npm - @socketsecurity/cli-with-sentry - Versions diffs - 1.0.111 → 1.1.1 - Mend

@socketsecurity/cli-with-sentry 1.0.111 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

package/dist/cli.js +242 -1590
package/dist/cli.js.map +1 -1
package/dist/constants.js +6 -5
package/dist/constants.js.map +1 -1
package/dist/shadow-npm-bin.js +12 -6
package/dist/shadow-npm-bin.js.map +1 -1
package/dist/shadow-npm-inject.js +24 -243
package/dist/shadow-npm-inject.js.map +1 -1
package/dist/socket-completion.bash +1 -1
package/dist/tsconfig.dts.tsbuildinfo +1 -1
package/dist/types/commands/fix/cmd-fix.d.mts.map +1 -1
package/dist/types/commands/fix/coana-fix.d.mts +1 -1
package/dist/types/commands/fix/coana-fix.d.mts.map +1 -1
package/dist/types/commands/fix/{fix-env-helpers.d.mts → env-helpers.d.mts} +1 -1
package/dist/types/commands/fix/env-helpers.d.mts.map +1 -0
package/dist/types/commands/fix/git.d.mts +13 -0
package/dist/types/commands/fix/git.d.mts.map +1 -0
package/dist/types/commands/fix/handle-fix.d.mts +1 -1
package/dist/types/commands/fix/handle-fix.d.mts.map +1 -1
package/dist/types/commands/fix/pull-request.d.mts +10 -53
package/dist/types/commands/fix/pull-request.d.mts.map +1 -1
package/dist/types/commands/fix/types.d.mts +18 -0
package/dist/types/commands/fix/types.d.mts.map +1 -0
package/dist/types/commands/scan/fetch-supported-scan-file-names.d.mts +2 -0
package/dist/types/commands/scan/fetch-supported-scan-file-names.d.mts.map +1 -1
package/dist/types/constants.d.mts.map +1 -1
package/dist/types/shadow/npm/arborist/lib/arborist/index.d.mts.map +1 -1
package/dist/types/shadow/npm/arborist-helpers.d.mts +1 -1
package/dist/types/shadow/npm/arborist-helpers.d.mts.map +1 -1
package/dist/types/shadow/npm/bin.d.mts.map +1 -1
package/dist/types/shadow/npm/paths.d.mts +0 -1
package/dist/types/shadow/npm/paths.d.mts.map +1 -1
package/dist/types/utils/alerts-map.d.mts.map +1 -1
package/dist/types/utils/fs.d.mts +3 -2
package/dist/types/utils/fs.d.mts.map +1 -1
package/dist/types/utils/github.d.mts +38 -0
package/dist/types/utils/github.d.mts.map +1 -0
package/dist/types/utils/glob.d.mts +0 -1
package/dist/types/utils/glob.d.mts.map +1 -1
package/dist/utils.js +843 -888
package/dist/utils.js.map +1 -1
package/dist/vendor.js +112511 -119840
package/external/@socketsecurity/registry/external/libnpmpack.js +96569 -41361
package/external/@socketsecurity/registry/external/pacote.js +77357 -68133
package/external/@socketsecurity/registry/lib/fs.js +13 -27
package/external/@socketsecurity/registry/lib/json.js +42 -0
package/external/@socketsecurity/registry/manifest.json +4 -4
package/package.json +11 -11
package/dist/types/commands/fix/agent-fix.d.mts +0 -42
package/dist/types/commands/fix/agent-fix.d.mts.map +0 -1
package/dist/types/commands/fix/fix-branch-helpers.d.mts +0 -4
package/dist/types/commands/fix/fix-branch-helpers.d.mts.map +0 -1
package/dist/types/commands/fix/fix-env-helpers.d.mts.map +0 -1
package/dist/types/commands/fix/get-actual-tree.d.mts +0 -3
package/dist/types/commands/fix/get-actual-tree.d.mts.map +0 -1
package/dist/types/commands/fix/npm-fix.d.mts +0 -7
package/dist/types/commands/fix/npm-fix.d.mts.map +0 -1
package/dist/types/commands/fix/pnpm-fix.d.mts +0 -7
package/dist/types/commands/fix/pnpm-fix.d.mts.map +0 -1
package/dist/types/commands/fix/shared.d.mts +0 -10
package/dist/types/commands/fix/shared.d.mts.map +0 -1
package/dist/types/commands/fix/socket-git.d.mts +0 -32
package/dist/types/commands/fix/socket-git.d.mts.map +0 -1

package/dist/utils.js CHANGED Viewed

@@ -4,7 +4,7 @@ var vendor = require('./vendor.js');
 var logger = require('../external/@socketsecurity/registry/lib/logger');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
 var require$$9 = require('../external/@socketsecurity/registry/lib/debug');
-var require$$10 = require('../external/@socketsecurity/registry/lib/objects');
+var require$$11 = require('../external/@socketsecurity/registry/lib/objects');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
 var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var sorts = require('../external/@socketsecurity/registry/lib/sorts');
@@ -19,12 +19,11 @@ var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var fs = require('../external/@socketsecurity/registry/lib/fs');
 var shadowNpmBin = require('./shadow-npm-bin.js');
 var fs$1 = require('node:fs');
-var registry = require('../external/@socketsecurity/registry');
-var packages = require('../external/@socketsecurity/registry/lib/packages');
+var promises = require('node:timers/promises');
 var npm = require('../external/@socketsecurity/registry/lib/npm');
-var streams = require('../external/@socketsecurity/registry/lib/streams');
 var globs = require('../external/@socketsecurity/registry/lib/globs');
-var promises = require('node:timers/promises');
+var packages = require('../external/@socketsecurity/registry/lib/packages');
+var streams = require('../external/@socketsecurity/registry/lib/streams');
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 const sensitiveConfigKeyLookup = new Set(['apiToken']);
@@ -761,7 +760,7 @@ cols) {
 // Serialize the final result object before printing it
 // All commands that support the --json flag should call this before printing
 function serializeResultJson(data) {
-  if (!require$$10.isObject(data)) {
+  if (!require$$11.isObject(data)) {
     process.exitCode = 1;
     require$$9.debugFn('inspect', {
       data
@@ -917,7 +916,7 @@ function getHelpListOutput(list, options) {
   const names = Object.keys(list).sort(sorts.naturalCompare);
   for (const name of names) {
     const entry = list[name];
-    const entryIsObj = require$$10.isObject(entry);
+    const entryIsObj = require$$11.isObject(entry);
     if (entryIsObj && 'hidden' in entry && entry?.hidden) {
       continue;
     }
@@ -1184,10 +1183,10 @@ async function meowWithSubcommands(subcommands, options) {
   } else {
     lines.push('Commands');
     lines.push(`  ${getHelpListOutput({
-      ...require$$10.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
+      ...require$$11.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
         1: subcommand
       }) => !subcommand.hidden))),
-      ...require$$10.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(({
+      ...require$$11.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(({
         1: alias
       }) => {
         const {
@@ -1306,7 +1305,7 @@ function meowOrExit({
   }
   // meow doesn't detect 'version' as an unknown flag, so we do the leg work here.
-  if (!require$$10.hasOwn(config.flags, 'version') && cli.flags['version']) {
+  if (!require$$11.hasOwn(config.flags, 'version') && cli.flags['version']) {
     // Use `console.error` here instead of `logger.error` to match meow behavior.
     console.error('Unknown flag\n--version');
     // eslint-disable-next-line n/no-process-exit
@@ -2266,13 +2265,6 @@ async function globWithGitIgnore(patterns, options) {
   }
   return filtered;
 }
-async function globStreamNodeModules(cwd = process.cwd()) {
-  return vendor.outExports.globStream('**/node_modules', {
-    absolute: true,
-    cwd,
-    onlyDirectories: true
-  });
-}
 async function globWorkspace(agent, cwd = process.cwd()) {
   const workspaceGlobs = await getWorkspaceGlobs(agent, cwd);
   return workspaceGlobs.length ? await vendor.outExports.glob(workspaceGlobs, {
@@ -2496,6 +2488,52 @@ function isHelpFlag(cmdArg) {
   return helpFlags.has(cmdArg);
 }
+async function findUp(name, options) {
+  const opts = {
+    __proto__: null,
+    ...options
+  };
+  const {
+    cwd = process.cwd(),
+    signal = constants.abortSignal
+  } = opts;
+  let {
+    onlyDirectories = false,
+    onlyFiles = true
+  } = opts;
+  if (onlyDirectories) {
+    onlyFiles = false;
+  }
+  if (onlyFiles) {
+    onlyDirectories = false;
+  }
+  let dir = path.resolve(cwd);
+  const {
+    root
+  } = path.parse(dir);
+  const names = [name].flat();
+  while (dir && dir !== root) {
+    for (const name of names) {
+      if (signal?.aborted) {
+        return undefined;
+      }
+      const thePath = path.join(dir, name);
+      try {
+        // eslint-disable-next-line no-await-in-loop
+        const stats = await fs$1.promises.stat(thePath);
+        if (!onlyDirectories && stats.isFile()) {
+          return thePath;
+        }
+        if (!onlyFiles && stats.isDirectory()) {
+          return thePath;
+        }
+      } catch {}
+    }
+    dir = path.dirname(dir);
+  }
+  return undefined;
+}
 function extractTier1ReachabilityScanId(socketFactsFile) {
   const json = fs.readJsonSync(socketFactsFile, {
     throws: false
@@ -2678,126 +2716,189 @@ async function writeSocketJson(cwd, sockJson) {
   };
 }
-function isArtifactAlertCve(alert) {
-  const {
-    type
-  } = alert;
-  return type === constants.ALERT_TYPE_CVE || type === constants.ALERT_TYPE_MEDIUM_CVE || type === constants.ALERT_TYPE_MILD_CVE || type === constants.ALERT_TYPE_CRITICAL_CVE;
+async function readCache(key,
+// 5 minute in milliseconds time to live (TTL).
+ttlMs = 5 * 60 * 1000) {
+  const cacheJsonPath = path.join(constants.githubCachePath, `${key}.json`);
+  const stat = fs.safeStatsSync(cacheJsonPath);
+  if (stat) {
+    const isExpired = Date.now() - stat.mtimeMs > ttlMs;
+    if (!isExpired) {
+      return await fs.readJson(cacheJsonPath);
+    }
+  }
+  return null;
 }
-function createEnum(obj) {
-  return Object.freeze({
-    __proto__: null,
-    ...obj
-  });
+async function writeCache(key, data) {
+  const {
+    githubCachePath
+  } = constants;
+  const cacheJsonPath = path.join(githubCachePath, `${key}.json`);
+  if (!fs$1.existsSync(githubCachePath)) {
+    await fs$1.promises.mkdir(githubCachePath, {
+      recursive: true
+    });
+  }
+  await fs.writeJson(cacheJsonPath, data);
 }
-const ALERT_FIX_TYPE = createEnum({
-  cve: 'cve',
-  remove: 'remove',
-  upgrade: 'upgrade'
-});
-const ALERT_SEVERITY = createEnum({
-  critical: 'critical',
-  high: 'high',
-  middle: 'middle',
-  low: 'low'
-});
-class ColorOrMarkdown {
-  constructor(useMarkdown) {
-    this.useMarkdown = !!useMarkdown;
+async function cacheFetch(key, fetcher, ttlMs) {
+  // Optionally disable cache.
+  if (constants.ENV.DISABLE_GITHUB_CACHE) {
+    return await fetcher();
   }
-  bold(text) {
-    return this.useMarkdown ? `**${text}**` : vendor.yoctocolorsCjsExports.bold(`${text}`);
+  let data = await readCache(key, ttlMs);
+  if (!data) {
+    data = await fetcher();
+    await writeCache(key, data);
   }
-  header(text, level = 1) {
-    return this.useMarkdown ? `\n${''.padStart(level, '#')} ${text}\n` : vendor.yoctocolorsCjsExports.underline(`\n${level === 1 ? vendor.yoctocolorsCjsExports.bold(text) : text}\n`);
+  return data;
+}
+async function fetchGhsaDetails(ids) {
+  const results = new Map();
+  if (!ids.length) {
+    return results;
   }
-  hyperlink(text, url, {
-    fallback = true,
-    fallbackToUrl
-  } = {}) {
-    if (url) {
-      return this.useMarkdown ? `[${text}](${url})` : vendor.terminalLinkExports(text, url, {
-        fallback: fallbackToUrl ? (_text, url) => url : fallback
-      });
+  const octokitGraphql = getOctokitGraphql();
+  try {
+    const gqlCacheKey = `${ids.join('-')}-graphql-snapshot`;
+    const aliases = ids.map((id, index) => `advisory${index}: securityAdvisory(ghsaId: "${id}") {
+        ghsaId
+        summary
+        severity
+        publishedAt
+        withdrawnAt
+        vulnerabilities(first: 10) {
+          nodes {
+            package {
+              ecosystem
+              name
+            }
+            vulnerableVersionRange
+          }
+        }
+      }`).join('\n');
+    const gqlResp = await cacheFetch(gqlCacheKey, () => octokitGraphql(`
+        query {
+          ${aliases}
+        }
+      `));
+    for (let i = 0, {
+        length
+      } = ids; i < length; i += 1) {
+      const id = ids[i];
+      const advisoryKey = `advisory${i}`;
+      const advisory = gqlResp?.[advisoryKey];
+      if (advisory && advisory.ghsaId) {
+        results.set(id, advisory);
+      } else {
+        require$$9.debugFn('notice', `miss: no advisory found for ${id}`);
+      }
     }
-    return text;
-  }
-  indent(...args) {
-    return vendor.indentStringExports(...args);
-  }
-  italic(text) {
-    return this.useMarkdown ? `_${text}_` : vendor.yoctocolorsCjsExports.italic(`${text}`);
-  }
-  json(value) {
-    return this.useMarkdown ? '```json\n' + JSON.stringify(value) + '\n```' : JSON.stringify(value);
+  } catch (e) {
+    require$$9.debugFn('error', `Failed to fetch GHSA details: ${e?.message || 'Unknown error'}`);
   }
-  list(items) {
-    const indentedContent = items.map(item => this.indent(item).trimStart());
-    return this.useMarkdown ? `* ${indentedContent.join('\n* ')}\n` : `${indentedContent.join('\n')}\n`;
+  return results;
+}
+let _octokit;
+function getOctokit() {
+  if (_octokit === undefined) {
+    const {
+      SOCKET_CLI_GITHUB_TOKEN
+    } = constants.ENV;
+    if (!SOCKET_CLI_GITHUB_TOKEN) {
+      require$$9.debugFn('notice', 'miss: SOCKET_CLI_GITHUB_TOKEN env var');
+    }
+    const octokitOptions = {
+      auth: SOCKET_CLI_GITHUB_TOKEN,
+      baseUrl: constants.ENV.GITHUB_API_URL
+    };
+    require$$9.debugDir('inspect', {
+      octokitOptions
+    });
+    _octokit = new vendor.Octokit(octokitOptions);
   }
+  return _octokit;
 }
-function toFilterConfig(obj) {
-  const normalized = {
-    __proto__: null
-  };
-  const keys = require$$10.isObject(obj) ? Object.keys(obj) : [];
-  for (const key of keys) {
-    const value = obj[key];
-    if (typeof value === 'boolean' || Array.isArray(value)) {
-      normalized[key] = value;
+let _octokitGraphql;
+function getOctokitGraphql() {
+  if (!_octokitGraphql) {
+    const {
+      SOCKET_CLI_GITHUB_TOKEN
+    } = constants.ENV;
+    if (!SOCKET_CLI_GITHUB_TOKEN) {
+      require$$9.debugFn('notice', 'miss: SOCKET_CLI_GITHUB_TOKEN env var');
     }
+    _octokitGraphql = vendor.graphql2.defaults({
+      headers: {
+        authorization: `token ${SOCKET_CLI_GITHUB_TOKEN}`
+      }
+    });
   }
-  return normalized;
+  return _octokitGraphql;
 }
-const RangeStyles = ['caret', 'gt', 'gte', 'lt', 'lte', 'pin', 'preserve', 'tilde'];
-function applyRange(refRange, version, style = 'preserve') {
-  switch (style) {
-    case 'caret':
-      return `^${version}`;
-    case 'gt':
-      return `>${version}`;
-    case 'gte':
-      return `>=${version}`;
-    case 'lt':
-      return `<${version}`;
-    case 'lte':
-      return `<=${version}`;
-    case 'preserve':
-      {
-        const range = new vendor.semverExports.Range(refRange);
-        const {
-          raw
-        } = range;
-        const comparators = range.set.flat();
-        const {
-          length
-        } = comparators;
-        if (length === 1) {
-          const char = /^[<>]=?/.exec(raw)?.[0];
-          if (char) {
-            return `${char}${version}`;
-          }
-        } else if (length === 2) {
-          const char = /^[~^]/.exec(raw)?.[0];
-          if (char) {
-            return `${char}${version}`;
+async function enablePrAutoMerge({
+  node_id: prId
+}) {
+  const octokitGraphql = getOctokitGraphql();
+  try {
+    const gqlResp = await octokitGraphql(`
+      mutation EnableAutoMerge($pullRequestId: ID!) {
+        enablePullRequestAutoMerge(input: {
+          pullRequestId: $pullRequestId,
+          mergeMethod: SQUASH
+        }) {
+          pullRequest {
+            number
           }
         }
-        return version;
-      }
-    case 'tilde':
-      return `~${version}`;
-    case 'pin':
-    default:
-      return version;
+      }`, {
+      pullRequestId: prId
+    });
+    const respPrNumber = gqlResp?.enablePullRequestAutoMerge?.pullRequest?.number;
+    if (respPrNumber) {
+      return {
+        enabled: true
+      };
+    }
+  } catch (e) {
+    if (e instanceof vendor.GraphqlResponseError && Array.isArray(e.errors) && e.errors.length) {
+      const details = e.errors.map(({
+        message: m
+      }) => m.trim());
+      return {
+        enabled: false,
+        details
+      };
+    }
+  }
+  return {
+    enabled: false
+  };
+}
+async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()) {
+  const {
+    host
+  } = new URL(constants.ENV.GITHUB_SERVER_URL);
+  const url = `https://x-access-token:${token}@${host}/${owner}/${repo}`;
+  const stdioIgnoreOptions = {
+    cwd,
+    stdio: require$$9.isDebug('stdio') ? 'inherit' : 'ignore'
+  };
+  const quotedCmd = `\`git remote set-url origin ${url}\``;
+  require$$9.debugFn('stdio', `spawn: ${quotedCmd}`);
+  try {
+    await spawn.spawn('git', ['remote', 'set-url', 'origin', url], stdioIgnoreOptions);
+    return true;
+  } catch (e) {
+    require$$9.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$9.debugDir('inspect', {
+      error: e
+    });
   }
+  return false;
 }
+const RangeStyles = ['caret', 'gt', 'gte', 'lt', 'lte', 'pin', 'preserve', 'tilde'];
 function getMajor(version) {
   try {
     const coerced = vendor.semverExports.coerce(version);
@@ -2805,657 +2906,124 @@ function getMajor(version) {
   } catch {}
   return null;
 }
-function getMinVersion(range) {
-  try {
-    return vendor.semverExports.minVersion(range);
-  } catch {}
-  return null;
-}
-const require$1 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
-let _translations;
-function getTranslations() {
-  if (_translations === undefined) {
-    _translations = /*@__PURE__*/require$1(path.join(constants.rootPath, 'translations.json'));
+const COMPLETION_CMD_PREFIX = 'complete -F _socket_completion';
+function getCompletionSourcingCommand() {
+  // Note: this is exported to distPath in .config/rollup.dist.config.mjs
+  const completionScriptExportPath = path.join(constants.distPath, 'socket-completion.bash');
+  if (!fs$1.existsSync(completionScriptExportPath)) {
+    return {
+      ok: false,
+      message: 'Tab Completion script not found',
+      cause: `Expected to find completion script at \`${completionScriptExportPath}\` but it was not there`
+    };
   }
-  return _translations;
-}
-const ALERT_SEVERITY_COLOR = createEnum({
-  critical: 'magenta',
-  high: 'red',
-  middle: 'yellow',
-  low: 'white'
-});
-const ALERT_SEVERITY_ORDER = createEnum({
-  critical: 0,
-  high: 1,
-  middle: 2,
-  low: 3,
-  none: 4
-});
-const MIN_ABOVE_THE_FOLD_COUNT = 3;
-const MIN_ABOVE_THE_FOLD_ALERT_COUNT = 1;
-const format = new ColorOrMarkdown(false);
-function getHiddenRiskCounts(hiddenAlerts) {
-  const riskCounts = {
-    critical: 0,
-    high: 0,
-    middle: 0,
-    low: 0
+  return {
+    ok: true,
+    data: `source ${completionScriptExportPath}`
   };
-  for (const alert of hiddenAlerts) {
-    switch (getAlertSeverityOrder(alert)) {
-      case ALERT_SEVERITY_ORDER.critical:
-        riskCounts.critical += 1;
-        break;
-      case ALERT_SEVERITY_ORDER.high:
-        riskCounts.high += 1;
-        break;
-      case ALERT_SEVERITY_ORDER.middle:
-        riskCounts.middle += 1;
-        break;
-      case ALERT_SEVERITY_ORDER.low:
-        riskCounts.low += 1;
-        break;
-    }
-  }
-  return riskCounts;
-}
-function getHiddenRisksDescription(riskCounts) {
-  const descriptions = [];
-  if (riskCounts.critical) {
-    descriptions.push(`${riskCounts.critical} ${getSeverityLabel('critical')}`);
-  }
-  if (riskCounts.high) {
-    descriptions.push(`${riskCounts.high} ${getSeverityLabel('high')}`);
-  }
-  if (riskCounts.middle) {
-    descriptions.push(`${riskCounts.middle} ${getSeverityLabel('middle')}`);
-  }
-  if (riskCounts.low) {
-    descriptions.push(`${riskCounts.low} ${getSeverityLabel('low')}`);
-  }
-  return `(${descriptions.join('; ')})`;
 }
-async function addArtifactToAlertsMap(artifact, alertsByPurl, options) {
-  // Make TypeScript happy.
-  if (!artifact.name || !artifact.version || !artifact.alerts?.length) {
-    return alertsByPurl;
+function getBashrcDetails(targetCommandName) {
+  const sourcingCommand = getCompletionSourcingCommand();
+  if (!sourcingCommand.ok) {
+    return sourcingCommand;
   }
   const {
-    type: ecosystem,
-    version
-  } = artifact;
-  const {
-    consolidate = false,
-    overrides,
-    socketYml
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const name = packages.resolvePackageName(artifact);
-  const filterConfig = toFilterConfig({
-    blocked: true,
-    critical: true,
-    cve: true,
-    ...require$$10.getOwn(options, 'filter')
-  });
-  const enabledState = {
-    __proto__: null,
-    ...socketYml?.issueRules
-  };
-  let sockPkgAlerts = [];
-  for (const alert of artifact.alerts) {
-    const action = alert.action ?? '';
-    const enabledFlag = enabledState[alert.type];
-    if (action === 'ignore' && enabledFlag !== true || enabledFlag === false) {
-      continue;
-    }
-    const blocked = action === 'error';
-    const critical = alert.severity === ALERT_SEVERITY.critical;
-    const cve = isArtifactAlertCve(alert);
-    const fixType = alert.fix?.type ?? '';
-    const fixableCve = fixType === ALERT_FIX_TYPE.cve;
-    const fixableUpgrade = fixType === ALERT_FIX_TYPE.upgrade;
-    const fixable = fixableCve || fixableUpgrade;
-    const upgradable = fixableUpgrade && !require$$10.hasOwn(overrides, name);
-    if (filterConfig.blocked && blocked || filterConfig.critical && critical || filterConfig.cve && cve || filterConfig.fixable && fixable || filterConfig.upgradable && upgradable) {
-      sockPkgAlerts.push({
-        name,
-        version,
-        key: alert.key,
-        type: alert.type,
-        blocked,
-        critical,
-        ecosystem,
-        fixable,
-        raw: alert,
-        upgradable
-      });
-    }
-  }
-  if (!sockPkgAlerts.length) {
-    return alertsByPurl;
+    socketAppDataPath
+  } = constants;
+  if (!socketAppDataPath) {
+    return {
+      ok: false,
+      message: 'Could not determine config directory',
+      cause: 'Failed to get config path'
+    };
   }
-  const purl = `pkg:${ecosystem}/${name}@${version}`;
-  const major = getMajor(version);
-  if (consolidate) {
-    const highestForCve = new Map();
-    const highestForUpgrade = new Map();
-    const unfixableAlerts = [];
-    for (const sockPkgAlert of sockPkgAlerts) {
-      const alert = sockPkgAlert.raw;
-      const fixType = alert.fix?.type ?? '';
-      if (fixType === ALERT_FIX_TYPE.cve) {
-        // An alert with alert.fix.type of 'cve' should have a
-        // alert.props.firstPatchedVersionIdentifier property value.
-        // We're just being cautious.
-        const firstPatchedVersionIdentifier = alert.props?.firstPatchedVersionIdentifier;
-        const patchedMajor = firstPatchedVersionIdentifier ? getMajor(firstPatchedVersionIdentifier) : null;
-        if (typeof patchedMajor === 'number') {
-          // Consolidate to the highest "first patched version" by each major
-          // version number.
-          const highest = highestForCve.get(patchedMajor)?.version ?? '0.0.0';
-          if (vendor.semverExports.gt(firstPatchedVersionIdentifier, highest)) {
-            highestForCve.set(patchedMajor, {
-              alert: sockPkgAlert,
-              version: firstPatchedVersionIdentifier
-            });
-          }
-        } else {
-          unfixableAlerts.push(sockPkgAlert);
-        }
-      } else if (fixType === ALERT_FIX_TYPE.upgrade) {
-        // For Socket Optimize upgrades we assume the highest version available
-        // is compatible. This may change in the future.
-        const highest = highestForUpgrade.get(major)?.version ?? '0.0.0';
-        if (vendor.semverExports.gt(version, highest)) {
-          highestForUpgrade.set(major, {
-            alert: sockPkgAlert,
-            version
-          });
-        }
-      } else {
-        unfixableAlerts.push(sockPkgAlert);
-      }
+  // _socket_completion is the function defined in our completion bash script
+  const completionCommand = `${COMPLETION_CMD_PREFIX} ${targetCommandName}`;
+  // Location of completion script in config after installing
+  const completionScriptPath = path.join(path.dirname(socketAppDataPath), 'completion', 'socket-completion.bash');
+  const bashrcContent = `# Socket CLI completion for "${targetCommandName}"
+if [ -f "${completionScriptPath}" ]; then
+    # Load the tab completion script
+    source "${completionScriptPath}"
+    # Tell bash to use this function for tab completion of this function
+    ${completionCommand}
+fi
+`;
+  return {
+    ok: true,
+    data: {
+      sourcingCommand: sourcingCommand.data,
+      completionCommand,
+      toAddToBashrc: bashrcContent,
+      targetName: targetCommandName,
+      targetPath: completionScriptPath
     }
-    sockPkgAlerts = [
-    // Sort CVE alerts by severity: critical, high, middle, then low.
-    ...Array.from(highestForCve.values()).map(d => d.alert).sort(alertSeverityComparator), ...Array.from(highestForUpgrade.values()).map(d => d.alert), ...unfixableAlerts];
-  } else {
-    sockPkgAlerts.sort((a, b) => sorts.naturalCompare(a.type, b.type));
+  };
+}
+const {
+  kInternalsSymbol,
+  [kInternalsSymbol]: {
+    getSentry
   }
-  if (sockPkgAlerts.length) {
-    alertsByPurl.set(purl, sockPkgAlerts);
+} = constants;
+class AuthError extends Error {}
+class InputError extends Error {
+  constructor(message, body) {
+    super(message);
+    this.body = body;
   }
-  return alertsByPurl;
-}
-function alertsHaveBlocked(alerts) {
-  return alerts.find(a => a.blocked) !== undefined;
-}
-function alertsHaveSeverity(alerts, severity) {
-  return alerts.find(a => a.raw.severity === severity) !== undefined;
-}
-function alertSeverityComparator(a, b) {
-  // Put the most severe first.
-  return getAlertSeverityOrder(a) - getAlertSeverityOrder(b);
-}
-function getAlertSeverityOrder(alert) {
-  // The more severe, the lower the sort number.
-  const {
-    severity
-  } = alert.raw;
-  return severity === ALERT_SEVERITY.critical ? 0 : severity === ALERT_SEVERITY.high ? 1 : severity === ALERT_SEVERITY.middle ? 2 : severity === ALERT_SEVERITY.low ? 3 : 4;
 }
-function getAlertsSeverityOrder(alerts) {
-  return alertsHaveBlocked(alerts) || alertsHaveSeverity(alerts, ALERT_SEVERITY.critical) ? 0 : alertsHaveSeverity(alerts, ALERT_SEVERITY.high) ? 1 : alertsHaveSeverity(alerts, ALERT_SEVERITY.middle) ? 2 : alertsHaveSeverity(alerts, ALERT_SEVERITY.low) ? 3 : 4;
+async function captureException(exception, hint) {
+  const result = captureExceptionSync(exception, hint);
+  // "Sleep" for a second, just in case, hopefully enough time to initiate fetch.
+  await promises.setTimeout(1000);
+  return result;
 }
-function getCveInfoFromAlertsMap(alertsMap, options) {
-  const filterConfig = toFilterConfig(require$$10.getOwn(options, 'filter'));
-  let infoByPartialPurl = null;
-  // eslint-disable-next-line no-unused-labels
-  for (const {
-    0: purl,
-    1: sockPkgAlerts
-  } of alertsMap) {
-    const purlObj = getPurlObject(purl);
-    const partialPurl = new vendor.packageurlJsExports.PackageURL(purlObj.type, purlObj.namespace, purlObj.name).toString();
-    const name = packages.resolvePackageName(purlObj);
-    sockPkgAlertsLoop: for (const sockPkgAlert of sockPkgAlerts) {
-      const alert = sockPkgAlert.raw;
-      if (alert.fix?.type !== ALERT_FIX_TYPE.cve || filterConfig.upgradable === false && registry.getManifestData(sockPkgAlert.ecosystem, name)) {
-        continue sockPkgAlertsLoop;
-      }
-      if (!infoByPartialPurl) {
-        infoByPartialPurl = new Map();
-      }
-      let infos = infoByPartialPurl.get(partialPurl);
-      if (!infos) {
-        infos = new Map();
-        infoByPartialPurl.set(partialPurl, infos);
-      }
-      const {
-        key
-      } = alert;
-      if (!infos.has(key)) {
-        // An alert with alert.fix.type of 'cve' should have a
-        // alert.props.firstPatchedVersionIdentifier property value.
-        // We're just being cautious.
-        const firstPatchedVersionIdentifier = alert.props?.firstPatchedVersionIdentifier;
-        const vulnerableVersionRange = alert.props?.vulnerableVersionRange;
-        let error;
-        if (firstPatchedVersionIdentifier && vulnerableVersionRange) {
-          try {
-            infos.set(key, {
-              firstPatchedVersionIdentifier,
-              vulnerableVersionRange: new vendor.semverExports.Range(
-              // Replace ', ' in a range like '>= 1.0.0, < 1.8.2' with ' ' so that
-              // semver.Range will parse it without erroring.
-              vulnerableVersionRange.replace(/, +/g, ' ').replace(/; +/g, ' || ')).format()
-            });
-            continue sockPkgAlertsLoop;
-          } catch (e) {
-            error = e;
-          }
-        }
-        require$$9.debugFn('error', 'fail: invalid SocketPackageAlert');
-        require$$9.debugDir('inspect', {
-          alert,
-          error
-        });
-      }
-    }
+function captureExceptionSync(exception, hint) {
+  const Sentry = getSentry();
+  if (!Sentry) {
+    return '';
   }
-  return infoByPartialPurl;
+  require$$9.debugFn('notice', 'send: exception to Sentry');
+  return Sentry.captureException(exception, hint);
 }
-function getSeverityLabel(severity) {
-  return severity === 'middle' ? 'moderate' : severity;
+function npa(...args) {
+  try {
+    return Reflect.apply(vendor.npaExports, undefined, args);
+  } catch {}
+  return null;
 }
-function logAlertsMap(alertsMap, options) {
+function shadowNpmInstall(options) {
   const {
-    hideAt = 'middle',
-    output = process.stderr
+    agentExecPath = getNpmBinPath(),
+    args = [],
+    ipc,
+    spinner,
+    ...spawnOpts
   } = {
     __proto__: null,
     ...options
   };
-  const translations = getTranslations();
-  const sortedEntries = Array.from(alertsMap.entries()).sort((a, b) => getAlertsSeverityOrder(a[1]) - getAlertsSeverityOrder(b[1]));
-  const aboveTheFoldPurls = new Set();
-  const viewableAlertsByPurl = new Map();
-  const hiddenAlertsByPurl = new Map();
-  for (let i = 0, {
-      length
-    } = sortedEntries; i < length; i += 1) {
-    const {
-      0: purl,
-      1: alerts
-    } = sortedEntries[i];
-    const hiddenAlerts = [];
-    const viewableAlerts = alerts.filter(a => {
-      const keep = a.blocked || getAlertSeverityOrder(a) < ALERT_SEVERITY_ORDER[hideAt];
-      if (!keep) {
-        hiddenAlerts.push(a);
-      }
-      return keep;
-    });
-    if (hiddenAlerts.length) {
-      hiddenAlertsByPurl.set(purl, hiddenAlerts.sort(alertSeverityComparator));
-    }
-    if (!viewableAlerts.length) {
-      continue;
-    }
-    viewableAlerts.sort(alertSeverityComparator);
-    viewableAlertsByPurl.set(purl, viewableAlerts);
-    if (viewableAlerts.find(a => a.blocked || getAlertSeverityOrder(a) < ALERT_SEVERITY_ORDER.middle)) {
-      aboveTheFoldPurls.add(purl);
-    }
-  }
-  // If MIN_ABOVE_THE_FOLD_COUNT is NOT met add more from viewable pkg ids.
-  for (const {
-    0: purl
-  } of viewableAlertsByPurl.entries()) {
-    if (aboveTheFoldPurls.size >= MIN_ABOVE_THE_FOLD_COUNT) {
-      break;
-    }
-    aboveTheFoldPurls.add(purl);
-  }
-  // If MIN_ABOVE_THE_FOLD_COUNT is STILL NOT met add more from hidden pkg ids.
-  for (const {
-    0: purl,
-    1: hiddenAlerts
-  } of hiddenAlertsByPurl.entries()) {
-    if (aboveTheFoldPurls.size >= MIN_ABOVE_THE_FOLD_COUNT) {
-      break;
-    }
-    aboveTheFoldPurls.add(purl);
-    const viewableAlerts = viewableAlertsByPurl.get(purl) ?? [];
-    if (viewableAlerts.length < MIN_ABOVE_THE_FOLD_ALERT_COUNT) {
-      const neededCount = MIN_ABOVE_THE_FOLD_ALERT_COUNT - viewableAlerts.length;
-      let removedHiddenAlerts;
-      if (hiddenAlerts.length - neededCount > 0) {
-        removedHiddenAlerts = hiddenAlerts.splice(0, MIN_ABOVE_THE_FOLD_ALERT_COUNT);
-      } else {
-        removedHiddenAlerts = hiddenAlerts;
-        hiddenAlertsByPurl.delete(purl);
-      }
-      viewableAlertsByPurl.set(purl, [...viewableAlerts, ...removedHiddenAlerts]);
-    }
-  }
-  const mentionedPurlsWithHiddenAlerts = new Set();
-  for (let i = 0, prevAboveTheFold = true, entries = Array.from(viewableAlertsByPurl.entries()), {
-      length
-    } = entries; i < length; i += 1) {
-    const {
-      0: purl,
-      1: alerts
-    } = entries[i];
-    const lines = new Set();
-    for (const alert of alerts) {
-      const {
-        type
-      } = alert;
-      const severity = alert.raw.severity ?? '';
-      const attributes = [...(severity ? [vendor.yoctocolorsCjsExports[ALERT_SEVERITY_COLOR[severity]](getSeverityLabel(severity))] : []), ...(alert.blocked ? [vendor.yoctocolorsCjsExports.bold(vendor.yoctocolorsCjsExports.red('blocked'))] : []), ...(alert.fixable ? ['fixable'] : [])];
-      const maybeAttributes = attributes.length ? ` ${vendor.yoctocolorsCjsExports.italic(`(${attributes.join('; ')})`)}` : '';
-      // Based data from { pageProps: { alertTypes } } of:
-      // https://socket.dev/_next/data/9a6db8224b68b6da0eb9f7dbb17aff7e51568ac2/en-US.json
-      const info = translations.alerts[type];
-      const title = info?.title ?? type;
-      const maybeDesc = info?.description ? ` - ${info.description}` : '';
-      const content = `${title}${maybeAttributes}${maybeDesc}`;
-      // TODO: An added emoji seems to mis-align terminals sometimes.
-      lines.add(`  ${content}`);
-    }
-    const purlObj = getPurlObject(purl);
-    const pkgName = packages.resolvePackageName(purlObj);
-    const hyperlink = format.hyperlink(pkgName, getSocketDevPackageOverviewUrl(purlObj.type, pkgName, purlObj.version));
-    const isAboveTheFold = aboveTheFoldPurls.has(purl);
-    if (isAboveTheFold) {
-      aboveTheFoldPurls.add(purl);
-      output.write(`${i ? '\n' : ''}${hyperlink}:\n`);
-    } else {
-      output.write(`${prevAboveTheFold ? '\n' : ''}${hyperlink}:\n`);
-    }
-    for (const line of lines) {
-      output.write(`${line}\n`);
-    }
-    const hiddenAlerts = hiddenAlertsByPurl.get(purl) ?? [];
-    const {
-      length: hiddenAlertsCount
-    } = hiddenAlerts;
-    if (hiddenAlertsCount) {
-      mentionedPurlsWithHiddenAlerts.add(purl);
-      if (hiddenAlertsCount === 1) {
-        output.write(`  ${vendor.yoctocolorsCjsExports.dim(`+1 Hidden ${getSeverityLabel(hiddenAlerts[0].raw.severity ?? 'low')} risk alert`)}\n`);
-      } else {
-        output.write(`  ${vendor.yoctocolorsCjsExports.dim(`+${hiddenAlertsCount} Hidden alerts ${vendor.yoctocolorsCjsExports.italic(getHiddenRisksDescription(getHiddenRiskCounts(hiddenAlerts)))}`)}\n`);
-      }
-    }
-    prevAboveTheFold = isAboveTheFold;
-  }
-  const additionalHiddenCount = hiddenAlertsByPurl.size - mentionedPurlsWithHiddenAlerts.size;
-  if (additionalHiddenCount) {
-    const totalRiskCounts = {
-      critical: 0,
-      high: 0,
-      middle: 0,
-      low: 0
-    };
-    for (const {
-      0: purl,
-      1: alerts
-    } of hiddenAlertsByPurl.entries()) {
-      if (mentionedPurlsWithHiddenAlerts.has(purl)) {
-        continue;
-      }
-      const riskCounts = getHiddenRiskCounts(alerts);
-      totalRiskCounts.critical += riskCounts.critical;
-      totalRiskCounts.high += riskCounts.high;
-      totalRiskCounts.middle += riskCounts.middle;
-      totalRiskCounts.low += riskCounts.low;
-    }
-    output.write(`${aboveTheFoldPurls.size ? '\n' : ''}${vendor.yoctocolorsCjsExports.dim(`${aboveTheFoldPurls.size ? '+' : ''}${additionalHiddenCount} Packages with hidden alerts ${vendor.yoctocolorsCjsExports.italic(getHiddenRisksDescription(totalRiskCounts))}`)}\n`);
-  }
-  output.write('\n');
-}
-function idToNpmPurl(id) {
-  return `pkg:npm/${id}`;
-}
-function idToPurl(id, type) {
-  return `pkg:${type}/${id}`;
-}
-function extractOverridesFromPnpmLockSrc(lockfileContent) {
-  let match;
-  if (typeof lockfileContent === 'string') {
-    match = /^overrides:(?:\r?\n {2}.+)+(?:\r?\n)*/m.exec(lockfileContent)?.[0];
-  }
-  return match ?? '';
-}
-async function extractPurlsFromPnpmLockfile(lockfile) {
-  const packages = lockfile?.packages ?? {};
-  const seen = new Set();
-  const visit = pkgPath => {
-    if (seen.has(pkgPath)) {
-      return;
-    }
-    const pkg = packages[pkgPath];
-    if (!pkg) {
-      return;
-    }
-    seen.add(pkgPath);
-    const deps = {
-      __proto__: null,
-      ...pkg.dependencies,
-      ...pkg.optionalDependencies,
-      ...pkg.devDependencies
-    };
-    for (const depName in deps) {
-      const ref = deps[depName];
-      const subKey = isPnpmDepPath(ref) ? ref : `/${depName}@${ref}`;
-      visit(subKey);
-    }
-  };
-  for (const pkgPath of Object.keys(packages)) {
-    visit(pkgPath);
-  }
-  return Array.from(seen).map(p => idToNpmPurl(stripPnpmPeerSuffix(stripLeadingPnpmDepPathSlash(p))));
-}
-function isPnpmDepPath(maybeDepPath) {
-  return maybeDepPath.length > 0 && maybeDepPath.charCodeAt(0) === 47; /*'/'*/
-}
-function parsePnpmLockfile(lockfileContent) {
-  let result;
-  if (typeof lockfileContent === 'string') {
-    try {
-      result = vendor.jsYaml.load(strings.stripBom(lockfileContent));
-    } catch {}
-  }
-  return require$$10.isObjectObject(result) ? result : null;
-}
-function parsePnpmLockfileVersion(version) {
-  try {
-    return vendor.semverExports.coerce(version);
-  } catch {}
-  return null;
-}
-function stripLeadingPnpmDepPathSlash(depPath) {
-  return isPnpmDepPath(depPath) ? depPath.slice(1) : depPath;
-}
-function stripPnpmPeerSuffix(depPath) {
-  const parenIndex = depPath.indexOf('(');
-  const index = parenIndex === -1 ? depPath.indexOf('_') : parenIndex;
-  return index === -1 ? depPath : depPath.slice(0, index);
-}
-async function getAlertsMapFromPnpmLockfile(lockfile, options) {
-  const purls = await extractPurlsFromPnpmLockfile(lockfile);
-  return await getAlertsMapFromPurls(purls, {
-    overrides: lockfile.overrides,
-    ...options
-  });
-}
-async function getAlertsMapFromPurls(purls, options) {
-  const uniqPurls = arrays.arrayUnique(purls);
-  require$$9.debugDir('silly', {
-    purls: uniqPurls
-  });
-  let {
-    length: remaining
-  } = uniqPurls;
-  const alertsByPurl = new Map();
-  if (!remaining) {
-    return alertsByPurl;
-  }
-  const opts = {
-    __proto__: null,
-    consolidate: false,
-    nothrow: false,
-    ...options,
-    filter: toFilterConfig(require$$10.getOwn(options, 'filter'))
-  };
-  if (opts.onlyFixable) {
-    opts.filter.fixable = true;
-  }
-  const {
-    apiToken = getPublicApiToken(),
-    spinner
-  } = opts;
-  const getText = () => `Looking up data for ${remaining} packages`;
-  spinner?.start(getText());
-  const sockSdkCResult = await setupSdk({
-    apiToken
-  });
-  if (!sockSdkCResult.ok) {
-    spinner?.stop();
-    throw new Error('Auth error: Run `socket login` first');
-  }
-  const sockSdk = sockSdkCResult.data;
-  const socketYml = findSocketYmlSync()?.parsed;
-  const alertsMapOptions = {
-    overrides: opts.overrides,
-    consolidate: opts.consolidate,
-    filter: opts.filter,
-    socketYml,
-    spinner
-  };
-  for await (const batchResult of sockSdk.batchPackageStream({
-    components: uniqPurls.map(purl => ({
-      purl
-    }))
-  }, {
-    queryParams: {
-      alerts: 'true',
-      compact: 'true',
-      ...(opts.onlyFixable ? {
-        fixable: 'true '
-      } : {}),
-      ...(Array.isArray(opts.filter.actions) ? {
-        actions: opts.filter.actions.join(',')
-      } : {})
-    }
-  })) {
-    if (batchResult.success) {
-      const artifact = batchResult.data;
-      await addArtifactToAlertsMap(artifact, alertsByPurl, alertsMapOptions);
-    } else if (!opts.nothrow) {
-      spinner?.stop();
-      if (strings.isNonEmptyString(batchResult.error)) {
-        throw new Error(batchResult.error);
-      }
-      const statusCode = batchResult.status ?? 'unknown';
-      throw new Error(`Socket API server error (${statusCode}): No status message`);
-    } else {
-      spinner?.stop();
-      logger.logger.fail(`Received a ${batchResult.status} response from Socket API which we consider a permanent failure:`, batchResult.error, batchResult.cause ? `( ${batchResult.cause} )` : '');
-      require$$9.debugDir('inspect', {
-        batchResult
-      });
-      break;
-    }
-    remaining -= 1;
-    if (remaining > 0) {
-      spinner?.start(getText());
-    }
-  }
-  spinner?.stop();
-  return alertsByPurl;
-}
-function npa(...args) {
-  try {
-    return Reflect.apply(vendor.npaExports, undefined, args);
-  } catch {}
-  return null;
-}
-async function removeNodeModules(cwd = process.cwd()) {
-  const stream = await globStreamNodeModules(cwd);
-  await streams.parallelEach(stream, p => fs.remove(p, {
-    force: true,
-    recursive: true
-  }), {
-    concurrency: 8
-  });
-}
-async function findUp(name, {
-  cwd = process.cwd(),
-  signal = constants.abortSignal
-}) {
-  let dir = path.resolve(cwd);
-  const {
-    root
-  } = path.parse(dir);
-  const names = [name].flat();
-  while (dir && dir !== root) {
-    for (const name of names) {
-      if (signal?.aborted) {
-        return undefined;
-      }
-      const filePath = path.join(dir, name);
-      try {
-        // eslint-disable-next-line no-await-in-loop
-        const stats = await fs$1.promises.stat(filePath);
-        if (stats.isFile()) {
-          return filePath;
-        }
-      } catch {}
-    }
-    dir = path.dirname(dir);
-  }
-  return undefined;
-}
-function shadowNpmInstall(options) {
-  const {
-    agentExecPath = getNpmBinPath(),
-    args = [],
-    ipc,
-    spinner,
-    ...spawnOpts
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const useDebug = require$$9.isDebug('stdio');
-  const terminatorPos = args.indexOf('--');
-  const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos);
-  const binArgs = rawBinArgs.filter(a => !npm.isNpmAuditFlag(a) && !npm.isNpmFundFlag(a) && !npm.isNpmProgressFlag(a));
-  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos);
-  const progressArg = rawBinArgs.findLast(npm.isNpmProgressFlag) !== '--no-progress';
-  const isSilent = !useDebug && !binArgs.some(npm.isNpmLoglevelFlag);
-  const logLevelArgs = isSilent ? ['--loglevel', 'silent'] : [];
-  const useIpc = require$$10.isObject(ipc);
+  const useDebug = require$$9.isDebug('stdio');
+  const terminatorPos = args.indexOf('--');
+  const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos);
+  const binArgs = rawBinArgs.filter(a => !npm.isNpmAuditFlag(a) && !npm.isNpmFundFlag(a) && !npm.isNpmProgressFlag(a));
+  const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos);
+  const progressArg = rawBinArgs.findLast(npm.isNpmProgressFlag) !== '--no-progress';
+  const isSilent = !useDebug && !binArgs.some(npm.isNpmLoglevelFlag);
+  const logLevelArgs = isSilent ? ['--loglevel', 'silent'] : [];
+  const useIpc = require$$11.isObject(ipc);
   // Include 'ipc' in the spawnOpts.stdio when an options.ipc object is provided.
   // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
   // and https://github.com/nodejs/node/blob/v23.6.0/lib/internal/child_process.js#L238.
-  let stdio = require$$10.getOwn(spawnOpts, 'stdio');
+  let stdio = require$$11.getOwn(spawnOpts, 'stdio');
   if (typeof stdio === 'string') {
     stdio = useIpc ? [stdio, stdio, stdio, 'ipc'] : [stdio, stdio, stdio];
   } else if (Array.isArray(stdio)) {
@@ -3477,7 +3045,7 @@ function shadowNpmInstall(options) {
     env: {
       ...process.env,
       ...constants.processEnv,
-      ...require$$10.getOwn(spawnOpts, 'env')
+      ...require$$11.getOwn(spawnOpts, 'env')
     },
     spinner,
     stdio
@@ -3526,59 +3094,11 @@ function runAgentInstall(pkgEnvDetails, options) {
       ...process.env,
       ...constants.processEnv,
       NODE_OPTIONS: cmdFlagsToString([...(skipNodeHardenFlags ? [] : constants.nodeHardenFlags), ...constants.nodeNoWarningsFlags]),
-      ...require$$10.getOwn(spawnOpts, 'env')
+      ...require$$11.getOwn(spawnOpts, 'env')
     }
   });
 }
-async function getNpmConfig(options) {
-  const {
-    cwd = process.cwd(),
-    env = process.env,
-    execPath = process.execPath,
-    nodeVersion = process.version,
-    npmCommand = 'install',
-    npmPath = getNpmDirPath(),
-    npmVersion,
-    platform = process.platform
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const config = new vendor.libExports$2({
-    argv: [],
-    cwd,
-    definitions: vendor.definitionsExports.definitions,
-    execPath,
-    env: {
-      ...env
-    },
-    flatten: vendor.definitionsExports.flatten,
-    npmPath,
-    platform,
-    shorthands: vendor.definitionsExports.shorthands
-  });
-  await config.load();
-  const flatConfig = {
-    __proto__: null,
-    ...config.flat
-  };
-  if (nodeVersion) {
-    flatConfig.nodeVersion = nodeVersion;
-  }
-  if (npmCommand) {
-    flatConfig.npmCommand = npmCommand;
-  }
-  if (npmVersion) {
-    flatConfig.npmVersion = npmVersion.toString();
-  }
-  return flatConfig;
-}
-async function readLockfile(lockfilePath) {
-  return fs$1.existsSync(lockfilePath) ? await fs.readFileUtf8(lockfilePath) : null;
-}
 const {
   BINARY_LOCK_EXT,
   BUN,
@@ -3908,102 +3428,543 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
   };
 }
-const COMPLETION_CMD_PREFIX = 'complete -F _socket_completion';
-function getCompletionSourcingCommand() {
-  // Note: this is exported to distPath in .config/rollup.dist.config.mjs
-  const completionScriptExportPath = path.join(constants.distPath, 'socket-completion.bash');
-  if (!fs$1.existsSync(completionScriptExportPath)) {
-    return {
-      ok: false,
-      message: 'Tab Completion script not found',
-      cause: `Expected to find completion script at \`${completionScriptExportPath}\` but it was not there`
-    };
-  }
-  return {
-    ok: true,
-    data: `source ${completionScriptExportPath}`
-  };
+const ALL_ECOSYSTEMS = ['apk', 'bitbucket', 'cargo', 'chrome', 'cocoapods', 'composer', 'conan', 'conda', 'cran', 'deb', 'docker', 'gem', 'generic', 'github', 'golang', 'hackage', 'hex', 'huggingface', 'maven', 'mlflow', 'npm', 'nuget', 'oci', 'pub', 'pypi', 'qpkg', 'rpm', 'swift', 'swid', 'unknown'];
+new Set(ALL_ECOSYSTEMS);
+function getEcosystemChoicesForMeow() {
+  return [...ALL_ECOSYSTEMS];
 }
-function getBashrcDetails(targetCommandName) {
-  const sourcingCommand = getCompletionSourcingCommand();
-  if (!sourcingCommand.ok) {
-    return sourcingCommand;
-  }
+function isArtifactAlertCve(alert) {
   const {
-    socketAppDataPath
-  } = constants;
-  if (!socketAppDataPath) {
-    return {
-      ok: false,
-      message: 'Could not determine config directory',
-      cause: 'Failed to get config path'
-    };
-  }
+    type
+  } = alert;
+  return type === constants.ALERT_TYPE_CVE || type === constants.ALERT_TYPE_MEDIUM_CVE || type === constants.ALERT_TYPE_MILD_CVE || type === constants.ALERT_TYPE_CRITICAL_CVE;
+}
-  // _socket_completion is the function defined in our completion bash script
-  const completionCommand = `${COMPLETION_CMD_PREFIX} ${targetCommandName}`;
+function createEnum(obj) {
+  return Object.freeze({
+    __proto__: null,
+    ...obj
+  });
+}
-  // Location of completion script in config after installing
-  const completionScriptPath = path.join(path.dirname(socketAppDataPath), 'completion', 'socket-completion.bash');
-  const bashrcContent = `# Socket CLI completion for "${targetCommandName}"
-if [ -f "${completionScriptPath}" ]; then
-    # Load the tab completion script
-    source "${completionScriptPath}"
-    # Tell bash to use this function for tab completion of this function
-    ${completionCommand}
-fi
-`;
-  return {
-    ok: true,
-    data: {
-      sourcingCommand: sourcingCommand.data,
-      completionCommand,
-      toAddToBashrc: bashrcContent,
-      targetName: targetCommandName,
-      targetPath: completionScriptPath
+const ALERT_FIX_TYPE = createEnum({
+  cve: 'cve',
+  remove: 'remove',
+  upgrade: 'upgrade'
+});
+const ALERT_SEVERITY = createEnum({
+  critical: 'critical',
+  high: 'high',
+  middle: 'middle',
+  low: 'low'
+});
+class ColorOrMarkdown {
+  constructor(useMarkdown) {
+    this.useMarkdown = !!useMarkdown;
+  }
+  bold(text) {
+    return this.useMarkdown ? `**${text}**` : vendor.yoctocolorsCjsExports.bold(`${text}`);
+  }
+  header(text, level = 1) {
+    return this.useMarkdown ? `\n${''.padStart(level, '#')} ${text}\n` : vendor.yoctocolorsCjsExports.underline(`\n${level === 1 ? vendor.yoctocolorsCjsExports.bold(text) : text}\n`);
+  }
+  hyperlink(text, url, {
+    fallback = true,
+    fallbackToUrl
+  } = {}) {
+    if (url) {
+      return this.useMarkdown ? `[${text}](${url})` : vendor.terminalLinkExports(text, url, {
+        fallback: fallbackToUrl ? (_text, url) => url : fallback
+      });
     }
-  };
+    return text;
+  }
+  indent(...args) {
+    return vendor.indentStringExports(...args);
+  }
+  italic(text) {
+    return this.useMarkdown ? `_${text}_` : vendor.yoctocolorsCjsExports.italic(`${text}`);
+  }
+  json(value) {
+    return this.useMarkdown ? '```json\n' + JSON.stringify(value) + '\n```' : JSON.stringify(value);
+  }
+  list(items) {
+    const indentedContent = items.map(item => this.indent(item).trimStart());
+    return this.useMarkdown ? `* ${indentedContent.join('\n* ')}\n` : `${indentedContent.join('\n')}\n`;
+  }
 }
-const {
-  kInternalsSymbol,
-  [kInternalsSymbol]: {
-    getSentry
+function toFilterConfig(obj) {
+  const normalized = {
+    __proto__: null
+  };
+  const keys = require$$11.isObject(obj) ? Object.keys(obj) : [];
+  for (const key of keys) {
+    const value = obj[key];
+    if (typeof value === 'boolean' || Array.isArray(value)) {
+      normalized[key] = value;
+    }
   }
-} = constants;
-class AuthError extends Error {}
-class InputError extends Error {
-  constructor(message, body) {
-    super(message);
-    this.body = body;
+  return normalized;
+}
+const require$1 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
+let _translations;
+function getTranslations() {
+  if (_translations === undefined) {
+    _translations = /*@__PURE__*/require$1(path.join(constants.rootPath, 'translations.json'));
   }
+  return _translations;
 }
-async function captureException(exception, hint) {
-  const result = captureExceptionSync(exception, hint);
-  // "Sleep" for a second, just in case, hopefully enough time to initiate fetch.
-  await promises.setTimeout(1000);
-  return result;
+const ALERT_SEVERITY_COLOR = createEnum({
+  critical: 'magenta',
+  high: 'red',
+  middle: 'yellow',
+  low: 'white'
+});
+const ALERT_SEVERITY_ORDER = createEnum({
+  critical: 0,
+  high: 1,
+  middle: 2,
+  low: 3,
+  none: 4
+});
+const MIN_ABOVE_THE_FOLD_COUNT = 3;
+const MIN_ABOVE_THE_FOLD_ALERT_COUNT = 1;
+const format = new ColorOrMarkdown(false);
+function getHiddenRiskCounts(hiddenAlerts) {
+  const riskCounts = {
+    critical: 0,
+    high: 0,
+    middle: 0,
+    low: 0
+  };
+  for (const alert of hiddenAlerts) {
+    switch (getAlertSeverityOrder(alert)) {
+      case ALERT_SEVERITY_ORDER.critical:
+        riskCounts.critical += 1;
+        break;
+      case ALERT_SEVERITY_ORDER.high:
+        riskCounts.high += 1;
+        break;
+      case ALERT_SEVERITY_ORDER.middle:
+        riskCounts.middle += 1;
+        break;
+      case ALERT_SEVERITY_ORDER.low:
+        riskCounts.low += 1;
+        break;
+    }
+  }
+  return riskCounts;
 }
-function captureExceptionSync(exception, hint) {
-  const Sentry = getSentry();
-  if (!Sentry) {
-    return '';
+function getHiddenRisksDescription(riskCounts) {
+  const descriptions = [];
+  if (riskCounts.critical) {
+    descriptions.push(`${riskCounts.critical} ${getSeverityLabel('critical')}`);
   }
-  require$$9.debugFn('notice', 'send: exception to Sentry');
-  return Sentry.captureException(exception, hint);
+  if (riskCounts.high) {
+    descriptions.push(`${riskCounts.high} ${getSeverityLabel('high')}`);
+  }
+  if (riskCounts.middle) {
+    descriptions.push(`${riskCounts.middle} ${getSeverityLabel('middle')}`);
+  }
+  if (riskCounts.low) {
+    descriptions.push(`${riskCounts.low} ${getSeverityLabel('low')}`);
+  }
+  return `(${descriptions.join('; ')})`;
 }
-const ALL_ECOSYSTEMS = ['apk', 'bitbucket', 'cargo', 'chrome', 'cocoapods', 'composer', 'conan', 'conda', 'cran', 'deb', 'docker', 'gem', 'generic', 'github', 'golang', 'hackage', 'hex', 'huggingface', 'maven', 'mlflow', 'npm', 'nuget', 'oci', 'pub', 'pypi', 'qpkg', 'rpm', 'swift', 'swid', 'unknown'];
-new Set(ALL_ECOSYSTEMS);
-function getEcosystemChoicesForMeow() {
-  return [...ALL_ECOSYSTEMS];
+async function addArtifactToAlertsMap(artifact, alertsByPurl, options) {
+  // Make TypeScript happy.
+  if (!artifact.name || !artifact.version || !artifact.alerts?.length) {
+    return alertsByPurl;
+  }
+  const {
+    type: ecosystem,
+    version
+  } = artifact;
+  const {
+    consolidate = false,
+    overrides,
+    socketYml
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const name = packages.resolvePackageName(artifact);
+  const filterConfig = toFilterConfig({
+    blocked: true,
+    critical: true,
+    cve: true,
+    ...require$$11.getOwn(options, 'filter')
+  });
+  const enabledState = {
+    __proto__: null,
+    ...socketYml?.issueRules
+  };
+  let sockPkgAlerts = [];
+  for (const alert of artifact.alerts) {
+    const action = alert.action ?? '';
+    const enabledFlag = enabledState[alert.type];
+    if (action === 'ignore' && enabledFlag !== true || enabledFlag === false) {
+      continue;
+    }
+    const blocked = action === 'error';
+    const critical = alert.severity === ALERT_SEVERITY.critical;
+    const cve = isArtifactAlertCve(alert);
+    const fixType = alert.fix?.type ?? '';
+    const fixableCve = fixType === ALERT_FIX_TYPE.cve;
+    const fixableUpgrade = fixType === ALERT_FIX_TYPE.upgrade;
+    const fixable = fixableCve || fixableUpgrade;
+    const upgradable = fixableUpgrade && !require$$11.hasOwn(overrides, name);
+    if (filterConfig.blocked && blocked || filterConfig.critical && critical || filterConfig.cve && cve || filterConfig.fixable && fixable || filterConfig.upgradable && upgradable) {
+      sockPkgAlerts.push({
+        name,
+        version,
+        key: alert.key,
+        type: alert.type,
+        blocked,
+        critical,
+        ecosystem,
+        fixable,
+        raw: alert,
+        upgradable
+      });
+    }
+  }
+  if (!sockPkgAlerts.length) {
+    return alertsByPurl;
+  }
+  const purl = `pkg:${ecosystem}/${name}@${version}`;
+  const major = getMajor(version);
+  if (consolidate) {
+    const highestForCve = new Map();
+    const highestForUpgrade = new Map();
+    const unfixableAlerts = [];
+    for (const sockPkgAlert of sockPkgAlerts) {
+      const alert = sockPkgAlert.raw;
+      const fixType = alert.fix?.type ?? '';
+      if (fixType === ALERT_FIX_TYPE.cve) {
+        // An alert with alert.fix.type of 'cve' should have a
+        // alert.props.firstPatchedVersionIdentifier property value.
+        // We're just being cautious.
+        const firstPatchedVersionIdentifier = alert.props?.firstPatchedVersionIdentifier;
+        const patchedMajor = firstPatchedVersionIdentifier ? getMajor(firstPatchedVersionIdentifier) : null;
+        if (typeof patchedMajor === 'number') {
+          // Consolidate to the highest "first patched version" by each major
+          // version number.
+          const highest = highestForCve.get(patchedMajor)?.version ?? '0.0.0';
+          if (vendor.semverExports.gt(firstPatchedVersionIdentifier, highest)) {
+            highestForCve.set(patchedMajor, {
+              alert: sockPkgAlert,
+              version: firstPatchedVersionIdentifier
+            });
+          }
+        } else {
+          unfixableAlerts.push(sockPkgAlert);
+        }
+      } else if (fixType === ALERT_FIX_TYPE.upgrade) {
+        // For Socket Optimize upgrades we assume the highest version available
+        // is compatible. This may change in the future.
+        const highest = highestForUpgrade.get(major)?.version ?? '0.0.0';
+        if (vendor.semverExports.gt(version, highest)) {
+          highestForUpgrade.set(major, {
+            alert: sockPkgAlert,
+            version
+          });
+        }
+      } else {
+        unfixableAlerts.push(sockPkgAlert);
+      }
+    }
+    sockPkgAlerts = [
+    // Sort CVE alerts by severity: critical, high, middle, then low.
+    ...Array.from(highestForCve.values()).map(d => d.alert).sort(alertSeverityComparator), ...Array.from(highestForUpgrade.values()).map(d => d.alert), ...unfixableAlerts];
+  } else {
+    sockPkgAlerts.sort((a, b) => sorts.naturalCompare(a.type, b.type));
+  }
+  if (sockPkgAlerts.length) {
+    alertsByPurl.set(purl, sockPkgAlerts);
+  }
+  return alertsByPurl;
+}
+function alertsHaveBlocked(alerts) {
+  return alerts.find(a => a.blocked) !== undefined;
+}
+function alertsHaveSeverity(alerts, severity) {
+  return alerts.find(a => a.raw.severity === severity) !== undefined;
+}
+function alertSeverityComparator(a, b) {
+  // Put the most severe first.
+  return getAlertSeverityOrder(a) - getAlertSeverityOrder(b);
+}
+function getAlertSeverityOrder(alert) {
+  // The more severe, the lower the sort number.
+  const {
+    severity
+  } = alert.raw;
+  return severity === ALERT_SEVERITY.critical ? 0 : severity === ALERT_SEVERITY.high ? 1 : severity === ALERT_SEVERITY.middle ? 2 : severity === ALERT_SEVERITY.low ? 3 : 4;
+}
+function getAlertsSeverityOrder(alerts) {
+  return alertsHaveBlocked(alerts) || alertsHaveSeverity(alerts, ALERT_SEVERITY.critical) ? 0 : alertsHaveSeverity(alerts, ALERT_SEVERITY.high) ? 1 : alertsHaveSeverity(alerts, ALERT_SEVERITY.middle) ? 2 : alertsHaveSeverity(alerts, ALERT_SEVERITY.low) ? 3 : 4;
+}
+function getSeverityLabel(severity) {
+  return severity === 'middle' ? 'moderate' : severity;
+}
+function logAlertsMap(alertsMap, options) {
+  const {
+    hideAt = 'middle',
+    output = process.stderr
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const translations = getTranslations();
+  const sortedEntries = Array.from(alertsMap.entries()).sort((a, b) => getAlertsSeverityOrder(a[1]) - getAlertsSeverityOrder(b[1]));
+  const aboveTheFoldPurls = new Set();
+  const viewableAlertsByPurl = new Map();
+  const hiddenAlertsByPurl = new Map();
+  for (let i = 0, {
+      length
+    } = sortedEntries; i < length; i += 1) {
+    const {
+      0: purl,
+      1: alerts
+    } = sortedEntries[i];
+    const hiddenAlerts = [];
+    const viewableAlerts = alerts.filter(a => {
+      const keep = a.blocked || getAlertSeverityOrder(a) < ALERT_SEVERITY_ORDER[hideAt];
+      if (!keep) {
+        hiddenAlerts.push(a);
+      }
+      return keep;
+    });
+    if (hiddenAlerts.length) {
+      hiddenAlertsByPurl.set(purl, hiddenAlerts.sort(alertSeverityComparator));
+    }
+    if (!viewableAlerts.length) {
+      continue;
+    }
+    viewableAlerts.sort(alertSeverityComparator);
+    viewableAlertsByPurl.set(purl, viewableAlerts);
+    if (viewableAlerts.find(a => a.blocked || getAlertSeverityOrder(a) < ALERT_SEVERITY_ORDER.middle)) {
+      aboveTheFoldPurls.add(purl);
+    }
+  }
+  // If MIN_ABOVE_THE_FOLD_COUNT is NOT met add more from viewable pkg ids.
+  for (const {
+    0: purl
+  } of viewableAlertsByPurl.entries()) {
+    if (aboveTheFoldPurls.size >= MIN_ABOVE_THE_FOLD_COUNT) {
+      break;
+    }
+    aboveTheFoldPurls.add(purl);
+  }
+  // If MIN_ABOVE_THE_FOLD_COUNT is STILL NOT met add more from hidden pkg ids.
+  for (const {
+    0: purl,
+    1: hiddenAlerts
+  } of hiddenAlertsByPurl.entries()) {
+    if (aboveTheFoldPurls.size >= MIN_ABOVE_THE_FOLD_COUNT) {
+      break;
+    }
+    aboveTheFoldPurls.add(purl);
+    const viewableAlerts = viewableAlertsByPurl.get(purl) ?? [];
+    if (viewableAlerts.length < MIN_ABOVE_THE_FOLD_ALERT_COUNT) {
+      const neededCount = MIN_ABOVE_THE_FOLD_ALERT_COUNT - viewableAlerts.length;
+      let removedHiddenAlerts;
+      if (hiddenAlerts.length - neededCount > 0) {
+        removedHiddenAlerts = hiddenAlerts.splice(0, MIN_ABOVE_THE_FOLD_ALERT_COUNT);
+      } else {
+        removedHiddenAlerts = hiddenAlerts;
+        hiddenAlertsByPurl.delete(purl);
+      }
+      viewableAlertsByPurl.set(purl, [...viewableAlerts, ...removedHiddenAlerts]);
+    }
+  }
+  const mentionedPurlsWithHiddenAlerts = new Set();
+  for (let i = 0, prevAboveTheFold = true, entries = Array.from(viewableAlertsByPurl.entries()), {
+      length
+    } = entries; i < length; i += 1) {
+    const {
+      0: purl,
+      1: alerts
+    } = entries[i];
+    const lines = new Set();
+    for (const alert of alerts) {
+      const {
+        type
+      } = alert;
+      const severity = alert.raw.severity ?? '';
+      const attributes = [...(severity ? [vendor.yoctocolorsCjsExports[ALERT_SEVERITY_COLOR[severity]](getSeverityLabel(severity))] : []), ...(alert.blocked ? [vendor.yoctocolorsCjsExports.bold(vendor.yoctocolorsCjsExports.red('blocked'))] : []), ...(alert.fixable ? ['fixable'] : [])];
+      const maybeAttributes = attributes.length ? ` ${vendor.yoctocolorsCjsExports.italic(`(${attributes.join('; ')})`)}` : '';
+      // Based data from { pageProps: { alertTypes } } of:
+      // https://socket.dev/_next/data/9a6db8224b68b6da0eb9f7dbb17aff7e51568ac2/en-US.json
+      const info = translations.alerts[type];
+      const title = info?.title ?? type;
+      const maybeDesc = info?.description ? ` - ${info.description}` : '';
+      const content = `${title}${maybeAttributes}${maybeDesc}`;
+      // TODO: An added emoji seems to mis-align terminals sometimes.
+      lines.add(`  ${content}`);
+    }
+    const purlObj = getPurlObject(purl);
+    const pkgName = packages.resolvePackageName(purlObj);
+    const hyperlink = format.hyperlink(`${pkgName}@${purlObj.version}`, getSocketDevPackageOverviewUrl(purlObj.type, pkgName, purlObj.version));
+    const isAboveTheFold = aboveTheFoldPurls.has(purl);
+    if (isAboveTheFold) {
+      aboveTheFoldPurls.add(purl);
+      output.write(`${i ? '\n' : ''}${hyperlink}:\n`);
+    } else {
+      output.write(`${prevAboveTheFold ? '\n' : ''}${hyperlink}:\n`);
+    }
+    for (const line of lines) {
+      output.write(`${line}\n`);
+    }
+    const hiddenAlerts = hiddenAlertsByPurl.get(purl) ?? [];
+    const {
+      length: hiddenAlertsCount
+    } = hiddenAlerts;
+    if (hiddenAlertsCount) {
+      mentionedPurlsWithHiddenAlerts.add(purl);
+      if (hiddenAlertsCount === 1) {
+        output.write(`  ${vendor.yoctocolorsCjsExports.dim(`+1 Hidden ${getSeverityLabel(hiddenAlerts[0].raw.severity ?? 'low')} risk alert`)}\n`);
+      } else {
+        output.write(`  ${vendor.yoctocolorsCjsExports.dim(`+${hiddenAlertsCount} Hidden alerts ${vendor.yoctocolorsCjsExports.italic(getHiddenRisksDescription(getHiddenRiskCounts(hiddenAlerts)))}`)}\n`);
+      }
+    }
+    prevAboveTheFold = isAboveTheFold;
+  }
+  const additionalHiddenCount = hiddenAlertsByPurl.size - mentionedPurlsWithHiddenAlerts.size;
+  if (additionalHiddenCount) {
+    const totalRiskCounts = {
+      critical: 0,
+      high: 0,
+      middle: 0,
+      low: 0
+    };
+    for (const {
+      0: purl,
+      1: alerts
+    } of hiddenAlertsByPurl.entries()) {
+      if (mentionedPurlsWithHiddenAlerts.has(purl)) {
+        continue;
+      }
+      const riskCounts = getHiddenRiskCounts(alerts);
+      totalRiskCounts.critical += riskCounts.critical;
+      totalRiskCounts.high += riskCounts.high;
+      totalRiskCounts.middle += riskCounts.middle;
+      totalRiskCounts.low += riskCounts.low;
+    }
+    output.write(`${aboveTheFoldPurls.size ? '\n' : ''}${vendor.yoctocolorsCjsExports.dim(`${aboveTheFoldPurls.size ? '+' : ''}${additionalHiddenCount} Packages with hidden alerts ${vendor.yoctocolorsCjsExports.italic(getHiddenRisksDescription(totalRiskCounts))}`)}\n`);
+  }
+  output.write('\n');
+}
+function idToNpmPurl(id) {
+  return `pkg:npm/${id}`;
+}
+async function getAlertsMapFromPurls(purls, options) {
+  const uniqPurls = arrays.arrayUnique(purls);
+  require$$9.debugDir('silly', {
+    purls: uniqPurls
+  });
+  let {
+    length: remaining
+  } = uniqPurls;
+  const alertsByPurl = new Map();
+  if (!remaining) {
+    return alertsByPurl;
+  }
+  const opts = {
+    __proto__: null,
+    consolidate: false,
+    nothrow: false,
+    ...options,
+    filter: toFilterConfig(require$$11.getOwn(options, 'filter'))
+  };
+  if (opts.onlyFixable) {
+    opts.filter.fixable = true;
+  }
+  const {
+    apiToken = getPublicApiToken(),
+    spinner
+  } = opts;
+  const getText = () => `Looking up data for ${remaining} packages`;
+  spinner?.start(getText());
+  const sockSdkCResult = await setupSdk({
+    apiToken
+  });
+  if (!sockSdkCResult.ok) {
+    spinner?.stop();
+    throw new Error('Auth error: Run `socket login` first');
+  }
+  const sockSdk = sockSdkCResult.data;
+  const socketYml = findSocketYmlSync()?.parsed;
+  const alertsMapOptions = {
+    consolidate: opts.consolidate,
+    filter: opts.filter,
+    overrides: opts.overrides,
+    socketYml,
+    spinner
+  };
+  try {
+    for await (const batchResult of sockSdk.batchPackageStream({
+      components: uniqPurls.map(purl => ({
+        purl
+      }))
+    }, {
+      queryParams: {
+        alerts: 'true',
+        compact: 'true',
+        ...(opts.onlyFixable ? {
+          fixable: 'true '
+        } : {}),
+        ...(Array.isArray(opts.filter.actions) ? {
+          actions: opts.filter.actions.join(',')
+        } : {})
+      }
+    })) {
+      if (batchResult.success) {
+        const artifact = batchResult.data;
+        await addArtifactToAlertsMap(artifact, alertsByPurl, alertsMapOptions);
+      } else if (!opts.nothrow) {
+        spinner?.stop();
+        if (strings.isNonEmptyString(batchResult.error)) {
+          throw new Error(batchResult.error);
+        }
+        const statusCode = batchResult.status ?? 'unknown';
+        throw new Error(`Socket API server error (${statusCode}): No status message`);
+      } else {
+        spinner?.stop();
+        logger.logger.fail(`Received a ${batchResult.status} response from Socket API which we consider a permanent failure:`, batchResult.error, batchResult.cause ? `( ${batchResult.cause} )` : '');
+        require$$9.debugDir('inspect', {
+          batchResult
+        });
+        break;
+      }
+      remaining -= 1;
+      if (remaining > 0) {
+        spinner?.start(getText());
+      }
+    }
+  } catch (e) {
+    spinner?.stop();
+    throw e;
+  }
+  spinner?.stop();
+  return alertsByPurl;
 }
 exports.AuthError = AuthError;
 exports.COMPLETION_CMD_PREFIX = COMPLETION_CMD_PREFIX;
 exports.InputError = InputError;
 exports.RangeStyles = RangeStyles;
-exports.applyRange = applyRange;
+exports.cacheFetch = cacheFetch;
 exports.captureException = captureException;
 exports.checkCommandInput = checkCommandInput;
 exports.cmdFlagValueToArray = cmdFlagValueToArray;
@@ -4013,34 +3974,32 @@ exports.createEnum = createEnum;
 exports.detectAndValidatePackageEnvironment = detectAndValidatePackageEnvironment;
 exports.detectDefaultBranch = detectDefaultBranch;
 exports.determineOrgSlug = determineOrgSlug;
-exports.extractOverridesFromPnpmLockSrc = extractOverridesFromPnpmLockSrc;
+exports.enablePrAutoMerge = enablePrAutoMerge;
 exports.extractTier1ReachabilityScanId = extractTier1ReachabilityScanId;
 exports.failMsgWithBadge = failMsgWithBadge;
+exports.fetchGhsaDetails = fetchGhsaDetails;
 exports.fetchOrganization = fetchOrganization;
-exports.getAlertsMapFromPnpmLockfile = getAlertsMapFromPnpmLockfile;
+exports.findUp = findUp;
 exports.getAlertsMapFromPurls = getAlertsMapFromPurls;
 exports.getBaseBranch = getBaseBranch;
 exports.getBashrcDetails = getBashrcDetails;
 exports.getConfigValue = getConfigValue;
 exports.getConfigValueOrUndef = getConfigValueOrUndef;
-exports.getCveInfoFromAlertsMap = getCveInfoFromAlertsMap;
 exports.getDefaultOrgSlug = getDefaultOrgSlug;
 exports.getEcosystemChoicesForMeow = getEcosystemChoicesForMeow;
 exports.getEnterpriseOrgs = getEnterpriseOrgs;
 exports.getFlagApiRequirementsOutput = getFlagApiRequirementsOutput;
 exports.getFlagListOutput = getFlagListOutput;
 exports.getMajor = getMajor;
-exports.getMinVersion = getMinVersion;
 exports.getNpmBinPath = getNpmBinPath;
-exports.getNpmConfig = getNpmConfig;
 exports.getNpmRequire = getNpmRequire;
 exports.getNpxBinPath = getNpxBinPath;
+exports.getOctokit = getOctokit;
+exports.getOctokitGraphql = getOctokitGraphql;
 exports.getOrgSlugs = getOrgSlugs;
 exports.getOutputKind = getOutputKind;
 exports.getPackageFilesForScan = getPackageFilesForScan;
-exports.getPkgFullNameFromPurl = getPkgFullNameFromPurl;
 exports.getPublicApiToken = getPublicApiToken;
-exports.getPurlObject = getPurlObject;
 exports.getRepoInfo = getRepoInfo;
 exports.getRepoName = getRepoName;
 exports.getSocketDevPackageOverviewUrlFromPurl = getSocketDevPackageOverviewUrlFromPurl;
@@ -4062,7 +4021,6 @@ exports.handleApiCallNoSpinner = handleApiCallNoSpinner;
 exports.hasDefaultApiToken = hasDefaultApiToken;
 exports.hasEnterpriseOrgPlan = hasEnterpriseOrgPlan;
 exports.idToNpmPurl = idToNpmPurl;
-exports.idToPurl = idToPurl;
 exports.isHelpFlag = isHelpFlag;
 exports.isNpmBinPathShadowed = isNpmBinPathShadowed;
 exports.isNpxBinPathShadowed = isNpxBinPathShadowed;
@@ -4079,17 +4037,14 @@ exports.meowOrExit = meowOrExit;
 exports.meowWithSubcommands = meowWithSubcommands;
 exports.msAtHome = msAtHome;
 exports.npa = npa;
-exports.parsePnpmLockfile = parsePnpmLockfile;
-exports.parsePnpmLockfileVersion = parsePnpmLockfileVersion;
 exports.queryApiSafeJson = queryApiSafeJson;
 exports.queryApiSafeText = queryApiSafeText;
-exports.readLockfile = readLockfile;
 exports.readOrDefaultSocketJson = readOrDefaultSocketJson;
 exports.readSocketJsonSync = readSocketJsonSync;
-exports.removeNodeModules = removeNodeModules;
 exports.runAgentInstall = runAgentInstall;
 exports.sendApiRequest = sendApiRequest;
 exports.serializeResultJson = serializeResultJson;
+exports.setGitRemoteGithubRepoUrl = setGitRemoteGithubRepoUrl;
 exports.setupSdk = setupSdk;
 exports.spawnCoana = spawnCoana;
 exports.suggestOrgSlug = suggestOrgSlug;
@@ -4098,5 +4053,5 @@ exports.toFilterConfig = toFilterConfig;
 exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=7bc6e694-34e1-474f-8bfe-df9d9abb3db6
+//# debugId=c9a337ab-9c3d-4d21-a5a6-ef5d89be0e38
 //# sourceMappingURL=utils.js.map