s);
-      return;
-    }
-    await cmdManifestGradle.run(subArgs, importMeta, {
-      parentName
-    });
-    return;
+  const {
+    bin = path.join(target, 'gradlew'),
+    cwd = process.cwd()
+  } = cli.flags;
+  if (verbose) {
+    logger.logger.group();
+    logger.logger.log('- target:', target);
+    logger.logger.log('- gradle bin:', bin);
+    logger.logger.groupEnd();
   }
-  const envyml = path.join(dir, 'environment.yml');
-  const hasEnvyml = fs$1.existsSync(envyml);
-  const envyaml = path.join(dir, 'environment.yaml');
-  const hasEnvyaml = !hasEnvyml && fs$1.existsSync(envyaml);
-  if (hasEnvyml || hasEnvyaml) {
-    logger.logger.log('Detected an environment.yml file, running default Conda generator...');
-    // This command takes the TARGET as first arg.
-    subArgs.push(hasEnvyml ? envyml : hasEnvyaml ? envyaml : '');
-    if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAILING_NOW$s);
-      return;
-    }
-    await cmdManifestConda.run(subArgs, importMeta, {
-      parentName
-    });
-    return;
+  let gradleOpts = [];
+  if (cli.flags['gradleOpts']) {
+    gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$s);
     return;
   }
-
-  // Show new help screen and exit.
-  vendor.meow(`
-    $ ${parentName} ${config$v.commandName}
-
-    Unfortunately this script did not discover a supported language in the
-    current folder.
-
-    - Make sure this script would work with your target build
-    - Make sure to run it from the correct folder
-    - Make sure the necessary build tools are available (\`PATH\`)
-
-    If that doesn't work, see \`${parentName} <lang> --help\` for config details for
-    your target language.
-  `, {
-    argv: [],
-    description: config$v.description,
-    importMeta
-  }).showHelp();
+  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
 }
 
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$r
 } = constants;
-
-// TODO: we may want to dedupe some pieces for all gradle languages. I think it
-//       makes sense to have separate commands for them and I think it makes
-//       sense for the help panels to note the requested language, rather than
-//       `socket manifest kotlin` to print help screens with `gradle` as the
-//       command. Room for improvement.
 const config$u = {
-  commandName: 'kotlin',
-  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Kotlin project',
+  commandName: 'scala',
+  description: "[beta] Generate a manifest file (`pom.xml`) from Scala's `build.sbt` file",
   hidden: false,
   flags: {
     ...utils.commonFlags,
     bin: {
       type: 'string',
-      description: 'Location of gradlew binary to use, default: CWD/gradlew'
+      default: 'sbt',
+      description: 'Location of sbt binary to use'
     },
     cwd: {
       type: 'string',
       description: 'Set the cwd, defaults to process.cwd()'
     },
-    gradleOpts: {
+    out: {
       type: 'string',
-      default: '',
-      description: 'Additional options to pass on to ./gradlew, see `./gradlew --help`'
+      default: './socket.pom.xml',
+      description: 'Path of output file; where to store the resulting manifest, see also --stdout'
     },
-    task: {
+    stdout: {
+      type: 'boolean',
+      description: 'Print resulting pom.xml to stdout (supersedes --out)'
+    },
+    sbtOpts: {
       type: 'string',
-      default: 'all',
-      description: 'Task to target. By default targets all'
+      default: '',
+      description: 'Additional options to pass on to sbt, as per `sbt --help`'
     },
     verbose: {
       type: 'boolean',
@@ -6107,38 +6138,43 @@ const config$u = {
   },
   help: (command, config) => `
     Usage
-      $ ${command} [--bin=path/to/gradle/binary] [--out=path/to/result] DIR
+      $ ${command} [--bin=path/to/sbt/binary] [--out=path/to/result] FILE|DIR
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
 
-    Uses gradle, preferably through your local project \`gradlew\`, to generate a
-    \`pom.xml\` file for each task. If you have no \`gradlew\` you can try the
-    global \`gradle\` binary but that may not work (hard to predict).
+    Uses \`sbt makePom\` to generate a \`pom.xml\` from your \`build.sbt\` file.
+    This xml file is the dependency manifest (like a package.json
+    for Node.js or requirements.txt for PyPi), but specifically for Scala.
 
-    The \`pom.xml\` is a manifest file similar to \`package.json\` for npm or
-    or requirements.txt for PyPi), but specifically for Maven, which is Java's
-    dependency repository. Languages like Kotlin and Scala piggy back on it too.
+    There are some caveats with \`build.sbt\` to \`pom.xml\` conversion:
 
-    There are some caveats with the gradle to \`pom.xml\` conversion:
+    - the xml is exported as socket.pom.xml as to not confuse existing build tools
+      but it will first hit your /target/sbt<version> folder (as a different name)
 
-    - each task will generate its own xml file and by default it generates one xml
-      for every task. (This may be a good thing!)
+    - the pom.xml format (standard by Scala) does not support certain sbt features
+      - \`excludeAll()\`, \`dependencyOverrides\`, \`force()\`, \`relativePath\`
+      - For details: https://www.scala-sbt.org/1.x/docs/Library-Management.html
 
-    - it's possible certain features don't translate well into the xml. If you
-      think something is missing that could be supported please reach out.
+    - it uses your sbt settings and local configuration verbatim
 
-    - it works with your \`gradlew\` from your repo and local settings and config
+    - it can only export one target per run, so if you have multiple targets like
+      development and production, you must run them separately.
+
+    You can optionally configure the path to the \`sbt\` bin to invoke.
 
     Support is beta. Please report issues or give us feedback on what's missing.
 
+    This is only for SBT. If your Scala setup uses gradle, please see the help
+    sections for \`socket manifest gradle\` or \`socket cdxgen\`.
+
     Examples
 
-      $ ${command} .
-      $ ${command} --bin=../gradlew .
+      $ ${command} ./build.sbt
+      $ ${command} --bin=/usr/bin/sbt ./build.sbt
   `
 };
-const cmdManifestKotlin = {
+const cmdManifestScala = {
   description: config$u.description,
   hidden: config$u.hidden,
   run: run$u
@@ -6187,25 +6223,33 @@ async function run$u(argv, importMeta, {
   if (!wasValidInput) {
     return;
   }
-  const {
-    bin = path.join(target, 'gradlew'),
-    cwd = process.cwd()
-  } = cli.flags;
+  let bin = 'sbt';
+  if (cli.flags['bin']) {
+    bin = cli.flags['bin'];
+  }
+  let out = './socket.pom.xml';
+  if (cli.flags['out']) {
+    out = cli.flags['out'];
+  }
+  if (cli.flags['stdout']) {
+    out = '-';
+  }
   if (verbose) {
     logger.logger.group();
     logger.logger.log('- target:', target);
     logger.logger.log('- gradle bin:', bin);
+    logger.logger.log('- out:', out);
     logger.logger.groupEnd();
   }
-  let gradleOpts = [];
-  if (cli.flags['gradleOpts']) {
-    gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
+  let sbtOpts = [];
+  if (cli.flags['sbtOpts']) {
+    sbtOpts = cli.flags['sbtOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAILING_NOW$r);
     return;
   }
-  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
+  await convertSbtToMaven(target, bin, out, verbose, sbtOpts);
 }
 
 const config$t = {
@@ -8743,6 +8787,50 @@ async function run$d(argv, importMeta, {
   await handleDeleteRepo(orgSlug, repoName, outputKind);
 }
 
+async function fetchListAllRepos({
+  direction,
+  orgSlug,
+  sort
+}) {
+  const sockSdkResult = await utils.setupSdk();
+  if (!sockSdkResult.ok) {
+    return sockSdkResult;
+  }
+  const sockSdk = sockSdkResult.data;
+  const rows = [];
+  let protection = 0;
+  let nextPage = 0;
+  while (nextPage >= 0) {
+    if (++protection > 100) {
+      return {
+        ok: false,
+        message: 'Infinite loop detected',
+        cause: `Either there are over 100 pages of results or the fetch has run into an infinite loop. Breaking it off now. nextPage=${nextPage}`
+      };
+    }
+    // eslint-disable-next-line no-await-in-loop
+    const result = await utils.handleApiCall(sockSdk.getOrgRepoList(orgSlug, {
+      sort,
+      direction,
+      per_page: String(100),
+      // max
+      page: String(nextPage)
+    }), 'list of repositories');
+    if (!result.ok) {
+      return result;
+    }
+    result.data.results.forEach(row => rows.push(row));
+    nextPage = result.data.nextPage ?? -1;
+  }
+  return {
+    ok: true,
+    data: {
+      results: rows,
+      nextPage: null
+    }
+  };
+}
+
 async function fetchListRepos({
   direction,
   orgSlug,
@@ -8764,18 +8852,33 @@ async function fetchListRepos({
 }
 
 // @ts-ignore
-async function outputListRepos(result, outputKind) {
+async function outputListRepos(result, outputKind, page, nextPage, sort, perPage, direction) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1;
   }
   if (outputKind === 'json') {
-    logger.logger.log(utils.serializeResultJson(result));
+    if (result.ok) {
+      logger.logger.log(utils.serializeResultJson({
+        ok: true,
+        data: {
+          data: result.data,
+          direction,
+          nextPage: nextPage ?? 0,
+          page,
+          perPage,
+          sort
+        }
+      }));
+    } else {
+      logger.logger.log(utils.serializeResultJson(result));
+    }
     return;
   }
   if (!result.ok) {
     logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
     return;
   }
+  logger.logger.log(`Result page: ${page}, results per page: ${perPage === Infinity ? 'all' : perPage}, sorted by: ${sort}, direction: ${direction}`);
   const options = {
     columns: [{
       field: 'id',
@@ -8795,9 +8898,18 @@ async function outputListRepos(result, outputKind) {
     }]
   };
   logger.logger.log(vendor.srcExports(options, result.data.results));
+  if (nextPage) {
+    logger.logger.info(`This is page ${page}. Server indicated there are more results available on page ${nextPage}...`);
+    logger.logger.info(`(Hint: you can use \`socket repos list --page ${nextPage}\`)`);
+  } else if (perPage === Infinity) {
+    logger.logger.info(`This should be the entire list available on the server.`);
+  } else {
+    logger.logger.info(`This is page ${page}. Server indicated this is the last page with results.`);
+  }
 }
 
 async function handleListRepos({
+  all,
   direction,
   orgSlug,
   outputKind,
@@ -8805,14 +8917,28 @@ async function handleListRepos({
   per_page,
   sort
 }) {
-  const data = await fetchListRepos({
-    direction,
-    orgSlug,
-    page,
-    per_page,
-    sort
-  });
-  await outputListRepos(data, outputKind);
+  if (all) {
+    const data = await fetchListAllRepos({
+      direction,
+      orgSlug,
+      sort
+    });
+    await outputListRepos(data, outputKind, 0, 0, sort, Infinity, direction);
+  } else {
+    const data = await fetchListRepos({
+      direction,
+      orgSlug,
+      page,
+      per_page,
+      sort
+    });
+    if (!data.ok) {
+      await outputListRepos(data, outputKind, 0, 0, '', 0, direction);
+    } else {
+      // Note: nextPage defaults to 0, is null when there's no next page
+      await outputListRepos(data, outputKind, page, data.data.nextPage, sort, per_page, direction);
+    }
+  }
 }
 
 const {
@@ -8825,11 +8951,10 @@ const config$c = {
   flags: {
     ...utils.commonFlags,
     ...utils.outputFlags,
-    sort: {
-      type: 'string',
-      shortFlag: 's',
-      default: 'created_at',
-      description: 'Sorting option'
+    all: {
+      type: 'boolean',
+      default: false,
+      description: 'By default view shows the last n repos. This flag allows you to fetch the entire list. Will ignore --page and --perPage.'
     },
     direction: {
       type: 'string',
@@ -8856,6 +8981,12 @@ const config$c = {
       shortFlag: 'p',
       default: 1,
       description: 'Page number'
+    },
+    sort: {
+      type: 'string',
+      shortFlag: 's',
+      default: 'created_at',
+      description: 'Sorting option'
     }
   },
   help: (command, config) => `
@@ -8888,15 +9019,15 @@ async function run$c(argv, importMeta, {
     parentName
   });
   const {
-    json,
-    markdown
-  } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
-  const {
+    all,
+    direction = 'desc',
     dryRun,
     interactive,
+    json,
+    markdown,
     org: orgFlag
   } = cli.flags;
+  const outputKind = utils.getOutputKind(json, markdown);
   const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), cli.input[0] || '', !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
   const wasValidInput = utils.checkCommandInput(outputKind, {
@@ -8917,6 +9048,12 @@ async function run$c(argv, importMeta, {
     message: 'You need to be logged in to use this command. See `socket login`.',
     pass: 'ok',
     fail: 'missing API token'
+  }, {
+    nook: true,
+    test: direction === 'asc' || direction === 'desc',
+    message: 'The --direction value must be "asc" or "desc"',
+    pass: 'ok',
+    fail: 'unexpected value'
   });
   if (!wasValidInput) {
     return;
@@ -8926,7 +9063,8 @@ async function run$c(argv, importMeta, {
     return;
   }
   await handleListRepos({
-    direction: cli.flags['direction'] === 'asc' ? 'asc' : 'desc',
+    all: Boolean(all),
+    direction: direction === 'asc' ? 'asc' : 'desc',
     orgSlug,
     outputKind,
     page: Number(cli.flags['page']) || 1,
@@ -9336,6 +9474,11 @@ const config$9 = {
   flags: {
     ...utils.commonFlags,
     ...utils.outputFlags,
+    autoManifest: {
+      type: 'boolean',
+      default: false,
+      description: 'Run `socket manifest auto` before collecting manifest files? This would be necessary for languages like Scala, Gradle, and Kotlin, See `socket manifest auto --help`.'
+    },
     branch: {
       type: 'string',
       shortFlag: 'b',
@@ -9374,11 +9517,6 @@ const config$9 = {
       default: true,
       description: 'Allow for interactive elements, asking for input. Use --no-interactive to prevent any input questions, defaulting them to cancel/no.'
     },
-    pendingHead: {
-      type: 'boolean',
-      default: true,
-      description: 'Designate this full-scan as the latest scan of a given branch. This must be set to have it show up in the dashboard.'
-    },
     pullRequest: {
       type: 'number',
       shortFlag: 'pr',
@@ -9404,11 +9542,17 @@ const config$9 = {
       default: false,
       description: 'Wait for the scan creation to complete, then basically run `socket scan report` on it'
     },
+    setAsAlertsPage: {
+      type: 'boolean',
+      default: true,
+      aliases: ['pendingHead'],
+      description: 'When true and if this is the "default branch" then this Scan will be the one reflected on your alerts page. See help for details. Defaults to true.'
+    },
     tmp: {
       type: 'boolean',
       shortFlag: 't',
       default: false,
-      description: 'Set the visibility (true/false) of the scan in your dashboard. Can not be used when --pendingHead is set.'
+      description: 'Set the visibility (true/false) of the scan in your dashboard.'
     }
   },
   // TODO: your project's "socket.yml" file's "projectIgnorePaths"
@@ -9440,8 +9584,12 @@ const config$9 = {
     Note: for a first run you probably want to set --defaultBranch to indicate
           the default branch name, like "main" or "master".
 
-    Note: --pendingHead is enabled by default and makes a scan show up in your
-          dashboard. You can use \`--no-pendingHead\` to have it not show up.
+    The "alerts page" (https://socket.dev/dashboard/org/YOURORG/alerts) will show
+    the results from the last scan designated as the "pending head" on the branch
+    configured on Socket to be the "default branch". When creating a scan the
+    --setAsAlertsPage flag will default to true to update this. You can prevent
+    this by using --no-setAsAlertsPage. This flag is ignored for any branch that
+    is not designated as the "default branch". It is disabled when using --tmp.
 
     Options
       ${utils.getFlagListOutput(config.flags, 6)}
@@ -9466,6 +9614,7 @@ async function run$9(argv, importMeta, {
     parentName
   });
   const {
+    autoManifest = false,
     branch: branchName = 'socket-default-branch',
     commitHash,
     commitMessage,
@@ -9477,14 +9626,15 @@ async function run$9(argv, importMeta, {
     json,
     markdown,
     org: orgFlag,
-    pendingHead,
     pullRequest,
     readOnly,
     repo: repoName = 'socket-default-repository',
     report,
+    setAsAlertsPage: pendingHeadFlag,
     tmp
   } = cli.flags;
   const outputKind = utils.getOutputKind(json, markdown);
+  const pendingHead = tmp ? false : pendingHeadFlag;
   let [orgSlug, defaultOrgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), cli.input[0] || '', interactive, dryRun);
   if (!defaultOrgSlug) {
     // Tmp. just for TS. will drop this later.
@@ -9519,6 +9669,10 @@ async function run$9(argv, importMeta, {
       updatedInput = true;
     }
   }
+  const detected = await detectManifestActions(cwd);
+  if (detected.count > 0 && !autoManifest) {
+    logger.logger.info(`Detected ${detected.count} manifest targets we could try to generate. Please set the --autoManifest flag if you want to include languages covered by \`socket manifest auto\` in the Scan.`);
+  }
   if (updatedInput && orgSlug && targets?.length) {
     logger.logger.info('Note: You can invoke this command next time to skip the interactive questions:');
     logger.logger.info('```');
@@ -9548,12 +9702,6 @@ async function run$9(argv, importMeta, {
     message: 'This command requires an API token for access',
     pass: 'ok',
     fail: 'missing (try `socket login`)'
-  }, {
-    nook: true,
-    test: !pendingHead || !tmp,
-    message: 'Can not use --pendingHead and --tmp at the same time',
-    pass: 'ok',
-    fail: 'remove at least one flag'
   }, {
     nook: true,
     test: !pendingHead || !!branchName,
@@ -9577,6 +9725,7 @@ async function run$9(argv, importMeta, {
     return;
   }
   await handleCreateNewScan({
+    autoManifest: Boolean(autoManifest),
     branchName: branchName,
     commitHash: commitHash && String(commitHash) || '',
     commitMessage: commitMessage && String(commitMessage) || '',
@@ -11597,5 +11746,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=8c291e79-2d0e-444d-af3a-8be88558aeff
+//# debugId=a62b48d4-63b9-4b1e-b260-b363f86c80da
 //# sourceMappingURL=cli.js.map