@socketsecurity/cli-with-sentry 1.0.96 → 1.0.97

package/dist/utils.js

@@ -3,8 +3,8 @@
 var vendor = require('./vendor.js');
 var logger = require('../external/@socketsecurity/registry/lib/logger');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
-var require$$6 = require('../external/@socketsecurity/registry/lib/debug');
-var require$$7 = require('../external/@socketsecurity/registry/lib/objects');
+var require$$8 = require('../external/@socketsecurity/registry/lib/debug');
+var require$$9 = require('../external/@socketsecurity/registry/lib/objects');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
 var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var sorts = require('../external/@socketsecurity/registry/lib/sorts');
@@ -94,14 +94,17 @@ function findSocketYmlSync(dir = process.cwd()) {
           path: ymlPath,
           parsed: vendor.configExports.parseSocketConfig(yml)
         };
-      } catch {
+      } catch (e) {
+        require$$8.debugDir('inspect', {
+          error: e
+        });
         throw new Error(`Found file but was unable to parse ${ymlPath}`);
       }
     }
     prevDir = dir;
     dir = path.join(dir, '..');
   }
-  return null;
+  return undefined;
 }
 function getConfigValue(key) {
   const localConfig = getConfigValues();
@@ -148,7 +151,7 @@ let _cachedConfig;
 // When using --config or SOCKET_CLI_CONFIG, do not persist the config.
 let _readOnlyConfig = false;
 function overrideCachedConfig(jsonConfig) {
-  require$$6.debugFn('notice', 'override: full config (not stored)');
+  require$$8.debugFn('notice', 'override: full config (not stored)');
   let config;
   try {
     config = JSON.parse(String(jsonConfig));
@@ -190,7 +193,7 @@ function overrideCachedConfig(jsonConfig) {
   };
 }
 function overrideConfigApiToken(apiToken) {
-  require$$6.debugFn('notice', 'override: Socket API token (not stored)');
+  require$$8.debugFn('notice', 'override: Socket API token (not stored)');
   // Set token to the local cached config and mark it read-only so it doesn't persist.
   _cachedConfig = {
     ...vendor.configExports,
@@ -282,39 +285,39 @@ function isUrl(value) {
 
 // This Socket API token should be stored globally for the duration of the CLI execution.
 let _defaultToken;
-function getDefaultToken() {
+function getDefaultApiToken() {
   // Lazily access constants.ENV.SOCKET_CLI_NO_API_TOKEN.
   if (constants.ENV.SOCKET_CLI_NO_API_TOKEN) {
     _defaultToken = undefined;
-  } else {
-    const key =
-    // Lazily access constants.ENV.SOCKET_CLI_API_TOKEN.
-    constants.ENV.SOCKET_CLI_API_TOKEN || getConfigValueOrUndef('apiToken') || _defaultToken;
-    _defaultToken = strings.isNonEmptyString(key) ? key : undefined;
+    return _defaultToken;
   }
+  const key =
+  // Lazily access constants.ENV.SOCKET_CLI_API_TOKEN.
+  constants.ENV.SOCKET_CLI_API_TOKEN || getConfigValueOrUndef('apiToken') || _defaultToken;
+  _defaultToken = strings.isNonEmptyString(key) ? key : undefined;
   return _defaultToken;
 }
-function getVisibleTokenPrefix() {
-  const apiToken = getDefaultToken();
-  return apiToken ? apiToken.slice(TOKEN_PREFIX_LENGTH, TOKEN_PREFIX_LENGTH + TOKEN_VISIBLE_LENGTH) : '';
-}
-function hasDefaultToken() {
-  return !!getDefaultToken();
-}
-function getPublicToken() {
-  return getDefaultToken() ||
+function getPublicApiToken() {
+  return getDefaultApiToken() ||
   // Lazily access constants.ENV.SOCKET_CLI_API_TOKEN.
   constants.ENV.SOCKET_CLI_API_TOKEN ||
   // Lazily access constants.SOCKET_PUBLIC_API_TOKEN.
   constants.SOCKET_PUBLIC_API_TOKEN;
 }
+function getVisibleTokenPrefix() {
+  const apiToken = getDefaultApiToken();
+  return apiToken ? apiToken.slice(TOKEN_PREFIX_LENGTH, TOKEN_PREFIX_LENGTH + TOKEN_VISIBLE_LENGTH) : '';
+}
+function hasDefaultApiToken() {
+  return !!getDefaultApiToken();
+}
 async function setupSdk(options) {
   const opts = {
     __proto__: null,
     ...options
   };
   let {
-    apiToken = getDefaultToken()
+    apiToken = getDefaultApiToken()
   } = opts;
   if (typeof apiToken !== 'string' && vendor.isInteractiveExports()) {
     apiToken = await prompts.password({
@@ -423,11 +426,11 @@ async function handleApiCall(value, options) {
     };
     if (desc) {
       logger.logger.fail(`An error was thrown while requesting ${desc}`);
-      require$$6.debugFn('error', `caught: ${desc} error`);
+      require$$8.debugFn('error', `caught: ${desc} error`);
     } else {
-      require$$6.debugFn('error', `caught: Socket API request error`);
+      require$$8.debugFn('error', `caught: Socket API request error`);
     }
-    require$$6.debugDir('inspect', {
+    require$$8.debugDir('inspect', {
       error: e,
       socketSdkErrorResult
     });
@@ -449,8 +452,8 @@ async function handleApiCall(value, options) {
         code: sdkResult.status
       }
     };
-    require$$6.debugFn('error', `fail:${desc ? ` ${desc}` : ''} bad response`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `fail:${desc ? ` ${desc}` : ''} bad response`);
+    require$$8.debugDir('inspect', {
       sdkResult
     });
     return socketSdkErrorResult;
@@ -468,8 +471,8 @@ async function handleApiCallNoSpinner(value, description) {
   } catch (e) {
     const message = `${e || NO_ERROR_MESSAGE}`;
     const reason = `${e || NO_ERROR_MESSAGE}`;
-    require$$6.debugFn('error', `caught: ${description} error`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: ${description} error`);
+    require$$8.debugDir('inspect', {
       error: e
     });
     return {
@@ -483,8 +486,8 @@ async function handleApiCallNoSpinner(value, description) {
   if (result.success === false) {
     const error = result;
     const message = `${error.error || NO_ERROR_MESSAGE}`;
-    require$$6.debugFn('error', `fail: ${description} bad response`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `fail: ${description} bad response`);
+    require$$8.debugDir('inspect', {
       error
     });
     return {
@@ -516,7 +519,7 @@ async function queryApi(path, apiToken) {
   });
 }
 async function queryApiSafeText(path, fetchSpinnerDesc) {
-  const apiToken = getDefaultToken();
+  const apiToken = getDefaultApiToken();
   if (!apiToken) {
     return {
       ok: false,
@@ -543,8 +546,8 @@ async function queryApiSafeText(path, fetchSpinnerDesc) {
       spinner.failAndStop(`An error was thrown while requesting ${fetchSpinnerDesc}.`);
     }
     const cause = e?.message;
-    require$$6.debugFn('error', 'caught: await queryApi() error');
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', 'caught: await queryApi() error');
+    require$$8.debugDir('inspect', {
       error: e
     });
     return {
@@ -570,8 +573,8 @@ async function queryApiSafeText(path, fetchSpinnerDesc) {
       data
     };
   } catch (e) {
-    require$$6.debugFn('error', 'caught: await result.text() error');
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', 'caught: await result.text() error');
+    require$$8.debugDir('inspect', {
       error: e
     });
     return {
@@ -600,7 +603,7 @@ async function queryApiSafeJson(path, fetchSpinnerDesc = '') {
   }
 }
 async function sendApiRequest(path, options) {
-  const apiToken = getDefaultToken();
+  const apiToken = getDefaultApiToken();
   if (!apiToken) {
     return {
       ok: false,
@@ -641,8 +644,8 @@ async function sendApiRequest(path, options) {
       spinner.failAndStop(`An error was thrown while requesting ${options.fetchSpinnerDesc}.`);
     }
     const cause = e?.message;
-    require$$6.debugFn('error', `caught: await fetch() ${options.method} error`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: await fetch() ${options.method} error`);
+    require$$8.debugDir('inspect', {
       error: e
     });
     return {
@@ -671,8 +674,8 @@ async function sendApiRequest(path, options) {
       data: data
     };
   } catch (e) {
-    require$$6.debugFn('error', 'caught: await result.json() error');
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', 'caught: await result.json() error');
+    require$$8.debugDir('inspect', {
       error: e
     });
     return {
@@ -781,9 +784,9 @@ cols) {
 // Serialize the final result object before printing it
 // All commands that support the --json flag should call this before printing
 function serializeResultJson(data) {
-  if (!require$$7.isObject(data)) {
+  if (!require$$9.isObject(data)) {
     process.exitCode = 1;
-    require$$6.debugFn('inspect', {
+    require$$8.debugFn('inspect', {
       data
     });
 
@@ -801,7 +804,7 @@ function serializeResultJson(data) {
     process.exitCode = 1;
     const message = 'There was a problem converting the data set to JSON. Please try again without --json';
     logger.logger.fail(message);
-    require$$6.debugDir('inspect', {
+    require$$8.debugDir('inspect', {
       error: e
     });
 
@@ -939,7 +942,7 @@ function getHelpListOutput(list, options) {
   const names = Object.keys(list).sort(sorts.naturalCompare);
   for (const name of names) {
     const entry = list[name];
-    const entryIsObj = require$$7.isObject(entry);
+    const entryIsObj = require$$9.isObject(entry);
     if (entryIsObj && 'hidden' in entry && entry?.hidden) {
       continue;
     }
@@ -1210,10 +1213,10 @@ async function meowWithSubcommands(subcommands, options) {
   } else {
     lines.push('Commands');
     lines.push(`  ${getHelpListOutput({
-      ...require$$7.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
+      ...require$$9.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
         1: subcommand
       }) => !subcommand.hidden))),
-      ...require$$7.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(({
+      ...require$$9.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(({
         1: alias
       }) => {
         const {
@@ -1333,7 +1336,7 @@ function meowOrExit({
   }
 
   // meow doesn't detect 'version' as an unknown flag, so we do the leg work here.
-  if (!require$$7.hasOwn(config.flags, 'version') && cli.flags['version']) {
+  if (!require$$9.hasOwn(config.flags, 'version') && cli.flags['version']) {
     // Use `console.error` here instead of `logger.error` to match meow behavior.
     console.error('Unknown flag\n--version');
     // eslint-disable-next-line n/no-process-exit
@@ -1567,7 +1570,7 @@ async function determineOrgSlug(orgFlag, interactive, dryRun) {
 async function getDefaultOrgSlug() {
   const defaultOrgResult = getConfigValueOrUndef('defaultOrg');
   if (defaultOrgResult) {
-    require$$6.debugFn('notice', 'use: org from "defaultOrg" value of socket/settings local app data', defaultOrgResult);
+    require$$8.debugFn('notice', 'use: org from "defaultOrg" value of socket/settings local app data', defaultOrgResult);
     return {
       ok: true,
       data: defaultOrgResult
@@ -1577,7 +1580,7 @@ async function getDefaultOrgSlug() {
   // Lazily access constants.ENV.SOCKET_CLI_ORG_SLUG.
   const envOrgSlug = constants.ENV.SOCKET_CLI_ORG_SLUG;
   if (envOrgSlug) {
-    require$$6.debugFn('notice', 'use: org from SOCKET_CLI_ORG_SLUG environment variable', envOrgSlug);
+    require$$8.debugFn('notice', 'use: org from SOCKET_CLI_ORG_SLUG environment variable', envOrgSlug);
     return {
       ok: true,
       data: envOrgSlug
@@ -1606,7 +1609,7 @@ async function getDefaultOrgSlug() {
       data: `Cannot determine the default organization for the API token. Unable to continue.`
     };
   }
-  require$$6.debugFn('notice', 'resolve: org from Socket API', slug);
+  require$$8.debugFn('notice', 'resolve: org from Socket API', slug);
   return {
     ok: true,
     message: 'Retrieved default org from server',
@@ -1659,21 +1662,21 @@ async function getBaseBranch(cwd = process.cwd()) {
 async function getRepoInfo(cwd = process.cwd()) {
   let info = null;
   const quotedCmd = '`git remote get-url origin`';
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     const remoteUrl = (await spawn.spawn('git', ['remote', 'get-url', 'origin'], {
       cwd
     })).stdout;
     info = parseGitRemoteUrl(remoteUrl);
     if (!info) {
-      require$$6.debugFn('error', 'git: unmatched git remote URL format');
-      require$$6.debugDir('inspect', {
+      require$$8.debugFn('error', 'git: unmatched git remote URL format');
+      require$$8.debugDir('inspect', {
         remoteUrl
       });
     }
   } catch (e) {
-    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$8.debugDir('inspect', {
       error: e
     });
   }
@@ -1689,19 +1692,19 @@ async function gitBranch(cwd = process.cwd()) {
     cwd
   };
   let quotedCmd = '`git symbolic-ref --short HEAD`';
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   // Try symbolic-ref first which returns the branch name or fails in a
   // detached HEAD state.
   try {
     const gitSymbolicRefResult = await spawn.spawn('git', ['symbolic-ref', '--short', 'HEAD'], stdioPipeOptions);
-    require$$6.debugDir('stdio', {
+    require$$8.debugDir('stdio', {
       gitSymbolicRefResult
     });
     return gitSymbolicRefResult.stdout;
   } catch (e) {
-    if (require$$6.isDebug('stdio')) {
-      require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-      require$$6.debugDir('inspect', {
+    if (require$$8.isDebug('stdio')) {
+      require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+      require$$8.debugDir('inspect', {
         error: e
       });
     }
@@ -1709,17 +1712,17 @@ async function gitBranch(cwd = process.cwd()) {
   // Fallback to using rev-parse to get the short commit hash in a
   // detached HEAD state.
   quotedCmd = '`git rev-parse --short HEAD`';
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     const gitRevParseResult = await spawn.spawn('git', ['rev-parse', '--short', 'HEAD'], stdioPipeOptions);
-    require$$6.debugDir('stdio', {
+    require$$8.debugDir('stdio', {
       gitRevParseResult
     });
     return gitRevParseResult.stdout;
   } catch (e) {
-    if (require$$6.isDebug('stdio')) {
-      require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-      require$$6.debugDir('inspect', {
+    if (require$$8.isDebug('stdio')) {
+      require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+      require$$8.debugDir('inspect', {
         error: e
       });
     }
@@ -1752,16 +1755,16 @@ async function detectDefaultBranch(cwd = process.cwd()) {
 async function gitCleanFdx(cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$8.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = '`git clean -fdx`';
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     await spawn.spawn('git', ['clean', '-fdx'], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$8.debugDir('inspect', {
       error: e
     });
   }
@@ -1770,16 +1773,16 @@ async function gitCleanFdx(cwd = process.cwd()) {
 async function gitCheckoutBranch(branch, cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$8.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git checkout ${branch}\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     await spawn.spawn('git', ['checkout', branch], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$8.debugDir('inspect', {
       error: e
     });
   }
@@ -1791,16 +1794,16 @@ async function gitCreateBranch(branch, cwd = process.cwd()) {
   }
   const stdioIgnoreOptions = {
     cwd,
-    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$8.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git branch ${branch}\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     await spawn.spawn('git', ['branch', branch], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$8.debugDir('inspect', {
       error: e
     });
   }
@@ -1809,19 +1812,19 @@ async function gitCreateBranch(branch, cwd = process.cwd()) {
 async function gitPushBranch(branch, cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$8.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git push --force --set-upstream origin ${branch}\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     await spawn.spawn('git', ['push', '--force', '--set-upstream', 'origin', branch], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
     if (spawn.isSpawnError(e) && e.code === 128) {
-      require$$6.debugFn('error', "denied: token requires write permissions for 'contents' and 'pull-requests'");
+      require$$8.debugFn('error', "denied: token requires write permissions for 'contents' and 'pull-requests'");
     }
-    require$$6.debugDir('inspect', {
+    require$$8.debugDir('inspect', {
       error: e
     });
   }
@@ -1829,7 +1832,7 @@ async function gitPushBranch(branch, cwd = process.cwd()) {
 }
 async function gitCommit(commitMsg, filepaths, options) {
   if (!filepaths.length) {
-    require$$6.debugFn('notice', `miss: no filepaths to add`);
+    require$$8.debugFn('notice', `miss: no filepaths to add`);
     return false;
   }
   const {
@@ -1845,26 +1848,26 @@ async function gitCommit(commitMsg, filepaths, options) {
   await gitEnsureIdentity(user, email, cwd);
   const stdioIgnoreOptions = {
     cwd,
-    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$8.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedAddCmd = `\`git add ${filepaths.join(' ')}\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedAddCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedAddCmd}`);
   try {
     await spawn.spawn('git', ['add', ...filepaths], stdioIgnoreOptions);
   } catch (e) {
-    require$$6.debugFn('error', `caught: ${quotedAddCmd} failed`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: ${quotedAddCmd} failed`);
+    require$$8.debugDir('inspect', {
       error: e
     });
   }
   const quotedCommitCmd = `\`git commit -m ${commitMsg}\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedCommitCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCommitCmd}`);
   try {
     await spawn.spawn('git', ['commit', '-m', commitMsg], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    require$$6.debugFn('error', `caught: ${quotedCommitCmd} failed`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: ${quotedCommitCmd} failed`);
+    require$$8.debugDir('inspect', {
       error: e
     });
   }
@@ -1873,18 +1876,18 @@ async function gitCommit(commitMsg, filepaths, options) {
 async function gitDeleteBranch(branch, cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$8.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git branch -D ${branch}\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     // Will throw with exit code 1 if branch does not exist.
     await spawn.spawn('git', ['branch', '-D', branch], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    if (require$$6.isDebug('stdio')) {
-      require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-      require$$6.debugDir('inspect', {
+    if (require$$8.isDebug('stdio')) {
+      require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+      require$$8.debugDir('inspect', {
         error: e
       });
     }
@@ -1903,18 +1906,18 @@ async function gitEnsureIdentity(name, email, cwd = process.cwd()) {
     let configValue;
     {
       const quotedCmd = `\`git config --get ${prop}\``;
-      require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+      require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
       try {
         // Will throw with exit code 1 if the config property is not set.
         const gitConfigResult = await spawn.spawn('git', ['config', '--get', prop], stdioPipeOptions);
-        require$$6.debugDir('stdio', {
+        require$$8.debugDir('stdio', {
           gitConfigResult
         });
         configValue = gitConfigResult.stdout;
       } catch (e) {
-        if (require$$6.isDebug('stdio')) {
-          require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-          require$$6.debugDir('inspect', {
+        if (require$$8.isDebug('stdio')) {
+          require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+          require$$8.debugDir('inspect', {
             error: e
           });
         }
@@ -1923,16 +1926,16 @@ async function gitEnsureIdentity(name, email, cwd = process.cwd()) {
     if (configValue !== value) {
       const stdioIgnoreOptions = {
         cwd,
-        stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
+        stdio: require$$8.isDebug('stdio') ? 'inherit' : 'ignore'
       };
       const quotedCmd = `\`git config ${prop} ${value}\``;
-      require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+      require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
       try {
         await spawn.spawn('git', ['config', prop, value], stdioIgnoreOptions);
       } catch (e) {
-        if (require$$6.isDebug('stdio')) {
-          require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-          require$$6.debugDir('inspect', {
+        if (require$$8.isDebug('stdio')) {
+          require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+          require$$8.debugDir('inspect', {
             error: e
           });
         }
@@ -1943,18 +1946,18 @@ async function gitEnsureIdentity(name, email, cwd = process.cwd()) {
 async function gitLocalBranchExists(branch, cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$8.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git show-ref --quiet refs/heads/${branch}\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     // Will throw with exit code 1 if the branch does not exist.
     await spawn.spawn('git', ['show-ref', '--quiet', `refs/heads/${branch}`], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    if (require$$6.isDebug('stdio')) {
-      require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-      require$$6.debugDir('inspect', {
+    if (require$$8.isDebug('stdio')) {
+      require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+      require$$8.debugDir('inspect', {
         error: e
       });
     }
@@ -1966,17 +1969,17 @@ async function gitRemoteBranchExists(branch, cwd = process.cwd()) {
     cwd
   };
   const quotedCmd = `\`git ls-remote --heads origin ${branch}\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     const lsRemoteResult = await spawn.spawn('git', ['ls-remote', '--heads', 'origin', branch], stdioPipeOptions);
-    require$$6.debugDir('stdio', {
+    require$$8.debugDir('stdio', {
       lsRemoteResult
     });
     return lsRemoteResult.stdout.length > 0;
   } catch (e) {
-    if (require$$6.isDebug('stdio')) {
-      require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-      require$$6.debugDir('inspect', {
+    if (require$$8.isDebug('stdio')) {
+      require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+      require$$8.debugDir('inspect', {
         error: e
       });
     }
@@ -1992,16 +1995,16 @@ async function gitResetAndClean(branch = 'HEAD', cwd = process.cwd()) {
 async function gitResetHard(branch = 'HEAD', cwd = process.cwd()) {
   const stdioIgnoreOptions = {
     cwd,
-    stdio: require$$6.isDebug('stdio') ? 'inherit' : 'ignore'
+    stdio: require$$8.isDebug('stdio') ? 'inherit' : 'ignore'
   };
   const quotedCmd = `\`git reset --hard ${branch}\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     await spawn.spawn('git', ['reset', '--hard', branch], stdioIgnoreOptions);
     return true;
   } catch (e) {
-    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$8.debugDir('inspect', {
       error: e
     });
   }
@@ -2012,10 +2015,10 @@ async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
     cwd
   };
   const quotedCmd = `\`git diff --name-only\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     const gitDiffResult = await spawn.spawn('git', ['diff', '--name-only'], stdioPipeOptions);
-    require$$6.debugDir('stdio', {
+    require$$8.debugDir('stdio', {
       gitDiffResult
     });
     const changedFilesDetails = gitDiffResult.stdout;
@@ -2025,8 +2028,8 @@ async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
       data: relPaths.map(p => path$1.normalizePath(p))
     };
   } catch (e) {
-    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$8.debugDir('inspect', {
       error: e
     });
     return {
@@ -2112,10 +2115,10 @@ function mapToObject(map) {
 function* walkNestedMap(map, keys = []) {
   for (const [key, value] of map.entries()) {
     if (value instanceof Map) {
-      yield* walkNestedMap(value, keys.concat(key));
+      yield* walkNestedMap(value, [...keys, key]);
     } else {
       yield {
-        keys: keys.concat(key),
+        keys: [...keys, key],
         value: value
       };
     }
@@ -2140,7 +2143,7 @@ async function spawnCoana(args, orgSlug, options, extra) {
     // Lazily access constants.ENV.INLINED_SOCKET_CLI_VERSION.
     SOCKET_CLI_VERSION: constants.ENV.INLINED_SOCKET_CLI_VERSION
   };
-  const defaultApiToken = getDefaultToken();
+  const defaultApiToken = getDefaultApiToken();
   if (defaultApiToken) {
     mixinsEnv['SOCKET_CLI_API_TOKEN'] = defaultApiToken;
   }
@@ -2512,7 +2515,7 @@ function getDefaultSocketJson() {
 function readSocketJsonSync(cwd, defaultOnError = false) {
   const sockJsonPath = path.join(cwd, 'socket.json');
   if (!fs$1.existsSync(sockJsonPath)) {
-    require$$6.debugFn('notice', `miss: socket.json not found at ${cwd}`);
+    require$$8.debugFn('notice', `miss: socket.json not found at ${cwd}`);
     return {
       ok: true,
       data: getDefaultSocketJson()
@@ -2524,7 +2527,7 @@ function readSocketJsonSync(cwd, defaultOnError = false) {
   } catch (e) {
     if (defaultOnError) {
       logger.logger.warn('Failed to read socket.json, using default');
-      require$$6.debugDir('inspect', {
+      require$$8.debugDir('inspect', {
         error: e
       });
       return {
@@ -2533,7 +2536,7 @@ function readSocketJsonSync(cwd, defaultOnError = false) {
       };
     }
     const msg = e?.message;
-    require$$6.debugDir('inspect', {
+    require$$8.debugDir('inspect', {
       error: e
     });
     return {
@@ -2546,8 +2549,8 @@ function readSocketJsonSync(cwd, defaultOnError = false) {
   try {
     obj = JSON.parse(json);
   } catch (e) {
-    require$$6.debugFn('error', 'caught: JSON.parse error');
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', 'caught: JSON.parse error');
+    require$$8.debugDir('inspect', {
       error: e,
       json
     });
@@ -2584,8 +2587,8 @@ async function writeSocketJson(cwd, sockJson) {
   try {
     json = JSON.stringify(sockJson, null, 2);
   } catch (e) {
-    require$$6.debugFn('error', 'caught: JSON.stringify error');
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', 'caught: JSON.stringify error');
+    require$$8.debugDir('inspect', {
       error: e,
       sockJson
     });
@@ -2759,6 +2762,20 @@ class ColorOrMarkdown {
   }
 }
 
+function toFilterConfig(obj) {
+  const normalized = {
+    __proto__: null
+  };
+  const keys = require$$9.isObject(obj) ? Object.keys(obj) : [];
+  for (const key of keys) {
+    const value = obj[key];
+    if (typeof value === 'boolean' || Array.isArray(value)) {
+      normalized[key] = value;
+    }
+  }
+  return normalized;
+}
+
 const RangeStyles = ['caret', 'gt', 'gte', 'lt', 'lte', 'pin', 'preserve', 'tilde'];
 function applyRange(refRange, version, style = 'preserve') {
   switch (style) {
@@ -2889,33 +2906,28 @@ async function addArtifactToAlertsMap(artifact, alertsByPurl, options) {
   if (!artifact.name || !artifact.version || !artifact.alerts?.length) {
     return alertsByPurl;
   }
+  const {
+    type: ecosystem,
+    version
+  } = artifact;
   const {
     consolidate = false,
-    include: _include,
-    overrides
+    overrides,
+    socketYml
   } = {
     __proto__: null,
     ...options
   };
-  const socketYml = findSocketYmlSync();
-  const localRules = socketYml?.parsed.issueRules;
-  const include = {
-    __proto__: null,
+  const name = packages.resolvePackageName(artifact);
+  const filterConfig = toFilterConfig({
     blocked: true,
     critical: true,
     cve: true,
-    unfixable: true,
-    upgradable: false,
-    ..._include
-  };
-  const name = packages.resolvePackageName(artifact);
-  const {
-    type: ecosystem,
-    version
-  } = artifact;
+    ...require$$9.getOwn(options, 'filter')
+  });
   const enabledState = {
     __proto__: null,
-    ...localRules
+    ...socketYml?.issueRules
   };
   let sockPkgAlerts = [];
   for (const alert of artifact.alerts) {
@@ -2931,8 +2943,8 @@ async function addArtifactToAlertsMap(artifact, alertsByPurl, options) {
     const fixableCve = fixType === ALERT_FIX_TYPE.cve;
     const fixableUpgrade = fixType === ALERT_FIX_TYPE.upgrade;
     const fixable = fixableCve || fixableUpgrade;
-    const upgradable = fixableUpgrade && !require$$7.hasOwn(overrides, name);
-    if (include.blocked && blocked || include.critical && critical || include.cve && cve || include.unfixable && !fixable || include.upgradable && upgradable) {
+    const upgradable = fixableUpgrade && !require$$9.hasOwn(overrides, name);
+    if (filterConfig.blocked && blocked || filterConfig.critical && critical || filterConfig.cve && cve || filterConfig.fixable && fixable || filterConfig.upgradable && upgradable) {
       sockPkgAlerts.push({
         name,
         version,
@@ -3024,16 +3036,7 @@ function getAlertsSeverityOrder(alerts) {
   return alertsHaveBlocked(alerts) || alertsHaveSeverity(alerts, ALERT_SEVERITY.critical) ? 0 : alertsHaveSeverity(alerts, ALERT_SEVERITY.high) ? 1 : alertsHaveSeverity(alerts, ALERT_SEVERITY.middle) ? 2 : alertsHaveSeverity(alerts, ALERT_SEVERITY.low) ? 3 : 4;
 }
 function getCveInfoFromAlertsMap(alertsMap, options) {
-  const {
-    exclude: exclude_
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const exclude = {
-    __proto__: null,
-    ...exclude_
-  };
+  const filterConfig = toFilterConfig(require$$9.getOwn(options, 'filter'));
   let infoByPartialPurl = null;
   // eslint-disable-next-line no-unused-labels
   for (const {
@@ -3045,7 +3048,7 @@ function getCveInfoFromAlertsMap(alertsMap, options) {
     const name = packages.resolvePackageName(purlObj);
     sockPkgAlertsLoop: for (const sockPkgAlert of sockPkgAlerts) {
       const alert = sockPkgAlert.raw;
-      if (alert.fix?.type !== ALERT_FIX_TYPE.cve || exclude.upgradable && registry.getManifestData(sockPkgAlert.ecosystem, name)) {
+      if (alert.fix?.type !== ALERT_FIX_TYPE.cve || filterConfig.upgradable === false && registry.getManifestData(sockPkgAlert.ecosystem, name)) {
         continue sockPkgAlertsLoop;
       }
       if (!infoByPartialPurl) {
@@ -3080,8 +3083,8 @@ function getCveInfoFromAlertsMap(alertsMap, options) {
             error = e;
           }
         }
-        require$$6.debugFn('error', 'fail: invalid SocketPackageAlert');
-        require$$6.debugDir('inspect', {
+        require$$8.debugFn('error', 'fail: invalid SocketPackageAlert');
+        require$$8.debugDir('inspect', {
           alert,
           error
         });
@@ -3296,7 +3299,7 @@ function parsePnpmLockfile(lockfileContent) {
       result = vendor.jsYaml.load(strings.stripBom(lockfileContent));
     } catch {}
   }
-  return require$$7.isObjectObject(result) ? result : null;
+  return require$$9.isObjectObject(result) ? result : null;
 }
 function parsePnpmLockfileVersion(version) {
   try {
@@ -3321,28 +3324,8 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options) {
   });
 }
 async function getAlertsMapFromPurls(purls, options) {
-  const opts = {
-    __proto__: null,
-    consolidate: false,
-    include: undefined,
-    nothrow: false,
-    ...options
-  };
-  opts.include = {
-    __proto__: null,
-    // Leave 'actions' unassigned so it can be given a default value in
-    // subsequent functions where `options` is passed.
-    // actions: undefined,
-    blocked: true,
-    critical: true,
-    cve: true,
-    existing: false,
-    unfixable: true,
-    upgradable: false,
-    ...opts.include
-  };
   const uniqPurls = arrays.arrayUnique(purls);
-  require$$6.debugDir('silly', {
+  require$$8.debugDir('silly', {
     purls: uniqPurls
   });
   let {
@@ -3352,23 +3335,35 @@ async function getAlertsMapFromPurls(purls, options) {
   if (!remaining) {
     return alertsByPurl;
   }
+  const opts = {
+    __proto__: null,
+    consolidate: false,
+    nothrow: false,
+    ...options,
+    filter: toFilterConfig(require$$9.getOwn(options, 'filter'))
+  };
+  if (opts.onlyFixable) {
+    opts.filter.fixable = true;
+  }
   const {
     spinner
   } = opts;
   const getText = () => `Looking up data for ${remaining} packages`;
   spinner?.start(getText());
   const sockSdkCResult = await setupSdk({
-    apiToken: getPublicToken()
+    apiToken: getPublicApiToken()
   });
   if (!sockSdkCResult.ok) {
     spinner?.stop();
-    throw new Error('Auth error: Try to run `socket login` first');
+    throw new Error('Auth error: Run `socket login` first');
   }
   const sockSdk = sockSdkCResult.data;
+  const socketYml = findSocketYmlSync()?.parsed;
   const alertsMapOptions = {
     overrides: opts.overrides,
     consolidate: opts.consolidate,
-    include: opts.include,
+    filter: opts.filter,
+    socketYml,
     spinner
   };
   for await (const batchResult of sockSdk.batchPackageStream({
@@ -3379,24 +3374,28 @@ async function getAlertsMapFromPurls(purls, options) {
     queryParams: {
       alerts: 'true',
       compact: 'true',
-      ...(opts.include.actions ? {
-        actions: opts.include.actions.join(',')
+      ...(opts.onlyFixable ? {
+        fixable: 'true '
       } : {}),
-      ...(opts.include.unfixable ? {} : {
-        fixable: 'true'
-      })
+      ...(Array.isArray(opts.filter.actions) ? {
+        actions: opts.filter.actions.join(',')
+      } : {})
     }
   })) {
     if (batchResult.success) {
-      await addArtifactToAlertsMap(batchResult.data, alertsByPurl, alertsMapOptions);
+      const artifact = batchResult.data;
+      await addArtifactToAlertsMap(artifact, alertsByPurl, alertsMapOptions);
     } else if (!opts.nothrow) {
+      spinner?.stop();
+      if (strings.isNonEmptyString(batchResult.error)) {
+        throw new Error(batchResult.error);
+      }
       const statusCode = batchResult.status ?? 'unknown';
-      const statusMessage = batchResult.error ?? 'No status message';
-      throw new Error(`Socket API server error (${statusCode}): ${statusMessage}`);
+      throw new Error(`Socket API server error (${statusCode}): No status message`);
     } else {
       spinner?.stop();
       logger.logger.fail(`Received a ${batchResult.status} response from Socket API which we consider a permanent failure:`, batchResult.error, batchResult.cause ? `( ${batchResult.cause} )` : '');
-      require$$6.debugDir('inspect', {
+      require$$8.debugDir('inspect', {
         batchResult
       });
       break;
@@ -3508,7 +3507,7 @@ function safeNpmInstall(options) {
     ...options
   };
   let stdio = spawnOptions.stdio;
-  const useIpc = require$$7.isObject(ipc);
+  const useIpc = require$$9.isObject(ipc);
   // Include 'ipc' in the spawnOptions.stdio when an options.ipc object is provided.
   // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
   // and https://github.com/nodejs/node/blob/v23.6.0/lib/internal/child_process.js#L238.
@@ -3517,7 +3516,7 @@ function safeNpmInstall(options) {
   } else if (useIpc && Array.isArray(stdio) && !stdio.includes('ipc')) {
     stdio = stdio.concat('ipc');
   }
-  const useDebug = require$$6.isDebug('stdio');
+  const useDebug = require$$8.isDebug('stdio');
   const terminatorPos = args.indexOf('--');
   const rawBinArgs = terminatorPos === -1 ? args : args.slice(0, terminatorPos);
   const progressArg = rawBinArgs.findLast(npm.isNpmProgressFlag) !== '--no-progress';
@@ -3748,7 +3747,7 @@ async function getAgentExecPath(agent) {
 async function getAgentVersion(agent, agentExecPath, cwd) {
   let result;
   const quotedCmd = `\`${agent} --version\``;
-  require$$6.debugFn('stdio', `spawn: ${quotedCmd}`);
+  require$$8.debugFn('stdio', `spawn: ${quotedCmd}`);
   try {
     result =
     // Coerce version output into a valid semver version by passing it through
@@ -3762,8 +3761,8 @@ async function getAgentVersion(agent, agentExecPath, cwd) {
       shell: constants.WIN32
     })).stdout) ?? undefined;
   } catch (e) {
-    require$$6.debugFn('error', `caught: ${quotedCmd} failed`);
-    require$$6.debugDir('inspect', {
+    require$$8.debugFn('error', `caught: ${quotedCmd} failed`);
+    require$$8.debugDir('inspect', {
       error: e
     });
   }
@@ -4086,7 +4085,7 @@ function captureExceptionSync(exception, hint) {
   if (!Sentry) {
     return '';
   }
-  require$$6.debugFn('notice', 'send: exception to Sentry');
+  require$$8.debugFn('notice', 'send: exception to Sentry');
   return Sentry.captureException(exception, hint);
 }
 
@@ -4155,7 +4154,7 @@ exports.gitUnstagedModifiedFiles = gitUnstagedModifiedFiles;
 exports.globWorkspace = globWorkspace;
 exports.handleApiCall = handleApiCall;
 exports.handleApiCallNoSpinner = handleApiCallNoSpinner;
-exports.hasDefaultToken = hasDefaultToken;
+exports.hasDefaultApiToken = hasDefaultApiToken;
 exports.hasEnterpriseOrgPlan = hasEnterpriseOrgPlan;
 exports.idToNpmPurl = idToNpmPurl;
 exports.idToPurl = idToPurl;
@@ -4190,8 +4189,9 @@ exports.setupSdk = setupSdk;
 exports.spawnCoana = spawnCoana;
 exports.suggestOrgSlug = suggestOrgSlug;
 exports.tildify = tildify;
+exports.toFilterConfig = toFilterConfig;
 exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=5b3d9fc5-fd9d-410c-9fa5-fb1634dc1cb6
+//# debugId=398299e7-5ebf-41b6-8c6c-e7e2cae9cd1c
 //# sourceMappingURL=utils.js.map