@socketsecurity/cli-with-sentry 1.0.85 → 1.0.87

package/dist/cli.js

@@ -25,6 +25,7 @@ var sorts = require('../external/@socketsecurity/registry/lib/sorts');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var shadowNpmInject = require('./shadow-npm-inject.js');
 var require$$7 = require('../external/@socketsecurity/registry/lib/objects');
+var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var shadowNpmBin = require('./shadow-npm-bin.js');
 var require$$8 = require('../external/@socketsecurity/registry/lib/promises');
 var require$$1 = require('node:util');
@@ -322,7 +323,7 @@ const {
 } = constants;
 const config$M = {
   commandName: 'analytics',
-  description: `Look up analytics data`,
+  description: 'Look up analytics data',
   hidden: false,
   flags: {
     ...flags.commonFlags,
@@ -2089,10 +2090,6 @@ async function handleCreateNewScan({
 }
 
 async function handleCi(autoManifest) {
-  // ci: {
-  //   description: 'Alias for "report create --view --strict"',
-  //     argv: ['report', 'create', '--view', '--strict']
-  // }
   const orgSlugCResult = await utils.getDefaultOrgSlug();
   if (!orgSlugCResult.ok) {
     process.exitCode = orgSlugCResult.code ?? 1;
@@ -2134,14 +2131,14 @@ const {
 } = constants;
 const config$K = {
   commandName: 'ci',
-  description: 'Create a new scan and report whether it passes your security policy',
-  hidden: true,
+  description: 'Shorthand for `socket scan create --report --no-interactive`',
+  hidden: false,
   flags: {
     ...flags.commonFlags,
     autoManifest: {
       type: 'boolean',
+      // Dev tools in CI environments are not likely to be set up, so this is safer.
       default: false,
-      // dev tools is not likely to be set up so this is safer
       description: 'Auto generate manifest files where detected? See autoManifest flag in `socket scan create`'
     }
   },
@@ -2153,10 +2150,9 @@ const config$K = {
       ${utils.getFlagListOutput(config$K.flags)}
 
     This command is intended to use in CI runs to allow automated systems to
-    accept or reject a current build. When the scan does not pass your security
-    policy, the exit code will be non-zero.
-
-    It will use the default org for the Socket API token.
+    accept or reject a current build. It will use the default org of the
+    Socket API token. The exit code will be non-zero when the scan does not pass
+    your security policy.
 
     The --autoManifest flag does the same as the one from \`socket scan create\`
     but is not enabled by default since the CI is less likely to be set up with
@@ -2982,7 +2978,7 @@ ${utils.getSupportedConfigEntries().map(([key, desc]) => `     - ${key} -- ${des
   });
 }
 
-const description$7 = 'Commands related to the local CLI configuration';
+const description$7 = 'Manage Socket CLI configuration';
 const cmdConfig = {
   description: description$7,
   hidden: false,
@@ -3648,7 +3644,7 @@ async function getActualTree(cwd = process.cwd()) {
 
 const {
   BUN: BUN$4,
-  NPM: NPM$7,
+  NPM: NPM$6,
   OVERRIDES: OVERRIDES$2,
   PNPM: PNPM$7,
   RESOLUTIONS: RESOLUTIONS$1,
@@ -3669,7 +3665,7 @@ function getOverridesDataBun(pkgEnvDetails, pkgJson = pkgEnvDetails.editablePkgJ
 function getOverridesDataNpm(pkgEnvDetails, pkgJson = pkgEnvDetails.editablePkgJson.content) {
   const overrides = pkgJson?.[OVERRIDES$2] ?? {};
   return {
-    type: NPM$7,
+    type: NPM$6,
     overrides
   };
 }
@@ -3722,7 +3718,7 @@ function getOverridesData(pkgEnvDetails, pkgJson) {
       return getOverridesDataYarn(pkgEnvDetails, pkgJson);
     case YARN_CLASSIC$4:
       return getOverridesDataYarnClassic(pkgEnvDetails, pkgJson);
-    case NPM$7:
+    case NPM$6:
     default:
       return getOverridesDataNpm(pkgEnvDetails, pkgJson);
   }
@@ -4739,7 +4735,7 @@ const config$H = {
     autoMerge: {
       type: 'boolean',
       default: false,
-      description: `Enable auto-merge for pull requests that Socket opens.\n                        See ${vendor.terminalLinkExports('GitHub documentation', 'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository')} for managing auto-merge for pull requests in your repository.`
+      description: `Enable auto-merge for pull requests that Socket opens.\nSee ${vendor.terminalLinkExports('GitHub documentation', 'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository')} for managing auto-merge for pull requests in your repository.`
     },
     autopilot: {
       type: 'boolean',
@@ -4749,7 +4745,7 @@ const config$H = {
     ghsa: {
       type: 'string',
       default: [],
-      description: `Provide a list of ${vendor.terminalLinkExports('GHSA IDs', 'https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids')} to compute fixes for, as either a comma separated value or as multiple flags.\n                        Use '--ghsa all' to lookup all GHSA IDs and compute fixes for them.`,
+      description: `Provide a list of ${vendor.terminalLinkExports('GHSA IDs', 'https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids')} to compute fixes for, as either a comma separated value or as multiple flags.\nUse '--ghsa all' to lookup all GHSA IDs and compute fixes for them.`,
       isMultiple: true,
       hidden: true
     },
@@ -4778,7 +4774,7 @@ const config$H = {
     purl: {
       type: 'string',
       default: [],
-      description: `Provide a list of ${vendor.terminalLinkExports('PURLs', 'https://github.com/package-url/purl-spec?tab=readme-ov-file#purl')} to compute fixes for, as either a comma separated value or as\n                        multiple flags, instead of querying the Socket API`,
+      description: `Provide a list of ${vendor.terminalLinkExports('PURLs', 'https://github.com/package-url/purl-spec?tab=readme-ov-file#purl')} to compute fixes for, as either a comma separated value or as\nmultiple flags, instead of querying the Socket API`,
       isMultiple: true,
       shortFlag: 'p'
     },
@@ -4786,16 +4782,16 @@ const config$H = {
       type: 'string',
       default: 'preserve',
       description: `
-                        Define how dependency version ranges are updated in package.json (default 'preserve').
-                        Available styles:
-                          * caret - Use ^ range for compatible updates (e.g. ^1.2.3)
-                          * gt - Use > to allow any newer version (e.g. >1.2.3)
-                          * gte - Use >= to allow any newer version (e.g. >=1.2.3)
-                          * lt - Use < to allow only lower versions (e.g. <1.2.3)
-                          * lte - Use <= to allow only lower versions (e.g. <=1.2.3)
-                          * pin - Use the exact version (e.g. 1.2.3)
-                          * preserve - Retain the existing version range style as-is
-                          * tilde - Use ~ range for patch/minor updates (e.g. ~1.2.3)
+Define how dependency version ranges are updated in package.json (default 'preserve').
+Available styles:
+  * caret - Use ^ range for compatible updates (e.g. ^1.2.3)
+  * gt - Use > to allow any newer version (e.g. >1.2.3)
+  * gte - Use >= to allow any newer version (e.g. >=1.2.3)
+  * lt - Use < to allow only lower versions (e.g. <1.2.3)
+  * lte - Use <= to allow only lower versions (e.g. <=1.2.3)
+  * pin - Use the exact version (e.g. 1.2.3)
+  * preserve - Retain the existing version range style as-is
+  * tilde - Use ~ range for patch/minor updates (e.g. ~1.2.3)
       `.trim()
     },
     test: {
@@ -5099,7 +5095,7 @@ async function run$G(argv, importMeta, {
   await handleInstallCompletion(String(targetName));
 }
 
-const description$6 = 'Setup the Socket CLI command in your environment';
+const description$6 = 'Install Socket CLI tab completion';
 const cmdInstall = {
   description: description$6,
   hidden: false,
@@ -5194,7 +5190,7 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
   apiBaseUrl ??= utils.getConfigValueOrUndef('apiBaseUrl') ?? undefined;
   apiProxy ??= utils.getConfigValueOrUndef('apiProxy') ?? undefined;
   const apiTokenInput = await prompts.password({
-    message: `Enter your ${vendor.terminalLinkExports('Socket.dev API token', 'https://docs.socket.dev/docs/api-keys')} (leave blank for a public key)`
+    message: `Enter your ${vendor.terminalLinkExports('Socket.dev API token', 'https://docs.socket.dev/docs/api-keys')} (leave blank to use a limited public token)`
   });
   if (apiTokenInput === undefined) {
     logger.logger.fail('Canceled by user');
@@ -5323,7 +5319,7 @@ const {
 } = constants;
 const config$E = {
   commandName: 'login',
-  description: 'Socket API login',
+  description: 'Setup Socket CLI with an API token and defaults',
   hidden: false,
   flags: {
     ...flags.commonFlags,
@@ -5441,14 +5437,14 @@ async function run$D(argv, importMeta, {
 }
 
 const {
-  NPM: NPM$6,
-  NPX: NPX$1,
+  NPM: NPM$5,
+  NPX,
   PACKAGE_LOCK_JSON,
   PNPM: PNPM$5,
   YARN,
   YARN_LOCK
 } = constants;
-const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$6, PNPM$5, 'ts', 'tsx', 'typescript']);
+const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$5, PNPM$5, 'ts', 'tsx', 'typescript']);
 function argvToArray(argv) {
   if (argv['help']) {
     return ['--help'];
@@ -5473,8 +5469,13 @@ function argvToArray(argv) {
       result.push(`--${key}`, ...value.map(String));
     }
   }
-  if (argv['--']) {
-    result.push('--', ...argv['--']);
+  const pathArgs = argv['_'];
+  if (Array.isArray(pathArgs)) {
+    result.push(...pathArgs);
+  }
+  const argsAfterDoubleHyphen = argv['--'];
+  if (Array.isArray(argsAfterDoubleHyphen)) {
+    result.push('--', ...argsAfterDoubleHyphen);
   }
   return result;
 }
@@ -5490,20 +5491,20 @@ async function runCdxgen(yargvWithYes) {
   const yesArgs = yes ? ['--yes'] : [];
   if (yargv.type !== YARN && nodejsPlatformTypes.has(yargv.type) && fs$1.existsSync(`./${YARN_LOCK}`)) {
     if (fs$1.existsSync(`./${PACKAGE_LOCK_JSON}`)) {
-      yargv.type = NPM$6;
+      yargv.type = NPM$5;
     } else {
       // Use synp to create a package-lock.json from the yarn.lock,
       // based on the node_modules folder, for a more accurate SBOM.
       try {
-        await shadowNpmBin(NPX$1, [...yesArgs,
+        await shadowNpmBin(NPX, [...yesArgs,
         // Lazily access constants.ENV.INLINED_SOCKET_CLI_SYNP_VERSION.
         `synp@${constants.ENV.INLINED_SOCKET_CLI_SYNP_VERSION}`, '--source-file', `./${YARN_LOCK}`]);
-        yargv.type = NPM$6;
+        yargv.type = NPM$5;
         cleanupPackageLock = true;
       } catch {}
     }
   }
-  await shadowNpmBin(NPX$1, [...yesArgs,
+  await shadowNpmBin(NPX, [...yesArgs,
   // Lazily access constants.ENV.INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION.
   `@cyclonedx/cdxgen@${constants.ENV.INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION}`, ...argvToArray(yargv)]);
   if (cleanupPackageLock) {
@@ -5747,16 +5748,25 @@ async function run$C(argv, importMeta, {
   const yargv = {
     ...vendor.yargsParser(argv, yargsConfig)
   };
-  const unknown = yargv._;
+  const pathArgs = [];
+  const unknowns = [];
+  for (const a of yargv._) {
+    if (path$1.isPath(a)) {
+      pathArgs.push(a);
+    } else {
+      unknowns.push(a);
+    }
+  }
+  yargv._ = pathArgs;
   const {
-    length: unknownLength
-  } = unknown;
-  if (unknownLength) {
+    length: unknownsCount
+  } = unknowns;
+  if (unknownsCount) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
     process.exitCode = 2;
-    logger.logger.fail(`Unknown ${words.pluralize('argument', unknownLength)}: ${yargv._.join(', ')}`);
+    logger.logger.fail(`Unknown ${words.pluralize('argument', unknownsCount)}: ${unknowns.join(', ')}`);
     return;
   }
   if (cli.flags['dryRun']) {
@@ -7002,7 +7012,7 @@ async function run$w(argv, importMeta, {
 
 const config$v = {
   commandName: 'manifest',
-  description: 'Generate a dependency manifest for given file or dir',
+  description: 'Generate a dependency manifest for certain ecosystems',
   hidden: false,
   flags: {
     ...flags.commonFlags
@@ -7045,12 +7055,12 @@ const {
 } = constants;
 const config$u = {
   commandName: 'npm',
-  description: `npm wrapper functionality`,
+  description: 'Run npm with the Socket wrapper',
   hidden: false,
   flags: {
     ...flags.commonFlags
   },
-  help: (command, _config) => `
+  help: command => `
     Usage
       $ ${command} ...
 
@@ -7098,7 +7108,7 @@ const {
 } = constants;
 const config$t = {
   commandName: 'npx',
-  description: `npx wrapper functionality`,
+  description: 'Run npx with the Socket wrapper',
   hidden: false,
   flags: {
     ...flags.commonFlags
@@ -7209,7 +7219,7 @@ async function run$s(argv, importMeta, {
 
 const {
   BUN: BUN$3,
-  NPM: NPM$5,
+  NPM: NPM$4,
   PNPM: PNPM$4,
   VLT: VLT$4,
   YARN_BERRY: YARN_BERRY$3,
@@ -7229,7 +7239,7 @@ function lsStdoutIncludes(pkgEnvDetails, stdout, name) {
       return matchLsCmdViewHumanStdout(stdout, name);
     case PNPM$4:
     case VLT$4:
-    case NPM$5:
+    case NPM$4:
     default:
       return matchQueryCmdStdout(stdout, name);
   }
@@ -7262,7 +7272,7 @@ function getDependencyEntries(pkgEnvDetails) {
 const {
   BUN: BUN$2,
   LOCK_EXT,
-  NPM: NPM$4,
+  NPM: NPM$3,
   PNPM: PNPM$3,
   VLT: VLT$3,
   YARN_BERRY: YARN_BERRY$2,
@@ -7320,7 +7330,7 @@ function lockSrcIncludes(pkgEnvDetails, lockSrc, name, lockName) {
       return yarnLockSrcIncludes(lockSrc, name);
     case YARN_CLASSIC$2:
       return yarnLockSrcIncludes(lockSrc, name);
-    case NPM$4:
+    case NPM$3:
     default:
       return npmLockSrcIncludes(lockSrc, name);
   }
@@ -7328,7 +7338,7 @@ function lockSrcIncludes(pkgEnvDetails, lockSrc, name, lockName) {
 
 const {
   BUN: BUN$1,
-  NPM: NPM$3,
+  NPM: NPM$2,
   PNPM: PNPM$2,
   VLT: VLT$2,
   YARN_BERRY: YARN_BERRY$1,
@@ -7420,7 +7430,7 @@ async function lsPnpm(pkgEnvDetails, options) {
     __proto__: null,
     ...options
   };
-  if (npmExecPath && npmExecPath !== NPM$3) {
+  if (npmExecPath && npmExecPath !== NPM$2) {
     const result = await npmQuery(npmExecPath, cwd);
     if (result) {
       return result;
@@ -7507,7 +7517,7 @@ async function listPackages(pkgEnvDetails, options) {
       return await lsYarnBerry(pkgEnvDetails, options);
     case YARN_CLASSIC$1:
       return await lsYarnClassic(pkgEnvDetails, options);
-    case NPM$3:
+    case NPM$2:
     default:
       return await lsNpm(pkgEnvDetails, options);
   }
@@ -7517,7 +7527,7 @@ const CMD_NAME = 'socket optimize';
 
 const {
   BUN,
-  NPM: NPM$2,
+  NPM: NPM$1,
   OVERRIDES,
   PNPM: PNPM$1,
   RESOLUTIONS,
@@ -7642,7 +7652,7 @@ function updateManifest(agent, editablePkgJson, overrides) {
     case YARN_CLASSIC:
       updateResolutionsField(editablePkgJson, overrides);
       return;
-    case NPM$2:
+    case NPM$1:
     default:
       updateOverridesField(editablePkgJson, overrides);
       return;
@@ -7650,10 +7660,10 @@ function updateManifest(agent, editablePkgJson, overrides) {
 }
 
 const {
-  NPM: NPM$1,
+  NPM,
   PNPM
 } = constants;
-const manifestNpmOverrides = registry.getManifestData(NPM$1);
+const manifestNpmOverrides = registry.getManifestData(NPM);
 async function addOverrides(pkgEnvDetails, pkgPath, options) {
   const {
     agent,
@@ -7685,7 +7695,7 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
   const workspace = isWorkspaceRoot ? 'root' : path.relative(rootPath, pkgPath);
   if (isWorkspace && agent === PNPM &&
   // npmExecPath will === the agent name IF it CANNOT be resolved.
-  npmExecPath === NPM$1 && !state.warnedPnpmWorkspaceRequiresNpm) {
+  npmExecPath === NPM && !state.warnedPnpmWorkspaceRequiresNpm) {
     state.warnedPnpmWorkspaceRequiresNpm = true;
     spinner?.stop();
     logger?.warn(utils.cmdPrefixMessage(CMD_NAME, `${agent} workspace support requires \`npm ls\`, falling back to \`${agent} list\``));
@@ -7718,7 +7728,7 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
       version
     } = data;
     const major = utils.getMajor(version);
-    const sockOverridePrefix = `${NPM$1}:${sockRegPkgName}@`;
+    const sockOverridePrefix = `${NPM}:${sockRegPkgName}@`;
     const sockOverrideSpec = `${sockOverridePrefix}${pin ? version : `^${major}`}`;
     for (const {
       1: depObj
@@ -7774,7 +7784,7 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
           const sockRegDepAlias = depAliasMap.get(sockRegPkgName);
           const depAlias = sockRegDepAlias ?? origDepAlias;
           let newSpec = sockOverrideSpec;
-          if (type === NPM$1 && depAlias) {
+          if (type === NPM && depAlias) {
             // With npm one may not set an override for a package that one directly
             // depends on unless both the dependency and the override itself share
             // the exact same spec. To make this limitation easier to deal with,
@@ -8468,8 +8478,6 @@ async function handleSecurityPolicy(orgSlug, outputKind) {
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$o
 } = constants;
-
-// TODO: secret toplevel alias `socket security policy`?
 const config$o = {
   commandName: 'security',
   description: 'Retrieve the security policy of an organization',
@@ -8698,7 +8706,7 @@ const cmdOrganizationPolicy = {
       defaultSub: 'list',
       // Backwards compat
       importMeta,
-      name: parentName + ' policy'
+      name: `${parentName} policy`
     });
   }
 };
@@ -8812,7 +8820,7 @@ async function run$m(argv, importMeta, {
   await handleQuota(outputKind);
 }
 
-const description$4 = 'Account details';
+const description$4 = 'Manage Socket organization account details';
 const cmdOrganization = {
   description: description$4,
   hidden: false,
@@ -8845,7 +8853,7 @@ const cmdOrganization = {
       argv,
       description: description$4,
       importMeta,
-      name: parentName + ' organization'
+      name: `${parentName} organization`
     });
   }
 };
@@ -8894,125 +8902,123 @@ function createMarkdownReport(data) {
       score
     }
   } = data;
-  const arr = [];
-  arr.push('# Complete Package Score');
-  arr.push('');
+  const o = ['# Complete Package Score', ''];
   if (dependencyCount) {
-    arr.push(`This is a Socket report for the package *"${purl}"* and its *${dependencyCount}* direct/transitive dependencies.`);
+    o.push(`This is a Socket report for the package *"${purl}"* and its *${dependencyCount}* direct/transitive dependencies.`);
   } else {
-    arr.push(`This is a Socket report for the package *"${purl}"*. It has *no dependencies*.`);
+    o.push(`This is a Socket report for the package *"${purl}"*. It has *no dependencies*.`);
   }
-  arr.push('');
+  o.push('');
   if (dependencyCount) {
-    arr.push(`It will show you the shallow score for just the package itself and a deep score for all the transitives combined. Additionally you can see which capabilities were found and the top alerts as well as a package that was responsible for it.`);
+    o.push(`It will show you the shallow score for just the package itself and a deep score for all the transitives combined. Additionally you can see which capabilities were found and the top alerts as well as a package that was responsible for it.`);
   } else {
-    arr.push(`It will show you the shallow score for the package itself, which capabilities were found, and its top alerts.`);
-    arr.push('');
-    arr.push('Since it has no dependencies, the shallow score is also the deep score.');
+    o.push(`It will show you the shallow score for the package itself, which capabilities were found, and its top alerts.`);
+    o.push('');
+    o.push('Since it has no dependencies, the shallow score is also the deep score.');
   }
-  arr.push('');
+  o.push('');
   if (dependencyCount) {
     // This doesn't make much sense if there are no dependencies. Better to omit it.
-    arr.push('The report should give you a good insight into the status of this package.');
-    arr.push('');
-    arr.push('## Package itself');
-    arr.push('');
-    arr.push('Here are results for the package itself (excluding data from dependencies).');
+    o.push('The report should give you a good insight into the status of this package.');
+    o.push('');
+    o.push('## Package itself');
+    o.push('');
+    o.push('Here are results for the package itself (excluding data from dependencies).');
   } else {
-    arr.push('## Report');
-    arr.push('');
-    arr.push('The report should give you a good insight into the status of this package.');
-  }
-  arr.push('');
-  arr.push('### Shallow Score');
-  arr.push('');
-  arr.push('This score is just for the package itself:');
-  arr.push('');
-  arr.push('- Overall: ' + selfScore.overall);
-  arr.push('- Maintenance: ' + selfScore.maintenance);
-  arr.push('- Quality: ' + selfScore.quality);
-  arr.push('- Supply Chain: ' + selfScore.supplyChain);
-  arr.push('- Vulnerability: ' + selfScore.vulnerability);
-  arr.push('- License: ' + selfScore.license);
-  arr.push('');
-  arr.push('### Capabilities');
-  arr.push('');
+    o.push('## Report');
+    o.push('');
+    o.push('The report should give you a good insight into the status of this package.');
+  }
+  o.push('');
+  o.push('### Shallow Score');
+  o.push('');
+  o.push('This score is just for the package itself:');
+  o.push('');
+  o.push(`- Overall: ${selfScore.overall}`);
+  o.push(`- Maintenance: ${selfScore.maintenance}`);
+  o.push(`- Quality: ${selfScore.quality}`);
+  o.push(`- Supply Chain: ${selfScore.supplyChain}`);
+  o.push(`- Vulnerability: ${selfScore.vulnerability}`);
+  o.push(`- License: ${selfScore.license}`);
+  o.push('');
+  o.push('### Capabilities');
+  o.push('');
   if (selfCaps.length) {
-    arr.push('These are the capabilities detected in the package itself:');
-    arr.push('');
-    selfCaps.forEach(cap => {
-      arr.push(`- ${cap}`);
-    });
+    o.push('These are the capabilities detected in the package itself:');
+    o.push('');
+    for (const cap of selfCaps) {
+      o.push(`- ${cap}`);
+    }
   } else {
-    arr.push('No capabilities were found in the package.');
+    o.push('No capabilities were found in the package.');
   }
-  arr.push('');
-  arr.push('### Alerts for this package');
-  arr.push('');
+  o.push('');
+  o.push('### Alerts for this package');
+  o.push('');
   if (selfAlerts.length) {
     if (dependencyCount) {
-      arr.push('These are the alerts found for the package itself:');
+      o.push('These are the alerts found for the package itself:');
     } else {
-      arr.push('These are the alerts found for this package:');
+      o.push('These are the alerts found for this package:');
     }
-    arr.push('');
-    arr.push(utils.mdTable(selfAlerts, ['severity', 'name'], ['Severity', 'Alert Name']));
+    o.push('');
+    o.push(utils.mdTable(selfAlerts, ['severity', 'name'], ['Severity', 'Alert Name']));
   } else {
-    arr.push('There are currently no alerts for this package.');
+    o.push('There are currently no alerts for this package.');
   }
-  arr.push('');
+  o.push('');
   if (dependencyCount) {
-    arr.push('## Transitive Package Results');
-    arr.push('');
-    arr.push('Here are results for the package and its direct/transitive dependencies.');
-    arr.push('');
-    arr.push('### Deep Score');
-    arr.push('');
-    arr.push('This score represents the package and and its direct/transitive dependencies:');
-    arr.push(`The function used to calculate the values in aggregate is: *"${func}"*`);
-    arr.push('');
-    arr.push('- Overall: ' + score.overall);
-    arr.push('- Maintenance: ' + score.maintenance);
-    arr.push('- Quality: ' + score.quality);
-    arr.push('- Supply Chain: ' + score.supplyChain);
-    arr.push('- Vulnerability: ' + score.vulnerability);
-    arr.push('- License: ' + score.license);
-    arr.push('');
-    arr.push('### Capabilities');
-    arr.push('');
-    arr.push('These are the packages with the lowest recorded score. If there is more than one with the lowest score, just one is shown here. This may help you figure out the source of low scores.');
-    arr.push('');
-    arr.push('- Overall: ' + lowest.overall);
-    arr.push('- Maintenance: ' + lowest.maintenance);
-    arr.push('- Quality: ' + lowest.quality);
-    arr.push('- Supply Chain: ' + lowest.supplyChain);
-    arr.push('- Vulnerability: ' + lowest.vulnerability);
-    arr.push('- License: ' + lowest.license);
-    arr.push('');
-    arr.push('### Capabilities');
-    arr.push('');
+    o.push('## Transitive Package Results');
+    o.push('');
+    o.push('Here are results for the package and its direct/transitive dependencies.');
+    o.push('');
+    o.push('### Deep Score');
+    o.push('');
+    o.push('This score represents the package and and its direct/transitive dependencies:');
+    o.push(`The function used to calculate the values in aggregate is: *"${func}"*`);
+    o.push('');
+    o.push(`- Overall: ${score.overall}`);
+    o.push(`- Maintenance: ${score.maintenance}`);
+    o.push(`- Quality: ${score.quality}`);
+    o.push(`- Supply Chain: ${score.supplyChain}`);
+    o.push(`- Vulnerability: ${score.vulnerability}`);
+    o.push(`- License: ${score.license}`);
+    o.push('');
+    o.push('### Capabilities');
+    o.push('');
+    o.push('These are the packages with the lowest recorded score. If there is more than one with the lowest score, just one is shown here. This may help you figure out the source of low scores.');
+    o.push('');
+    o.push(`- Overall: ${lowest.overall}`);
+    o.push(`- Maintenance: ${lowest.maintenance}`);
+    o.push(`- Quality: ${lowest.quality}`);
+    o.push(`- Supply Chain: ${lowest.supplyChain}`);
+    o.push(`- Vulnerability: ${lowest.vulnerability}`);
+    o.push(`- License: ${lowest.license}`);
+    o.push('');
+    o.push('### Capabilities');
+    o.push('');
     if (capabilities.length) {
-      arr.push('These are the capabilities detected in at least one package:');
-      arr.push('');
-      capabilities.forEach(cap => {
-        arr.push(`- ${cap}`);
-      });
+      o.push('These are the capabilities detected in at least one package:');
+      o.push('');
+      for (const cap of capabilities) {
+        o.push(`- ${cap}`);
+      }
     } else {
-      arr.push('This package had no capabilities and neither did any of its direct/transitive dependencies.');
+      o.push('This package had no capabilities and neither did any of its direct/transitive dependencies.');
     }
-    arr.push('');
-    arr.push('### Alerts');
-    arr.push('');
+    o.push('');
+    o.push('### Alerts');
+    o.push('');
     if (alerts.length) {
-      arr.push('These are the alerts found:');
-      arr.push('');
-      arr.push(utils.mdTable(alerts, ['severity', 'name', 'example'], ['Severity', 'Alert Name', 'Example package reporting it']));
+      o.push('These are the alerts found:');
+      o.push('');
+      o.push(utils.mdTable(alerts, ['severity', 'name', 'example'], ['Severity', 'Alert Name', 'Example package reporting it']));
     } else {
-      arr.push('This package had no alerts and neither did any of its direct/transitive dependencies');
+      o.push('This package had no alerts and neither did any of its direct/transitive dependencies');
     }
-    arr.push('');
-    return arr.join('\n');
+    o.push('');
   }
+  return o.join('\n');
 }
 
 async function handlePurlDeepScore(purl, outputKind) {
@@ -9046,12 +9052,12 @@ function parsePackageSpecifiers(ecosystem, pkgs) {
       valid = false;
     }
   } else {
-    // Assume ecosystem is a purl, too
+    // Assume ecosystem is a purl, too.
     pkgs.unshift(ecosystem);
     for (let i = 0; i < pkgs.length; ++i) {
       const pkg = pkgs[i] ?? '';
       if (!/^(?:pkg:)?[a-zA-Z]+\/./.test(pkg)) {
-        // At least one purl did not start with `pkg:eco/x` or `eco/x`
+        // At least one purl did not start with `pkg:eco/x` or `eco/x`.
         valid = false;
         break;
       } else if (pkg.startsWith('pkg:')) {
@@ -9267,10 +9273,10 @@ function getAlertString(alerts, noColor = false) {
   if (!alerts.size) {
     return noColor ? `- Alerts: none!` : `- Alerts: ${vendor.yoctocolorsCjsExports.green('none')}!`;
   }
-  const arr = Array.from(alerts.values());
-  const bad = arr.filter(alert => alert.severity !== 'low' && alert.severity !== 'middle').sort((a, b) => a.type < b.type ? -1 : a.type > b.type ? 1 : 0);
-  const mid = arr.filter(alert => alert.severity === 'middle').sort((a, b) => a.type < b.type ? -1 : a.type > b.type ? 1 : 0);
-  const low = arr.filter(alert => alert.severity === 'low').sort((a, b) => a.type < b.type ? -1 : a.type > b.type ? 1 : 0);
+  const o = Array.from(alerts.values());
+  const bad = o.filter(alert => alert.severity !== 'low' && alert.severity !== 'middle').sort((a, b) => a.type < b.type ? -1 : a.type > b.type ? 1 : 0);
+  const mid = o.filter(alert => alert.severity === 'middle').sort((a, b) => a.type < b.type ? -1 : a.type > b.type ? 1 : 0);
+  const low = o.filter(alert => alert.severity === 'low').sort((a, b) => a.type < b.type ? -1 : a.type > b.type ? 1 : 0);
 
   // We need to create the no-color string regardless because the actual string
   // contains a bunch of invisible ANSI chars which would screw up length checks.
@@ -9290,12 +9296,12 @@ function preProcess(artifacts, requestedPurls) {
   // API does not tell us which purls were not found.
   // Generate all purls to try so we can try to match search request.
   const purls = new Set();
-  artifacts.forEach(data => {
+  for (const data of artifacts) {
     purls.add(`pkg:${data.type}/${data.namespace ? `${data.namespace}/` : ''}${data.name}@${data.version}`);
     purls.add(`pkg:${data.type}/${data.name}@${data.version}`);
     purls.add(`pkg:${data.type}/${data.name}`);
     purls.add(`pkg:${data.type}/${data.namespace ? `${data.namespace}/` : ''}${data.name}`);
-  });
+  }
   // Try to match the searched purls against this list
   const missing = requestedPurls.filter(purl => {
     if (purls.has(purl)) {
@@ -9304,7 +9310,8 @@ function preProcess(artifacts, requestedPurls) {
     if (purl.endsWith('@latest') && purls.has(purl.slice(0, -'@latest'.length))) {
       return false;
     }
-    return true; // not found
+    // Not found.
+    return true;
   });
 
   // Create a unique set of rows which represents each artifact that is returned
@@ -9312,13 +9319,13 @@ function preProcess(artifacts, requestedPurls) {
   // .release field (observed with python, at least).
   // Merge the alerts for duped packages. Use lowest score between all of them.
   const rows = new Map();
-  artifacts.forEach(artifact => {
+  for (const artifact of artifacts) {
     const purl = `pkg:${artifact.type}/${artifact.namespace ? `${artifact.namespace}/` : ''}${artifact.name}${artifact.version ? `@${artifact.version}` : ''}`;
     if (rows.has(purl)) {
       const row = rows.get(purl);
       if (!row) {
-        // unreachable; satisfy TS
-        return;
+        // Unreachable; Satisfy TS.
+        continue;
       }
       if ((artifact.score?.supplyChain || 100) < row.score.supplyChain) {
         row.score.supplyChain = artifact.score?.supplyChain || 100;
@@ -9370,7 +9377,7 @@ function preProcess(artifacts, requestedPurls) {
         alerts
       });
     }
-  });
+  }
   return {
     rows,
     missing
@@ -9379,14 +9386,15 @@ function preProcess(artifacts, requestedPurls) {
 function generateMarkdownReport(artifacts, missing) {
   const blocks = [];
   const dupes = new Set();
-  artifacts.forEach(artifact => {
-    const block = '## ' + formatReportCard(artifact, false);
+  for (const artifact of artifacts.values()) {
+    const block = `## ${formatReportCard(artifact, false)}`;
     if (dupes.has(block)) {
-      return;
+      // Omit duplicate blocks.
+      continue;
     }
     dupes.add(block);
     blocks.push(block);
-  });
+  }
   return `
 # Shallow Package Report
 
@@ -9395,30 +9403,31 @@ This report contains the response for requesting data on some package url(s).
 Please note: The listed scores are ONLY for the package itself. It does NOT
              reflect the scores of any dependencies, transitive or otherwise.
 
-${missing.length ? `\n## Missing response\n\nAt least one package had no response or the purl was not canonical:\n\n${missing.map(purl => '- ' + purl + '\n').join('')}` : ''}
+${missing.length ? `\n## Missing response\n\nAt least one package had no response or the purl was not canonical:\n\n${missing.map(purl => `- ${purl}\n`).join('')}` : ''}
 
 ${blocks.join('\n\n\n')}
     `.trim();
 }
 function generateTextReport(artifacts, missing) {
-  const arr = [];
-  arr.push('\n' + vendor.yoctocolorsCjsExports.bold('Shallow Package Score') + '\n');
-  arr.push('Please note: The listed scores are ONLY for the package itself. It does NOT\n' + '             reflect the scores of any dependencies, transitive or otherwise.');
+  const o = [];
+  o.push(`\n${vendor.yoctocolorsCjsExports.bold('Shallow Package Score')}\n`);
+  o.push('Please note: The listed scores are ONLY for the package itself. It does NOT\n' + '             reflect the scores of any dependencies, transitive or otherwise.');
   if (missing.length) {
-    arr.push(`\nAt least one package had no response or the purl was not canonical:\n${missing.map(purl => '\n- ' + vendor.yoctocolorsCjsExports.bold(purl)).join('')}`);
+    o.push(`\nAt least one package had no response or the purl was not canonical:\n${missing.map(purl => `\n- ${vendor.yoctocolorsCjsExports.bold(purl)}`).join('')}`);
   }
-  const dupes = new Set(); // Omit dupes when output is identical
-  artifacts.forEach(artifact => {
+  const dupes = new Set();
+  for (const artifact of artifacts.values()) {
     const block = formatReportCard(artifact, true);
     if (dupes.has(block)) {
-      return;
+      // Omit duplicate blocks.
+      continue;
     }
     dupes.add(block);
-    arr.push('\n');
-    arr.push(block);
-  });
-  arr.push('');
-  return arr.join('\n');
+    o.push('\n');
+    o.push(block);
+  }
+  o.push('');
+  return o.join('\n');
 }
 
 async function handlePurlsShallowScore({
@@ -9537,7 +9546,7 @@ async function run$k(argv, importMeta, {
   });
 }
 
-const description$3 = 'Commands relating to looking up published packages';
+const description$3 = 'Look up published package details';
 const cmdPackage = {
   description: description$3,
   hidden: false,
@@ -9558,7 +9567,7 @@ const cmdPackage = {
       argv,
       description: description$3,
       importMeta,
-      name: parentName + ' package'
+      name: `${parentName} package`
     });
   }
 };
@@ -9582,12 +9591,11 @@ async function runRawNpm(argv) {
 }
 
 const {
-  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$j,
-  NPM
+  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$j
 } = constants;
 const config$j = {
   commandName: 'raw-npm',
-  description: `Temporarily disable the Socket ${NPM} wrapper`,
+  description: 'Run npm without the Socket wrapper',
   hidden: false,
   flags: {
     ...flags.commonFlags
@@ -9647,12 +9655,11 @@ async function runRawNpx(argv) {
 }
 
 const {
-  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$i,
-  NPX
+  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$i
 } = constants;
 const config$i = {
   commandName: 'raw-npx',
-  description: `Temporarily disable the Socket ${NPX} wrapper`,
+  description: 'Run npx without the Socket wrapper',
   hidden: false,
   flags: {
     ...flags.commonFlags
@@ -10686,7 +10693,7 @@ async function run$d(argv, importMeta, {
   await handleViewRepo(orgSlug, String(repoName), outputKind);
 }
 
-const description$2 = 'Repository related commands';
+const description$2 = 'Manage registered repositories';
 const cmdRepository = {
   description: description$2,
   async run(argv, importMeta, {
@@ -10732,14 +10739,14 @@ const {
 } = constants;
 const config$c = {
   commandName: 'create',
-  description: 'Create a scan',
+  description: 'Create a new Socket scan and report',
   hidden: false,
   flags: {
     ...flags.commonFlags,
     ...flags.outputFlags,
     autoManifest: {
       type: 'boolean',
-      description: 'Run `socket manifest auto` before collecting manifest files? This would be necessary for languages like Scala, Gradle, and Kotlin, See `socket manifest auto --help`.'
+      description: 'Run `socket manifest auto` before collecting manifest files. This is necessary for languages like Scala, Gradle, and Kotlin, See `socket manifest auto --help`.'
     },
     branch: {
       type: 'string',
@@ -13643,7 +13650,7 @@ async function run$3(argv, importMeta, {
   }
 }
 
-const description$1 = 'Scan related commands';
+const description$1 = 'Manage Socket scans';
 const cmdScan = {
   description: description$1,
   async run(argv, importMeta, {
@@ -13676,7 +13683,7 @@ const cmdScan = {
       argv,
       description: description$1,
       importMeta,
-      name: parentName + ' scan'
+      name: `${parentName} scan`
     });
   }
 };
@@ -13864,7 +13871,7 @@ const ECOSYSTEMS = new Set(['gem', 'golang', 'maven', 'npm', 'nuget', 'pypi']);
 const TYPE_FILTERS = new Set(['anom', 'c', 'fp', 'joke', 'mal', 'secret', 'spy', 'tp', 'typo', 'u', 'vuln']);
 const config$2 = {
   commandName: 'threat-feed',
-  description: '[beta] View the threat feed',
+  description: '[Beta] View the threat feed',
   hidden: false,
   flags: {
     ...flags.commonFlags,
@@ -14219,7 +14226,7 @@ async function run$1(argv, importMeta, {
   await handleUninstallCompletion(String(targetName));
 }
 
-const description = 'Teardown the Socket command from your environment';
+const description = 'Uninstall Socket CLI tab completion';
 const cmdUninstall = {
   description,
   hidden: false,
@@ -14477,6 +14484,108 @@ async function run(argv, importMeta, {
   }
 }
 
+const rootCommands = {
+  analytics: cmdAnalytics,
+  'audit-log': cmdAuditLog,
+  ci: cmdCI,
+  cdxgen: cmdManifestCdxgen,
+  config: cmdConfig,
+  deps: cmdOrganizationDependencies,
+  fix: cmdFix,
+  install: cmdInstall,
+  json: cmdJson,
+  license: cmdOrganizationPolicyLicense,
+  login: cmdLogin,
+  logout: cmdLogout,
+  manifest: cmdManifest,
+  npm: cmdNpm,
+  npx: cmdNpx,
+  oops: cmdOops,
+  optimize: cmdOptimize,
+  organization: cmdOrganization,
+  package: cmdPackage,
+  'raw-npm': cmdRawNpm,
+  'raw-npx': cmdRawNpx,
+  repository: cmdRepository,
+  scan: cmdScan,
+  security: cmdOrganizationPolicySecurity,
+  'threat-feed': cmdThreatFeed,
+  uninstall: cmdUninstall,
+  wrapper: cmdWrapper
+};
+const rootAliases = {
+  audit: {
+    description: cmdAuditLog.description,
+    hidden: true,
+    argv: ['audit-log']
+  },
+  auditLog: {
+    description: cmdAuditLog.description,
+    hidden: true,
+    argv: ['audit-log']
+  },
+  auditLogs: {
+    description: cmdAuditLog.description,
+    hidden: true,
+    argv: ['audit-log']
+  },
+  ['audit-logs']: {
+    description: cmdAuditLog.description,
+    hidden: true,
+    argv: ['audit-log']
+  },
+  feed: {
+    description: cmdThreatFeed.description,
+    hidden: true,
+    argv: ['threat-feed']
+  },
+  org: {
+    description: cmdOrganization.description,
+    hidden: true,
+    argv: ['organization']
+  },
+  orgs: {
+    description: cmdOrganization.description,
+    hidden: true,
+    argv: ['organization']
+  },
+  organizations: {
+    description: cmdOrganization.description,
+    hidden: true,
+    argv: ['organization']
+  },
+  organisation: {
+    description: cmdOrganization.description,
+    hidden: true,
+    argv: ['organization']
+  },
+  organisations: {
+    description: cmdOrganization.description,
+    hidden: true,
+    argv: ['organization']
+  },
+  pkg: {
+    description: cmdPackage.description,
+    hidden: true,
+    argv: ['package']
+  },
+  repo: {
+    description: cmdRepository.description,
+    hidden: true,
+    argv: ['repos']
+  },
+  repos: {
+    description: cmdRepository.description,
+    hidden: true,
+    argv: ['repos']
+  },
+  repositories: {
+    description: cmdRepository.description,
+    hidden: true,
+    argv: ['repos']
+  }
+};
+
 const __filename$1 = require$$0.fileURLToPath(require('node:url').pathToFileURL(__filename).href);
 void (async () => {
   const registryUrl = vendor.registryUrl();
@@ -14493,123 +14602,8 @@ void (async () => {
     version: constants.ENV.INLINED_SOCKET_CLI_VERSION
   });
   try {
-    await utils.meowWithSubcommands({
-      analytics: cmdAnalytics,
-      'audit-log': cmdAuditLog,
-      ci: cmdCI,
-      config: cmdConfig,
-      fix: cmdFix,
-      install: cmdInstall,
-      json: cmdJson,
-      login: cmdLogin,
-      logout: cmdLogout,
-      npm: cmdNpm,
-      npx: cmdNpx,
-      oops: cmdOops,
-      optimize: cmdOptimize,
-      organization: cmdOrganization,
-      package: cmdPackage,
-      manifest: cmdManifest,
-      scan: cmdScan,
-      'raw-npm': cmdRawNpm,
-      'raw-npx': cmdRawNpx,
-      repos: cmdRepository,
-      'threat-feed': cmdThreatFeed,
-      uninstall: cmdUninstall,
-      wrapper: cmdWrapper
-    }, {
-      aliases: {
-        audit: {
-          description: cmdAuditLog.description,
-          hidden: true,
-          argv: ['audit-log']
-        },
-        auditLog: {
-          description: cmdAuditLog.description,
-          hidden: true,
-          argv: ['audit-log']
-        },
-        auditLogs: {
-          description: cmdAuditLog.description,
-          hidden: true,
-          argv: ['audit-log']
-        },
-        ['audit-logs']: {
-          description: cmdAuditLog.description,
-          hidden: true,
-          argv: ['audit-log']
-        },
-        cdxgen: {
-          description: cmdManifestCdxgen.description,
-          hidden: true,
-          argv: ['manifest', 'cdxgen']
-        },
-        deps: {
-          description: cmdOrganizationDependencies.description,
-          hidden: true,
-          argv: ['dependencies']
-        },
-        feed: {
-          description: cmdThreatFeed.description,
-          hidden: true,
-          argv: ['threat-feed']
-        },
-        license: {
-          description: cmdOrganizationPolicyLicense.description,
-          hidden: true,
-          argv: ['organization', 'policy', 'license']
-        },
-        org: {
-          description: cmdOrganization.description,
-          hidden: true,
-          argv: ['organization']
-        },
-        orgs: {
-          description: cmdOrganization.description,
-          hidden: true,
-          argv: ['organization']
-        },
-        organizations: {
-          description: cmdOrganization.description,
-          hidden: true,
-          argv: ['organization']
-        },
-        organisation: {
-          description: cmdOrganization.description,
-          hidden: true,
-          argv: ['organization']
-        },
-        organisations: {
-          description: cmdOrganization.description,
-          hidden: true,
-          argv: ['organization']
-        },
-        pkg: {
-          description: cmdPackage.description,
-          hidden: true,
-          argv: ['package']
-        },
-        repo: {
-          description: cmdRepository.description,
-          hidden: true,
-          argv: ['repos']
-        },
-        repository: {
-          description: cmdRepository.description,
-          hidden: true,
-          argv: ['repos']
-        },
-        repositories: {
-          description: cmdRepository.description,
-          hidden: true,
-          argv: ['repos']
-        },
-        security: {
-          description: cmdOrganizationPolicySecurity.description,
-          hidden: true,
-          argv: ['organization', 'policy', 'security']
-        }
-      },
+    await utils.meowWithSubcommands(rootCommands, {
+      aliases: rootAliases,
       argv: process.argv.slice(2),
       // Lazily access constants.SOCKET_CLI_BIN_NAME.
       name: constants.SOCKET_CLI_BIN_NAME,
@@ -14643,8 +14637,9 @@ void (async () => {
 
     // Try to parse the flags, find out if --json is set.
     const isJson = (() => {
-      const cli = vendor.meow(``, {
+      const cli = vendor.meow({
         argv: process.argv.slice(2),
+        // Prevent meow from potentially exiting early.
         autoHelp: false,
         autoVersion: false,
         flags: {},
@@ -14661,7 +14656,8 @@ void (async () => {
         cause: errorMessage
       }));
     } else {
-      logger.logger.error('\n'); // Any-spinner-newline
+      // Add 2 newlines in stderr to bump below any spinner.
+      logger.logger.error('\n');
       logger.logger.fail(utils.failMsgWithBadge(errorTitle, errorMessage));
       if (errorBody) {
         require$$6.debugDir('inspect', {
@@ -14672,5 +14668,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=45ca8976-a28f-4fa2-8dee-275eacd6152a
+//# debugId=75f08195-c836-4616-95b6-9e8b367baf91
 //# sourceMappingURL=cli.js.map