@socketsecurity/cli-with-sentry 1.0.86 → 1.0.87

package/dist/constants.js

@@ -140,10 +140,10 @@ const LAZY_ENV = () => {
     INLINED_SOCKET_CLI_SYNP_VERSION: envAsString("1.9.14"),
     // Comp-time inlined Socket package version.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    INLINED_SOCKET_CLI_VERSION: envAsString("1.0.86"),
+    INLINED_SOCKET_CLI_VERSION: envAsString("1.0.87"),
     // Comp-time inlined Socket package version hash.
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
-    INLINED_SOCKET_CLI_VERSION_HASH: envAsString("1.0.86:43eeda3:d0c8e83d:pub"),
+    INLINED_SOCKET_CLI_VERSION_HASH: envAsString("1.0.87:848284c:581d6f3a:pub"),
     // The absolute location of the %localappdata% folder on Windows used to store
     // user-specific, non-roaming application data, like temporary files, cached
     // data, and program settings, that are specific to the current machine and user.
@@ -167,7 +167,7 @@ const LAZY_ENV = () => {
     // programs are located. When a command is run, the system searches these
     // directories to find the executable.
     PATH: envAsString(env['PATH']),
-    // Accept risks of a safe-npm and safe-npx run.
+    // Accept risks of a Socket wrapped npm/npx run.
     SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),
     // Change the base URL for all API-calls.
     // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development
@@ -200,7 +200,7 @@ const LAZY_ENV = () => {
     SOCKET_CLI_ORG_SLUG: envAsString(env['SOCKET_CLI_ORG_SLUG']) ||
     // Coana CLI accepts the SOCKET_ORG_SLUG environment variable.
     envAsString(env['SOCKET_ORG_SLUG']),
-    // View all risks of a safe-npm and safe-npx run.
+    // View all risks of a Socket wrapped npm/npx run.
     SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),
     // Specifies the type of terminal or terminal emulator being used by the process.
     TERM: envAsString(env['TERM']),
@@ -509,5 +509,5 @@ const constants = createConstantsObject({
 });
 
 module.exports = constants;
-//# debugId=4baa0270-f36b-44b2-938e-26edd63efdd6
+//# debugId=3671fe5b-04dc-47f0-a223-21d1f9db2046
 //# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\nimport type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\n// Using `path.dirname(__filename)` to resolve `__dirname` works for both 'dist'\n// AND 'src' directories because constants.js and constants.mts respectively are\n// in the root of each.\nconst __dirname = path.dirname(__filename)\n\nconst {\n  kInternalsSymbol,\n  [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n    attributes: registryConstantsAttribs,\n    createConstantsObject,\n    getIpc,\n  },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n  Omit<RegistryInternals, 'getIpc'> &\n    Readonly<{\n      getIpc: {\n        (): Promise<IPC>\n        <K extends keyof IPC | undefined>(\n          key?: K | undefined,\n        ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n      }\n      getSentry: () => Sentry\n      setSentry(Sentry: Sentry): boolean\n    }>\n>\n\ntype ENV = Remap<\n  RegistryEnv &\n    Readonly<{\n      DISABLE_GITHUB_CACHE: boolean\n      GITHUB_API_URL: string\n      GITHUB_BASE_REF: string\n      GITHUB_REF_NAME: string\n      GITHUB_REF_TYPE: string\n      GITHUB_REPOSITORY: string\n      GITHUB_SERVER_URL: string\n      GITHUB_TOKEN: string\n      INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: string\n      INLINED_SOCKET_CLI_HOMEPAGE: string\n      INLINED_SOCKET_CLI_LEGACY_BUILD: string\n      INLINED_SOCKET_CLI_NAME: string\n      INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n      INLINED_SOCKET_CLI_SENTRY_BUILD: string\n      INLINED_SOCKET_CLI_VERSION: string\n      INLINED_SOCKET_CLI_VERSION_HASH: string\n      INLINED_SOCKET_CLI_SYNP_VERSION: string\n      LOCALAPPDATA: string\n      NODE_COMPILE_CACHE: string\n      NODE_EXTRA_CA_CERTS: string\n      PATH: string\n      SOCKET_CLI_ACCEPT_RISKS: boolean\n      SOCKET_CLI_API_BASE_URL: string\n      SOCKET_CLI_API_PROXY: string\n      SOCKET_CLI_API_TOKEN: string\n      SOCKET_CLI_CONFIG: string\n      SOCKET_CLI_GIT_USER_EMAIL: string\n      SOCKET_CLI_GIT_USER_NAME: string\n      SOCKET_CLI_GITHUB_TOKEN: string\n      SOCKET_CLI_NO_API_TOKEN: boolean\n      SOCKET_CLI_NPM_PATH: string\n      SOCKET_CLI_ORG_SLUG: string\n      SOCKET_CLI_VIEW_ALL_RISKS: boolean\n      TERM: string\n      XDG_DATA_HOME: string\n    }>\n>\n\ntype ProcessEnv = {\n  [K in keyof ENV]?: string\n}\n\ntype IPC = Readonly<{\n  SOCKET_CLI_FIX?: string | undefined\n  SOCKET_CLI_OPTIMIZE?: boolean | undefined\n  SOCKET_CLI_SAFE_BIN?: string | undefined\n  SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n  Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n    readonly 'Symbol(kInternalsSymbol)': Internals\n    readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n    readonly ALERT_TYPE_CVE: 'cve'\n    readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n    readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n    readonly API_V0_URL: 'https://api.socket.dev/v0/'\n    readonly BINARY_LOCK_EXT: '.lockb'\n    readonly BUN: 'bun'\n    readonly ENV: ENV\n    readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n    readonly DRY_RUN_LABEL: '[DryRun]'\n    readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n    readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n    readonly IPC: IPC\n    readonly LOCK_EXT: '.lock'\n    readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n    readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n    readonly PNPM: 'pnpm'\n    readonly REDACTED: '<redacted>'\n    readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n    readonly SOCKET_CLI_BIN_NAME: 'socket'\n    readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n    readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n    readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n    readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n    readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n    readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n    readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n    readonly SOCKET_DEFAULT_BRANCH: 'socket-default-branch'\n    readonly SOCKET_DEFAULT_REPOSITORY: 'socket-default-repository'\n    readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n    readonly VLT: 'vlt'\n    readonly YARN: 'yarn'\n    readonly YARN_BERRY: 'yarn/berry'\n    readonly YARN_CLASSIC: 'yarn/classic'\n    readonly YARN_LOCK: 'yarn.lock'\n    readonly bashRcPath: string\n    readonly binCliPath: string\n    readonly binPath: string\n    readonly blessedContribPath: string\n    readonly blessedOptions: {\n      smartCSR: boolean\n      term: string\n      useBCE: boolean\n    }\n    readonly blessedPath: string\n    readonly coanaBinPath: string\n    readonly coanaPath: string\n    readonly distCliPath: string\n    readonly distPath: string\n    readonly externalPath: string\n    readonly githubCachePath: string\n    readonly homePath: string\n    readonly instrumentWithSentryPath: string\n    readonly minimumVersionByAgent: Map<Agent, string>\n    readonly nmBinPath: string\n    readonly nodeHardenFlags: string[]\n    readonly nodeMemoryFlags: string[]\n    readonly npmCachePath: string\n    readonly npmGlobalPrefix: string\n    readonly npmNmNodeGypPath: string\n    readonly processEnv: ProcessEnv\n    readonly rootPath: string\n    readonly shadowBinPath: string\n    readonly shadowNpmBinPath: string\n    readonly shadowNpmInjectPath: string\n    readonly socketAppDataPath: string\n    readonly socketCachePath: string\n    readonly socketRegistryPath: string\n    readonly zshRcPath: string\n  }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_DEFAULT_BRANCH = 'socket-default-branch'\nconst SOCKET_DEFAULT_REPOSITORY = 'socket-default-repository'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nlet _npmStdioPipeOptions: SpawnOptions | undefined\nfunction getNpmStdioPipeOptions() {\n  if (_npmStdioPipeOptions === undefined) {\n    _npmStdioPipeOptions = {\n      cwd: process.cwd(),\n      // Lazily access constants.WIN32.\n      shell: constants.WIN32,\n    }\n  }\n  return _npmStdioPipeOptions\n}\n\nconst LAZY_ENV = () => {\n  const { env } = process\n  const {\n    envAsBoolean,\n    envAsString,\n  } = /*@__PURE__*/ require('@socketsecurity/registry/lib/env')\n  const { getConfigValueOrUndef } = /*@__PURE__*/ require(\n    // Lazily access constants.rootPath.\n    path.join(constants.rootPath, 'dist/utils.js'),\n  )\n  const GITHUB_TOKEN = envAsString(env['GITHUB_TOKEN'])\n  // We inline some environment values so that they CANNOT be influenced by user\n  // provided environment variables.\n  return Object.freeze({\n    __proto__: null,\n    // Lazily access registryConstants.ENV.\n    ...registryConstants.ENV,\n    // Disable using GitHub's workflow actions/cache.\n    // https://github.com/actions/cache\n    DISABLE_GITHUB_CACHE: envAsBoolean(env['DISABLE_GITHUB_CACHE']),\n    // The API URL. For example, https://api.github.com.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_API_URL:\n      envAsString(env['GITHUB_API_URL']) || 'https://api.github.com',\n    // The name of the base ref or target branch of the pull request in a workflow\n    // run. This is only set when the event that triggers a workflow run is either\n    // pull_request or pull_request_target. For example, main.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_BASE_REF: envAsString(env['GITHUB_BASE_REF']),\n    // The short ref name of the branch or tag that triggered the GitHub workflow\n    // run. This value matches the branch or tag name shown on GitHub. For example,\n    // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n    // The type of ref that triggered the workflow run. Valid values are branch or tag.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n    // The owner and repository name. For example, octocat/Hello-World.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n    // The URL of the GitHub server. For example, https://github.com.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_SERVER_URL:\n      envAsString(env['GITHUB_SERVER_URL']) || 'https://github.com',\n    // The GITHUB_TOKEN secret is a GitHub App installation access token.\n    // The token's permissions are limited to the repository that contains the\n    // workflow.\n    // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n    GITHUB_TOKEN,\n    // Comp-time inlined @cyclonedx/cdxgen package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION']\".\n    INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: envAsString(\n      process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION'],\n    ),\n    // Comp-time inlined Socket package homepage.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n    INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n      process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n    ),\n    // Comp-time inlined flag to determine if this is the Legacy build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n    INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n    ),\n    // Comp-time inlined Socket package name.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n    INLINED_SOCKET_CLI_NAME: envAsString(\n      process.env['INLINED_SOCKET_CLI_NAME'],\n    ),\n    // Comp-time inlined flag to determine if this is a published build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n    INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n    ),\n    // Comp-time inlined flag to determine if this is the Sentry build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n    INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n    ),\n    // Comp-time inlined synp package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SYNP_VERSION']\".\n    INLINED_SOCKET_CLI_SYNP_VERSION: envAsString(\n      process.env['INLINED_SOCKET_CLI_SYNP_VERSION'],\n    ),\n    // Comp-time inlined Socket package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n    INLINED_SOCKET_CLI_VERSION: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION'],\n    ),\n    // Comp-time inlined Socket package version hash.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n    INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n    ),\n    // The absolute location of the %localappdata% folder on Windows used to store\n    // user-specific, non-roaming application data, like temporary files, cached\n    // data, and program settings, that are specific to the current machine and user.\n    LOCALAPPDATA: envAsString(env[LOCALAPPDATA]),\n    // Enable the module compile cache for the Node.js instance.\n    // https://nodejs.org/api/cli.html#node_compile_cachedir\n    NODE_COMPILE_CACHE:\n      // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n      constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n        ? // Lazily access constants.socketCachePath.\n          constants.socketCachePath\n        : '',\n    // Well known \"root\" CAs (like VeriSign) will be extended with the extra\n    // certificates in file. The file should consist of one or more trusted\n    // certificates in PEM format.\n    // https://nodejs.org/api/cli.html#node_extra_ca_certsfile\n    NODE_EXTRA_CA_CERTS:\n      envAsString(env['NODE_EXTRA_CA_CERTS']) ||\n      // Commonly used environment variable to specify the path to a single\n      // PEM-encoded certificate file.\n      envAsString(env['SSL_CERT_FILE']),\n    // PATH is an environment variable that lists directories where executable\n    // programs are located. When a command is run, the system searches these\n    // directories to find the executable.\n    PATH: envAsString(env['PATH']),\n    // Accept risks of a safe-npm and safe-npx run.\n    SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),\n    // Change the base URL for all API-calls.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_CLI_API_BASE_URL:\n      envAsString(env['SOCKET_CLI_API_BASE_URL']) ||\n      envAsString(env['SOCKET_SECURITY_API_BASE_URL']) ||\n      getConfigValueOrUndef('apiBaseUrl') ||\n      'https://api.socket.dev/v0/',\n    // Set the proxy that all requests are routed through.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_CLI_API_PROXY:\n      envAsString(env['SOCKET_CLI_API_PROXY']) ||\n      envAsString(env['SOCKET_SECURITY_API_PROXY']) ||\n      // Commonly used environment variables to specify routing requests through\n      // a proxy server.\n      envAsString(env['HTTPS_PROXY']) ||\n      envAsString(env['https_proxy']) ||\n      envAsString(env['HTTP_PROXY']) ||\n      envAsString(env['http_proxy']),\n    // Set the Socket API token.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n    SOCKET_CLI_API_TOKEN:\n      envAsString(env['SOCKET_CLI_API_TOKEN']) ||\n      envAsString(env['SOCKET_CLI_API_KEY']) ||\n      envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n      envAsString(env['SOCKET_SECURITY_API_KEY']),\n    // A JSON stringified Socket configuration object.\n    SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),\n    // The git config user.email used by Socket CLI.\n    SOCKET_CLI_GIT_USER_EMAIL:\n      envAsString(env['SOCKET_CLI_GIT_USER_EMAIL']) ||\n      'github-actions[bot]@users.noreply.github.com',\n    // The git config user.name used by Socket CLI.\n    SOCKET_CLI_GIT_USER_NAME:\n      envAsString(env['SOCKET_CLI_GIT_USER_NAME']) ||\n      envAsString(env['SOCKET_CLI_GIT_USERNAME']) ||\n      'github-actions[bot]',\n    // A classic GitHub personal access token with the \"repo\" scope or a\n    // fine-grained access token with at least read/write permissions set for\n    // \"Contents\" and \"Pull Request\".\n    // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n    SOCKET_CLI_GITHUB_TOKEN:\n      envAsString(env['SOCKET_CLI_GITHUB_TOKEN']) ||\n      envAsString(env['SOCKET_SECURITY_GITHUB_PAT']) ||\n      GITHUB_TOKEN,\n    // Make the default API token `undefined`.\n    SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n    // The absolute location of the npm directory.\n    SOCKET_CLI_NPM_PATH: envAsString(env['SOCKET_CLI_NPM_PATH']),\n    // Specify the Socket organization slug.\n    SOCKET_CLI_ORG_SLUG:\n      envAsString(env['SOCKET_CLI_ORG_SLUG']) ||\n      // Coana CLI accepts the SOCKET_ORG_SLUG environment variable.\n      envAsString(env['SOCKET_ORG_SLUG']),\n    // View all risks of a safe-npm and safe-npx run.\n    SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),\n    // Specifies the type of terminal or terminal emulator being used by the process.\n    TERM: envAsString(env['TERM']),\n    // The location of the base directory on Linux and MacOS used to store\n    // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n    XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME']),\n  })\n}\n\nconst lazyBashRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n  // Lazily access constants.binPath.\n  path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n  Object.freeze({\n    smartCSR: true,\n    // Lazily access constants.WIN32.\n    term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n    useBCE: true,\n  })\n\nconst lazyBlessedPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n  // Lazily access constants.coanaPath.\n  path.join(constants.coanaPath, 'cli.mjs')\n\nconst lazyCoanaPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n  // Lazily access constants.socketCachePath.\n  path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n  new Map([\n    // Bun >=1.1.39 supports the text-based lockfile.\n    // https://bun.sh/blog/bun-lock-text-lockfile\n    [BUN, '1.1.39'],\n    // The npm version bundled with Node 18.\n    // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n    ['npm', '10.8.2'],\n    // 8.x is the earliest version to support Node 18.\n    // https://pnpm.io/installation#compatibility\n    // https://www.npmjs.com/package/pnpm?activeTab=versions\n    [PNPM, '8.15.7'],\n    // 4.x supports >= Node 18.12.0\n    // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n    [YARN_BERRY, '4.0.0'],\n    // Latest 1.x.\n    // https://www.npmjs.com/package/yarn?activeTab=versions\n    [YARN_CLASSIC, '1.22.22'],\n    // vlt does not support overrides so we don't gate on it.\n    [VLT, '*'],\n  ])\n\nconst lazyNmBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n  Object.freeze(\n    // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n    constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n      // Lazily access constants.WIN32.\n      constants.WIN32\n      ? []\n      : // Harden Node security.\n        // https://nodejs.org/en/learn/getting-started/security-best-practices\n        [\n          '--disable-proto',\n          'throw',\n          // We have contributed the following patches to our dependencies to make\n          // Node's --frozen-intrinsics workable.\n          // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n          // √ https://github.com/pnpm/components/pull/23\n          '--frozen-intrinsics',\n          '--no-deprecation',\n        ],\n  )\n\nconst lazyNodeMemoryFlags = () => {\n  const {\n    getMaxOldSpaceSizeFlag,\n    getMaxSemiSpaceSizeFlag,\n  } = /*@__PURE__*/ require(\n    // Lazily access constants.rootPath.\n    path.join(constants.rootPath, 'dist/flags.js'),\n  )\n  return Object.freeze([\n    `--max-old-space-size=${getMaxOldSpaceSizeFlag()}`,\n    `--max-semi-space-size=${getMaxSemiSpaceSizeFlag()}`,\n  ])\n}\n\nconst lazyNpmCachePath = () => {\n  const {\n    spawnSync,\n  } = /*@__PURE__*/ require('@socketsecurity/registry/lib/spawn')\n  return spawnSync(\n    // Lazily access constants.npmExecPath.\n    constants.npmExecPath,\n    ['config', 'get', 'cache'],\n    getNpmStdioPipeOptions(),\n  ).stdout\n}\n\nconst lazyNpmGlobalPrefix = () => {\n  const {\n    spawnSync,\n  } = /*@__PURE__*/ require('@socketsecurity/registry/lib/spawn')\n  return spawnSync(\n    // Lazily access constants.npmExecPath.\n    constants.npmExecPath,\n    ['prefix', '-g'],\n    getNpmStdioPipeOptions(),\n  ).stdout\n}\n\nconst lazyNpmNmNodeGypPath = () =>\n  path.join(\n    // Lazily access constants.npmRealExecPath.\n    constants.npmRealExecPath,\n    '../../node_modules/node-gyp/bin/node-gyp.js',\n  )\n\nconst lazyProcessEnv = () =>\n  // Lazily access constants.ENV.\n  Object.setPrototypeOf(\n    Object.fromEntries(\n      Object.entries(constants.ENV).reduce(\n        (entries, entry) => {\n          const { 0: key, 1: value } = entry\n          if (key.startsWith('INLINED_SOCKET_CLI_')) {\n            return entries\n          }\n          if (typeof value === 'string') {\n            if (value) {\n              entries.push(entry as [string, string])\n            }\n          } else if (typeof value === 'boolean' && value) {\n            entries.push([key, '1'])\n          }\n          return entries\n        },\n        [] as Array<[string, string]>,\n      ),\n    ),\n    null,\n  )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'shadow-npm-bin')\n\nconst lazyShadowNpmBinPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'shadow-npm-bin.js')\n\nconst lazyShadowNpmInjectPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'shadow-npm-inject.js')\n\nconst lazySocketAppDataPath = (): string | undefined => {\n  // Get the OS app data directory:\n  // - Win: %LOCALAPPDATA% or fail?\n  // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n  // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n  // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n  // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n  //       On most systems that path is: $HOME/.local/share\n  // Then append `socket/settings`, so:\n  // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n  // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n  // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  let dataHome: string | undefined = WIN32\n    ? // Lazily access constants.ENV.LOCALAPPDATA\n      constants.ENV.LOCALAPPDATA\n    : // Lazily access constants.ENV.XDG_DATA_HOME\n      constants.ENV.XDG_DATA_HOME\n  if (!dataHome) {\n    if (WIN32) {\n      const logger = /*@__PURE__*/ require('@socketsecurity/registry/lib/logger')\n      logger.warn(`Missing %${LOCALAPPDATA}%`)\n    } else {\n      dataHome = path.join(\n        // Lazily access constants.homePath.\n        constants.homePath,\n        // Lazily access constants.DARWIN.\n        constants.DARWIN ? 'Library/Application Support' : '.local/share',\n      )\n    }\n  }\n  return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n  {\n    ...registryConstantsAttribs.props,\n    ALERT_TYPE_CRITICAL_CVE,\n    ALERT_TYPE_CVE,\n    ALERT_TYPE_MEDIUM_CVE,\n    ALERT_TYPE_MILD_CVE,\n    API_V0_URL,\n    BINARY_LOCK_EXT,\n    BUN,\n    DOT_SOCKET_DOT_FACTS_JSON,\n    DRY_RUN_LABEL,\n    DRY_RUN_BAILING_NOW,\n    DRY_RUN_NOT_SAVING,\n    ENV: undefined,\n    LOCK_EXT,\n    NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n    NPM_REGISTRY_URL,\n    PNPM,\n    REDACTED,\n    SOCKET_CLI_ACCEPT_RISKS,\n    SOCKET_CLI_BIN_NAME,\n    SOCKET_CLI_FIX,\n    SOCKET_CLI_ISSUES_URL,\n    SOCKET_CLI_OPTIMIZE,\n    SOCKET_CLI_SAFE_BIN,\n    SOCKET_CLI_SAFE_PROGRESS,\n    SOCKET_CLI_VIEW_ALL_RISKS,\n    SOCKET_DEFAULT_BRANCH,\n    SOCKET_DEFAULT_REPOSITORY,\n    SOCKET_WEBSITE_URL,\n    VLT,\n    YARN,\n    YARN_BERRY,\n    YARN_CLASSIC,\n    YARN_LOCK,\n    bashRcPath: undefined,\n    binPath: undefined,\n    binCliPath: undefined,\n    blessedContribPath: undefined,\n    blessedOptions: undefined,\n    blessedPath: undefined,\n    coanaBinPath: undefined,\n    coanaPath: undefined,\n    distCliPath: undefined,\n    distPath: undefined,\n    externalPath: undefined,\n    githubCachePath: undefined,\n    homePath: undefined,\n    instrumentWithSentryPath: undefined,\n    minimumVersionByAgent: undefined,\n    nmBinPath: undefined,\n    nodeHardenFlags: undefined,\n    nodeMemoryFlags: undefined,\n    npmCachePath: undefined,\n    npmGlobalPrefix: undefined,\n    npmNmNodeGypPath: undefined,\n    processEnv: undefined,\n    rootPath: undefined,\n    shadowBinPath: undefined,\n    shadowNpmInjectPath: undefined,\n    shadowNpmBinPath: undefined,\n    socketAppDataPath: undefined,\n    socketCachePath: undefined,\n    socketRegistryPath: undefined,\n    zshRcPath: undefined,\n  },\n  {\n    getters: {\n      ...registryConstantsAttribs.getters,\n      ENV: LAZY_ENV,\n      bashRcPath: lazyBashRcPath,\n      binCliPath: lazyBinCliPath,\n      binPath: lazyBinPath,\n      blessedContribPath: lazyBlessedContribPath,\n      blessedOptions: lazyBlessedOptions,\n      blessedPath: lazyBlessedPath,\n      coanaBinPath: lazyCoanaBinPath,\n      coanaPath: lazyCoanaPath,\n      distCliPath: lazyDistCliPath,\n      distPath: lazyDistPath,\n      externalPath: lazyExternalPath,\n      githubCachePath: lazyGithubCachePath,\n      homePath: lazyHomePath,\n      instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n      minimumVersionByAgent: lazyMinimumVersionByAgent,\n      nmBinPath: lazyNmBinPath,\n      nodeHardenFlags: lazyNodeHardenFlags,\n      nodeMemoryFlags: lazyNodeMemoryFlags,\n      npmCachePath: lazyNpmCachePath,\n      npmGlobalPrefix: lazyNpmGlobalPrefix,\n      npmNmNodeGypPath: lazyNpmNmNodeGypPath,\n      processEnv: lazyProcessEnv,\n      rootPath: lazyRootPath,\n      shadowBinPath: lazyShadowBinPath,\n      shadowNpmBinPath: lazyShadowNpmBinPath,\n      shadowNpmInjectPath: lazyShadowNpmInjectPath,\n      socketAppDataPath: lazySocketAppDataPath,\n      socketCachePath: lazySocketCachePath,\n      socketRegistryPath: lazySocketRegistryPath,\n      zshRcPath: lazyZshRcPath,\n    },\n    internals: {\n      ...registryConstantsAttribs.internals,\n      getIpc,\n      getSentry() {\n        return _Sentry\n      },\n      setSentry(Sentry: Sentry): boolean {\n        if (_Sentry === undefined) {\n          _Sentry = Sentry\n          return true\n        }\n        return false\n      },\n    },\n  },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","_npmStdioPipeOptions","cwd","env","envAsString","getConfigValueOrUndef","__proto__","DISABLE_GITHUB_CACHE","GITHUB_BASE_REF","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","NODE_EXTRA_CA_CERTS","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_NPM_PATH","SOCKET_CLI_ORG_SLUG","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","getMaxSemiSpaceSizeFlag","spawnSync","Object","entries","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","nodeMemoryFlags","npmCachePath","npmGlobalPrefix","npmNmNodeGypPath","processEnv","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAYA;AACA;AACA;AACA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAqJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACA;;AAEIC;AACEC;AACA;;;AAGJ;AACA;AACF;AAEA;;AACUC;AAAI;;;AAGVC;AACF;;AACQC;;AACN;;;AAIF;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACA;AACAC;AAEE;AACA;AACAV;AACF;AACA;AACA;AACAW;AACA;AACAC;AACA;AACA;;AAMA;AACA;AACAC;AAGE;AACA;AACAb;AAIF;AACA;AACAc;AAKA;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;AACA;AACA;AACAC;AAIA;AACAC;AACA;AACAC;AACA;AACAC;AAEE;AACApB;AACF;AACAqB;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAf;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;;;AAGImB;;AAEA;;AAGF;AAIF;AAEA;;AAEIC;AACF;AACA;AACE;AACApB;AAIJ;AAEA;;AAEIoB;AACF;AACA;AACE;AACApB;AAIJ;AAEA;AAEI;AACAA;AAIJ;AACE;AACAqB;;AAIgB;AAAQ;AAAS;AACzB;AACE;AACF;AACA;AACE;AACEC;AACF;;;AAGF;AACA;AACF;AAOR;AAEA;AACE;AACAP;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQQ;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAxB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAe;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;;;;;;;;;;;;;AAcIU;;;;;;;;;;;;;;;;;;;;;;AAsBAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE/B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"4baa0270-f36b-44b2-938e-26edd63efdd6"}
+{"version":3,"file":"constants.js","sources":["../src/constants.mts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport { createRequire } from 'node:module'\nimport os from 'node:os'\nimport path from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\n\nimport type { Agent } from './utils/package-environment.mts'\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\nimport type { SpawnOptions } from '@socketsecurity/registry/lib/spawn'\n\nconst require = createRequire(import.meta.url)\nconst __filename = fileURLToPath(import.meta.url)\n// Using `path.dirname(__filename)` to resolve `__dirname` works for both 'dist'\n// AND 'src' directories because constants.js and constants.mts respectively are\n// in the root of each.\nconst __dirname = path.dirname(__filename)\n\nconst {\n  kInternalsSymbol,\n  [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n    attributes: registryConstantsAttribs,\n    createConstantsObject,\n    getIpc,\n  },\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n  Omit<RegistryInternals, 'getIpc'> &\n    Readonly<{\n      getIpc: {\n        (): Promise<IPC>\n        <K extends keyof IPC | undefined>(\n          key?: K | undefined,\n        ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n      }\n      getSentry: () => Sentry\n      setSentry(Sentry: Sentry): boolean\n    }>\n>\n\ntype ENV = Remap<\n  RegistryEnv &\n    Readonly<{\n      DISABLE_GITHUB_CACHE: boolean\n      GITHUB_API_URL: string\n      GITHUB_BASE_REF: string\n      GITHUB_REF_NAME: string\n      GITHUB_REF_TYPE: string\n      GITHUB_REPOSITORY: string\n      GITHUB_SERVER_URL: string\n      GITHUB_TOKEN: string\n      INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: string\n      INLINED_SOCKET_CLI_HOMEPAGE: string\n      INLINED_SOCKET_CLI_LEGACY_BUILD: string\n      INLINED_SOCKET_CLI_NAME: string\n      INLINED_SOCKET_CLI_PUBLISHED_BUILD: string\n      INLINED_SOCKET_CLI_SENTRY_BUILD: string\n      INLINED_SOCKET_CLI_VERSION: string\n      INLINED_SOCKET_CLI_VERSION_HASH: string\n      INLINED_SOCKET_CLI_SYNP_VERSION: string\n      LOCALAPPDATA: string\n      NODE_COMPILE_CACHE: string\n      NODE_EXTRA_CA_CERTS: string\n      PATH: string\n      SOCKET_CLI_ACCEPT_RISKS: boolean\n      SOCKET_CLI_API_BASE_URL: string\n      SOCKET_CLI_API_PROXY: string\n      SOCKET_CLI_API_TOKEN: string\n      SOCKET_CLI_CONFIG: string\n      SOCKET_CLI_GIT_USER_EMAIL: string\n      SOCKET_CLI_GIT_USER_NAME: string\n      SOCKET_CLI_GITHUB_TOKEN: string\n      SOCKET_CLI_NO_API_TOKEN: boolean\n      SOCKET_CLI_NPM_PATH: string\n      SOCKET_CLI_ORG_SLUG: string\n      SOCKET_CLI_VIEW_ALL_RISKS: boolean\n      TERM: string\n      XDG_DATA_HOME: string\n    }>\n>\n\ntype ProcessEnv = {\n  [K in keyof ENV]?: string\n}\n\ntype IPC = Readonly<{\n  SOCKET_CLI_FIX?: string | undefined\n  SOCKET_CLI_OPTIMIZE?: boolean | undefined\n  SOCKET_CLI_SAFE_BIN?: string | undefined\n  SOCKET_CLI_SAFE_PROGRESS?: boolean | undefined\n}>\n\ntype Constants = Remap<\n  Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {\n    readonly 'Symbol(kInternalsSymbol)': Internals\n    readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n    readonly ALERT_TYPE_CVE: 'cve'\n    readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n    readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n    readonly API_V0_URL: 'https://api.socket.dev/v0/'\n    readonly BINARY_LOCK_EXT: '.lockb'\n    readonly BUN: 'bun'\n    readonly ENV: ENV\n    readonly DOT_SOCKET_DOT_FACTS_JSON: '.socket.facts.json'\n    readonly DRY_RUN_LABEL: '[DryRun]'\n    readonly DRY_RUN_BAILING_NOW: '[DryRun] Bailing now'\n    readonly DRY_RUN_NOT_SAVING: '[DryRun] Not saving'\n    readonly IPC: IPC\n    readonly LOCK_EXT: '.lock'\n    readonly NPM_BUGGY_OVERRIDES_PATCHED_VERSION: '11.2.0'\n    readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n    readonly PNPM: 'pnpm'\n    readonly REDACTED: '<redacted>'\n    readonly SOCKET_CLI_ACCEPT_RISKS: 'SOCKET_CLI_ACCEPT_RISKS'\n    readonly SOCKET_CLI_BIN_NAME: 'socket'\n    readonly SOCKET_CLI_CONFIG: 'SOCKET_CLI_CONFIG'\n    readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n    readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n    readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n    readonly SOCKET_CLI_SAFE_BIN: 'SOCKET_CLI_SAFE_BIN'\n    readonly SOCKET_CLI_SAFE_PROGRESS: 'SOCKET_CLI_SAFE_PROGRESS'\n    readonly SOCKET_CLI_VIEW_ALL_RISKS: 'SOCKET_CLI_VIEW_ALL_RISKS'\n    readonly SOCKET_DEFAULT_BRANCH: 'socket-default-branch'\n    readonly SOCKET_DEFAULT_REPOSITORY: 'socket-default-repository'\n    readonly SOCKET_WEBSITE_URL: 'https://socket.dev'\n    readonly VLT: 'vlt'\n    readonly YARN: 'yarn'\n    readonly YARN_BERRY: 'yarn/berry'\n    readonly YARN_CLASSIC: 'yarn/classic'\n    readonly YARN_LOCK: 'yarn.lock'\n    readonly bashRcPath: string\n    readonly binCliPath: string\n    readonly binPath: string\n    readonly blessedContribPath: string\n    readonly blessedOptions: {\n      smartCSR: boolean\n      term: string\n      useBCE: boolean\n    }\n    readonly blessedPath: string\n    readonly coanaBinPath: string\n    readonly coanaPath: string\n    readonly distCliPath: string\n    readonly distPath: string\n    readonly externalPath: string\n    readonly githubCachePath: string\n    readonly homePath: string\n    readonly instrumentWithSentryPath: string\n    readonly minimumVersionByAgent: Map<Agent, string>\n    readonly nmBinPath: string\n    readonly nodeHardenFlags: string[]\n    readonly nodeMemoryFlags: string[]\n    readonly npmCachePath: string\n    readonly npmGlobalPrefix: string\n    readonly npmNmNodeGypPath: string\n    readonly processEnv: ProcessEnv\n    readonly rootPath: string\n    readonly shadowBinPath: string\n    readonly shadowNpmBinPath: string\n    readonly shadowNpmInjectPath: string\n    readonly socketAppDataPath: string\n    readonly socketCachePath: string\n    readonly socketRegistryPath: string\n    readonly zshRcPath: string\n  }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst API_V0_URL = 'https://api.socket.dev/v0/'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst DOT_SOCKET_DOT_FACTS_JSON = '.socket.facts.json'\nconst DRY_RUN_LABEL = '[DryRun]'\nconst DRY_RUN_BAILING_NOW = `${DRY_RUN_LABEL}: Bailing now`\nconst DRY_RUN_NOT_SAVING = `${DRY_RUN_LABEL}: Not saving`\nconst LOCALAPPDATA = 'LOCALAPPDATA'\nconst LOCK_EXT = '.lock'\nconst NPM_BUGGY_OVERRIDES_PATCHED_VERSION = '11.2.0'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst PNPM = 'pnpm'\nconst REDACTED = '<redacted>'\nconst SOCKET_CLI_ACCEPT_RISKS = 'SOCKET_CLI_ACCEPT_RISKS'\nconst SOCKET_CLI_BIN_NAME = 'socket'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_SAFE_BIN = 'SOCKET_CLI_SAFE_BIN'\nconst SOCKET_CLI_SAFE_PROGRESS = 'SOCKET_CLI_SAFE_PROGRESS'\nconst SOCKET_CLI_VIEW_ALL_RISKS = 'SOCKET_CLI_VIEW_ALL_RISKS'\nconst SOCKET_DEFAULT_BRANCH = 'socket-default-branch'\nconst SOCKET_DEFAULT_REPOSITORY = 'socket-default-repository'\nconst SOCKET_WEBSITE_URL = 'https://socket.dev'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = 'yarn/berry'\nconst YARN_CLASSIC = 'yarn/classic'\nconst YARN_LOCK = 'yarn.lock'\n\nlet _Sentry: any\n\nlet _npmStdioPipeOptions: SpawnOptions | undefined\nfunction getNpmStdioPipeOptions() {\n  if (_npmStdioPipeOptions === undefined) {\n    _npmStdioPipeOptions = {\n      cwd: process.cwd(),\n      // Lazily access constants.WIN32.\n      shell: constants.WIN32,\n    }\n  }\n  return _npmStdioPipeOptions\n}\n\nconst LAZY_ENV = () => {\n  const { env } = process\n  const {\n    envAsBoolean,\n    envAsString,\n  } = /*@__PURE__*/ require('@socketsecurity/registry/lib/env')\n  const { getConfigValueOrUndef } = /*@__PURE__*/ require(\n    // Lazily access constants.rootPath.\n    path.join(constants.rootPath, 'dist/utils.js'),\n  )\n  const GITHUB_TOKEN = envAsString(env['GITHUB_TOKEN'])\n  // We inline some environment values so that they CANNOT be influenced by user\n  // provided environment variables.\n  return Object.freeze({\n    __proto__: null,\n    // Lazily access registryConstants.ENV.\n    ...registryConstants.ENV,\n    // Disable using GitHub's workflow actions/cache.\n    // https://github.com/actions/cache\n    DISABLE_GITHUB_CACHE: envAsBoolean(env['DISABLE_GITHUB_CACHE']),\n    // The API URL. For example, https://api.github.com.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_API_URL:\n      envAsString(env['GITHUB_API_URL']) || 'https://api.github.com',\n    // The name of the base ref or target branch of the pull request in a workflow\n    // run. This is only set when the event that triggers a workflow run is either\n    // pull_request or pull_request_target. For example, main.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_BASE_REF: envAsString(env['GITHUB_BASE_REF']),\n    // The short ref name of the branch or tag that triggered the GitHub workflow\n    // run. This value matches the branch or tag name shown on GitHub. For example,\n    // feature-branch-1. For pull requests, the format is <pr_number>/merge.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_REF_NAME: envAsString(env['GITHUB_REF_NAME']),\n    // The type of ref that triggered the workflow run. Valid values are branch or tag.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_REF_TYPE: envAsString(env['GITHUB_REF_TYPE']),\n    // The owner and repository name. For example, octocat/Hello-World.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_REPOSITORY: envAsString(env['GITHUB_REPOSITORY']),\n    // The URL of the GitHub server. For example, https://github.com.\n    // https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace#list-of-default-environment-variables\n    GITHUB_SERVER_URL:\n      envAsString(env['GITHUB_SERVER_URL']) || 'https://github.com',\n    // The GITHUB_TOKEN secret is a GitHub App installation access token.\n    // The token's permissions are limited to the repository that contains the\n    // workflow.\n    // https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#about-the-github_token-secret\n    GITHUB_TOKEN,\n    // Comp-time inlined @cyclonedx/cdxgen package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION']\".\n    INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION: envAsString(\n      process.env['INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION'],\n    ),\n    // Comp-time inlined Socket package homepage.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_HOMEPAGE']\".\n    INLINED_SOCKET_CLI_HOMEPAGE: envAsString(\n      process.env['INLINED_SOCKET_CLI_HOMEPAGE'],\n    ),\n    // Comp-time inlined flag to determine if this is the Legacy build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_LEGACY_BUILD']\".\n    INLINED_SOCKET_CLI_LEGACY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_LEGACY_BUILD'],\n    ),\n    // Comp-time inlined Socket package name.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_NAME']\".\n    INLINED_SOCKET_CLI_NAME: envAsString(\n      process.env['INLINED_SOCKET_CLI_NAME'],\n    ),\n    // Comp-time inlined flag to determine if this is a published build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD']\".\n    INLINED_SOCKET_CLI_PUBLISHED_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_PUBLISHED_BUILD'],\n    ),\n    // Comp-time inlined flag to determine if this is the Sentry build.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SENTRY_BUILD']\".\n    INLINED_SOCKET_CLI_SENTRY_BUILD: envAsBoolean(\n      process.env['INLINED_SOCKET_CLI_SENTRY_BUILD'],\n    ),\n    // Comp-time inlined synp package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_SYNP_VERSION']\".\n    INLINED_SOCKET_CLI_SYNP_VERSION: envAsString(\n      process.env['INLINED_SOCKET_CLI_SYNP_VERSION'],\n    ),\n    // Comp-time inlined Socket package version.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION']\".\n    INLINED_SOCKET_CLI_VERSION: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION'],\n    ),\n    // Comp-time inlined Socket package version hash.\n    // The '@rollup/plugin-replace' will replace \"process.env['INLINED_SOCKET_CLI_VERSION_HASH']\".\n    INLINED_SOCKET_CLI_VERSION_HASH: envAsString(\n      process.env['INLINED_SOCKET_CLI_VERSION_HASH'],\n    ),\n    // The absolute location of the %localappdata% folder on Windows used to store\n    // user-specific, non-roaming application data, like temporary files, cached\n    // data, and program settings, that are specific to the current machine and user.\n    LOCALAPPDATA: envAsString(env[LOCALAPPDATA]),\n    // Enable the module compile cache for the Node.js instance.\n    // https://nodejs.org/api/cli.html#node_compile_cachedir\n    NODE_COMPILE_CACHE:\n      // Lazily access constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR.\n      constants.SUPPORTS_NODE_COMPILE_CACHE_ENV_VAR\n        ? // Lazily access constants.socketCachePath.\n          constants.socketCachePath\n        : '',\n    // Well known \"root\" CAs (like VeriSign) will be extended with the extra\n    // certificates in file. The file should consist of one or more trusted\n    // certificates in PEM format.\n    // https://nodejs.org/api/cli.html#node_extra_ca_certsfile\n    NODE_EXTRA_CA_CERTS:\n      envAsString(env['NODE_EXTRA_CA_CERTS']) ||\n      // Commonly used environment variable to specify the path to a single\n      // PEM-encoded certificate file.\n      envAsString(env['SSL_CERT_FILE']),\n    // PATH is an environment variable that lists directories where executable\n    // programs are located. When a command is run, the system searches these\n    // directories to find the executable.\n    PATH: envAsString(env['PATH']),\n    // Accept risks of a Socket wrapped npm/npx run.\n    SOCKET_CLI_ACCEPT_RISKS: envAsBoolean(env[SOCKET_CLI_ACCEPT_RISKS]),\n    // Change the base URL for all API-calls.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_CLI_API_BASE_URL:\n      envAsString(env['SOCKET_CLI_API_BASE_URL']) ||\n      envAsString(env['SOCKET_SECURITY_API_BASE_URL']) ||\n      getConfigValueOrUndef('apiBaseUrl') ||\n      'https://api.socket.dev/v0/',\n    // Set the proxy that all requests are routed through.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables-for-development\n    SOCKET_CLI_API_PROXY:\n      envAsString(env['SOCKET_CLI_API_PROXY']) ||\n      envAsString(env['SOCKET_SECURITY_API_PROXY']) ||\n      // Commonly used environment variables to specify routing requests through\n      // a proxy server.\n      envAsString(env['HTTPS_PROXY']) ||\n      envAsString(env['https_proxy']) ||\n      envAsString(env['HTTP_PROXY']) ||\n      envAsString(env['http_proxy']),\n    // Set the Socket API token.\n    // https://github.com/SocketDev/socket-cli?tab=readme-ov-file#environment-variables\n    SOCKET_CLI_API_TOKEN:\n      envAsString(env['SOCKET_CLI_API_TOKEN']) ||\n      envAsString(env['SOCKET_CLI_API_KEY']) ||\n      envAsString(env['SOCKET_SECURITY_API_TOKEN']) ||\n      envAsString(env['SOCKET_SECURITY_API_KEY']),\n    // A JSON stringified Socket configuration object.\n    SOCKET_CLI_CONFIG: envAsString(env['SOCKET_CLI_CONFIG']),\n    // The git config user.email used by Socket CLI.\n    SOCKET_CLI_GIT_USER_EMAIL:\n      envAsString(env['SOCKET_CLI_GIT_USER_EMAIL']) ||\n      'github-actions[bot]@users.noreply.github.com',\n    // The git config user.name used by Socket CLI.\n    SOCKET_CLI_GIT_USER_NAME:\n      envAsString(env['SOCKET_CLI_GIT_USER_NAME']) ||\n      envAsString(env['SOCKET_CLI_GIT_USERNAME']) ||\n      'github-actions[bot]',\n    // A classic GitHub personal access token with the \"repo\" scope or a\n    // fine-grained access token with at least read/write permissions set for\n    // \"Contents\" and \"Pull Request\".\n    // https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens\n    SOCKET_CLI_GITHUB_TOKEN:\n      envAsString(env['SOCKET_CLI_GITHUB_TOKEN']) ||\n      envAsString(env['SOCKET_SECURITY_GITHUB_PAT']) ||\n      GITHUB_TOKEN,\n    // Make the default API token `undefined`.\n    SOCKET_CLI_NO_API_TOKEN: envAsBoolean(env['SOCKET_CLI_NO_API_TOKEN']),\n    // The absolute location of the npm directory.\n    SOCKET_CLI_NPM_PATH: envAsString(env['SOCKET_CLI_NPM_PATH']),\n    // Specify the Socket organization slug.\n    SOCKET_CLI_ORG_SLUG:\n      envAsString(env['SOCKET_CLI_ORG_SLUG']) ||\n      // Coana CLI accepts the SOCKET_ORG_SLUG environment variable.\n      envAsString(env['SOCKET_ORG_SLUG']),\n    // View all risks of a Socket wrapped npm/npx run.\n    SOCKET_CLI_VIEW_ALL_RISKS: envAsBoolean(env[SOCKET_CLI_VIEW_ALL_RISKS]),\n    // Specifies the type of terminal or terminal emulator being used by the process.\n    TERM: envAsString(env['TERM']),\n    // The location of the base directory on Linux and MacOS used to store\n    // user-specific data files, defaulting to $HOME/.local/share if not set or empty.\n    XDG_DATA_HOME: envAsString(env['XDG_DATA_HOME']),\n  })\n}\n\nconst lazyBashRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.bashrc')\n\nconst lazyBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'bin')\n\nconst lazyBinCliPath = () =>\n  // Lazily access constants.binPath.\n  path.join(constants.binPath, 'cli.js')\n\nconst lazyBlessedContribPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, 'blessed-contrib')\n\nconst lazyBlessedOptions = () =>\n  Object.freeze({\n    smartCSR: true,\n    // Lazily access constants.WIN32.\n    term: constants.WIN32 ? 'windows-ansi' : 'xterm',\n    useBCE: true,\n  })\n\nconst lazyBlessedPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, 'blessed')\n\nconst lazyCoanaBinPath = () =>\n  // Lazily access constants.coanaPath.\n  path.join(constants.coanaPath, 'cli.mjs')\n\nconst lazyCoanaPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, '@coana-tech/cli')\n\nconst lazyDistCliPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'cli.js')\n\nconst lazyDistPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'dist')\n\nconst lazyExternalPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'external')\n\nconst lazyGithubCachePath = () =>\n  // Lazily access constants.socketCachePath.\n  path.join(constants.socketCachePath, 'github')\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'instrument-with-sentry.js')\n\nconst lazyMinimumVersionByAgent = () =>\n  new Map([\n    // Bun >=1.1.39 supports the text-based lockfile.\n    // https://bun.sh/blog/bun-lock-text-lockfile\n    [BUN, '1.1.39'],\n    // The npm version bundled with Node 18.\n    // https://nodejs.org/en/about/previous-releases#looking-for-the-latest-release-of-a-version-branch\n    ['npm', '10.8.2'],\n    // 8.x is the earliest version to support Node 18.\n    // https://pnpm.io/installation#compatibility\n    // https://www.npmjs.com/package/pnpm?activeTab=versions\n    [PNPM, '8.15.7'],\n    // 4.x supports >= Node 18.12.0\n    // https://github.com/yarnpkg/berry/blob/%40yarnpkg/core/4.1.0/CHANGELOG.md#400\n    [YARN_BERRY, '4.0.0'],\n    // Latest 1.x.\n    // https://www.npmjs.com/package/yarn?activeTab=versions\n    [YARN_CLASSIC, '1.22.22'],\n    // vlt does not support overrides so we don't gate on it.\n    [VLT, '*'],\n  ])\n\nconst lazyNmBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'node_modules/.bin')\n\n// Redefine registryConstants.nodeHardenFlags to account for the\n// INLINED_SOCKET_CLI_SENTRY_BUILD environment variable.\nconst lazyNodeHardenFlags = () =>\n  Object.freeze(\n    // Lazily access constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD.\n    constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ||\n      // Lazily access constants.WIN32.\n      constants.WIN32\n      ? []\n      : // Harden Node security.\n        // https://nodejs.org/en/learn/getting-started/security-best-practices\n        [\n          '--disable-proto',\n          'throw',\n          // We have contributed the following patches to our dependencies to make\n          // Node's --frozen-intrinsics workable.\n          // √ https://github.com/SBoudrias/Inquirer.js/pull/1683\n          // √ https://github.com/pnpm/components/pull/23\n          '--frozen-intrinsics',\n          '--no-deprecation',\n        ],\n  )\n\nconst lazyNodeMemoryFlags = () => {\n  const {\n    getMaxOldSpaceSizeFlag,\n    getMaxSemiSpaceSizeFlag,\n  } = /*@__PURE__*/ require(\n    // Lazily access constants.rootPath.\n    path.join(constants.rootPath, 'dist/flags.js'),\n  )\n  return Object.freeze([\n    `--max-old-space-size=${getMaxOldSpaceSizeFlag()}`,\n    `--max-semi-space-size=${getMaxSemiSpaceSizeFlag()}`,\n  ])\n}\n\nconst lazyNpmCachePath = () => {\n  const {\n    spawnSync,\n  } = /*@__PURE__*/ require('@socketsecurity/registry/lib/spawn')\n  return spawnSync(\n    // Lazily access constants.npmExecPath.\n    constants.npmExecPath,\n    ['config', 'get', 'cache'],\n    getNpmStdioPipeOptions(),\n  ).stdout\n}\n\nconst lazyNpmGlobalPrefix = () => {\n  const {\n    spawnSync,\n  } = /*@__PURE__*/ require('@socketsecurity/registry/lib/spawn')\n  return spawnSync(\n    // Lazily access constants.npmExecPath.\n    constants.npmExecPath,\n    ['prefix', '-g'],\n    getNpmStdioPipeOptions(),\n  ).stdout\n}\n\nconst lazyNpmNmNodeGypPath = () =>\n  path.join(\n    // Lazily access constants.npmRealExecPath.\n    constants.npmRealExecPath,\n    '../../node_modules/node-gyp/bin/node-gyp.js',\n  )\n\nconst lazyProcessEnv = () =>\n  // Lazily access constants.ENV.\n  Object.setPrototypeOf(\n    Object.fromEntries(\n      Object.entries(constants.ENV).reduce(\n        (entries, entry) => {\n          const { 0: key, 1: value } = entry\n          if (key.startsWith('INLINED_SOCKET_CLI_')) {\n            return entries\n          }\n          if (typeof value === 'string') {\n            if (value) {\n              entries.push(entry as [string, string])\n            }\n          } else if (typeof value === 'boolean' && value) {\n            entries.push([key, '1'])\n          }\n          return entries\n        },\n        [] as Array<[string, string]>,\n      ),\n    ),\n    null,\n  )\n\nconst lazyRootPath = () => path.join(realpathSync.native(__dirname), '..')\n\nconst lazyShadowBinPath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, 'shadow-npm-bin')\n\nconst lazyShadowNpmBinPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'shadow-npm-bin.js')\n\nconst lazyShadowNpmInjectPath = () =>\n  // Lazily access constants.distPath.\n  path.join(constants.distPath, 'shadow-npm-inject.js')\n\nconst lazySocketAppDataPath = (): string | undefined => {\n  // Get the OS app data directory:\n  // - Win: %LOCALAPPDATA% or fail?\n  // - Mac: %XDG_DATA_HOME% or fallback to \"~/Library/Application Support/\"\n  // - Linux: %XDG_DATA_HOME% or fallback to \"~/.local/share/\"\n  // Note: LOCALAPPDATA is typically: C:\\Users\\USERNAME\\AppData\n  // Note: XDG stands for \"X Desktop Group\", nowadays \"freedesktop.org\"\n  //       On most systems that path is: $HOME/.local/share\n  // Then append `socket/settings`, so:\n  // - Win: %LOCALAPPDATA%\\socket\\settings or return undefined\n  // - Mac: %XDG_DATA_HOME%/socket/settings or \"~/Library/Application Support/socket/settings\"\n  // - Linux: %XDG_DATA_HOME%/socket/settings or \"~/.local/share/socket/settings\"\n\n  // Lazily access constants.WIN32.\n  const { WIN32 } = constants\n  let dataHome: string | undefined = WIN32\n    ? // Lazily access constants.ENV.LOCALAPPDATA\n      constants.ENV.LOCALAPPDATA\n    : // Lazily access constants.ENV.XDG_DATA_HOME\n      constants.ENV.XDG_DATA_HOME\n  if (!dataHome) {\n    if (WIN32) {\n      const logger = /*@__PURE__*/ require('@socketsecurity/registry/lib/logger')\n      logger.warn(`Missing %${LOCALAPPDATA}%`)\n    } else {\n      dataHome = path.join(\n        // Lazily access constants.homePath.\n        constants.homePath,\n        // Lazily access constants.DARWIN.\n        constants.DARWIN ? 'Library/Application Support' : '.local/share',\n      )\n    }\n  }\n  return dataHome ? path.join(dataHome, 'socket/settings') : undefined\n}\n\nconst lazySocketCachePath = () =>\n  // Lazily access constants.rootPath.\n  path.join(constants.rootPath, '.cache')\n\nconst lazySocketRegistryPath = () =>\n  // Lazily access constants.externalPath.\n  path.join(constants.externalPath, '@socketsecurity/registry')\n\nconst lazyZshRcPath = () =>\n  // Lazily access constants.homePath.\n  path.join(constants.homePath, '.zshrc')\n\nconst constants: Constants = createConstantsObject(\n  {\n    ...registryConstantsAttribs.props,\n    ALERT_TYPE_CRITICAL_CVE,\n    ALERT_TYPE_CVE,\n    ALERT_TYPE_MEDIUM_CVE,\n    ALERT_TYPE_MILD_CVE,\n    API_V0_URL,\n    BINARY_LOCK_EXT,\n    BUN,\n    DOT_SOCKET_DOT_FACTS_JSON,\n    DRY_RUN_LABEL,\n    DRY_RUN_BAILING_NOW,\n    DRY_RUN_NOT_SAVING,\n    ENV: undefined,\n    LOCK_EXT,\n    NPM_BUGGY_OVERRIDES_PATCHED_VERSION,\n    NPM_REGISTRY_URL,\n    PNPM,\n    REDACTED,\n    SOCKET_CLI_ACCEPT_RISKS,\n    SOCKET_CLI_BIN_NAME,\n    SOCKET_CLI_FIX,\n    SOCKET_CLI_ISSUES_URL,\n    SOCKET_CLI_OPTIMIZE,\n    SOCKET_CLI_SAFE_BIN,\n    SOCKET_CLI_SAFE_PROGRESS,\n    SOCKET_CLI_VIEW_ALL_RISKS,\n    SOCKET_DEFAULT_BRANCH,\n    SOCKET_DEFAULT_REPOSITORY,\n    SOCKET_WEBSITE_URL,\n    VLT,\n    YARN,\n    YARN_BERRY,\n    YARN_CLASSIC,\n    YARN_LOCK,\n    bashRcPath: undefined,\n    binPath: undefined,\n    binCliPath: undefined,\n    blessedContribPath: undefined,\n    blessedOptions: undefined,\n    blessedPath: undefined,\n    coanaBinPath: undefined,\n    coanaPath: undefined,\n    distCliPath: undefined,\n    distPath: undefined,\n    externalPath: undefined,\n    githubCachePath: undefined,\n    homePath: undefined,\n    instrumentWithSentryPath: undefined,\n    minimumVersionByAgent: undefined,\n    nmBinPath: undefined,\n    nodeHardenFlags: undefined,\n    nodeMemoryFlags: undefined,\n    npmCachePath: undefined,\n    npmGlobalPrefix: undefined,\n    npmNmNodeGypPath: undefined,\n    processEnv: undefined,\n    rootPath: undefined,\n    shadowBinPath: undefined,\n    shadowNpmInjectPath: undefined,\n    shadowNpmBinPath: undefined,\n    socketAppDataPath: undefined,\n    socketCachePath: undefined,\n    socketRegistryPath: undefined,\n    zshRcPath: undefined,\n  },\n  {\n    getters: {\n      ...registryConstantsAttribs.getters,\n      ENV: LAZY_ENV,\n      bashRcPath: lazyBashRcPath,\n      binCliPath: lazyBinCliPath,\n      binPath: lazyBinPath,\n      blessedContribPath: lazyBlessedContribPath,\n      blessedOptions: lazyBlessedOptions,\n      blessedPath: lazyBlessedPath,\n      coanaBinPath: lazyCoanaBinPath,\n      coanaPath: lazyCoanaPath,\n      distCliPath: lazyDistCliPath,\n      distPath: lazyDistPath,\n      externalPath: lazyExternalPath,\n      githubCachePath: lazyGithubCachePath,\n      homePath: lazyHomePath,\n      instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n      minimumVersionByAgent: lazyMinimumVersionByAgent,\n      nmBinPath: lazyNmBinPath,\n      nodeHardenFlags: lazyNodeHardenFlags,\n      nodeMemoryFlags: lazyNodeMemoryFlags,\n      npmCachePath: lazyNpmCachePath,\n      npmGlobalPrefix: lazyNpmGlobalPrefix,\n      npmNmNodeGypPath: lazyNpmNmNodeGypPath,\n      processEnv: lazyProcessEnv,\n      rootPath: lazyRootPath,\n      shadowBinPath: lazyShadowBinPath,\n      shadowNpmBinPath: lazyShadowNpmBinPath,\n      shadowNpmInjectPath: lazyShadowNpmInjectPath,\n      socketAppDataPath: lazySocketAppDataPath,\n      socketCachePath: lazySocketCachePath,\n      socketRegistryPath: lazySocketRegistryPath,\n      zshRcPath: lazyZshRcPath,\n    },\n    internals: {\n      ...registryConstantsAttribs.internals,\n      getIpc,\n      getSentry() {\n        return _Sentry\n      },\n      setSentry(Sentry: Sentry): boolean {\n        if (_Sentry === undefined) {\n          _Sentry = Sentry\n          return true\n        }\n        return false\n      },\n    },\n  },\n) as Constants\n\nexport default constants\n"],"names":["attributes","getIpc","_npmStdioPipeOptions","cwd","env","envAsString","getConfigValueOrUndef","__proto__","DISABLE_GITHUB_CACHE","GITHUB_BASE_REF","GITHUB_REF_NAME","GITHUB_REF_TYPE","GITHUB_REPOSITORY","LOCALAPPDATA","constants","NODE_EXTRA_CA_CERTS","PATH","SOCKET_CLI_ACCEPT_RISKS","SOCKET_CLI_API_PROXY","SOCKET_CLI_API_TOKEN","SOCKET_CLI_CONFIG","SOCKET_CLI_GIT_USER_NAME","SOCKET_CLI_GITHUB_TOKEN","SOCKET_CLI_NO_API_TOKEN","SOCKET_CLI_NPM_PATH","SOCKET_CLI_ORG_SLUG","SOCKET_CLI_VIEW_ALL_RISKS","TERM","XDG_DATA_HOME","path","smartCSR","term","useBCE","getMaxSemiSpaceSizeFlag","spawnSync","Object","entries","WIN32","logger","ENV","bashRcPath","binPath","binCliPath","blessedContribPath","blessedOptions","blessedPath","coanaBinPath","coanaPath","distCliPath","distPath","externalPath","githubCachePath","homePath","instrumentWithSentryPath","minimumVersionByAgent","nmBinPath","nodeHardenFlags","nodeMemoryFlags","npmCachePath","npmGlobalPrefix","npmNmNodeGypPath","processEnv","rootPath","shadowBinPath","shadowNpmInjectPath","shadowNpmBinPath","socketAppDataPath","socketCachePath","socketRegistryPath","zshRcPath","getters","internals","getSentry","_Sentry"],"mappings":";;;;;;;;;;AAYA;AACA;AACA;AACA;AACA;AACA;AAEA;;AAEE;AACEA;;AAEAC;AACF;AACF;AAqJA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACA;;AAEIC;AACEC;AACA;;;AAGJ;AACA;AACF;AAEA;;AACUC;AAAI;;;AAGVC;AACF;;AACQC;;AACN;;;AAIF;AACA;;AAEEC;AACA;;AAEA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;AACAC;AACA;AACA;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;AACAC;AACA;AACA;;AAGA;AACA;AACA;AACA;;AAEA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;;AAIA;AACA;AACA;AACAC;AACA;AACA;;AAEE;AACAC;AACI;;AAGN;AACA;AACA;AACA;AACAC;AAEE;AACA;AACAV;AACF;AACA;AACA;AACAW;AACA;AACAC;AACA;AACA;;AAMA;AACA;AACAC;AAGE;AACA;AACAb;AAIF;AACA;AACAc;AAKA;AACAC;AACA;;AAIA;AACAC;AAIA;AACA;AACA;AACA;AACAC;AAIA;AACAC;AACA;AACAC;AACA;AACAC;AAEE;AACApB;AACF;AACAqB;AACA;AACAC;AACA;AACA;AACAC;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEIC;AACA;AACAC;AACAC;AACF;AAEF;AACE;AACAH;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AAEI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAGJ;AACE;AACAA;;AAEF;AACA;AACA;AAEI;AACAf;AACE;AACAA;AAEE;AACA;AACA;AAGE;AACA;AACA;AACA;AACA;AAKV;;;AAGImB;;AAEA;;AAGF;AAIF;AAEA;;AAEIC;AACF;AACA;AACE;AACApB;AAIJ;AAEA;;AAEIoB;AACF;AACA;AACE;AACApB;AAIJ;AAEA;AAEI;AACAA;AAIJ;AACE;AACAqB;;AAIgB;AAAQ;AAAS;AACzB;AACE;AACF;AACA;AACE;AACEC;AACF;;;AAGF;AACA;AACF;AAOR;AAEA;AACE;AACAP;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AACQQ;AAAM;;AAEV;;AAEA;;;AAGF;AACE;AACAC;AACF;;AAEI;AACAxB;AACA;AACAA;AAEJ;AACF;;AAEF;AAEA;AACE;AACAe;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;;;;;;;;;;;;;AAcIU;;;;;;;;;;;;;;;;;;;;;;AAsBAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;;AAEE/B;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;;AAEFE;;;AAGEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;AACF;AACF;;","debugId":"3671fe5b-04dc-47f0-a223-21d1f9db2046"}

package/dist/utils.js

@@ -845,12 +845,18 @@ function getHelpListOutput(list, options) {
   const names = Object.keys(list).sort(sorts.naturalCompare);
   for (const name of names) {
     const entry = list[name];
-    if (entry && 'hidden' in entry && entry?.hidden) {
+    const entryIsObj = require$$7.isObject(entry);
+    if (entryIsObj && 'hidden' in entry && entry?.hidden) {
       continue;
     }
-    const description = (require$$7.isObject(entry) ? entry.description : entry) || '';
     const printedName = keyPrefix + camelToKebab(name);
-    result += ''.padEnd(indent) + printedName.padEnd(Math.max(printedName.length + 2, padName)) + description + '\n';
+    const preDescription = `${''.padEnd(indent)}${printedName.padEnd(Math.max(printedName.length + 2, padName))}`;
+    result += preDescription;
+    const description = entryIsObj ? entry.description : String(entry);
+    if (description) {
+      result += strings.indentString(description, preDescription.length).trimStart();
+    }
+    result += '\n';
   }
   return result.trim() || '(none)';
 }
@@ -861,6 +867,20 @@ function tildify(cwd) {
   return cwd.replace(new RegExp(`^${regexps.escapeRegExp(constants.homePath)}(?:${path.sep}|$)`, 'i'), '~/');
 }
 
+// Property names are picked such that the name is at the top when the props
+// get ordered by alphabet while flags is near the bottom and the help text
+// at the bottom, because they tend ot occupy the most lines of code.
+
+const HELP_INDENT = 2;
+const HELP_PAD_NAME = 28;
+function description(command) {
+  const description = command?.description;
+  const str = typeof description === 'string' ? description : String(description);
+  return strings.indentString(str, HELP_PAD_NAME).trimStart();
+}
+function trimNewlines(str) {
+  return str.replace(/^\n+|\n+$/g, '');
+}
 async function meowWithSubcommands(subcommands, options) {
   const {
     aliases = {},
@@ -988,7 +1008,8 @@ async function meowWithSubcommands(subcommands, options) {
   }
   if (configOverrideResult?.ok === false) {
     emitBanner(name, orgFlag);
-    logger.logger.error(''); // spacing in stderr
+    // Add newline in stderr.
+    logger.logger.error('');
     logger.logger.fail(configOverrideResult.message);
     process.exitCode = 2;
     return;
@@ -1008,25 +1029,12 @@ async function meowWithSubcommands(subcommands, options) {
       });
     }
   }
-  const formatCommandsForHelp = isRootCommand => {
-    if (!isRootCommand) {
-      return getHelpListOutput({
-        ...require$$7.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
-          1: subcommand
-        }) => !subcommand.hidden))),
-        ...require$$7.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(({
-          1: alias
-        }) => {
-          const {
-            hidden
-          } = alias;
-          const cmdName = hidden ? '' : alias.argv[0];
-          const subcommand = cmdName ? subcommands[cmdName] : undefined;
-          return subcommand && !subcommand.hidden;
-        })))
-      });
-    }
-
+  const lines = ['', 'Usage', `  $ ${name} <command>`];
+  if (isRootCommand) {
+    lines.push(`  $ ${name} scan create --json`, `  $ ${name} package score npm lodash --markdown`);
+  }
+  lines.push('');
+  if (isRootCommand) {
     // "Bucket" some commands for easier usage.
     const commands = new Set(['analytics', 'audit-log', 'ci', 'cdxgen', 'config', 'deps', 'fix', 'install',
     //'json',
@@ -1046,27 +1054,40 @@ async function meowWithSubcommands(subcommands, options) {
       // test snapshots we use joinAnd.
       arrays.joinAnd(Array.from(commands).sort(sorts.naturalCompare).map(c => `'${c}'`)));
     }
-    return ['(Note: All commands have their own --help)', '', '    Main commands', ``, `      socket login                ${subcommands['login']?.description}`, `      socket scan create          Create a new Socket scan and report`, `      socket npm/lodash@4.17.21   Request the Socket score of a package`, `      socket ci                   ${subcommands['ci']?.description}`, ``, '    Socket API', '', `      analytics                   ${subcommands['analytics']?.description}`, `      audit-log                   ${subcommands['audit-log']?.description}`, `      organization                ${subcommands['organization']?.description}`, `      package                     ${subcommands['package']?.description}`, `      repository                  ${subcommands['repository']?.description}`, `      scan                        ${subcommands['scan']?.description}`, `      threat-feed                 ${subcommands['threat-feed']?.description}`, ``, '    Local tools', '', `      fix                         ${subcommands['fix']?.description}`, `      manifest                    ${subcommands['manifest']?.description}`, `      npm                         ${subcommands['npm']?.description}`, `      npx                         ${subcommands['npx']?.description}`, `      optimize                    ${subcommands['optimize']?.description}`, `      raw-npm                     ${subcommands['raw-npm']?.description}`, `      raw-npx                     ${subcommands['raw-npx']?.description}`, '', '    CLI configuration', '', `      config                      ${subcommands['config']?.description}`, `      install                     ${subcommands['install']?.description}`, `      login                       Socket API login and CLI setup`, `      logout                      ${subcommands['logout']?.description}`, `      uninstall                   ${subcommands['uninstall']?.description}`, `      wrapper                     ${subcommands['wrapper']?.description}`].join('\n');
-  };
-  const lines = ['', '    Usage', '', `      $ ${name} <command>`];
-  if (isRootCommand) {
-    lines.push(`      $ ${name} scan create --json`, `      $ ${name} package score npm lodash --markdown`);
-  }
-  lines.push('');
-  if (!isRootCommand) {
-    lines.push('    Commands', '');
+    lines.push('Note: All commands have their own --help', '', 'Main commands', `  socket login                ${description(subcommands['login'])}`, `  socket scan create          Create a new Socket scan and report`, `  socket npm/lodash@4.17.21   Request the Socket score of a package`, `  socket ci                   ${description(subcommands['ci'])}`, ``, 'Socket API', `  analytics                   ${description(subcommands['analytics'])}`, `  audit-log                   ${description(subcommands['audit-log'])}`, `  organization                ${description(subcommands['organization'])}`, `  package                     ${description(subcommands['package'])}`, `  repository                  ${description(subcommands['repository'])}`, `  scan                        ${description(subcommands['scan'])}`, `  threat-feed                 ${description(subcommands['threat-feed'])}`, ``, 'Local tools', `  fix                         ${description(subcommands['fix'])}`, `  manifest                    ${description(subcommands['manifest'])}`, `  npm                         ${description(subcommands['npm'])}`, `  npx                         ${description(subcommands['npx'])}`, `  optimize                    ${description(subcommands['optimize'])}`, `  raw-npm                     ${description(subcommands['raw-npm'])}`, `  raw-npx                     ${description(subcommands['raw-npx'])}`, '', 'CLI configuration', `  config                      ${description(subcommands['config'])}`, `  install                     ${description(subcommands['install'])}`, `  login                       Socket API login and CLI setup`, `  logout                      ${description(subcommands['logout'])}`, `  uninstall                   ${description(subcommands['uninstall'])}`, `  wrapper                     ${description(subcommands['wrapper'])}`);
+  } else {
+    lines.push('Commands');
+    lines.push(`  ${getHelpListOutput({
+      ...require$$7.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
+        1: subcommand
+      }) => !subcommand.hidden))),
+      ...require$$7.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(({
+        1: alias
+      }) => {
+        const {
+          hidden
+        } = alias;
+        const cmdName = hidden ? '' : alias.argv[0];
+        const subcommand = cmdName ? subcommands[cmdName] : undefined;
+        return subcommand && !subcommand.hidden;
+      })))
+    }, {
+      indent: HELP_INDENT,
+      padName: HELP_PAD_NAME
+    })}`);
   }
-  lines.push(`      ${formatCommandsForHelp(isRootCommand)}`, '', '    Options');
+  lines.push('', 'Options');
   if (isRootCommand) {
-    lines.push('       (Note: All commands have these flags even when not displayed in their help)', '');
+    lines.push('  Note: All commands have these flags even when not displayed in their help', '');
   } else {
     lines.push('');
   }
-  lines.push(`      ${getFlagListOutput(flags$1, {
-    padName: 28
+  lines.push(`  ${getFlagListOutput(flags$1, {
+    indent: HELP_INDENT,
+    padName: HELP_PAD_NAME
   })}`);
   if (isRootCommand) {
-    lines.push('', '    Environment variables', '', '      SOCKET_CLI_ACCEPT_RISKS     Accept risks of a safe-npm or safe-npx run', '      SOCKET_CLI_API_TOKEN        Set the Socket API token', '      SOCKET_CLI_CONFIG           A JSON stringified Socket configuration object', '      SOCKET_CLI_GIT_USER_EMAIL   The git config `user.email` used by Socket CLI', `                                  ${vendor.yoctocolorsCjsExports.italic('Defaults:')} github-actions[bot]@users.noreply.github.com`, '      SOCKET_CLI_GIT_USER_NAME    The git config `user.name` used by Socket CLI', `                                  ${vendor.yoctocolorsCjsExports.italic('Defaults:')} github-actions[bot]`, `      SOCKET_CLI_GITHUB_TOKEN     A classic or fine-grained ${vendor.terminalLinkExports('GitHub personal access token', 'https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens')}`, `                                  ${vendor.yoctocolorsCjsExports.italic('Aliases:')} GITHUB_TOKEN`, '      SOCKET_CLI_NO_API_TOKEN     Make the default API token `undefined`', '      SOCKET_CLI_NPM_PATH         The absolute location of the npm directory', '      SOCKET_CLI_ORG_SLUG         Specify the Socket organization slug', '      SOCKET_CLI_VIEW_ALL_RISKS   View all risks of a safe-npm or safe-npx run', '', '    Environment variables for development', '', '      SOCKET_CLI_API_BASE_URL     Change the base URL for all API-calls', `                                  ${vendor.yoctocolorsCjsExports.italic('Defaults:')} The "apiBaseUrl" value of socket/settings local app data`, '                                  if present, else https://api.socket.dev/v0/', '      SOCKET_CLI_API_PROXY        Set the proxy all requests are routed through, e.g. if set to', `                                  ${vendor.terminalLinkExports('http://127.0.0.1:9090', 'https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries')} then all request are passed through that proxy`, `                                  ${vendor.yoctocolorsCjsExports.italic('Aliases:')} HTTPS_PROXY, https_proxy, HTTP_PROXY, and http_proxy`, '      SOCKET_CLI_DEBUG            Enable debug logging in Socket CLI', `      DEBUG                       Enable debug logging based on the ${vendor.terminalLinkExports('debug', 'https://socket.dev/npm/package/debug')} package`);
+    lines.push('', 'Environment variables', '  SOCKET_CLI_API_TOKEN        Set the Socket API token', '  SOCKET_CLI_CONFIG           A JSON stringified Socket configuration object', '  SOCKET_CLI_GIT_USER_EMAIL   The git config `user.email` used by Socket CLI', `                              ${vendor.yoctocolorsCjsExports.italic('Defaults:')} github-actions[bot]@users.noreply.github.com`, '  SOCKET_CLI_GIT_USER_NAME    The git config `user.name` used by Socket CLI', `                              ${vendor.yoctocolorsCjsExports.italic('Defaults:')} github-actions[bot]`, `  SOCKET_CLI_GITHUB_TOKEN     A classic or fine-grained ${vendor.terminalLinkExports('GitHub personal access token', 'https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens')}`, `                              ${vendor.yoctocolorsCjsExports.italic('Aliases:')} GITHUB_TOKEN`, '  SOCKET_CLI_NO_API_TOKEN     Make the default API token `undefined`', '  SOCKET_CLI_NPM_PATH         The absolute location of the npm directory', '  SOCKET_CLI_ORG_SLUG         Specify the Socket organization slug', '', '  SOCKET_CLI_ACCEPT_RISKS     Accept risks of a Socket wrapped npm/npx run', '  SOCKET_CLI_VIEW_ALL_RISKS   View all risks of a Socket wrapped npm/npx run', '', 'Environment variables for development', '  SOCKET_CLI_API_BASE_URL     Change the base URL for all API-calls', `                              ${vendor.yoctocolorsCjsExports.italic('Defaults:')} The "apiBaseUrl" value of socket/settings local app data`, '                              if present, else https://api.socket.dev/v0/', '  SOCKET_CLI_API_PROXY        Set the proxy all requests are routed through, e.g. if set to', `                              ${vendor.terminalLinkExports('http://127.0.0.1:9090', 'https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries')} then all request are passed through that proxy`, `                              ${vendor.yoctocolorsCjsExports.italic('Aliases:')} HTTPS_PROXY, https_proxy, HTTP_PROXY, and http_proxy`, '  SOCKET_CLI_DEBUG            Enable debug logging in Socket CLI', `  DEBUG                       Enable debug logging based on the ${vendor.terminalLinkExports('debug', 'https://socket.dev/npm/package/debug')} package`);
   }
 
   // Parse it again. Config overrides should now be applied (may affect help).
@@ -1085,7 +1106,7 @@ async function meowWithSubcommands(subcommands, options) {
     autoVersion: false,
     // We want to detect whether a bool flag is given at all.
     booleanDefault: undefined,
-    help: lines.join('\n')
+    help: lines.map(l => strings.indentString(l, HELP_INDENT)).join('\n')
   });
 
   // ...else we provide basic instructions and help.
@@ -1127,12 +1148,13 @@ function meowOrExit({
     collectUnknownFlags: true,
     description: config.description,
     flags: config.flags,
-    help: config.help(command, config),
+    help: trimNewlines(config.help(command, config)),
     importMeta
   });
   if (!cli.flags['nobanner']) {
     emitBanner(command, String(cli.flags['org'] || '') || undefined);
-    // Add spacing in stderr. meow.help adds a newline too so we do it here
+    // Add newline in stderr.
+    // Meow help adds a newline too so we do it here.
     logger.logger.error('');
   }
 
@@ -1149,7 +1171,7 @@ function meowOrExit({
   //     autoVersion: false,
   //     description: config.description,
   //     flags: config.flags,
-  //     help: config.help(command, config),
+  //     help: trimNewlines(config.help(command, config)),
   //     importMeta,
   //   })
   // }
@@ -1180,7 +1202,7 @@ function meowOrExit({
     autoHelp: false,
     autoVersion: false,
     description: config.description,
-    help: config.help(command, config),
+    help: trimNewlines(config.help(command, config)),
     importMeta,
     flags: config.flags
   });
@@ -1363,7 +1385,8 @@ async function determineOrgSlug(orgFlag, interactive, dryRun) {
     // ask from server
     logger.logger.warn('Unable to determine the target org. Trying to auto-discover it now...');
     logger.logger.info('Note: you can run `socket login` to set a default org. You can also override it with the --org flag.');
-    logger.logger.error(''); // spacing in stderr
+    // Add newline in stderr.
+    logger.logger.error('');
     if (dryRun) {
       logger.logger.fail('Skipping auto-discovery of org in dry-run mode');
     } else {
@@ -3856,5 +3879,5 @@ exports.tildify = tildify;
 exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=ec2e8ef0-0177-431b-8e50-81dd3b03fdee
+//# debugId=619636e9-83fa-428e-adf6-5923dee8d39b
 //# sourceMappingURL=utils.js.map