@socketsecurity/cli-with-sentry 1.0.8 → 1.0.10

package/dist/cli.js

@@ -355,12 +355,6 @@ async function run$P(argv, importMeta, {
     importMeta,
     parentName
   });
-  const {
-    file,
-    json,
-    markdown
-  } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
 
   // Supported inputs:
   // - []        (no args)
@@ -388,8 +382,14 @@ async function run$P(argv, importMeta, {
   } else if (cli.input[0]) {
     time = cli.input[0];
   }
+  const {
+    file,
+    json,
+    markdown
+  } = cli.flags;
   const hasApiToken = utils.hasDefaultToken();
   const noLegacy = !cli.flags['scope'] && !cli.flags['repo'] && !cli.flags['time'];
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
@@ -806,12 +806,12 @@ async function run$O(argv, importMeta, {
     page,
     perPage
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   let [typeFilter = ''] = cli.input;
   typeFilter = String(typeFilter);
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
   const noLegacy = !cli.flags['type'];
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
@@ -2432,8 +2432,8 @@ async function run$M(argv, importMeta, {
     json,
     markdown
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [key = ''] = cli.input;
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     test: utils.supportedConfigKeys.has(key) && key !== 'test',
     message: 'Config key should be the first arg',
@@ -2544,8 +2544,8 @@ async function run$L(argv, importMeta, {
     json,
     markdown
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [key = ''] = cli.input;
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     test: utils.supportedConfigKeys.has(key) || key === 'test',
     message: 'Config key should be the first arg',
@@ -2797,9 +2797,9 @@ async function run$J(argv, importMeta, {
     json,
     markdown
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [key = '', ...rest] = cli.input;
   const value = rest.join(' ');
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     test: key === 'test' || utils.supportedConfigKeys.has(key),
     message: 'Config key should be the first arg',
@@ -2917,8 +2917,8 @@ async function run$I(argv, importMeta, {
     json,
     markdown
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [key = ''] = cli.input;
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     test: key === 'test' || utils.supportedConfigKeys.has(key),
     message: 'Config key should be the first arg',
@@ -3010,9 +3010,9 @@ async function getBaseGitBranch(cwd = process.cwd()) {
   // 3. Try to resolve the default remote branch using 'git remote show origin'.
   // This handles detached HEADs or workflows triggered by tags/releases.
   try {
-    const stdout = (await spawn.spawn('git', ['remote', 'show', 'origin'], {
+    const stdout = strings.stripAnsi((await spawn.spawn('git', ['remote', 'show', 'origin'], {
       cwd
-    })).stdout.trim();
+    })).stdout.trim());
     const match = /(?<=HEAD branch: ).+/.exec(stdout);
     if (match?.[0]) {
       return match[0].trim();
@@ -3122,9 +3122,9 @@ async function gitCreateAndPushBranch(branch, commitMsg, filepaths, options) {
 }
 async function gitRepoInfo(cwd = process.cwd()) {
   try {
-    const remoteUrl = (await spawn.spawn('git', ['remote', 'get-url', 'origin'], {
+    const remoteUrl = strings.stripAnsi((await spawn.spawn('git', ['remote', 'get-url', 'origin'], {
       cwd
-    })).stdout.trim();
+    })).stdout.trim());
     // 1. Handle SSH-style, e.g. git@github.com:owner/repo.git
     const sshMatch = /^git@[^:]+:([^/]+)\/(.+?)(?:\.git)?$/.exec(remoteUrl);
     if (sshMatch) {
@@ -3168,7 +3168,7 @@ async function gitEnsureIdentity(name, email, cwd = process.cwd()) {
     let configValue;
     try {
       // Will throw with exit code 1 if the config property is not set.
-      configValue = (await spawn.spawn('git', ['config', '--get', prop], stdioPipeOptions)).stdout.trim();
+      configValue = strings.stripAnsi((await spawn.spawn('git', ['config', '--get', prop], stdioPipeOptions)).stdout.trim());
     } catch {}
     if (configValue !== value) {
       try {
@@ -3184,7 +3184,7 @@ async function gitRemoteBranchExists(branch, cwd = process.cwd()) {
     cwd
   };
   try {
-    return (await spawn.spawn('git', ['ls-remote', '--heads', 'origin', branch], stdioPipeOptions)).stdout.trim().length > 0;
+    return strings.stripAnsi((await spawn.spawn('git', ['ls-remote', '--heads', 'origin', branch], stdioPipeOptions)).stdout.trim()).length > 0;
   } catch {
     return false;
   }
@@ -3207,7 +3207,7 @@ async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
     const stdioPipeOptions = {
       cwd
     };
-    const stdout = (await spawn.spawn('git', ['diff', '--name-only'], stdioPipeOptions)).stdout.trim();
+    const stdout = strings.stripAnsi((await spawn.spawn('git', ['diff', '--name-only'], stdioPipeOptions)).stdout.trim());
     const rawFiles = stdout.split('\n') ?? [];
     return {
       ok: true,
@@ -3718,21 +3718,19 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
   // eslint-disable-next-line sort-destructure-keys/sort-destructure-keys
   afterInstall = noopHandler,
   revertInstall = noopHandler
-}, ciEnv, openPrs, options) {
+}, ciEnv, openPrs, fixConfig) {
+  const {
+    pkgPath: rootPath
+  } = pkgEnvDetails;
   const {
     autoMerge,
     cwd,
     limit,
     rangeStyle,
+    spinner,
     test,
     testScript
-  } = options;
-  const {
-    spinner
-  } = constants;
-  const {
-    pkgPath: rootPath
-  } = pkgEnvDetails;
+  } = fixConfig;
   let count = 0;
   const infoByPartialPurl = utils.getCveInfoFromAlertsMap(alertsMap, {
     limit: Math.max(limit, openPrs.length)
@@ -3905,7 +3903,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
           }
 
           // eslint-disable-next-line no-await-in-loop
-          await beforeInstall(editablePkgJson, name, oldVersion, newVersion, vulnerableVersionRange, options);
+          await beforeInstall(editablePkgJson, name, oldVersion, newVersion, vulnerableVersionRange, fixConfig);
           shadowNpmInject.updatePackageJsonFromNode(editablePkgJson, actualTree, node, newVersion, rangeStyle);
           // eslint-disable-next-line no-await-in-loop
           if (!(await editablePkgJson.save({
@@ -3940,7 +3938,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
             if (maybeActualTree && maybeLockSrc) {
               actualTree = maybeActualTree;
               // eslint-disable-next-line no-await-in-loop
-              await afterInstall(editablePkgJson, name, oldVersion, newVersion, vulnerableVersionRange, options);
+              await afterInstall(editablePkgJson, name, oldVersion, newVersion, vulnerableVersionRange, fixConfig);
               if (test) {
                 spinner?.info(`Testing ${newId} in ${workspace}.`);
                 // eslint-disable-next-line no-await-in-loop
@@ -4079,7 +4077,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
             if (!ciEnv) {
               spinner?.start();
               // eslint-disable-next-line no-await-in-loop
-              await revertInstall(editablePkgJson, name, oldVersion, newVersion, vulnerableVersionRange, options);
+              await revertInstall(editablePkgJson, name, oldVersion, newVersion, vulnerableVersionRange, fixConfig);
               // eslint-disable-next-line no-await-in-loop
               await Promise.all([utils.removeNodeModules(cwd), editablePkgJson.save({
                 ignoreWhitespace: true
@@ -4219,12 +4217,12 @@ async function install$1(pkgEnvDetails, options) {
   } catch {}
   return null;
 }
-async function npmFix(pkgEnvDetails, options) {
+async function npmFix(pkgEnvDetails, fixConfig) {
   const {
     limit,
     purls,
     spinner
-  } = options;
+  } = fixConfig;
   spinner?.start();
   const ciEnv = await getCiEnv();
   const openPrs = ciEnv ? await getOpenPrsForEnvironment(ciEnv) : [];
@@ -4305,7 +4303,7 @@ async function npmFix(pkgEnvDetails, options) {
         editablePkgJson.update(revertData);
       }
     }
-  }, ciEnv, openPrs, options);
+  }, ciEnv, openPrs, fixConfig);
 }
 
 async function outputFixResult(result, outputKind) {
@@ -4353,13 +4351,13 @@ async function install(pkgEnvDetails, options) {
   } catch {}
   return null;
 }
-async function pnpmFix(pkgEnvDetails, options) {
+async function pnpmFix(pkgEnvDetails, fixConfig) {
   const {
     cwd,
     limit,
     purls,
     spinner
-  } = options;
+  } = fixConfig;
   spinner?.start();
   let actualTree;
   let {
@@ -4487,7 +4485,7 @@ async function pnpmFix(pkgEnvDetails, options) {
         editablePkgJson.update(revertData);
       }
     }
-  }, ciEnv, openPrs, options);
+  }, ciEnv, openPrs, fixConfig);
 }
 
 const {
@@ -4502,25 +4500,22 @@ async function handleFix({
   outputKind,
   purls,
   rangeStyle,
+  spinner,
   test,
   testScript,
   unknownFlags
 }) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
   let {
     length: ghsasCount
   } = ghsas;
   if (ghsasCount) {
-    spinner.start('Fetching GHSA IDs...');
+    spinner?.start('Fetching GHSA IDs...');
     if (ghsasCount === 1 && ghsas[0] === 'auto') {
       const autoCResult = await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd], {
         cwd,
         spinner
       });
-      spinner.stop();
+      spinner?.stop();
       if (autoCResult.ok) {
         ghsas = utils.cmdFlagValueToArray(/(?<=Vulnerabilities found: )[^\n]+/.exec(autoCResult.data)?.[0]);
         ghsasCount = ghsas.length;
@@ -4532,15 +4527,15 @@ async function handleFix({
         ghsas = [];
         ghsasCount = 0;
       }
-      spinner.start();
+      spinner?.start();
     }
     if (ghsasCount) {
-      spinner.info(`Found ${ghsasCount} GHSA ${words.pluralize('ID', ghsasCount)}.`);
+      spinner?.info(`Found ${ghsasCount} GHSA ${words.pluralize('ID', ghsasCount)}.`);
       const applyFixesCResult = await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd, '--apply-fixes-to', ...ghsas, ...unknownFlags], {
         cwd,
         spinner
       });
-      spinner.stop();
+      spinner?.stop();
       if (!applyFixesCResult.ok) {
         debug.debugFn('coana fail:', {
           message: applyFixesCResult.message,
@@ -4550,7 +4545,7 @@ async function handleFix({
       await outputFixResult(applyFixesCResult, outputKind);
       return;
     }
-    spinner.infoAndStop('No GHSA IDs found.');
+    spinner?.infoAndStop('No GHSA IDs found.');
     await outputFixResult({
       ok: true,
       data: ''
@@ -4584,7 +4579,7 @@ async function handleFix({
     await outputFixResult({
       ok: false,
       message: 'Not supported.',
-      cause: `${agent} is not supported by this command at the moment.`
+      cause: `${agent} is not supported by this command.`
     }, outputKind);
     return;
   }
@@ -4714,6 +4709,14 @@ async function run$H(argv, importMeta, {
     logger.logger.log(DRY_RUN_NOT_SAVING);
     return;
   }
+
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  const {
+    unknownFlags
+  } = cli;
   let [cwd = '.'] = cli.input;
   // Note: path.resolve vs .join:
   // If given path is absolute then cwd should not affect it.
@@ -4728,9 +4731,6 @@ async function run$H(argv, importMeta, {
   const limit = (cli.flags['limit'] ? parseInt(String(cli.flags['limit'] || ''), 10) : Infinity) || Infinity;
   const purls = utils.cmdFlagValueToArray(cli.flags['purl']);
   const testScript = String(cli.flags['testScript'] || 'test');
-  const {
-    unknownFlags
-  } = cli;
   await handleFix({
     autoMerge,
     cwd,
@@ -4739,6 +4739,7 @@ async function run$H(argv, importMeta, {
     outputKind,
     purls,
     rangeStyle,
+    spinner,
     test,
     testScript,
     unknownFlags
@@ -7162,11 +7163,11 @@ function parsableToQueryStdout(stdout) {
 async function npmQuery(npmExecPath, cwd) {
   let stdout = '';
   try {
-    stdout = (await spawn.spawn(npmExecPath, ['query', ':not(.dev)'], {
+    stdout = strings.stripAnsi((await spawn.spawn(npmExecPath, ['query', ':not(.dev)'], {
       cwd,
       // Lazily access constants.WIN32.
       shell: constants.WIN32
-    })).stdout.trim();
+    })).stdout.trim());
   } catch {}
   return cleanupQueryStdout(stdout);
 }
@@ -7174,11 +7175,11 @@ async function lsBun(pkgEnvDetails, cwd) {
   try {
     // Bun does not support filtering by production packages yet.
     // https://github.com/oven-sh/bun/issues/8283
-    return (await spawn.spawn(pkgEnvDetails.agentExecPath, ['pm', 'ls', '--all'], {
+    return strings.stripAnsi((await spawn.spawn(pkgEnvDetails.agentExecPath, ['pm', 'ls', '--all'], {
       cwd,
       // Lazily access constants.WIN32.
       shell: constants.WIN32
-    })).stdout.trim();
+    })).stdout.trim());
   } catch {}
   return '';
 }
@@ -7195,14 +7196,14 @@ async function lsPnpm(pkgEnvDetails, cwd, options) {
   }
   let stdout = '';
   try {
-    stdout = (await spawn.spawn(pkgEnvDetails.agentExecPath,
+    stdout = strings.stripAnsi((await spawn.spawn(pkgEnvDetails.agentExecPath,
     // Pnpm uses the alternative spelling of parsable.
     // https://en.wiktionary.org/wiki/parsable
     ['ls', '--parseable', '--prod', '--depth', 'Infinity'], {
       cwd,
       // Lazily access constants.WIN32.
       shell: constants.WIN32
-    })).stdout.trim();
+    })).stdout.trim());
   } catch {}
   return parsableToQueryStdout(stdout);
 }
@@ -7210,25 +7211,24 @@ async function lsVlt(pkgEnvDetails, cwd) {
   let stdout = '';
   try {
     // See https://docs.vlt.sh/cli/commands/list#options.
-    stdout = (await spawn.spawn(pkgEnvDetails.agentExecPath, ['ls', '--view', 'human', ':not(.dev)'], {
+    stdout = strings.stripAnsi((await spawn.spawn(pkgEnvDetails.agentExecPath, ['ls', '--view', 'human', ':not(.dev)'], {
       cwd,
       // Lazily access constants.WIN32.
       shell: constants.WIN32
-    })).stdout.trim();
+    })).stdout.trim());
   } catch {}
   return cleanupQueryStdout(stdout);
 }
 async function lsYarnBerry(pkgEnvDetails, cwd) {
   try {
-    return (
-      // Yarn Berry does not support filtering by production packages yet.
-      // https://github.com/yarnpkg/berry/issues/5117
-      (await spawn.spawn(pkgEnvDetails.agentExecPath, ['info', '--recursive', '--name-only'], {
-        cwd,
-        // Lazily access constants.WIN32.
-        shell: constants.WIN32
-      })).stdout.trim()
-    );
+    return strings.stripAnsi(
+    // Yarn Berry does not support filtering by production packages yet.
+    // https://github.com/yarnpkg/berry/issues/5117
+    (await spawn.spawn(pkgEnvDetails.agentExecPath, ['info', '--recursive', '--name-only'], {
+      cwd,
+      // Lazily access constants.WIN32.
+      shell: constants.WIN32
+    })).stdout.trim());
   } catch {}
   return '';
 }
@@ -7238,11 +7238,11 @@ async function lsYarnClassic(pkgEnvDetails, cwd) {
     // https://github.com/yarnpkg/yarn/releases/tag/v1.0.0
     // > Fix: Excludes dev dependencies from the yarn list output when the
     //   environment is production
-    return (await spawn.spawn(pkgEnvDetails.agentExecPath, ['list', '--prod'], {
+    return strings.stripAnsi((await spawn.spawn(pkgEnvDetails.agentExecPath, ['list', '--prod'], {
       cwd,
       // Lazily access constants.WIN32.
       shell: constants.WIN32
-    })).stdout.trim();
+    })).stdout.trim());
   } catch {}
   return '';
 }
@@ -7910,8 +7910,8 @@ async function run$q(argv, importMeta, {
     markdown,
     offset
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const hasApiToken = utils.hasDefaultToken();
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !json || !markdown,
@@ -8038,9 +8038,9 @@ async function run$p(argv, importMeta, {
     markdown,
     org: orgFlag
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !json || !markdown,
@@ -8166,9 +8166,9 @@ async function run$o(argv, importMeta, {
     markdown,
     org: orgFlag
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !json || !markdown,
@@ -8301,8 +8301,8 @@ async function run$n(argv, importMeta, {
     json,
     markdown
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const hasApiToken = utils.hasDefaultToken();
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !json || !markdown,
@@ -8425,10 +8425,10 @@ async function run$m(argv, importMeta, {
     importMeta,
     parentName
   });
+  const hasApiToken = utils.hasDefaultToken();
   const json = Boolean(cli.flags['json']);
   const markdown = Boolean(cli.flags['markdown']);
   const outputKind = utils.getOutputKind(json, markdown);
-  const hasApiToken = utils.hasDefaultToken();
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !json || !markdown,
@@ -8776,9 +8776,9 @@ async function run$l(argv, importMeta, {
     json,
     markdown
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [ecosystem = '', purl] = cli.input;
   const hasApiToken = utils.hasDefaultToken();
+  const outputKind = utils.getOutputKind(json, markdown);
   const {
     purls,
     valid
@@ -9463,11 +9463,11 @@ async function run$h(argv, importMeta, {
     markdown,
     org: orgFlag
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [repoName = ''] = cli.input;
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
   const noLegacy = !cli.flags['repoName'];
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !!orgSlug,
@@ -9875,9 +9875,9 @@ async function run$f(argv, importMeta, {
     markdown,
     org: orgFlag
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !!orgSlug,
@@ -10059,11 +10059,11 @@ async function run$e(argv, importMeta, {
     markdown,
     org: orgFlag
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [repoName = ''] = cli.input;
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
   const noLegacy = !cli.flags['repoName'];
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
@@ -10216,11 +10216,11 @@ async function run$d(argv, importMeta, {
     markdown,
     org: orgFlag
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [repoName = ''] = cli.input;
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
   const noLegacy = !cli.flags['repoName'];
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
@@ -10473,8 +10473,6 @@ async function run$c(argv, importMeta, {
     repo: repoName,
     report
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
-  const pendingHead = tmp ? false : pendingHeadFlag;
   let [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), interactive, dryRun);
 
   // Accept zero or more paths. Default to cwd() if none given.
@@ -10520,6 +10518,8 @@ async function run$c(argv, importMeta, {
   // must come from data we already know. Don't error on missing api token yet.
   // If the api-token is not set, ignore it for the sake of suggestions.
   const hasApiToken = utils.hasDefaultToken();
+  const outputKind = utils.getOutputKind(json, markdown);
+  const pendingHead = tmp ? false : pendingHeadFlag;
 
   // If we updated any inputs then we should print the command line to repeat
   // the command without requiring user input, as a suggestion.
@@ -10715,10 +10715,10 @@ async function run$b(argv, importMeta, {
     markdown,
     org: orgFlag
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [scanId = ''] = cli.input;
-  const [orgSlug, defaultOrgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
+  const [orgSlug, defaultOrgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: !!defaultOrgSlug,
     test: !!orgSlug,
@@ -11017,9 +11017,9 @@ async function run$a(argv, importMeta, {
     markdown,
     org: orgFlag
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
+  const hasApiToken = utils.hasDefaultToken();
   let [id1 = '', id2 = ''] = cli.input;
-  // Support dropping in full socket urls to an sbom
+  // Support dropping in full socket urls to an sbom.
   if (id1.startsWith(SOCKET_SBOM_URL_PREFIX)) {
     id1 = id1.slice(SOCKET_SBOM_URL_PREFIX_LENGTH);
   }
@@ -11027,7 +11027,7 @@ async function run$a(argv, importMeta, {
     id2 = id2.slice(SOCKET_SBOM_URL_PREFIX_LENGTH);
   }
   const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
-  const hasApiToken = utils.hasDefaultToken();
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     test: !!(id1 && id2),
     message: 'Specify two Scan IDs.\nA Scan ID looks like `aaa0aa0a-aaaa-0000-0a0a-0000000a00a0`.',
@@ -12114,12 +12114,12 @@ async function run$8(argv, importMeta, {
     markdown,
     org: orgFlag
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [repo = '', branchArg = ''] = cli.input;
   const branch = String(branchFlag || branchArg || '');
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
   const noLegacy = !cli.flags['repo'];
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
@@ -12271,10 +12271,10 @@ async function run$7(argv, importMeta, {
     markdown,
     org: orgFlag
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [scanId = ''] = cli.input;
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !!orgSlug,
@@ -12328,13 +12328,17 @@ async function outputScanReach(result, outputKind) {
 const {
   DOT_SOCKET_DOT_FACTS_JSON
 } = constants;
-async function handleScanReach(argv, cwd, outputKind) {
+async function handleScanReach({
+  cwd,
+  outputKind,
+  unknownFlags
+}) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
   spinner.start('Running reachability scan...');
-  const result = await utils.spawnCoana(['run', cwd, '--output-dir', cwd, '--socket-mode', DOT_SOCKET_DOT_FACTS_JSON, '--disable-report-submission', ...argv], {
+  const result = await utils.spawnCoana(['run', cwd, '--output-dir', cwd, '--socket-mode', DOT_SOCKET_DOT_FACTS_JSON, '--disable-report-submission', ...unknownFlags], {
     cwd,
     spinner
   });
@@ -12385,10 +12389,6 @@ async function run$6(argv, importMeta, {
     markdown
   } = cli.flags;
   const outputKind = utils.getOutputKind(json, markdown);
-  let [cwd = '.'] = cli.input;
-  // Note: path.resolve vs .join:
-  // If given path is absolute then cwd should not affect it.
-  cwd = path.resolve(process.cwd(), cwd);
   const wasValidInput = utils.checkCommandInput(outputKind);
   if (!wasValidInput) {
     return;
@@ -12397,7 +12397,18 @@ async function run$6(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAILING_NOW$6);
     return;
   }
-  await handleScanReach(argv, cwd, outputKind);
+  const {
+    unknownFlags
+  } = cli;
+  let [cwd = '.'] = cli.input;
+  // Note: path.resolve vs .join:
+  // If given path is absolute then cwd should not affect it.
+  cwd = path.resolve(process.cwd(), cwd);
+  await handleScanReach({
+    cwd,
+    outputKind,
+    unknownFlags
+  });
 }
 
 const {
@@ -12505,10 +12516,10 @@ async function run$5(argv, importMeta, {
     org: orgFlag,
     reportLevel = 'warn'
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [scanId = '', file = ''] = cli.input;
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !!orgSlug,
@@ -13099,10 +13110,10 @@ async function run$3(argv, importMeta, {
     org: orgFlag,
     stream
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
   const [scanId = '', file = ''] = cli.input;
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !!orgSlug,
@@ -13503,12 +13514,11 @@ async function run$2(argv, importMeta, {
     type: typef,
     version
   } = cli.flags;
-  const outputKind = utils.getOutputKind(json, markdown);
-  const argSet = new Set(cli.input);
   let ecoFilter = String(eco || '');
   let versionFilter = String(version || '');
   let typeFilter = String(typef || '');
   let nameFilter = String(pkg || '');
+  const argSet = new Set(cli.input);
   cli.input.some(str => {
     if (ECOSYSTEMS.has(str)) {
       ecoFilter = str;
@@ -13541,8 +13551,9 @@ async function run$2(argv, importMeta, {
   if (argSet.size) {
     logger.logger.info(`Warning: ignoring these excessive args: ${Array.from(argSet).join(', ')}`);
   }
-  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
   const hasApiToken = utils.hasDefaultToken();
+  const [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), !!interactive, !!dryRun);
+  const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !!orgSlug,
@@ -13977,14 +13988,18 @@ const __filename$1 = require$$0.fileURLToPath((typeof document === 'undefined' ?
 const {
   SOCKET_CLI_BIN_NAME
 } = constants;
-
-// TODO: Add autocompletion using https://socket.dev/npm/package/omelette
 void (async () => {
+  const registryUrl = vendor.registryUrl();
   await vendor.updater({
+    authInfo: vendor.registryAuthTokenExports(registryUrl, {
+      recursive: true
+    }),
     name: SOCKET_CLI_BIN_NAME,
+    registryUrl,
+    ttl: 86_400_000 /* 24 hours in milliseconds */,
+
     // Lazily access constants.ENV.INLINED_SOCKET_CLI_VERSION.
-    version: constants.ENV.INLINED_SOCKET_CLI_VERSION,
-    ttl: 86_400_000 /* 24 hours in milliseconds */
+    version: constants.ENV.INLINED_SOCKET_CLI_VERSION
   });
   try {
     await utils.meowWithSubcommands({
@@ -14162,5 +14177,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=fa52588f-cff8-4914-9a1b-357283f4db17
+//# debugId=4d7d8bf0-8e58-40ba-ab95-da5d3fbe5cdd
 //# sourceMappingURL=cli.js.map