@socketsecurity/cli-with-sentry 0.15.19 → 0.15.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (517) hide show
  1. package/README.md +3 -3
  2. package/dist/cli.js +1318 -451
  3. package/dist/cli.js.map +1 -1
  4. package/dist/constants.js +17 -29
  5. package/dist/constants.js.map +1 -1
  6. package/dist/utils.js +16 -16
  7. package/dist/utils.js.map +1 -1
  8. package/package.json +9 -8
  9. package/dist/.config/tsconfig.dts.tsbuildinfo +0 -1
  10. package/dist/types/cli.d.mts +0 -3
  11. package/dist/types/cli.d.mts.map +0 -1
  12. package/dist/types/commands/analytics/cmd-analytics.d.mts +0 -10
  13. package/dist/types/commands/analytics/cmd-analytics.d.mts.map +0 -1
  14. package/dist/types/commands/analytics/fetch-org-analytics.d.mts +0 -4
  15. package/dist/types/commands/analytics/fetch-org-analytics.d.mts.map +0 -1
  16. package/dist/types/commands/analytics/fetch-repo-analytics.d.mts +0 -4
  17. package/dist/types/commands/analytics/fetch-repo-analytics.d.mts.map +0 -1
  18. package/dist/types/commands/analytics/handle-analytics.d.mts +0 -9
  19. package/dist/types/commands/analytics/handle-analytics.d.mts.map +0 -1
  20. package/dist/types/commands/analytics/output-analytics.d.mts +0 -28
  21. package/dist/types/commands/analytics/output-analytics.d.mts.map +0 -1
  22. package/dist/types/commands/audit-log/cmd-audit-log.d.mts +0 -10
  23. package/dist/types/commands/audit-log/cmd-audit-log.d.mts.map +0 -1
  24. package/dist/types/commands/audit-log/fetch-audit-log.d.mts +0 -10
  25. package/dist/types/commands/audit-log/fetch-audit-log.d.mts.map +0 -1
  26. package/dist/types/commands/audit-log/handle-audit-log.d.mts +0 -9
  27. package/dist/types/commands/audit-log/handle-audit-log.d.mts.map +0 -1
  28. package/dist/types/commands/audit-log/output-audit-log.d.mts +0 -22
  29. package/dist/types/commands/audit-log/output-audit-log.d.mts.map +0 -1
  30. package/dist/types/commands/cdxgen/cmd-cdxgen.d.mts +0 -10
  31. package/dist/types/commands/cdxgen/cmd-cdxgen.d.mts.map +0 -1
  32. package/dist/types/commands/cdxgen/handle-cdxgen.d.mts +0 -4
  33. package/dist/types/commands/cdxgen/handle-cdxgen.d.mts.map +0 -1
  34. package/dist/types/commands/ci/cmd-ci.d.mts +0 -10
  35. package/dist/types/commands/ci/cmd-ci.d.mts.map +0 -1
  36. package/dist/types/commands/ci/fetch-default-org-slug.d.mts +0 -3
  37. package/dist/types/commands/ci/fetch-default-org-slug.d.mts.map +0 -1
  38. package/dist/types/commands/ci/handle-ci.d.mts +0 -2
  39. package/dist/types/commands/ci/handle-ci.d.mts.map +0 -1
  40. package/dist/types/commands/config/cmd-config-auto.d.mts +0 -10
  41. package/dist/types/commands/config/cmd-config-auto.d.mts.map +0 -1
  42. package/dist/types/commands/config/cmd-config-get.d.mts +0 -10
  43. package/dist/types/commands/config/cmd-config-get.d.mts.map +0 -1
  44. package/dist/types/commands/config/cmd-config-list.d.mts +0 -10
  45. package/dist/types/commands/config/cmd-config-list.d.mts.map +0 -1
  46. package/dist/types/commands/config/cmd-config-set.d.mts +0 -10
  47. package/dist/types/commands/config/cmd-config-set.d.mts.map +0 -1
  48. package/dist/types/commands/config/cmd-config-unset.d.mts +0 -10
  49. package/dist/types/commands/config/cmd-config-unset.d.mts.map +0 -1
  50. package/dist/types/commands/config/cmd-config.d.mts +0 -3
  51. package/dist/types/commands/config/cmd-config.d.mts.map +0 -1
  52. package/dist/types/commands/config/discover-config-value.d.mts +0 -3
  53. package/dist/types/commands/config/discover-config-value.d.mts.map +0 -1
  54. package/dist/types/commands/config/handle-config-auto.d.mts +0 -7
  55. package/dist/types/commands/config/handle-config-auto.d.mts.map +0 -1
  56. package/dist/types/commands/config/handle-config-get.d.mts +0 -7
  57. package/dist/types/commands/config/handle-config-get.d.mts.map +0 -1
  58. package/dist/types/commands/config/handle-config-set.d.mts +0 -8
  59. package/dist/types/commands/config/handle-config-set.d.mts.map +0 -1
  60. package/dist/types/commands/config/handle-config-unset.d.mts +0 -7
  61. package/dist/types/commands/config/handle-config-unset.d.mts.map +0 -1
  62. package/dist/types/commands/config/output-config-auto.d.mts +0 -4
  63. package/dist/types/commands/config/output-config-auto.d.mts.map +0 -1
  64. package/dist/types/commands/config/output-config-get.d.mts +0 -4
  65. package/dist/types/commands/config/output-config-get.d.mts.map +0 -1
  66. package/dist/types/commands/config/output-config-list.d.mts +0 -6
  67. package/dist/types/commands/config/output-config-list.d.mts.map +0 -1
  68. package/dist/types/commands/config/output-config-set.d.mts +0 -3
  69. package/dist/types/commands/config/output-config-set.d.mts.map +0 -1
  70. package/dist/types/commands/config/output-config-unset.d.mts +0 -3
  71. package/dist/types/commands/config/output-config-unset.d.mts.map +0 -1
  72. package/dist/types/commands/dependencies/cmd-dependencies.d.mts +0 -10
  73. package/dist/types/commands/dependencies/cmd-dependencies.d.mts.map +0 -1
  74. package/dist/types/commands/dependencies/fetch-dependencies.d.mts +0 -7
  75. package/dist/types/commands/dependencies/fetch-dependencies.d.mts.map +0 -1
  76. package/dist/types/commands/dependencies/handle-dependencies.d.mts +0 -7
  77. package/dist/types/commands/dependencies/handle-dependencies.d.mts.map +0 -1
  78. package/dist/types/commands/dependencies/output-dependencies.d.mts +0 -8
  79. package/dist/types/commands/dependencies/output-dependencies.d.mts.map +0 -1
  80. package/dist/types/commands/diff-scan/cmd-diff-scan-get.d.mts +0 -10
  81. package/dist/types/commands/diff-scan/cmd-diff-scan-get.d.mts.map +0 -1
  82. package/dist/types/commands/diff-scan/cmd-diff-scan.d.mts +0 -3
  83. package/dist/types/commands/diff-scan/cmd-diff-scan.d.mts.map +0 -1
  84. package/dist/types/commands/diff-scan/fetch-diff-scan.d.mts +0 -8
  85. package/dist/types/commands/diff-scan/fetch-diff-scan.d.mts.map +0 -1
  86. package/dist/types/commands/diff-scan/handle-diff-scan.d.mts +0 -10
  87. package/dist/types/commands/diff-scan/handle-diff-scan.d.mts.map +0 -1
  88. package/dist/types/commands/diff-scan/output-diff-scan.d.mts +0 -8
  89. package/dist/types/commands/diff-scan/output-diff-scan.d.mts.map +0 -1
  90. package/dist/types/commands/fix/cmd-fix.d.mts +0 -10
  91. package/dist/types/commands/fix/cmd-fix.d.mts.map +0 -1
  92. package/dist/types/commands/fix/git.d.mts +0 -14
  93. package/dist/types/commands/fix/git.d.mts.map +0 -1
  94. package/dist/types/commands/fix/npm-fix.d.mts +0 -4
  95. package/dist/types/commands/fix/npm-fix.d.mts.map +0 -1
  96. package/dist/types/commands/fix/open-pr.d.mts +0 -28
  97. package/dist/types/commands/fix/open-pr.d.mts.map +0 -1
  98. package/dist/types/commands/fix/pnpm-fix.d.mts +0 -4
  99. package/dist/types/commands/fix/pnpm-fix.d.mts.map +0 -1
  100. package/dist/types/commands/fix/run-fix.d.mts +0 -3
  101. package/dist/types/commands/fix/run-fix.d.mts.map +0 -1
  102. package/dist/types/commands/fix/shared.d.mts +0 -9
  103. package/dist/types/commands/fix/shared.d.mts.map +0 -1
  104. package/dist/types/commands/fix/types.d.mts +0 -18
  105. package/dist/types/commands/fix/types.d.mts.map +0 -1
  106. package/dist/types/commands/info/cmd-info.d.mts +0 -10
  107. package/dist/types/commands/info/cmd-info.d.mts.map +0 -1
  108. package/dist/types/commands/info/fetch-package-info.d.mts +0 -3
  109. package/dist/types/commands/info/fetch-package-info.d.mts.map +0 -1
  110. package/dist/types/commands/info/handle-package-info.d.mts +0 -17
  111. package/dist/types/commands/info/handle-package-info.d.mts.map +0 -1
  112. package/dist/types/commands/info/output-package-info.d.mts +0 -10
  113. package/dist/types/commands/info/output-package-info.d.mts.map +0 -1
  114. package/dist/types/commands/install/cmd-install-completion.d.mts +0 -10
  115. package/dist/types/commands/install/cmd-install-completion.d.mts.map +0 -1
  116. package/dist/types/commands/install/cmd-install.d.mts +0 -3
  117. package/dist/types/commands/install/cmd-install.d.mts.map +0 -1
  118. package/dist/types/commands/install/handle-install-completion.d.mts +0 -2
  119. package/dist/types/commands/install/handle-install-completion.d.mts.map +0 -1
  120. package/dist/types/commands/install/output-install-completion.d.mts +0 -12
  121. package/dist/types/commands/install/output-install-completion.d.mts.map +0 -1
  122. package/dist/types/commands/install/setup-tab-completion.d.mts +0 -13
  123. package/dist/types/commands/install/setup-tab-completion.d.mts.map +0 -1
  124. package/dist/types/commands/login/apply-login.d.mts +0 -2
  125. package/dist/types/commands/login/apply-login.d.mts.map +0 -1
  126. package/dist/types/commands/login/attempt-login.d.mts +0 -2
  127. package/dist/types/commands/login/attempt-login.d.mts.map +0 -1
  128. package/dist/types/commands/login/cmd-login.d.mts +0 -10
  129. package/dist/types/commands/login/cmd-login.d.mts.map +0 -1
  130. package/dist/types/commands/logout/apply-logout.d.mts +0 -2
  131. package/dist/types/commands/logout/apply-logout.d.mts.map +0 -1
  132. package/dist/types/commands/logout/attempt-logout.d.mts +0 -2
  133. package/dist/types/commands/logout/attempt-logout.d.mts.map +0 -1
  134. package/dist/types/commands/logout/cmd-logout.d.mts +0 -10
  135. package/dist/types/commands/logout/cmd-logout.d.mts.map +0 -1
  136. package/dist/types/commands/manifest/cmd-manifest-auto.d.mts +0 -10
  137. package/dist/types/commands/manifest/cmd-manifest-auto.d.mts.map +0 -1
  138. package/dist/types/commands/manifest/cmd-manifest-cdxgen.d.mts +0 -10
  139. package/dist/types/commands/manifest/cmd-manifest-cdxgen.d.mts.map +0 -1
  140. package/dist/types/commands/manifest/cmd-manifest-conda.d.mts +0 -10
  141. package/dist/types/commands/manifest/cmd-manifest-conda.d.mts.map +0 -1
  142. package/dist/types/commands/manifest/cmd-manifest-gradle.d.mts +0 -10
  143. package/dist/types/commands/manifest/cmd-manifest-gradle.d.mts.map +0 -1
  144. package/dist/types/commands/manifest/cmd-manifest-kotlin.d.mts +0 -10
  145. package/dist/types/commands/manifest/cmd-manifest-kotlin.d.mts.map +0 -1
  146. package/dist/types/commands/manifest/cmd-manifest-scala.d.mts +0 -10
  147. package/dist/types/commands/manifest/cmd-manifest-scala.d.mts.map +0 -1
  148. package/dist/types/commands/manifest/cmd-manifest.d.mts +0 -10
  149. package/dist/types/commands/manifest/cmd-manifest.d.mts.map +0 -1
  150. package/dist/types/commands/manifest/convert-conda-to-requirements.d.mts +0 -7
  151. package/dist/types/commands/manifest/convert-conda-to-requirements.d.mts.map +0 -1
  152. package/dist/types/commands/manifest/convert_gradle_to_maven.d.mts +0 -2
  153. package/dist/types/commands/manifest/convert_gradle_to_maven.d.mts.map +0 -1
  154. package/dist/types/commands/manifest/convert_sbt_to_maven.d.mts +0 -2
  155. package/dist/types/commands/manifest/convert_sbt_to_maven.d.mts.map +0 -1
  156. package/dist/types/commands/manifest/detect-manifest-actions.d.mts +0 -9
  157. package/dist/types/commands/manifest/detect-manifest-actions.d.mts.map +0 -1
  158. package/dist/types/commands/manifest/generate_auto_manifest.d.mts +0 -4
  159. package/dist/types/commands/manifest/generate_auto_manifest.d.mts.map +0 -1
  160. package/dist/types/commands/manifest/handle-manifest-conda.d.mts +0 -3
  161. package/dist/types/commands/manifest/handle-manifest-conda.d.mts.map +0 -1
  162. package/dist/types/commands/manifest/output-requirements.d.mts +0 -6
  163. package/dist/types/commands/manifest/output-requirements.d.mts.map +0 -1
  164. package/dist/types/commands/manifest/run-cdxgen.d.mts +0 -2
  165. package/dist/types/commands/manifest/run-cdxgen.d.mts.map +0 -1
  166. package/dist/types/commands/npm/cmd-npm.d.mts +0 -10
  167. package/dist/types/commands/npm/cmd-npm.d.mts.map +0 -1
  168. package/dist/types/commands/npx/cmd-npx.d.mts +0 -10
  169. package/dist/types/commands/npx/cmd-npx.d.mts.map +0 -1
  170. package/dist/types/commands/oops/cmd-oops.d.mts +0 -10
  171. package/dist/types/commands/oops/cmd-oops.d.mts.map +0 -1
  172. package/dist/types/commands/optimize/add-overrides.d.mts +0 -20
  173. package/dist/types/commands/optimize/add-overrides.d.mts.map +0 -1
  174. package/dist/types/commands/optimize/apply-optimization.d.mts +0 -2
  175. package/dist/types/commands/optimize/apply-optimization.d.mts.map +0 -1
  176. package/dist/types/commands/optimize/cmd-optimize.d.mts +0 -10
  177. package/dist/types/commands/optimize/cmd-optimize.d.mts.map +0 -1
  178. package/dist/types/commands/optimize/deps-includes-by-agent.d.mts +0 -4
  179. package/dist/types/commands/optimize/deps-includes-by-agent.d.mts.map +0 -1
  180. package/dist/types/commands/optimize/get-dependency-entries.d.mts +0 -3
  181. package/dist/types/commands/optimize/get-dependency-entries.d.mts.map +0 -1
  182. package/dist/types/commands/optimize/get-overrides-by-agent.d.mts +0 -9
  183. package/dist/types/commands/optimize/get-overrides-by-agent.d.mts.map +0 -1
  184. package/dist/types/commands/optimize/lockfile-includes-by-agent.d.mts +0 -3
  185. package/dist/types/commands/optimize/lockfile-includes-by-agent.d.mts.map +0 -1
  186. package/dist/types/commands/optimize/ls-by-agent.d.mts +0 -7
  187. package/dist/types/commands/optimize/ls-by-agent.d.mts.map +0 -1
  188. package/dist/types/commands/optimize/shared.d.mts +0 -2
  189. package/dist/types/commands/optimize/shared.d.mts.map +0 -1
  190. package/dist/types/commands/optimize/types.d.mts +0 -9
  191. package/dist/types/commands/optimize/types.d.mts.map +0 -1
  192. package/dist/types/commands/optimize/update-lockfile.d.mts +0 -10
  193. package/dist/types/commands/optimize/update-lockfile.d.mts.map +0 -1
  194. package/dist/types/commands/optimize/update-manifest-by-agent.d.mts +0 -5
  195. package/dist/types/commands/optimize/update-manifest-by-agent.d.mts.map +0 -1
  196. package/dist/types/commands/organization/cmd-organization-list.d.mts +0 -10
  197. package/dist/types/commands/organization/cmd-organization-list.d.mts.map +0 -1
  198. package/dist/types/commands/organization/cmd-organization-policy-license.d.mts +0 -10
  199. package/dist/types/commands/organization/cmd-organization-policy-license.d.mts.map +0 -1
  200. package/dist/types/commands/organization/cmd-organization-policy-security.d.mts +0 -10
  201. package/dist/types/commands/organization/cmd-organization-policy-security.d.mts.map +0 -1
  202. package/dist/types/commands/organization/cmd-organization-policy.d.mts +0 -3
  203. package/dist/types/commands/organization/cmd-organization-policy.d.mts.map +0 -1
  204. package/dist/types/commands/organization/cmd-organization-quota.d.mts +0 -10
  205. package/dist/types/commands/organization/cmd-organization-quota.d.mts.map +0 -1
  206. package/dist/types/commands/organization/cmd-organization.d.mts +0 -3
  207. package/dist/types/commands/organization/cmd-organization.d.mts.map +0 -1
  208. package/dist/types/commands/organization/fetch-license-policy.d.mts +0 -4
  209. package/dist/types/commands/organization/fetch-license-policy.d.mts.map +0 -1
  210. package/dist/types/commands/organization/fetch-organization-list.d.mts +0 -4
  211. package/dist/types/commands/organization/fetch-organization-list.d.mts.map +0 -1
  212. package/dist/types/commands/organization/fetch-quota.d.mts +0 -4
  213. package/dist/types/commands/organization/fetch-quota.d.mts.map +0 -1
  214. package/dist/types/commands/organization/fetch-security-policy.d.mts +0 -4
  215. package/dist/types/commands/organization/fetch-security-policy.d.mts.map +0 -1
  216. package/dist/types/commands/organization/handle-license-policy.d.mts +0 -3
  217. package/dist/types/commands/organization/handle-license-policy.d.mts.map +0 -1
  218. package/dist/types/commands/organization/handle-organization-list.d.mts +0 -3
  219. package/dist/types/commands/organization/handle-organization-list.d.mts.map +0 -1
  220. package/dist/types/commands/organization/handle-quota.d.mts +0 -3
  221. package/dist/types/commands/organization/handle-quota.d.mts.map +0 -1
  222. package/dist/types/commands/organization/handle-security-policy.d.mts +0 -3
  223. package/dist/types/commands/organization/handle-security-policy.d.mts.map +0 -1
  224. package/dist/types/commands/organization/output-license-policy.d.mts +0 -4
  225. package/dist/types/commands/organization/output-license-policy.d.mts.map +0 -1
  226. package/dist/types/commands/organization/output-organization-list.d.mts +0 -4
  227. package/dist/types/commands/organization/output-organization-list.d.mts.map +0 -1
  228. package/dist/types/commands/organization/output-quota.d.mts +0 -4
  229. package/dist/types/commands/organization/output-quota.d.mts.map +0 -1
  230. package/dist/types/commands/organization/output-security-policy.d.mts +0 -4
  231. package/dist/types/commands/organization/output-security-policy.d.mts.map +0 -1
  232. package/dist/types/commands/package/cmd-package-score.d.mts +0 -10
  233. package/dist/types/commands/package/cmd-package-score.d.mts.map +0 -1
  234. package/dist/types/commands/package/cmd-package-shallow.d.mts +0 -17
  235. package/dist/types/commands/package/cmd-package-shallow.d.mts.map +0 -1
  236. package/dist/types/commands/package/cmd-package.d.mts +0 -3
  237. package/dist/types/commands/package/cmd-package.d.mts.map +0 -1
  238. package/dist/types/commands/package/fetch-purl-deep-score.d.mts +0 -51
  239. package/dist/types/commands/package/fetch-purl-deep-score.d.mts.map +0 -1
  240. package/dist/types/commands/package/fetch-purls-shallow-score.d.mts +0 -4
  241. package/dist/types/commands/package/fetch-purls-shallow-score.d.mts.map +0 -1
  242. package/dist/types/commands/package/handle-purl-deep-score.d.mts +0 -3
  243. package/dist/types/commands/package/handle-purl-deep-score.d.mts.map +0 -1
  244. package/dist/types/commands/package/handle-purls-shallow-score.d.mts +0 -6
  245. package/dist/types/commands/package/handle-purls-shallow-score.d.mts.map +0 -1
  246. package/dist/types/commands/package/output-purl-score.d.mts +0 -4
  247. package/dist/types/commands/package/output-purl-score.d.mts.map +0 -1
  248. package/dist/types/commands/package/output-purls-shallow-score.d.mts +0 -4
  249. package/dist/types/commands/package/output-purls-shallow-score.d.mts.map +0 -1
  250. package/dist/types/commands/package/parse-package-specifiers.d.mts +0 -5
  251. package/dist/types/commands/package/parse-package-specifiers.d.mts.map +0 -1
  252. package/dist/types/commands/raw-npm/cmd-raw-npm.d.mts +0 -10
  253. package/dist/types/commands/raw-npm/cmd-raw-npm.d.mts.map +0 -1
  254. package/dist/types/commands/raw-npm/run-raw-npm.d.mts +0 -2
  255. package/dist/types/commands/raw-npm/run-raw-npm.d.mts.map +0 -1
  256. package/dist/types/commands/raw-npx/cmd-raw-npx.d.mts +0 -10
  257. package/dist/types/commands/raw-npx/cmd-raw-npx.d.mts.map +0 -1
  258. package/dist/types/commands/raw-npx/run-raw-npx.d.mts +0 -2
  259. package/dist/types/commands/raw-npx/run-raw-npx.d.mts.map +0 -1
  260. package/dist/types/commands/report/cmd-report-create.d.mts +0 -10
  261. package/dist/types/commands/report/cmd-report-create.d.mts.map +0 -1
  262. package/dist/types/commands/report/cmd-report-view.d.mts +0 -10
  263. package/dist/types/commands/report/cmd-report-view.d.mts.map +0 -1
  264. package/dist/types/commands/report/cmd-report.d.mts +0 -3
  265. package/dist/types/commands/report/cmd-report.d.mts.map +0 -1
  266. package/dist/types/commands/repos/cmd-repos-create.d.mts +0 -10
  267. package/dist/types/commands/repos/cmd-repos-create.d.mts.map +0 -1
  268. package/dist/types/commands/repos/cmd-repos-del.d.mts +0 -10
  269. package/dist/types/commands/repos/cmd-repos-del.d.mts.map +0 -1
  270. package/dist/types/commands/repos/cmd-repos-list.d.mts +0 -10
  271. package/dist/types/commands/repos/cmd-repos-list.d.mts.map +0 -1
  272. package/dist/types/commands/repos/cmd-repos-update.d.mts +0 -10
  273. package/dist/types/commands/repos/cmd-repos-update.d.mts.map +0 -1
  274. package/dist/types/commands/repos/cmd-repos-view.d.mts +0 -10
  275. package/dist/types/commands/repos/cmd-repos-view.d.mts.map +0 -1
  276. package/dist/types/commands/repos/cmd-repos.d.mts +0 -3
  277. package/dist/types/commands/repos/cmd-repos.d.mts.map +0 -1
  278. package/dist/types/commands/repos/fetch-create-repo.d.mts +0 -11
  279. package/dist/types/commands/repos/fetch-create-repo.d.mts.map +0 -1
  280. package/dist/types/commands/repos/fetch-delete-repo.d.mts +0 -4
  281. package/dist/types/commands/repos/fetch-delete-repo.d.mts.map +0 -1
  282. package/dist/types/commands/repos/fetch-list-all-repos.d.mts +0 -8
  283. package/dist/types/commands/repos/fetch-list-all-repos.d.mts.map +0 -1
  284. package/dist/types/commands/repos/fetch-list-repos.d.mts +0 -10
  285. package/dist/types/commands/repos/fetch-list-repos.d.mts.map +0 -1
  286. package/dist/types/commands/repos/fetch-update-repo.d.mts +0 -11
  287. package/dist/types/commands/repos/fetch-update-repo.d.mts.map +0 -1
  288. package/dist/types/commands/repos/fetch-view-repo.d.mts +0 -4
  289. package/dist/types/commands/repos/fetch-view-repo.d.mts.map +0 -1
  290. package/dist/types/commands/repos/handle-create-repo.d.mts +0 -10
  291. package/dist/types/commands/repos/handle-create-repo.d.mts.map +0 -1
  292. package/dist/types/commands/repos/handle-delete-repo.d.mts +0 -3
  293. package/dist/types/commands/repos/handle-delete-repo.d.mts.map +0 -1
  294. package/dist/types/commands/repos/handle-list-repos.d.mts +0 -11
  295. package/dist/types/commands/repos/handle-list-repos.d.mts.map +0 -1
  296. package/dist/types/commands/repos/handle-update-repo.d.mts +0 -10
  297. package/dist/types/commands/repos/handle-update-repo.d.mts.map +0 -1
  298. package/dist/types/commands/repos/handle-view-repo.d.mts +0 -3
  299. package/dist/types/commands/repos/handle-view-repo.d.mts.map +0 -1
  300. package/dist/types/commands/repos/output-create-repo.d.mts +0 -4
  301. package/dist/types/commands/repos/output-create-repo.d.mts.map +0 -1
  302. package/dist/types/commands/repos/output-delete-repo.d.mts +0 -4
  303. package/dist/types/commands/repos/output-delete-repo.d.mts.map +0 -1
  304. package/dist/types/commands/repos/output-list-repos.d.mts +0 -4
  305. package/dist/types/commands/repos/output-list-repos.d.mts.map +0 -1
  306. package/dist/types/commands/repos/output-update-repo.d.mts +0 -4
  307. package/dist/types/commands/repos/output-update-repo.d.mts.map +0 -1
  308. package/dist/types/commands/repos/output-view-repo.d.mts +0 -4
  309. package/dist/types/commands/repos/output-view-repo.d.mts.map +0 -1
  310. package/dist/types/commands/scan/cmd-scan-create.d.mts +0 -10
  311. package/dist/types/commands/scan/cmd-scan-create.d.mts.map +0 -1
  312. package/dist/types/commands/scan/cmd-scan-del.d.mts +0 -10
  313. package/dist/types/commands/scan/cmd-scan-del.d.mts.map +0 -1
  314. package/dist/types/commands/scan/cmd-scan-diff.d.mts +0 -10
  315. package/dist/types/commands/scan/cmd-scan-diff.d.mts.map +0 -1
  316. package/dist/types/commands/scan/cmd-scan-list.d.mts +0 -3
  317. package/dist/types/commands/scan/cmd-scan-list.d.mts.map +0 -1
  318. package/dist/types/commands/scan/cmd-scan-metadata.d.mts +0 -3
  319. package/dist/types/commands/scan/cmd-scan-metadata.d.mts.map +0 -1
  320. package/dist/types/commands/scan/cmd-scan-report.d.mts +0 -3
  321. package/dist/types/commands/scan/cmd-scan-report.d.mts.map +0 -1
  322. package/dist/types/commands/scan/cmd-scan-view.d.mts +0 -3
  323. package/dist/types/commands/scan/cmd-scan-view.d.mts.map +0 -1
  324. package/dist/types/commands/scan/cmd-scan.d.mts +0 -3
  325. package/dist/types/commands/scan/cmd-scan.d.mts.map +0 -1
  326. package/dist/types/commands/scan/fetch-create-org-full-scan.d.mts +0 -11
  327. package/dist/types/commands/scan/fetch-create-org-full-scan.d.mts.map +0 -1
  328. package/dist/types/commands/scan/fetch-delete-org-full-scan.d.mts +0 -4
  329. package/dist/types/commands/scan/fetch-delete-org-full-scan.d.mts.map +0 -1
  330. package/dist/types/commands/scan/fetch-diff-scan.d.mts +0 -8
  331. package/dist/types/commands/scan/fetch-diff-scan.d.mts.map +0 -1
  332. package/dist/types/commands/scan/fetch-list-scans.d.mts +0 -13
  333. package/dist/types/commands/scan/fetch-list-scans.d.mts.map +0 -1
  334. package/dist/types/commands/scan/fetch-report-data.d.mts +0 -12
  335. package/dist/types/commands/scan/fetch-report-data.d.mts.map +0 -1
  336. package/dist/types/commands/scan/fetch-scan-metadata.d.mts +0 -4
  337. package/dist/types/commands/scan/fetch-scan-metadata.d.mts.map +0 -1
  338. package/dist/types/commands/scan/fetch-scan.d.mts +0 -4
  339. package/dist/types/commands/scan/fetch-scan.d.mts.map +0 -1
  340. package/dist/types/commands/scan/fetch-supported-scan-file-names.d.mts +0 -4
  341. package/dist/types/commands/scan/fetch-supported-scan-file-names.d.mts.map +0 -1
  342. package/dist/types/commands/scan/generate-report.d.mts +0 -41
  343. package/dist/types/commands/scan/generate-report.d.mts.map +0 -1
  344. package/dist/types/commands/scan/handle-create-new-scan.d.mts +0 -21
  345. package/dist/types/commands/scan/handle-create-new-scan.d.mts.map +0 -1
  346. package/dist/types/commands/scan/handle-delete-scan.d.mts +0 -3
  347. package/dist/types/commands/scan/handle-delete-scan.d.mts.map +0 -1
  348. package/dist/types/commands/scan/handle-diff-scan.d.mts +0 -10
  349. package/dist/types/commands/scan/handle-diff-scan.d.mts.map +0 -1
  350. package/dist/types/commands/scan/handle-list-scans.d.mts +0 -13
  351. package/dist/types/commands/scan/handle-list-scans.d.mts.map +0 -1
  352. package/dist/types/commands/scan/handle-scan-metadata.d.mts +0 -3
  353. package/dist/types/commands/scan/handle-scan-metadata.d.mts.map +0 -1
  354. package/dist/types/commands/scan/handle-scan-report.d.mts +0 -12
  355. package/dist/types/commands/scan/handle-scan-report.d.mts.map +0 -1
  356. package/dist/types/commands/scan/handle-scan-view.d.mts +0 -3
  357. package/dist/types/commands/scan/handle-scan-view.d.mts.map +0 -1
  358. package/dist/types/commands/scan/output-create-new-scan.d.mts +0 -4
  359. package/dist/types/commands/scan/output-create-new-scan.d.mts.map +0 -1
  360. package/dist/types/commands/scan/output-delete-scan.d.mts +0 -4
  361. package/dist/types/commands/scan/output-delete-scan.d.mts.map +0 -1
  362. package/dist/types/commands/scan/output-diff-scan.d.mts +0 -8
  363. package/dist/types/commands/scan/output-diff-scan.d.mts.map +0 -1
  364. package/dist/types/commands/scan/output-list-scans.d.mts +0 -4
  365. package/dist/types/commands/scan/output-list-scans.d.mts.map +0 -1
  366. package/dist/types/commands/scan/output-scan-metadata.d.mts +0 -4
  367. package/dist/types/commands/scan/output-scan-metadata.d.mts.map +0 -1
  368. package/dist/types/commands/scan/output-scan-report.d.mts +0 -20
  369. package/dist/types/commands/scan/output-scan-report.d.mts.map +0 -1
  370. package/dist/types/commands/scan/output-scan-view.d.mts +0 -4
  371. package/dist/types/commands/scan/output-scan-view.d.mts.map +0 -1
  372. package/dist/types/commands/scan/stream-scan.d.mts +0 -2
  373. package/dist/types/commands/scan/stream-scan.d.mts.map +0 -1
  374. package/dist/types/commands/scan/suggest-org-slug.d.mts +0 -2
  375. package/dist/types/commands/scan/suggest-org-slug.d.mts.map +0 -1
  376. package/dist/types/commands/scan/suggest-repo-slug.d.mts +0 -5
  377. package/dist/types/commands/scan/suggest-repo-slug.d.mts.map +0 -1
  378. package/dist/types/commands/scan/suggest_branch_slug.d.mts +0 -2
  379. package/dist/types/commands/scan/suggest_branch_slug.d.mts.map +0 -1
  380. package/dist/types/commands/scan/suggest_target.d.mts +0 -2
  381. package/dist/types/commands/scan/suggest_target.d.mts.map +0 -1
  382. package/dist/types/commands/threat-feed/cmd-threat-feed.d.mts +0 -10
  383. package/dist/types/commands/threat-feed/cmd-threat-feed.d.mts.map +0 -1
  384. package/dist/types/commands/threat-feed/fetch-threat-feed.d.mts +0 -10
  385. package/dist/types/commands/threat-feed/fetch-threat-feed.d.mts.map +0 -1
  386. package/dist/types/commands/threat-feed/handle-threat-feed.d.mts +0 -10
  387. package/dist/types/commands/threat-feed/handle-threat-feed.d.mts.map +0 -1
  388. package/dist/types/commands/threat-feed/output-threat-feed.d.mts +0 -4
  389. package/dist/types/commands/threat-feed/output-threat-feed.d.mts.map +0 -1
  390. package/dist/types/commands/threat-feed/types.d.mts +0 -15
  391. package/dist/types/commands/threat-feed/types.d.mts.map +0 -1
  392. package/dist/types/commands/uninstall/cmd-uninstall-completion.d.mts +0 -9
  393. package/dist/types/commands/uninstall/cmd-uninstall-completion.d.mts.map +0 -1
  394. package/dist/types/commands/uninstall/cmd-uninstall.d.mts +0 -3
  395. package/dist/types/commands/uninstall/cmd-uninstall.d.mts.map +0 -1
  396. package/dist/types/commands/uninstall/handle-uninstall-completion.d.mts +0 -2
  397. package/dist/types/commands/uninstall/handle-uninstall-completion.d.mts.map +0 -1
  398. package/dist/types/commands/uninstall/output-uninstall-completion.d.mts +0 -6
  399. package/dist/types/commands/uninstall/output-uninstall-completion.d.mts.map +0 -1
  400. package/dist/types/commands/uninstall/teardown-tab-completion.d.mts +0 -6
  401. package/dist/types/commands/uninstall/teardown-tab-completion.d.mts.map +0 -1
  402. package/dist/types/commands/wrapper/add-socket-wrapper.d.mts +0 -2
  403. package/dist/types/commands/wrapper/add-socket-wrapper.d.mts.map +0 -1
  404. package/dist/types/commands/wrapper/check-socket-wrapper-setup.d.mts +0 -2
  405. package/dist/types/commands/wrapper/check-socket-wrapper-setup.d.mts.map +0 -1
  406. package/dist/types/commands/wrapper/cmd-wrapper.d.mts +0 -10
  407. package/dist/types/commands/wrapper/cmd-wrapper.d.mts.map +0 -1
  408. package/dist/types/commands/wrapper/postinstall-wrapper.d.mts +0 -2
  409. package/dist/types/commands/wrapper/postinstall-wrapper.d.mts.map +0 -1
  410. package/dist/types/commands/wrapper/remove-socket-wrapper.d.mts +0 -2
  411. package/dist/types/commands/wrapper/remove-socket-wrapper.d.mts.map +0 -1
  412. package/dist/types/constants.d.mts +0 -127
  413. package/dist/types/constants.d.mts.map +0 -1
  414. package/dist/types/flags.d.mts +0 -14
  415. package/dist/types/flags.d.mts.map +0 -1
  416. package/dist/types/instrument-with-sentry.d.mts +0 -2
  417. package/dist/types/instrument-with-sentry.d.mts.map +0 -1
  418. package/dist/types/shadow/npm/arborist/index.d.mts +0 -2
  419. package/dist/types/shadow/npm/arborist/index.d.mts.map +0 -1
  420. package/dist/types/shadow/npm/arborist/lib/arborist/index.d.mts +0 -22
  421. package/dist/types/shadow/npm/arborist/lib/arborist/index.d.mts.map +0 -1
  422. package/dist/types/shadow/npm/arborist/lib/arborist/types.d.mts +0 -47
  423. package/dist/types/shadow/npm/arborist/lib/arborist/types.d.mts.map +0 -1
  424. package/dist/types/shadow/npm/arborist/lib/dep-valid.d.mts +0 -3
  425. package/dist/types/shadow/npm/arborist/lib/dep-valid.d.mts.map +0 -1
  426. package/dist/types/shadow/npm/arborist/lib/edge.d.mts +0 -62
  427. package/dist/types/shadow/npm/arborist/lib/edge.d.mts.map +0 -1
  428. package/dist/types/shadow/npm/arborist/lib/node.d.mts +0 -58
  429. package/dist/types/shadow/npm/arborist/lib/node.d.mts.map +0 -1
  430. package/dist/types/shadow/npm/arborist/lib/override-set.d.mts +0 -30
  431. package/dist/types/shadow/npm/arborist/lib/override-set.d.mts.map +0 -1
  432. package/dist/types/shadow/npm/arborist-helpers.d.mts +0 -37
  433. package/dist/types/shadow/npm/arborist-helpers.d.mts.map +0 -1
  434. package/dist/types/shadow/npm/bin.d.mts +0 -2
  435. package/dist/types/shadow/npm/bin.d.mts.map +0 -1
  436. package/dist/types/shadow/npm/inject.d.mts +0 -2
  437. package/dist/types/shadow/npm/inject.d.mts.map +0 -1
  438. package/dist/types/shadow/npm/install.d.mts +0 -12
  439. package/dist/types/shadow/npm/install.d.mts.map +0 -1
  440. package/dist/types/shadow/npm/link.d.mts +0 -2
  441. package/dist/types/shadow/npm/link.d.mts.map +0 -1
  442. package/dist/types/shadow/npm/paths.d.mts +0 -7
  443. package/dist/types/shadow/npm/paths.d.mts.map +0 -1
  444. package/dist/types/shadow/npm/proc-log/index.d.mts +0 -3
  445. package/dist/types/shadow/npm/proc-log/index.d.mts.map +0 -1
  446. package/dist/types/types.d.mts +0 -16
  447. package/dist/types/types.d.mts.map +0 -1
  448. package/dist/types/utils/agent.d.mts +0 -12
  449. package/dist/types/utils/agent.d.mts.map +0 -1
  450. package/dist/types/utils/alert/artifact.d.mts +0 -33
  451. package/dist/types/utils/alert/artifact.d.mts.map +0 -1
  452. package/dist/types/utils/alert/fix.d.mts +0 -6
  453. package/dist/types/utils/alert/fix.d.mts.map +0 -1
  454. package/dist/types/utils/alert/severity.d.mts +0 -13
  455. package/dist/types/utils/alert/severity.d.mts.map +0 -1
  456. package/dist/types/utils/alerts-map.d.mts +0 -25
  457. package/dist/types/utils/alerts-map.d.mts.map +0 -1
  458. package/dist/types/utils/api.d.mts +0 -11
  459. package/dist/types/utils/api.d.mts.map +0 -1
  460. package/dist/types/utils/check-input.d.mts +0 -9
  461. package/dist/types/utils/check-input.d.mts.map +0 -1
  462. package/dist/types/utils/cmd.d.mts +0 -4
  463. package/dist/types/utils/cmd.d.mts.map +0 -1
  464. package/dist/types/utils/color-or-markdown.d.mts +0 -16
  465. package/dist/types/utils/color-or-markdown.d.mts.map +0 -1
  466. package/dist/types/utils/completion.d.mts +0 -11
  467. package/dist/types/utils/completion.d.mts.map +0 -1
  468. package/dist/types/utils/config.d.mts +0 -25
  469. package/dist/types/utils/config.d.mts.map +0 -1
  470. package/dist/types/utils/determine-org-slug.d.mts +0 -2
  471. package/dist/types/utils/determine-org-slug.d.mts.map +0 -1
  472. package/dist/types/utils/errors.d.mts +0 -14
  473. package/dist/types/utils/errors.d.mts.map +0 -1
  474. package/dist/types/utils/fail-msg-with-badge.d.mts +0 -2
  475. package/dist/types/utils/fail-msg-with-badge.d.mts.map +0 -1
  476. package/dist/types/utils/fs.d.mts +0 -22
  477. package/dist/types/utils/fs.d.mts.map +0 -1
  478. package/dist/types/utils/get-output-kind.d.mts +0 -3
  479. package/dist/types/utils/get-output-kind.d.mts.map +0 -1
  480. package/dist/types/utils/glob.d.mts +0 -14
  481. package/dist/types/utils/glob.d.mts.map +0 -1
  482. package/dist/types/utils/map-to-object.d.mts +0 -10
  483. package/dist/types/utils/map-to-object.d.mts.map +0 -1
  484. package/dist/types/utils/markdown.d.mts +0 -4
  485. package/dist/types/utils/markdown.d.mts.map +0 -1
  486. package/dist/types/utils/meow-with-subcommands.d.mts +0 -45
  487. package/dist/types/utils/meow-with-subcommands.d.mts.map +0 -1
  488. package/dist/types/utils/npm-paths.d.mts +0 -7
  489. package/dist/types/utils/npm-paths.d.mts.map +0 -1
  490. package/dist/types/utils/objects.d.mts +0 -3
  491. package/dist/types/utils/objects.d.mts.map +0 -1
  492. package/dist/types/utils/output-formatting.d.mts +0 -15
  493. package/dist/types/utils/output-formatting.d.mts.map +0 -1
  494. package/dist/types/utils/package-environment.d.mts +0 -54
  495. package/dist/types/utils/package-environment.d.mts.map +0 -1
  496. package/dist/types/utils/path-resolve.d.mts +0 -10
  497. package/dist/types/utils/path-resolve.d.mts.map +0 -1
  498. package/dist/types/utils/pnpm.d.mts +0 -9
  499. package/dist/types/utils/pnpm.d.mts.map +0 -1
  500. package/dist/types/utils/sdk.d.mts +0 -8
  501. package/dist/types/utils/sdk.d.mts.map +0 -1
  502. package/dist/types/utils/semver.d.mts +0 -5
  503. package/dist/types/utils/semver.d.mts.map +0 -1
  504. package/dist/types/utils/serialize-result-json.d.mts +0 -3
  505. package/dist/types/utils/serialize-result-json.d.mts.map +0 -1
  506. package/dist/types/utils/socket-package-alert.d.mts +0 -71
  507. package/dist/types/utils/socket-package-alert.d.mts.map +0 -1
  508. package/dist/types/utils/socket-url.d.mts +0 -9
  509. package/dist/types/utils/socket-url.d.mts.map +0 -1
  510. package/dist/types/utils/spec.d.mts +0 -4
  511. package/dist/types/utils/spec.d.mts.map +0 -1
  512. package/dist/types/utils/strings.d.mts +0 -2
  513. package/dist/types/utils/strings.d.mts.map +0 -1
  514. package/dist/types/utils/translations.d.mts +0 -593
  515. package/dist/types/utils/translations.d.mts.map +0 -1
  516. package/dist/types/utils/walk-nested-map.d.mts +0 -7
  517. package/dist/types/utils/walk-nested-map.d.mts.map +0 -1
package/dist/cli.js CHANGED
@@ -28,6 +28,8 @@ var shadowInject = require('./shadow-inject.js');
28
28
  var objects = require('../external/@socketsecurity/registry/lib/objects');
29
29
  var registryConstants = require('../external/@socketsecurity/registry/lib/constants');
30
30
  var require$$7 = require('../external/@socketsecurity/registry/lib/promises');
31
+ var os = require('node:os');
32
+ var promises = require('node:stream/promises');
31
33
 
32
34
  var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
33
35
  async function fetchOrgAnalyticsData(time) {
@@ -300,9 +302,9 @@ async function handleAnalytics({
300
302
  }
301
303
 
302
304
  const {
303
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$K
305
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$L
304
306
  } = constants;
305
- const config$P = {
307
+ const config$Q = {
306
308
  commandName: 'analytics',
307
309
  description: `Look up analytics data`,
308
310
  hidden: false,
@@ -364,16 +366,16 @@ const config$P = {
364
366
  .replace(/\n(?: *\n)+/g, '\n\n')
365
367
  };
366
368
  const cmdAnalytics = {
367
- description: config$P.description,
368
- hidden: config$P.hidden,
369
- run: run$P
369
+ description: config$Q.description,
370
+ hidden: config$Q.hidden,
371
+ run: run$Q
370
372
  };
371
- async function run$P(argv, importMeta, {
373
+ async function run$Q(argv, importMeta, {
372
374
  parentName
373
375
  }) {
374
376
  const cli = utils.meowOrExit({
375
377
  argv,
376
- config: config$P,
378
+ config: config$Q,
377
379
  importMeta,
378
380
  parentName
379
381
  });
@@ -477,7 +479,7 @@ async function run$P(argv, importMeta, {
477
479
  return;
478
480
  }
479
481
  if (cli.flags['dryRun']) {
480
- logger.logger.log(DRY_RUN_BAILING_NOW$K);
482
+ logger.logger.log(DRY_RUN_BAILING_NOW$L);
481
483
  return;
482
484
  }
483
485
  return await handleAnalytics({
@@ -658,10 +660,10 @@ async function handleAuditLog({
658
660
  }
659
661
 
660
662
  const {
661
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$J,
663
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$K,
662
664
  SOCKET_WEBSITE_URL: SOCKET_WEBSITE_URL$3
663
665
  } = constants;
664
- const config$O = {
666
+ const config$P = {
665
667
  commandName: 'audit-log',
666
668
  description: 'Look up the audit log for an organization',
667
669
  hidden: false,
@@ -715,16 +717,16 @@ const config$O = {
715
717
  `
716
718
  };
717
719
  const cmdAuditLog = {
718
- description: config$O.description,
719
- hidden: config$O.hidden,
720
- run: run$O
720
+ description: config$P.description,
721
+ hidden: config$P.hidden,
722
+ run: run$P
721
723
  };
722
- async function run$O(argv, importMeta, {
724
+ async function run$P(argv, importMeta, {
723
725
  parentName
724
726
  }) {
725
727
  const cli = utils.meowOrExit({
726
728
  argv,
727
- config: config$O,
729
+ config: config$P,
728
730
  importMeta,
729
731
  parentName
730
732
  });
@@ -765,7 +767,7 @@ async function run$O(argv, importMeta, {
765
767
  return;
766
768
  }
767
769
  if (cli.flags['dryRun']) {
768
- logger.logger.log(DRY_RUN_BAILING_NOW$J);
770
+ logger.logger.log(DRY_RUN_BAILING_NOW$K);
769
771
  return;
770
772
  }
771
773
  await handleAuditLog({
@@ -855,7 +857,7 @@ async function runCdxgen(yargvWithYes) {
855
857
  }
856
858
 
857
859
  const {
858
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$I
860
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$J
859
861
  } = constants;
860
862
 
861
863
  // TODO: Convert yargs to meow.
@@ -1057,7 +1059,7 @@ const yargsConfig = {
1057
1059
  'usages-slices-file' // hidden
1058
1060
  ]
1059
1061
  };
1060
- const config$N = {
1062
+ const config$O = {
1061
1063
  commandName: 'cdxgen',
1062
1064
  description: 'Create an SBOM with CycloneDX generator (cdxgen)',
1063
1065
  hidden: false,
@@ -1067,18 +1069,18 @@ const config$N = {
1067
1069
  help: () => ''
1068
1070
  };
1069
1071
  const cmdManifestCdxgen = {
1070
- description: config$N.description,
1071
- hidden: config$N.hidden,
1072
- run: run$N
1072
+ description: config$O.description,
1073
+ hidden: config$O.hidden,
1074
+ run: run$O
1073
1075
  };
1074
- async function run$N(argv, importMeta, {
1076
+ async function run$O(argv, importMeta, {
1075
1077
  parentName
1076
1078
  }) {
1077
1079
  const cli = utils.meowOrExit({
1078
1080
  allowUnknownFlags: true,
1079
1081
  // Don't let meow take over --help.
1080
1082
  argv: argv.filter(a => !utils.isHelpFlag(a)),
1081
- config: config$N,
1083
+ config: config$O,
1082
1084
  importMeta,
1083
1085
  parentName
1084
1086
  });
@@ -1100,7 +1102,7 @@ async function run$N(argv, importMeta, {
1100
1102
  return;
1101
1103
  }
1102
1104
  if (cli.flags['dryRun']) {
1103
- logger.logger.log(DRY_RUN_BAILING_NOW$I);
1105
+ logger.logger.log(DRY_RUN_BAILING_NOW$J);
1104
1106
  return;
1105
1107
  }
1106
1108
 
@@ -1129,15 +1131,15 @@ async function handleCdxgen(argv, importMeta, {
1129
1131
  });
1130
1132
  }
1131
1133
 
1132
- const config$M = {
1134
+ const config$N = {
1133
1135
  description: 'Create an SBOM with CycloneDX generator (cdxgen)',
1134
1136
  hidden: true};
1135
1137
  const cmdCdxgen = {
1136
- description: config$M.description,
1137
- hidden: config$M.hidden,
1138
- run: run$M
1138
+ description: config$N.description,
1139
+ hidden: config$N.hidden,
1140
+ run: run$N
1139
1141
  };
1140
- async function run$M(argv, importMeta, {
1142
+ async function run$N(argv, importMeta, {
1141
1143
  parentName
1142
1144
  }) {
1143
1145
  logger.logger.warn('Warning: The `socket cdxgen` command moved to `socket manifest cdxgen` and will be removed as a toplevel command in the next major bump.');
@@ -2318,9 +2320,9 @@ async function handleCI(autoManifest) {
2318
2320
  }
2319
2321
 
2320
2322
  const {
2321
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$H
2323
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$I
2322
2324
  } = constants;
2323
- const config$L = {
2325
+ const config$M = {
2324
2326
  commandName: 'ci',
2325
2327
  description: 'Create a new scan and report whether it passes your security policy',
2326
2328
  hidden: true,
@@ -2338,7 +2340,7 @@ const config$L = {
2338
2340
  $ ${parentName}
2339
2341
 
2340
2342
  Options
2341
- ${utils.getFlagListOutput(config$L.flags, 6)}
2343
+ ${utils.getFlagListOutput(config$M.flags, 6)}
2342
2344
 
2343
2345
  This command is intended to use in CI runs to allow automated systems to
2344
2346
  accept or reject a current build. When the scan does not pass your security
@@ -2353,21 +2355,21 @@ const config$L = {
2353
2355
  `
2354
2356
  };
2355
2357
  const cmdCI = {
2356
- description: config$L.description,
2357
- hidden: config$L.hidden,
2358
- run: run$L
2358
+ description: config$M.description,
2359
+ hidden: config$M.hidden,
2360
+ run: run$M
2359
2361
  };
2360
- async function run$L(argv, importMeta, {
2362
+ async function run$M(argv, importMeta, {
2361
2363
  parentName
2362
2364
  }) {
2363
2365
  const cli = utils.meowOrExit({
2364
2366
  argv,
2365
- config: config$L,
2367
+ config: config$M,
2366
2368
  importMeta,
2367
2369
  parentName
2368
2370
  });
2369
2371
  if (cli.flags['dryRun']) {
2370
- logger.logger.log(DRY_RUN_BAILING_NOW$H);
2372
+ logger.logger.log(DRY_RUN_BAILING_NOW$I);
2371
2373
  return;
2372
2374
  }
2373
2375
  await handleCI(Boolean(cli.flags['autoManifest']));
@@ -2611,9 +2613,9 @@ async function handleConfigAuto({
2611
2613
  }
2612
2614
 
2613
2615
  const {
2614
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$G
2616
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$H
2615
2617
  } = constants;
2616
- const config$K = {
2618
+ const config$L = {
2617
2619
  commandName: 'auto',
2618
2620
  description: 'Automatically discover and set the correct value config item',
2619
2621
  hidden: false,
@@ -2642,16 +2644,16 @@ ${Array.from(utils.supportedConfigKeys.entries()).map(([key, desc]) => ` - $
2642
2644
  `
2643
2645
  };
2644
2646
  const cmdConfigAuto = {
2645
- description: config$K.description,
2646
- hidden: config$K.hidden,
2647
- run: run$K
2647
+ description: config$L.description,
2648
+ hidden: config$L.hidden,
2649
+ run: run$L
2648
2650
  };
2649
- async function run$K(argv, importMeta, {
2651
+ async function run$L(argv, importMeta, {
2650
2652
  parentName
2651
2653
  }) {
2652
2654
  const cli = utils.meowOrExit({
2653
2655
  argv,
2654
- config: config$K,
2656
+ config: config$L,
2655
2657
  importMeta,
2656
2658
  parentName
2657
2659
  });
@@ -2677,7 +2679,7 @@ async function run$K(argv, importMeta, {
2677
2679
  return;
2678
2680
  }
2679
2681
  if (cli.flags['dryRun']) {
2680
- logger.logger.log(DRY_RUN_BAILING_NOW$G);
2682
+ logger.logger.log(DRY_RUN_BAILING_NOW$H);
2681
2683
  return;
2682
2684
  }
2683
2685
  await handleConfigAuto({
@@ -2725,9 +2727,9 @@ async function handleConfigGet({
2725
2727
  }
2726
2728
 
2727
2729
  const {
2728
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$F
2730
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$G
2729
2731
  } = constants;
2730
- const config$J = {
2732
+ const config$K = {
2731
2733
  commandName: 'get',
2732
2734
  description: 'Get the value of a local CLI config item',
2733
2735
  hidden: false,
@@ -2751,16 +2753,16 @@ ${Array.from(utils.supportedConfigKeys.entries()).map(([key, desc]) => ` - $
2751
2753
  `
2752
2754
  };
2753
2755
  const cmdConfigGet = {
2754
- description: config$J.description,
2755
- hidden: config$J.hidden,
2756
- run: run$J
2756
+ description: config$K.description,
2757
+ hidden: config$K.hidden,
2758
+ run: run$K
2757
2759
  };
2758
- async function run$J(argv, importMeta, {
2760
+ async function run$K(argv, importMeta, {
2759
2761
  parentName
2760
2762
  }) {
2761
2763
  const cli = utils.meowOrExit({
2762
2764
  argv,
2763
- config: config$J,
2765
+ config: config$K,
2764
2766
  importMeta,
2765
2767
  parentName
2766
2768
  });
@@ -2786,7 +2788,7 @@ async function run$J(argv, importMeta, {
2786
2788
  return;
2787
2789
  }
2788
2790
  if (cli.flags['dryRun']) {
2789
- logger.logger.log(DRY_RUN_BAILING_NOW$F);
2791
+ logger.logger.log(DRY_RUN_BAILING_NOW$G);
2790
2792
  return;
2791
2793
  }
2792
2794
  await handleConfigGet({
@@ -2863,9 +2865,9 @@ async function outputConfigList({
2863
2865
  }
2864
2866
 
2865
2867
  const {
2866
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$E
2868
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$F
2867
2869
  } = constants;
2868
- const config$I = {
2870
+ const config$J = {
2869
2871
  commandName: 'list',
2870
2872
  description: 'Show all local CLI config items and their values',
2871
2873
  hidden: false,
@@ -2894,16 +2896,16 @@ ${Array.from(utils.supportedConfigKeys.entries()).map(([key, desc]) => ` - $
2894
2896
  `
2895
2897
  };
2896
2898
  const cmdConfigList = {
2897
- description: config$I.description,
2898
- hidden: config$I.hidden,
2899
- run: run$I
2899
+ description: config$J.description,
2900
+ hidden: config$J.hidden,
2901
+ run: run$J
2900
2902
  };
2901
- async function run$I(argv, importMeta, {
2903
+ async function run$J(argv, importMeta, {
2902
2904
  parentName
2903
2905
  }) {
2904
2906
  const cli = utils.meowOrExit({
2905
2907
  argv,
2906
- config: config$I,
2908
+ config: config$J,
2907
2909
  importMeta,
2908
2910
  parentName
2909
2911
  });
@@ -2924,7 +2926,7 @@ async function run$I(argv, importMeta, {
2924
2926
  return;
2925
2927
  }
2926
2928
  if (cli.flags['dryRun']) {
2927
- logger.logger.log(DRY_RUN_BAILING_NOW$E);
2929
+ logger.logger.log(DRY_RUN_BAILING_NOW$F);
2928
2930
  return;
2929
2931
  }
2930
2932
  await outputConfigList({
@@ -2973,9 +2975,9 @@ async function handleConfigSet({
2973
2975
  }
2974
2976
 
2975
2977
  const {
2976
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$D
2978
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$E
2977
2979
  } = constants;
2978
- const config$H = {
2980
+ const config$I = {
2979
2981
  commandName: 'set',
2980
2982
  description: 'Update the value of a local CLI config item',
2981
2983
  hidden: false,
@@ -3004,16 +3006,16 @@ ${Array.from(utils.supportedConfigKeys.entries()).map(([key, desc]) => ` - $
3004
3006
  `
3005
3007
  };
3006
3008
  const cmdConfigSet = {
3007
- description: config$H.description,
3008
- hidden: config$H.hidden,
3009
- run: run$H
3009
+ description: config$I.description,
3010
+ hidden: config$I.hidden,
3011
+ run: run$I
3010
3012
  };
3011
- async function run$H(argv, importMeta, {
3013
+ async function run$I(argv, importMeta, {
3012
3014
  parentName
3013
3015
  }) {
3014
3016
  const cli = utils.meowOrExit({
3015
3017
  argv,
3016
- config: config$H,
3018
+ config: config$I,
3017
3019
  importMeta,
3018
3020
  parentName
3019
3021
  });
@@ -3046,7 +3048,7 @@ async function run$H(argv, importMeta, {
3046
3048
  return;
3047
3049
  }
3048
3050
  if (cli.flags['dryRun']) {
3049
- logger.logger.log(DRY_RUN_BAILING_NOW$D);
3051
+ logger.logger.log(DRY_RUN_BAILING_NOW$E);
3050
3052
  return;
3051
3053
  }
3052
3054
  await handleConfigSet({
@@ -3095,9 +3097,9 @@ async function handleConfigUnset({
3095
3097
  }
3096
3098
 
3097
3099
  const {
3098
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$C
3100
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$D
3099
3101
  } = constants;
3100
- const config$G = {
3102
+ const config$H = {
3101
3103
  commandName: 'unset',
3102
3104
  description: 'Clear the value of a local CLI config item',
3103
3105
  hidden: false,
@@ -3121,16 +3123,16 @@ ${Array.from(utils.supportedConfigKeys.entries()).map(([key, desc]) => ` - $
3121
3123
  `
3122
3124
  };
3123
3125
  const cmdConfigUnset = {
3124
- description: config$G.description,
3125
- hidden: config$G.hidden,
3126
- run: run$G
3126
+ description: config$H.description,
3127
+ hidden: config$H.hidden,
3128
+ run: run$H
3127
3129
  };
3128
- async function run$G(argv, importMeta, {
3130
+ async function run$H(argv, importMeta, {
3129
3131
  parentName
3130
3132
  }) {
3131
3133
  const cli = utils.meowOrExit({
3132
3134
  argv,
3133
- config: config$G,
3135
+ config: config$H,
3134
3136
  importMeta,
3135
3137
  parentName
3136
3138
  });
@@ -3156,7 +3158,7 @@ async function run$G(argv, importMeta, {
3156
3158
  return;
3157
3159
  }
3158
3160
  if (cli.flags['dryRun']) {
3159
- logger.logger.log(DRY_RUN_BAILING_NOW$C);
3161
+ logger.logger.log(DRY_RUN_BAILING_NOW$D);
3160
3162
  return;
3161
3163
  }
3162
3164
  await handleConfigUnset({
@@ -3265,9 +3267,9 @@ async function handleDependencies({
3265
3267
  }
3266
3268
 
3267
3269
  const {
3268
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$B
3270
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$C
3269
3271
  } = constants;
3270
- const config$F = {
3272
+ const config$G = {
3271
3273
  commandName: 'dependencies',
3272
3274
  description: 'Search for any dependency that is being used in your organization',
3273
3275
  hidden: false,
@@ -3303,16 +3305,16 @@ const config$F = {
3303
3305
  `
3304
3306
  };
3305
3307
  const cmdScanCreate$1 = {
3306
- description: config$F.description,
3307
- hidden: config$F.hidden,
3308
- run: run$F
3308
+ description: config$G.description,
3309
+ hidden: config$G.hidden,
3310
+ run: run$G
3309
3311
  };
3310
- async function run$F(argv, importMeta, {
3312
+ async function run$G(argv, importMeta, {
3311
3313
  parentName
3312
3314
  }) {
3313
3315
  const cli = utils.meowOrExit({
3314
3316
  argv,
3315
- config: config$F,
3317
+ config: config$G,
3316
3318
  importMeta,
3317
3319
  parentName
3318
3320
  });
@@ -3341,7 +3343,7 @@ async function run$F(argv, importMeta, {
3341
3343
  return;
3342
3344
  }
3343
3345
  if (cli.flags['dryRun']) {
3344
- logger.logger.log(DRY_RUN_BAILING_NOW$B);
3346
+ logger.logger.log(DRY_RUN_BAILING_NOW$C);
3345
3347
  return;
3346
3348
  }
3347
3349
  await handleDependencies({
@@ -3438,9 +3440,9 @@ async function handleDiffScan$1({
3438
3440
  }
3439
3441
 
3440
3442
  const {
3441
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$A
3443
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$B
3442
3444
  } = constants;
3443
- const config$E = {
3445
+ const config$F = {
3444
3446
  commandName: 'get',
3445
3447
  description: 'Get a diff scan for an organization',
3446
3448
  hidden: false,
@@ -3499,16 +3501,16 @@ const config$E = {
3499
3501
  `
3500
3502
  };
3501
3503
  const cmdDiffScanGet = {
3502
- description: config$E.description,
3503
- hidden: config$E.hidden,
3504
- run: run$E
3504
+ description: config$F.description,
3505
+ hidden: config$F.hidden,
3506
+ run: run$F
3505
3507
  };
3506
- async function run$E(argv, importMeta, {
3508
+ async function run$F(argv, importMeta, {
3507
3509
  parentName
3508
3510
  }) {
3509
3511
  const cli = utils.meowOrExit({
3510
3512
  argv,
3511
- config: config$E,
3513
+ config: config$F,
3512
3514
  importMeta,
3513
3515
  parentName
3514
3516
  });
@@ -3553,7 +3555,7 @@ async function run$E(argv, importMeta, {
3553
3555
  }
3554
3556
  logger.logger.fail('Warning: this command is deprecated in favor of `socket scan diff` and will be removed in the next major bump.');
3555
3557
  if (cli.flags['dryRun']) {
3556
- logger.logger.log(DRY_RUN_BAILING_NOW$A);
3558
+ logger.logger.log(DRY_RUN_BAILING_NOW$B);
3557
3559
  return;
3558
3560
  }
3559
3561
  await handleDiffScan$1({
@@ -3715,8 +3717,8 @@ let _octokit;
3715
3717
  function getOctokit() {
3716
3718
  if (_octokit === undefined) {
3717
3719
  _octokit = new vendor.Octokit({
3718
- // Lazily access constants.ENV properties.
3719
- auth: constants.ENV.SOCKET_SECURITY_GITHUB_PAT || constants.ENV.GITHUB_TOKEN
3720
+ // Lazily access constants.ENV.SOCKET_CLI_GITHUB_TOKEN.
3721
+ auth: constants.ENV.SOCKET_CLI_GITHUB_TOKEN
3720
3722
  });
3721
3723
  }
3722
3724
  return _octokit;
@@ -3726,8 +3728,8 @@ function getOctokitGraphql() {
3726
3728
  if (!_octokitGraphql) {
3727
3729
  _octokitGraphql = vendor.graphql2.defaults({
3728
3730
  headers: {
3729
- // Lazily access constants.ENV properties.
3730
- authorization: `token ${constants.ENV.SOCKET_SECURITY_GITHUB_PAT || constants.ENV.GITHUB_TOKEN}`
3731
+ // Lazily access constants.ENV.SOCKET_CLI_GITHUB_TOKEN.
3732
+ authorization: `token ${constants.ENV.SOCKET_CLI_GITHUB_TOKEN}`
3731
3733
  }
3732
3734
  });
3733
3735
  }
@@ -3735,6 +3737,7 @@ function getOctokitGraphql() {
3735
3737
  }
3736
3738
  async function cacheFetch(key, fetcher, ttlMs) {
3737
3739
  // Optionally disable cache.
3740
+ // Lazily access constants.ENV.DISABLE_GITHUB_CACHE.
3738
3741
  if (constants.ENV.DISABLE_GITHUB_CACHE) {
3739
3742
  return await fetcher();
3740
3743
  }
@@ -4098,13 +4101,16 @@ async function install$1(arb, options) {
4098
4101
  __proto__: null,
4099
4102
  ...options
4100
4103
  };
4101
- const newArb = new shadowInject.Arborist({
4102
- path: cwd
4103
- });
4104
- newArb.idealTree = await arb.buildIdealTree();
4105
- const actualTree = await newArb.reify();
4106
- arb.actualTree = actualTree;
4107
- return actualTree;
4104
+ try {
4105
+ const newArb = new shadowInject.Arborist({
4106
+ path: cwd
4107
+ });
4108
+ newArb.idealTree = await arb.buildIdealTree();
4109
+ const actualTree = await newArb.reify();
4110
+ arb.actualTree = actualTree;
4111
+ return actualTree;
4112
+ } catch {}
4113
+ return null;
4108
4114
  }
4109
4115
  async function npmFix(pkgEnvDetails, {
4110
4116
  autoMerge,
@@ -4152,18 +4158,23 @@ async function npmFix(pkgEnvDetails, {
4152
4158
  });
4153
4159
  if (!infoByPkgName) {
4154
4160
  spinner?.stop();
4155
- logger.logger.info('No fixable vulnerabilities found.');
4161
+ logger.logger.info('No fixable vulns found.');
4156
4162
  return;
4157
4163
  }
4158
4164
 
4159
4165
  // Lazily access constants.ENV properties.
4160
- const token = constants.ENV.SOCKET_SECURITY_GITHUB_PAT || constants.ENV.GITHUB_TOKEN;
4166
+ const token = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
4161
4167
  const isCi = !!(constants.ENV.CI && constants.ENV.GITHUB_ACTIONS && constants.ENV.GITHUB_REPOSITORY && token);
4162
4168
  const baseBranch = isCi ? getBaseGitBranch() : '';
4163
4169
  const workspacePkgJsonPaths = await utils.globWorkspace(pkgEnvDetails.agent, rootPath);
4164
4170
  const pkgJsonPaths = [...workspacePkgJsonPaths,
4165
4171
  // Process the workspace root last since it will add an override to package.json.
4166
4172
  pkgEnvDetails.editablePkgJson.filename];
4173
+ const handleInstallFail = () => {
4174
+ logger.logger.error(`Unexpected condition: ${pkgEnvDetails.agent} install failed.\n`);
4175
+ logger.logger.dedent();
4176
+ spinner?.dedent();
4177
+ };
4167
4178
  spinner?.stop();
4168
4179
  let count = 0;
4169
4180
  const sortedInfoEntries = [...infoByPkgName.entries()].sort((a, b) => sorts.naturalCompare(a[0], b[0]));
@@ -4175,7 +4186,7 @@ async function npmFix(pkgEnvDetails, {
4175
4186
  0: name,
4176
4187
  1: infos
4177
4188
  } = sortedInfoEntries[i];
4178
- logger.logger.log(`Processing vulnerable package: ${name}`);
4189
+ logger.logger.log(`Processing vulns for ${name}:`);
4179
4190
  logger.logger.indent();
4180
4191
  spinner?.indent();
4181
4192
  if (registry.getManifestData(NPM$a, name)) {
@@ -4240,7 +4251,7 @@ async function npmFix(pkgEnvDetails, {
4240
4251
  const newVersion = shadowInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
4241
4252
  const newVersionPackument = newVersion ? packument.versions[newVersion] : undefined;
4242
4253
  if (!(newVersion && newVersionPackument)) {
4243
- warningsForAfter.add(`No update applied. ${oldId} needs >=${firstPatchedVersionIdentifier}.`);
4254
+ warningsForAfter.add(`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`);
4244
4255
  continue infosLoop;
4245
4256
  }
4246
4257
  const newVersionRange = utils.applyRange(oldVersion, newVersion, rangeStyle);
@@ -4288,18 +4299,23 @@ async function npmFix(pkgEnvDetails, {
4288
4299
  let errored = false;
4289
4300
  try {
4290
4301
  // eslint-disable-next-line no-await-in-loop
4291
- actualTree = await install$1(arb, {
4302
+ const maybeActualTree = await install$1(arb, {
4292
4303
  cwd
4293
4304
  });
4294
- if (test) {
4295
- spinner?.info(`Testing ${newId} in ${workspaceName}.`);
4296
- // eslint-disable-next-line no-await-in-loop
4297
- await npm.runScript(testScript, [], {
4298
- spinner,
4299
- stdio: 'ignore'
4300
- });
4305
+ if (maybeActualTree) {
4306
+ actualTree = maybeActualTree;
4307
+ if (test) {
4308
+ spinner?.info(`Testing ${newId} in ${workspaceName}.`);
4309
+ // eslint-disable-next-line no-await-in-loop
4310
+ await npm.runScript(testScript, [], {
4311
+ spinner,
4312
+ stdio: 'ignore'
4313
+ });
4314
+ }
4315
+ spinner?.success(`Fixed ${name} in ${workspaceName}.`);
4316
+ } else {
4317
+ errored = true;
4301
4318
  }
4302
- spinner?.success(`Fixed ${name} in ${workspaceName}.`);
4303
4319
  } catch (e) {
4304
4320
  errored = true;
4305
4321
  error = e;
@@ -4340,9 +4356,15 @@ async function npmFix(pkgEnvDetails, {
4340
4356
  // eslint-disable-next-line no-await-in-loop
4341
4357
  await gitResetAndClean(baseBranch, cwd);
4342
4358
  // eslint-disable-next-line no-await-in-loop
4343
- actualTree = await install$1(arb, {
4359
+ const maybeActualTree = await install$1(arb, {
4344
4360
  cwd
4345
4361
  });
4362
+ if (!maybeActualTree) {
4363
+ // Exit early if install fails.
4364
+ handleInstallFail();
4365
+ return;
4366
+ }
4367
+ actualTree = maybeActualTree;
4346
4368
  continue infosLoop;
4347
4369
  }
4348
4370
 
@@ -4386,12 +4408,19 @@ async function npmFix(pkgEnvDetails, {
4386
4408
  }
4387
4409
  }
4388
4410
  if (isCi) {
4411
+ spinner?.start();
4389
4412
  // eslint-disable-next-line no-await-in-loop
4390
4413
  await gitResetAndClean(baseBranch, cwd);
4391
4414
  // eslint-disable-next-line no-await-in-loop
4392
- actualTree = await install$1(arb, {
4415
+ const maybeActualTree = await install$1(arb, {
4393
4416
  cwd
4394
4417
  });
4418
+ spinner?.stop();
4419
+ if (maybeActualTree) {
4420
+ actualTree = maybeActualTree;
4421
+ } else {
4422
+ errored = true;
4423
+ }
4395
4424
  }
4396
4425
  if (errored) {
4397
4426
  if (!isCi) {
@@ -4402,10 +4431,16 @@ async function npmFix(pkgEnvDetails, {
4402
4431
  ignoreWhitespace: true
4403
4432
  })]);
4404
4433
  // eslint-disable-next-line no-await-in-loop
4405
- actualTree = await install$1(arb, {
4434
+ const maybeActualTree = await install$1(arb, {
4406
4435
  cwd
4407
4436
  });
4408
4437
  spinner?.stop();
4438
+ if (!maybeActualTree) {
4439
+ // Exit early if install fails.
4440
+ handleInstallFail();
4441
+ return;
4442
+ }
4443
+ actualTree = maybeActualTree;
4409
4444
  }
4410
4445
  logger.logger.fail(`Update failed for ${oldId} in ${workspaceName}.`, error);
4411
4446
  }
@@ -4457,18 +4492,21 @@ async function install(pkgEnvDetails, options) {
4457
4492
  __proto__: null,
4458
4493
  ...options
4459
4494
  };
4460
- await utils.runAgentInstall(pkgEnvDetails, {
4461
- args: [...(args ?? []),
4462
- // Enable pnpm updates to pnpm-lock.yaml in CI environments.
4463
- // https://pnpm.io/cli/install#--frozen-lockfile
4464
- '--no-frozen-lockfile',
4465
- // Enable a non-interactive pnpm install
4466
- // https://github.com/pnpm/pnpm/issues/6778
4467
- '--config.confirmModulesPurge=false'],
4468
- spinner,
4469
- stdio: debug.isDebug() ? 'inherit' : 'ignore'
4470
- });
4471
- return await getActualTree(cwd);
4495
+ try {
4496
+ await utils.runAgentInstall(pkgEnvDetails, {
4497
+ args: [...(args ?? []),
4498
+ // Enable pnpm updates to pnpm-lock.yaml in CI environments.
4499
+ // https://pnpm.io/cli/install#--frozen-lockfile
4500
+ '--no-frozen-lockfile',
4501
+ // Enable a non-interactive pnpm install
4502
+ // https://github.com/pnpm/pnpm/issues/6778
4503
+ '--config.confirmModulesPurge=false'],
4504
+ spinner,
4505
+ stdio: debug.isDebug() ? 'inherit' : 'ignore'
4506
+ });
4507
+ return await getActualTree(cwd);
4508
+ } catch {}
4509
+ return null;
4472
4510
  }
4473
4511
  async function pnpmFix(pkgEnvDetails, {
4474
4512
  autoMerge,
@@ -4498,21 +4536,27 @@ async function pnpmFix(pkgEnvDetails, {
4498
4536
 
4499
4537
  // If pnpm-lock.yaml does NOT exist then install with pnpm to create it.
4500
4538
  if (!lockfile) {
4501
- actualTree = await install(pkgEnvDetails, {
4539
+ const maybeActualTree = await install(pkgEnvDetails, {
4502
4540
  cwd,
4503
4541
  spinner
4504
4542
  });
4505
- lockfile = await utils.readPnpmLockfile(lockfilePath);
4543
+ if (maybeActualTree) {
4544
+ actualTree = maybeActualTree;
4545
+ lockfile = await utils.readPnpmLockfile(lockfilePath);
4546
+ }
4506
4547
  }
4507
4548
  // Update pnpm-lock.yaml if its version is older than what the installed pnpm
4508
4549
  // produces.
4509
4550
  if (lockfile && pkgEnvDetails.agentVersion.major >= 10 && utils.parsePnpmLockfileVersion(lockfile.lockfileVersion).major <= 6) {
4510
- actualTree = await install(pkgEnvDetails, {
4551
+ const maybeActualTree = await install(pkgEnvDetails, {
4511
4552
  args: ['--lockfile-only'],
4512
4553
  cwd,
4513
4554
  spinner
4514
4555
  });
4515
- lockfile = await utils.readPnpmLockfile(lockfilePath);
4556
+ if (maybeActualTree) {
4557
+ actualTree = maybeActualTree;
4558
+ lockfile = await utils.readPnpmLockfile(lockfilePath);
4559
+ }
4516
4560
  }
4517
4561
 
4518
4562
  // Exit early if pnpm-lock.yaml is not found.
@@ -4538,18 +4582,23 @@ async function pnpmFix(pkgEnvDetails, {
4538
4582
  });
4539
4583
  if (!infoByPkgName) {
4540
4584
  spinner?.stop();
4541
- logger.logger.info('No fixable vulnerabilities found.');
4585
+ logger.logger.info('No fixable vulns found.');
4542
4586
  return;
4543
4587
  }
4544
4588
 
4545
4589
  // Lazily access constants.ENV properties.
4546
- const token = constants.ENV.SOCKET_SECURITY_GITHUB_PAT || constants.ENV.GITHUB_TOKEN;
4590
+ const token = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
4547
4591
  const isCi = !!(constants.ENV.CI && constants.ENV.GITHUB_ACTIONS && constants.ENV.GITHUB_REPOSITORY && token);
4548
4592
  const baseBranch = isCi ? getBaseGitBranch() : '';
4549
4593
  const workspacePkgJsonPaths = await utils.globWorkspace(pkgEnvDetails.agent, rootPath);
4550
4594
  const pkgJsonPaths = [...workspacePkgJsonPaths,
4551
4595
  // Process the workspace root last since it will add an override to package.json.
4552
4596
  pkgEnvDetails.editablePkgJson.filename];
4597
+ const handleInstallFail = () => {
4598
+ logger.logger.error(`Unexpected condition: ${pkgEnvDetails.agent} install failed.\n`);
4599
+ logger.logger.dedent();
4600
+ spinner?.dedent();
4601
+ };
4553
4602
  spinner?.stop();
4554
4603
  let count = 0;
4555
4604
  const sortedInfoEntries = [...infoByPkgName.entries()].sort((a, b) => sorts.naturalCompare(a[0], b[0]));
@@ -4561,7 +4610,7 @@ async function pnpmFix(pkgEnvDetails, {
4561
4610
  0: name,
4562
4611
  1: infos
4563
4612
  } = sortedInfoEntries[i];
4564
- logger.logger.log(`Processing vulnerable package: ${name}`);
4613
+ logger.logger.log(`Processing vulns for ${name}:`);
4565
4614
  logger.logger.indent();
4566
4615
  spinner?.indent();
4567
4616
  if (registry.getManifestData(NPM$9, name)) {
@@ -4590,7 +4639,7 @@ async function pnpmFix(pkgEnvDetails, {
4590
4639
 
4591
4640
  // actualTree may not be defined on the first iteration of pkgJsonPathsLoop.
4592
4641
  if (!actualTree) {
4593
- actualTree = fs$1.existsSync(path.join(rootPath, 'node_modules')) ?
4642
+ const maybeActualTree = fs$1.existsSync(path.join(rootPath, 'node_modules')) ?
4594
4643
  // eslint-disable-next-line no-await-in-loop
4595
4644
  await getActualTree(cwd) :
4596
4645
  // eslint-disable-next-line no-await-in-loop
@@ -4598,6 +4647,14 @@ async function pnpmFix(pkgEnvDetails, {
4598
4647
  cwd,
4599
4648
  spinner
4600
4649
  });
4650
+ if (maybeActualTree) {
4651
+ actualTree = maybeActualTree;
4652
+ }
4653
+ }
4654
+ if (!actualTree) {
4655
+ // Exit early if install fails.
4656
+ handleInstallFail();
4657
+ return;
4601
4658
  }
4602
4659
  const oldVersions = arrays.arrayUnique(shadowInject.findPackageNodes(actualTree, name).map(n => n.version).filter(Boolean));
4603
4660
  if (!oldVersions.length) {
@@ -4641,7 +4698,7 @@ async function pnpmFix(pkgEnvDetails, {
4641
4698
  const newVersion = shadowInject.findBestPatchVersion(node, availableVersions, vulnerableVersionRange);
4642
4699
  const newVersionPackument = newVersion ? packument.versions[newVersion] : undefined;
4643
4700
  if (!(newVersion && newVersionPackument)) {
4644
- warningsForAfter.add(`No update applied. ${oldId} needs >=${firstPatchedVersionIdentifier}.`);
4701
+ warningsForAfter.add(`${oldId} not updated: requires >=${firstPatchedVersionIdentifier}`);
4645
4702
  continue infosLoop;
4646
4703
  }
4647
4704
  const overrideKey = `${name}@${vulnerableVersionRange}`;
@@ -4708,19 +4765,24 @@ async function pnpmFix(pkgEnvDetails, {
4708
4765
  let errored = false;
4709
4766
  try {
4710
4767
  // eslint-disable-next-line no-await-in-loop
4711
- actualTree = await install(pkgEnvDetails, {
4768
+ const maybeActualTree = await install(pkgEnvDetails, {
4712
4769
  cwd,
4713
4770
  spinner
4714
4771
  });
4715
- if (test) {
4716
- spinner?.info(`Testing ${newId} in ${workspaceName}.`);
4717
- // eslint-disable-next-line no-await-in-loop
4718
- await npm.runScript(testScript, [], {
4719
- spinner,
4720
- stdio: 'ignore'
4721
- });
4772
+ if (maybeActualTree) {
4773
+ actualTree = maybeActualTree;
4774
+ if (test) {
4775
+ spinner?.info(`Testing ${newId} in ${workspaceName}.`);
4776
+ // eslint-disable-next-line no-await-in-loop
4777
+ await npm.runScript(testScript, [], {
4778
+ spinner,
4779
+ stdio: 'ignore'
4780
+ });
4781
+ }
4782
+ spinner?.success(`Fixed ${name} in ${workspaceName}.`);
4783
+ } else {
4784
+ errored = true;
4722
4785
  }
4723
- spinner?.success(`Fixed ${name} in ${workspaceName}.`);
4724
4786
  } catch (e) {
4725
4787
  error = e;
4726
4788
  errored = true;
@@ -4761,10 +4823,16 @@ async function pnpmFix(pkgEnvDetails, {
4761
4823
  // eslint-disable-next-line no-await-in-loop
4762
4824
  await gitResetAndClean(baseBranch, cwd);
4763
4825
  // eslint-disable-next-line no-await-in-loop
4764
- actualTree = await install(pkgEnvDetails, {
4826
+ const maybeActualTree = await install(pkgEnvDetails, {
4765
4827
  cwd,
4766
4828
  spinner
4767
4829
  });
4830
+ if (!maybeActualTree) {
4831
+ // Exit early if install fails.
4832
+ handleInstallFail();
4833
+ return;
4834
+ }
4835
+ actualTree = maybeActualTree;
4768
4836
  continue infosLoop;
4769
4837
  }
4770
4838
 
@@ -4808,13 +4876,20 @@ async function pnpmFix(pkgEnvDetails, {
4808
4876
  }
4809
4877
  }
4810
4878
  if (isCi) {
4879
+ spinner?.start();
4811
4880
  // eslint-disable-next-line no-await-in-loop
4812
4881
  await gitResetAndClean(baseBranch, cwd);
4813
4882
  // eslint-disable-next-line no-await-in-loop
4814
- actualTree = await install(pkgEnvDetails, {
4883
+ const maybeActualTree = await install(pkgEnvDetails, {
4815
4884
  cwd,
4816
4885
  spinner
4817
4886
  });
4887
+ spinner?.stop();
4888
+ if (maybeActualTree) {
4889
+ actualTree = maybeActualTree;
4890
+ } else {
4891
+ errored = true;
4892
+ }
4818
4893
  }
4819
4894
  if (errored) {
4820
4895
  if (!isCi) {
@@ -4825,13 +4900,19 @@ async function pnpmFix(pkgEnvDetails, {
4825
4900
  ignoreWhitespace: true
4826
4901
  })]);
4827
4902
  // eslint-disable-next-line no-await-in-loop
4828
- actualTree = await install(pkgEnvDetails, {
4903
+ const maybeActualTree = await install(pkgEnvDetails, {
4829
4904
  cwd,
4830
4905
  spinner
4831
4906
  });
4832
4907
  spinner?.stop();
4908
+ if (!maybeActualTree) {
4909
+ // Exit early if install fails.
4910
+ handleInstallFail();
4911
+ return;
4912
+ }
4913
+ actualTree = maybeActualTree;
4833
4914
  }
4834
- logger.logger.fail(`Update failed for ${oldId} in ${workspaceName}.`, error);
4915
+ logger.logger.fail(`Update failed for ${oldId} in ${workspaceName}.`, ...(error ? [error] : []));
4835
4916
  }
4836
4917
  if (++count >= limit) {
4837
4918
  logger.logger.dedent();
@@ -4880,7 +4961,7 @@ async function runFix(options_) {
4880
4961
  }
4881
4962
  }
4882
4963
 
4883
- const config$D = {
4964
+ const config$E = {
4884
4965
  commandName: 'fix',
4885
4966
  description: 'Update dependencies with "fixable" Socket alerts',
4886
4967
  hidden: false,
@@ -4944,16 +5025,16 @@ const config$D = {
4944
5025
  `
4945
5026
  };
4946
5027
  const cmdFix = {
4947
- description: config$D.description,
4948
- hidden: config$D.hidden,
4949
- run: run$D
5028
+ description: config$E.description,
5029
+ hidden: config$E.hidden,
5030
+ run: run$E
4950
5031
  };
4951
- async function run$D(argv, importMeta, {
5032
+ async function run$E(argv, importMeta, {
4952
5033
  parentName
4953
5034
  }) {
4954
5035
  const cli = utils.meowOrExit({
4955
5036
  argv,
4956
- config: config$D,
5037
+ config: config$E,
4957
5038
  importMeta,
4958
5039
  parentName
4959
5040
  });
@@ -5133,9 +5214,9 @@ async function handlePackageInfo({
5133
5214
  }
5134
5215
 
5135
5216
  const {
5136
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$z
5217
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$A
5137
5218
  } = constants;
5138
- const config$C = {
5219
+ const config$D = {
5139
5220
  commandName: 'info',
5140
5221
  description: 'Look up info regarding a package',
5141
5222
  hidden: true,
@@ -5160,16 +5241,16 @@ const config$C = {
5160
5241
  `
5161
5242
  };
5162
5243
  const cmdInfo = {
5163
- description: config$C.description,
5164
- hidden: config$C.hidden,
5165
- run: run$C
5244
+ description: config$D.description,
5245
+ hidden: config$D.hidden,
5246
+ run: run$D
5166
5247
  };
5167
- async function run$C(argv, importMeta, {
5248
+ async function run$D(argv, importMeta, {
5168
5249
  parentName
5169
5250
  }) {
5170
5251
  const cli = utils.meowOrExit({
5171
5252
  argv,
5172
- config: config$C,
5253
+ config: config$D,
5173
5254
  importMeta,
5174
5255
  parentName
5175
5256
  });
@@ -5206,11 +5287,11 @@ async function run$C(argv, importMeta, {
5206
5287
  const pkgName = versionSeparator < 1 ? rawPkgName : rawPkgName.slice(0, versionSeparator);
5207
5288
  const pkgVersion = versionSeparator < 1 ? 'latest' : rawPkgName.slice(versionSeparator + 1);
5208
5289
  if (cli.flags['dryRun']) {
5209
- logger.logger.log(DRY_RUN_BAILING_NOW$z);
5290
+ logger.logger.log(DRY_RUN_BAILING_NOW$A);
5210
5291
  return;
5211
5292
  }
5212
5293
  await handlePackageInfo({
5213
- commandName: `${parentName} ${config$C.commandName}`,
5294
+ commandName: `${parentName} ${config$D.commandName}`,
5214
5295
  includeAllIssues: Boolean(all),
5215
5296
  outputKind,
5216
5297
  pkgName,
@@ -5338,9 +5419,9 @@ async function handleInstallCompletion(targetName) {
5338
5419
  }
5339
5420
 
5340
5421
  const {
5341
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$y
5422
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$z
5342
5423
  } = constants;
5343
- const config$B = {
5424
+ const config$C = {
5344
5425
  commandName: 'completion',
5345
5426
  description: 'Install bash completion for Socket CLI',
5346
5427
  hidden: true,
@@ -5378,22 +5459,22 @@ const config$B = {
5378
5459
  `
5379
5460
  };
5380
5461
  const cmdInstallCompletion = {
5381
- description: config$B.description,
5382
- hidden: config$B.hidden,
5383
- run: run$B
5462
+ description: config$C.description,
5463
+ hidden: config$C.hidden,
5464
+ run: run$C
5384
5465
  };
5385
- async function run$B(argv, importMeta, {
5466
+ async function run$C(argv, importMeta, {
5386
5467
  parentName
5387
5468
  }) {
5388
5469
  const cli = utils.meowOrExit({
5389
5470
  argv,
5390
- config: config$B,
5471
+ config: config$C,
5391
5472
  importMeta,
5392
5473
  parentName
5393
5474
  });
5394
5475
  const targetName = cli.input[0] || 'socket';
5395
5476
  if (cli.flags['dryRun']) {
5396
- logger.logger.log(DRY_RUN_BAILING_NOW$y);
5477
+ logger.logger.log(DRY_RUN_BAILING_NOW$z);
5397
5478
  return;
5398
5479
  }
5399
5480
  await handleInstallCompletion(String(targetName));
@@ -5511,9 +5592,9 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
5511
5592
  }
5512
5593
 
5513
5594
  const {
5514
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$x
5595
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$y
5515
5596
  } = constants;
5516
- const config$A = {
5597
+ const config$B = {
5517
5598
  commandName: 'login',
5518
5599
  description: 'Socket API login',
5519
5600
  hidden: false,
@@ -5546,23 +5627,23 @@ const config$A = {
5546
5627
  `
5547
5628
  };
5548
5629
  const cmdLogin = {
5549
- description: config$A.description,
5550
- hidden: config$A.hidden,
5551
- run: run$A
5630
+ description: config$B.description,
5631
+ hidden: config$B.hidden,
5632
+ run: run$B
5552
5633
  };
5553
- async function run$A(argv, importMeta, {
5634
+ async function run$B(argv, importMeta, {
5554
5635
  parentName
5555
5636
  }) {
5556
5637
  const cli = utils.meowOrExit({
5557
5638
  argv,
5558
- config: config$A,
5639
+ config: config$B,
5559
5640
  importMeta,
5560
5641
  parentName
5561
5642
  });
5562
5643
  const apiBaseUrl = cli.flags['apiBaseUrl'];
5563
5644
  const apiProxy = cli.flags['apiProxy'];
5564
5645
  if (cli.flags['dryRun']) {
5565
- logger.logger.log(DRY_RUN_BAILING_NOW$x);
5646
+ logger.logger.log(DRY_RUN_BAILING_NOW$y);
5566
5647
  return;
5567
5648
  }
5568
5649
  if (!vendor.isInteractiveExports()) {
@@ -5592,9 +5673,9 @@ function attemptLogout() {
5592
5673
  }
5593
5674
 
5594
5675
  const {
5595
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$w
5676
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$x
5596
5677
  } = constants;
5597
- const config$z = {
5678
+ const config$A = {
5598
5679
  commandName: 'logout',
5599
5680
  description: 'Socket API logout',
5600
5681
  hidden: false,
@@ -5609,30 +5690,30 @@ const config$z = {
5609
5690
  `
5610
5691
  };
5611
5692
  const cmdLogout = {
5612
- description: config$z.description,
5613
- hidden: config$z.hidden,
5614
- run: run$z
5693
+ description: config$A.description,
5694
+ hidden: config$A.hidden,
5695
+ run: run$A
5615
5696
  };
5616
- async function run$z(argv, importMeta, {
5697
+ async function run$A(argv, importMeta, {
5617
5698
  parentName
5618
5699
  }) {
5619
5700
  const cli = utils.meowOrExit({
5620
5701
  argv,
5621
- config: config$z,
5702
+ config: config$A,
5622
5703
  importMeta,
5623
5704
  parentName
5624
5705
  });
5625
5706
  if (cli.flags['dryRun']) {
5626
- logger.logger.log(DRY_RUN_BAILING_NOW$w);
5707
+ logger.logger.log(DRY_RUN_BAILING_NOW$x);
5627
5708
  return;
5628
5709
  }
5629
5710
  attemptLogout();
5630
5711
  }
5631
5712
 
5632
5713
  const {
5633
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$v
5714
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$w
5634
5715
  } = constants;
5635
- const config$y = {
5716
+ const config$z = {
5636
5717
  commandName: 'auto',
5637
5718
  description: 'Auto-detect build and attempt to generate manifest file',
5638
5719
  hidden: false,
@@ -5661,16 +5742,16 @@ const config$y = {
5661
5742
  `
5662
5743
  };
5663
5744
  const cmdManifestAuto = {
5664
- description: config$y.description,
5665
- hidden: config$y.hidden,
5666
- run: run$y
5745
+ description: config$z.description,
5746
+ hidden: config$z.hidden,
5747
+ run: run$z
5667
5748
  };
5668
- async function run$y(argv, importMeta, {
5749
+ async function run$z(argv, importMeta, {
5669
5750
  parentName
5670
5751
  }) {
5671
5752
  const cli = utils.meowOrExit({
5672
5753
  argv,
5673
- config: config$y,
5754
+ config: config$z,
5674
5755
  importMeta,
5675
5756
  parentName
5676
5757
  });
@@ -5684,7 +5765,7 @@ async function run$y(argv, importMeta, {
5684
5765
  const cwd = String(cwdFlag || process.cwd());
5685
5766
  const verbose = !!verboseFlag;
5686
5767
  if (verbose) {
5687
- logger.logger.group('- ', parentName, config$y.commandName, ':');
5768
+ logger.logger.group('- ', parentName, config$z.commandName, ':');
5688
5769
  logger.logger.group('- flags:', cli.flags);
5689
5770
  logger.logger.groupEnd();
5690
5771
  logger.logger.log('- input:', cli.input);
@@ -5694,7 +5775,7 @@ async function run$y(argv, importMeta, {
5694
5775
  const detected = await detectManifestActions(String(cwd));
5695
5776
  debug.debugLog(detected);
5696
5777
  if (cli.flags['dryRun']) {
5697
- logger.logger.log(DRY_RUN_BAILING_NOW$v);
5778
+ logger.logger.log(DRY_RUN_BAILING_NOW$w);
5698
5779
  return;
5699
5780
  }
5700
5781
  if (!detected.count) {
@@ -5711,9 +5792,9 @@ async function run$y(argv, importMeta, {
5711
5792
  }
5712
5793
 
5713
5794
  const {
5714
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$u
5795
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$v
5715
5796
  } = constants;
5716
- const config$x = {
5797
+ const config$y = {
5717
5798
  commandName: 'conda',
5718
5799
  description: '[beta] Convert a Conda environment.yml file to a python requirements.txt',
5719
5800
  hidden: false,
@@ -5756,16 +5837,16 @@ const config$x = {
5756
5837
  `
5757
5838
  };
5758
5839
  const cmdManifestConda = {
5759
- description: config$x.description,
5760
- hidden: config$x.hidden,
5761
- run: run$x
5840
+ description: config$y.description,
5841
+ hidden: config$y.hidden,
5842
+ run: run$y
5762
5843
  };
5763
- async function run$x(argv, importMeta, {
5844
+ async function run$y(argv, importMeta, {
5764
5845
  parentName
5765
5846
  }) {
5766
5847
  const cli = utils.meowOrExit({
5767
5848
  argv,
5768
- config: config$x,
5849
+ config: config$y,
5769
5850
  importMeta,
5770
5851
  parentName
5771
5852
  });
@@ -5780,7 +5861,7 @@ async function run$x(argv, importMeta, {
5780
5861
 
5781
5862
  const [target = ''] = cli.input;
5782
5863
  if (verbose) {
5783
- logger.logger.group('- ', parentName, config$x.commandName, ':');
5864
+ logger.logger.group('- ', parentName, config$y.commandName, ':');
5784
5865
  logger.logger.group('- flags:', cli.flags);
5785
5866
  logger.logger.groupEnd();
5786
5867
  logger.logger.log('- target:', target);
@@ -5810,16 +5891,16 @@ async function run$x(argv, importMeta, {
5810
5891
  }
5811
5892
  logger.logger.warn('Warning: This will approximate your Conda dependencies using PyPI. We do not yet officially support Conda. Use at your own risk.');
5812
5893
  if (cli.flags['dryRun']) {
5813
- logger.logger.log(DRY_RUN_BAILING_NOW$u);
5894
+ logger.logger.log(DRY_RUN_BAILING_NOW$v);
5814
5895
  return;
5815
5896
  }
5816
5897
  await handleManifestConda(target, String(out || ''), json ? 'json' : markdown ? 'markdown' : 'text', String(cwd), Boolean(verbose));
5817
5898
  }
5818
5899
 
5819
5900
  const {
5820
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$t
5901
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$u
5821
5902
  } = constants;
5822
- const config$w = {
5903
+ const config$x = {
5823
5904
  commandName: 'gradle',
5824
5905
  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Gradle/Java/Kotlin/etc project',
5825
5906
  hidden: false,
@@ -5882,16 +5963,16 @@ const config$w = {
5882
5963
  `
5883
5964
  };
5884
5965
  const cmdManifestGradle = {
5885
- description: config$w.description,
5886
- hidden: config$w.hidden,
5887
- run: run$w
5966
+ description: config$x.description,
5967
+ hidden: config$x.hidden,
5968
+ run: run$x
5888
5969
  };
5889
- async function run$w(argv, importMeta, {
5970
+ async function run$x(argv, importMeta, {
5890
5971
  parentName
5891
5972
  }) {
5892
5973
  const cli = utils.meowOrExit({
5893
5974
  argv,
5894
- config: config$w,
5975
+ config: config$x,
5895
5976
  importMeta,
5896
5977
  parentName
5897
5978
  });
@@ -5903,7 +5984,7 @@ async function run$w(argv, importMeta, {
5903
5984
  const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
5904
5985
 
5905
5986
  if (verbose) {
5906
- logger.logger.group('- ', parentName, config$w.commandName, ':');
5987
+ logger.logger.group('- ', parentName, config$x.commandName, ':');
5907
5988
  logger.logger.group('- flags:', cli.flags);
5908
5989
  logger.logger.groupEnd();
5909
5990
  logger.logger.log('- input:', cli.input);
@@ -5945,14 +6026,14 @@ async function run$w(argv, importMeta, {
5945
6026
  gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
5946
6027
  }
5947
6028
  if (cli.flags['dryRun']) {
5948
- logger.logger.log(DRY_RUN_BAILING_NOW$t);
6029
+ logger.logger.log(DRY_RUN_BAILING_NOW$u);
5949
6030
  return;
5950
6031
  }
5951
6032
  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
5952
6033
  }
5953
6034
 
5954
6035
  const {
5955
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$s
6036
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$t
5956
6037
  } = constants;
5957
6038
 
5958
6039
  // TODO: we may want to dedupe some pieces for all gradle languages. I think it
@@ -5960,7 +6041,7 @@ const {
5960
6041
  // sense for the help panels to note the requested language, rather than
5961
6042
  // `socket manifest kotlin` to print help screens with `gradle` as the
5962
6043
  // command. Room for improvement.
5963
- const config$v = {
6044
+ const config$w = {
5964
6045
  commandName: 'kotlin',
5965
6046
  description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Kotlin project',
5966
6047
  hidden: false,
@@ -6023,16 +6104,16 @@ const config$v = {
6023
6104
  `
6024
6105
  };
6025
6106
  const cmdManifestKotlin = {
6026
- description: config$v.description,
6027
- hidden: config$v.hidden,
6028
- run: run$v
6107
+ description: config$w.description,
6108
+ hidden: config$w.hidden,
6109
+ run: run$w
6029
6110
  };
6030
- async function run$v(argv, importMeta, {
6111
+ async function run$w(argv, importMeta, {
6031
6112
  parentName
6032
6113
  }) {
6033
6114
  const cli = utils.meowOrExit({
6034
6115
  argv,
6035
- config: config$v,
6116
+ config: config$w,
6036
6117
  importMeta,
6037
6118
  parentName
6038
6119
  });
@@ -6044,7 +6125,7 @@ async function run$v(argv, importMeta, {
6044
6125
  const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
6045
6126
 
6046
6127
  if (verbose) {
6047
- logger.logger.group('- ', parentName, config$v.commandName, ':');
6128
+ logger.logger.group('- ', parentName, config$w.commandName, ':');
6048
6129
  logger.logger.group('- flags:', cli.flags);
6049
6130
  logger.logger.groupEnd();
6050
6131
  logger.logger.log('- input:', cli.input);
@@ -6086,16 +6167,16 @@ async function run$v(argv, importMeta, {
6086
6167
  gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
6087
6168
  }
6088
6169
  if (cli.flags['dryRun']) {
6089
- logger.logger.log(DRY_RUN_BAILING_NOW$s);
6170
+ logger.logger.log(DRY_RUN_BAILING_NOW$t);
6090
6171
  return;
6091
6172
  }
6092
6173
  await convertGradleToMaven(target, String(bin), String(cwd), verbose, gradleOpts);
6093
6174
  }
6094
6175
 
6095
6176
  const {
6096
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$r
6177
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$s
6097
6178
  } = constants;
6098
- const config$u = {
6179
+ const config$v = {
6099
6180
  commandName: 'scala',
6100
6181
  description: "[beta] Generate a manifest file (`pom.xml`) from Scala's `build.sbt` file",
6101
6182
  hidden: false,
@@ -6168,16 +6249,16 @@ const config$u = {
6168
6249
  `
6169
6250
  };
6170
6251
  const cmdManifestScala = {
6171
- description: config$u.description,
6172
- hidden: config$u.hidden,
6173
- run: run$u
6252
+ description: config$v.description,
6253
+ hidden: config$v.hidden,
6254
+ run: run$v
6174
6255
  };
6175
- async function run$u(argv, importMeta, {
6256
+ async function run$v(argv, importMeta, {
6176
6257
  parentName
6177
6258
  }) {
6178
6259
  const cli = utils.meowOrExit({
6179
6260
  argv,
6180
- config: config$u,
6261
+ config: config$v,
6181
6262
  importMeta,
6182
6263
  parentName
6183
6264
  });
@@ -6189,7 +6270,7 @@ async function run$u(argv, importMeta, {
6189
6270
  const outputKind = utils.getOutputKind(json, markdown); // TODO: impl json/md further
6190
6271
 
6191
6272
  if (verbose) {
6192
- logger.logger.group('- ', parentName, config$u.commandName, ':');
6273
+ logger.logger.group('- ', parentName, config$v.commandName, ':');
6193
6274
  logger.logger.group('- flags:', cli.flags);
6194
6275
  logger.logger.groupEnd();
6195
6276
  logger.logger.log('- input:', cli.input);
@@ -6239,13 +6320,13 @@ async function run$u(argv, importMeta, {
6239
6320
  sbtOpts = cli.flags['sbtOpts'].split(' ').map(s => s.trim()).filter(Boolean);
6240
6321
  }
6241
6322
  if (cli.flags['dryRun']) {
6242
- logger.logger.log(DRY_RUN_BAILING_NOW$r);
6323
+ logger.logger.log(DRY_RUN_BAILING_NOW$s);
6243
6324
  return;
6244
6325
  }
6245
6326
  await convertSbtToMaven(target, bin, out, verbose, sbtOpts);
6246
6327
  }
6247
6328
 
6248
- const config$t = {
6329
+ const config$u = {
6249
6330
  commandName: 'manifest',
6250
6331
  description: 'Generate a dependency manifest for given file or dir',
6251
6332
  hidden: false,
@@ -6253,11 +6334,11 @@ const config$t = {
6253
6334
  ...utils.commonFlags
6254
6335
  }};
6255
6336
  const cmdManifest = {
6256
- description: config$t.description,
6257
- hidden: config$t.hidden,
6258
- run: run$t
6337
+ description: config$u.description,
6338
+ hidden: config$u.hidden,
6339
+ run: run$u
6259
6340
  };
6260
- async function run$t(argv, importMeta, {
6341
+ async function run$u(argv, importMeta, {
6261
6342
  parentName
6262
6343
  }) {
6263
6344
  await utils.meowWithSubcommands({
@@ -6271,23 +6352,23 @@ async function run$t(argv, importMeta, {
6271
6352
  argv,
6272
6353
  aliases: {
6273
6354
  yolo: {
6274
- description: config$t.description,
6355
+ description: config$u.description,
6275
6356
  hidden: true,
6276
6357
  argv: ['auto']
6277
6358
  }
6278
6359
  },
6279
- description: config$t.description,
6360
+ description: config$u.description,
6280
6361
  importMeta,
6281
- flags: config$t.flags,
6282
- name: `${parentName} ${config$t.commandName}`
6362
+ flags: config$u.flags,
6363
+ name: `${parentName} ${config$u.commandName}`
6283
6364
  });
6284
6365
  }
6285
6366
 
6286
6367
  const require$3 =Module.createRequire(require$$0.pathToFileURL(__filename).href)
6287
6368
  const {
6288
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$q
6369
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$r
6289
6370
  } = constants;
6290
- const config$s = {
6371
+ const config$t = {
6291
6372
  commandName: 'npm',
6292
6373
  description: `npm wrapper functionality`,
6293
6374
  hidden: false,
@@ -6300,22 +6381,22 @@ const config$s = {
6300
6381
  `
6301
6382
  };
6302
6383
  const cmdNpm = {
6303
- description: config$s.description,
6304
- hidden: config$s.hidden,
6305
- run: run$s
6384
+ description: config$t.description,
6385
+ hidden: config$t.hidden,
6386
+ run: run$t
6306
6387
  };
6307
- async function run$s(argv, importMeta, {
6388
+ async function run$t(argv, importMeta, {
6308
6389
  parentName
6309
6390
  }) {
6310
6391
  const cli = utils.meowOrExit({
6311
6392
  allowUnknownFlags: true,
6312
6393
  argv,
6313
- config: config$s,
6394
+ config: config$t,
6314
6395
  importMeta,
6315
6396
  parentName
6316
6397
  });
6317
6398
  if (cli.flags['dryRun']) {
6318
- logger.logger.log(DRY_RUN_BAILING_NOW$q);
6399
+ logger.logger.log(DRY_RUN_BAILING_NOW$r);
6319
6400
  return;
6320
6401
  }
6321
6402
 
@@ -6326,9 +6407,9 @@ async function run$s(argv, importMeta, {
6326
6407
 
6327
6408
  const require$2 =Module.createRequire(require$$0.pathToFileURL(__filename).href)
6328
6409
  const {
6329
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$p
6410
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$q
6330
6411
  } = constants;
6331
- const config$r = {
6412
+ const config$s = {
6332
6413
  commandName: 'npx',
6333
6414
  description: `npx wrapper functionality`,
6334
6415
  hidden: false,
@@ -6341,22 +6422,22 @@ const config$r = {
6341
6422
  `
6342
6423
  };
6343
6424
  const cmdNpx = {
6344
- description: config$r.description,
6345
- hidden: config$r.hidden,
6346
- run: run$r
6425
+ description: config$s.description,
6426
+ hidden: config$s.hidden,
6427
+ run: run$s
6347
6428
  };
6348
- async function run$r(argv, importMeta, {
6429
+ async function run$s(argv, importMeta, {
6349
6430
  parentName
6350
6431
  }) {
6351
6432
  const cli = utils.meowOrExit({
6352
6433
  allowUnknownFlags: true,
6353
6434
  argv,
6354
- config: config$r,
6435
+ config: config$s,
6355
6436
  importMeta,
6356
6437
  parentName
6357
6438
  });
6358
6439
  if (cli.flags['dryRun']) {
6359
- logger.logger.log(DRY_RUN_BAILING_NOW$p);
6440
+ logger.logger.log(DRY_RUN_BAILING_NOW$q);
6360
6441
  return;
6361
6442
  }
6362
6443
 
@@ -6366,9 +6447,9 @@ async function run$r(argv, importMeta, {
6366
6447
  }
6367
6448
 
6368
6449
  const {
6369
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$o
6450
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$p
6370
6451
  } = constants;
6371
- const config$q = {
6452
+ const config$r = {
6372
6453
  commandName: 'oops',
6373
6454
  description: 'Trigger an intentional error (for development)',
6374
6455
  hidden: true,
@@ -6384,16 +6465,16 @@ const config$q = {
6384
6465
  `
6385
6466
  };
6386
6467
  const cmdOops = {
6387
- description: config$q.description,
6388
- hidden: config$q.hidden,
6389
- run: run$q
6468
+ description: config$r.description,
6469
+ hidden: config$r.hidden,
6470
+ run: run$r
6390
6471
  };
6391
- async function run$q(argv, importMeta, {
6472
+ async function run$r(argv, importMeta, {
6392
6473
  parentName
6393
6474
  }) {
6394
6475
  const cli = utils.meowOrExit({
6395
6476
  argv,
6396
- config: config$q,
6477
+ config: config$r,
6397
6478
  importMeta,
6398
6479
  parentName
6399
6480
  });
@@ -6402,7 +6483,7 @@ async function run$q(argv, importMeta, {
6402
6483
  markdown
6403
6484
  } = cli.flags;
6404
6485
  if (cli.flags['dryRun']) {
6405
- logger.logger.log(DRY_RUN_BAILING_NOW$o);
6486
+ logger.logger.log(DRY_RUN_BAILING_NOW$p);
6406
6487
  return;
6407
6488
  }
6408
6489
  if (json) {
@@ -7096,9 +7177,9 @@ async function applyOptimization(cwd, pin, prod) {
7096
7177
  }
7097
7178
 
7098
7179
  const {
7099
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$n
7180
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$o
7100
7181
  } = constants;
7101
- const config$p = {
7182
+ const config$q = {
7102
7183
  commandName: 'optimize',
7103
7184
  description: 'Optimize dependencies with @socketregistry overrides',
7104
7185
  hidden: false,
@@ -7128,16 +7209,16 @@ const config$p = {
7128
7209
  `
7129
7210
  };
7130
7211
  const cmdOptimize = {
7131
- description: config$p.description,
7132
- hidden: config$p.hidden,
7133
- run: run$p
7212
+ description: config$q.description,
7213
+ hidden: config$q.hidden,
7214
+ run: run$q
7134
7215
  };
7135
- async function run$p(argv, importMeta, {
7216
+ async function run$q(argv, importMeta, {
7136
7217
  parentName
7137
7218
  }) {
7138
7219
  const cli = utils.meowOrExit({
7139
7220
  argv,
7140
- config: config$p,
7221
+ config: config$q,
7141
7222
  importMeta,
7142
7223
  parentName
7143
7224
  });
@@ -7146,7 +7227,7 @@ async function run$p(argv, importMeta, {
7146
7227
 
7147
7228
  const cwd = process.cwd();
7148
7229
  if (cli.flags['dryRun']) {
7149
- logger.logger.log(DRY_RUN_BAILING_NOW$n);
7230
+ logger.logger.log(DRY_RUN_BAILING_NOW$o);
7150
7231
  return;
7151
7232
  }
7152
7233
  await applyOptimization(cwd, Boolean(cli.flags['pin']), Boolean(cli.flags['prod']));
@@ -7217,9 +7298,9 @@ async function handleOrganizationList(outputKind = 'text') {
7217
7298
  }
7218
7299
 
7219
7300
  const {
7220
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$m
7301
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$n
7221
7302
  } = constants;
7222
- const config$o = {
7303
+ const config$p = {
7223
7304
  commandName: 'list',
7224
7305
  description: 'List organizations associated with the API key used',
7225
7306
  hidden: false,
@@ -7236,20 +7317,20 @@ const config$o = {
7236
7317
  - Permissions: none (does need a token)
7237
7318
 
7238
7319
  Options
7239
- ${utils.getFlagListOutput(config$o.flags, 6)}
7320
+ ${utils.getFlagListOutput(config$p.flags, 6)}
7240
7321
  `
7241
7322
  };
7242
7323
  const cmdOrganizationList = {
7243
- description: config$o.description,
7244
- hidden: config$o.hidden,
7245
- run: run$o
7324
+ description: config$p.description,
7325
+ hidden: config$p.hidden,
7326
+ run: run$p
7246
7327
  };
7247
- async function run$o(argv, importMeta, {
7328
+ async function run$p(argv, importMeta, {
7248
7329
  parentName
7249
7330
  }) {
7250
7331
  const cli = utils.meowOrExit({
7251
7332
  argv,
7252
- config: config$o,
7333
+ config: config$p,
7253
7334
  importMeta,
7254
7335
  parentName
7255
7336
  });
@@ -7276,7 +7357,7 @@ async function run$o(argv, importMeta, {
7276
7357
  return;
7277
7358
  }
7278
7359
  if (cli.flags['dryRun']) {
7279
- logger.logger.log(DRY_RUN_BAILING_NOW$m);
7360
+ logger.logger.log(DRY_RUN_BAILING_NOW$n);
7280
7361
  return;
7281
7362
  }
7282
7363
  await handleOrganizationList(outputKind);
@@ -7322,11 +7403,11 @@ async function handleLicensePolicy(orgSlug, outputKind) {
7322
7403
  }
7323
7404
 
7324
7405
  const {
7325
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$l
7406
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$m
7326
7407
  } = constants;
7327
7408
 
7328
7409
  // TODO: secret toplevel alias `socket license policy`?
7329
- const config$n = {
7410
+ const config$o = {
7330
7411
  commandName: 'license',
7331
7412
  description: 'Retrieve the license policy of an organization',
7332
7413
  hidden: true,
@@ -7352,7 +7433,7 @@ const config$n = {
7352
7433
  - Permissions: license-policy:read
7353
7434
 
7354
7435
  Options
7355
- ${utils.getFlagListOutput(config$n.flags, 6)}
7436
+ ${utils.getFlagListOutput(config$o.flags, 6)}
7356
7437
 
7357
7438
  Your API token will need the \`license-policy:read\` permission otherwise
7358
7439
  the request will fail with an authentication error.
@@ -7363,16 +7444,16 @@ const config$n = {
7363
7444
  `
7364
7445
  };
7365
7446
  const cmdOrganizationPolicyLicense = {
7366
- description: config$n.description,
7367
- hidden: config$n.hidden,
7368
- run: run$n
7447
+ description: config$o.description,
7448
+ hidden: config$o.hidden,
7449
+ run: run$o
7369
7450
  };
7370
- async function run$n(argv, importMeta, {
7451
+ async function run$o(argv, importMeta, {
7371
7452
  parentName
7372
7453
  }) {
7373
7454
  const cli = utils.meowOrExit({
7374
7455
  argv,
7375
- config: config$n,
7456
+ config: config$o,
7376
7457
  importMeta,
7377
7458
  parentName
7378
7459
  });
@@ -7409,7 +7490,7 @@ async function run$n(argv, importMeta, {
7409
7490
  return;
7410
7491
  }
7411
7492
  if (cli.flags['dryRun']) {
7412
- logger.logger.log(DRY_RUN_BAILING_NOW$l);
7493
+ logger.logger.log(DRY_RUN_BAILING_NOW$m);
7413
7494
  return;
7414
7495
  }
7415
7496
  await handleLicensePolicy(orgSlug, outputKind);
@@ -7456,11 +7537,11 @@ async function handleSecurityPolicy(orgSlug, outputKind) {
7456
7537
  }
7457
7538
 
7458
7539
  const {
7459
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$k
7540
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$l
7460
7541
  } = constants;
7461
7542
 
7462
7543
  // TODO: secret toplevel alias `socket security policy`?
7463
- const config$m = {
7544
+ const config$n = {
7464
7545
  commandName: 'security',
7465
7546
  description: 'Retrieve the security policy of an organization',
7466
7547
  hidden: true,
@@ -7486,7 +7567,7 @@ const config$m = {
7486
7567
  - Permissions: security-policy:read
7487
7568
 
7488
7569
  Options
7489
- ${utils.getFlagListOutput(config$m.flags, 6)}
7570
+ ${utils.getFlagListOutput(config$n.flags, 6)}
7490
7571
 
7491
7572
  Your API token will need the \`security-policy:read\` permission otherwise
7492
7573
  the request will fail with an authentication error.
@@ -7497,16 +7578,16 @@ const config$m = {
7497
7578
  `
7498
7579
  };
7499
7580
  const cmdOrganizationPolicyPolicy = {
7500
- description: config$m.description,
7501
- hidden: config$m.hidden,
7502
- run: run$m
7581
+ description: config$n.description,
7582
+ hidden: config$n.hidden,
7583
+ run: run$n
7503
7584
  };
7504
- async function run$m(argv, importMeta, {
7585
+ async function run$n(argv, importMeta, {
7505
7586
  parentName
7506
7587
  }) {
7507
7588
  const cli = utils.meowOrExit({
7508
7589
  argv,
7509
- config: config$m,
7590
+ config: config$n,
7510
7591
  importMeta,
7511
7592
  parentName
7512
7593
  });
@@ -7543,7 +7624,7 @@ async function run$m(argv, importMeta, {
7543
7624
  return;
7544
7625
  }
7545
7626
  if (cli.flags['dryRun']) {
7546
- logger.logger.log(DRY_RUN_BAILING_NOW$k);
7627
+ logger.logger.log(DRY_RUN_BAILING_NOW$l);
7547
7628
  return;
7548
7629
  }
7549
7630
  await handleSecurityPolicy(orgSlug, outputKind);
@@ -7612,9 +7693,9 @@ async function handleQuota(outputKind = 'text') {
7612
7693
  }
7613
7694
 
7614
7695
  const {
7615
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$j
7696
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$k
7616
7697
  } = constants;
7617
- const config$l = {
7698
+ const config$m = {
7618
7699
  commandName: 'quota',
7619
7700
  description: 'List organizations associated with the API key used',
7620
7701
  hidden: true,
@@ -7627,20 +7708,20 @@ const config$l = {
7627
7708
  $ ${command}
7628
7709
 
7629
7710
  Options
7630
- ${utils.getFlagListOutput(config$l.flags, 6)}
7711
+ ${utils.getFlagListOutput(config$m.flags, 6)}
7631
7712
  `
7632
7713
  };
7633
7714
  const cmdOrganizationQuota = {
7634
- description: config$l.description,
7635
- hidden: config$l.hidden,
7636
- run: run$l
7715
+ description: config$m.description,
7716
+ hidden: config$m.hidden,
7717
+ run: run$m
7637
7718
  };
7638
- async function run$l(argv, importMeta, {
7719
+ async function run$m(argv, importMeta, {
7639
7720
  parentName
7640
7721
  }) {
7641
7722
  const cli = utils.meowOrExit({
7642
7723
  argv,
7643
- config: config$l,
7724
+ config: config$m,
7644
7725
  importMeta,
7645
7726
  parentName
7646
7727
  });
@@ -7665,7 +7746,7 @@ async function run$l(argv, importMeta, {
7665
7746
  return;
7666
7747
  }
7667
7748
  if (cli.flags['dryRun']) {
7668
- logger.logger.log(DRY_RUN_BAILING_NOW$j);
7749
+ logger.logger.log(DRY_RUN_BAILING_NOW$k);
7669
7750
  return;
7670
7751
  }
7671
7752
  await handleQuota(outputKind);
@@ -7913,9 +7994,9 @@ function parsePackageSpecifiers(ecosystem, pkgs) {
7913
7994
  }
7914
7995
 
7915
7996
  const {
7916
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$i
7997
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$j
7917
7998
  } = constants;
7918
- const config$k = {
7999
+ const config$l = {
7919
8000
  commandName: 'score',
7920
8001
  description: '[beta] Look up score for one package which reflects all of its transitive dependencies as well',
7921
8002
  hidden: false,
@@ -7957,16 +8038,16 @@ const config$k = {
7957
8038
  `
7958
8039
  };
7959
8040
  const cmdPackageScore = {
7960
- description: config$k.description,
7961
- hidden: config$k.hidden,
7962
- run: run$k
8041
+ description: config$l.description,
8042
+ hidden: config$l.hidden,
8043
+ run: run$l
7963
8044
  };
7964
- async function run$k(argv, importMeta, {
8045
+ async function run$l(argv, importMeta, {
7965
8046
  parentName
7966
8047
  }) {
7967
8048
  const cli = utils.meowOrExit({
7968
8049
  argv,
7969
- config: config$k,
8050
+ config: config$l,
7970
8051
  importMeta,
7971
8052
  parentName
7972
8053
  });
@@ -8008,7 +8089,7 @@ async function run$k(argv, importMeta, {
8008
8089
  return;
8009
8090
  }
8010
8091
  if (cli.flags['dryRun']) {
8011
- logger.logger.log(DRY_RUN_BAILING_NOW$i);
8092
+ logger.logger.log(DRY_RUN_BAILING_NOW$j);
8012
8093
  return;
8013
8094
  }
8014
8095
  await handlePurlDeepScore(purls[0] || '', outputKind);
@@ -8145,9 +8226,9 @@ async function handlePurlsShallowScore({
8145
8226
  }
8146
8227
 
8147
8228
  const {
8148
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$h
8229
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$i
8149
8230
  } = constants;
8150
- const config$j = {
8231
+ const config$k = {
8151
8232
  commandName: 'shallow',
8152
8233
  description: '[beta] Look up info regarding one or more packages but not their transitives',
8153
8234
  hidden: false,
@@ -8189,23 +8270,23 @@ const config$j = {
8189
8270
  `
8190
8271
  };
8191
8272
  const cmdPackageShallow = {
8192
- description: config$j.description,
8193
- hidden: config$j.hidden,
8273
+ description: config$k.description,
8274
+ hidden: config$k.hidden,
8194
8275
  alias: {
8195
8276
  shallowScore: {
8196
- description: config$j.description,
8277
+ description: config$k.description,
8197
8278
  hidden: true,
8198
8279
  argv: []
8199
8280
  }
8200
8281
  },
8201
- run: run$j
8282
+ run: run$k
8202
8283
  };
8203
- async function run$j(argv, importMeta, {
8284
+ async function run$k(argv, importMeta, {
8204
8285
  parentName
8205
8286
  }) {
8206
8287
  const cli = utils.meowOrExit({
8207
8288
  argv,
8208
- config: config$j,
8289
+ config: config$k,
8209
8290
  importMeta,
8210
8291
  parentName
8211
8292
  });
@@ -8240,7 +8321,7 @@ async function run$j(argv, importMeta, {
8240
8321
  return;
8241
8322
  }
8242
8323
  if (cli.flags['dryRun']) {
8243
- logger.logger.log(DRY_RUN_BAILING_NOW$h);
8324
+ logger.logger.log(DRY_RUN_BAILING_NOW$i);
8244
8325
  return;
8245
8326
  }
8246
8327
  await handlePurlsShallowScore({
@@ -8294,10 +8375,10 @@ async function runRawNpm(argv) {
8294
8375
  }
8295
8376
 
8296
8377
  const {
8297
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$g,
8378
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$h,
8298
8379
  NPM
8299
8380
  } = constants;
8300
- const config$i = {
8381
+ const config$j = {
8301
8382
  commandName: 'raw-npm',
8302
8383
  description: `Temporarily disable the Socket ${NPM} wrapper`,
8303
8384
  hidden: false,
@@ -8311,22 +8392,22 @@ const config$i = {
8311
8392
  `
8312
8393
  };
8313
8394
  const cmdRawNpm = {
8314
- description: config$i.description,
8315
- hidden: config$i.hidden,
8316
- run: run$i
8395
+ description: config$j.description,
8396
+ hidden: config$j.hidden,
8397
+ run: run$j
8317
8398
  };
8318
- async function run$i(argv, importMeta, {
8399
+ async function run$j(argv, importMeta, {
8319
8400
  parentName
8320
8401
  }) {
8321
8402
  const cli = utils.meowOrExit({
8322
8403
  allowUnknownFlags: true,
8323
8404
  argv,
8324
- config: config$i,
8405
+ config: config$j,
8325
8406
  importMeta,
8326
8407
  parentName
8327
8408
  });
8328
8409
  if (cli.flags['dryRun']) {
8329
- logger.logger.log(DRY_RUN_BAILING_NOW$g);
8410
+ logger.logger.log(DRY_RUN_BAILING_NOW$h);
8330
8411
  return;
8331
8412
  }
8332
8413
  await runRawNpm(argv);
@@ -8351,10 +8432,10 @@ async function runRawNpx(argv) {
8351
8432
  }
8352
8433
 
8353
8434
  const {
8354
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$f,
8435
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$g,
8355
8436
  NPX
8356
8437
  } = constants;
8357
- const config$h = {
8438
+ const config$i = {
8358
8439
  commandName: 'raw-npx',
8359
8440
  description: `Temporarily disable the Socket ${NPX} wrapper`,
8360
8441
  hidden: false,
@@ -8368,28 +8449,28 @@ const config$h = {
8368
8449
  `
8369
8450
  };
8370
8451
  const cmdRawNpx = {
8371
- description: config$h.description,
8372
- hidden: config$h.hidden,
8373
- run: run$h
8452
+ description: config$i.description,
8453
+ hidden: config$i.hidden,
8454
+ run: run$i
8374
8455
  };
8375
- async function run$h(argv, importMeta, {
8456
+ async function run$i(argv, importMeta, {
8376
8457
  parentName
8377
8458
  }) {
8378
8459
  const cli = utils.meowOrExit({
8379
8460
  allowUnknownFlags: true,
8380
8461
  argv,
8381
- config: config$h,
8462
+ config: config$i,
8382
8463
  importMeta,
8383
8464
  parentName
8384
8465
  });
8385
8466
  if (cli.flags['dryRun']) {
8386
- logger.logger.log(DRY_RUN_BAILING_NOW$f);
8467
+ logger.logger.log(DRY_RUN_BAILING_NOW$g);
8387
8468
  return;
8388
8469
  }
8389
8470
  await runRawNpx(argv);
8390
8471
  }
8391
8472
 
8392
- const config$g = {
8473
+ const config$h = {
8393
8474
  commandName: 'create',
8394
8475
  description: '[Deprecated] Create a project report',
8395
8476
  hidden: false,
@@ -8403,16 +8484,16 @@ const config$g = {
8403
8484
  `
8404
8485
  };
8405
8486
  const cmdReportCreate = {
8406
- description: config$g.description,
8407
- hidden: config$g.hidden,
8408
- run: run$g
8487
+ description: config$h.description,
8488
+ hidden: config$h.hidden,
8489
+ run: run$h
8409
8490
  };
8410
- async function run$g(argv, importMeta, {
8491
+ async function run$h(argv, importMeta, {
8411
8492
  parentName
8412
8493
  }) {
8413
8494
  utils.meowOrExit({
8414
8495
  argv,
8415
- config: config$g,
8496
+ config: config$h,
8416
8497
  importMeta,
8417
8498
  parentName
8418
8499
  });
@@ -8420,7 +8501,7 @@ async function run$g(argv, importMeta, {
8420
8501
  process.exitCode = 1;
8421
8502
  }
8422
8503
 
8423
- const config$f = {
8504
+ const config$g = {
8424
8505
  commandName: 'view',
8425
8506
  description: '[Deprecated] View a project report',
8426
8507
  hidden: false,
@@ -8434,16 +8515,16 @@ const config$f = {
8434
8515
  `
8435
8516
  };
8436
8517
  const cmdReportView = {
8437
- description: config$f.description,
8438
- hidden: config$f.hidden,
8439
- run: run$f
8518
+ description: config$g.description,
8519
+ hidden: config$g.hidden,
8520
+ run: run$g
8440
8521
  };
8441
- async function run$f(argv, importMeta, {
8522
+ async function run$g(argv, importMeta, {
8442
8523
  parentName
8443
8524
  }) {
8444
8525
  utils.meowOrExit({
8445
8526
  argv,
8446
- config: config$f,
8527
+ config: config$g,
8447
8528
  importMeta,
8448
8529
  parentName
8449
8530
  });
@@ -8531,9 +8612,9 @@ async function handleCreateRepo({
8531
8612
  }
8532
8613
 
8533
8614
  const {
8534
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$e
8615
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$f
8535
8616
  } = constants;
8536
- const config$e = {
8617
+ const config$f = {
8537
8618
  commandName: 'create',
8538
8619
  description: 'Create a repository in an organization',
8539
8620
  hidden: false,
@@ -8596,16 +8677,16 @@ const config$e = {
8596
8677
  `
8597
8678
  };
8598
8679
  const cmdReposCreate = {
8599
- description: config$e.description,
8600
- hidden: config$e.hidden,
8601
- run: run$e
8680
+ description: config$f.description,
8681
+ hidden: config$f.hidden,
8682
+ run: run$f
8602
8683
  };
8603
- async function run$e(argv, importMeta, {
8684
+ async function run$f(argv, importMeta, {
8604
8685
  parentName
8605
8686
  }) {
8606
8687
  const cli = utils.meowOrExit({
8607
8688
  argv,
8608
- config: config$e,
8689
+ config: config$f,
8609
8690
  importMeta,
8610
8691
  parentName
8611
8692
  });
@@ -8650,7 +8731,7 @@ async function run$e(argv, importMeta, {
8650
8731
  return;
8651
8732
  }
8652
8733
  if (dryRun) {
8653
- logger.logger.log(DRY_RUN_BAILING_NOW$e);
8734
+ logger.logger.log(DRY_RUN_BAILING_NOW$f);
8654
8735
  return;
8655
8736
  }
8656
8737
  await handleCreateRepo({
@@ -8693,9 +8774,9 @@ async function handleDeleteRepo(orgSlug, repoName, outputKind) {
8693
8774
  }
8694
8775
 
8695
8776
  const {
8696
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$d
8777
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$e
8697
8778
  } = constants;
8698
- const config$d = {
8779
+ const config$e = {
8699
8780
  commandName: 'del',
8700
8781
  description: 'Delete a repository in an organization',
8701
8782
  hidden: false,
@@ -8728,16 +8809,16 @@ const config$d = {
8728
8809
  `
8729
8810
  };
8730
8811
  const cmdReposDel = {
8731
- description: config$d.description,
8732
- hidden: config$d.hidden,
8733
- run: run$d
8812
+ description: config$e.description,
8813
+ hidden: config$e.hidden,
8814
+ run: run$e
8734
8815
  };
8735
- async function run$d(argv, importMeta, {
8816
+ async function run$e(argv, importMeta, {
8736
8817
  parentName
8737
8818
  }) {
8738
8819
  const cli = utils.meowOrExit({
8739
8820
  argv,
8740
- config: config$d,
8821
+ config: config$e,
8741
8822
  importMeta,
8742
8823
  parentName
8743
8824
  });
@@ -8774,7 +8855,7 @@ async function run$d(argv, importMeta, {
8774
8855
  return;
8775
8856
  }
8776
8857
  if (dryRun) {
8777
- logger.logger.log(DRY_RUN_BAILING_NOW$d);
8858
+ logger.logger.log(DRY_RUN_BAILING_NOW$e);
8778
8859
  return;
8779
8860
  }
8780
8861
  await handleDeleteRepo(orgSlug, repoName, outputKind);
@@ -8810,6 +8891,8 @@ async function fetchListAllRepos({
8810
8891
  page: String(nextPage)
8811
8892
  }), 'list of repositories');
8812
8893
  if (!result.ok) {
8894
+ debug.debugLog('[DEBUG] fetchListAllRepos: At least one fetch failed, bailing...');
8895
+ debug.debugLog(result);
8813
8896
  return result;
8814
8897
  }
8815
8898
  result.data.results.forEach(row => rows.push(row));
@@ -8935,9 +9018,9 @@ async function handleListRepos({
8935
9018
  }
8936
9019
 
8937
9020
  const {
8938
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$c
9021
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$d
8939
9022
  } = constants;
8940
- const config$c = {
9023
+ const config$d = {
8941
9024
  commandName: 'list',
8942
9025
  description: 'List repositories in an organization',
8943
9026
  hidden: false,
@@ -8998,16 +9081,16 @@ const config$c = {
8998
9081
  `
8999
9082
  };
9000
9083
  const cmdReposList = {
9001
- description: config$c.description,
9002
- hidden: config$c.hidden,
9003
- run: run$c
9084
+ description: config$d.description,
9085
+ hidden: config$d.hidden,
9086
+ run: run$d
9004
9087
  };
9005
- async function run$c(argv, importMeta, {
9088
+ async function run$d(argv, importMeta, {
9006
9089
  parentName
9007
9090
  }) {
9008
9091
  const cli = utils.meowOrExit({
9009
9092
  argv,
9010
- config: config$c,
9093
+ config: config$d,
9011
9094
  importMeta,
9012
9095
  parentName
9013
9096
  });
@@ -9052,7 +9135,7 @@ async function run$c(argv, importMeta, {
9052
9135
  return;
9053
9136
  }
9054
9137
  if (cli.flags['dryRun']) {
9055
- logger.logger.log(DRY_RUN_BAILING_NOW$c);
9138
+ logger.logger.log(DRY_RUN_BAILING_NOW$d);
9056
9139
  return;
9057
9140
  }
9058
9141
  await handleListRepos({
@@ -9124,9 +9207,9 @@ async function handleUpdateRepo({
9124
9207
  }
9125
9208
 
9126
9209
  const {
9127
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$b
9210
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$c
9128
9211
  } = constants;
9129
- const config$b = {
9212
+ const config$c = {
9130
9213
  commandName: 'update',
9131
9214
  description: 'Update a repository in an organization',
9132
9215
  hidden: false,
@@ -9189,16 +9272,16 @@ const config$b = {
9189
9272
  `
9190
9273
  };
9191
9274
  const cmdReposUpdate = {
9192
- description: config$b.description,
9193
- hidden: config$b.hidden,
9194
- run: run$b
9275
+ description: config$c.description,
9276
+ hidden: config$c.hidden,
9277
+ run: run$c
9195
9278
  };
9196
- async function run$b(argv, importMeta, {
9279
+ async function run$c(argv, importMeta, {
9197
9280
  parentName
9198
9281
  }) {
9199
9282
  const cli = utils.meowOrExit({
9200
9283
  argv,
9201
- config: config$b,
9284
+ config: config$c,
9202
9285
  importMeta,
9203
9286
  parentName
9204
9287
  });
@@ -9243,7 +9326,7 @@ async function run$b(argv, importMeta, {
9243
9326
  return;
9244
9327
  }
9245
9328
  if (cli.flags['dryRun']) {
9246
- logger.logger.log(DRY_RUN_BAILING_NOW$b);
9329
+ logger.logger.log(DRY_RUN_BAILING_NOW$c);
9247
9330
  return;
9248
9331
  }
9249
9332
  await handleUpdateRepo({
@@ -9311,9 +9394,9 @@ async function handleViewRepo(orgSlug, repoName, outputKind) {
9311
9394
  }
9312
9395
 
9313
9396
  const {
9314
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$a
9397
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$b
9315
9398
  } = constants;
9316
- const config$a = {
9399
+ const config$b = {
9317
9400
  commandName: 'view',
9318
9401
  description: 'View repositories in an organization',
9319
9402
  hidden: false,
@@ -9351,16 +9434,16 @@ const config$a = {
9351
9434
  `
9352
9435
  };
9353
9436
  const cmdReposView = {
9354
- description: config$a.description,
9355
- hidden: config$a.hidden,
9356
- run: run$a
9437
+ description: config$b.description,
9438
+ hidden: config$b.hidden,
9439
+ run: run$b
9357
9440
  };
9358
- async function run$a(argv, importMeta, {
9441
+ async function run$b(argv, importMeta, {
9359
9442
  parentName
9360
9443
  }) {
9361
9444
  const cli = utils.meowOrExit({
9362
9445
  argv,
9363
- config: config$a,
9446
+ config: config$b,
9364
9447
  importMeta,
9365
9448
  parentName
9366
9449
  });
@@ -9410,7 +9493,7 @@ async function run$a(argv, importMeta, {
9410
9493
  return;
9411
9494
  }
9412
9495
  if (cli.flags['dryRun']) {
9413
- logger.logger.log(DRY_RUN_BAILING_NOW$a);
9496
+ logger.logger.log(DRY_RUN_BAILING_NOW$b);
9414
9497
  return;
9415
9498
  }
9416
9499
  await handleViewRepo(orgSlug, String(repoName), outputKind);
@@ -9458,9 +9541,9 @@ async function suggestTarget() {
9458
9541
  }
9459
9542
 
9460
9543
  const {
9461
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$9
9544
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$a
9462
9545
  } = constants;
9463
- const config$9 = {
9546
+ const config$a = {
9464
9547
  commandName: 'create',
9465
9548
  description: 'Create a scan',
9466
9549
  hidden: false,
@@ -9593,16 +9676,16 @@ const config$9 = {
9593
9676
  `
9594
9677
  };
9595
9678
  const cmdScanCreate = {
9596
- description: config$9.description,
9597
- hidden: config$9.hidden,
9598
- run: run$9
9679
+ description: config$a.description,
9680
+ hidden: config$a.hidden,
9681
+ run: run$a
9599
9682
  };
9600
- async function run$9(argv, importMeta, {
9683
+ async function run$a(argv, importMeta, {
9601
9684
  parentName
9602
9685
  }) {
9603
9686
  const cli = utils.meowOrExit({
9604
9687
  argv,
9605
- config: config$9,
9688
+ config: config$a,
9606
9689
  importMeta,
9607
9690
  parentName
9608
9691
  });
@@ -9714,7 +9797,7 @@ async function run$9(argv, importMeta, {
9714
9797
 
9715
9798
  // Note exiting earlier to skirt a hidden auth requirement
9716
9799
  if (dryRun) {
9717
- logger.logger.log(DRY_RUN_BAILING_NOW$9);
9800
+ logger.logger.log(DRY_RUN_BAILING_NOW$a);
9718
9801
  return;
9719
9802
  }
9720
9803
  await handleCreateNewScan({
@@ -9768,9 +9851,9 @@ async function handleDeleteScan(orgSlug, scanId, outputKind) {
9768
9851
  }
9769
9852
 
9770
9853
  const {
9771
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$8
9854
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$9
9772
9855
  } = constants;
9773
- const config$8 = {
9856
+ const config$9 = {
9774
9857
  commandName: 'del',
9775
9858
  description: 'Delete a scan',
9776
9859
  hidden: false,
@@ -9803,16 +9886,16 @@ const config$8 = {
9803
9886
  `
9804
9887
  };
9805
9888
  const cmdScanDel = {
9806
- description: config$8.description,
9807
- hidden: config$8.hidden,
9808
- run: run$8
9889
+ description: config$9.description,
9890
+ hidden: config$9.hidden,
9891
+ run: run$9
9809
9892
  };
9810
- async function run$8(argv, importMeta, {
9893
+ async function run$9(argv, importMeta, {
9811
9894
  parentName
9812
9895
  }) {
9813
9896
  const cli = utils.meowOrExit({
9814
9897
  argv,
9815
- config: config$8,
9898
+ config: config$9,
9816
9899
  importMeta,
9817
9900
  parentName
9818
9901
  });
@@ -9849,7 +9932,7 @@ async function run$8(argv, importMeta, {
9849
9932
  return;
9850
9933
  }
9851
9934
  if (cli.flags['dryRun']) {
9852
- logger.logger.log(DRY_RUN_BAILING_NOW$8);
9935
+ logger.logger.log(DRY_RUN_BAILING_NOW$9);
9853
9936
  return;
9854
9937
  }
9855
9938
  await handleDeleteScan(orgSlug, scanId, outputKind);
@@ -10043,14 +10126,14 @@ async function handleDiffScan({
10043
10126
  }
10044
10127
 
10045
10128
  const {
10046
- DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$7,
10129
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$8,
10047
10130
  SOCKET_WEBSITE_URL: SOCKET_WEBSITE_URL$1
10048
10131
  } = constants;
10049
10132
  const SOCKET_SBOM_URL_PREFIX = `${SOCKET_WEBSITE_URL$1}/dashboard/org/SocketDev/sbom/`;
10050
10133
  const {
10051
10134
  length: SOCKET_SBOM_URL_PREFIX_LENGTH
10052
10135
  } = SOCKET_SBOM_URL_PREFIX;
10053
- const config$7 = {
10136
+ const config$8 = {
10054
10137
  commandName: 'diff',
10055
10138
  description: 'See what changed between two Scans',
10056
10139
  hidden: false,
@@ -10102,16 +10185,16 @@ const config$7 = {
10102
10185
  `
10103
10186
  };
10104
10187
  const cmdScanDiff = {
10105
- description: config$7.description,
10106
- hidden: config$7.hidden,
10107
- run: run$7
10188
+ description: config$8.description,
10189
+ hidden: config$8.hidden,
10190
+ run: run$8
10108
10191
  };
10109
- async function run$7(argv, importMeta, {
10192
+ async function run$8(argv, importMeta, {
10110
10193
  parentName
10111
10194
  }) {
10112
10195
  const cli = utils.meowOrExit({
10113
10196
  argv,
10114
- config: config$7,
10197
+ config: config$8,
10115
10198
  importMeta,
10116
10199
  parentName
10117
10200
  });
@@ -10163,7 +10246,7 @@ async function run$7(argv, importMeta, {
10163
10246
  return;
10164
10247
  }
10165
10248
  if (cli.flags['dryRun']) {
10166
- logger.logger.log(DRY_RUN_BAILING_NOW$7);
10249
+ logger.logger.log(DRY_RUN_BAILING_NOW$8);
10167
10250
  return;
10168
10251
  }
10169
10252
  await handleDiffScan({
@@ -10176,33 +10259,816 @@ async function run$7(argv, importMeta, {
10176
10259
  });
10177
10260
  }
10178
10261
 
10179
- async function fetchListScans({
10180
- branch,
10181
- direction,
10182
- from_time,
10262
+ // Supported manifest file name patterns
10263
+ // Keep in mind that we have to request these files through the GitHub API; that cost is much heavier than local disk searches
10264
+ // TODO: get this list from API instead? Is that too much? Has to fetch through gh api...
10265
+ const SUPPORTED_FILE_PATTERNS = [/.*[-.]spdx\.json/, /bom\.json/, /.*[-.]cyclonedx\.json/, /.*[-.]cyclonedx\.xml/, /package\.json/, /package-lock\.json/, /npm-shrinkwrap\.json/, /yarn\.lock/, /pnpm-lock\.yaml/, /pnpm-lock\.yml/, /pnpm-workspace\.yaml/, /pnpm-workspace\.yml/, /pipfile/, /pyproject\.toml/, /poetry\.lock/, /requirements[\\/].*\.txt/, /requirements-.*\.txt/, /requirements_.*\.txt/, /requirements\.frozen/, /setup\.py/, /pipfile\.lock/, /go\.mod/, /go\.sum/, /pom\.xml/, /.*\..*proj/, /.*\.props/, /.*\.targets/, /.*\.nuspec/, /nuget\.config/, /packages\.config/, /packages\.lock\.json/];
10266
+ async function createScanFromGithub({
10267
+ all,
10268
+ githubApiUrl,
10269
+ githubToken,
10270
+ interactive,
10271
+ orgGithub,
10183
10272
  orgSlug,
10184
- page,
10185
- per_page,
10186
- repo,
10187
- sort
10273
+ outputKind,
10274
+ repos
10188
10275
  }) {
10189
- const sockSdkResult = await utils.setupSdk();
10190
- if (!sockSdkResult.ok) {
10191
- return sockSdkResult;
10276
+ let targetRepos = repos.trim().split(',').map(repo => repo.trim()).filter(Boolean);
10277
+ if (all || targetRepos.length === 0) {
10278
+ // Fetch from Socket API
10279
+ const result = await fetchListAllRepos({
10280
+ direction: 'asc',
10281
+ orgSlug,
10282
+ sort: 'name'
10283
+ });
10284
+ if (!result.ok) {
10285
+ return result;
10286
+ }
10287
+ targetRepos = result.data.results.map(obj => obj.slug || '');
10192
10288
  }
10193
- const sockSdk = sockSdkResult.data;
10194
- return await utils.handleApiCall(sockSdk.getOrgFullScanList(orgSlug, {
10195
- ...(branch ? {
10196
- branch
10197
- } : {}),
10198
- ...(repo ? {
10199
- repo
10200
- } : {}),
10201
- sort,
10202
- direction,
10203
- per_page: String(per_page),
10204
- page: String(page),
10205
- from: from_time
10289
+ targetRepos = targetRepos.map(slug => slug.trim()).filter(Boolean);
10290
+ logger.logger.info(`Have ${targetRepos.length} repo names to Scan!`);
10291
+ logger.logger.log('');
10292
+ if (!targetRepos.filter(Boolean).length) {
10293
+ return {
10294
+ ok: false,
10295
+ message: 'No repo found',
10296
+ cause: 'You did not set the --repos value and/or the server responded with zero repos when asked for some. Unable to proceed.'
10297
+ };
10298
+ }
10299
+
10300
+ // Non-interactive or explicitly requested; just do it.
10301
+ if (interactive && targetRepos.length > 1 && !all && !repos) {
10302
+ const which = await selectFocus(targetRepos);
10303
+ if (!which.ok) {
10304
+ return which;
10305
+ }
10306
+ targetRepos = which.data;
10307
+ }
10308
+
10309
+ // 10 is an arbitrary number. Maybe confirm whenever count>1 ?
10310
+ // Do not ask to confirm when the list was given explicit.
10311
+ if (interactive && (all || !repos) && targetRepos.length > 10) {
10312
+ const sure = await makeSure(targetRepos.length);
10313
+ if (!sure.ok) {
10314
+ return sure;
10315
+ }
10316
+ }
10317
+ for (const repoSlug of targetRepos) {
10318
+ // eslint-disable-next-line no-await-in-loop
10319
+ await scanRepo(repoSlug, {
10320
+ githubApiUrl,
10321
+ githubToken,
10322
+ orgSlug,
10323
+ orgGithub,
10324
+ outputKind,
10325
+ repos
10326
+ });
10327
+ }
10328
+ logger.logger.success('Scanned', targetRepos.length, 'repos, or tried to, anyways!');
10329
+ return {
10330
+ ok: true,
10331
+ data: undefined
10332
+ };
10333
+ }
10334
+ async function scanRepo(repoSlug, {
10335
+ githubApiUrl,
10336
+ githubToken,
10337
+ orgGithub,
10338
+ orgSlug,
10339
+ outputKind,
10340
+ repos
10341
+ }) {
10342
+ logger.logger.info(`Requesting repo details from GitHub API for: \`${orgGithub}/${repoSlug}\`...`);
10343
+ logger.logger.group();
10344
+ const result = await scanOneRepo(repoSlug, {
10345
+ githubApiUrl,
10346
+ githubToken,
10347
+ orgSlug,
10348
+ orgGithub,
10349
+ outputKind});
10350
+ logger.logger.groupEnd();
10351
+ logger.logger.log('');
10352
+ return result;
10353
+ }
10354
+ async function scanOneRepo(repoSlug, {
10355
+ githubApiUrl,
10356
+ githubToken,
10357
+ orgGithub,
10358
+ orgSlug,
10359
+ outputKind
10360
+ }) {
10361
+ const repoResult = await getRepoDetails({
10362
+ orgGithub,
10363
+ repoSlug,
10364
+ githubApiUrl,
10365
+ githubToken
10366
+ });
10367
+ if (!repoResult.ok) {
10368
+ return repoResult;
10369
+ }
10370
+ const {
10371
+ defaultBranch,
10372
+ repoApiUrl
10373
+ } = repoResult.data;
10374
+ logger.logger.info(`Default branch: \`${defaultBranch}\``);
10375
+ const treeResult = await getRepoBranchTree({
10376
+ orgGithub,
10377
+ repoSlug,
10378
+ repoApiUrl,
10379
+ defaultBranch,
10380
+ githubToken
10381
+ });
10382
+ if (!treeResult.ok) {
10383
+ return treeResult;
10384
+ }
10385
+ const files = treeResult.data;
10386
+ if (!files.length) {
10387
+ logger.logger.warn('No files were reported for the default branch. Moving on to next repo.');
10388
+ return {
10389
+ ok: true,
10390
+ data: undefined
10391
+ };
10392
+ }
10393
+ const tmpDir = fs$1.mkdtempSync(path.join(os.tmpdir(), repoSlug));
10394
+ debug.debugLog(`[DEBUG] Temp dir for downloaded manifest (serves as scan root): ${tmpDir}`);
10395
+ const downloadResult = await testAndDownloadManifestFiles({
10396
+ files,
10397
+ tmpDir,
10398
+ repoSlug,
10399
+ defaultBranch,
10400
+ orgGithub,
10401
+ repoApiUrl,
10402
+ githubToken
10403
+ });
10404
+ if (!downloadResult.ok) {
10405
+ return downloadResult;
10406
+ }
10407
+ const commitResult = await getLastCommitDetails({
10408
+ orgGithub,
10409
+ repoSlug,
10410
+ defaultBranch,
10411
+ repoApiUrl,
10412
+ githubToken
10413
+ });
10414
+ if (!commitResult.ok) {
10415
+ return commitResult;
10416
+ }
10417
+ const {
10418
+ lastCommitMessage,
10419
+ lastCommitSha,
10420
+ lastCommitter
10421
+ } = commitResult.data;
10422
+
10423
+ // Make request for full scan
10424
+ // I think we can just kick off the socket scan create command now...
10425
+
10426
+ await handleCreateNewScan({
10427
+ autoManifest: false,
10428
+ branchName: defaultBranch,
10429
+ commitHash: lastCommitSha,
10430
+ commitMessage: lastCommitMessage || '',
10431
+ committers: lastCommitter || '',
10432
+ cwd: tmpDir,
10433
+ defaultBranch: true,
10434
+ interactive: false,
10435
+ orgSlug,
10436
+ outputKind,
10437
+ pendingHead: true,
10438
+ pullRequest: 0,
10439
+ readOnly: false,
10440
+ repoName: repoSlug,
10441
+ report: false,
10442
+ targets: ['.'],
10443
+ tmp: false
10444
+ });
10445
+ return {
10446
+ ok: true,
10447
+ data: undefined
10448
+ };
10449
+ }
10450
+ async function testAndDownloadManifestFiles({
10451
+ defaultBranch,
10452
+ files,
10453
+ githubToken,
10454
+ orgGithub,
10455
+ repoApiUrl,
10456
+ repoSlug,
10457
+ tmpDir
10458
+ }) {
10459
+ logger.logger.info(`File tree for ${defaultBranch} contains ${files.length} entries. Searching for supported manifest files...`);
10460
+ logger.logger.group();
10461
+ let fileCount = 0;
10462
+ let firstFailureResult;
10463
+ for (const file of files) {
10464
+ // eslint-disable-next-line no-await-in-loop
10465
+ const result = await testAndDownloadManifestFile({
10466
+ file,
10467
+ tmpDir,
10468
+ defaultBranch,
10469
+ repoApiUrl,
10470
+ githubToken
10471
+ });
10472
+ if (result.ok) {
10473
+ if (result.data.isManifest) {
10474
+ fileCount += 1;
10475
+ }
10476
+ } else if (!firstFailureResult) {
10477
+ firstFailureResult = result;
10478
+ }
10479
+ }
10480
+ logger.logger.info('Found and downloaded', fileCount, 'manifest files');
10481
+ logger.logger.groupEnd();
10482
+ if (!fileCount) {
10483
+ if (firstFailureResult) {
10484
+ logger.logger.fail('While no supported manifest files were downloaded, at least one error encountered trying to do so. Showing the first error.');
10485
+ return firstFailureResult;
10486
+ }
10487
+ return {
10488
+ ok: false,
10489
+ message: 'No manifest files found',
10490
+ cause: `No supported manifest files were found in the latest commit on the branch ${defaultBranch} for repo ${orgGithub}/${repoSlug}. Skipping full scan.`
10491
+ };
10492
+ }
10493
+ return {
10494
+ ok: true,
10495
+ data: undefined
10496
+ };
10497
+ }
10498
+ async function testAndDownloadManifestFile({
10499
+ defaultBranch,
10500
+ file,
10501
+ githubToken,
10502
+ repoApiUrl,
10503
+ tmpDir
10504
+ }) {
10505
+ debug.debugLog(`[DEBUG] Testing file:`, file);
10506
+ if (!SUPPORTED_FILE_PATTERNS.some(regex => regex.test(file))) {
10507
+ // Not an error.
10508
+ return {
10509
+ ok: true,
10510
+ data: {
10511
+ isManifest: false
10512
+ }
10513
+ };
10514
+ }
10515
+ logger.logger.success(`Found a manifest file: \`${file}\`, will download it to temp dir...`);
10516
+ logger.logger.group();
10517
+ const result = await downloadManifestFile({
10518
+ file,
10519
+ tmpDir,
10520
+ defaultBranch,
10521
+ repoApiUrl,
10522
+ githubToken
10523
+ });
10524
+ logger.logger.groupEnd();
10525
+ if (!result.ok) {
10526
+ return result;
10527
+ }
10528
+ return {
10529
+ ok: true,
10530
+ data: {
10531
+ isManifest: true
10532
+ }
10533
+ };
10534
+ }
10535
+ async function downloadManifestFile({
10536
+ defaultBranch,
10537
+ file,
10538
+ githubToken,
10539
+ repoApiUrl,
10540
+ tmpDir
10541
+ }) {
10542
+ logger.logger.info('Requesting download url from GitHub...');
10543
+ const fileUrl = `${repoApiUrl}/contents/${file}?ref=${defaultBranch}`;
10544
+ debug.debugLog('[DEBUG] File url:', fileUrl);
10545
+ const downloadUrlResponse = await fetch(fileUrl, {
10546
+ method: 'GET',
10547
+ headers: {
10548
+ Authorization: `Bearer ${githubToken}`
10549
+ }
10550
+ });
10551
+ logger.logger.success(`Request completed.`);
10552
+ const downloadUrlText = await downloadUrlResponse.text();
10553
+ debug.debugLog('[DEBUG] raw download url response:');
10554
+ debug.debugLog(downloadUrlText);
10555
+ let downloadUrl;
10556
+ try {
10557
+ downloadUrl = JSON.parse(downloadUrlText).download_url;
10558
+ } catch {
10559
+ logger.logger.fail(`GitHub response contained invalid JSON for download url for file`);
10560
+ logger.logger.error(downloadUrlText);
10561
+ return {
10562
+ ok: false,
10563
+ message: 'Invalid JSON response',
10564
+ cause: `Server responded with invalid JSON for download url ${downloadUrl}`
10565
+ };
10566
+ }
10567
+ logger.logger.info(`Downloading manifest file...`);
10568
+ const localPath = path.join(tmpDir, file);
10569
+ debug.debugLog('[DEBUG] Downloading from', downloadUrl, 'to', localPath);
10570
+ // Now stream the file to that file...
10571
+
10572
+ const result = await streamDownloadWithFetch(localPath, downloadUrl);
10573
+ if (!result.ok) {
10574
+ // Do we proceed? Bail? Hrm...
10575
+ logger.logger.fail(`Failed to download manifest file, skipping to next file. File: ${file}`);
10576
+ return result;
10577
+ }
10578
+ logger.logger.success(`Downloaded manifest file.`);
10579
+ return {
10580
+ ok: true,
10581
+ data: undefined
10582
+ };
10583
+ }
10584
+
10585
+ // Courtesy of gemini:
10586
+ async function streamDownloadWithFetch(localPath, downloadUrl) {
10587
+ let response; // Declare response here to access it in catch if needed
10588
+
10589
+ try {
10590
+ response = await fetch(downloadUrl);
10591
+ if (!response.ok) {
10592
+ const errorMsg = `Download failed: ${response.status} ${response.statusText} for ${downloadUrl}`;
10593
+ return {
10594
+ ok: false,
10595
+ message: 'Download Failed',
10596
+ cause: errorMsg
10597
+ };
10598
+ }
10599
+ if (!response.body) {
10600
+ return {
10601
+ ok: false,
10602
+ message: 'Download Failed',
10603
+ cause: 'Response body is null or undefined.'
10604
+ };
10605
+ }
10606
+ const fileStream = fs$1.createWriteStream(localPath);
10607
+
10608
+ // Using stream.pipeline for better error handling and cleanup
10609
+
10610
+ await promises.pipeline(response.body, fileStream);
10611
+ // 'pipeline' will automatically handle closing streams and propagating errors.
10612
+ // It resolves when the piping is fully complete and fileStream is closed.
10613
+ return {
10614
+ ok: true,
10615
+ data: localPath
10616
+ };
10617
+ } catch (error) {
10618
+ logger.logger.fail('An error occurred trying to download the file...');
10619
+ // If an error occurs and fileStream was created, attempt to clean up.
10620
+ if (fs$1.existsSync(localPath)) {
10621
+ // Check if fileStream was even opened before trying to delete
10622
+ // This check might be too simplistic depending on when error occurs
10623
+ fs$1.unlink(localPath, unlinkErr => {
10624
+ if (unlinkErr) {
10625
+ logger.logger.fail(`Error deleting partial file ${localPath}: ${unlinkErr.message}`);
10626
+ }
10627
+ });
10628
+ }
10629
+ // Construct a more informative error message
10630
+ let detailedError = `Error during download of ${downloadUrl}: ${error.message}`;
10631
+ if (error.cause) {
10632
+ // Include cause if available (e.g., from network errors)
10633
+ detailedError += `\nCause: ${error.cause}`;
10634
+ }
10635
+ if (response && !response.ok) {
10636
+ // If error was due to bad HTTP status
10637
+ detailedError += ` (HTTP Status: ${response.status} ${response.statusText})`;
10638
+ }
10639
+ return {
10640
+ ok: false,
10641
+ message: 'Download Failed',
10642
+ cause: detailedError
10643
+ };
10644
+ }
10645
+ }
10646
+ async function getLastCommitDetails({
10647
+ defaultBranch,
10648
+ githubToken,
10649
+ orgGithub,
10650
+ repoApiUrl,
10651
+ repoSlug
10652
+ }) {
10653
+ logger.logger.info(`Requesting last commit for default branch ${defaultBranch} for ${orgGithub}/${repoSlug}...`);
10654
+ const commitApiUrl = `${repoApiUrl}/commits?sha=${defaultBranch}&per_page=1`;
10655
+ debug.debugLog('Commit url:', commitApiUrl);
10656
+ const commitResponse = await fetch(commitApiUrl, {
10657
+ headers: {
10658
+ Authorization: `Bearer ${githubToken}`
10659
+ }
10660
+ });
10661
+ const commitText = await commitResponse.text();
10662
+ debug.debugLog('[DEBUG] Raw Commit Response:', commitText);
10663
+ let lastCommit;
10664
+ try {
10665
+ lastCommit = JSON.parse(commitText)?.[0];
10666
+ } catch {
10667
+ logger.logger.fail(`GitHub response contained invalid JSON for last commit`);
10668
+ logger.logger.error(commitText);
10669
+ return {
10670
+ ok: false,
10671
+ message: 'Invalid JSON response',
10672
+ cause: `Server responded with invalid JSON for last commit of repo ${repoSlug}`
10673
+ };
10674
+ }
10675
+ const lastCommitSha = lastCommit.sha;
10676
+ const lastCommitter = Array.from(new Set([lastCommit.commit.author.name, lastCommit.commit.committer.name]))[0];
10677
+ const lastCommitMessage = lastCommit.message;
10678
+ if (!lastCommitSha) {
10679
+ return {
10680
+ ok: false,
10681
+ message: 'Missing commit SHA',
10682
+ cause: 'Unable to get last commit for repo'
10683
+ };
10684
+ }
10685
+ if (!lastCommitter) {
10686
+ return {
10687
+ ok: false,
10688
+ message: 'Missing committer',
10689
+ cause: 'Last commit does not have information about who made the commit'
10690
+ };
10691
+ }
10692
+ return {
10693
+ ok: true,
10694
+ data: {
10695
+ lastCommitSha,
10696
+ lastCommitter,
10697
+ lastCommitMessage
10698
+ }
10699
+ };
10700
+ }
10701
+ async function selectFocus(repos) {
10702
+ const proceed = await prompts.select({
10703
+ message: 'Please select the repo to process:',
10704
+ choices: repos.map(slug => ({
10705
+ name: slug,
10706
+ value: slug,
10707
+ description: `Create scan for the ${slug} repo through GitHub`
10708
+ })).concat({
10709
+ name: '(Exit)',
10710
+ value: '',
10711
+ description: 'Cancel this action and exit'
10712
+ })
10713
+ });
10714
+ if (!proceed) {
10715
+ return {
10716
+ ok: false,
10717
+ message: 'Canceled by user',
10718
+ cause: 'User chose to cancel the action'
10719
+ };
10720
+ }
10721
+ return {
10722
+ ok: true,
10723
+ data: [proceed]
10724
+ };
10725
+ }
10726
+ async function makeSure(count) {
10727
+ if (!(await prompts.confirm({
10728
+ message: `Are you sure you want to run this for ${count} repos?`,
10729
+ default: false
10730
+ }))) {
10731
+ return {
10732
+ ok: false,
10733
+ message: 'User canceled',
10734
+ cause: 'Action canceled by user'
10735
+ };
10736
+ }
10737
+ return {
10738
+ ok: true,
10739
+ data: undefined
10740
+ };
10741
+ }
10742
+ async function getRepoDetails({
10743
+ githubApiUrl,
10744
+ githubToken,
10745
+ orgGithub,
10746
+ repoSlug
10747
+ }) {
10748
+ const repoApiUrl = `${githubApiUrl}/repos/${orgGithub}/${repoSlug}`;
10749
+ debug.debugLog('Repo url:', repoApiUrl);
10750
+ const repoDetailsResponse = await fetch(repoApiUrl, {
10751
+ method: 'GET',
10752
+ headers: {
10753
+ Authorization: `Bearer ${githubToken}`
10754
+ }
10755
+ });
10756
+ logger.logger.success(`Request completed.`);
10757
+ const repoDetailsText = await repoDetailsResponse.text();
10758
+ debug.debugLog('[DEBUG] Raw Repo Response:', repoDetailsText);
10759
+ let repoDetails;
10760
+ try {
10761
+ repoDetails = JSON.parse(repoDetailsText);
10762
+ } catch {
10763
+ logger.logger.fail(`GitHub response contained invalid JSON for repo ${repoSlug}`);
10764
+ logger.logger.error(repoDetailsText);
10765
+ return {
10766
+ ok: false,
10767
+ message: 'Invalid JSON response',
10768
+ cause: `Server responded with invalid JSON for repo ${repoSlug}`
10769
+ };
10770
+ }
10771
+ const defaultBranch = repoDetails.default_branch;
10772
+ if (!defaultBranch) {
10773
+ return {
10774
+ ok: false,
10775
+ message: 'Default Branch Not Found',
10776
+ cause: `Repo ${repoSlug} does not have a default branch set or it was not reported`
10777
+ };
10778
+ }
10779
+ return {
10780
+ ok: true,
10781
+ data: {
10782
+ defaultBranch,
10783
+ repoDetails,
10784
+ repoApiUrl
10785
+ }
10786
+ };
10787
+ }
10788
+ async function getRepoBranchTree({
10789
+ defaultBranch,
10790
+ githubToken,
10791
+ orgGithub,
10792
+ repoApiUrl,
10793
+ repoSlug
10794
+ }) {
10795
+ logger.logger.info(`Requesting default branch file tree; branch \`${defaultBranch}\`, repo \`${orgGithub}/${repoSlug}\`...`);
10796
+ const treeApiUrl = `${repoApiUrl}/git/trees/${defaultBranch}?recursive=1`;
10797
+ debug.debugLog('Tree url:', treeApiUrl);
10798
+ const treeResponse = await fetch(treeApiUrl, {
10799
+ method: 'GET',
10800
+ headers: {
10801
+ Authorization: `Bearer ${githubToken}`
10802
+ }
10803
+ });
10804
+ const treeText = await treeResponse.text();
10805
+ debug.debugLog('[DEBUG] Raw Tree Response:', treeText);
10806
+ let treeDetails;
10807
+ try {
10808
+ treeDetails = JSON.parse(treeText);
10809
+ } catch {
10810
+ logger.logger.fail(`GitHub response contained invalid JSON for default branch of repo ${repoSlug}`);
10811
+ logger.logger.error(treeText);
10812
+ return {
10813
+ ok: false,
10814
+ message: 'Invalid JSON response',
10815
+ cause: `Server responded with invalid JSON for repo ${repoSlug}`
10816
+ };
10817
+ }
10818
+ if (treeDetails.message) {
10819
+ if (treeDetails.message === 'Git Repository is empty.') {
10820
+ logger.logger.warn(`GitHub reports the default branch of repo ${repoSlug} to be empty. Moving on to next repo.`);
10821
+ return {
10822
+ ok: true,
10823
+ data: []
10824
+ };
10825
+ }
10826
+ logger.logger.fail('Negative response from GitHub:', treeDetails.message);
10827
+ return {
10828
+ ok: false,
10829
+ message: 'Unexpected error response',
10830
+ cause: `GitHub responded with an unexpected error while asking for details on the default branch: ${treeDetails.message}`
10831
+ };
10832
+ }
10833
+ if (!treeDetails.tree || !Array.isArray(treeDetails.tree)) {
10834
+ debug.debugLog('treeDetails.tree:', treeDetails.tree);
10835
+ return {
10836
+ ok: false,
10837
+ message: `Tree response for default branch ${defaultBranch} for ${orgGithub}/${repoSlug} was not a list`
10838
+ };
10839
+ }
10840
+ const files = treeDetails.tree.filter(obj => obj.type === 'blob').map(obj => obj.path);
10841
+ return {
10842
+ ok: true,
10843
+ data: files
10844
+ };
10845
+ }
10846
+
10847
+ async function handleCreateGithubScan({
10848
+ all,
10849
+ githubApiUrl,
10850
+ githubToken,
10851
+ interactive,
10852
+ orgGithub,
10853
+ orgSlug,
10854
+ outputKind,
10855
+ repos
10856
+ }) {
10857
+ const result = await createScanFromGithub({
10858
+ all: Boolean(all),
10859
+ githubApiUrl,
10860
+ githubToken,
10861
+ interactive: Boolean(interactive),
10862
+ orgSlug,
10863
+ orgGithub,
10864
+ outputKind,
10865
+ repos: String(repos || '')
10866
+ });
10867
+ if (outputKind === 'json') {
10868
+ logger.logger.log(utils.serializeResultJson(result));
10869
+ return;
10870
+ }
10871
+ if (!result.ok) {
10872
+ logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
10873
+ return;
10874
+ }
10875
+ logger.logger.success('Ok! Finished!');
10876
+ }
10877
+
10878
+ const {
10879
+ DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$7
10880
+ } = constants;
10881
+ const config$7 = {
10882
+ commandName: 'github',
10883
+ description: 'Create a scan for given GitHub repo',
10884
+ hidden: true,
10885
+ // wip
10886
+ flags: {
10887
+ ...utils.commonFlags,
10888
+ ...utils.outputFlags,
10889
+ all: {
10890
+ type: 'boolean',
10891
+ description: 'Apply for all known repos reported by the Socket API. Supersedes `repos`.'
10892
+ },
10893
+ githubToken: {
10894
+ type: 'string',
10895
+ description: '(required) GitHub token for authentication (or set GITHUB_TOKEN as an environment variable)'
10896
+ },
10897
+ githubApiUrl: {
10898
+ type: 'string',
10899
+ default: 'https://api.github.com',
10900
+ description: 'Base URL of the GitHub API (default: https://api.github.com)'
10901
+ },
10902
+ interactive: {
10903
+ type: 'boolean',
10904
+ default: true,
10905
+ description: 'Allow for interactive elements, asking for input. Use --no-interactive to prevent any input questions, defaulting them to cancel/no.'
10906
+ },
10907
+ org: {
10908
+ type: 'string',
10909
+ description: 'Force override the organization slug, overrides the default org from config'
10910
+ },
10911
+ orgGithub: {
10912
+ type: 'string',
10913
+ description: 'Alternate GitHub Org if the name is different than the Socket Org'
10914
+ },
10915
+ repos: {
10916
+ type: 'string',
10917
+ description: 'List of repos to target in a comma-separated format (e.g., repo1,repo2). If not specified, the script will pull the list from Socket and ask you to pick one. Use --all to use them all.'
10918
+ }
10919
+ },
10920
+ help: (command, config) => `
10921
+ Usage
10922
+ $ ${command}
10923
+
10924
+ API Token Requirements
10925
+ - Quota: 1 unit
10926
+ - Permissions: full-scans:create
10927
+
10928
+ This is similar to the \`socket scan create\` command except it pulls the files
10929
+ from GitHub. See the help for that command for more details.
10930
+
10931
+ A GitHub Personal Access Token (PAT) will at least need read access to the repo
10932
+ ("contents", read-only) for this command to work.
10933
+
10934
+ Note: This command cannot run the \`socket manifest auto\` things because that
10935
+ requires local access to the repo while this command runs entirely through the
10936
+ GitHub for file access.
10937
+
10938
+ Options
10939
+ ${utils.getFlagListOutput(config.flags, 6)}
10940
+
10941
+ Examples
10942
+ $ ${command}
10943
+ `
10944
+ };
10945
+ const cmdScanGithub = {
10946
+ description: config$7.description,
10947
+ hidden: config$7.hidden,
10948
+ run: run$7
10949
+ };
10950
+ async function run$7(argv, importMeta, {
10951
+ parentName
10952
+ }) {
10953
+ const cli = utils.meowOrExit({
10954
+ argv,
10955
+ config: config$7,
10956
+ importMeta,
10957
+ parentName
10958
+ });
10959
+ const {
10960
+ all = false,
10961
+ dryRun = false,
10962
+ githubApiUrl = 'https://api.github.com',
10963
+ // Lazily access constants.ENV.SOCKET_CLI_GITHUB_TOKEN.
10964
+ githubToken = constants.ENV.SOCKET_CLI_GITHUB_TOKEN,
10965
+ interactive = true,
10966
+ json,
10967
+ markdown,
10968
+ org: orgFlag,
10969
+ orgGithub: orgGithubFlag,
10970
+ repos
10971
+ } = cli.flags;
10972
+ const outputKind = utils.getOutputKind(json, markdown);
10973
+ let [orgSlug, defaultOrgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), cli.input[0] || '', interactive, dryRun);
10974
+ if (!defaultOrgSlug) {
10975
+ // Tmp. just for TS. will drop this later.
10976
+ defaultOrgSlug = '';
10977
+ }
10978
+
10979
+ // Default to Socket org slug. Often that's fine. Vanity and all that.
10980
+ const orgGithub = orgGithubFlag || orgSlug;
10981
+
10982
+ // We're going to need an api token to suggest data because those suggestions
10983
+ // must come from data we already know. Don't error on missing api token yet.
10984
+ // If the api-token is not set, ignore it for the sake of suggestions.
10985
+ const hasSocketApiToken = utils.hasDefaultToken();
10986
+ // We will also be needing that GitHub token.
10987
+ const hasGithubApiToken = !!githubToken;
10988
+
10989
+ // If the current cwd is unknown and is used as a repo slug anyways, we will
10990
+ // first need to register the slug before we can use it.
10991
+ // Only do suggestions with an apiToken and when not in dryRun mode
10992
+ if (hasSocketApiToken && !dryRun && interactive) {
10993
+ if (!orgSlug) {
10994
+ const suggestion = await utils.suggestOrgSlug();
10995
+ if (suggestion) {
10996
+ orgSlug = suggestion;
10997
+ }
10998
+ }
10999
+ }
11000
+ const wasValidInput = utils.checkCommandInput(outputKind, {
11001
+ nook: !utils.isTestingV1() && !!defaultOrgSlug,
11002
+ test: !!orgSlug && orgSlug !== '.',
11003
+ message: utils.isTestingV1() ? 'Org name by default setting, --org, or auto-discovered' : 'Org name must be the first argument',
11004
+ pass: 'ok',
11005
+ fail: orgSlug === '.' ? 'dot is an invalid org, most likely you forgot the org name here?' : 'missing'
11006
+ }, {
11007
+ nook: true,
11008
+ test: !json || !markdown,
11009
+ message: 'The json and markdown flags cannot be both set, pick one',
11010
+ pass: 'ok',
11011
+ fail: 'omit one'
11012
+ }, {
11013
+ nook: true,
11014
+ test: hasSocketApiToken,
11015
+ message: 'This command requires an API token for access',
11016
+ pass: 'ok',
11017
+ fail: 'missing (try `socket login`)'
11018
+ }, {
11019
+ test: hasGithubApiToken,
11020
+ message: 'This command requires a GitHub API token for access',
11021
+ pass: 'ok',
11022
+ fail: 'missing'
11023
+ });
11024
+ if (!wasValidInput) {
11025
+ return;
11026
+ }
11027
+
11028
+ // Note exiting earlier to skirt a hidden auth requirement
11029
+ if (dryRun) {
11030
+ logger.logger.log(DRY_RUN_BAILING_NOW$7);
11031
+ return;
11032
+ }
11033
+ await handleCreateGithubScan({
11034
+ all: Boolean(all),
11035
+ githubApiUrl,
11036
+ githubToken,
11037
+ interactive: Boolean(interactive),
11038
+ orgSlug,
11039
+ orgGithub,
11040
+ outputKind,
11041
+ repos: String(repos || '')
11042
+ });
11043
+ }
11044
+
11045
+ async function fetchListScans({
11046
+ branch,
11047
+ direction,
11048
+ from_time,
11049
+ orgSlug,
11050
+ page,
11051
+ per_page,
11052
+ repo,
11053
+ sort
11054
+ }) {
11055
+ const sockSdkResult = await utils.setupSdk();
11056
+ if (!sockSdkResult.ok) {
11057
+ return sockSdkResult;
11058
+ }
11059
+ const sockSdk = sockSdkResult.data;
11060
+ return await utils.handleApiCall(sockSdk.getOrgFullScanList(orgSlug, {
11061
+ ...(branch ? {
11062
+ branch
11063
+ } : {}),
11064
+ ...(repo ? {
11065
+ repo
11066
+ } : {}),
11067
+ sort,
11068
+ direction,
11069
+ per_page: String(per_page),
11070
+ page: String(page),
11071
+ from: from_time
10206
11072
  }), 'list of scans');
10207
11073
  }
10208
11074
 
@@ -10941,9 +11807,10 @@ const cmdScan = {
10941
11807
  }) {
10942
11808
  await utils.meowWithSubcommands({
10943
11809
  create: cmdScanCreate,
10944
- list: cmdScanList,
10945
11810
  del: cmdScanDel,
10946
11811
  diff: cmdScanDiff,
11812
+ github: cmdScanGithub,
11813
+ list: cmdScanList,
10947
11814
  metadata: cmdScanMetadata,
10948
11815
  report: cmdScanReport,
10949
11816
  view: cmdScanView
@@ -11739,5 +12606,5 @@ void (async () => {
11739
12606
  await utils.captureException(e);
11740
12607
  }
11741
12608
  })();
11742
- //# debugId=5ee308bf-7f52-47e1-b4b2-79a10b530aa3
12609
+ //# debugId=5d9c5e36-6148-4af1-bcc3-bcaaa5b18e1
11743
12610
  //# sourceMappingURL=cli.js.map