npm - @socketsecurity/cli-with-sentry - Versions diffs - 1.0.64 → 1.0.66 - Mend

@socketsecurity/cli-with-sentry 1.0.64 → 1.0.66

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

package/dist/utils.js CHANGED Viewed

@@ -5,28 +5,23 @@ var logger = require('../external/@socketsecurity/registry/lib/logger');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
 var debug = require('../external/@socketsecurity/registry/lib/debug');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
-var objects = require('../external/@socketsecurity/registry/lib/objects');
+var require$$7 = require('../external/@socketsecurity/registry/lib/objects');
 var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var sorts = require('../external/@socketsecurity/registry/lib/sorts');
 var constants = require('./constants.js');
 var path = require('node:path');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var prompts = require('../external/@socketsecurity/registry/lib/prompts');
-var promises = require('node:timers/promises');
 var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var fs = require('node:fs');
-var registry = require('../external/@socketsecurity/registry');
+var fs$1 = require('../external/@socketsecurity/registry/lib/fs');
+var require$$8 = require('../external/@socketsecurity/registry/lib/promises');
 var packages = require('../external/@socketsecurity/registry/lib/packages');
+var registry = require('../external/@socketsecurity/registry');
 var require$$5 = require('node:module');
 var npm = require('../external/@socketsecurity/registry/lib/npm');
-var fs$1 = require('../external/@socketsecurity/registry/lib/fs');
-var require$$7 = require('../external/@socketsecurity/registry/lib/promises');
+var promises = require('node:timers/promises');
-var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-const {
-  PNPM: PNPM$2
-} = constants;
-const PNPM_WORKSPACE = `${PNPM$2}-workspace`;
 const ignoredDirs = [
 // Taken from ignore-by-default:
 // https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js
@@ -52,8 +47,8 @@ const ignoredDirs = [
 const ignoredDirPatterns = ignoredDirs.map(i => `**/${i}`);
 async function getWorkspaceGlobs(agent, cwd = process.cwd()) {
   let workspacePatterns;
-  if (agent === PNPM$2) {
-    for (const workspacePath of [path.join(cwd, `${PNPM_WORKSPACE}.yaml`), path.join(cwd, `${PNPM_WORKSPACE}.yml`)]) {
+  if (agent === 'pnpm') {
+    for (const workspacePath of [path.join(cwd, 'pnpm-workspace.yaml'), path.join(cwd, 'pnpm-workspace.yml')]) {
       // eslint-disable-next-line no-await-in-loop
       const yml = await safeReadFile(workspacePath);
       if (yml) {
@@ -133,7 +128,11 @@ function workspacePatternToGlobPattern(workspace) {
   // Things like "packages/a" or "packages/*"
   return `${workspace}/package.json`;
 }
-async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
+function filterBySupportedScanFiles(filepaths, supportedFiles) {
+  const patterns = getSupportedFilePatterns(supportedFiles);
+  return filepaths.filter(p => vendor.micromatchExports.some(p, patterns));
+}
+function getSupportedFilePatterns(supportedFiles) {
   const patterns = [];
   for (const key of Object.keys(supportedFiles)) {
     const supported = supportedFiles[key];
@@ -141,7 +140,7 @@ async function filterGlobResultToSupportedFiles(entries, supportedFiles) {
       patterns.push(...Object.values(supported).map(p => `**/${p.pattern}`));
     }
   }
-  return entries.filter(p => vendor.micromatchExports.some(p, patterns));
+  return patterns;
 }
 async function globWithGitIgnore(patterns, options) {
   const {
@@ -152,15 +151,16 @@ async function globWithGitIgnore(patterns, options) {
     __proto__: null,
     ...options
   };
-  const projectIgnorePaths = socketConfig?.projectIgnorePaths;
   const ignoreFiles = await vendor.distExports.glob(['**/.gitignore'], {
     absolute: true,
     cwd,
     expandDirectories: true
   });
+  const projectIgnorePaths = socketConfig?.projectIgnorePaths;
   const ignores = [...ignoredDirPatterns, ...(Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd) : []), ...(await Promise.all(ignoreFiles.map(async filepath => ignoreFileToGlobPatterns((await safeReadFile(filepath)) ?? '', filepath, cwd)))).flat()];
   const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/);
   const globOptions = {
+    __proto__: null,
     absolute: true,
     cwd,
     dot: true,
@@ -172,14 +172,11 @@ async function globWithGitIgnore(patterns, options) {
   if (!hasNegatedPattern) {
     return result;
   }
-  const {
-    absolute
-  } = globOptions;
   // Note: the input files must be INSIDE the cwd. If you get strange looking
   // relative path errors here, most likely your path is outside the given cwd.
-  const filtered = vendor.ignoreExports().add(ignores).filter(absolute ? result.map(p => path.relative(cwd, p)) : result);
-  return absolute ? filtered.map(p => path.resolve(cwd, p)) : filtered;
+  const filtered = vendor.ignoreExports().add(ignores).filter(globOptions.absolute ? result.map(p => path.relative(cwd, p)) : result);
+  return globOptions.absolute ? filtered.map(p => path.resolve(cwd, p)) : filtered;
 }
 async function globNodeModules(cwd = process.cwd()) {
   return await vendor.distExports.glob('**/node_modules', {
@@ -197,17 +194,18 @@ async function globWorkspace(agent, cwd = process.cwd()) {
     ignore: ['**/node_modules/**', '**/bower_components/**']
   }) : [];
 }
+function isReportSupportedFile(filepath, supportedFiles) {
+  const patterns = getSupportedFilePatterns(supportedFiles);
+  return vendor.micromatchExports.some(filepath, patterns);
+}
 function pathsToGlobPatterns(paths) {
   // TODO: Does not support `~/` paths.
   return paths.map(p => p === '.' || p === './' ? '**/*' : p);
 }
-const {
-  abortSignal
-} = constants;
 async function removeNodeModules(cwd = process.cwd()) {
   const nodeModulesPaths = await globNodeModules(cwd);
-  await require$$7.pEach(nodeModulesPaths, 3, p => fs$1.remove(p, {
+  await require$$8.pEach(nodeModulesPaths, 3, p => fs$1.remove(p, {
     force: true,
     recursive: true
   }), {
@@ -216,7 +214,8 @@ async function removeNodeModules(cwd = process.cwd()) {
 }
 async function findUp(name, {
   cwd = process.cwd(),
-  signal = abortSignal
+  // Lazily access constants.abortSignal.
+  signal = constants.abortSignal
 }) {
   let dir = path.resolve(cwd);
   const {
@@ -243,14 +242,16 @@ async function findUp(name, {
 }
 async function readFileBinary(filepath, options) {
   return await fs.promises.readFile(filepath, {
-    signal: abortSignal,
+    // Lazily access constants.abortSignal.
+    signal: constants.abortSignal,
     ...options,
     encoding: 'binary'
   });
 }
 async function readFileUtf8(filepath, options) {
   return await fs.promises.readFile(filepath, {
-    signal: abortSignal,
+    // Lazily access constants.abortSignal.
+    signal: constants.abortSignal,
     ...options,
     encoding: 'utf8'
   });
@@ -259,7 +260,8 @@ async function safeReadFile(filepath, options) {
   try {
     return await fs.promises.readFile(filepath, {
       encoding: 'utf8',
-      signal: abortSignal,
+      // Lazily access constants.abortSignal.
+      signal: constants.abortSignal,
       ...(typeof options === 'string' ? {
         encoding: options
       } : options)
@@ -288,8 +290,10 @@ function safeStatsSync(filepath, options) {
   return undefined;
 }
-const sensitiveConfigKeys = new Set(['apiToken']);
-const supportedConfigKeys = new Map([['apiBaseUrl', 'Base URL of the API endpoint'], ['apiProxy', 'A proxy through which to access the API'], ['apiToken', 'The API token required to access most API endpoints'], ['defaultOrg', 'The default org slug to use; usually the org your API token has access to. When set, all orgSlug arguments are implied to be this value.'], ['enforcedOrgs', 'Orgs in this list have their security policies enforced on this machine'], ['skipAskToPersistDefaultOrg', 'This flag prevents the CLI from asking you to persist the org slug when you selected one interactively'], ['org', 'Alias for defaultOrg']]);
+const sensitiveConfigKeyLookup = new Set(['apiToken']);
+const supportedConfig = new Map([['apiBaseUrl', 'Base URL of the API endpoint'], ['apiProxy', 'A proxy through which to access the API'], ['apiToken', 'The API token required to access most API endpoints'], ['defaultOrg', 'The default org slug to use; usually the org your API token has access to. When set, all orgSlug arguments are implied to be this value.'], ['enforcedOrgs', 'Orgs in this list have their security policies enforced on this machine'], ['skipAskToPersistDefaultOrg', 'This flag prevents the CLI from asking you to persist the org slug when you selected one interactively'], ['org', 'Alias for defaultOrg']]);
+const supportedConfigEntries = [...supportedConfig.entries()].sort((a, b) => sorts.naturalCompare(a[0], b[0]));
+const supportedConfigKeys = supportedConfigEntries.map(p => p[0]);
 function getConfigValues() {
   if (_cachedConfig === undefined) {
     // Order: env var > --config flag > file
@@ -327,7 +331,7 @@ function normalizeConfigKey(key) {
   //       property apiKey, we'll copy that to apiToken and delete the old property.
   // We added `org` as a convenience alias for `defaultOrg`
   const normalizedKey = key === 'apiKey' ? 'apiToken' : key === 'org' ? 'defaultOrg' : key;
-  if (!supportedConfigKeys.has(normalizedKey)) {
+  if (!isSupportedConfigKey(normalizedKey)) {
     return {
       ok: false,
       message: `Invalid config key: ${normalizedKey}`,
@@ -385,9 +389,21 @@ function getConfigValueOrUndef(key) {
   }
   return localConfig[keyResult.data];
 }
+function getSupportedConfigEntries() {
+  return [...supportedConfigEntries];
+}
+function getSupportedConfigKeys() {
+  return [...supportedConfigKeys];
+}
 function isReadOnlyConfig() {
   return _readOnlyConfig;
 }
+function isSensitiveConfigKey(key) {
+  return sensitiveConfigKeyLookup.has(key);
+}
+function isSupportedConfigKey(key) {
+  return supportedConfig.has(key);
+}
 let _cachedConfig;
 // When using --config or SOCKET_CLI_CONFIG, do not persist the config.
 let _readOnlyConfig = false;
@@ -397,7 +413,8 @@ function overrideCachedConfig(jsonConfig) {
   try {
     config = JSON.parse(String(jsonConfig));
     if (!config || typeof config !== 'object') {
-      // `null` is valid json, so are primitive values. They're not valid config objects :)
+      // `null` is valid json, so are primitive values.
+      // They're not valid config objects :)
       return {
         ok: false,
         message: 'Could not parse Config as JSON',
@@ -405,7 +422,7 @@ function overrideCachedConfig(jsonConfig) {
       };
     }
   } catch {
-    // Force set an empty config to prevent accidentally using system settings
+    // Force set an empty config to prevent accidentally using system settings.
     _cachedConfig = {};
     _readOnlyConfig = true;
     return {
@@ -419,7 +436,7 @@ function overrideCachedConfig(jsonConfig) {
   _cachedConfig = config;
   _readOnlyConfig = true;
-  // Normalize apiKey to apiToken
+  // Normalize apiKey to apiToken.
   if (_cachedConfig['apiKey']) {
     if (_cachedConfig['apiToken']) {
       logger.logger.warn('Note: The config override had both apiToken and apiKey. Using the apiToken value. Remove the apiKey to get rid of this message.');
@@ -434,8 +451,7 @@ function overrideCachedConfig(jsonConfig) {
 }
 function overrideConfigApiToken(apiToken) {
   debug.debugFn('notice', 'override: API token (not stored)');
-  // Set token to the local cached config and mark it read-only so it doesn't persist
+  // Set token to the local cached config and mark it read-only so it doesn't persist.
   _cachedConfig = {
     ...vendor.configExports,
     ...(apiToken === undefined ? {} : {
@@ -452,7 +468,8 @@ function updateConfigValue(configKey, value) {
     return keyResult;
   }
   const key = keyResult.data;
-  let wasDeleted = value === undefined; // implicitly when serializing
+  // Implicitly deleting when serializing.
+  let wasDeleted = value === undefined;
   if (key === 'skipAskToPersistDefaultOrg') {
     if (value === 'true' || value === 'false') {
       localConfig['skipAskToPersistDefaultOrg'] = value === 'true';
@@ -586,7 +603,14 @@ function getPublicToken() {
   // Lazily access constants.SOCKET_PUBLIC_API_TOKEN.
   constants.SOCKET_PUBLIC_API_TOKEN;
 }
-async function setupSdk(apiToken = getDefaultToken(), apiBaseUrl = getDefaultApiBaseUrl$1(), proxy) {
+async function setupSdk(options) {
+  const opts = {
+    __proto__: null,
+    ...options
+  };
+  let {
+    apiToken = getDefaultToken()
+  } = opts;
   if (typeof apiToken !== 'string' && vendor.isInteractiveExports()) {
     apiToken = await prompts.password({
       message: 'Enter your Socket.dev API key (not saved, use socket login to persist)'
@@ -600,15 +624,21 @@ async function setupSdk(apiToken = getDefaultToken(), apiBaseUrl = getDefaultApi
       cause: 'You need to provide an API Token. Run `socket login` first.'
     };
   }
-  if (!isUrl(proxy)) {
-    proxy = getDefaultProxyUrl();
+  let {
+    apiProxy
+  } = opts;
+  if (!isUrl(apiProxy)) {
+    apiProxy = getDefaultProxyUrl();
   }
-  const ProxyAgent = proxy?.startsWith('http:') ? vendor.HttpProxyAgent : vendor.HttpsProxyAgent;
+  const {
+    apiBaseUrl = getDefaultApiBaseUrl$1()
+  } = opts;
+  const ProxyAgent = apiProxy?.startsWith('http:') ? vendor.HttpProxyAgent : vendor.HttpsProxyAgent;
   return {
     ok: true,
     data: new vendor.distExports$2.SocketSdk(apiToken, {
-      agent: proxy ? new ProxyAgent({
-        proxy
+      agent: apiProxy ? new ProxyAgent({
+        proxy: apiProxy
       }) : undefined,
       baseUrl: apiBaseUrl,
       userAgent: vendor.distExports$2.createUserAgentFromPkgJson({
@@ -623,59 +653,79 @@ async function setupSdk(apiToken = getDefaultToken(), apiBaseUrl = getDefaultApi
   };
 }
-async function handleApiCall(value, fetchingDesc) {
-  // Lazily access constants.spinner.
+const NO_ERROR_MESSAGE = 'No error message returned';
+async function handleApiCall(value, options) {
   const {
+    desc,
     spinner
-  } = constants;
-  spinner.start(`Requesting ${fetchingDesc} from API...`);
-  let result;
+  } = {
+    __proto__: null,
+    ...options
+  };
+  if (desc) {
+    spinner?.start(`Requesting ${desc} from API...`);
+  } else {
+    spinner?.start();
+  }
+  let sdkResult;
   try {
-    result = await value;
-    // TODO: info, not success (looks weird when response is non-200)
-    spinner.successAndStop(`Received API response (after requesting ${fetchingDesc}).`);
+    sdkResult = await value;
+    if (desc) {
+      // TODO: info, not success (looks weird when response is non-200)
+      spinner?.successAndStop(`Received API response (after requesting ${desc}).`);
+    } else {
+      spinner?.stop();
+    }
   } catch (e) {
-    spinner.failAndStop(`An error was thrown while requesting ${fetchingDesc}`);
-    const message = `${e || 'No error message returned'}`;
-    const reason = `${e || 'No error message returned'}`;
-    debug.debugFn('error', `caught: ${fetchingDesc} error`);
+    if (desc) {
+      spinner?.failAndStop(`An error was thrown while requesting ${desc}`);
+      debug.debugFn('error', `caught: ${desc} error`);
+    } else {
+      spinner?.stop();
+      debug.debugFn('error', `caught: error`);
+    }
     debug.debugDir('inspect', {
       error: e
     });
     return {
       ok: false,
       message: 'Socket API returned an error',
-      cause: `${message}${reason ? ` ( Reason: ${reason} )` : ''}`
+      cause: vendor.messageWithCauses(e)
     };
   } finally {
-    spinner.stop();
+    spinner?.stop();
   }
-  // Note: TS can't narrow down the type of result due to generics
-  if (result.success === false) {
-    const error = result;
-    const message = `${error.error || 'No error message returned'}`;
+  // Note: TS can't narrow down the type of result due to generics.
+  if (sdkResult.success === false) {
+    const errorResult = sdkResult;
+    const message = `${errorResult.error || NO_ERROR_MESSAGE}`;
     const {
       cause: reason
-    } = error;
-    debug.debugFn('error', `fail: ${fetchingDesc} bad response`);
+    } = errorResult;
+    if (desc) {
+      debug.debugFn('error', `fail: ${desc} bad response`);
+    } else {
+      debug.debugFn('error', 'fail: bad response');
+    }
     debug.debugDir('inspect', {
-      error
+      sdkResult
     });
     return {
       ok: false,
       message: 'Socket API returned an error',
       cause: `${message}${reason ? ` ( Reason: ${reason} )` : ''}`,
       data: {
-        code: result.status
+        code: sdkResult.status
       }
     };
   } else {
-    const ok = result;
+    const {
+      data
+    } = sdkResult;
     return {
       ok: true,
-      data: ok.data
+      data
     };
   }
 }
@@ -684,8 +734,8 @@ async function handleApiCallNoSpinner(value, description) {
   try {
     result = await value;
   } catch (e) {
-    const message = `${e || 'No error message returned'}`;
-    const reason = `${e || 'No error message returned'}`;
+    const message = `${e || NO_ERROR_MESSAGE}`;
+    const reason = `${e || NO_ERROR_MESSAGE}`;
     debug.debugFn('error', `caught: ${description} error`);
     debug.debugDir('inspect', {
       error: e
@@ -700,7 +750,7 @@ async function handleApiCallNoSpinner(value, description) {
   // Note: TS can't narrow down the type of result due to generics
   if (result.success === false) {
     const error = result;
-    const message = `${error.error || 'No error message returned'}`;
+    const message = `${error.error || NO_ERROR_MESSAGE}`;
     debug.debugFn('error', `fail: ${description} bad response`);
     debug.debugDir('inspect', {
       error
@@ -1109,7 +1159,7 @@ function getHelpListOutput(list, options) {
     if (entry && 'hidden' in entry && entry?.hidden) {
       continue;
     }
-    const description = (objects.isObject(entry) ? entry.description : entry) || '';
+    const description = (require$$7.isObject(entry) ? entry.description : entry) || '';
     result += ''.padEnd(indent) + (keyPrefix + name).padEnd(padName) + description + '\n';
   }
   return result.trim() || '(none)';
@@ -1266,10 +1316,10 @@ async function meowWithSubcommands(subcommands, options) {
   function formatCommandsForHelp(isRootCommand) {
     if (!isRootCommand) {
       return getHelpListOutput({
-        ...objects.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
+        ...require$$7.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
           1: subcommand
         }) => !subcommand.hidden))),
-        ...objects.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(({
+        ...require$$7.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(({
           1: alias
         }) => {
           const {
@@ -1514,41 +1564,54 @@ function msAtHome(isoTimeStamp) {
   }
 }
-async function suggestOrgSlug() {
-  const sockSdkCResult = await setupSdk();
+async function fetchOrganization(options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
-    return;
+    return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  const result = await handleApiCall(sockSdk.getOrganizations(), 'list of organizations');
+  return await handleApiCall(sockSdk.getOrganizations(), {
+    desc: 'organization list'
+  });
+}
+async function suggestOrgSlug() {
+  const orgsCResult = await fetchOrganization();
+  if (!orgsCResult.ok) {
+    logger.logger.fail('Failed to lookup organization list from API, unable to suggest');
+    return undefined;
+  }
   // Ignore a failed request here. It was not the primary goal of
   // running this command and reporting it only leads to end-user confusion.
-  if (result.ok) {
-    const proceed = await prompts.select({
-      message: 'Missing org name; do you want to use any of these orgs for this scan?',
-      choices: [...Object.values(result.data.organizations).map(org => {
-        const name = org.name ?? org.slug;
-        return {
-          name: `Yes [${name}]`,
-          value: name,
-          description: `Use "${name}" as the organization`
-        };
-      }), {
-        name: 'No',
-        value: '',
-        description: 'Do not use any of these organizations (will end in a no-op)'
-      }]
-    });
-    if (proceed === undefined) {
-      return undefined;
-    }
-    if (proceed) {
-      return proceed;
-    }
-  } else {
-    logger.logger.fail('Failed to lookup organization list from API, unable to suggest');
+  const {
+    organizations
+  } = orgsCResult.data;
+  const proceed = await prompts.select({
+    message: 'Missing org name; do you want to use any of these orgs for this scan?',
+    choices: [...Object.values(organizations).map(o => {
+      const name = o.name ?? o.slug;
+      return {
+        name: `Yes [${name}]`,
+        value: name,
+        description: `Use "${name}" as the organization`
+      };
+    }), {
+      name: 'No',
+      value: '',
+      description: 'Do not use any of these organizations (will end in a no-op)'
+    }]
+  });
+  if (proceed) {
+    return proceed;
   }
+  return undefined;
 }
 async function suggestToPersistOrgSlug(orgSlug) {
@@ -1626,6 +1689,47 @@ async function determineOrgSlug(orgFlag, interactive, dryRun) {
   return [orgSlug, defaultOrgSlug];
 }
+// Use the config defaultOrg when set, otherwise discover from remote.
+async function getDefaultOrgSlug() {
+  const defaultOrgResult = getConfigValueOrUndef('defaultOrg');
+  if (defaultOrgResult) {
+    debug.debugFn('notice', 'use: default org', defaultOrgResult);
+    return {
+      ok: true,
+      data: defaultOrgResult
+    };
+  }
+  const orgsCResult = await fetchOrganization();
+  if (!orgsCResult.ok) {
+    return orgsCResult;
+  }
+  const {
+    organizations
+  } = orgsCResult.data;
+  const keys = Object.keys(organizations);
+  if (!keys.length) {
+    return {
+      ok: false,
+      message: 'Failed to establish identity',
+      data: `API did not return any organization associated with the current API token. Unable to continue.`
+    };
+  }
+  const slug = organizations[keys[0]]?.name ?? undefined;
+  if (!slug) {
+    return {
+      ok: false,
+      message: 'Failed to establish identity',
+      data: `Was unable to determine the default organization for the current API token. Unable to continue.`
+    };
+  }
+  debug.debugFn('notice', 'resolve: org', slug);
+  return {
+    ok: true,
+    message: 'Retrieved default org from server',
+    data: slug
+  };
+}
 async function getBaseBranch(cwd = process.cwd()) {
   // Lazily access constants.ENV properties.
   const {
@@ -2031,16 +2135,15 @@ function* walkNestedMap(map, keys = []) {
   }
 }
-const {
-  NODE_MODULES: NODE_MODULES$1,
-  NPM: NPM$4,
-  shadowBinPath
-} = constants;
 function findBinPathDetailsSync(binName) {
   const binPaths = vendor.libExports$1.sync(binName, {
     all: true,
     nothrow: true
   }) ?? [];
+  // Lazily access constants.shadowBinPath.
+  const {
+    shadowBinPath
+  } = constants;
   let shadowIndex = -1;
   let theBinPath;
   for (let i = 0, {
@@ -2068,7 +2171,7 @@ function findNpmPathSync(npmBinPath) {
   } = constants;
   let thePath = npmBinPath;
   while (true) {
-    const libNmNpmPath = path.join(thePath, 'lib', NODE_MODULES$1, NPM$4);
+    const libNmNpmPath = path.join(thePath, 'lib/node_modules/npm');
     // mise puts its npm bin in a path like:
     //   /Users/SomeUsername/.local/share/mise/installs/node/vX.X.X/bin/npm.
     // HOWEVER, the location of the npm install is:
@@ -2078,9 +2181,9 @@ function findNpmPathSync(npmBinPath) {
     // will throw an ENOTDIR error for paths like ./a-file-that-exists/a-directory-that-does-not.
     // See https://github.com/nodejs/node/issues/56993.
     fs.existsSync(libNmNpmPath) && safeStatsSync(libNmNpmPath)?.isDirectory()) {
-      thePath = path.join(libNmNpmPath, NPM$4);
+      thePath = path.join(libNmNpmPath, 'npm');
     }
-    const nmPath = path.join(thePath, NODE_MODULES$1);
+    const nmPath = path.join(thePath, 'node_modules');
     if (
     // npm bin paths may look like:
     //   /usr/local/share/npm/bin/npm
@@ -2094,9 +2197,9 @@ function findNpmPathSync(npmBinPath) {
     //   C:\Program Files\nodejs\node_modules
     fs.existsSync(nmPath) && safeStatsSync(nmPath)?.isDirectory() && (
     // Optimistically look for the default location.
-    path.basename(thePath) === NPM$4 ||
+    path.basename(thePath) === 'npm' ||
     // Chocolatey installs npm bins in the same directory as node bins.
-    WIN32 && fs.existsSync(path.join(thePath, `${NPM$4}.cmd`)))) {
+    WIN32 && fs.existsSync(path.join(thePath, 'npm.cmd')))) {
       return thePath;
     }
     const parent = path.dirname(thePath);
@@ -2114,11 +2217,11 @@ async function getPackageFilesForScan(inputPaths, supportedFiles, options) {
     __proto__: null,
     ...options
   };
-  const entries = await globWithGitIgnore(pathsToGlobPatterns(inputPaths), {
+  const filepaths = await globWithGitIgnore(pathsToGlobPatterns(inputPaths), {
     cwd,
     socketConfig
   });
-  return await filterGlobResultToSupportedFiles(entries, supportedFiles);
+  return filterBySupportedScanFiles(filepaths, supportedFiles);
 }
 async function readOrDefaultSocketJson(cwd) {
@@ -2440,11 +2543,11 @@ function getMinVersion(range) {
   return null;
 }
-const require$1 = require$$5.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('utils.js', document.baseURI).href)));
+const require$1 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
 let _translations;
 function getTranslations() {
   if (_translations === undefined) {
-    _translations = require$1(
+    _translations = /*@__PURE__*/require$1(
     // Lazily access constants.rootPath.
     path.join(constants.rootPath, 'translations.json'));
   }
@@ -2555,7 +2658,7 @@ async function addArtifactToAlertsMap(artifact, alertsByPurl, options) {
     const fixableCve = fixType === ALERT_FIX_TYPE.cve;
     const fixableUpgrade = fixType === ALERT_FIX_TYPE.upgrade;
     const fixable = fixableCve || fixableUpgrade;
-    const upgradable = fixableUpgrade && !objects.hasOwn(overrides, name);
+    const upgradable = fixableUpgrade && !require$$7.hasOwn(overrides, name);
     if (include.blocked && blocked || include.critical && critical || include.cve && cve || include.unfixable && !fixable || include.upgradable && upgradable) {
       sockPkgAlerts.push({
         name,
@@ -2920,7 +3023,7 @@ function parsePnpmLockfile(lockfileContent) {
       result = vendor.jsYaml.load(strings.stripBom(lockfileContent));
     } catch {}
   }
-  return objects.isObjectObject(result) ? result : null;
+  return require$$7.isObjectObject(result) ? result : null;
 }
 function parsePnpmLockfileVersion(version) {
   try {
@@ -2944,15 +3047,15 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options) {
     ...options
   });
 }
-async function getAlertsMapFromPurls(purls, options_) {
-  const options = {
+async function getAlertsMapFromPurls(purls, options) {
+  const opts = {
     __proto__: null,
     consolidate: false,
     include: undefined,
     nothrow: false,
-    ...options_
+    ...options
   };
-  options.include = {
+  opts.include = {
     __proto__: null,
     // Leave 'actions' unassigned so it can be given a default value in
     // subsequent functions where `options` is passed.
@@ -2963,11 +3066,8 @@ async function getAlertsMapFromPurls(purls, options_) {
     existing: false,
     unfixable: true,
     upgradable: false,
-    ...options.include
+    ...opts.include
   };
-  const {
-    spinner
-  } = options;
   const uniqPurls = arrays.arrayUnique(purls);
   debug.debugDir('silly', {
     purls: uniqPurls
@@ -2979,37 +3079,44 @@ async function getAlertsMapFromPurls(purls, options_) {
   if (!remaining) {
     return alertsByPurl;
   }
+  const {
+    spinner
+  } = opts;
   const getText = () => `Looking up data for ${remaining} packages`;
   spinner?.start(getText());
-  const sockSdkCResult = await setupSdk(getPublicToken());
+  const sockSdkCResult = await setupSdk({
+    apiToken: getPublicToken()
+  });
   if (!sockSdkCResult.ok) {
     spinner?.stop();
     throw new Error('Auth error: Try to run `socket login` first');
   }
   const sockSdk = sockSdkCResult.data;
   const alertsMapOptions = {
-    overrides: options.overrides,
-    consolidate: options.consolidate,
-    include: options.include,
+    overrides: opts.overrides,
+    consolidate: opts.consolidate,
+    include: opts.include,
     spinner
   };
   for await (const batchResult of sockSdk.batchPackageStream({
-    alerts: 'true',
-    compact: 'true',
-    ...(options.include.actions ? {
-      actions: options.include.actions.join(',')
-    } : {}),
-    ...(options.include.unfixable ? {} : {
-      fixable: 'true'
-    })
-  }, {
     components: uniqPurls.map(purl => ({
       purl
     }))
+  }, {
+    queryParams: {
+      alerts: 'true',
+      compact: 'true',
+      ...(opts.include.actions ? {
+        actions: opts.include.actions.join(',')
+      } : {}),
+      ...(opts.include.unfixable ? {} : {
+        fixable: 'true'
+      })
+    }
   })) {
     if (batchResult.success) {
       await addArtifactToAlertsMap(batchResult.data, alertsByPurl, alertsMapOptions);
-    } else if (!options.nothrow) {
+    } else if (!opts.nothrow) {
       const statusCode = batchResult.status ?? 'unknown';
       const statusMessage = batchResult.error ?? 'No status message';
       throw new Error(`Socket API server error (${statusCode}): ${statusMessage}`);
@@ -3090,7 +3197,7 @@ function safeNpmInstall(options) {
     ...options
   };
   let stdio = spawnOptions.stdio;
-  const useIpc = objects.isObject(ipc);
+  const useIpc = require$$7.isObject(ipc);
   // Include 'ipc' in the spawnOptions.stdio when an options.ipc object is provided.
   // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
   // and https://github.com/nodejs/node/blob/v23.6.0/lib/internal/child_process.js#L238.
@@ -3249,6 +3356,9 @@ async function spawnCoana(args, options, extra) {
     __proto__: null,
     ...options
   };
+  const orgSlugCResult = await getDefaultOrgSlug();
+  const SOCKET_CLI_API_TOKEN = getDefaultToken();
+  const SOCKET_ORG_SLUG = orgSlugCResult.ok ? orgSlugCResult.data : undefined;
   try {
     const output = await spawn.spawn(constants.execPath, [
     // Lazily access constants.nodeNoWarningsFlags.
@@ -3260,7 +3370,9 @@ async function spawnCoana(args, options, extra) {
         ...process.env,
         // Lazily access constants.processEnv.
         ...constants.processEnv,
-        SOCKET_CLI_API_TOKEN: getDefaultToken(),
+        RUN_WITHOUT_DOCKER: 'true',
+        SOCKET_CLI_API_TOKEN,
+        SOCKET_ORG_SLUG,
         ...spawnEnv
       }
     }, extra);
@@ -3694,6 +3806,7 @@ exports.detectAndValidatePackageEnvironment = detectAndValidatePackageEnvironmen
 exports.determineOrgSlug = determineOrgSlug;
 exports.extractOverridesFromPnpmLockSrc = extractOverridesFromPnpmLockSrc;
 exports.failMsgWithBadge = failMsgWithBadge;
+exports.fetchOrganization = fetchOrganization;
 exports.getAlertsMapFromPnpmLockfile = getAlertsMapFromPnpmLockfile;
 exports.getAlertsMapFromPurls = getAlertsMapFromPurls;
 exports.getBaseBranch = getBaseBranch;
@@ -3701,6 +3814,7 @@ exports.getBashrcDetails = getBashrcDetails;
 exports.getConfigValue = getConfigValue;
 exports.getConfigValueOrUndef = getConfigValueOrUndef;
 exports.getCveInfoFromAlertsMap = getCveInfoFromAlertsMap;
+exports.getDefaultOrgSlug = getDefaultOrgSlug;
 exports.getFlagListOutput = getFlagListOutput;
 exports.getMajor = getMajor;
 exports.getMinVersion = getMinVersion;
@@ -3715,6 +3829,8 @@ exports.getPurlObject = getPurlObject;
 exports.getRepoInfo = getRepoInfo;
 exports.getRepoName = getRepoName;
 exports.getSocketDevPackageOverviewUrlFromPurl = getSocketDevPackageOverviewUrlFromPurl;
+exports.getSupportedConfigEntries = getSupportedConfigEntries;
+exports.getSupportedConfigKeys = getSupportedConfigKeys;
 exports.getVisibleTokenPrefix = getVisibleTokenPrefix;
 exports.gitBranch = gitBranch;
 exports.gitCheckoutBranch = gitCheckoutBranch;
@@ -3735,6 +3851,9 @@ exports.isHelpFlag = isHelpFlag;
 exports.isNpmBinPathShadowed = isNpmBinPathShadowed;
 exports.isNpxBinPathShadowed = isNpxBinPathShadowed;
 exports.isReadOnlyConfig = isReadOnlyConfig;
+exports.isReportSupportedFile = isReportSupportedFile;
+exports.isSensitiveConfigKey = isSensitiveConfigKey;
+exports.isSupportedConfigKey = isSupportedConfigKey;
 exports.logAlertsMap = logAlertsMap;
 exports.mapToObject = mapToObject;
 exports.mdTable = mdTable;
@@ -3757,15 +3876,13 @@ exports.runAgentInstall = runAgentInstall;
 exports.safeReadFile = safeReadFile;
 exports.safeReadFileSync = safeReadFileSync;
 exports.safeStatsSync = safeStatsSync;
-exports.sensitiveConfigKeys = sensitiveConfigKeys;
 exports.serializeResultJson = serializeResultJson;
 exports.setupSdk = setupSdk;
 exports.spawnCoana = spawnCoana;
 exports.suggestOrgSlug = suggestOrgSlug;
-exports.supportedConfigKeys = supportedConfigKeys;
 exports.tildify = tildify;
 exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=96b61366-c81e-4ff5-9bd9-16bed8c0ae5f
+//# debugId=eeb540f1-2cc9-44c6-8101-3926e319a1db
 //# sourceMappingURL=utils.js.map