npm - @socketsecurity/cli-with-sentry - Versions diffs - 1.1.3 → 1.1.4 - Mend

@socketsecurity/cli-with-sentry 1.1.3 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/dist/utils.js CHANGED Viewed

@@ -5,13 +5,13 @@ var logger = require('../external/@socketsecurity/registry/lib/logger');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
 var require$$9 = require('../external/@socketsecurity/registry/lib/debug');
 var require$$11 = require('../external/@socketsecurity/registry/lib/objects');
+var constants = require('./constants.js');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
 var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var sorts = require('../external/@socketsecurity/registry/lib/sorts');
 var words = require('../external/@socketsecurity/registry/lib/words');
 var Module = require('node:module');
 var path = require('node:path');
-var constants = require('./constants.js');
 var flags = require('./flags.js');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var prompts = require('../external/@socketsecurity/registry/lib/prompts');
@@ -36,7 +36,7 @@ function getConfigValues() {
     _cachedConfig = {};
     const {
       socketAppDataPath
-    } = constants;
+    } = constants.default;
     if (socketAppDataPath) {
       const raw = fs.safeReadFileSync(socketAppDataPath);
       if (raw) {
@@ -238,7 +238,7 @@ function updateConfigValue(configKey, value) {
       _pendingSave = false;
       const {
         socketAppDataPath
-      } = constants;
+      } = constants.default;
       if (socketAppDataPath) {
         fs$1.writeFileSync(socketAppDataPath, Buffer.from(JSON.stringify(localConfig)).toString('base64'));
       }
@@ -257,13 +257,13 @@ const TOKEN_VISIBLE_LENGTH = 5;
 // The Socket API server that should be used for operations.
 function getDefaultApiBaseUrl$1() {
-  const baseUrl = constants.ENV.SOCKET_CLI_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
+  const baseUrl = constants.default.ENV.SOCKET_CLI_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
   return isUrl(baseUrl) ? baseUrl : undefined;
 }
 // The Socket API server that should be used for operations.
 function getDefaultProxyUrl() {
-  const apiProxy = constants.ENV.SOCKET_CLI_API_PROXY || getConfigValueOrUndef('apiProxy');
+  const apiProxy = constants.default.ENV.SOCKET_CLI_API_PROXY || getConfigValueOrUndef('apiProxy');
   return isUrl(apiProxy) ? apiProxy : undefined;
 }
 function isUrl(value) {
@@ -280,16 +280,16 @@ function isUrl(value) {
 // This Socket API token should be stored globally for the duration of the CLI execution.
 let _defaultToken;
 function getDefaultApiToken() {
-  if (constants.ENV.SOCKET_CLI_NO_API_TOKEN) {
+  if (constants.default.ENV.SOCKET_CLI_NO_API_TOKEN) {
     _defaultToken = undefined;
     return _defaultToken;
   }
-  const key = constants.ENV.SOCKET_CLI_API_TOKEN || getConfigValueOrUndef('apiToken') || _defaultToken;
+  const key = constants.default.ENV.SOCKET_CLI_API_TOKEN || getConfigValueOrUndef('apiToken') || _defaultToken;
   _defaultToken = strings.isNonEmptyString(key) ? key : undefined;
   return _defaultToken;
 }
 function getPublicApiToken() {
-  return getDefaultApiToken() || constants.ENV.SOCKET_CLI_API_TOKEN || constants.SOCKET_PUBLIC_API_TOKEN;
+  return getDefaultApiToken() || constants.default.ENV.SOCKET_CLI_API_TOKEN || constants.default.SOCKET_PUBLIC_API_TOKEN;
 }
 function getVisibleTokenPrefix() {
   const apiToken = getDefaultApiToken();
@@ -336,11 +336,11 @@ async function setupSdk(options) {
         proxy: apiProxy
       }) : undefined,
       baseUrl: apiBaseUrl,
-      timeout: constants.ENV.SOCKET_CLI_API_TIMEOUT,
+      timeout: constants.default.ENV.SOCKET_CLI_API_TIMEOUT,
       userAgent: vendor.distExports.createUserAgentFromPkgJson({
-        name: constants.ENV.INLINED_SOCKET_CLI_NAME,
-        version: constants.ENV.INLINED_SOCKET_CLI_VERSION,
-        homepage: constants.ENV.INLINED_SOCKET_CLI_HOMEPAGE
+        name: constants.default.ENV.INLINED_SOCKET_CLI_NAME,
+        version: constants.default.ENV.INLINED_SOCKET_CLI_VERSION,
+        homepage: constants.default.ENV.INLINED_SOCKET_CLI_HOMEPAGE
       })
     })
   };
@@ -350,11 +350,11 @@ const NO_ERROR_MESSAGE = 'No error message returned';
 // The Socket API server that should be used for operations.
 function getDefaultApiBaseUrl() {
-  const baseUrl = constants.ENV.SOCKET_CLI_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
+  const baseUrl = constants.default.ENV.SOCKET_CLI_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
   if (strings.isNonEmptyString(baseUrl)) {
     return baseUrl;
   }
-  const API_V0_URL = constants.API_V0_URL;
+  const API_V0_URL = constants.default.API_V0_URL;
   return API_V0_URL;
 }
 async function getErrorMessageForHttpStatusCode(code) {
@@ -509,7 +509,7 @@ async function queryApiSafeText(path, desc) {
   }
   const {
     spinner
-  } = constants;
+  } = constants.default;
   if (desc) {
     spinner.start(`Requesting ${desc} from API...`);
   }
@@ -595,7 +595,7 @@ async function sendApiRequest(path, options) {
   }
   const {
     spinner
-  } = constants;
+  } = constants.default;
   if (options.desc) {
     spinner.start(`Requesting ${options.desc} from API...`);
   }
@@ -843,19 +843,19 @@ function checkCommandInput(outputKind, ...checks) {
 function getOutputKind(json, markdown) {
   if (json) {
-    return 'json';
+    return constants.JSON;
   }
   if (markdown) {
-    return 'markdown';
+    return constants.MARKDOWN;
   }
-  return 'text';
+  return constants.TEXT;
 }
 const require$2 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
 let _requirements;
 function getRequirements() {
   if (_requirements === undefined) {
-    _requirements = /*@__PURE__*/require$2(path.join(constants.rootPath, 'requirements.json'));
+    _requirements = /*@__PURE__*/require$2(path.join(constants.default.rootPath, 'requirements.json'));
   }
   return _requirements;
 }
@@ -935,7 +935,7 @@ function getHelpListOutput(list, options) {
 // Replace the start of a path with ~/ when it starts with your home dir.
 // A common way to abbreviate the user home dir (though not strictly posix).
 function tildify(cwd) {
-  return cwd.replace(new RegExp(`^${regexps.escapeRegExp(constants.homePath)}(?:${path.sep}|$)`, 'i'), '~/');
+  return cwd.replace(new RegExp(`^${regexps.escapeRegExp(constants.default.homePath)}(?:${path.sep}|$)`, 'i'), '~/');
 }
 // Property names are picked such that the name is at the top when the props
@@ -1100,17 +1100,17 @@ async function meowWithSubcommands(subcommands, options) {
   // The env var overrides the --flag, which overrides the persisted config
   // Also, when either of these are used, config updates won't persist.
   let configOverrideResult;
-  if (constants.ENV.SOCKET_CLI_CONFIG) {
-    configOverrideResult = overrideCachedConfig(constants.ENV.SOCKET_CLI_CONFIG);
+  if (constants.default.ENV.SOCKET_CLI_CONFIG) {
+    configOverrideResult = overrideCachedConfig(constants.default.ENV.SOCKET_CLI_CONFIG);
   } else if (cli1.flags['config']) {
     configOverrideResult = overrideCachedConfig(String(cli1.flags['config'] || ''));
   }
-  if (constants.ENV.SOCKET_CLI_NO_API_TOKEN) {
+  if (constants.default.ENV.SOCKET_CLI_NO_API_TOKEN) {
     // This overrides the config override and even the explicit token env var.
     // The config will be marked as readOnly to prevent persisting it.
     overrideConfigApiToken(undefined);
   } else {
-    const tokenOverride = constants.ENV.SOCKET_CLI_API_TOKEN;
+    const tokenOverride = constants.default.ENV.SOCKET_CLI_API_TOKEN;
     if (tokenOverride) {
       // This will set the token (even if there was a config override) and
       // set it to readOnly, making sure the temp token won't be persisted.
@@ -1161,7 +1161,7 @@ async function meowWithSubcommands(subcommands, options) {
     // "Bucket" some commands for easier usage.
     const commands = new Set(['analytics', 'audit-log', 'ci', 'cdxgen', 'config', 'dependencies', 'fix', 'install',
     //'json',
-    'license', 'login', 'logout', 'manifest', 'npm', 'npx', 'optimize', 'organization', 'package',
+    'license', 'login', 'logout', 'manifest', constants.NPM, constants.NPX, 'optimize', 'organization', 'package',
     //'patch',
     'raw-npm', 'raw-npx', 'repository', 'scan',
     //'security',
@@ -1179,7 +1179,7 @@ async function meowWithSubcommands(subcommands, options) {
       // test snapshots we use joinAnd.
       arrays.joinAnd(Array.from(commands).sort(sorts.naturalCompare).map(c => `'${c}'`)));
     }
-    lines.push('Note: All commands have their own --help', '', 'Main commands', `  socket login                ${description(subcommands['login'])}`, `  socket scan create          Create a new Socket scan and report`, `  socket npm/lodash@4.17.21   Request the Socket score of a package`, `  socket ci                   ${description(subcommands['ci'])}`, ``, 'Socket API', `  analytics                   ${description(subcommands['analytics'])}`, `  audit-log                   ${description(subcommands['audit-log'])}`, `  organization                ${description(subcommands['organization'])}`, `  package                     ${description(subcommands['package'])}`, `  repository                  ${description(subcommands['repository'])}`, `  scan                        ${description(subcommands['scan'])}`, `  threat-feed                 ${description(subcommands['threat-feed'])}`, ``, 'Local tools', `  fix                         ${description(subcommands['fix'])}`, `  manifest                    ${description(subcommands['manifest'])}`, `  npm                         ${description(subcommands['npm'])}`, `  npx                         ${description(subcommands['npx'])}`, `  optimize                    ${description(subcommands['optimize'])}`, `  raw-npm                     ${description(subcommands['raw-npm'])}`, `  raw-npx                     ${description(subcommands['raw-npx'])}`, '', 'CLI configuration', `  config                      ${description(subcommands['config'])}`, `  install                     ${description(subcommands['install'])}`, `  login                       Socket API login and CLI setup`, `  logout                      ${description(subcommands['logout'])}`, `  uninstall                   ${description(subcommands['uninstall'])}`, `  wrapper                     ${description(subcommands['wrapper'])}`);
+    lines.push('Note: All commands have their own --help', '', 'Main commands', `  socket login                ${description(subcommands['login'])}`, `  socket scan create          Create a new Socket scan and report`, `  socket npm/lodash@4.17.21   Request the Socket score of a package`, `  socket ci                   ${description(subcommands['ci'])}`, ``, 'Socket API', `  analytics                   ${description(subcommands['analytics'])}`, `  audit-log                   ${description(subcommands['audit-log'])}`, `  organization                ${description(subcommands['organization'])}`, `  package                     ${description(subcommands['package'])}`, `  repository                  ${description(subcommands['repository'])}`, `  scan                        ${description(subcommands['scan'])}`, `  threat-feed                 ${description(subcommands['threat-feed'])}`, ``, 'Local tools', `  fix                         ${description(subcommands['fix'])}`, `  manifest                    ${description(subcommands['manifest'])}`, `  npm                         ${description(subcommands[constants.NPM])}`, `  npx                         ${description(subcommands[constants.NPX])}`, `  optimize                    ${description(subcommands['optimize'])}`, `  raw-npm                     ${description(subcommands['raw-npm'])}`, `  raw-npx                     ${description(subcommands['raw-npx'])}`, '', 'CLI configuration', `  config                      ${description(subcommands['config'])}`, `  install                     ${description(subcommands['install'])}`, `  login                       Socket API login and CLI setup`, `  logout                      ${description(subcommands['logout'])}`, `  uninstall                   ${description(subcommands['uninstall'])}`, `  wrapper                     ${description(subcommands['wrapper'])}`);
   } else {
     lines.push('Commands');
     lines.push(`  ${getHelpListOutput({
@@ -1241,7 +1241,7 @@ async function meowWithSubcommands(subcommands, options) {
   }
   if (!cli2.flags['help'] && cli2.flags['dryRun']) {
     process.exitCode = 0;
-    logger.logger.log(`${constants.DRY_RUN_LABEL}: No-op, call a sub-command; ok`);
+    logger.logger.log(`${constants.default.DRY_RUN_LABEL}: No-op, call a sub-command; ok`);
   } else {
     // When you explicitly request --help, the command should be successful
     // so we exit(0). If we do it because we need more input, we exit(2).
@@ -1349,9 +1349,9 @@ function getAsciiHeader(command, orgFlag) {
   // Note: In tests we return <redacted> because otherwise snapshots will fail.
   const {
     REDACTED
-  } = constants;
-  const redacting = constants.ENV.VITEST;
-  const cliVersion = redacting ? REDACTED : constants.ENV.INLINED_SOCKET_CLI_VERSION_HASH;
+  } = constants.default;
+  const redacting = constants.default.ENV.VITEST;
+  const cliVersion = redacting ? REDACTED : constants.default.ENV.INLINED_SOCKET_CLI_VERSION_HASH;
   const nodeVersion = redacting ? REDACTED : process.version;
   const defaultOrg = getConfigValueOrUndef('defaultOrg');
   const readOnlyConfig = isReadOnlyConfig() ? '*' : '.';
@@ -1542,7 +1542,7 @@ async function getDefaultOrgSlug() {
       data: defaultOrgResult
     };
   }
-  const envOrgSlug = constants.ENV.SOCKET_CLI_ORG_SLUG;
+  const envOrgSlug = constants.default.ENV.SOCKET_CLI_ORG_SLUG;
   if (envOrgSlug) {
     require$$9.debugFn('notice', 'use: org from SOCKET_CLI_ORG_SLUG environment variable', envOrgSlug);
     return {
@@ -1598,7 +1598,7 @@ async function getBaseBranch(cwd = process.cwd()) {
     GITHUB_BASE_REF,
     GITHUB_REF_NAME,
     GITHUB_REF_TYPE
-  } = constants.ENV;
+  } = constants.default.ENV;
   // 1. In a pull request, this is always the base branch.
   if (GITHUB_BASE_REF) {
     return GITHUB_BASE_REF;
@@ -1647,7 +1647,7 @@ async function getRepoInfo(cwd = process.cwd()) {
 }
 async function getRepoName(cwd = process.cwd()) {
   const repoInfo = await getRepoInfo(cwd);
-  return repoInfo?.repo ?? constants.SOCKET_DEFAULT_REPOSITORY;
+  return repoInfo?.repo ?? constants.default.SOCKET_DEFAULT_REPOSITORY;
 }
 async function gitBranch(cwd = process.cwd()) {
   const stdioPipeOptions = {
@@ -1711,7 +1711,7 @@ async function detectDefaultBranch(cwd = process.cwd()) {
       return branch;
     }
   }
-  return constants.SOCKET_DEFAULT_BRANCH;
+  return constants.default.SOCKET_DEFAULT_BRANCH;
 }
 async function gitCleanFdx(cwd = process.cwd()) {
   const stdioIgnoreOptions = {
@@ -1798,8 +1798,8 @@ async function gitCommit(commitMsg, filepaths, options) {
   }
   const {
     cwd = process.cwd(),
-    email = constants.ENV.SOCKET_CLI_GIT_USER_EMAIL,
-    user = constants.ENV.SOCKET_CLI_GIT_USER_NAME
+    email = constants.default.ENV.SOCKET_CLI_GIT_USER_EMAIL,
+    user = constants.default.ENV.SOCKET_CLI_GIT_USER_NAME
   } = {
     __proto__: null,
     ...options
@@ -2038,8 +2038,22 @@ function parseGitRemoteUrl(remoteUrl) {
   } : result;
 }
-function getPurlObject(purl) {
-  return typeof purl === 'string' ? vendor.packageurlJsExports.PackageURL.fromString(purl) : purl;
+function getPurlObject(purl, options) {
+  const {
+    throws
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const shouldThrow = throws === undefined || !!throws;
+  try {
+    return typeof purl === 'string' ? vendor.packageurlJsExports.PackageURL.fromString(purl) : purl;
+  } catch (e) {
+    if (shouldThrow) {
+      throw e;
+    }
+    return null;
+  }
 }
 function getPkgFullNameFromPurl(purl) {
@@ -2056,7 +2070,7 @@ function getSocketDevPackageOverviewUrlFromPurl(purl) {
   return getSocketDevPackageOverviewUrl(purlObj.type, fullName, purlObj.version);
 }
 function getSocketDevPackageOverviewUrl(ecosystem, fullName, version) {
-  const url = `${constants.SOCKET_WEBSITE_URL}/${ecosystem}/package/${fullName}`;
+  const url = `${constants.default.SOCKET_WEBSITE_URL}/${ecosystem}/package/${fullName}`;
   return ecosystem === 'golang' ? `${url}${version ? `?section=overview&version=${version}` : ''}` : `${url}${version ? `/overview/${version}` : ''}`;
 }
@@ -2099,7 +2113,7 @@ const IGNORED_DIRS = [
 // Where Bower packages are installed, see <http://bower.io/>
 'coverage',
 // Standard output directory for code coverage reports, see <https://github.com/gotwarlost/istanbul>
-'node_modules',
+constants.NODE_MODULES,
 // Where Node modules are installed, see <https://nodejs.org/>
 // Taken from globby:
 // https://github.com/sindresorhus/globby/blob/v14.0.2/ignore.js#L11-L16
@@ -2107,7 +2121,7 @@ const IGNORED_DIRS = [
 const IGNORED_DIR_PATTERNS = IGNORED_DIRS.map(i => `**/${i}`);
 async function getWorkspaceGlobs(agent, cwd = process.cwd()) {
   let workspacePatterns;
-  if (agent === 'pnpm') {
+  if (agent === constants.PNPM) {
     for (const workspacePath of [path.join(cwd, 'pnpm-workspace.yaml'), path.join(cwd, 'pnpm-workspace.yml')]) {
       // eslint-disable-next-line no-await-in-loop
       const yml = await fs.safeReadFile(workspacePath);
@@ -2289,7 +2303,7 @@ function findBinPathDetailsSync(binName) {
   }) ?? [];
   const {
     shadowBinPath
-  } = constants;
+  } = constants.default;
   let shadowIndex = -1;
   let theBinPath;
   for (let i = 0, {
@@ -2313,10 +2327,10 @@ function findBinPathDetailsSync(binName) {
 function findNpmDirPathSync(npmBinPath) {
   const {
     WIN32
-  } = constants;
+  } = constants.default;
   let thePath = npmBinPath;
   while (true) {
-    const libNmNpmPath = path.join(thePath, 'lib/node_modules/npm');
+    const libNmNpmPath = path.join(thePath, `lib/${constants.NODE_MODULES}/${constants.NPM}`);
     // mise, which uses opaque binaries, puts its npm bin in a path like:
     //   /Users/SomeUsername/.local/share/mise/installs/node/vX.X.X/bin/npm.
     // HOWEVER, the location of the npm install is:
@@ -2328,8 +2342,8 @@ function findNpmDirPathSync(npmBinPath) {
     fs.isDirSync(libNmNpmPath)) {
       thePath = libNmNpmPath;
     }
-    const hasNmInCurrPath = fs.isDirSync(path.join(thePath, 'node_modules'));
-    const hasNmInParentPath = !hasNmInCurrPath && fs.isDirSync(path.join(thePath, '../node_modules'));
+    const hasNmInCurrPath = fs.isDirSync(path.join(thePath, constants.NODE_MODULES));
+    const hasNmInParentPath = !hasNmInCurrPath && fs.isDirSync(path.join(thePath, `../${constants.NODE_MODULES}`));
     if (
     // npm bin paths may look like:
     //   /usr/local/share/npm/bin/npm
@@ -2345,9 +2359,9 @@ function findNpmDirPathSync(npmBinPath) {
     // In some bespoke cases the node_modules folder is in the parent directory.
     hasNmInParentPath) && (
     // Optimistically look for the default location.
-    path.basename(thePath) === 'npm' ||
+    path.basename(thePath) === constants.NPM ||
     // Chocolatey installs npm bins in the same directory as node bins.
-    WIN32 && fs$1.existsSync(path.join(thePath, 'npm.cmd')))) {
+    WIN32 && fs$1.existsSync(path.join(thePath, `${constants.NPM}.cmd`)))) {
       return hasNmInParentPath ? path.dirname(thePath) : thePath;
     }
     const parent = path.dirname(thePath);
@@ -2384,7 +2398,7 @@ function getNpmBinPath() {
   if (_npmBinPath === undefined) {
     _npmBinPath = getNpmBinPathDetails().path;
     if (!_npmBinPath) {
-      exitWithBinPathError('npm');
+      exitWithBinPathError(constants.NPM);
     }
   }
   return _npmBinPath;
@@ -2392,7 +2406,7 @@ function getNpmBinPath() {
 let _npmBinPathDetails;
 function getNpmBinPathDetails() {
   if (_npmBinPathDetails === undefined) {
-    _npmBinPathDetails = findBinPathDetailsSync('npm');
+    _npmBinPathDetails = findBinPathDetailsSync(constants.NPM);
   }
   return _npmBinPathDetails;
 }
@@ -2402,7 +2416,7 @@ function getNpmDirPath() {
     const npmBinPath = getNpmBinPath();
     _npmDirPath = npmBinPath ? findNpmDirPathSync(npmBinPath) : undefined;
     if (!_npmDirPath) {
-      _npmDirPath = constants.ENV.SOCKET_CLI_NPM_PATH || undefined;
+      _npmDirPath = constants.default.ENV.SOCKET_CLI_NPM_PATH || undefined;
     }
     if (!_npmDirPath) {
       let message = 'Unable to find npm CLI install directory.';
@@ -2410,7 +2424,7 @@ function getNpmDirPath() {
         message += `\nSearched parent directories of ${path.dirname(npmBinPath)}.`;
       }
       message += '\n\nThis is may be a bug with socket-npm related to changes to the npm CLI.';
-      message += `\nPlease report to ${constants.SOCKET_CLI_ISSUES_URL}.`;
+      message += `\nPlease report to ${constants.default.SOCKET_CLI_ISSUES_URL}.`;
       logger.logger.fail(message);
       // The exit code 127 indicates that the command or binary being executed
       // could not be found.
@@ -2424,7 +2438,7 @@ let _npmRequire;
 function getNpmRequire() {
   if (_npmRequire === undefined) {
     const npmDirPath = getNpmDirPath();
-    const npmNmPath = path.join(npmDirPath, 'node_modules/npm');
+    const npmNmPath = path.join(npmDirPath, `${constants.NODE_MODULES}/npm`);
     _npmRequire = Module.createRequire(path.join(fs$1.existsSync(npmNmPath) ? npmNmPath : npmDirPath, '<dummy-basename>'));
   }
   return _npmRequire;
@@ -2495,7 +2509,7 @@ async function findUp(name, options) {
   };
   const {
     cwd = process.cwd(),
-    signal = constants.abortSignal
+    signal = constants.default.abortSignal
   } = opts;
   let {
     onlyDirectories = false,
@@ -2551,7 +2565,7 @@ async function spawnCoana(args, orgSlug, options, extra) {
     ...options
   };
   const mixinsEnv = {
-    SOCKET_CLI_VERSION: constants.ENV.INLINED_SOCKET_CLI_VERSION
+    SOCKET_CLI_VERSION: constants.default.ENV.INLINED_SOCKET_CLI_VERSION
   };
   const defaultApiToken = getDefaultApiToken();
   if (defaultApiToken) {
@@ -2568,16 +2582,18 @@ async function spawnCoana(args, orgSlug, options, extra) {
   try {
     const {
       spawnPromise
-    } = await shadowNpmBin('npx', ['--yes', `@coana-tech/cli@~${constants.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}`, ...args], {
+    } = await shadowNpmBin('npx', ['--yes', `@coana-tech/cli@~${constants.default.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}`, ...args], {
       ...spawnOpts,
       env: {
+        ...process.env,
+        ...constants.default.processEnv,
         ...mixinsEnv,
         ...spawnEnv
       },
       ipc: {
-        [constants.SOCKET_CLI_SHADOW_ACCEPT_RISKS]: true,
-        [constants.SOCKET_CLI_SHADOW_API_TOKEN]: constants.SOCKET_PUBLIC_API_TOKEN,
-        [constants.SOCKET_CLI_SHADOW_SILENT]: true,
+        [constants.default.SOCKET_CLI_SHADOW_ACCEPT_RISKS]: true,
+        [constants.default.SOCKET_CLI_SHADOW_API_TOKEN]: constants.default.SOCKET_PUBLIC_API_TOKEN,
+        [constants.default.SOCKET_CLI_SHADOW_SILENT]: true,
         ...ipc
       }
     }, extra);
@@ -2719,7 +2735,7 @@ async function writeSocketJson(cwd, sockJson) {
 async function readCache(key,
 // 5 minute in milliseconds time to live (TTL).
 ttlMs = 5 * 60 * 1000) {
-  const cacheJsonPath = path.join(constants.githubCachePath, `${key}.json`);
+  const cacheJsonPath = path.join(constants.default.githubCachePath, `${key}.json`);
   const stat = fs.safeStatsSync(cacheJsonPath);
   if (stat) {
     const isExpired = Date.now() - stat.mtimeMs > ttlMs;
@@ -2732,7 +2748,7 @@ ttlMs = 5 * 60 * 1000) {
 async function writeCache(key, data) {
   const {
     githubCachePath
-  } = constants;
+  } = constants.default;
   const cacheJsonPath = path.join(githubCachePath, `${key}.json`);
   if (!fs$1.existsSync(githubCachePath)) {
     await fs$1.promises.mkdir(githubCachePath, {
@@ -2743,7 +2759,7 @@ async function writeCache(key, data) {
 }
 async function cacheFetch(key, fetcher, ttlMs) {
   // Optionally disable cache.
-  if (constants.ENV.DISABLE_GITHUB_CACHE) {
+  if (constants.default.ENV.DISABLE_GITHUB_CACHE) {
     return await fetcher();
   }
   let data = await readCache(key, ttlMs);
@@ -2804,13 +2820,13 @@ function getOctokit() {
   if (_octokit === undefined) {
     const {
       SOCKET_CLI_GITHUB_TOKEN
-    } = constants.ENV;
+    } = constants.default.ENV;
     if (!SOCKET_CLI_GITHUB_TOKEN) {
       require$$9.debugFn('notice', 'miss: SOCKET_CLI_GITHUB_TOKEN env var');
     }
     const octokitOptions = {
       auth: SOCKET_CLI_GITHUB_TOKEN,
-      baseUrl: constants.ENV.GITHUB_API_URL
+      baseUrl: constants.default.ENV.GITHUB_API_URL
     };
     require$$9.debugDir('inspect', {
       octokitOptions
@@ -2824,7 +2840,7 @@ function getOctokitGraphql() {
   if (!_octokitGraphql) {
     const {
       SOCKET_CLI_GITHUB_TOKEN
-    } = constants.ENV;
+    } = constants.default.ENV;
     if (!SOCKET_CLI_GITHUB_TOKEN) {
       require$$9.debugFn('notice', 'miss: SOCKET_CLI_GITHUB_TOKEN env var');
     }
@@ -2878,7 +2894,7 @@ async function enablePrAutoMerge({
 async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()) {
   const {
     host
-  } = new URL(constants.ENV.GITHUB_SERVER_URL);
+  } = new URL(constants.default.ENV.GITHUB_SERVER_URL);
   const url = `https://x-access-token:${token}@${host}/${owner}/${repo}`;
   const stdioIgnoreOptions = {
     cwd,
@@ -2910,7 +2926,7 @@ function getMajor(version) {
 const COMPLETION_CMD_PREFIX = 'complete -F _socket_completion';
 function getCompletionSourcingCommand() {
   // Note: this is exported to distPath in .config/rollup.dist.config.mjs
-  const completionScriptExportPath = path.join(constants.distPath, 'socket-completion.bash');
+  const completionScriptExportPath = path.join(constants.default.distPath, 'socket-completion.bash');
   if (!fs$1.existsSync(completionScriptExportPath)) {
     return {
       ok: false,
@@ -2930,7 +2946,7 @@ function getBashrcDetails(targetCommandName) {
   }
   const {
     socketAppDataPath
-  } = constants;
+  } = constants.default;
   if (!socketAppDataPath) {
     return {
       ok: false,
@@ -2969,7 +2985,7 @@ const {
   [kInternalsSymbol]: {
     getSentry
   }
-} = constants;
+} = constants.default;
 class AuthError extends Error {}
 class InputError extends Error {
   constructor(message, body) {
@@ -3033,7 +3049,7 @@ function shadowNpmInstall(options) {
   } else {
     stdio = useIpc ? ['pipe', 'pipe', 'pipe', 'ipc'] : 'pipe';
   }
-  const spawnPromise = spawn.spawn(constants.execPath, [...constants.nodeNoWarningsFlags, ...constants.nodeDebugFlags, ...constants.nodeHardenFlags, ...constants.nodeMemoryFlags, ...(constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ? ['--require', constants.instrumentWithSentryPath] : []), '--require', constants.shadowNpmInjectPath, npm.resolveBinPathSync(agentExecPath), 'install',
+  const spawnPromise = spawn.spawn(constants.default.execPath, [...constants.default.nodeNoWarningsFlags, ...constants.default.nodeDebugFlags, ...constants.default.nodeHardenFlags, ...constants.default.nodeMemoryFlags, ...(constants.default.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ? ['--require', constants.default.instrumentWithSentryPath] : []), '--require', constants.default.shadowNpmInjectPath, npm.resolveBinPathSync(agentExecPath), 'install',
   // Avoid code paths for 'audit' and 'fund'.
   '--no-audit', '--no-fund',
   // Add '--no-progress' to fix input being swallowed by the npm spinner.
@@ -3044,7 +3060,7 @@ function shadowNpmInstall(options) {
     ...spawnOpts,
     env: {
       ...process.env,
-      ...constants.processEnv,
+      ...constants.default.processEnv,
       ...require$$11.getOwn(spawnOpts, 'env')
     },
     spinner,
@@ -3052,9 +3068,9 @@ function shadowNpmInstall(options) {
   });
   if (useIpc) {
     spawnPromise.process.send({
-      [constants.SOCKET_IPC_HANDSHAKE]: {
-        [constants.SOCKET_CLI_SHADOW_BIN]: 'npm',
-        [constants.SOCKET_CLI_SHADOW_PROGRESS]: progressArg,
+      [constants.default.SOCKET_IPC_HANDSHAKE]: {
+        [constants.default.SOCKET_CLI_SHADOW_BIN]: constants.NPM,
+        [constants.default.SOCKET_CLI_SHADOW_PROGRESS]: progressArg,
         ...ipc
       }
     });
@@ -3067,8 +3083,8 @@ function runAgentInstall(pkgEnvDetails, options) {
     agent,
     agentExecPath
   } = pkgEnvDetails;
-  const isNpm = agent === 'npm';
-  const isPnpm = agent === 'pnpm';
+  const isNpm = agent === constants.NPM;
+  const isPnpm = agent === constants.PNPM;
   // All package managers support the "install" command.
   if (isNpm) {
     return shadowNpmInstall({
@@ -3086,24 +3102,25 @@ function runAgentInstall(pkgEnvDetails, options) {
   };
   const skipNodeHardenFlags = isPnpm && pkgEnvDetails.agentVersion.major < 11;
   return spawn.spawn(agentExecPath, ['install', ...args], {
-    shell: constants.WIN32,
+    shell: constants.default.WIN32,
     spinner,
     stdio: 'inherit',
     ...spawnOpts,
     env: {
       ...process.env,
-      ...constants.processEnv,
-      NODE_OPTIONS: cmdFlagsToString([...(skipNodeHardenFlags ? [] : constants.nodeHardenFlags), ...constants.nodeNoWarningsFlags]),
+      ...constants.default.processEnv,
+      NODE_OPTIONS: cmdFlagsToString([...(skipNodeHardenFlags ? [] : constants.default.nodeHardenFlags), ...constants.default.nodeNoWarningsFlags]),
       ...require$$11.getOwn(spawnOpts, 'env')
     }
   });
 }
 const {
-  BINARY_LOCK_EXT,
   BUN,
+  EXT_LOCK,
+  EXT_LOCKB,
   HIDDEN_PACKAGE_LOCK_JSON,
-  LOCK_EXT,
+  NODE_MODULES,
   NPM,
   NPM_BUGGY_OVERRIDES_PATCHED_VERSION,
   PACKAGE_JSON,
@@ -3112,7 +3129,7 @@ const {
   YARN,
   YARN_BERRY,
   YARN_CLASSIC
-} = constants;
+} = constants.default;
 const AGENTS = [BUN, NPM, PNPM, YARN_BERRY, YARN_CLASSIC, VLT];
 const binByAgent = new Map([[BUN, BUN], [NPM, NPM], [PNPM, PNPM], [YARN_BERRY, YARN], [YARN_CLASSIC, YARN], [VLT, VLT]]);
 const readLockFileByAgent = (() => {
@@ -3128,10 +3145,10 @@ const readLockFileByAgent = (() => {
   const defaultReader = wrapReader(async lockPath => await fs.readFileUtf8(lockPath));
   return new Map([[BUN, wrapReader(async (lockPath, agentExecPath, cwd = process.cwd()) => {
     const ext = path.extname(lockPath);
-    if (ext === LOCK_EXT) {
+    if (ext === EXT_LOCK) {
       return await defaultReader(lockPath);
     }
-    if (ext === BINARY_LOCK_EXT) {
+    if (ext === EXT_LOCKB) {
       const lockBuffer = await binaryReader(lockPath);
       if (lockBuffer) {
         try {
@@ -3143,7 +3160,7 @@ const readLockFileByAgent = (() => {
       // https://bun.sh/guides/install/yarnlock
       return (await spawn.spawn(agentExecPath, [lockPath], {
         cwd,
-        shell: constants.WIN32
+        shell: constants.default.WIN32
       })).stdout;
     }
     return undefined;
@@ -3152,8 +3169,8 @@ const readLockFileByAgent = (() => {
 // The order of LOCKS properties IS significant as it affects iteration order.
 const LOCKS = {
-  [`bun${LOCK_EXT}`]: BUN,
-  [`bun${BINARY_LOCK_EXT}`]: BUN,
+  [`bun${EXT_LOCK}`]: BUN,
+  [`bun${EXT_LOCKB}`]: BUN,
   // If both package-lock.json and npm-shrinkwrap.json are present in the root
   // of a project, npm-shrinkwrap.json will take precedence and package-lock.json
   // will be ignored.
@@ -3162,19 +3179,19 @@ const LOCKS = {
   'package-lock.json': NPM,
   'pnpm-lock.yaml': PNPM,
   'pnpm-lock.yml': PNPM,
-  [`yarn${LOCK_EXT}`]: YARN_CLASSIC,
+  [`yarn${EXT_LOCK}`]: YARN_CLASSIC,
   'vlt-lock.json': VLT,
   // Lastly, look for a hidden lock file which is present if .npmrc has package-lock=false:
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#hidden-lockfiles
   //
   // Unlike the other LOCKS keys this key contains a directory AND filename so
   // it has to be handled differently.
-  'node_modules/.package-lock.json': NPM
+  [`${NODE_MODULES}/.package-lock.json`]: NPM
 };
 async function getAgentExecPath(agent) {
   const binName = binByAgent.get(agent);
   if (binName === NPM) {
-    return constants.npmExecPath;
+    return constants.default.npmExecPath;
   }
   return (await vendor.libExports$1(binName, {
     nothrow: true
@@ -3193,7 +3210,7 @@ async function getAgentVersion(agent, agentExecPath, cwd) {
     // All package managers support the "--version" flag.
     (await spawn.spawn(agentExecPath, ['--version'], {
       cwd,
-      shell: constants.WIN32
+      shell: constants.default.WIN32
     })).stdout) ?? undefined;
   } catch (e) {
     require$$9.debugFn('error', `caught: ${quotedCmd} failed`);
@@ -3249,8 +3266,8 @@ async function detectPackageEnvironment({
   }
   const {
     maintainedNodeVersions
-  } = constants;
-  const minSupportedAgentVersion = constants.minimumVersionByAgent.get(agent);
+  } = constants.default;
+  const minSupportedAgentVersion = constants.default.minimumVersionByAgent.get(agent);
   const minSupportedNodeMajor = vendor.semverExports.major(maintainedNodeVersions.last);
   const minSupportedNodeVersion = `${minSupportedNodeMajor}.0.0`;
   const minSupportedNodeRange = `>=${minSupportedNodeMajor}`;
@@ -3360,7 +3377,7 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
   } = details;
   const agentVersion = details.agentVersion ?? 'unknown';
   if (!details.agentSupported) {
-    const minVersion = constants.minimumVersionByAgent.get(agent);
+    const minVersion = constants.default.minimumVersionByAgent.get(agent);
     return {
       ok: false,
       message: 'Version mismatch',
@@ -3368,7 +3385,7 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
     };
   }
   if (!details.nodeSupported) {
-    const minVersion = constants.maintainedNodeVersions.last;
+    const minVersion = constants.default.maintainedNodeVersions.last;
     return {
       ok: false,
       message: 'Version mismatch',
@@ -3420,7 +3437,7 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
   }
   if (details.lockPath && path.relative(cwd, details.lockPath).startsWith('.')) {
     // Note: In tests we return <redacted> because otherwise snapshots will fail.
-    logger?.warn(cmdPrefixMessage(cmdName, `Package ${lockName} found at ${constants.ENV.VITEST ? constants.REDACTED : details.lockPath}`));
+    logger?.warn(cmdPrefixMessage(cmdName, `Package ${lockName} found at ${constants.default.ENV.VITEST ? constants.default.REDACTED : details.lockPath}`));
   }
   return {
     ok: true,
@@ -3428,7 +3445,7 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
   };
 }
-const ALL_ECOSYSTEMS = ['apk', 'bitbucket', 'cargo', 'chrome', 'cocoapods', 'composer', 'conan', 'conda', 'cran', 'deb', 'docker', 'gem', 'generic', 'github', 'golang', 'hackage', 'hex', 'huggingface', 'maven', 'mlflow', 'npm', 'nuget', 'oci', 'pub', 'pypi', 'qpkg', 'rpm', 'swift', 'swid', 'unknown'];
+const ALL_ECOSYSTEMS = ['apk', 'bitbucket', 'cargo', 'chrome', 'cocoapods', 'composer', 'conan', 'conda', 'cran', 'deb', 'docker', 'gem', 'generic', 'github', 'golang', 'hackage', 'hex', 'huggingface', 'maven', 'mlflow', constants.NPM, 'nuget', 'oci', 'pub', 'pypi', 'qpkg', 'rpm', 'swift', 'swid', 'unknown'];
 new Set(ALL_ECOSYSTEMS);
 function getEcosystemChoicesForMeow() {
   return [...ALL_ECOSYSTEMS];
@@ -3438,7 +3455,7 @@ function isArtifactAlertCve(alert) {
   const {
     type
   } = alert;
-  return type === constants.ALERT_TYPE_CVE || type === constants.ALERT_TYPE_MEDIUM_CVE || type === constants.ALERT_TYPE_MILD_CVE || type === constants.ALERT_TYPE_CRITICAL_CVE;
+  return type === constants.default.ALERT_TYPE_CVE || type === constants.default.ALERT_TYPE_MEDIUM_CVE || type === constants.default.ALERT_TYPE_MILD_CVE || type === constants.default.ALERT_TYPE_CRITICAL_CVE;
 }
 function createEnum(obj) {
@@ -3515,7 +3532,7 @@ const require$1 = Module.createRequire(require('node:url').pathToFileURL(__filen
 let _translations;
 function getTranslations() {
   if (_translations === undefined) {
-    _translations = /*@__PURE__*/require$1(path.join(constants.rootPath, 'translations.json'));
+    _translations = /*@__PURE__*/require$1(path.join(constants.default.rootPath, 'translations.json'));
   }
   return _translations;
 }
@@ -3865,7 +3882,7 @@ function logAlertsMap(alertsMap, options) {
 }
 function idToNpmPurl(id) {
-  return `pkg:npm/${id}`;
+  return `pkg:${constants.NPM}/${id}`;
 }
 async function getAlertsMapFromPurls(purls, options) {
@@ -4000,6 +4017,7 @@ exports.getOrgSlugs = getOrgSlugs;
 exports.getOutputKind = getOutputKind;
 exports.getPackageFilesForScan = getPackageFilesForScan;
 exports.getPublicApiToken = getPublicApiToken;
+exports.getPurlObject = getPurlObject;
 exports.getRepoInfo = getRepoInfo;
 exports.getRepoName = getRepoName;
 exports.getSocketDevPackageOverviewUrlFromPurl = getSocketDevPackageOverviewUrlFromPurl;
@@ -4053,5 +4071,5 @@ exports.toFilterConfig = toFilterConfig;
 exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=c9a337ab-9c3d-4d21-a5a6-ef5d89be0e38
+//# debugId=7cff9fde-d98e-4cf5-94ca-db24c760fc8e
 //# sourceMappingURL=utils.js.map