@socketsecurity/cli-with-sentry 0.15.64 → 1.0.1

package/dist/utils.js

@@ -279,7 +279,7 @@ function safeReadFileSync(filepath, options) {
 }
 
 const sensitiveConfigKeys = new Set(['apiToken']);
-const supportedConfigKeys = new Map([['apiBaseUrl', 'Base URL of the API endpoint'], ['apiProxy', 'A proxy through which to access the API'], ['apiToken', 'The API token required to access most API endpoints'], ['defaultOrg', 'The default org slug to use; usually the org your API token has access to. When set, all orgSlug arguments are implied to be this value.'], ['enforcedOrgs', 'Orgs in this list have their security policies enforced on this machine'], ['isTestingV1', 'For development of testing the next major bump']]);
+const supportedConfigKeys = new Map([['apiBaseUrl', 'Base URL of the API endpoint'], ['apiProxy', 'A proxy through which to access the API'], ['apiToken', 'The API token required to access most API endpoints'], ['defaultOrg', 'The default org slug to use; usually the org your API token has access to. When set, all orgSlug arguments are implied to be this value.'], ['enforcedOrgs', 'Orgs in this list have their security policies enforced on this machine'], ['skipAskToPersistDefaultOrg', 'This flag prevents the CLI from asking you to persist the org slug when you selected one interactively'], ['org', 'Alias for defaultOrg']]);
 function getConfigValues() {
   if (_cachedConfig === undefined) {
     // Order: env var > --config flag > file
@@ -315,7 +315,8 @@ function getConfigValues() {
 function normalizeConfigKey(key) {
   // Note: apiKey was the old name of the token. When we load a config with
   //       property apiKey, we'll copy that to apiToken and delete the old property.
-  const normalizedKey = key === 'apiKey' ? 'apiToken' : key;
+  // We added `org` as a convenience alias for `defaultOrg`
+  const normalizedKey = key === 'apiKey' ? 'apiToken' : key === 'org' ? 'defaultOrg' : key;
   if (!supportedConfigKeys.has(normalizedKey)) {
     return {
       ok: false,
@@ -325,7 +326,7 @@ function normalizeConfigKey(key) {
   }
   return {
     ok: true,
-    data: key
+    data: normalizedKey
   };
 }
 function findSocketYmlSync(dir = process.cwd()) {
@@ -377,9 +378,6 @@ function getConfigValueOrUndef(key) {
 function isReadOnlyConfig() {
   return _readOnlyConfig;
 }
-function isTestingV1() {
-  return !!getConfigValueOrUndef('isTestingV1');
-}
 let _cachedConfig;
 // When using --config or SOCKET_CLI_CONFIG, do not persist the config.
 let _readOnlyConfig = false;
@@ -411,7 +409,7 @@ function overrideCachedConfig(jsonConfig) {
   _cachedConfig = config;
   _readOnlyConfig = true;
 
-  // Normalize apiKey to apiToken.
+  // Normalize apiKey to apiToken
   if (_cachedConfig['apiKey']) {
     if (_cachedConfig['apiToken']) {
       logger.logger.warn('Note: The config override had both apiToken and apiKey. Using the apiToken value. Remove the apiKey to get rid of this message.');
@@ -437,17 +435,31 @@ function overrideConfigApiToken(apiToken) {
   _readOnlyConfig = true;
 }
 let _pendingSave = false;
-function updateConfigValue(key, value) {
+function updateConfigValue(configKey, value) {
   const localConfig = getConfigValues();
-  const keyResult = normalizeConfigKey(key);
+  const keyResult = normalizeConfigKey(configKey);
   if (!keyResult.ok) {
     return keyResult;
   }
-  localConfig[keyResult.data] = value;
+  const key = keyResult.data;
+  let wasDeleted = value === undefined; // implicitly when serializing
+  if (key === 'skipAskToPersistDefaultOrg') {
+    if (value === 'true' || value === 'false') {
+      localConfig['skipAskToPersistDefaultOrg'] = value === 'true';
+    } else {
+      delete localConfig['skipAskToPersistDefaultOrg'];
+      wasDeleted = true;
+    }
+  } else {
+    if (value === 'undefined' || value === 'true' || value === 'false') {
+      logger.logger.warn(`Note: The value is set to "${value}", as a string (!). Use \`socket config unset\` to reset a key.`);
+    }
+    localConfig[key] = value;
+  }
   if (_readOnlyConfig) {
     return {
       ok: true,
-      message: `Config key '${key}' was updated`,
+      message: `Config key '${key}' was ${wasDeleted ? 'deleted' : `updated`}`,
       data: 'Change applied but not persisted; current config is overridden through env var or flag'
     };
   }
@@ -466,7 +478,7 @@ function updateConfigValue(key, value) {
   }
   return {
     ok: true,
-    message: `Config key '${key}' was updated`,
+    message: `Config key '${key}' was ${wasDeleted ? 'deleted' : `updated`}`,
     data: undefined
   };
 }
@@ -587,21 +599,6 @@ async function setupSdk(apiToken = getDefaultToken(), apiBaseUrl = getDefaultApi
   };
 }
 
-// TODO: this function is removed after v1.0.0
-function handleUnsuccessfulApiResponse(_name, error, cause, status) {
-  const message = `${error || 'No error message returned'}${cause ? ` (reason: ${cause})` : ''}`;
-  if (status === 401 || status === 403) {
-    // Lazily access constants.spinner.
-    const {
-      spinner
-    } = constants;
-    spinner.stop();
-    throw new AuthError(message);
-  }
-  logger.logger.fail(failMsgWithBadge('Socket API returned an error', message));
-  // eslint-disable-next-line n/no-process-exit
-  process.exit(1);
-}
 async function handleApiCall(value, fetchingDesc) {
   // Lazily access constants.spinner.
   const {
@@ -992,18 +989,6 @@ const outputFlags = {
     description: 'Output result as markdown'
   }
 };
-const validationFlags = {
-  all: {
-    type: 'boolean',
-    default: false,
-    description: 'Include all issues'
-  },
-  strict: {
-    type: 'boolean',
-    default: false,
-    description: 'Exits with an error code if any matching issues are found'
-  }
-};
 
 function checkCommandInput(outputKind, ...checks) {
   if (checks.every(d => d.test)) {
@@ -1182,6 +1167,7 @@ async function meowWithSubcommands(subcommands, options) {
     // Plus, if we allow this then meow() can just exit here.
     autoHelp: false
   });
+  const orgFlag = String(cli1.flags['org'] || '') || undefined;
 
   // Hard override the config if instructed to do so.
   // The env var overrides the --flag, which overrides the persisted config
@@ -1211,7 +1197,8 @@ async function meowWithSubcommands(subcommands, options) {
     }
   }
   if (configOverrideResult?.ok === false) {
-    emitBanner(name);
+    emitBanner(name, orgFlag);
+    logger.logger.error(''); // spacing in stderr
     logger.logger.fail(configOverrideResult.message);
     process.exitCode = 2;
     return;
@@ -1231,13 +1218,8 @@ async function meowWithSubcommands(subcommands, options) {
       });
     }
   }
-  if (isTestingV1()) {
-    delete subcommands['diff-scan'];
-    delete subcommands['info'];
-    delete subcommands['report'];
-  }
   function formatCommandsForHelp(isRootCommand) {
-    if (!isRootCommand || !isTestingV1()) {
+    if (!isRootCommand) {
       return getHelpListOutput({
         ...objects.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
           1: subcommand
@@ -1256,7 +1238,7 @@ async function meowWithSubcommands(subcommands, options) {
     }
 
     // "Bucket" some commands for easier usage.
-    const commands = new Set(['analytics', 'audit-log', 'config', 'dependencies', 'fix', 'install', 'login', 'logout', 'manifest', 'npm', 'npx', 'optimize', 'organization', 'package', 'raw-npm', 'raw-npx', 'repos', 'scan', 'threat-feed', 'uninstall', 'wrapper']);
+    const commands = new Set(['analytics', 'audit-log', 'config', 'fix', 'install', 'login', 'logout', 'manifest', 'npm', 'npx', 'optimize', 'organization', 'package', 'raw-npm', 'raw-npx', 'repos', 'scan', 'threat-feed', 'uninstall', 'wrapper']);
     Object.entries(subcommands).filter(([_name, subcommand]) => !subcommand.hidden).map(([name]) => name).forEach(name => {
       if (commands.has(name)) {
         commands.delete(name);
@@ -1317,14 +1299,13 @@ async function meowWithSubcommands(subcommands, options) {
   const cli2 = vendor.meow(`
     Usage
       $ ${name} <command>
-
-${isRootCommand && isTestingV1() ? '' : '    Commands'}
+${isRootCommand ? '' : '\n    Commands'}
       ${formatCommandsForHelp(isRootCommand)}
 
-${isRootCommand && isTestingV1() ? '    Options' : '    Options'}${isRootCommand ? '       (Note: all CLI commands have these flags even when not displayed in their help)\n' : ''}
-      ${getFlagListOutput(flags, 6, isTestingV1() ? {
+${isRootCommand ? '    Options' : '    Options'}${isRootCommand ? '       (Note: all CLI commands have these flags even when not displayed in their help)\n' : ''}
+      ${getFlagListOutput(flags, 6, {
     padName: 25
-  } : undefined)}
+  })}
 
     Examples
       $ ${name} --help
@@ -1344,7 +1325,8 @@ ${isRootCommand ? `      $ ${name} scan create --json` : ''}${isRootCommand ? `\
 
   // ...else we provide basic instructions and help.
   if (!cli2.flags['nobanner']) {
-    emitBanner(name);
+    emitBanner(name, orgFlag);
+    // meow will add newline so don't add stderr spacing here
   }
   if (!cli2.flags['help'] && cli2.flags['dryRun']) {
     process.exitCode = 0;
@@ -1383,7 +1365,9 @@ function meowOrExit({
     autoHelp: false // meow will exit(0) before printing the banner
   });
   if (!cli.flags['nobanner']) {
-    emitBanner(command);
+    emitBanner(command, String(cli.flags['org'] || '') || undefined);
+    // Add spacing in stderr. meow.help adds a newline too so we do it here
+    logger.logger.error('');
   }
 
   // As per https://github.com/sindresorhus/meow/issues/178
@@ -1424,7 +1408,7 @@ function meowOrExit({
   process.exitCode = 0;
   return cli;
 }
-function emitBanner(name) {
+function emitBanner(name, orgFlag) {
   // Print a banner at the top of each command.
   // This helps with brand recognition and marketing.
   // It also helps with debugging since it contains version and command details.
@@ -1433,9 +1417,9 @@ function emitBanner(name) {
   //       and pipe the result to other tools. By emitting the banner over stderr
   //       you can do something like `socket scan view xyz | jq | process`.
   //       The spinner also emits over stderr for example.
-  logger.logger.error(getAsciiHeader(name));
+  logger.logger.error(getAsciiHeader(name, orgFlag));
 }
-function getAsciiHeader(command) {
+function getAsciiHeader(command, orgFlag) {
   // Note: In tests we return <redacted> because otherwise snapshots will fail.
   const {
     REDACTED
@@ -1448,23 +1432,42 @@ function getAsciiHeader(command) {
   const nodeVersion = redacting ? REDACTED : process.version;
   const defaultOrg = getConfigValueOrUndef('defaultOrg');
   const readOnlyConfig = isReadOnlyConfig() ? '*' : '.';
-  const v1test = isTestingV1() ? ' (is testing v1)' : '';
-  const feedback = isTestingV1() ? vendor.yoctocolorsCjsExports.green('   (Thank you for testing the v1 bump! Please send us any feedback you might have!)\n') : '';
-  const shownToken = redacting ? REDACTED : getVisibleTokenPrefix() || 'no';
+  const shownToken = redacting ? REDACTED : getVisibleTokenPrefix() || '(not set)';
   const relCwd = redacting ? REDACTED : path$1.normalizePath(tildify(process.cwd()));
-  let nodeVerWarn = '';
-  if (vendor.semverExports.parse(constants.NODE_VERSION).major < 20) {
-    nodeVerWarn += vendor.yoctocolorsCjsExports.bold(`   ${vendor.yoctocolorsCjsExports.red('Warning:')} NodeJS version 19 and lower will be ${vendor.yoctocolorsCjsExports.red('unsupported')} after April 30th, 2025.`);
-    nodeVerWarn += '\n';
-    nodeVerWarn += '            Soon after the Socket CLI will require NodeJS version 20 or higher.';
-    nodeVerWarn += '\n';
-  }
+  // Note: we must redact org when creating snapshots because dev machine probably
+  //       has a default org set but CI won't. Showing --org is fine either way.
+  const orgPart = orgFlag ? `--org: ${orgFlag}` : redacting ? 'org: <redacted>' : defaultOrg ? `default org: ${defaultOrg}` : '(org not set)';
+  // Note: We could draw these with ascii box art instead but I worry about
+  //       portability and paste-ability. "simple" ascii chars just work.
   const body = `
    _____         _       _        /---------------
-  |   __|___ ___| |_ ___| |_      | Socket.dev CLI ver ${cliVersion}${v1test}
-  |__   | ${readOnlyConfig} |  _| '_| -_|  _|     | Node: ${nodeVersion}, API token set: ${shownToken}${defaultOrg ? `, default org: ${redacting ? REDACTED : defaultOrg}` : ''}
-  |_____|___|___|_,_|___|_|.dev   | Command: \`${command}\`, cwd: ${relCwd}`.trimStart();
-  return `   ${body}\n${nodeVerWarn}${feedback}`;
+  |   __|___ ___| |_ ___| |_      | Socket.dev CLI ver ${cliVersion}
+  |__   | ${readOnlyConfig} |  _| '_| -_|  _|     | Node: ${nodeVersion}, API token: ${shownToken}, ${orgPart}
+  |_____|___|___|_,_|___|_|.dev   | Command: \`${command}\`, cwd: ${relCwd}
+  `.trim();
+  return `   ${body}`; // Note: logger will auto-append a newline
+}
+
+function msAtHome(isoTimeStamp) {
+  const timeStart = Date.parse(isoTimeStamp);
+  const timeEnd = Date.now();
+  const rtf = new Intl.RelativeTimeFormat('en', {
+    numeric: 'always',
+    style: 'short'
+  });
+  const delta = timeEnd - timeStart;
+  if (delta < 60 * 60 * 1000) {
+    return rtf.format(-Math.round(delta / (60 * 1000)), 'minute');
+    // return Math.round(delta / (60 * 1000)) + ' min ago'
+  } else if (delta < 24 * 60 * 60 * 1000) {
+    return rtf.format(-(delta / (60 * 60 * 1000)).toFixed(1), 'hour');
+    // return (delta / (60 * 60 * 1000)).toFixed(1) + ' hr ago'
+  } else if (delta < 7 * 24 * 60 * 60 * 1000) {
+    return rtf.format(-(delta / (24 * 60 * 60 * 1000)).toFixed(1), 'day');
+    // return (delta / (24 * 60 * 60 * 1000)).toFixed(1) + ' day ago'
+  } else {
+    return isoTimeStamp.slice(0, 10);
+  }
 }
 
 async function suggestOrgSlug() {
@@ -1493,6 +1496,9 @@ async function suggestOrgSlug() {
         description: 'Do not use any of these organizations (will end in a no-op)'
       }]
     });
+    if (proceed === undefined) {
+      return undefined;
+    }
     if (proceed) {
       return proceed;
     }
@@ -1501,28 +1507,127 @@ async function suggestOrgSlug() {
   }
 }
 
-async function determineOrgSlug(orgFlag, firstArg, interactive, dryRun) {
+async function suggestToPersistOrgSlug(orgSlug) {
+  const skipAsk = getConfigValue('skipAskToPersistDefaultOrg');
+  if (!skipAsk.ok || skipAsk.data) {
+    // Don't ask to store it when disabled before, or when reading config fails.
+    return;
+  }
+  const result = await prompts.select({
+    message: `Would you like to use this org (${orgSlug}) as the default org for future calls?`,
+    choices: [{
+      name: 'Yes',
+      value: 'yes',
+      description: 'Stores it in your config'
+    }, {
+      name: 'No',
+      value: 'no',
+      description: 'Do not persist this org as default org'
+    }, {
+      name: "No and don't ask again",
+      value: 'sush',
+      description: 'Do not store as default org and do not ask again to persist it'
+    }]
+  });
+  if (result === 'yes') {
+    const updateResult = updateConfigValue('defaultOrg', orgSlug);
+    if (updateResult.ok) {
+      logger.logger.success('Updated default org config to:', orgSlug);
+    } else {
+      logger.logger.fail('(Non blocking) Failed to update default org in config:', updateResult.cause);
+    }
+  } else if (result === 'sush') {
+    const updateResult = updateConfigValue('skipAskToPersistDefaultOrg', true);
+    if (updateResult.ok) {
+      logger.logger.info('Default org not changed. Will not ask to persist again.');
+    } else {
+      logger.logger.fail(`(Non blocking) Failed to store preference; will ask to persist again next time. Reason: ${updateResult.cause}`);
+    }
+  }
+}
+
+async function determineOrgSlug(orgFlag, interactive, dryRun) {
   const defaultOrgSlug = getConfigValueOrUndef('defaultOrg');
   let orgSlug = String(orgFlag || defaultOrgSlug || '');
   if (!orgSlug) {
-    if (isTestingV1()) {
-      // ask from server
-      logger.logger.warn('Missing the org slug and no --org flag set. Trying to auto-discover the org now...');
-      logger.logger.info('Note: you can set the default org slug to prevent this issue. You can also override all that with the --org flag.');
-      if (dryRun) {
-        logger.logger.fail('Skipping auto-discovery of org in dry-run mode');
-      } else if (!interactive) {
-        logger.logger.fail('Skipping auto-discovery of org when interactive = false');
-      } else {
-        orgSlug = (await suggestOrgSlug()) || '';
-      }
+    if (!interactive) {
+      logger.logger.warn('Note: This command requires an org slug because the remote API endpoint does.');
+      logger.logger.warn('');
+      logger.logger.warn('It seems no default org was setup and the `--org` flag was not used.');
+      logger.logger.warn("Additionally, `--no-interactive` was set so we can't ask for it.");
+      logger.logger.warn('Since v1.0.0 the org _argument_ for all commands was dropped in favor of an');
+      logger.logger.warn('implicit default org setting, which will be setup when you run `socket login`.');
+      logger.logger.warn('');
+      logger.logger.warn('Note: When running in CI, you probably want to set the `--org` flag.');
+      logger.logger.warn('');
+      logger.logger.warn('For details, see: https://docs.socket.dev/docs/v1-migration-guide');
+      logger.logger.warn('');
+      logger.logger.warn('This command will exit now because the org slug is required to proceed.');
+      return ['', undefined];
+    }
+
+    // ask from server
+    logger.logger.warn('Unable to determine the target org. Trying to auto-discover it now...');
+    logger.logger.info('Note: you can run `socket login` to set a default org. You can also override it with the --org flag.');
+    logger.logger.error(''); // spacing in stderr
+    if (dryRun) {
+      logger.logger.fail('Skipping auto-discovery of org in dry-run mode');
     } else {
-      orgSlug = firstArg || '';
+      orgSlug = (await suggestOrgSlug()) || '';
+      if (orgSlug) {
+        await suggestToPersistOrgSlug(orgSlug);
+      }
     }
   }
   return [orgSlug, defaultOrgSlug];
 }
 
+function getPurlObject(purl) {
+  return typeof purl === 'string' ? vendor.packageurlJsExports.PackageURL.fromString(purl) : purl;
+}
+
+const {
+  SOCKET_WEBSITE_URL
+} = constants;
+function getPkgFullNameFromPurl(purl) {
+  const purlObj = getPurlObject(purl);
+  const {
+    name,
+    namespace
+  } = purlObj;
+  return namespace ? `${namespace}${purlObj.type === 'maven' ? ':' : '/'}${name}` : name;
+}
+function getSocketDevPackageOverviewUrlFromPurl(purl) {
+  const purlObj = getPurlObject(purl);
+  const fullName = getPkgFullNameFromPurl(purlObj);
+  return getSocketDevPackageOverviewUrl(purlObj.type, fullName, purlObj.version);
+}
+function getSocketDevPackageOverviewUrl(ecosystem, fullName, version) {
+  const url = `${SOCKET_WEBSITE_URL}/${ecosystem}/package/${fullName}`;
+  return ecosystem === 'golang' ? `${url}${version ? `?section=overview&version=${version}` : ''}` : `${url}${version ? `/overview/${version}` : ''}`;
+}
+
+/**
+ * Convert a Map<string, Map|string> to a nested object of similar shape.
+ * The goal is to serialize it with JSON.stringify, which Map can't do.
+ */
+function mapToObject(map) {
+  return Object.fromEntries(Array.from(map.entries()).map(([k, v]) => [k, v instanceof Map ? mapToObject(v) : v]));
+}
+
+function* walkNestedMap(map, keys = []) {
+  for (const [key, value] of map.entries()) {
+    if (value instanceof Map) {
+      yield* walkNestedMap(value, keys.concat(key));
+    } else {
+      yield {
+        keys: keys.concat(key),
+        value: value
+      };
+    }
+  }
+}
+
 const {
   NODE_MODULES: NODE_MODULES$1,
   NPM: NPM$4,
@@ -1628,164 +1733,6 @@ async function getPackageFilesForScan(cwd, inputPaths, supportedFiles, config) {
   return packageFiles;
 }
 
-const {
-  NODE_MODULES,
-  NPM: NPM$3,
-  NPX,
-  SOCKET_CLI_ISSUES_URL
-} = constants;
-function exitWithBinPathError(binName) {
-  logger.logger.fail(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable`);
-  // The exit code 127 indicates that the command or binary being executed
-  // could not be found.
-  // eslint-disable-next-line n/no-process-exit
-  process.exit(127);
-}
-let _npmBinPathDetails;
-function getNpmBinPathDetails() {
-  if (_npmBinPathDetails === undefined) {
-    _npmBinPathDetails = findBinPathDetailsSync(NPM$3);
-  }
-  return _npmBinPathDetails;
-}
-let _npxBinPathDetails;
-function getNpxBinPathDetails() {
-  if (_npxBinPathDetails === undefined) {
-    _npxBinPathDetails = findBinPathDetailsSync(NPX);
-  }
-  return _npxBinPathDetails;
-}
-function isNpmBinPathShadowed() {
-  return getNpmBinPathDetails().shadowed;
-}
-function isNpxBinPathShadowed() {
-  return getNpxBinPathDetails().shadowed;
-}
-let _npmBinPath;
-function getNpmBinPath() {
-  if (_npmBinPath === undefined) {
-    _npmBinPath = getNpmBinPathDetails().path;
-    if (!_npmBinPath) {
-      exitWithBinPathError(NPM$3);
-    }
-  }
-  return _npmBinPath;
-}
-let _npmPath;
-function getNpmPath() {
-  if (_npmPath === undefined) {
-    const npmBinPath = getNpmBinPath();
-    _npmPath = npmBinPath ? findNpmPathSync(npmBinPath) : undefined;
-    if (!_npmPath) {
-      let message = 'Unable to find npm CLI install directory.';
-      if (npmBinPath) {
-        message += `\nSearched parent directories of ${path.dirname(npmBinPath)}.`;
-      }
-      message += `\n\nThis is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`;
-      logger.logger.fail(message);
-      // The exit code 127 indicates that the command or binary being executed
-      // could not be found.
-      // eslint-disable-next-line n/no-process-exit
-      process.exit(127);
-    }
-  }
-  return _npmPath;
-}
-let _npmRequire;
-function getNpmRequire() {
-  if (_npmRequire === undefined) {
-    const npmPath = getNpmPath();
-    const npmNmPath = path.join(npmPath, NODE_MODULES, NPM$3);
-    _npmRequire = Module.createRequire(path.join(fs.existsSync(npmNmPath) ? npmNmPath : npmPath, '<dummy-basename>'));
-  }
-  return _npmRequire;
-}
-let _npxBinPath;
-function getNpxBinPath() {
-  if (_npxBinPath === undefined) {
-    _npxBinPath = getNpxBinPathDetails().path;
-    if (!_npxBinPath) {
-      exitWithBinPathError(NPX);
-    }
-  }
-  return _npxBinPath;
-}
-
-const helpFlags = new Set(['--help', '-h']);
-function cmdFlagsToString(args) {
-  const result = [];
-  for (let i = 0, {
-      length
-    } = args; i < length; i += 1) {
-    if (args[i].startsWith('--')) {
-      // Check if the next item exists and is NOT another flag.
-      if (i + 1 < length && !args[i + 1].startsWith('--')) {
-        result.push(`${args[i]}=${args[i + 1]}`);
-        i += 1;
-      } else {
-        result.push(args[i]);
-      }
-    }
-  }
-  return result.join(' ');
-}
-function cmdPrefixMessage(cmdName, text) {
-  const cmdPrefix = cmdName ? `${cmdName}: ` : '';
-  return `${cmdPrefix}${text}`;
-}
-function isHelpFlag(cmdArg) {
-  return helpFlags.has(cmdArg);
-}
-
-function getPurlObject(purl) {
-  return typeof purl === 'string' ? vendor.packageurlJsExports.PackageURL.fromString(purl) : purl;
-}
-
-const {
-  SOCKET_WEBSITE_URL
-} = constants;
-function getPkgFullNameFromPurl(purl) {
-  const purlObj = getPurlObject(purl);
-  const {
-    name,
-    namespace
-  } = purlObj;
-  return namespace ? `${namespace}${purlObj.type === 'maven' ? ':' : '/'}${name}` : name;
-}
-function getSocketDevAlertUrl(alertType) {
-  return `${SOCKET_WEBSITE_URL}/alerts/${alertType}`;
-}
-function getSocketDevPackageOverviewUrlFromPurl(purl) {
-  const purlObj = getPurlObject(purl);
-  const fullName = getPkgFullNameFromPurl(purlObj);
-  return getSocketDevPackageOverviewUrl(purlObj.type, fullName, purlObj.version);
-}
-function getSocketDevPackageOverviewUrl(ecosystem, fullName, version) {
-  const url = `${SOCKET_WEBSITE_URL}/${ecosystem}/package/${fullName}`;
-  return ecosystem === 'golang' ? `${url}${version ? `?section=overview&version=${version}` : ''}` : `${url}${version ? `/overview/${version}` : ''}`;
-}
-
-/**
- * Convert a Map<string, Map|string> to a nested object of similar shape.
- * The goal is to serialize it with JSON.stringify, which Map can't do.
- */
-function mapToObject(map) {
-  return Object.fromEntries(Array.from(map.entries()).map(([k, v]) => [k, v instanceof Map ? mapToObject(v) : v]));
-}
-
-function* walkNestedMap(map, keys = []) {
-  for (const [key, value] of map.entries()) {
-    if (value instanceof Map) {
-      yield* walkNestedMap(value, keys.concat(key));
-    } else {
-      yield {
-        keys: keys.concat(key),
-        value: value
-      };
-    }
-  }
-}
-
 async function readOrDefaultSocketJson(cwd) {
   const result = await readSocketJson(cwd, true);
   if (result.ok) {
@@ -1891,6 +1838,89 @@ async function writeSocketJson(cwd, socketJson) {
   };
 }
 
+const {
+  NODE_MODULES,
+  NPM: NPM$3,
+  NPX,
+  SOCKET_CLI_ISSUES_URL
+} = constants;
+function exitWithBinPathError(binName) {
+  logger.logger.fail(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable`);
+  // The exit code 127 indicates that the command or binary being executed
+  // could not be found.
+  // eslint-disable-next-line n/no-process-exit
+  process.exit(127);
+}
+let _npmBinPathDetails;
+function getNpmBinPathDetails() {
+  if (_npmBinPathDetails === undefined) {
+    _npmBinPathDetails = findBinPathDetailsSync(NPM$3);
+  }
+  return _npmBinPathDetails;
+}
+let _npxBinPathDetails;
+function getNpxBinPathDetails() {
+  if (_npxBinPathDetails === undefined) {
+    _npxBinPathDetails = findBinPathDetailsSync(NPX);
+  }
+  return _npxBinPathDetails;
+}
+function isNpmBinPathShadowed() {
+  return getNpmBinPathDetails().shadowed;
+}
+function isNpxBinPathShadowed() {
+  return getNpxBinPathDetails().shadowed;
+}
+let _npmBinPath;
+function getNpmBinPath() {
+  if (_npmBinPath === undefined) {
+    _npmBinPath = getNpmBinPathDetails().path;
+    if (!_npmBinPath) {
+      exitWithBinPathError(NPM$3);
+    }
+  }
+  return _npmBinPath;
+}
+let _npmPath;
+function getNpmPath() {
+  if (_npmPath === undefined) {
+    const npmBinPath = getNpmBinPath();
+    _npmPath = npmBinPath ? findNpmPathSync(npmBinPath) : undefined;
+    if (!_npmPath) {
+      let message = 'Unable to find npm CLI install directory.';
+      if (npmBinPath) {
+        message += `\nSearched parent directories of ${path.dirname(npmBinPath)}.`;
+      }
+      message += `\n\nThis is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`;
+      logger.logger.fail(message);
+      // The exit code 127 indicates that the command or binary being executed
+      // could not be found.
+      // eslint-disable-next-line n/no-process-exit
+      process.exit(127);
+    }
+  }
+  return _npmPath;
+}
+let _npmRequire;
+function getNpmRequire() {
+  if (_npmRequire === undefined) {
+    const npmPath = getNpmPath();
+    const npmNmPath = path.join(npmPath, NODE_MODULES, NPM$3);
+    _npmRequire = Module.createRequire(path.join(fs.existsSync(npmNmPath) ? npmNmPath : npmPath, '<dummy-basename>'));
+  }
+  return _npmRequire;
+}
+let _npxBinPath;
+function getNpxBinPath() {
+  if (_npxBinPath === undefined) {
+    _npxBinPath = getNpxBinPathDetails().path;
+    if (!_npxBinPath) {
+      exitWithBinPathError(NPX);
+    }
+  }
+  return _npxBinPath;
+}
+
 const {
   ALERT_TYPE_CRITICAL_CVE,
   ALERT_TYPE_CVE,
@@ -1910,13 +1940,6 @@ function createEnum(obj) {
     ...obj
   });
 }
-function pick(input, keys) {
-  const result = {};
-  for (const key of keys) {
-    result[key] = input[key];
-  }
-  return result;
-}
 
 const ALERT_FIX_TYPE = createEnum({
   cve: 'cve',
@@ -1924,71 +1947,12 @@ const ALERT_FIX_TYPE = createEnum({
   upgrade: 'upgrade'
 });
 
-function stringJoinWithSeparateFinalSeparator(list, separator = ' and ') {
-  const values = list.filter(Boolean);
-  const {
-    length
-  } = values;
-  if (!length) {
-    return '';
-  }
-  if (length === 1) {
-    return values[0];
-  }
-  const finalValue = values.pop();
-  return `${values.join(', ')}${separator}${finalValue}`;
-}
-
 const ALERT_SEVERITY = createEnum({
   critical: 'critical',
   high: 'high',
   middle: 'middle',
   low: 'low'
 });
-// Ordered from most severe to least.
-const ALERT_SEVERITIES_SORTED = Object.freeze(['critical', 'high', 'middle', 'low']);
-function getDesiredSeverities(lowestToInclude) {
-  const result = [];
-  for (const severity of ALERT_SEVERITIES_SORTED) {
-    result.push(severity);
-    if (severity === lowestToInclude) {
-      break;
-    }
-  }
-  return result;
-}
-function formatSeverityCount(severityCount) {
-  const summary = [];
-  for (const severity of ALERT_SEVERITIES_SORTED) {
-    if (severityCount[severity]) {
-      summary.push(`${severityCount[severity]} ${severity}`);
-    }
-  }
-  return stringJoinWithSeparateFinalSeparator(summary);
-}
-function getSeverityCount(issues, lowestToInclude) {
-  const severityCount = pick({
-    low: 0,
-    middle: 0,
-    high: 0,
-    critical: 0
-  }, getDesiredSeverities(lowestToInclude));
-  for (const issue of issues) {
-    const {
-      value
-    } = issue;
-    if (!value) {
-      continue;
-    }
-    const {
-      severity
-    } = value;
-    if (severityCount[severity] !== undefined) {
-      severityCount[severity] += 1;
-    }
-  }
-  return severityCount;
-}
 
 class ColorOrMarkdown {
   constructor(useMarkdown) {
@@ -2026,7 +1990,7 @@ class ColorOrMarkdown {
   }
 }
 
-const RangeStyles = ['caret', 'gt', 'lt', 'pin', 'preserve', 'tilde'];
+const RangeStyles = ['caret', 'gt', 'gte', 'lt', 'lte', 'pin', 'preserve', 'tilde'];
 function applyRange(refRange, version, style = 'preserve') {
   switch (style) {
     case 'caret':
@@ -2520,7 +2484,7 @@ function idToPurl(id, type) {
   return `pkg:${type}/${id}`;
 }
 
-function extractOverridesFromPnpmLockfileContent(lockfileContent) {
+function extractOverridesFromPnpmLockSrc(lockfileContent) {
   return typeof lockfileContent === 'string' ? /^overrides:(\r?\n {2}.+)+(?:\r?\n)*/m.exec(lockfileContent)?.[0] ?? '' : '';
 }
 async function extractPurlsFromPnpmLockfile(lockfile) {
@@ -2570,9 +2534,6 @@ function parsePnpmLockfileVersion(version) {
   } catch {}
   return null;
 }
-async function readPnpmLockfile(lockfilePath) {
-  return fs.existsSync(lockfilePath) ? await readFileUtf8(lockfilePath) : null;
-}
 function stripLeadingPnpmDepPathSlash(depPath) {
   return isPnpmDepPath(depPath) ? depPath.slice(1) : depPath;
 }
@@ -2680,6 +2641,36 @@ function npa(...args) {
   return null;
 }
 
+async function readLockfile(lockfilePath) {
+  return fs.existsSync(lockfilePath) ? await readFileUtf8(lockfilePath) : null;
+}
+
+const helpFlags = new Set(['--help', '-h']);
+function cmdFlagsToString(args) {
+  const result = [];
+  for (let i = 0, {
+      length
+    } = args; i < length; i += 1) {
+    if (args[i].startsWith('--')) {
+      // Check if the next item exists and is NOT another flag.
+      if (i + 1 < length && !args[i + 1].startsWith('--')) {
+        result.push(`${args[i]}=${args[i + 1]}`);
+        i += 1;
+      } else {
+        result.push(args[i]);
+      }
+    }
+  }
+  return result.join(' ');
+}
+function cmdPrefixMessage(cmdName, text) {
+  const cmdPrefix = cmdName ? `${cmdName}: ` : '';
+  return `${cmdPrefix}${text}`;
+}
+function isHelpFlag(cmdArg) {
+  return helpFlags.has(cmdArg);
+}
+
 const {
   NPM: NPM$2,
   SOCKET_CLI_SAFE_BIN,
@@ -3196,10 +3187,8 @@ fi
   };
 }
 
-exports.ALERT_SEVERITY = ALERT_SEVERITY;
 exports.AuthError = AuthError;
 exports.COMPLETION_CMD_PREFIX = COMPLETION_CMD_PREFIX;
-exports.ColorOrMarkdown = ColorOrMarkdown;
 exports.InputError = InputError;
 exports.RangeStyles = RangeStyles;
 exports.applyRange = applyRange;
@@ -3211,9 +3200,8 @@ exports.commonFlags = commonFlags;
 exports.createEnum = createEnum;
 exports.detectAndValidatePackageEnvironment = detectAndValidatePackageEnvironment;
 exports.determineOrgSlug = determineOrgSlug;
-exports.extractOverridesFromPnpmLockfileContent = extractOverridesFromPnpmLockfileContent;
+exports.extractOverridesFromPnpmLockSrc = extractOverridesFromPnpmLockSrc;
 exports.failMsgWithBadge = failMsgWithBadge;
-exports.formatSeverityCount = formatSeverityCount;
 exports.getAlertsMapFromPnpmLockfile = getAlertsMapFromPnpmLockfile;
 exports.getAlertsMapFromPurls = getAlertsMapFromPurls;
 exports.getBashrcDetails = getBashrcDetails;
@@ -3230,17 +3218,12 @@ exports.getNpxBinPath = getNpxBinPath;
 exports.getOutputKind = getOutputKind;
 exports.getPackageFilesForScan = getPackageFilesForScan;
 exports.getPkgFullNameFromPurl = getPkgFullNameFromPurl;
-exports.getPublicToken = getPublicToken;
 exports.getPurlObject = getPurlObject;
-exports.getSeverityCount = getSeverityCount;
-exports.getSocketDevAlertUrl = getSocketDevAlertUrl;
-exports.getSocketDevPackageOverviewUrl = getSocketDevPackageOverviewUrl;
 exports.getSocketDevPackageOverviewUrlFromPurl = getSocketDevPackageOverviewUrlFromPurl;
 exports.getVisibleTokenPrefix = getVisibleTokenPrefix;
 exports.globWorkspace = globWorkspace;
 exports.handleApiCall = handleApiCall;
 exports.handleApiCallNoSpinner = handleApiCallNoSpinner;
-exports.handleUnsuccessfulApiResponse = handleUnsuccessfulApiResponse;
 exports.hasDefaultToken = hasDefaultToken;
 exports.idToNpmPurl = idToNpmPurl;
 exports.idToPurl = idToPurl;
@@ -3248,7 +3231,6 @@ exports.isHelpFlag = isHelpFlag;
 exports.isNpmBinPathShadowed = isNpmBinPathShadowed;
 exports.isNpxBinPathShadowed = isNpxBinPathShadowed;
 exports.isReadOnlyConfig = isReadOnlyConfig;
-exports.isTestingV1 = isTestingV1;
 exports.logAlertsMap = logAlertsMap;
 exports.mapToObject = mapToObject;
 exports.mdTable = mdTable;
@@ -3256,14 +3238,15 @@ exports.mdTableOfPairs = mdTableOfPairs;
 exports.mdTableStringNumber = mdTableStringNumber;
 exports.meowOrExit = meowOrExit;
 exports.meowWithSubcommands = meowWithSubcommands;
+exports.msAtHome = msAtHome;
 exports.npa = npa;
 exports.outputFlags = outputFlags;
 exports.parsePnpmLockfile = parsePnpmLockfile;
 exports.parsePnpmLockfileVersion = parsePnpmLockfileVersion;
 exports.queryApiSafeJson = queryApiSafeJson;
 exports.queryApiSafeText = queryApiSafeText;
+exports.readLockfile = readLockfile;
 exports.readOrDefaultSocketJson = readOrDefaultSocketJson;
-exports.readPnpmLockfile = readPnpmLockfile;
 exports.readSocketJson = readSocketJson;
 exports.removeNodeModules = removeNodeModules;
 exports.runAgentInstall = runAgentInstall;
@@ -3275,8 +3258,7 @@ exports.suggestOrgSlug = suggestOrgSlug;
 exports.supportedConfigKeys = supportedConfigKeys;
 exports.tildify = tildify;
 exports.updateConfigValue = updateConfigValue;
-exports.validationFlags = validationFlags;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=fd828cc1-419a-483c-901d-1879551233f0
+//# debugId=ba9b8f1a-3ce9-4a1c-9132-b806f964514a
 //# sourceMappingURL=utils.js.map