@socketsecurity/cli-with-sentry 1.0.79 → 1.0.80

package/dist/utils.js

@@ -3,7 +3,7 @@
 var vendor = require('./vendor.js');
 var logger = require('../external/@socketsecurity/registry/lib/logger');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
-var debug = require('../external/@socketsecurity/registry/lib/debug');
+var require$$6 = require('../external/@socketsecurity/registry/lib/debug');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
 var require$$7 = require('../external/@socketsecurity/registry/lib/objects');
 var path$1 = require('../external/@socketsecurity/registry/lib/path');
@@ -14,290 +14,17 @@ var path = require('node:path');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var prompts = require('../external/@socketsecurity/registry/lib/prompts');
 var spawn = require('../external/@socketsecurity/registry/lib/spawn');
-var fs = require('node:fs');
+var fs$1 = require('node:fs');
 var promises = require('node:timers/promises');
-var fs$1 = require('../external/@socketsecurity/registry/lib/fs');
-var require$$8 = require('../external/@socketsecurity/registry/lib/promises');
-var packages = require('../external/@socketsecurity/registry/lib/packages');
-var streams = require('../external/@socketsecurity/registry/lib/streams');
+var fs = require('../external/@socketsecurity/registry/lib/fs');
 var registry = require('../external/@socketsecurity/registry');
+var packages = require('../external/@socketsecurity/registry/lib/packages');
 var require$$5 = require('node:module');
 var npm = require('../external/@socketsecurity/registry/lib/npm');
+var streams = require('../external/@socketsecurity/registry/lib/streams');
+var globs = require('../external/@socketsecurity/registry/lib/globs');
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-const ignoredDirs = [
-// Taken from ignore-by-default:
-// https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js
-'.git',
-// Git repository files, see <https://git-scm.com/>
-'.log',
-// Log files emitted by tools such as `tsserver`, see <https://github.com/Microsoft/TypeScript/wiki/Standalone-Server-%28tsserver%29>
-'.nyc_output',
-// Temporary directory where nyc stores coverage data, see <https://github.com/bcoe/nyc>
-'.sass-cache',
-// Cache folder for node-sass, see <https://github.com/sass/node-sass>
-'.yarn',
-// Where node modules are installed when using Yarn, see <https://yarnpkg.com/>
-'bower_components',
-// Where Bower packages are installed, see <http://bower.io/>
-'coverage',
-// Standard output directory for code coverage reports, see <https://github.com/gotwarlost/istanbul>
-'node_modules',
-// Where Node modules are installed, see <https://nodejs.org/>
-// Taken from globby:
-// https://github.com/sindresorhus/globby/blob/v14.0.2/ignore.js#L11-L16
-'flow-typed'];
-const ignoredDirPatterns = ignoredDirs.map(i => `**/${i}`);
-async function getWorkspaceGlobs(agent, cwd = process.cwd()) {
-  let workspacePatterns;
-  if (agent === 'pnpm') {
-    for (const workspacePath of [path.join(cwd, 'pnpm-workspace.yaml'), path.join(cwd, 'pnpm-workspace.yml')]) {
-      // eslint-disable-next-line no-await-in-loop
-      const yml = await safeReadFile(workspacePath);
-      if (yml) {
-        try {
-          workspacePatterns = vendor.distExports.parse(yml)?.packages;
-        } catch {}
-        if (workspacePatterns) {
-          break;
-        }
-      }
-    }
-  } else {
-    workspacePatterns = (await packages.readPackageJson(cwd, {
-      throws: false
-    }))?.['workspaces'];
-  }
-  return Array.isArray(workspacePatterns) ? workspacePatterns.filter(strings.isNonEmptyString).map(workspacePatternToGlobPattern) : [];
-}
-function ignoreFileLinesToGlobPatterns(lines, filepath, cwd) {
-  const base = path.relative(cwd, path.dirname(filepath)).replace(/\\/g, '/');
-  const patterns = [];
-  for (let i = 0, {
-      length
-    } = lines; i < length; i += 1) {
-    const pattern = lines[i].trim();
-    if (pattern.length > 0 && pattern.charCodeAt(0) !== 35 /*'#'*/) {
-      patterns.push(ignorePatternToMinimatch(pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/ ? `!${path.posix.join(base, pattern.slice(1))}` : path.posix.join(base, pattern)));
-    }
-  }
-  return patterns;
-}
-function ignoreFileToGlobPatterns(content, filepath, cwd) {
-  return ignoreFileLinesToGlobPatterns(content.split(/\r?\n/), filepath, cwd);
-}
-
-// Based on `@eslint/compat` convertIgnorePatternToMinimatch.
-// Apache v2.0 licensed
-// Copyright Nicholas C. Zakas
-// https://github.com/eslint/rewrite/blob/compat-v1.2.1/packages/compat/src/ignore-file.js#L28
-function ignorePatternToMinimatch(pattern) {
-  const isNegated = pattern.startsWith('!');
-  const negatedPrefix = isNegated ? '!' : '';
-  const patternToTest = (isNegated ? pattern.slice(1) : pattern).trimEnd();
-  // Special cases.
-  if (patternToTest === '' || patternToTest === '**' || patternToTest === '/**' || patternToTest === '**') {
-    return `${negatedPrefix}${patternToTest}`;
-  }
-  const firstIndexOfSlash = patternToTest.indexOf('/');
-  const matchEverywherePrefix = firstIndexOfSlash === -1 || firstIndexOfSlash === patternToTest.length - 1 ? '**/' : '';
-  const patternWithoutLeadingSlash = firstIndexOfSlash === 0 ? patternToTest.slice(1) : patternToTest;
-  // Escape `{` and `(` because in gitignore patterns they are just
-  // literal characters without any specific syntactic meaning,
-  // while in minimatch patterns they can form brace expansion or extglob syntax.
-  //
-  // For example, gitignore pattern `src/{a,b}.js` ignores file `src/{a,b}.js`.
-  // But, the same minimatch pattern `src/{a,b}.js` ignores files `src/a.js` and `src/b.js`.
-  // Minimatch pattern `src/\{a,b}.js` is equivalent to gitignore pattern `src/{a,b}.js`.
-  const escapedPatternWithoutLeadingSlash = patternWithoutLeadingSlash.replaceAll(/(?=((?:\\.|[^{(])*))\1([{(])/guy, '$1\\$2');
-  const matchInsideSuffix = patternToTest.endsWith('/**') ? '/*' : '';
-  return `${negatedPrefix}${matchEverywherePrefix}${escapedPatternWithoutLeadingSlash}${matchInsideSuffix}`;
-}
-function workspacePatternToGlobPattern(workspace) {
-  const {
-    length
-  } = workspace;
-  if (!length) {
-    return '';
-  }
-  // If the workspace ends with "/"
-  if (workspace.charCodeAt(length - 1) === 47 /*'/'*/) {
-    return `${workspace}/*/package.json`;
-  }
-  // If the workspace ends with "/**"
-  if (workspace.charCodeAt(length - 1) === 42 /*'*'*/ && workspace.charCodeAt(length - 2) === 42 /*'*'*/ && workspace.charCodeAt(length - 3) === 47 /*'/'*/) {
-    return `${workspace}/*/**/package.json`;
-  }
-  // Things like "packages/a" or "packages/*"
-  return `${workspace}/package.json`;
-}
-function filterBySupportedScanFiles(filepaths, supportedFiles) {
-  const patterns = getSupportedFilePatterns(supportedFiles);
-  return filepaths.filter(p => vendor.micromatchExports.some(p, patterns));
-}
-function getSupportedFilePatterns(supportedFiles) {
-  const patterns = [];
-  for (const key of Object.keys(supportedFiles)) {
-    const supported = supportedFiles[key];
-    if (supported) {
-      patterns.push(...Object.values(supported).map(p => `**/${p.pattern}`));
-    }
-  }
-  return patterns;
-}
-async function globWithGitIgnore(patterns, options) {
-  const {
-    cwd = process.cwd(),
-    socketConfig,
-    ...additionalOptions
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const projectIgnorePaths = socketConfig?.projectIgnorePaths;
-  const ignores = [...ignoredDirPatterns, ...(Array.isArray(projectIgnorePaths) ? ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd) : [])];
-  const ignoreFilesStream = vendor.outExports.globStream(['**/.gitignore'], {
-    absolute: true,
-    cwd
-  });
-  for await (const ignorePattern of streams.transform(8,
-  // Concurrency level.
-  async filepath => ignoreFileToGlobPatterns((await safeReadFile(filepath)) ?? '', filepath, cwd), ignoreFilesStream)) {
-    ignores.push(...ignorePattern);
-  }
-  const hasNegatedPattern = ignores.some(p => p.charCodeAt(0) === 33 /*'!'*/);
-  const globOptions = {
-    __proto__: null,
-    absolute: true,
-    cwd,
-    dot: true,
-    ignore: hasNegatedPattern ? ['**/.git', '**/node_modules'] : ignores,
-    ...additionalOptions
-  };
-  const result = await vendor.outExports.glob(patterns, globOptions);
-  if (!hasNegatedPattern) {
-    return result;
-  }
-
-  // Note: the input files must be INSIDE the cwd. If you get strange looking
-  // relative path errors here, most likely your path is outside the given cwd.
-  const filtered = vendor.ignoreExports().add(ignores).filter(globOptions.absolute ? result.map(p => path.relative(cwd, p)) : result);
-  return globOptions.absolute ? filtered.map(p => path.resolve(cwd, p)) : filtered;
-}
-async function globNodeModules(cwd = process.cwd()) {
-  return await vendor.outExports.glob('**/node_modules', {
-    absolute: true,
-    cwd,
-    onlyDirectories: true
-  });
-}
-async function globWorkspace(agent, cwd = process.cwd()) {
-  const workspaceGlobs = await getWorkspaceGlobs(agent, cwd);
-  return workspaceGlobs.length ? await vendor.outExports.glob(workspaceGlobs, {
-    absolute: true,
-    cwd,
-    ignore: ['**/node_modules/**', '**/bower_components/**']
-  }) : [];
-}
-function isReportSupportedFile(filepath, supportedFiles) {
-  const patterns = getSupportedFilePatterns(supportedFiles);
-  return vendor.micromatchExports.some(filepath, patterns);
-}
-function pathsToGlobPatterns(paths) {
-  // TODO: Does not support `~/` paths.
-  return paths.map(p => p === '.' || p === './' ? '**/*' : p);
-}
-
-async function removeNodeModules(cwd = process.cwd()) {
-  const nodeModulesPaths = await globNodeModules(cwd);
-  await require$$8.pEach(nodeModulesPaths, 3, p => fs$1.remove(p, {
-    force: true,
-    recursive: true
-  }), {
-    retries: 3
-  });
-}
-async function findUp(name, {
-  cwd = process.cwd(),
-  // Lazily access constants.abortSignal.
-  signal = constants.abortSignal
-}) {
-  let dir = path.resolve(cwd);
-  const {
-    root
-  } = path.parse(dir);
-  const names = [name].flat();
-  while (dir && dir !== root) {
-    for (const name of names) {
-      if (signal?.aborted) {
-        return undefined;
-      }
-      const filePath = path.join(dir, name);
-      try {
-        // eslint-disable-next-line no-await-in-loop
-        const stats = await fs.promises.stat(filePath);
-        if (stats.isFile()) {
-          return filePath;
-        }
-      } catch {}
-    }
-    dir = path.dirname(dir);
-  }
-  return undefined;
-}
-function isDirectorySync(filepath) {
-  return fs.existsSync(filepath) && !!safeStatsSync(filepath)?.isDirectory();
-}
-async function readFileBinary(filepath, options) {
-  return await fs.promises.readFile(filepath, {
-    // Lazily access constants.abortSignal.
-    signal: constants.abortSignal,
-    ...options,
-    encoding: 'binary'
-  });
-}
-async function readFileUtf8(filepath, options) {
-  return await fs.promises.readFile(filepath, {
-    // Lazily access constants.abortSignal.
-    signal: constants.abortSignal,
-    ...options,
-    encoding: 'utf8'
-  });
-}
-async function safeReadFile(filepath, options) {
-  try {
-    return await fs.promises.readFile(filepath, {
-      encoding: 'utf8',
-      // Lazily access constants.abortSignal.
-      signal: constants.abortSignal,
-      ...(typeof options === 'string' ? {
-        encoding: options
-      } : options)
-    });
-  } catch {}
-  return undefined;
-}
-function safeReadFileSync(filepath, options) {
-  try {
-    return fs.readFileSync(filepath, {
-      encoding: 'utf8',
-      ...(typeof options === 'string' ? {
-        encoding: options
-      } : options)
-    });
-  } catch {}
-  return undefined;
-}
-function safeStatsSync(filepath, options) {
-  try {
-    return fs.statSync(filepath, {
-      throwIfNoEntry: false,
-      ...options
-    });
-  } catch {}
-  return undefined;
-}
-
 const sensitiveConfigKeyLookup = new Set(['apiToken']);
 const supportedConfig = new Map([['apiBaseUrl', 'Base URL of the API endpoint'], ['apiProxy', 'A proxy through which to access the API'], ['apiToken', 'The API token required to access most API endpoints'], ['defaultOrg', 'The default org slug to use; usually the org your API token has access to. When set, all orgSlug arguments are implied to be this value.'], ['enforcedOrgs', 'Orgs in this list have their security policies enforced on this machine'], ['skipAskToPersistDefaultOrg', 'This flag prevents the CLI from asking you to persist the org slug when you selected one interactively'], ['org', 'Alias for defaultOrg']]);
 const supportedConfigEntries = [...supportedConfig.entries()].sort((a, b) => sorts.naturalCompare(a[0], b[0]));
@@ -311,7 +38,7 @@ function getConfigValues() {
       socketAppDataPath
     } = constants;
     if (socketAppDataPath) {
-      const raw = safeReadFileSync(socketAppDataPath);
+      const raw = fs.safeReadFileSync(socketAppDataPath);
       if (raw) {
         try {
           Object.assign(_cachedConfig, JSON.parse(Buffer.from(raw, 'base64').toString()));
@@ -326,7 +53,7 @@ function getConfigValues() {
           updateConfigValue('apiToken', token);
         }
       } else {
-        fs.mkdirSync(path.dirname(socketAppDataPath), {
+        fs$1.mkdirSync(path.dirname(socketAppDataPath), {
           recursive: true
         });
       }
@@ -355,10 +82,10 @@ function findSocketYmlSync(dir = process.cwd()) {
   let prevDir = null;
   while (dir !== prevDir) {
     let ymlPath = path.join(dir, 'socket.yml');
-    let yml = safeReadFileSync(ymlPath);
+    let yml = fs.safeReadFileSync(ymlPath);
     if (yml === undefined) {
       ymlPath = path.join(dir, 'socket.yaml');
-      yml = safeReadFileSync(ymlPath);
+      yml = fs.safeReadFileSync(ymlPath);
     }
     if (typeof yml === 'string') {
       try {
@@ -420,7 +147,7 @@ let _cachedConfig;
 // When using --config or SOCKET_CLI_CONFIG, do not persist the config.
 let _readOnlyConfig = false;
 function overrideCachedConfig(jsonConfig) {
-  debug.debugFn('notice', 'override: full config (not stored)');
+  require$$6.debugFn('notice', 'override: full config (not stored)');
   let config;
   try {
     config = JSON.parse(String(jsonConfig));
@@ -462,7 +189,7 @@ function overrideCachedConfig(jsonConfig) {
   };
 }
 function overrideConfigApiToken(apiToken) {
-  debug.debugFn('notice', 'override: API token (not stored)');
+  require$$6.debugFn('notice', 'override: API token (not stored)');
   // Set token to the local cached config and mark it read-only so it doesn't persist.
   _cachedConfig = {
     ...vendor.configExports,
@@ -511,7 +238,7 @@ function updateConfigValue(configKey, value) {
         socketAppDataPath
       } = constants;
       if (socketAppDataPath) {
-        fs.writeFileSync(socketAppDataPath, Buffer.from(JSON.stringify(localConfig)).toString('base64'));
+        fs$1.writeFileSync(socketAppDataPath, Buffer.from(JSON.stringify(localConfig)).toString('base64'));
       }
     });
   }
@@ -546,7 +273,7 @@ function captureExceptionSync(exception, hint) {
   if (!Sentry) {
     return '';
   }
-  debug.debugFn('notice', 'send: exception to Sentry');
+  require$$6.debugFn('notice', 'send: exception to Sentry');
   return Sentry.captureException(exception, hint);
 }
 
@@ -648,12 +375,12 @@ async function setupSdk(options) {
   const ProxyAgent = apiProxy?.startsWith('http:') ? vendor.HttpProxyAgent : vendor.HttpsProxyAgent;
   return {
     ok: true,
-    data: new vendor.distExports$1.SocketSdk(apiToken, {
+    data: new vendor.distExports.SocketSdk(apiToken, {
       agent: apiProxy ? new ProxyAgent({
         proxy: apiProxy
       }) : undefined,
       baseUrl: apiBaseUrl,
-      userAgent: vendor.distExports$1.createUserAgentFromPkgJson({
+      userAgent: vendor.distExports.createUserAgentFromPkgJson({
         // Lazily access constants.ENV.INLINED_SOCKET_CLI_NAME.
         name: constants.ENV.INLINED_SOCKET_CLI_NAME,
         // Lazily access constants.ENV.INLINED_SOCKET_CLI_VERSION.
@@ -691,12 +418,12 @@ async function handleApiCall(value, options) {
   } catch (e) {
     if (desc) {
       spinner?.failAndStop(`An error was thrown while requesting ${desc}`);
-      debug.debugFn('error', `caught: ${desc} error`);
+      require$$6.debugFn('error', `caught: ${desc} error`);
     } else {
       spinner?.stop();
-      debug.debugFn('error', `caught: error`);
+      require$$6.debugFn('error', `caught: error`);
     }
-    debug.debugDir('inspect', {
+    require$$6.debugDir('inspect', {
       error: e
     });
     return {
@@ -716,11 +443,11 @@ async function handleApiCall(value, options) {
       cause: reason
     } = errorResult;
     if (desc) {
-      debug.debugFn('error', `fail: ${desc} bad response`);
+      require$$6.debugFn('error', `fail: ${desc} bad response`);
     } else {
-      debug.debugFn('error', 'fail: bad response');
+      require$$6.debugFn('error', 'fail: bad response');
     }
-    debug.debugDir('inspect', {
+    require$$6.debugDir('inspect', {
       sdkResult
     });
     return {
@@ -748,8 +475,8 @@ async function handleApiCallNoSpinner(value, description) {
   } catch (e) {
     const message = `${e || NO_ERROR_MESSAGE}`;
     const reason = `${e || NO_ERROR_MESSAGE}`;
-    debug.debugFn('error', `caught: ${description} error`);
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', `caught: ${description} error`);
+    require$$6.debugDir('inspect', {
       error: e
     });
     return {
@@ -763,8 +490,8 @@ async function handleApiCallNoSpinner(value, description) {
   if (result.success === false) {
     const error = result;
     const message = `${error.error || NO_ERROR_MESSAGE}`;
-    debug.debugFn('error', `fail: ${description} bad response`);
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', `fail: ${description} bad response`);
+    require$$6.debugDir('inspect', {
       error
     });
     return {
@@ -851,8 +578,8 @@ async function queryApiSafeText(path, fetchSpinnerDesc) {
       spinner.failAndStop(`An error was thrown while requesting ${fetchSpinnerDesc}.`);
     }
     const cause = e?.message;
-    debug.debugFn('error', 'caught: queryApi() error');
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', 'caught: queryApi() error');
+    require$$6.debugDir('inspect', {
       error: e
     });
     return {
@@ -878,8 +605,8 @@ async function queryApiSafeText(path, fetchSpinnerDesc) {
       data
     };
   } catch (e) {
-    debug.debugFn('error', 'caught: await result.text() error');
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', 'caught: await result.text() error');
+    require$$6.debugDir('inspect', {
       error: e
     });
     return {
@@ -1002,9 +729,9 @@ cols) {
 function serializeResultJson(data) {
   if (typeof data !== 'object' || !data) {
     process.exitCode = 1;
-    debug.debugFn('inspect', 'typeof data=', typeof data);
+    require$$6.debugFn('inspect', 'typeof data=', typeof data);
     if (typeof data !== 'object' && data) {
-      debug.debugFn('inspect', 'data:\n', data);
+      require$$6.debugFn('inspect', 'data:\n', data);
     }
 
     // We should not allow the JSON value to be "null", or a boolean/number/string,
@@ -1024,7 +751,7 @@ function serializeResultJson(data) {
     // This could be caused by circular references, which is an "us" problem
     const message = 'There was a problem converting the data set to JSON. Please try again without --json';
     logger.logger.fail(message);
-    debug.debugDir('inspect', {
+    require$$6.debugDir('inspect', {
       error: e
     });
     return JSON.stringify({
@@ -1672,7 +1399,7 @@ async function determineOrgSlug(orgFlag, interactive, dryRun) {
 async function getDefaultOrgSlug() {
   const defaultOrgResult = getConfigValueOrUndef('defaultOrg');
   if (defaultOrgResult) {
-    debug.debugFn('notice', 'use: default org', defaultOrgResult);
+    require$$6.debugFn('notice', 'use: default org', defaultOrgResult);
     return {
       ok: true,
       data: defaultOrgResult
@@ -1682,7 +1409,7 @@ async function getDefaultOrgSlug() {
   // Lazily access constants.ENV.SOCKET_CLI_ORG_SLUG.
   const envOrgSlug = constants.ENV.SOCKET_CLI_ORG_SLUG;
   if (envOrgSlug) {
-    debug.debugFn('notice', 'use: org from environment variable', envOrgSlug);
+    require$$6.debugFn('notice', 'use: org from environment variable', envOrgSlug);
     return {
       ok: true,
       data: envOrgSlug
@@ -1711,7 +1438,7 @@ async function getDefaultOrgSlug() {
       data: `Was unable to determine the default organization for the current API token. Unable to continue.`
     };
   }
-  debug.debugFn('notice', 'resolve: org', slug);
+  require$$6.debugFn('notice', 'resolve: org', slug);
   return {
     ok: true,
     message: 'Retrieved default org from server',
@@ -1757,14 +1484,14 @@ async function getRepoInfo(cwd = process.cwd()) {
     })).stdout;
     info = parseGitRemoteUrl(remoteUrl);
     if (!info) {
-      debug.debugFn('error', 'git: unmatched git remote URL format');
-      debug.debugDir('inspect', {
+      require$$6.debugFn('error', 'git: unmatched git remote URL format');
+      require$$6.debugDir('inspect', {
         remoteUrl
       });
     }
   } catch (e) {
-    debug.debugFn('error', 'caught: `git remote get-url origin` failed');
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', 'caught: `git remote get-url origin` failed');
+    require$$6.debugDir('inspect', {
       error: e
     });
   }
@@ -1793,16 +1520,16 @@ async function gitBranch(cwd = process.cwd()) {
 async function gitCleanFdx(cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = '`git clean -fdx`';
-  debug.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     await spawn.spawn('git', ['clean', '-fdx'], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    debug.debugFn('error', `caught: ${quotedCmd} failed`);
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$6.debugDir('inspect', {
       error: e
     });
   }
@@ -1811,16 +1538,16 @@ async function gitCleanFdx(cwd = process.cwd()) {
 async function gitCheckoutBranch(branch, cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git checkout ${branch}\``;
-  debug.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     await spawn.spawn('git', ['checkout', branch], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    debug.debugFn('error', `caught: ${quotedCmd} failed`);
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$6.debugDir('inspect', {
       error: e
     });
   }
@@ -1832,16 +1559,16 @@ async function gitCreateBranch(branch, cwd = process.cwd()) {
   }
   const stdioIgnoreOptions = {
     cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git branch ${branch}\``;
-  debug.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     await spawn.spawn('git', ['branch', branch], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    debug.debugFn('error', `caught: ${quotedCmd} failed`);
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$6.debugDir('inspect', {
       error: e
     });
   }
@@ -1850,19 +1577,19 @@ async function gitCreateBranch(branch, cwd = process.cwd()) {
 async function gitPushBranch(branch, cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git push --force --set-upstream origin ${branch}\``;
-  debug.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     await spawn.spawn('git', ['push', '--force', '--set-upstream', 'origin', branch], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    debug.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
     if (spawn.isSpawnError(e) && e.code === 128) {
-      debug.debugFn('error', "denied: token requires write permissions for 'contents' and 'pull-requests'");
+      require$$6.debugFn('error', "denied: token requires write permissions for 'contents' and 'pull-requests'");
     }
-    debug.debugDir('inspect', {
+    require$$6.debugDir('inspect', {
       error: e
     });
   }
@@ -1870,7 +1597,7 @@ async function gitPushBranch(branch, cwd = process.cwd()) {
 }
 async function gitCommit(commitMsg, filepaths, options) {
   if (!filepaths.length) {
-    debug.debugFn('notice', `miss: no filepaths to add`);
+    require$$6.debugFn('notice', `miss: no filepaths to add`);
     return false;
   }
   const {
@@ -1886,26 +1613,26 @@ async function gitCommit(commitMsg, filepaths, options) {
   await gitEnsureIdentity(user, email, cwd);
   const stdioIgnoreOptions = {
     cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedAddCmd = `\`git add ${filepaths.join(' ')}\``;
-  debug.debugFn('stdio', `spawn: ${quotedAddCmd}`);
+  require$$6.debugFn('stdio', `spawn: ${quotedAddCmd}`);
   try {
     await spawn.spawn('git', ['add', ...filepaths], stdioIgnoreOptions);
   } catch (e) {
-    debug.debugFn('error', `caught: ${quotedAddCmd} failed`);
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', `caught: ${quotedAddCmd} failed`);
+    require$$6.debugDir('inspect', {
       error: e
     });
   }
   const quotedCommitCmd = `\`git commit -m ${commitMsg}\``;
-  debug.debugFn('stdio', `spawn: ${quotedCommitCmd}`);
+  require$$6.debugFn('stdio', `spawn: ${quotedCommitCmd}`);
   try {
     await spawn.spawn('git', ['commit', '-m', commitMsg], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    debug.debugFn('error', `caught: ${quotedCommitCmd} failed`);
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', `caught: ${quotedCommitCmd} failed`);
+    require$$6.debugDir('inspect', {
       error: e
     });
   }
@@ -1914,18 +1641,18 @@ async function gitCommit(commitMsg, filepaths, options) {
 async function gitDeleteBranch(branch, cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git branch -D ${branch}\``;
-  debug.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     // Will throw with exit code 1 if branch does not exist.
     await spawn.spawn('git', ['branch', '-D', branch], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    if (debug.isDebug('stdio')) {
-      debug.debugFn('error', `caught: ${quotedCmd} failed`);
-      debug.debugDir('inspect', {
+    if (require$$6.isDebug('stdio')) {
+      require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
+      require$$6.debugDir('inspect', {
         error: e
       });
     }
@@ -1944,14 +1671,14 @@ async function gitEnsureIdentity(name, email, cwd = process.cwd()) {
     let configValue;
     {
       const quotedCmd = `\`git config --get ${prop}\``;
-      debug.debugFn('stdio', `spawn: ${quotedCmd}`);
+      require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
       try {
         // Will throw with exit code 1 if the config property is not set.
         configValue = (await spawn.spawn('git', ['config', '--get', prop], stdioPipeOptions)).stdout;
       } catch (e) {
-        if (debug.isDebug('stdio')) {
-          debug.debugFn('error', `caught: ${quotedCmd} failed`);
-          debug.debugDir('inspect', {
+        if (require$$6.isDebug('stdio')) {
+          require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
+          require$$6.debugDir('inspect', {
             error: e
           });
         }
@@ -1960,16 +1687,16 @@ async function gitEnsureIdentity(name, email, cwd = process.cwd()) {
     if (configValue !== value) {
       const stdioIgnoreOptions = {
         cwd,
-        stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+        stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
       };
       const quotedCmd = `\`git config ${prop} ${value}\``;
-      debug.debugFn('stdio', `spawn: ${quotedCmd}`);
+      require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
       try {
         await spawn.spawn('git', ['config', prop, value], stdioIgnoreOptions);
       } catch (e) {
-        if (debug.isDebug('stdio')) {
-          debug.debugFn('error', `caught: ${quotedCmd} failed`);
-          debug.debugDir('inspect', {
+        if (require$$6.isDebug('stdio')) {
+          require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
+          require$$6.debugDir('inspect', {
             error: e
           });
         }
@@ -1980,18 +1707,18 @@ async function gitEnsureIdentity(name, email, cwd = process.cwd()) {
 async function gitLocalBranchExists(branch, cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git show-ref --quiet refs/heads/${branch}\``;
-  debug.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     // Will throw with exit code 1 if the branch does not exist.
     await spawn.spawn('git', ['show-ref', '--quiet', `refs/heads/${branch}`], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    if (debug.isDebug('stdio')) {
-      debug.debugFn('error', `caught: ${quotedCmd} failed`);
-      debug.debugDir('inspect', {
+    if (require$$6.isDebug('stdio')) {
+      require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
+      require$$6.debugDir('inspect', {
         error: e
       });
     }
@@ -2016,16 +1743,16 @@ async function gitResetAndClean(branch = 'HEAD', cwd = process.cwd()) {
 async function gitResetHard(branch = 'HEAD', cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git reset --hard ${branch}\``;
-  debug.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     await spawn.spawn('git', ['reset', '--hard', branch], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    debug.debugFn('error', `caught: ${quotedCmd} failed`);
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$6.debugDir('inspect', {
       error: e
     });
   }
@@ -2044,8 +1771,8 @@ async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
       data: relPaths.map(p => path$1.normalizePath(p))
     };
   } catch (e) {
-    debug.debugFn('error', `caught: ${quotedCmd} failed`);
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$6.debugDir('inspect', {
       error: e
     });
     return {
@@ -2141,6 +1868,211 @@ function* walkNestedMap(map, keys = []) {
   }
 }
 
+const DEFAULT_IGNORE_FOR_GIT_IGNORE = globs.defaultIgnore.filter(p => !p.endsWith('.gitignore'));
+const IGNORED_DIRS = [
+// Taken from ignore-by-default:
+// https://github.com/novemberborn/ignore-by-default/blob/v2.1.0/index.js
+'.git',
+// Git repository files, see <https://git-scm.com/>
+'.log',
+// Log files emitted by tools such as `tsserver`, see <https://github.com/Microsoft/TypeScript/wiki/Standalone-Server-%28tsserver%29>
+'.nyc_output',
+// Temporary directory where nyc stores coverage data, see <https://github.com/bcoe/nyc>
+'.sass-cache',
+// Cache folder for node-sass, see <https://github.com/sass/node-sass>
+'.yarn',
+// Where node modules are installed when using Yarn, see <https://yarnpkg.com/>
+'bower_components',
+// Where Bower packages are installed, see <http://bower.io/>
+'coverage',
+// Standard output directory for code coverage reports, see <https://github.com/gotwarlost/istanbul>
+'node_modules',
+// Where Node modules are installed, see <https://nodejs.org/>
+// Taken from globby:
+// https://github.com/sindresorhus/globby/blob/v14.0.2/ignore.js#L11-L16
+'flow-typed'];
+const IGNORED_DIR_PATTERNS = IGNORED_DIRS.map(i => `**/${i}`);
+async function getWorkspaceGlobs(agent, cwd = process.cwd()) {
+  let workspacePatterns;
+  if (agent === 'pnpm') {
+    for (const workspacePath of [path.join(cwd, 'pnpm-workspace.yaml'), path.join(cwd, 'pnpm-workspace.yml')]) {
+      // eslint-disable-next-line no-await-in-loop
+      const yml = await fs.safeReadFile(workspacePath);
+      if (yml) {
+        try {
+          workspacePatterns = vendor.distExports$1.parse(yml)?.packages;
+        } catch {}
+        if (workspacePatterns) {
+          break;
+        }
+      }
+    }
+  } else {
+    workspacePatterns = (await packages.readPackageJson(cwd, {
+      throws: false
+    }))?.['workspaces'];
+  }
+  return Array.isArray(workspacePatterns) ? workspacePatterns.filter(strings.isNonEmptyString).map(workspacePatternToGlobPattern) : [];
+}
+function ignoreFileLinesToGlobPatterns(lines, filepath, cwd) {
+  const base = path.relative(cwd, path.dirname(filepath)).replace(/\\/g, '/');
+  const patterns = [];
+  for (let i = 0, {
+      length
+    } = lines; i < length; i += 1) {
+    const pattern = lines[i].trim();
+    if (pattern.length > 0 && pattern.charCodeAt(0) !== 35 /*'#'*/) {
+      patterns.push(ignorePatternToMinimatch(pattern.length && pattern.charCodeAt(0) === 33 /*'!'*/ ? `!${path.posix.join(base, pattern.slice(1))}` : path.posix.join(base, pattern)));
+    }
+  }
+  return patterns;
+}
+function ignoreFileToGlobPatterns(content, filepath, cwd) {
+  return ignoreFileLinesToGlobPatterns(content.split(/\r?\n/), filepath, cwd);
+}
+
+// Based on `@eslint/compat` convertIgnorePatternToMinimatch.
+// Apache v2.0 licensed
+// Copyright Nicholas C. Zakas
+// https://github.com/eslint/rewrite/blob/compat-v1.2.1/packages/compat/src/ignore-file.js#L28
+function ignorePatternToMinimatch(pattern) {
+  const isNegated = pattern.startsWith('!');
+  const negatedPrefix = isNegated ? '!' : '';
+  const patternToTest = (isNegated ? pattern.slice(1) : pattern).trimEnd();
+  // Special cases.
+  if (patternToTest === '' || patternToTest === '**' || patternToTest === '/**' || patternToTest === '**') {
+    return `${negatedPrefix}${patternToTest}`;
+  }
+  const firstIndexOfSlash = patternToTest.indexOf('/');
+  const matchEverywherePrefix = firstIndexOfSlash === -1 || firstIndexOfSlash === patternToTest.length - 1 ? '**/' : '';
+  const patternWithoutLeadingSlash = firstIndexOfSlash === 0 ? patternToTest.slice(1) : patternToTest;
+  // Escape `{` and `(` because in gitignore patterns they are just
+  // literal characters without any specific syntactic meaning,
+  // while in minimatch patterns they can form brace expansion or extglob syntax.
+  //
+  // For example, gitignore pattern `src/{a,b}.js` ignores file `src/{a,b}.js`.
+  // But, the same minimatch pattern `src/{a,b}.js` ignores files `src/a.js` and `src/b.js`.
+  // Minimatch pattern `src/\{a,b}.js` is equivalent to gitignore pattern `src/{a,b}.js`.
+  const escapedPatternWithoutLeadingSlash = patternWithoutLeadingSlash.replaceAll(/(?=((?:\\.|[^{(])*))\1([{(])/guy, '$1\\$2');
+  const matchInsideSuffix = patternToTest.endsWith('/**') ? '/*' : '';
+  return `${negatedPrefix}${matchEverywherePrefix}${escapedPatternWithoutLeadingSlash}${matchInsideSuffix}`;
+}
+function workspacePatternToGlobPattern(workspace) {
+  const {
+    length
+  } = workspace;
+  if (!length) {
+    return '';
+  }
+  // If the workspace ends with "/"
+  if (workspace.charCodeAt(length - 1) === 47 /*'/'*/) {
+    return `${workspace}/*/package.json`;
+  }
+  // If the workspace ends with "/**"
+  if (workspace.charCodeAt(length - 1) === 42 /*'*'*/ && workspace.charCodeAt(length - 2) === 42 /*'*'*/ && workspace.charCodeAt(length - 3) === 47 /*'/'*/) {
+    return `${workspace}/*/**/package.json`;
+  }
+  // Things like "packages/a" or "packages/*"
+  return `${workspace}/package.json`;
+}
+function filterBySupportedScanFiles(filepaths, supportedFiles) {
+  const patterns = getSupportedFilePatterns(supportedFiles);
+  return filepaths.filter(p => vendor.micromatchExports.some(p, patterns));
+}
+function getSupportedFilePatterns(supportedFiles) {
+  const patterns = [];
+  for (const key of Object.keys(supportedFiles)) {
+    const supported = supportedFiles[key];
+    if (supported) {
+      patterns.push(...Object.values(supported).map(p => `**/${p.pattern}`));
+    }
+  }
+  return patterns;
+}
+async function globWithGitIgnore(patterns, options) {
+  const {
+    cwd = process.cwd(),
+    socketConfig,
+    ...additionalOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const ignores = new Set(IGNORED_DIR_PATTERNS);
+  const projectIgnorePaths = socketConfig?.projectIgnorePaths;
+  if (Array.isArray(projectIgnorePaths)) {
+    const ignorePatterns = ignoreFileLinesToGlobPatterns(projectIgnorePaths, path.join(cwd, '.gitignore'), cwd);
+    for (const pattern of ignorePatterns) {
+      ignores.add(pattern);
+    }
+  }
+  const gitIgnoreStream = vendor.outExports.globStream(['**/.gitignore'], {
+    absolute: true,
+    cwd,
+    ignore: DEFAULT_IGNORE_FOR_GIT_IGNORE
+  });
+  for await (const ignorePatterns of streams.transform(gitIgnoreStream, async filepath => ignoreFileToGlobPatterns((await fs.safeReadFile(filepath)) ?? '', filepath, cwd), {
+    concurrency: 8
+  })) {
+    for (const p of ignorePatterns) {
+      ignores.add(p);
+    }
+  }
+  let hasNegatedPattern = false;
+  for (const p of ignores) {
+    if (p.charCodeAt(0) === 33) {
+      hasNegatedPattern = true;
+      break;
+    }
+  }
+  const globOptions = {
+    __proto__: null,
+    absolute: true,
+    cwd,
+    dot: true,
+    ignore: hasNegatedPattern ? globs.defaultIgnore : [...ignores],
+    ...additionalOptions
+  };
+  if (!hasNegatedPattern) {
+    return await vendor.outExports.glob(patterns, globOptions);
+  }
+  const ig = vendor.ignoreExports().add([...ignores]);
+  const filtered = [];
+  const stream = vendor.outExports.globStream(patterns, globOptions);
+  for await (const p of stream) {
+    // Note: the input files must be INSIDE the cwd. If you get strange looking
+    // relative path errors here, most likely your path is outside the given cwd.
+    const relPath = globOptions.absolute ? path.relative(cwd, p) : p;
+    if (!ig.ignores(relPath)) {
+      filtered.push(p);
+    }
+  }
+  return filtered;
+}
+async function globStreamNodeModules(cwd = process.cwd()) {
+  return vendor.outExports.globStream('**/node_modules', {
+    absolute: true,
+    cwd,
+    onlyDirectories: true
+  });
+}
+async function globWorkspace(agent, cwd = process.cwd()) {
+  const workspaceGlobs = await getWorkspaceGlobs(agent, cwd);
+  return workspaceGlobs.length ? await vendor.outExports.glob(workspaceGlobs, {
+    absolute: true,
+    cwd,
+    ignore: globs.defaultIgnore
+  }) : [];
+}
+function isReportSupportedFile(filepath, supportedFiles) {
+  const patterns = getSupportedFilePatterns(supportedFiles);
+  return vendor.micromatchExports.some(filepath, patterns);
+}
+function pathsToGlobPatterns(paths) {
+  // TODO: Does not support `~/` paths.
+  return paths.map(p => p === '.' || p === './' ? '**/*' : p);
+}
+
 function findBinPathDetailsSync(binName) {
   const binPaths = vendor.libExports$1.sync(binName, {
     all: true,
@@ -2186,11 +2118,11 @@ function findNpmDirPathSync(npmBinPath) {
     // Use existsSync here because statsSync, even with { throwIfNoEntry: false },
     // will throw an ENOTDIR error for paths like ./a-file-that-exists/a-directory-that-does-not.
     // See https://github.com/nodejs/node/issues/56993.
-    isDirectorySync(libNmNpmPath)) {
+    fs.isDirSync(libNmNpmPath)) {
       thePath = libNmNpmPath;
     }
-    const hasSameLevelNmPath = isDirectorySync(path.join(thePath, 'node_modules'));
-    const hasOneBackNmPath = !hasSameLevelNmPath && isDirectorySync(path.join(thePath, '../node_modules'));
+    const hasNmInCurrPath = fs.isDirSync(path.join(thePath, 'node_modules'));
+    const hasNmInParentPath = !hasNmInCurrPath && fs.isDirSync(path.join(thePath, '../node_modules'));
     if (
     // npm bin paths may look like:
     //   /usr/local/share/npm/bin/npm
@@ -2202,14 +2134,14 @@ function findNpmDirPathSync(npmBinPath) {
     // In practically all cases the npm path contains a node_modules folder:
     //   /usr/local/share/npm/bin/npm/node_modules
     //   C:\Program Files\nodejs\node_modules
-    (hasSameLevelNmPath ||
-    // In some bespoke cases the node_modules folder is one level back.
-    hasOneBackNmPath) && (
+    (hasNmInCurrPath ||
+    // In some bespoke cases the node_modules folder is in the parent directory.
+    hasNmInParentPath) && (
     // Optimistically look for the default location.
     path.basename(thePath) === 'npm' ||
     // Chocolatey installs npm bins in the same directory as node bins.
-    WIN32 && fs.existsSync(path.join(thePath, 'npm.cmd')))) {
-      return hasOneBackNmPath ? path.dirname(thePath) : thePath;
+    WIN32 && fs$1.existsSync(path.join(thePath, 'npm.cmd')))) {
+      return hasNmInParentPath ? path.dirname(thePath) : thePath;
     }
     const parent = path.dirname(thePath);
     if (parent === thePath) {
@@ -2252,8 +2184,8 @@ function getDefaultSocketJson() {
 }
 async function readSocketJson(cwd, defaultOnError = false) {
   const sockJsonPath = path.join(cwd, 'socket.json');
-  if (!fs.existsSync(sockJsonPath)) {
-    debug.debugFn('notice', `miss: file not found ${sockJsonPath}`);
+  if (!fs$1.existsSync(sockJsonPath)) {
+    require$$6.debugFn('notice', `miss: file not found ${sockJsonPath}`);
     return {
       ok: true,
       data: getDefaultSocketJson()
@@ -2261,9 +2193,9 @@ async function readSocketJson(cwd, defaultOnError = false) {
   }
   let json = null;
   try {
-    json = await fs.promises.readFile(sockJsonPath, 'utf8');
+    json = await fs$1.promises.readFile(sockJsonPath, 'utf8');
   } catch (e) {
-    debug.debugDir('inspect', {
+    require$$6.debugDir('inspect', {
       error: e
     });
     if (defaultOnError) {
@@ -2284,8 +2216,8 @@ async function readSocketJson(cwd, defaultOnError = false) {
   try {
     obj = JSON.parse(json);
   } catch {
-    debug.debugFn('error', 'fail: parse JSON');
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', 'fail: parse JSON');
+    require$$6.debugDir('inspect', {
       json
     });
     if (defaultOnError) {
@@ -2322,11 +2254,11 @@ async function writeSocketJson(cwd, sockJson) {
   try {
     json = JSON.stringify(sockJson, null, 2);
   } catch (e) {
-    debug.debugFn('error', 'fail: stringify JSON');
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', 'fail: stringify JSON');
+    require$$6.debugDir('inspect', {
       error: e
     });
-    debug.debugDir('inspect', {
+    require$$6.debugDir('inspect', {
       sockJson
     });
     return {
@@ -2336,48 +2268,13 @@ async function writeSocketJson(cwd, sockJson) {
     };
   }
   const filepath = path.join(cwd, 'socket.json');
-  await fs.promises.writeFile(filepath, json + '\n', 'utf8');
+  await fs$1.promises.writeFile(filepath, json + '\n', 'utf8');
   return {
     ok: true,
     data: undefined
   };
 }
 
-const helpFlags = new Set(['--help', '-h']);
-function cmdFlagsToString(args) {
-  const result = [];
-  for (let i = 0, {
-      length
-    } = args; i < length; i += 1) {
-    if (args[i].startsWith('--')) {
-      // Check if the next item exists and is NOT another flag.
-      if (i + 1 < length && !args[i + 1].startsWith('--')) {
-        result.push(`${args[i]}=${args[i + 1]}`);
-        i += 1;
-      } else {
-        result.push(args[i]);
-      }
-    }
-  }
-  return result.join(' ');
-}
-function cmdFlagValueToArray(flagValue) {
-  if (typeof flagValue === 'string') {
-    return flagValue.trim().split(/, */);
-  }
-  if (Array.isArray(flagValue)) {
-    return flagValue.flatMap(v => v.split(/, */));
-  }
-  return [];
-}
-function cmdPrefixMessage(cmdName, text) {
-  const cmdPrefix = cmdName ? `${cmdName}: ` : '';
-  return `${cmdPrefix}${text}`;
-}
-function isHelpFlag(cmdArg) {
-  return helpFlags.has(cmdArg);
-}
-
 async function spawnCoana(args, options, extra) {
   const {
     env: spawnEnv
@@ -2480,7 +2377,7 @@ function getNpmRequire() {
   if (_npmRequire === undefined) {
     const npmDirPath = getNpmDirPath();
     const npmNmPath = path.join(npmDirPath, NODE_MODULES, NPM$3);
-    _npmRequire = require$$5.createRequire(path.join(fs.existsSync(npmNmPath) ? npmNmPath : npmDirPath, '<dummy-basename>'));
+    _npmRequire = require$$5.createRequire(path.join(fs$1.existsSync(npmNmPath) ? npmNmPath : npmDirPath, '<dummy-basename>'));
   }
   return _npmRequire;
 }
@@ -2898,12 +2795,12 @@ function getCveInfoFromAlertsMap(alertsMap, options) {
             error = e;
           }
         }
-        debug.debugFn('error', 'fail: invalid SocketPackageAlert');
-        debug.debugDir('inspect', {
+        require$$6.debugFn('error', 'fail: invalid SocketPackageAlert');
+        require$$6.debugDir('inspect', {
           alert
         });
         if (error) {
-          debug.debugDir('inspect', {
+          require$$6.debugDir('inspect', {
             error: error.message ?? error
           });
         }
@@ -3164,7 +3061,7 @@ async function getAlertsMapFromPurls(purls, options) {
     ...opts.include
   };
   const uniqPurls = arrays.arrayUnique(purls);
-  debug.debugDir('silly', {
+  require$$6.debugDir('silly', {
     purls: uniqPurls
   });
   let {
@@ -3218,7 +3115,7 @@ async function getAlertsMapFromPurls(purls, options) {
     } else {
       spinner?.stop();
       logger.logger.fail(`Received a ${batchResult.status} response from Socket API which we consider a permanent failure:`, batchResult.error, batchResult.cause ? `( ${batchResult.cause} )` : '');
-      debug.debugDir('inspect', {
+      require$$6.debugDir('inspect', {
         batchResult
       });
       break;
@@ -3239,6 +3136,79 @@ function npa(...args) {
   return null;
 }
 
+async function removeNodeModules(cwd = process.cwd()) {
+  const stream = await globStreamNodeModules(cwd);
+  await streams.parallelEach(stream, p => fs.remove(p, {
+    force: true,
+    recursive: true
+  }), {
+    concurrency: 8
+  });
+}
+async function findUp(name, {
+  cwd = process.cwd(),
+  // Lazily access constants.abortSignal.
+  signal = constants.abortSignal
+}) {
+  let dir = path.resolve(cwd);
+  const {
+    root
+  } = path.parse(dir);
+  const names = [name].flat();
+  while (dir && dir !== root) {
+    for (const name of names) {
+      if (signal?.aborted) {
+        return undefined;
+      }
+      const filePath = path.join(dir, name);
+      try {
+        // eslint-disable-next-line no-await-in-loop
+        const stats = await fs$1.promises.stat(filePath);
+        if (stats.isFile()) {
+          return filePath;
+        }
+      } catch {}
+    }
+    dir = path.dirname(dir);
+  }
+  return undefined;
+}
+
+const helpFlags = new Set(['--help', '-h']);
+function cmdFlagsToString(args) {
+  const result = [];
+  for (let i = 0, {
+      length
+    } = args; i < length; i += 1) {
+    if (args[i].startsWith('--')) {
+      // Check if the next item exists and is NOT another flag.
+      if (i + 1 < length && !args[i + 1].startsWith('--')) {
+        result.push(`${args[i]}=${args[i + 1]}`);
+        i += 1;
+      } else {
+        result.push(args[i]);
+      }
+    }
+  }
+  return result.join(' ');
+}
+function cmdFlagValueToArray(flagValue) {
+  if (typeof flagValue === 'string') {
+    return flagValue.trim().split(/, */);
+  }
+  if (Array.isArray(flagValue)) {
+    return flagValue.flatMap(v => v.split(/, */));
+  }
+  return [];
+}
+function cmdPrefixMessage(cmdName, text) {
+  const cmdPrefix = cmdName ? `${cmdName}: ` : '';
+  return `${cmdPrefix}${text}`;
+}
+function isHelpFlag(cmdArg) {
+  return helpFlags.has(cmdArg);
+}
+
 const {
   NPM: NPM$2,
   SOCKET_CLI_SAFE_BIN,
@@ -3266,7 +3236,7 @@ function safeNpmInstall(options) {
   } else if (useIpc && Array.isArray(stdio) && !stdio.includes('ipc')) {
     stdio = stdio.concat('ipc');
   }
-  const useDebug = debug.isDebug('stdio');
+  const useDebug = require$$6.isDebug('stdio');
   const terminatorPos = args.indexOf('--');
   const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos);
   const progressArg = rawBinArgs.findLast(npm.isNpmProgressFlag) !== '--no-progress';
@@ -3408,7 +3378,7 @@ async function getNpmConfig(options) {
 }
 
 async function readLockfile(lockfilePath) {
-  return fs.existsSync(lockfilePath) ? await readFileUtf8(lockfilePath) : null;
+  return fs$1.existsSync(lockfilePath) ? await fs.readFileUtf8(lockfilePath) : null;
 }
 
 const {
@@ -3436,8 +3406,8 @@ const readLockFileByAgent = (() => {
       return undefined;
     };
   }
-  const binaryReader = wrapReader(readFileBinary);
-  const defaultReader = wrapReader(async lockPath => await readFileUtf8(lockPath));
+  const binaryReader = wrapReader(fs.readFileBinary);
+  const defaultReader = wrapReader(async lockPath => await fs.readFileUtf8(lockPath));
   return new Map([[BUN, wrapReader(async (lockPath, agentExecPath, cwd = process.cwd()) => {
     const ext = path.extname(lockPath);
     if (ext === LOCK_EXT) {
@@ -3510,8 +3480,8 @@ async function getAgentVersion(agentExecPath, cwd) {
       shell: constants.WIN32
     })).stdout) ?? undefined;
   } catch (e) {
-    debug.debugFn('error', 'caught: unexpected error');
-    debug.debugDir('inspect', {
+    require$$6.debugFn('error', 'caught: unexpected error');
+    require$$6.debugDir('inspect', {
       error: e
     });
   }
@@ -3529,7 +3499,7 @@ async function detectPackageEnvironment({
   const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../${PACKAGE_JSON}`) : await findUp(PACKAGE_JSON, {
     cwd
   });
-  const pkgPath = pkgJsonPath && fs.existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
+  const pkgPath = pkgJsonPath && fs$1.existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
   const editablePkgJson = pkgPath ? await packages.readPackageJson(pkgPath, {
     editable: true
   }) : undefined;
@@ -3755,7 +3725,7 @@ function getCompletionSourcingCommand() {
   const completionScriptExportPath = path.join(
   // Lazily access constants.distPath.
   constants.distPath, 'socket-completion.bash');
-  if (!fs.existsSync(completionScriptExportPath)) {
+  if (!fs$1.existsSync(completionScriptExportPath)) {
     return {
       ok: false,
       message: 'Tab Completion script not found',
@@ -3891,9 +3861,6 @@ exports.readOrDefaultSocketJson = readOrDefaultSocketJson;
 exports.readSocketJson = readSocketJson;
 exports.removeNodeModules = removeNodeModules;
 exports.runAgentInstall = runAgentInstall;
-exports.safeReadFile = safeReadFile;
-exports.safeReadFileSync = safeReadFileSync;
-exports.safeStatsSync = safeStatsSync;
 exports.serializeResultJson = serializeResultJson;
 exports.setupSdk = setupSdk;
 exports.spawnCoana = spawnCoana;
@@ -3902,5 +3869,5 @@ exports.tildify = tildify;
 exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=19689308-c98a-486d-b9ee-6cfdd0348af0
+//# debugId=97cbba5e-7a53-4df3-9a47-3d2e8287b36b
 //# sourceMappingURL=utils.js.map