@socketsecurity/cli-with-sentry 1.1.18 → 1.1.20

package/dist/cli.js

@@ -94,8 +94,10 @@ async function outputAnalytics(result, {
     if (filepath) {
       try {
         await fs.writeFile(filepath, serialized, 'utf8');
-        logger.logger.success(`Data successfully written to ${filepath}`);
+        utils.debugFileOp('write', filepath);
+        logger.logger.success(`Data successfully written to ${utils.fileLink(filepath)}`);
       } catch (e) {
+        utils.debugFileOp('write', filepath, e);
         process.exitCode = 1;
         logger.logger.log(utils.serializeResultJson({
           ok: false,
@@ -116,8 +118,10 @@ async function outputAnalytics(result, {
     if (filepath) {
       try {
         await fs.writeFile(filepath, serialized, 'utf8');
-        logger.logger.success(`Data successfully written to ${filepath}`);
+        utils.debugFileOp('write', filepath);
+        logger.logger.success(`Data successfully written to ${utils.fileLink(filepath)}`);
       } catch (e) {
+        utils.debugFileOp('write', filepath, e);
         logger.logger.error(e);
       }
     } else {
@@ -414,7 +418,7 @@ async function run$S(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -433,12 +437,12 @@ async function run$S(argv, importMeta, {
   }, {
     nook: true,
     test: !filepath || !!json || !!markdown,
-    message: 'The `--file` flag is only valid when using `--json` or `--markdown`',
+    message: `The \`--file\` flag is only valid when using \`${constants.FLAG_JSON}\` or \`${constants.FLAG_MARKDOWN}\``,
     fail: 'bad'
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   }, {
     nook: true,
@@ -612,11 +616,9 @@ ${table}
 `;
   } catch (e) {
     process.exitCode = 1;
-    logger.logger.fail('There was a problem converting the logs to Markdown, please try the `--json` flag');
-    require$$9.debugFn('error', 'caught: markdown conversion error');
-    require$$9.debugDir('inspect', {
-      error: e
-    });
+    logger.logger.fail(`There was a problem converting the logs to Markdown, please try the \`${constants.FLAG_JSON}\` flag`);
+    require$$9.debugFn('error', 'Markdown conversion failed');
+    require$$9.debugDir('error', e);
     return 'Failed to generate the markdown report';
   }
 }
@@ -791,7 +793,7 @@ async function run$R(argv, importMeta, {
       ${utils.getFlagApiRequirementsOutput(`${parentName}:${CMD_NAME$x}`)}
 
     This feature requires an Enterprise Plan. To learn more about getting access
-    to this feature and many more, please visit ${constants.default.SOCKET_WEBSITE_URL}/pricing
+    to this feature and many more, please visit the ${utils.webLink(`${constants.default.SOCKET_WEBSITE_URL}/pricing`, 'Socket pricing page')}.
 
     The type FILTER arg is an enum. Defaults to any. It should be one of these:
       associateLabel, cancelInvitation, changeMemberRole, changePlanSubscriptionSeats,
@@ -839,7 +841,7 @@ async function run$R(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -854,7 +856,7 @@ async function run$R(argv, importMeta, {
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   }, {
     nook: true,
@@ -1021,8 +1023,8 @@ async function fetchScanData(orgSlug, scanId, options) {
         return JSON.parse(line);
       } catch (e) {
         ok = false;
-        require$$9.debugFn('error', 'caught: JSON.parse error');
-        require$$9.debugDir('inspect', {
+        require$$9.debugFn('error', 'Failed to parse report data line as JSON');
+        require$$9.debugDir('error', {
           error: e,
           line
         });
@@ -1054,14 +1056,14 @@ async function fetchScanData(orgSlug, scanId, options) {
     return {
       ok: false,
       message: 'Socket API error',
-      cause: `Error requesting scan: ${e?.message || '(no error message found)'}${e?.cause ? ` (cause: ${e.cause})` : ''}`
+      cause: utils.formatErrorWithDetail('Error requesting scan', e) || 'Error requesting scan: (no error message found)'
     };
   }), fetchSecurityPolicy().catch(e => {
     updatePolicy('failure; unknown blocking error occurred');
     return {
       ok: false,
       message: 'Socket API error',
-      cause: `Error requesting policy: ${e?.message || '(no error message found)'}${e?.cause ? ` (cause: ${e.cause})` : ''}`
+      cause: utils.formatErrorWithDetail('Error requesting policy', e) || 'Error requesting policy: (no error message found)'
     };
   })]).finally(() => {
     finishedFetching = true;
@@ -2154,10 +2156,29 @@ async function handleCreateNewScan({
   targets,
   tmp
 }) {
+  require$$9.debugFn('notice', `Creating new scan for ${orgSlug}/${repoName}`);
+  require$$9.debugDir('inspect', {
+    autoManifest,
+    branchName,
+    commitHash,
+    defaultBranch,
+    interactive,
+    pendingHead,
+    pullRequest,
+    readOnly,
+    report,
+    reportLevel,
+    targets,
+    tmp
+  });
   if (autoManifest) {
     logger.logger.info('Auto-generating manifest files ...');
+    require$$9.debugFn('notice', 'Auto-manifest mode enabled');
     const sockJson = utils.readOrDefaultSocketJson(cwd);
     const detected = await detectManifestActions(sockJson, cwd);
+    require$$9.debugDir('inspect', {
+      detected
+    });
     await generateAutoManifest({
       detected,
       cwd,
@@ -2173,12 +2194,17 @@ async function handleCreateNewScan({
     spinner
   });
   if (!supportedFilesCResult.ok) {
+    require$$9.debugFn('warn', 'Failed to fetch supported scan file names');
+    require$$9.debugDir('inspect', {
+      supportedFilesCResult
+    });
     await outputCreateNewScan(supportedFilesCResult, {
       interactive,
       outputKind
     });
     return;
   }
+  require$$9.debugFn('notice', `Fetched ${supportedFilesCResult.data['size']} supported file types`);
   spinner.start('Searching for local files to include in scan...');
   const supportedFiles = supportedFilesCResult.data;
   const packagePaths = await utils.getPackageFilesForScan(targets, supportedFiles, {
@@ -2188,10 +2214,11 @@ async function handleCreateNewScan({
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: packagePaths.length > 0,
-    fail: `found no eligible files to scan. See supported manifest files at ${vendor.terminalLinkExports('docs.socket.dev', 'https://docs.socket.dev/docs/manifest-file-detection-in-socket')}`,
+    fail: `found no eligible files to scan. See supported manifest files at ${utils.socketDocsLink('/docs/manifest-file-detection-in-socket', 'docs.socket.dev')}`,
     message: 'TARGET (file/dir) must contain matching / supported file types for a scan'
   });
   if (!wasValidInput) {
+    require$$9.debugFn('warn', 'No eligible files found to scan');
     return;
   }
   logger.logger.success(`Found ${packagePaths.length} local ${words.pluralize('file', packagePaths.length)}`);
@@ -2200,6 +2227,7 @@ async function handleCreateNewScan({
   });
   if (readOnly) {
     logger.logger.log('[ReadOnly] Bailing now');
+    require$$9.debugFn('notice', 'Read-only mode, exiting early');
     return;
   }
   let scanPaths = packagePaths;
@@ -2209,6 +2237,10 @@ async function handleCreateNewScan({
   if (reach.runReachabilityAnalysis) {
     logger.logger.error('');
     logger.logger.info('Starting reachability analysis...');
+    require$$9.debugFn('notice', 'Reachability analysis enabled');
+    require$$9.debugDir('inspect', {
+      reachabilityOptions: reach
+    });
     spinner.start();
     const reachResult = await performReachabilityAnalysis({
       branchName,
@@ -2285,8 +2317,16 @@ async function handleCreateNewScan({
 }
 
 async function handleCi(autoManifest) {
+  require$$9.debugFn('notice', 'Starting CI scan');
+  require$$9.debugDir('inspect', {
+    autoManifest
+  });
   const orgSlugCResult = await utils.getDefaultOrgSlug();
   if (!orgSlugCResult.ok) {
+    require$$9.debugFn('warn', 'Failed to get default org slug');
+    require$$9.debugDir('inspect', {
+      orgSlugCResult
+    });
     process.exitCode = orgSlugCResult.code ?? 1;
     // Always assume json mode.
     logger.logger.log(utils.serializeResultJson(orgSlugCResult));
@@ -2296,6 +2336,13 @@ async function handleCi(autoManifest) {
   const cwd = process.cwd();
   const branchName = (await utils.gitBranch(cwd)) || (await utils.detectDefaultBranch(cwd));
   const repoName = await utils.getRepoName(cwd);
+  require$$9.debugFn('notice', `CI scan for ${orgSlug}/${repoName} on branch ${branchName}`);
+  require$$9.debugDir('inspect', {
+    orgSlug,
+    cwd,
+    branchName,
+    repoName
+  });
   await handleCreateNewScan({
     autoManifest,
     branchName,
@@ -2669,7 +2716,7 @@ ${utils.getSupportedConfigEntries().map(({
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   });
   if (!wasValidInput) {
@@ -2780,7 +2827,7 @@ async function run$O(argv, importMeta, {
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   });
   if (!wasValidInput) {
@@ -2912,7 +2959,7 @@ async function run$N(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   });
   if (!wasValidInput) {
@@ -2963,7 +3010,17 @@ async function handleConfigSet({
   outputKind,
   value
 }) {
+  require$$9.debugFn('notice', `Setting config ${key} = ${value}`);
+  require$$9.debugDir('inspect', {
+    key,
+    value,
+    outputKind
+  });
   const result = utils.updateConfigValue(key, value);
+  require$$9.debugFn('notice', `Config update ${result.ok ? 'succeeded' : 'failed'}`);
+  require$$9.debugDir('inspect', {
+    result
+  });
   await outputConfigSet(result, outputKind);
 }
 
@@ -3039,7 +3096,7 @@ ${utils.getSupportedConfigEntries().map(({
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   });
   if (!wasValidInput) {
@@ -3154,7 +3211,7 @@ ${utils.getSupportedConfigEntries().map(({
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   });
   if (!wasValidInput) {
@@ -3369,9 +3426,7 @@ async function getSocketFixPrsWithContext(owner, repo, options) {
     }
   } catch (e) {
     require$$9.debugFn('error', `GraphQL pagination failed for ${owner}/${repo}`);
-    require$$9.debugDir('inspect', {
-      error: e
-    });
+    require$$9.debugDir('error', e);
   }
   return contextualMatches;
 }
@@ -3588,9 +3643,7 @@ async function coanaFix(fixConfig) {
       }
     } catch (e) {
       require$$9.debugFn('warn', 'Failed to count open PRs, using original limit');
-      require$$9.debugDir('inspect', {
-        error: e
-      });
+      require$$9.debugDir('error', e);
     }
   }
   const shouldSpawnCoana = adjustedLimit > 0;
@@ -3644,7 +3697,7 @@ async function coanaFix(fixConfig) {
       stdio: 'inherit'
     });
     if (!fixCResult.ok) {
-      logger.logger.error(`Update failed for ${ghsaId}: ${fixCResult.message || constants.UNKNOWN_ERROR}`);
+      logger.logger.error(`Update failed for ${ghsaId}: ${utils.getErrorCause(fixCResult)}`);
       continue ghsaLoop;
     }
 
@@ -3746,9 +3799,7 @@ async function coanaFix(fixConfig) {
       await utils.gitCheckoutBranch(fixEnv.baseBranch, cwd);
     } catch (e) {
       logger.logger.warn(`Unexpected condition: Push failed for ${ghsaId}, skipping PR creation.`);
-      require$$9.debugDir('inspect', {
-        error: e
-      });
+      require$$9.debugDir('error', e);
       // eslint-disable-next-line no-await-in-loop
       await utils.gitResetAndClean(fixEnv.baseBranch, cwd);
       // eslint-disable-next-line no-await-in-loop
@@ -3792,6 +3843,10 @@ const CVE_FORMAT_REGEXP = /^CVE-\d{4}-\d{4,}$/;
  * Filters out invalid IDs and logs conversion results.
  */
 async function convertIdsToGhsas(ids) {
+  require$$9.debugFn('notice', `Converting ${ids.length} IDs to GHSA format`);
+  require$$9.debugDir('inspect', {
+    ids
+  });
   const validGhsas = [];
   const errors = [];
   for (const id of ids) {
@@ -3835,7 +3890,14 @@ async function convertIdsToGhsas(ids) {
   }
   if (errors.length) {
     logger.logger.warn(`Skipped ${errors.length} invalid IDs:\n${errors.map(e => `  - ${e}`).join('\n')}`);
+    require$$9.debugDir('inspect', {
+      errors
+    });
   }
+  require$$9.debugFn('notice', `Converted to ${validGhsas.length} valid GHSA IDs`);
+  require$$9.debugDir('inspect', {
+    validGhsas
+  });
   return validGhsas;
 }
 async function handleFix({
@@ -3854,6 +3916,21 @@ async function handleFix({
   spinner,
   unknownFlags
 }) {
+  require$$9.debugFn('notice', `Starting fix command for ${orgSlug}`);
+  require$$9.debugDir('inspect', {
+    autopilot,
+    cwd,
+    ghsas,
+    glob,
+    limit,
+    minSatisfying,
+    onlyCompute,
+    outputFile,
+    outputKind,
+    prCheck,
+    rangeStyle,
+    unknownFlags
+  });
   await outputFixResult(await coanaFix({
     autopilot,
     cwd,
@@ -3933,7 +4010,7 @@ const hiddenFlags = {
   glob: {
     type: 'string',
     default: '',
-    description: 'Glob pattern to pass to coana for filtering files',
+    description: 'Glob pattern to filter workspaces by',
     hidden: true
   },
   maxSatisfying: {
@@ -4006,7 +4083,7 @@ async function run$K(argv, importMeta, {
 
     Examples
       $ ${command}
-      $ ${command} --id CVE-2021-23337
+      $ ${command} ${constants.FLAG_ID} CVE-2021-23337
       $ ${command} ./path/to/project --range-style pin
     `
   };
@@ -4350,7 +4427,7 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
   apiBaseUrl ??= utils.getConfigValueOrUndef(constants.CONFIG_KEY_API_BASE_URL) ?? undefined;
   apiProxy ??= utils.getConfigValueOrUndef(constants.CONFIG_KEY_API_PROXY) ?? undefined;
   const apiTokenInput = await prompts.password({
-    message: `Enter your ${vendor.terminalLinkExports('Socket.dev API token', 'https://docs.socket.dev/docs/api-keys')} (leave blank to use a limited public token)`
+    message: `Enter your ${utils.socketDocsLink('/docs/api-keys', 'Socket.dev API token')} (leave blank to use a limited public token)`
   });
   if (apiTokenInput === undefined) {
     logger.logger.fail('Canceled by user');
@@ -4608,7 +4685,7 @@ const {
   YARN_LOCK
 } = constants.default;
 const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', constants.NPM, constants.PNPM, 'ts', 'tsx', 'typescript']);
-function argvToArray(argvObj) {
+function argvObjectToArray(argvObj) {
   if (argvObj['help']) {
     return [constants.FLAG_HELP];
   }
@@ -4656,7 +4733,7 @@ async function runCdxgen(argvObj) {
     stdio: 'inherit'
   };
 
-  // Detect package manager based on lockfiles
+  // Detect package manager based on lockfiles.
   const pnpmLockPath = await utils.findUp(PNPM_LOCK_YAML, {
     onlyFiles: true
   });
@@ -4668,7 +4745,7 @@ async function runCdxgen(argvObj) {
   });
   const agent = pnpmLockPath ? constants.PNPM : yarnLockPath && utils.isYarnBerry() ? constants.YARN : constants.NPM;
   let cleanupPackageLock = false;
-  if (argvMutable['type'] !== constants.YARN && nodejsPlatformTypes.has(argvMutable['type']) && yarnLockPath) {
+  if (yarnLockPath && argvMutable['type'] !== constants.YARN && nodejsPlatformTypes.has(argvMutable['type'])) {
     if (npmLockPath) {
       argvMutable['type'] = constants.NPM;
     } else {
@@ -4686,8 +4763,8 @@ async function runCdxgen(argvObj) {
     }
   }
 
-  // Use appropriate package manager for cdxgen
-  const shadowResult = await utils.spawnCdxgenDlx(argvToArray(argvMutable), {
+  // Use appropriate package manager for cdxgen.
+  const shadowResult = await utils.spawnCdxgenDlx(argvObjectToArray(argvMutable), {
     ...shadowOpts,
     agent
   });
@@ -5230,7 +5307,7 @@ async function run$D(argv, importMeta, {
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   });
   if (!wasValidInput) {
@@ -6279,10 +6356,10 @@ async function run$x(argv, importMeta, context) {
     API Token Requirements
       ${utils.getFlagApiRequirementsOutput(`${parentName}:${CMD_NAME$r}`)}
 
-    Note: Everything after "npm" is passed to the npm command.
-          Only the \`--dry-run\` and \`--help\` flags are caught here.
+    Note: Everything after "${constants.NPM}" is passed to the ${constants.NPM} command.
+          Only the \`${constants.FLAG_DRY_RUN}\` and \`${constants.FLAG_HELP}\` flags are caught here.
 
-    Use \`socket wrapper on\` to alias this command as \`npm\`.
+    Use \`socket wrapper on\` to alias this command as \`${constants.NPM}\`.
 
     Examples
       $ ${command}
@@ -6301,7 +6378,7 @@ async function run$x(argv, importMeta, context) {
     logger.logger.log(constants.default.DRY_RUN_BAILING_NOW);
     return;
   }
-  const shadowBin = /*@__PURE__*/require$5(constants.default.shadowNpmBinPath);
+  const shadowNpmBin = /*@__PURE__*/require$5(constants.default.shadowNpmBinPath);
   process.exitCode = 1;
 
   // Filter Socket flags from argv but keep --json for npm.
@@ -6311,7 +6388,7 @@ async function run$x(argv, importMeta, context) {
   }, [constants.FLAG_JSON]);
   const {
     spawnPromise
-  } = await shadowBin(constants.NPM, argsToForward, {
+  } = await shadowNpmBin(argsToForward, {
     stdio: 'inherit'
   });
 
@@ -6353,10 +6430,10 @@ async function run$w(argv, importMeta, {
     API Token Requirements
       ${utils.getFlagApiRequirementsOutput(`${parentName}:${CMD_NAME$q}`)}
 
-    Note: Everything after "npx" is passed to the npx command.
-          Only the \`--dry-run\` and \`--help\` flags are caught here.
+    Note: Everything after "${constants.NPX}" is passed to the ${constants.NPX} command.
+          Only the \`${constants.FLAG_DRY_RUN}\` and \`${constants.FLAG_HELP}\` flags are caught here.
 
-    Use \`socket wrapper on\` to alias this command as \`npx\`.
+    Use \`socket wrapper on\` to alias this command as \`${constants.NPX}\`.
 
     Examples
       $ ${command} cowsay
@@ -6374,11 +6451,11 @@ async function run$w(argv, importMeta, {
     logger.logger.log(constants.default.DRY_RUN_BAILING_NOW);
     return;
   }
-  const shadowBin = /*@__PURE__*/require$4(constants.default.shadowNpmBinPath);
+  const shadowNpxBin = /*@__PURE__*/require$4(constants.default.shadowNpxBinPath);
   process.exitCode = 1;
   const {
     spawnPromise
-  } = await shadowBin(constants.NPX, argv, {
+  } = await shadowNpxBin(argv, {
     stdio: 'inherit'
   });
 
@@ -6708,6 +6785,9 @@ async function npmQuery(npmExecPath, cwd) {
   try {
     stdout = (await spawn.spawn(npmExecPath, ['query', ':not(.dev)'], {
       cwd,
+      // On Windows, npm is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -6725,6 +6805,9 @@ async function lsBun(pkgEnvDetails, options) {
     // https://github.com/oven-sh/bun/issues/8283
     return (await spawn.spawn(pkgEnvDetails.agentExecPath, ['pm', 'ls', '--all'], {
       cwd,
+      // On Windows, bun is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -6760,6 +6843,9 @@ async function lsPnpm(pkgEnvDetails, options) {
     // https://en.wiktionary.org/wiki/parsable
     ['ls', '--parseable', constants.FLAG_PROD, '--depth', 'Infinity'], {
       cwd,
+      // On Windows, pnpm is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -6777,6 +6863,9 @@ async function lsVlt(pkgEnvDetails, options) {
     // See https://docs.vlt.sh/cli/commands/list#options.
     stdout = (await spawn.spawn(pkgEnvDetails.agentExecPath, ['ls', '--view', 'human', ':not(.dev)'], {
       cwd,
+      // On Windows, pnpm is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -6794,6 +6883,9 @@ async function lsYarnBerry(pkgEnvDetails, options) {
     // https://github.com/yarnpkg/berry/issues/5117
     return (await spawn.spawn(pkgEnvDetails.agentExecPath, ['info', '--recursive', '--name-only'], {
       cwd,
+      // On Windows, yarn is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -6813,6 +6905,9 @@ async function lsYarnClassic(pkgEnvDetails, options) {
     //   environment is production
     return (await spawn.spawn(pkgEnvDetails.agentExecPath, ['list', constants.FLAG_PROD], {
       cwd,
+      // On Windows, yarn is often a .cmd file that requires shell execution.
+      // The spawn function from @socketsecurity/registry will handle this properly
+      // when shell is true.
       shell: constants.default.WIN32
     })).stdout;
   } catch {}
@@ -7056,9 +7151,9 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
         if (
         // ...if the spec doesn't start with a valid Socket override.
         !(thisSpec.startsWith(sockOverridePrefix) &&
-        // Check the validity of the spec by passing it through npa and
-        // seeing if it will coerce to a version.
-        vendor.semverExports.coerce(utils.npa(thisSpec).subSpec.rawSpec)?.version)) {
+        // Check the validity of the spec by parsing it with npm-package-arg
+        // and seeing if it will coerce to a version.
+        vendor.semverExports.coerce(utils.safeNpa(thisSpec).subSpec.rawSpec)?.version)) {
           thisSpec = sockOverrideSpec;
           depObj[origPkgName] = thisSpec;
           state.added.add(sockRegPkgName);
@@ -7107,12 +7202,12 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
             const thisSpec = oldSpec.startsWith('$') ? depAlias || newSpec : oldSpec || newSpec;
             if (thisSpec.startsWith(sockOverridePrefix)) {
               if (pin && utils.getMajor(
-              // Check the validity of the spec by passing it through npa
+              // Check the validity of the spec by parsing it with npm-package-arg
               // and seeing if it will coerce to a version. semver.coerce
               // will strip leading v's, carets (^), comparators (<,<=,>,>=,=),
               // and tildes (~). If not coerced to a valid version then
               // default to the manifest entry version.
-              vendor.semverExports.coerce(utils.npa(thisSpec).subSpec.rawSpec)?.version ?? version) !== major) {
+              vendor.semverExports.coerce(utils.safeNpa(thisSpec).subSpec.rawSpec)?.version ?? version) !== major) {
                 const otherVersion = (await packages.fetchPackageManifest(thisSpec))?.version;
                 if (otherVersion && otherVersion !== version) {
                   newSpec = `${sockOverridePrefix}${pin ? otherVersion : `^${utils.getMajor(otherVersion)}`}`;
@@ -7196,10 +7291,8 @@ async function updateLockfile(pkgEnvDetails, options) {
     }
   } catch (e) {
     spinner?.stop();
-    require$$9.debugFn('error', 'fail: update');
-    require$$9.debugDir('inspect', {
-      error: e
-    });
+    require$$9.debugFn('error', 'Lockfile update failed');
+    require$$9.debugDir('error', e);
     if (wasSpinning) {
       spinner.start();
     }
@@ -7299,17 +7392,29 @@ async function handleOptimize({
   pin,
   prod
 }) {
+  require$$9.debugFn('notice', `Starting optimization for ${cwd}`);
+  require$$9.debugDir('inspect', {
+    cwd,
+    outputKind,
+    pin,
+    prod
+  });
   const pkgEnvCResult = await utils.detectAndValidatePackageEnvironment(cwd, {
     cmdName: CMD_NAME$p,
     logger: logger.logger,
     prod
   });
   if (!pkgEnvCResult.ok) {
+    require$$9.debugFn('warn', 'Package environment validation failed');
+    require$$9.debugDir('inspect', {
+      pkgEnvCResult
+    });
     await outputOptimizeResult(pkgEnvCResult, outputKind);
     return;
   }
   const pkgEnvDetails = pkgEnvCResult.data;
   if (!pkgEnvDetails) {
+    require$$9.debugFn('warn', 'No package environment details found');
     await outputOptimizeResult({
       ok: false,
       message: 'No package found.',
@@ -7317,11 +7422,16 @@ async function handleOptimize({
     }, outputKind);
     return;
   }
+  require$$9.debugFn('notice', `Detected package manager: ${pkgEnvDetails.agent} v${pkgEnvDetails.agentVersion}`);
+  require$$9.debugDir('inspect', {
+    pkgEnvDetails
+  });
   const {
     agent,
     agentVersion
   } = pkgEnvDetails;
   if (agent === VLT) {
+    require$$9.debugFn('warn', `${agent} does not support overrides`);
     await outputOptimizeResult({
       ok: false,
       message: 'Unsupported',
@@ -7330,10 +7440,16 @@ async function handleOptimize({
     return;
   }
   logger.logger.info(`Optimizing packages for ${agent} v${agentVersion}.\n`);
-  await outputOptimizeResult(await applyOptimization(pkgEnvDetails, {
+  require$$9.debugFn('notice', 'Applying optimization');
+  const optimizationResult = await applyOptimization(pkgEnvDetails, {
     pin,
     prod
-  }), outputKind);
+  });
+  require$$9.debugFn('notice', `Optimization ${optimizationResult.ok ? 'succeeded' : 'failed'}`);
+  require$$9.debugDir('inspect', {
+    optimizationResult
+  });
+  await outputOptimizeResult(optimizationResult, outputKind);
 }
 
 const CMD_NAME$o = 'optimize';
@@ -7501,10 +7617,20 @@ async function handleDependencies({
   offset,
   outputKind
 }) {
+  require$$9.debugFn('notice', `Fetching dependencies with limit=${limit}, offset=${offset}`);
+  require$$9.debugDir('inspect', {
+    limit,
+    offset,
+    outputKind
+  });
   const result = await fetchDependencies({
     limit,
     offset
   });
+  require$$9.debugFn('notice', `Dependencies ${result.ok ? 'fetched successfully' : 'fetch failed'}`);
+  require$$9.debugDir('inspect', {
+    result
+  });
   await outputDependencies(result, {
     limit,
     offset,
@@ -7574,7 +7700,7 @@ async function run$t(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   }, {
     nook: true,
@@ -7915,7 +8041,15 @@ async function outputOrganizationList(orgsCResult, outputKind = 'text') {
 }
 
 async function handleOrganizationList(outputKind = 'text') {
+  require$$9.debugFn('notice', 'Fetching organization list');
+  require$$9.debugDir('inspect', {
+    outputKind
+  });
   const data = await utils.fetchOrganization();
+  require$$9.debugFn('notice', `Organization list ${data.ok ? 'fetched successfully' : 'fetch failed'}`);
+  require$$9.debugDir('inspect', {
+    data
+  });
   await outputOrganizationList(data, outputKind);
 }
 
@@ -7969,7 +8103,7 @@ async function run$q(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   }, {
     nook: true,
@@ -8319,7 +8453,16 @@ function createMarkdownReport(data) {
 }
 
 async function handlePurlDeepScore(purl, outputKind) {
+  require$$9.debugFn('notice', `Fetching deep score for ${purl}`);
+  require$$9.debugDir('inspect', {
+    purl,
+    outputKind
+  });
   const result = await fetchPurlDeepScore(purl);
+  require$$9.debugFn('notice', `Deep score ${result.ok ? 'fetched successfully' : 'fetch failed'}`);
+  require$$9.debugDir('inspect', {
+    result
+  });
   await outputPurlsDeepScore(purl, result, outputKind);
 }
 
@@ -8751,7 +8894,16 @@ async function handlePurlsShallowScore({
   outputKind,
   purls
 }) {
+  require$$9.debugFn('notice', `Fetching shallow scores for ${purls.length} packages`);
+  require$$9.debugDir('inspect', {
+    purls,
+    outputKind
+  });
   const packageData = await fetchPurlsShallowScore(purls);
+  require$$9.debugFn('notice', `Shallow scores ${packageData.ok ? 'fetched successfully' : 'fetch failed'}`);
+  require$$9.debugDir('inspect', {
+    packageData
+  });
   outputPurlsShallowScore(purls, packageData, outputKind);
 }
 
@@ -9051,7 +9203,7 @@ async function computeSHA256(filepath) {
     return {
       ok: false,
       message: 'Failed to compute file hash',
-      cause: `Unable to read file ${filepath}: ${e instanceof Error ? e.message : constants.UNKNOWN_ERROR}`
+      cause: `Unable to read file ${filepath}: ${utils.getErrorCause(e)}`
     };
   }
 }
@@ -9150,9 +9302,7 @@ async function processFilePatch(pkgPath, fileName, fileInfo, socketDir, options)
     logger.logger.success(`Patch applied successfully`);
   } catch (e) {
     logger.logger.error('Error applying patch');
-    require$$9.debugDir('inspect', {
-      error: e
-    });
+    require$$9.debugDir('error', e);
     result = false;
   }
   logger.logger.groupEnd();
@@ -9232,7 +9382,7 @@ async function handlePatch({
   } catch (e) {
     spinner.stop();
     let message = 'Failed to apply patches';
-    let cause = e?.message || constants.UNKNOWN_ERROR;
+    let cause = utils.getErrorCause(e);
     if (e instanceof SyntaxError) {
       message = `Invalid JSON in ${constants.MANIFEST_JSON}`;
       cause = e.message;
@@ -9370,10 +9520,10 @@ async function run$l(argv, importMeta, context) {
     API Token Requirements
       ${utils.getFlagApiRequirementsOutput(`${parentName}:${CMD_NAME$g}`)}
 
-    Note: Everything after "pnpm" is passed to the pnpm command.
-          Only the \`--dry-run\` and \`--help\` flags are caught here.
+    Note: Everything after "${constants.PNPM}" is passed to the ${constants.PNPM} command.
+          Only the \`${constants.FLAG_DRY_RUN}\` and \`${constants.FLAG_HELP}\` flags are caught here.
 
-    Use \`socket wrapper on\` to alias this command as \`pnpm\`.
+    Use \`socket wrapper on\` to alias this command as \`${constants.PNPM}\`.
 
     Examples
       $ ${command}
@@ -9393,14 +9543,16 @@ async function run$l(argv, importMeta, context) {
     logger.logger.log(constants.default.DRY_RUN_BAILING_NOW);
     return;
   }
-  const shadowBin = /*@__PURE__*/require$3(constants.default.shadowPnpmBinPath);
+  const shadowPnpmBin = /*@__PURE__*/require$3(constants.default.shadowPnpmBinPath);
   process.exitCode = 1;
 
   // Filter Socket flags from argv.
   const filteredArgv = utils.filterFlags(argv, config.flags);
   const {
     spawnPromise
-  } = await shadowBin(filteredArgv);
+  } = await shadowPnpmBin(filteredArgv, {
+    stdio: 'inherit'
+  });
   await spawnPromise;
   process.exitCode = 0;
 }
@@ -9408,6 +9560,9 @@ async function run$l(argv, importMeta, context) {
 async function runRawNpm(argv) {
   process.exitCode = 1;
   const spawnPromise = spawn.spawn(utils.getNpmBinPath(), argv, {
+    // On Windows, npm is often a .cmd file that requires shell execution.
+    // The spawn function from @socketsecurity/registry will handle this properly
+    // when shell is true.
     shell: constants.default.WIN32,
     stdio: 'inherit'
   });
@@ -9440,7 +9595,7 @@ const config$4 = {
     the Socket wrapper. Use at your own risk.
 
     Note: Everything after "raw-npm" is passed to the npm command.
-          Only the \`--dry-run\` and \`--help\` flags are caught here.
+          Only the \`${constants.FLAG_DRY_RUN}\` and \`${constants.FLAG_HELP}\` flags are caught here.
 
     Examples
       $ ${command} install -g cowsay
@@ -9471,6 +9626,9 @@ async function run$k(argv, importMeta, {
 async function runRawNpx(argv) {
   process.exitCode = 1;
   const spawnPromise = spawn.spawn(utils.getNpxBinPath(), argv, {
+    // On Windows, npx is often a .cmd file that requires shell execution.
+    // The spawn function from @socketsecurity/registry will handle this properly
+    // when shell is true.
     shell: constants.default.WIN32,
     stdio: 'inherit'
   });
@@ -9503,7 +9661,7 @@ const config$3 = {
     the Socket wrapper. Use at your own risk.
 
     Note: Everything after "raw-npx" is passed to the npx command.
-          Only the \`--dry-run\` and \`--help\` flags are caught here.
+          Only the \`${constants.FLAG_DRY_RUN}\` and \`${constants.FLAG_HELP}\` flags are caught here.
 
     Examples
       $ ${command} cowsay
@@ -9588,6 +9746,16 @@ async function handleCreateRepo({
   repoName,
   visibility
 }, outputKind) {
+  require$$9.debugFn('notice', `Creating repository ${orgSlug}/${repoName}`);
+  require$$9.debugDir('inspect', {
+    defaultBranch,
+    description,
+    homepage,
+    orgSlug,
+    repoName,
+    visibility,
+    outputKind
+  });
   const data = await fetchCreateRepo({
     defaultBranch,
     description,
@@ -9596,6 +9764,10 @@ async function handleCreateRepo({
     repoName,
     visibility
   });
+  require$$9.debugFn('notice', `Repository creation ${data.ok ? 'succeeded' : 'failed'}`);
+  require$$9.debugDir('inspect', {
+    data
+  });
   outputCreateRepo(data, repoName, outputKind);
 }
 
@@ -9692,7 +9864,7 @@ async function run$i(argv, importMeta, {
   }, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     test: !!repoName,
@@ -9823,7 +9995,7 @@ async function run$h(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -10124,7 +10296,7 @@ async function run$g(argv, importMeta, {
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   }, {
     nook: true,
@@ -10314,7 +10486,7 @@ async function run$f(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -10476,7 +10648,7 @@ async function run$e(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -10490,7 +10662,7 @@ async function run$e(argv, importMeta, {
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   }, {
     nook: true,
@@ -10728,7 +10900,7 @@ async function run$d(argv, importMeta, {
     Note: for a first run you probably want to set --default-branch to indicate
           the default branch name, like "main" or "master".
 
-    The "alerts page" (https://socket.dev/dashboard/org/YOURORG/alerts) will show
+    The ${utils.socketDashboardLink('/org/YOURORG/alerts', '"alerts page"')} will show
     the results from the last scan designated as the "pending head" on the branch
     configured on Socket to be the "default branch". When creating a scan the
     --set-as-alerts-page flag will default to true to update this. You can prevent
@@ -11151,7 +11323,7 @@ async function handleJson(data, file, dashboardMessage) {
         logger.logger.fail(`Writing to \`${file}\` failed...`);
         logger.logger.error(err);
       } else {
-        logger.logger.success(`Data successfully written to \`${file}\``);
+        logger.logger.success(`Data successfully written to \`${utils.fileLink(file)}\``);
       }
       logger.logger.error(dashboardMessage);
     });
@@ -11383,7 +11555,7 @@ async function run$b(argv, importMeta, {
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   }, {
     nook: true,
@@ -11792,19 +11964,17 @@ async function streamDownloadWithFetch(localPath, downloadUrl) {
     };
   } catch (e) {
     logger.logger.fail('An error was thrown while trying to download a manifest file... url:', downloadUrl);
-    require$$9.debugDir('inspect', {
-      error: e
-    });
+    require$$9.debugDir('error', e);
 
     // If an error occurs and fileStream was created, attempt to clean up.
     if (fs$1.existsSync(localPath)) {
       // Check if fileStream was even opened before trying to delete
       // This check might be too simplistic depending on when error occurs
-      fs$1.unlink(localPath, unlinkErr => {
-        if (unlinkErr) {
-          logger.logger.fail(`Error deleting partial file ${localPath}: ${unlinkErr.message}`);
-        }
-      });
+      try {
+        await fs$1.promises.unlink(localPath);
+      } catch (e) {
+        logger.logger.fail(utils.formatErrorWithDetail(`Error deleting partial file ${localPath}`, e));
+      }
     }
     // Construct a more informative error message
     let detailedError = `Error during download of ${downloadUrl}: ${e.message}`;
@@ -12495,7 +12665,7 @@ async function run$9(argv, importMeta, {
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: noLegacy,
-    message: `Legacy flags are no longer supported. See ${vendor.terminalLinkExports('v1 migration guide', constants.V1_MIGRATION_GUIDE_URL)}.`,
+    message: `Legacy flags are no longer supported. See the ${utils.webLink(constants.V1_MIGRATION_GUIDE_URL, 'v1 migration guide')}.`,
     fail: `received legacy flags`
   }, {
     nook: true,
@@ -13428,8 +13598,8 @@ async function fetchScan(orgSlug, scanId) {
       return JSON.parse(line);
     } catch (e) {
       ok = false;
-      require$$9.debugFn('error', 'caught: JSON.parse error');
-      require$$9.debugDir('inspect', {
+      require$$9.debugFn('error', 'Failed to parse scan result line as JSON');
+      require$$9.debugDir('error', {
         error: e,
         line
       });
@@ -13467,7 +13637,7 @@ async function outputScanView(result, orgSlug, scanId, filePath, outputKind) {
       logger.logger.info('Writing json results to', filePath);
       try {
         await fs.writeFile(filePath, json, 'utf8');
-        logger.logger.info(`Data successfully written to ${filePath}`);
+        logger.logger.info(`Data successfully written to ${utils.fileLink(filePath)}`);
       } catch (e) {
         process.exitCode = 1;
         logger.logger.fail('There was an error trying to write the markdown to disk');
@@ -13508,7 +13678,7 @@ View this report at: ${constants.default.SOCKET_WEBSITE_URL}/dashboard/org/${org
   if (filePath && filePath !== '-') {
     try {
       await fs.writeFile(filePath, report, 'utf8');
-      logger.logger.log(`Data successfully written to ${filePath}`);
+      logger.logger.log(`Data successfully written to ${utils.fileLink(filePath)}`);
     } catch (e) {
       process.exitCode = 1;
       logger.logger.fail('There was an error trying to write the markdown to disk');
@@ -13627,7 +13797,7 @@ async function run$4(argv, importMeta, {
   }, {
     nook: true,
     test: !json || !markdown,
-    message: 'The `--json` and `--markdown` flags can not be used at the same time',
+    message: `The \`${constants.FLAG_JSON}\` and \`${constants.FLAG_MARKDOWN}\` flags can not be used at the same time`,
     fail: 'bad'
   }, {
     nook: true,
@@ -13944,7 +14114,7 @@ async function run$3(argv, importMeta, {
       - Special access
 
     This feature requires a Threat Feed license. Please contact
-    sales@socket.dev if you are interested in purchasing this access.
+    ${utils.mailtoLink('sales@socket.dev')} if you are interested in purchasing this access.
 
     Options
       ${utils.getFlagListOutput(config.flags)}
@@ -14309,10 +14479,8 @@ Do you want to install the Socket npm wrapper (this will create an alias to the
       }
     }
   } catch (e) {
-    require$$9.debugFn('error', 'caught: tab completion setup error');
-    require$$9.debugDir('inspect', {
-      error: e
-    });
+    require$$9.debugFn('warn', 'Tab completion setup failed (non-fatal)');
+    require$$9.debugDir('warn', e);
     // Ignore. Skip tab completion setup.
   }
   if (!updatedTabCompletion) {
@@ -14345,7 +14513,7 @@ async function setupShadowNpm(query) {
         addSocketWrapper(zshRcPath);
       }
     } catch (e) {
-      throw new Error(`There was an issue setting up the alias: ${e?.['message']}`);
+      throw new Error(`There was an issue setting up the alias: ${utils.getErrorCause(e)}`);
     }
   }
 }
@@ -14507,10 +14675,10 @@ async function run(argv, importMeta, context) {
     API Token Requirements
       ${utils.getFlagApiRequirementsOutput(`${parentName}:${CMD_NAME}`)}
 
-    Note: Everything after "yarn" is passed to the yarn command.
-          Only the \`--dry-run\` and \`--help\` flags are caught here.
+    Note: Everything after "${constants.YARN}" is passed to the ${constants.YARN} command.
+          Only the \`${constants.FLAG_DRY_RUN}\` and \`${constants.FLAG_HELP}\` flags are caught here.
 
-    Use \`socket wrapper on\` to alias this command as \`yarn\`.
+    Use \`socket wrapper on\` to alias this command as \`${constants.YARN}\`.
 
     Examples
       $ ${command}
@@ -14530,14 +14698,16 @@ async function run(argv, importMeta, context) {
     logger.logger.log(constants.default.DRY_RUN_BAILING_NOW);
     return;
   }
-  const shadowBin = /*@__PURE__*/require$1(constants.default.shadowYarnBinPath);
+  const shadowYarnBin = /*@__PURE__*/require$1(constants.default.shadowYarnBinPath);
   process.exitCode = 1;
 
   // Filter Socket flags from argv.
   const filteredArgv = utils.filterFlags(argv, config.flags);
   const {
     spawnPromise
-  } = await shadowBin(filteredArgv);
+  } = await shadowYarnBin(filteredArgv, {
+    stdio: 'inherit'
+  });
   await spawnPromise;
   process.exitCode = 0;
 }
@@ -14665,7 +14835,7 @@ void (async () => {
     version: constants.default.ENV.INLINED_SOCKET_CLI_VERSION,
     logCallback: (name, version, latest) => {
       logger.logger.log(`\n\n📦 Update available for ${vendor.yoctocolorsCjsExports.cyan(name)}: ${vendor.yoctocolorsCjsExports.gray(version)} → ${vendor.yoctocolorsCjsExports.green(latest)}`);
-      logger.logger.log(`📝 ${vendor.terminalLinkExports('View changelog', `https://socket.dev/npm/package/${name}/files/${latest}/CHANGELOG.md`)}`);
+      logger.logger.log(`📝 ${utils.socketPackageLink('npm', name, `files/${latest}/CHANGELOG.md`, 'View changelog')}`);
     }
   });
   try {
@@ -14679,10 +14849,8 @@ void (async () => {
     });
   } catch (e) {
     process.exitCode = 1;
-    require$$9.debugFn('error', 'Uncaught error (BAD!):');
-    require$$9.debugDir('inspect', {
-      error: e
-    });
+    require$$9.debugFn('error', 'CLI uncaught error');
+    require$$9.debugDir('error', e);
     let errorBody;
     let errorTitle;
     let errorMessage = '';
@@ -14734,5 +14902,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=b2633ba4-7e32-440b-9581-735f53ff9fc8
+//# debugId=c2710cf0-3d3a-46a7-8ead-88053b9e55be
 //# sourceMappingURL=cli.js.map