@socketsecurity/cli-with-sentry 1.1.3 → 1.1.5

package/dist/utils.js

@@ -5,13 +5,13 @@ var logger = require('../external/@socketsecurity/registry/lib/logger');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
 var require$$9 = require('../external/@socketsecurity/registry/lib/debug');
 var require$$11 = require('../external/@socketsecurity/registry/lib/objects');
+var constants = require('./constants.js');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
 var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var sorts = require('../external/@socketsecurity/registry/lib/sorts');
 var words = require('../external/@socketsecurity/registry/lib/words');
 var Module = require('node:module');
 var path = require('node:path');
-var constants = require('./constants.js');
 var flags = require('./flags.js');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var prompts = require('../external/@socketsecurity/registry/lib/prompts');
@@ -36,7 +36,7 @@ function getConfigValues() {
     _cachedConfig = {};
     const {
       socketAppDataPath
-    } = constants;
+    } = constants.default;
     if (socketAppDataPath) {
       const raw = fs.safeReadFileSync(socketAppDataPath);
       if (raw) {
@@ -130,7 +130,10 @@ function getConfigValueOrUndef(key) {
 
 // Ensure export because dist/utils.js is required in src/constants.mts.
 // eslint-disable-next-line n/exports-style
-exports.getConfigValueOrUndef = getConfigValueOrUndef;
+if (typeof exports === 'object' && exports !== null) {
+  // eslint-disable-next-line n/exports-style
+  exports.getConfigValueOrUndef = getConfigValueOrUndef;
+}
 function getSupportedConfigEntries() {
   return [...supportedConfigEntries];
 }
@@ -238,7 +241,7 @@ function updateConfigValue(configKey, value) {
       _pendingSave = false;
       const {
         socketAppDataPath
-      } = constants;
+      } = constants.default;
       if (socketAppDataPath) {
         fs$1.writeFileSync(socketAppDataPath, Buffer.from(JSON.stringify(localConfig)).toString('base64'));
       }
@@ -257,13 +260,13 @@ const TOKEN_VISIBLE_LENGTH = 5;
 
 // The Socket API server that should be used for operations.
 function getDefaultApiBaseUrl$1() {
-  const baseUrl = constants.ENV.SOCKET_CLI_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
+  const baseUrl = constants.default.ENV.SOCKET_CLI_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
   return isUrl(baseUrl) ? baseUrl : undefined;
 }
 
 // The Socket API server that should be used for operations.
 function getDefaultProxyUrl() {
-  const apiProxy = constants.ENV.SOCKET_CLI_API_PROXY || getConfigValueOrUndef('apiProxy');
+  const apiProxy = constants.default.ENV.SOCKET_CLI_API_PROXY || getConfigValueOrUndef('apiProxy');
   return isUrl(apiProxy) ? apiProxy : undefined;
 }
 function isUrl(value) {
@@ -280,16 +283,16 @@ function isUrl(value) {
 // This Socket API token should be stored globally for the duration of the CLI execution.
 let _defaultToken;
 function getDefaultApiToken() {
-  if (constants.ENV.SOCKET_CLI_NO_API_TOKEN) {
+  if (constants.default.ENV.SOCKET_CLI_NO_API_TOKEN) {
     _defaultToken = undefined;
     return _defaultToken;
   }
-  const key = constants.ENV.SOCKET_CLI_API_TOKEN || getConfigValueOrUndef('apiToken') || _defaultToken;
+  const key = constants.default.ENV.SOCKET_CLI_API_TOKEN || getConfigValueOrUndef('apiToken') || _defaultToken;
   _defaultToken = strings.isNonEmptyString(key) ? key : undefined;
   return _defaultToken;
 }
 function getPublicApiToken() {
-  return getDefaultApiToken() || constants.ENV.SOCKET_CLI_API_TOKEN || constants.SOCKET_PUBLIC_API_TOKEN;
+  return getDefaultApiToken() || constants.default.ENV.SOCKET_CLI_API_TOKEN || constants.default.SOCKET_PUBLIC_API_TOKEN;
 }
 function getVisibleTokenPrefix() {
   const apiToken = getDefaultApiToken();
@@ -336,11 +339,11 @@ async function setupSdk(options) {
         proxy: apiProxy
       }) : undefined,
       baseUrl: apiBaseUrl,
-      timeout: constants.ENV.SOCKET_CLI_API_TIMEOUT,
+      timeout: constants.default.ENV.SOCKET_CLI_API_TIMEOUT,
       userAgent: vendor.distExports.createUserAgentFromPkgJson({
-        name: constants.ENV.INLINED_SOCKET_CLI_NAME,
-        version: constants.ENV.INLINED_SOCKET_CLI_VERSION,
-        homepage: constants.ENV.INLINED_SOCKET_CLI_HOMEPAGE
+        name: constants.default.ENV.INLINED_SOCKET_CLI_NAME,
+        version: constants.default.ENV.INLINED_SOCKET_CLI_VERSION,
+        homepage: constants.default.ENV.INLINED_SOCKET_CLI_HOMEPAGE
       })
     })
   };
@@ -350,11 +353,11 @@ const NO_ERROR_MESSAGE = 'No error message returned';
 
 // The Socket API server that should be used for operations.
 function getDefaultApiBaseUrl() {
-  const baseUrl = constants.ENV.SOCKET_CLI_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
+  const baseUrl = constants.default.ENV.SOCKET_CLI_API_BASE_URL || getConfigValueOrUndef('apiBaseUrl');
   if (strings.isNonEmptyString(baseUrl)) {
     return baseUrl;
   }
-  const API_V0_URL = constants.API_V0_URL;
+  const API_V0_URL = constants.default.API_V0_URL;
   return API_V0_URL;
 }
 async function getErrorMessageForHttpStatusCode(code) {
@@ -374,14 +377,14 @@ async function getErrorMessageForHttpStatusCode(code) {
 }
 async function handleApiCall(value, options) {
   const {
-    desc,
+    description,
     spinner
   } = {
     __proto__: null,
     ...options
   };
-  if (desc) {
-    spinner?.start(`Requesting ${desc} from API...`);
+  if (description) {
+    spinner?.start(`Requesting ${description} from API...`);
   } else {
     spinner?.start();
   }
@@ -389,8 +392,8 @@ async function handleApiCall(value, options) {
   try {
     sdkResult = await value;
     spinner?.stop();
-    if (desc) {
-      const message = `Received Socket API response (after requesting ${desc}).`;
+    if (description) {
+      const message = `Received Socket API response (after requesting ${description}).`;
       if (sdkResult.success) {
         logger.logger.success(message);
       } else {
@@ -404,9 +407,9 @@ async function handleApiCall(value, options) {
       message: 'Socket API returned an error',
       cause: vendor.messageWithCauses(e)
     };
-    if (desc) {
-      logger.logger.fail(`An error was thrown while requesting ${desc}`);
-      require$$9.debugFn('error', `caught: ${desc} error`);
+    if (description) {
+      logger.logger.fail(`An error was thrown while requesting ${description}`);
+      require$$9.debugFn('error', `caught: ${description} error`);
     } else {
       require$$9.debugFn('error', `caught: Socket API request error`);
     }
@@ -419,23 +422,23 @@ async function handleApiCall(value, options) {
 
   // Note: TS can't narrow down the type of result due to generics.
   if (sdkResult.success === false) {
-    const errorResult = sdkResult;
-    const message = `${errorResult.error || NO_ERROR_MESSAGE}`;
-    const {
-      cause: reason
-    } = errorResult;
+    require$$9.debugFn('error', `fail:${description ? ` ${description}` : ''} bad response`);
+    require$$9.debugDir('inspect', {
+      sdkResult
+    });
+    const errCResult = sdkResult;
+    const errStr = errCResult.error ? String(errCResult.error).trim() : '';
+    const message = errStr || NO_ERROR_MESSAGE;
+    const reason = errCResult.cause || NO_ERROR_MESSAGE;
+    const cause = reason && message !== reason ? `${message} (reason: ${reason})` : message;
     const socketSdkErrorResult = {
       ok: false,
       message: 'Socket API returned an error',
-      cause: `${message}${reason ? ` ( Reason: ${reason} )` : ''}`,
+      cause,
       data: {
         code: sdkResult.status
       }
     };
-    require$$9.debugFn('error', `fail:${desc ? ` ${desc}` : ''} bad response`);
-    require$$9.debugDir('inspect', {
-      sdkResult
-    });
     return socketSdkErrorResult;
   }
   const socketSdkSuccessResult = {
@@ -445,44 +448,47 @@ async function handleApiCall(value, options) {
   return socketSdkSuccessResult;
 }
 async function handleApiCallNoSpinner(value, description) {
-  let result;
+  let sdkResult;
   try {
-    result = await value;
+    sdkResult = await value;
   } catch (e) {
-    const message = `${e || NO_ERROR_MESSAGE}`;
-    const reason = `${e || NO_ERROR_MESSAGE}`;
     require$$9.debugFn('error', `caught: ${description} error`);
     require$$9.debugDir('inspect', {
       error: e
     });
+    const errStr = e ? String(e).trim() : '';
+    const cause = errStr || NO_ERROR_MESSAGE;
     return {
       ok: false,
       message: 'Socket API returned an error',
-      cause: `${message}${reason ? ` ( Reason: ${reason} )` : ''}`
+      cause
     };
   }
 
   // Note: TS can't narrow down the type of result due to generics
-  if (result.success === false) {
-    const error = result;
-    const message = `${error.error || NO_ERROR_MESSAGE}`;
+  if (sdkResult.success === false) {
     require$$9.debugFn('error', `fail: ${description} bad response`);
     require$$9.debugDir('inspect', {
-      error
+      sdkResult
     });
+    const sdkErrorResult = sdkResult;
+    const errStr = sdkErrorResult.error ? String(sdkErrorResult.error).trim() : '';
+    const message = errStr || NO_ERROR_MESSAGE;
+    const reason = sdkErrorResult.cause || NO_ERROR_MESSAGE;
+    const cause = reason && message !== reason ? `${message} (reason: ${reason})` : message;
     return {
       ok: false,
       message: 'Socket API returned an error',
-      cause: `${message}${error.cause ? ` ( Reason: ${error.cause} )` : ''}`,
+      cause,
       data: {
-        code: result.status
+        code: sdkResult.status
       }
     };
   } else {
-    const ok = result;
+    const sdkSuccessResult = sdkResult;
     return {
       ok: true,
-      data: ok.data
+      data: sdkSuccessResult.data
     };
   }
 }
@@ -498,7 +504,7 @@ async function queryApi(path, apiToken) {
     }
   });
 }
-async function queryApiSafeText(path, desc) {
+async function queryApiSafeText(path, description) {
   const apiToken = getDefaultApiToken();
   if (!apiToken) {
     return {
@@ -509,19 +515,19 @@ async function queryApiSafeText(path, desc) {
   }
   const {
     spinner
-  } = constants;
-  if (desc) {
-    spinner.start(`Requesting ${desc} from API...`);
+  } = constants.default;
+  if (description) {
+    spinner.start(`Requesting ${description} from API...`);
   }
   let result;
   try {
     result = await queryApi(path, apiToken);
-    if (desc) {
-      spinner.successAndStop(`Received Socket API response (after requesting ${desc}).`);
+    if (description) {
+      spinner.successAndStop(`Received Socket API response (after requesting ${description}).`);
     }
   } catch (e) {
-    if (desc) {
-      spinner.failAndStop(`An error was thrown while requesting ${desc}.`);
+    if (description) {
+      spinner.failAndStop(`An error was thrown while requesting ${description}.`);
     }
     const cause = e?.message;
     require$$9.debugFn('error', 'caught: await queryApi() error');
@@ -562,8 +568,8 @@ async function queryApiSafeText(path, desc) {
     };
   }
 }
-async function queryApiSafeJson(path, desc = '') {
-  const result = await queryApiSafeText(path, desc);
+async function queryApiSafeJson(path, description = '') {
+  const result = await queryApiSafeText(path, description);
   if (!result.ok) {
     return result;
   }
@@ -593,34 +599,42 @@ async function sendApiRequest(path, options) {
   if (!baseUrl) {
     logger.logger.warn('API endpoint is not set and default was empty. Request is likely to fail.');
   }
+  const {
+    body,
+    description,
+    method
+  } = {
+    __proto__: null,
+    ...options
+  };
   const {
     spinner
-  } = constants;
-  if (options.desc) {
-    spinner.start(`Requesting ${options.desc} from API...`);
+  } = constants.default;
+  if (description) {
+    spinner.start(`Requesting ${description} from API...`);
   }
   let result;
   try {
     const fetchOptions = {
-      method: options.method,
+      method,
       headers: {
         Authorization: `Basic ${btoa(`${apiToken}:`)}`,
         'Content-Type': 'application/json'
       },
-      ...(options.body ? {
-        body: JSON.stringify(options.body)
+      ...(body ? {
+        body: JSON.stringify(body)
       } : {})
     };
     result = await fetch(`${baseUrl}${baseUrl.endsWith('/') ? '' : '/'}${path}`, fetchOptions);
-    if (options.desc) {
-      spinner.successAndStop(`Received Socket API response (after requesting ${options.desc}).`);
+    if (description) {
+      spinner.successAndStop(`Received Socket API response (after requesting ${description}).`);
     }
   } catch (e) {
-    if (options.desc) {
-      spinner.failAndStop(`An error was thrown while requesting ${options.desc}.`);
+    if (description) {
+      spinner.failAndStop(`An error was thrown while requesting ${description}.`);
     }
     const cause = e?.message;
-    require$$9.debugFn('error', `caught: await fetch() ${options.method} error`);
+    require$$9.debugFn('error', `caught: await fetch() ${method} error`);
     require$$9.debugDir('inspect', {
       error: e
     });
@@ -675,14 +689,20 @@ function mdTableStringNumber(title1, title2, obj) {
   // | Paragraph   |     18 |
   let mw1 = title1.length;
   let mw2 = title2.length;
-  for (const [key, value] of Object.entries(obj)) {
+  for (const {
+    0: key,
+    1: value
+  } of Object.entries(obj)) {
     mw1 = Math.max(mw1, key.length);
     mw2 = Math.max(mw2, String(value ?? '').length);
   }
   const lines = [];
   lines.push(`| ${title1.padEnd(mw1, ' ')} | ${title2.padEnd(mw2)} |`);
   lines.push(`| ${'-'.repeat(mw1)} | ${'-'.repeat(mw2)} |`);
-  for (const [key, value] of Object.entries(obj)) {
+  for (const {
+    0: key,
+    1: value
+  } of Object.entries(obj)) {
     lines.push(`| ${key.padEnd(mw1, ' ')} | ${String(value ?? '').padStart(mw2, ' ')} |`);
   }
   lines.push(`| ${'-'.repeat(mw1)} | ${'-'.repeat(mw2)} |`);
@@ -843,19 +863,19 @@ function checkCommandInput(outputKind, ...checks) {
 
 function getOutputKind(json, markdown) {
   if (json) {
-    return 'json';
+    return constants.OUTPUT_JSON;
   }
   if (markdown) {
-    return 'markdown';
+    return constants.OUTPUT_MARKDOWN;
   }
-  return 'text';
+  return constants.OUTPUT_TEXT;
 }
 
 const require$2 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
 let _requirements;
 function getRequirements() {
   if (_requirements === undefined) {
-    _requirements = /*@__PURE__*/require$2(path.join(constants.rootPath, 'requirements.json'));
+    _requirements = /*@__PURE__*/require$2(path.join(constants.default.rootPath, 'requirements.json'));
   }
   return _requirements;
 }
@@ -935,7 +955,7 @@ function getHelpListOutput(list, options) {
 // Replace the start of a path with ~/ when it starts with your home dir.
 // A common way to abbreviate the user home dir (though not strictly posix).
 function tildify(cwd) {
-  return cwd.replace(new RegExp(`^${regexps.escapeRegExp(constants.homePath)}(?:${path.sep}|$)`, 'i'), '~/');
+  return cwd.replace(new RegExp(`^${regexps.escapeRegExp(constants.default.homePath)}(?:${path.sep}|$)`, 'i'), '~/');
 }
 
 // Property names are picked such that the name is at the top when the props
@@ -1100,17 +1120,17 @@ async function meowWithSubcommands(subcommands, options) {
   // The env var overrides the --flag, which overrides the persisted config
   // Also, when either of these are used, config updates won't persist.
   let configOverrideResult;
-  if (constants.ENV.SOCKET_CLI_CONFIG) {
-    configOverrideResult = overrideCachedConfig(constants.ENV.SOCKET_CLI_CONFIG);
+  if (constants.default.ENV.SOCKET_CLI_CONFIG) {
+    configOverrideResult = overrideCachedConfig(constants.default.ENV.SOCKET_CLI_CONFIG);
   } else if (cli1.flags['config']) {
     configOverrideResult = overrideCachedConfig(String(cli1.flags['config'] || ''));
   }
-  if (constants.ENV.SOCKET_CLI_NO_API_TOKEN) {
+  if (constants.default.ENV.SOCKET_CLI_NO_API_TOKEN) {
     // This overrides the config override and even the explicit token env var.
     // The config will be marked as readOnly to prevent persisting it.
     overrideConfigApiToken(undefined);
   } else {
-    const tokenOverride = constants.ENV.SOCKET_CLI_API_TOKEN;
+    const tokenOverride = constants.default.ENV.SOCKET_CLI_API_TOKEN;
     if (tokenOverride) {
       // This will set the token (even if there was a config override) and
       // set it to readOnly, making sure the temp token won't be persisted.
@@ -1161,7 +1181,7 @@ async function meowWithSubcommands(subcommands, options) {
     // "Bucket" some commands for easier usage.
     const commands = new Set(['analytics', 'audit-log', 'ci', 'cdxgen', 'config', 'dependencies', 'fix', 'install',
     //'json',
-    'license', 'login', 'logout', 'manifest', 'npm', 'npx', 'optimize', 'organization', 'package',
+    'license', 'login', 'logout', 'manifest', constants.NPM, constants.NPX, 'optimize', 'organization', 'package',
     //'patch',
     'raw-npm', 'raw-npx', 'repository', 'scan',
     //'security',
@@ -1179,7 +1199,7 @@ async function meowWithSubcommands(subcommands, options) {
       // test snapshots we use joinAnd.
       arrays.joinAnd(Array.from(commands).sort(sorts.naturalCompare).map(c => `'${c}'`)));
     }
-    lines.push('Note: All commands have their own --help', '', 'Main commands', `  socket login                ${description(subcommands['login'])}`, `  socket scan create          Create a new Socket scan and report`, `  socket npm/lodash@4.17.21   Request the Socket score of a package`, `  socket ci                   ${description(subcommands['ci'])}`, ``, 'Socket API', `  analytics                   ${description(subcommands['analytics'])}`, `  audit-log                   ${description(subcommands['audit-log'])}`, `  organization                ${description(subcommands['organization'])}`, `  package                     ${description(subcommands['package'])}`, `  repository                  ${description(subcommands['repository'])}`, `  scan                        ${description(subcommands['scan'])}`, `  threat-feed                 ${description(subcommands['threat-feed'])}`, ``, 'Local tools', `  fix                         ${description(subcommands['fix'])}`, `  manifest                    ${description(subcommands['manifest'])}`, `  npm                         ${description(subcommands['npm'])}`, `  npx                         ${description(subcommands['npx'])}`, `  optimize                    ${description(subcommands['optimize'])}`, `  raw-npm                     ${description(subcommands['raw-npm'])}`, `  raw-npx                     ${description(subcommands['raw-npx'])}`, '', 'CLI configuration', `  config                      ${description(subcommands['config'])}`, `  install                     ${description(subcommands['install'])}`, `  login                       Socket API login and CLI setup`, `  logout                      ${description(subcommands['logout'])}`, `  uninstall                   ${description(subcommands['uninstall'])}`, `  wrapper                     ${description(subcommands['wrapper'])}`);
+    lines.push('Note: All commands have their own --help', '', 'Main commands', `  socket login                ${description(subcommands['login'])}`, `  socket scan create          Create a new Socket scan and report`, `  socket npm/lodash@4.17.21   Request the Socket score of a package`, `  socket ci                   ${description(subcommands['ci'])}`, ``, 'Socket API', `  analytics                   ${description(subcommands['analytics'])}`, `  audit-log                   ${description(subcommands['audit-log'])}`, `  organization                ${description(subcommands['organization'])}`, `  package                     ${description(subcommands['package'])}`, `  repository                  ${description(subcommands['repository'])}`, `  scan                        ${description(subcommands['scan'])}`, `  threat-feed                 ${description(subcommands['threat-feed'])}`, ``, 'Local tools', `  fix                         ${description(subcommands['fix'])}`, `  manifest                    ${description(subcommands['manifest'])}`, `  npm                         ${description(subcommands[constants.NPM])}`, `  npx                         ${description(subcommands[constants.NPX])}`, `  optimize                    ${description(subcommands['optimize'])}`, `  raw-npm                     ${description(subcommands['raw-npm'])}`, `  raw-npx                     ${description(subcommands['raw-npx'])}`, '', 'CLI configuration', `  config                      ${description(subcommands['config'])}`, `  install                     ${description(subcommands['install'])}`, `  login                       Socket API login and CLI setup`, `  logout                      ${description(subcommands['logout'])}`, `  uninstall                   ${description(subcommands['uninstall'])}`, `  wrapper                     ${description(subcommands['wrapper'])}`);
   } else {
     lines.push('Commands');
     lines.push(`  ${getHelpListOutput({
@@ -1241,7 +1261,7 @@ async function meowWithSubcommands(subcommands, options) {
   }
   if (!cli2.flags['help'] && cli2.flags['dryRun']) {
     process.exitCode = 0;
-    logger.logger.log(`${constants.DRY_RUN_LABEL}: No-op, call a sub-command; ok`);
+    logger.logger.log(`${constants.default.DRY_RUN_LABEL}: No-op, call a sub-command; ok`);
   } else {
     // When you explicitly request --help, the command should be successful
     // so we exit(0). If we do it because we need more input, we exit(2).
@@ -1276,7 +1296,8 @@ function meowOrExit({
     importMeta
   });
   if (!shouldSuppressBanner(cli.flags)) {
-    emitBanner(command, String(cli.flags['org'] || '') || undefined);
+    const orgFlag = String(cli.flags['org'] || '').trim() || undefined;
+    emitBanner(command, orgFlag);
     // Add newline in stderr.
     // Meow help adds a newline too so we do it here.
     logger.logger.error('');
@@ -1304,15 +1325,15 @@ function meowOrExit({
     cli.showHelp(0);
   }
 
-  // meow doesn't detect 'version' as an unknown flag, so we do the leg work here.
+  // Meow doesn't detect 'version' as an unknown flag, so we do the leg work here.
   if (!require$$11.hasOwn(config.flags, 'version') && cli.flags['version']) {
-    // Use `console.error` here instead of `logger.error` to match meow behavior.
+    // Use `console.error` here instead of `logger.error` to match Meow behavior.
     console.error('Unknown flag\n--version');
     // eslint-disable-next-line n/no-process-exit
     process.exit(2);
   }
 
-  // Now test for help state. Run meow again. If it exits now, it must be due
+  // Now test for help state. Run Meow again. If it exits now, it must be due
   // to wanting to print the help screen. But it would exit(0) and we want a
   // consistent exit(2) for that case (missing input).
   // TODO: Move away from meow.
@@ -1349,9 +1370,9 @@ function getAsciiHeader(command, orgFlag) {
   // Note: In tests we return <redacted> because otherwise snapshots will fail.
   const {
     REDACTED
-  } = constants;
-  const redacting = constants.ENV.VITEST;
-  const cliVersion = redacting ? REDACTED : constants.ENV.INLINED_SOCKET_CLI_VERSION_HASH;
+  } = constants.default;
+  const redacting = constants.default.ENV.VITEST;
+  const cliVersion = redacting ? REDACTED : constants.default.ENV.INLINED_SOCKET_CLI_VERSION_HASH;
   const nodeVersion = redacting ? REDACTED : process.version;
   const defaultOrg = getConfigValueOrUndef('defaultOrg');
   const readOnlyConfig = isReadOnlyConfig() ? '*' : '.';
@@ -1396,7 +1417,7 @@ function msAtHome(isoTimeStamp) {
 
 async function fetchOrganization(options) {
   const {
-    desc = 'organization list',
+    description = 'organization list',
     sdk,
     sdkOpts
   } = {
@@ -1412,7 +1433,7 @@ async function fetchOrganization(options) {
     sockSdk = sockSdkCResult.data;
   }
   const orgsCResult = await handleApiCall(sockSdk.getOrganizations(), {
-    desc
+    description
   });
   if (!orgsCResult.ok) {
     return orgsCResult;
@@ -1542,7 +1563,7 @@ async function getDefaultOrgSlug() {
       data: defaultOrgResult
     };
   }
-  const envOrgSlug = constants.ENV.SOCKET_CLI_ORG_SLUG;
+  const envOrgSlug = constants.default.ENV.SOCKET_CLI_ORG_SLUG;
   if (envOrgSlug) {
     require$$9.debugFn('notice', 'use: org from SOCKET_CLI_ORG_SLUG environment variable', envOrgSlug);
     return {
@@ -1598,7 +1619,7 @@ async function getBaseBranch(cwd = process.cwd()) {
     GITHUB_BASE_REF,
     GITHUB_REF_NAME,
     GITHUB_REF_TYPE
-  } = constants.ENV;
+  } = constants.default.ENV;
   // 1. In a pull request, this is always the base branch.
   if (GITHUB_BASE_REF) {
     return GITHUB_BASE_REF;
@@ -1647,7 +1668,7 @@ async function getRepoInfo(cwd = process.cwd()) {
 }
 async function getRepoName(cwd = process.cwd()) {
   const repoInfo = await getRepoInfo(cwd);
-  return repoInfo?.repo ?? constants.SOCKET_DEFAULT_REPOSITORY;
+  return repoInfo?.repo ?? constants.default.SOCKET_DEFAULT_REPOSITORY;
 }
 async function gitBranch(cwd = process.cwd()) {
   const stdioPipeOptions = {
@@ -1711,7 +1732,7 @@ async function detectDefaultBranch(cwd = process.cwd()) {
       return branch;
     }
   }
-  return constants.SOCKET_DEFAULT_BRANCH;
+  return constants.default.SOCKET_DEFAULT_BRANCH;
 }
 async function gitCleanFdx(cwd = process.cwd()) {
   const stdioIgnoreOptions = {
@@ -1798,8 +1819,8 @@ async function gitCommit(commitMsg, filepaths, options) {
   }
   const {
     cwd = process.cwd(),
-    email = constants.ENV.SOCKET_CLI_GIT_USER_EMAIL,
-    user = constants.ENV.SOCKET_CLI_GIT_USER_NAME
+    email = constants.default.ENV.SOCKET_CLI_GIT_USER_EMAIL,
+    user = constants.default.ENV.SOCKET_CLI_GIT_USER_NAME
   } = {
     __proto__: null,
     ...options
@@ -2038,8 +2059,25 @@ function parseGitRemoteUrl(remoteUrl) {
   } : result;
 }
 
-function getPurlObject(purl) {
-  return typeof purl === 'string' ? vendor.packageurlJsExports.PackageURL.fromString(purl) : purl;
+function getPurlObject(purl, options) {
+  const {
+    throws
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const shouldThrow = throws === undefined || !!throws;
+  try {
+    return typeof purl === 'string' ? vendor.packageurlJsExports.PackageURL.fromString(normalizePurl(purl)) : purl;
+  } catch (e) {
+    if (shouldThrow) {
+      throw e;
+    }
+    return null;
+  }
+}
+function normalizePurl(rawPurl) {
+  return rawPurl.startsWith('pkg:') ? rawPurl : `pkg:${rawPurl}`;
 }
 
 function getPkgFullNameFromPurl(purl) {
@@ -2056,7 +2094,7 @@ function getSocketDevPackageOverviewUrlFromPurl(purl) {
   return getSocketDevPackageOverviewUrl(purlObj.type, fullName, purlObj.version);
 }
 function getSocketDevPackageOverviewUrl(ecosystem, fullName, version) {
-  const url = `${constants.SOCKET_WEBSITE_URL}/${ecosystem}/package/${fullName}`;
+  const url = `${constants.default.SOCKET_WEBSITE_URL}/${ecosystem}/package/${fullName}`;
   return ecosystem === 'golang' ? `${url}${version ? `?section=overview&version=${version}` : ''}` : `${url}${version ? `/overview/${version}` : ''}`;
 }
 
@@ -2069,7 +2107,10 @@ function mapToObject(map) {
 }
 
 function* walkNestedMap(map, keys = []) {
-  for (const [key, value] of map.entries()) {
+  for (const {
+    0: key,
+    1: value
+  } of map.entries()) {
     if (value instanceof Map) {
       yield* walkNestedMap(value, [...keys, key]);
     } else {
@@ -2099,7 +2140,7 @@ const IGNORED_DIRS = [
 // Where Bower packages are installed, see <http://bower.io/>
 'coverage',
 // Standard output directory for code coverage reports, see <https://github.com/gotwarlost/istanbul>
-'node_modules',
+constants.NODE_MODULES,
 // Where Node modules are installed, see <https://nodejs.org/>
 // Taken from globby:
 // https://github.com/sindresorhus/globby/blob/v14.0.2/ignore.js#L11-L16
@@ -2107,7 +2148,7 @@ const IGNORED_DIRS = [
 const IGNORED_DIR_PATTERNS = IGNORED_DIRS.map(i => `**/${i}`);
 async function getWorkspaceGlobs(agent, cwd = process.cwd()) {
   let workspacePatterns;
-  if (agent === 'pnpm') {
+  if (agent === constants.PNPM) {
     for (const workspacePath of [path.join(cwd, 'pnpm-workspace.yaml'), path.join(cwd, 'pnpm-workspace.yml')]) {
       // eslint-disable-next-line no-await-in-loop
       const yml = await fs.safeReadFile(workspacePath);
@@ -2289,7 +2330,7 @@ function findBinPathDetailsSync(binName) {
   }) ?? [];
   const {
     shadowBinPath
-  } = constants;
+  } = constants.default;
   let shadowIndex = -1;
   let theBinPath;
   for (let i = 0, {
@@ -2313,10 +2354,10 @@ function findBinPathDetailsSync(binName) {
 function findNpmDirPathSync(npmBinPath) {
   const {
     WIN32
-  } = constants;
+  } = constants.default;
   let thePath = npmBinPath;
   while (true) {
-    const libNmNpmPath = path.join(thePath, 'lib/node_modules/npm');
+    const libNmNpmPath = path.join(thePath, `lib/${constants.NODE_MODULES}/${constants.NPM}`);
     // mise, which uses opaque binaries, puts its npm bin in a path like:
     //   /Users/SomeUsername/.local/share/mise/installs/node/vX.X.X/bin/npm.
     // HOWEVER, the location of the npm install is:
@@ -2328,8 +2369,8 @@ function findNpmDirPathSync(npmBinPath) {
     fs.isDirSync(libNmNpmPath)) {
       thePath = libNmNpmPath;
     }
-    const hasNmInCurrPath = fs.isDirSync(path.join(thePath, 'node_modules'));
-    const hasNmInParentPath = !hasNmInCurrPath && fs.isDirSync(path.join(thePath, '../node_modules'));
+    const hasNmInCurrPath = fs.isDirSync(path.join(thePath, constants.NODE_MODULES));
+    const hasNmInParentPath = !hasNmInCurrPath && fs.isDirSync(path.join(thePath, `../${constants.NODE_MODULES}`));
     if (
     // npm bin paths may look like:
     //   /usr/local/share/npm/bin/npm
@@ -2345,9 +2386,9 @@ function findNpmDirPathSync(npmBinPath) {
     // In some bespoke cases the node_modules folder is in the parent directory.
     hasNmInParentPath) && (
     // Optimistically look for the default location.
-    path.basename(thePath) === 'npm' ||
+    path.basename(thePath) === constants.NPM ||
     // Chocolatey installs npm bins in the same directory as node bins.
-    WIN32 && fs$1.existsSync(path.join(thePath, 'npm.cmd')))) {
+    WIN32 && fs$1.existsSync(path.join(thePath, `${constants.NPM}.cmd`)))) {
       return hasNmInParentPath ? path.dirname(thePath) : thePath;
     }
     const parent = path.dirname(thePath);
@@ -2384,7 +2425,7 @@ function getNpmBinPath() {
   if (_npmBinPath === undefined) {
     _npmBinPath = getNpmBinPathDetails().path;
     if (!_npmBinPath) {
-      exitWithBinPathError('npm');
+      exitWithBinPathError(constants.NPM);
     }
   }
   return _npmBinPath;
@@ -2392,7 +2433,7 @@ function getNpmBinPath() {
 let _npmBinPathDetails;
 function getNpmBinPathDetails() {
   if (_npmBinPathDetails === undefined) {
-    _npmBinPathDetails = findBinPathDetailsSync('npm');
+    _npmBinPathDetails = findBinPathDetailsSync(constants.NPM);
   }
   return _npmBinPathDetails;
 }
@@ -2402,7 +2443,7 @@ function getNpmDirPath() {
     const npmBinPath = getNpmBinPath();
     _npmDirPath = npmBinPath ? findNpmDirPathSync(npmBinPath) : undefined;
     if (!_npmDirPath) {
-      _npmDirPath = constants.ENV.SOCKET_CLI_NPM_PATH || undefined;
+      _npmDirPath = constants.default.ENV.SOCKET_CLI_NPM_PATH || undefined;
     }
     if (!_npmDirPath) {
       let message = 'Unable to find npm CLI install directory.';
@@ -2410,7 +2451,7 @@ function getNpmDirPath() {
         message += `\nSearched parent directories of ${path.dirname(npmBinPath)}.`;
       }
       message += '\n\nThis is may be a bug with socket-npm related to changes to the npm CLI.';
-      message += `\nPlease report to ${constants.SOCKET_CLI_ISSUES_URL}.`;
+      message += `\nPlease report to ${constants.default.SOCKET_CLI_ISSUES_URL}.`;
       logger.logger.fail(message);
       // The exit code 127 indicates that the command or binary being executed
       // could not be found.
@@ -2424,7 +2465,7 @@ let _npmRequire;
 function getNpmRequire() {
   if (_npmRequire === undefined) {
     const npmDirPath = getNpmDirPath();
-    const npmNmPath = path.join(npmDirPath, 'node_modules/npm');
+    const npmNmPath = path.join(npmDirPath, `${constants.NODE_MODULES}/npm`);
     _npmRequire = Module.createRequire(path.join(fs$1.existsSync(npmNmPath) ? npmNmPath : npmDirPath, '<dummy-basename>'));
   }
   return _npmRequire;
@@ -2495,7 +2536,7 @@ async function findUp(name, options) {
   };
   const {
     cwd = process.cwd(),
-    signal = constants.abortSignal
+    signal = constants.default.abortSignal
   } = opts;
   let {
     onlyDirectories = false,
@@ -2551,7 +2592,7 @@ async function spawnCoana(args, orgSlug, options, extra) {
     ...options
   };
   const mixinsEnv = {
-    SOCKET_CLI_VERSION: constants.ENV.INLINED_SOCKET_CLI_VERSION
+    SOCKET_CLI_VERSION: constants.default.ENV.INLINED_SOCKET_CLI_VERSION
   };
   const defaultApiToken = getDefaultApiToken();
   if (defaultApiToken) {
@@ -2568,16 +2609,18 @@ async function spawnCoana(args, orgSlug, options, extra) {
   try {
     const {
       spawnPromise
-    } = await shadowNpmBin('npx', ['--yes', `@coana-tech/cli@~${constants.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}`, ...args], {
+    } = await shadowNpmBin('npx', ['--yes', `@coana-tech/cli@~${constants.default.ENV.INLINED_SOCKET_CLI_COANA_TECH_CLI_VERSION}`, ...args], {
       ...spawnOpts,
       env: {
+        ...process.env,
+        ...constants.default.processEnv,
         ...mixinsEnv,
         ...spawnEnv
       },
       ipc: {
-        [constants.SOCKET_CLI_SHADOW_ACCEPT_RISKS]: true,
-        [constants.SOCKET_CLI_SHADOW_API_TOKEN]: constants.SOCKET_PUBLIC_API_TOKEN,
-        [constants.SOCKET_CLI_SHADOW_SILENT]: true,
+        [constants.default.SOCKET_CLI_SHADOW_ACCEPT_RISKS]: true,
+        [constants.default.SOCKET_CLI_SHADOW_API_TOKEN]: constants.default.SOCKET_PUBLIC_API_TOKEN,
+        [constants.default.SOCKET_CLI_SHADOW_SILENT]: true,
         ...ipc
       }
     }, extra);
@@ -2719,7 +2762,7 @@ async function writeSocketJson(cwd, sockJson) {
 async function readCache(key,
 // 5 minute in milliseconds time to live (TTL).
 ttlMs = 5 * 60 * 1000) {
-  const cacheJsonPath = path.join(constants.githubCachePath, `${key}.json`);
+  const cacheJsonPath = path.join(constants.default.githubCachePath, `${key}.json`);
   const stat = fs.safeStatsSync(cacheJsonPath);
   if (stat) {
     const isExpired = Date.now() - stat.mtimeMs > ttlMs;
@@ -2732,7 +2775,7 @@ ttlMs = 5 * 60 * 1000) {
 async function writeCache(key, data) {
   const {
     githubCachePath
-  } = constants;
+  } = constants.default;
   const cacheJsonPath = path.join(githubCachePath, `${key}.json`);
   if (!fs$1.existsSync(githubCachePath)) {
     await fs$1.promises.mkdir(githubCachePath, {
@@ -2743,7 +2786,7 @@ async function writeCache(key, data) {
 }
 async function cacheFetch(key, fetcher, ttlMs) {
   // Optionally disable cache.
-  if (constants.ENV.DISABLE_GITHUB_CACHE) {
+  if (constants.default.ENV.DISABLE_GITHUB_CACHE) {
     return await fetcher();
   }
   let data = await readCache(key, ttlMs);
@@ -2795,7 +2838,7 @@ async function fetchGhsaDetails(ids) {
       }
     }
   } catch (e) {
-    require$$9.debugFn('error', `Failed to fetch GHSA details: ${e?.message || 'Unknown error'}`);
+    require$$9.debugFn('error', `Failed to fetch GHSA details: ${e?.message || constants.UNKNOWN_ERROR}`);
   }
   return results;
 }
@@ -2804,13 +2847,13 @@ function getOctokit() {
   if (_octokit === undefined) {
     const {
       SOCKET_CLI_GITHUB_TOKEN
-    } = constants.ENV;
+    } = constants.default.ENV;
     if (!SOCKET_CLI_GITHUB_TOKEN) {
       require$$9.debugFn('notice', 'miss: SOCKET_CLI_GITHUB_TOKEN env var');
     }
     const octokitOptions = {
       auth: SOCKET_CLI_GITHUB_TOKEN,
-      baseUrl: constants.ENV.GITHUB_API_URL
+      baseUrl: constants.default.ENV.GITHUB_API_URL
     };
     require$$9.debugDir('inspect', {
       octokitOptions
@@ -2824,7 +2867,7 @@ function getOctokitGraphql() {
   if (!_octokitGraphql) {
     const {
       SOCKET_CLI_GITHUB_TOKEN
-    } = constants.ENV;
+    } = constants.default.ENV;
     if (!SOCKET_CLI_GITHUB_TOKEN) {
       require$$9.debugFn('notice', 'miss: SOCKET_CLI_GITHUB_TOKEN env var');
     }
@@ -2878,7 +2921,7 @@ async function enablePrAutoMerge({
 async function setGitRemoteGithubRepoUrl(owner, repo, token, cwd = process.cwd()) {
   const {
     host
-  } = new URL(constants.ENV.GITHUB_SERVER_URL);
+  } = new URL(constants.default.ENV.GITHUB_SERVER_URL);
   const url = `https://x-access-token:${token}@${host}/${owner}/${repo}`;
   const stdioIgnoreOptions = {
     cwd,
@@ -2910,7 +2953,7 @@ function getMajor(version) {
 const COMPLETION_CMD_PREFIX = 'complete -F _socket_completion';
 function getCompletionSourcingCommand() {
   // Note: this is exported to distPath in .config/rollup.dist.config.mjs
-  const completionScriptExportPath = path.join(constants.distPath, 'socket-completion.bash');
+  const completionScriptExportPath = path.join(constants.default.distPath, 'socket-completion.bash');
   if (!fs$1.existsSync(completionScriptExportPath)) {
     return {
       ok: false,
@@ -2930,7 +2973,7 @@ function getBashrcDetails(targetCommandName) {
   }
   const {
     socketAppDataPath
-  } = constants;
+  } = constants.default;
   if (!socketAppDataPath) {
     return {
       ok: false,
@@ -2969,7 +3012,7 @@ const {
   [kInternalsSymbol]: {
     getSentry
   }
-} = constants;
+} = constants.default;
 class AuthError extends Error {}
 class InputError extends Error {
   constructor(message, body) {
@@ -3033,7 +3076,7 @@ function shadowNpmInstall(options) {
   } else {
     stdio = useIpc ? ['pipe', 'pipe', 'pipe', 'ipc'] : 'pipe';
   }
-  const spawnPromise = spawn.spawn(constants.execPath, [...constants.nodeNoWarningsFlags, ...constants.nodeDebugFlags, ...constants.nodeHardenFlags, ...constants.nodeMemoryFlags, ...(constants.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ? ['--require', constants.instrumentWithSentryPath] : []), '--require', constants.shadowNpmInjectPath, npm.resolveBinPathSync(agentExecPath), 'install',
+  const spawnPromise = spawn.spawn(constants.default.execPath, [...constants.default.nodeNoWarningsFlags, ...constants.default.nodeDebugFlags, ...constants.default.nodeHardenFlags, ...constants.default.nodeMemoryFlags, ...(constants.default.ENV.INLINED_SOCKET_CLI_SENTRY_BUILD ? ['--require', constants.default.instrumentWithSentryPath] : []), '--require', constants.default.shadowNpmInjectPath, npm.resolveBinPathSync(agentExecPath), 'install',
   // Avoid code paths for 'audit' and 'fund'.
   '--no-audit', '--no-fund',
   // Add '--no-progress' to fix input being swallowed by the npm spinner.
@@ -3044,7 +3087,7 @@ function shadowNpmInstall(options) {
     ...spawnOpts,
     env: {
       ...process.env,
-      ...constants.processEnv,
+      ...constants.default.processEnv,
       ...require$$11.getOwn(spawnOpts, 'env')
     },
     spinner,
@@ -3052,9 +3095,9 @@ function shadowNpmInstall(options) {
   });
   if (useIpc) {
     spawnPromise.process.send({
-      [constants.SOCKET_IPC_HANDSHAKE]: {
-        [constants.SOCKET_CLI_SHADOW_BIN]: 'npm',
-        [constants.SOCKET_CLI_SHADOW_PROGRESS]: progressArg,
+      [constants.default.SOCKET_IPC_HANDSHAKE]: {
+        [constants.default.SOCKET_CLI_SHADOW_BIN]: constants.NPM,
+        [constants.default.SOCKET_CLI_SHADOW_PROGRESS]: progressArg,
         ...ipc
       }
     });
@@ -3067,8 +3110,8 @@ function runAgentInstall(pkgEnvDetails, options) {
     agent,
     agentExecPath
   } = pkgEnvDetails;
-  const isNpm = agent === 'npm';
-  const isPnpm = agent === 'pnpm';
+  const isNpm = agent === constants.NPM;
+  const isPnpm = agent === constants.PNPM;
   // All package managers support the "install" command.
   if (isNpm) {
     return shadowNpmInstall({
@@ -3086,24 +3129,25 @@ function runAgentInstall(pkgEnvDetails, options) {
   };
   const skipNodeHardenFlags = isPnpm && pkgEnvDetails.agentVersion.major < 11;
   return spawn.spawn(agentExecPath, ['install', ...args], {
-    shell: constants.WIN32,
+    shell: constants.default.WIN32,
     spinner,
     stdio: 'inherit',
     ...spawnOpts,
     env: {
       ...process.env,
-      ...constants.processEnv,
-      NODE_OPTIONS: cmdFlagsToString([...(skipNodeHardenFlags ? [] : constants.nodeHardenFlags), ...constants.nodeNoWarningsFlags]),
+      ...constants.default.processEnv,
+      NODE_OPTIONS: cmdFlagsToString([...(skipNodeHardenFlags ? [] : constants.default.nodeHardenFlags), ...constants.default.nodeNoWarningsFlags]),
       ...require$$11.getOwn(spawnOpts, 'env')
     }
   });
 }
 
 const {
-  BINARY_LOCK_EXT,
   BUN,
+  EXT_LOCK,
+  EXT_LOCKB,
   HIDDEN_PACKAGE_LOCK_JSON,
-  LOCK_EXT,
+  NODE_MODULES,
   NPM,
   NPM_BUGGY_OVERRIDES_PATCHED_VERSION,
   PACKAGE_JSON,
@@ -3112,7 +3156,7 @@ const {
   YARN,
   YARN_BERRY,
   YARN_CLASSIC
-} = constants;
+} = constants.default;
 const AGENTS = [BUN, NPM, PNPM, YARN_BERRY, YARN_CLASSIC, VLT];
 const binByAgent = new Map([[BUN, BUN], [NPM, NPM], [PNPM, PNPM], [YARN_BERRY, YARN], [YARN_CLASSIC, YARN], [VLT, VLT]]);
 const readLockFileByAgent = (() => {
@@ -3128,10 +3172,10 @@ const readLockFileByAgent = (() => {
   const defaultReader = wrapReader(async lockPath => await fs.readFileUtf8(lockPath));
   return new Map([[BUN, wrapReader(async (lockPath, agentExecPath, cwd = process.cwd()) => {
     const ext = path.extname(lockPath);
-    if (ext === LOCK_EXT) {
+    if (ext === EXT_LOCK) {
       return await defaultReader(lockPath);
     }
-    if (ext === BINARY_LOCK_EXT) {
+    if (ext === EXT_LOCKB) {
       const lockBuffer = await binaryReader(lockPath);
       if (lockBuffer) {
         try {
@@ -3143,7 +3187,7 @@ const readLockFileByAgent = (() => {
       // https://bun.sh/guides/install/yarnlock
       return (await spawn.spawn(agentExecPath, [lockPath], {
         cwd,
-        shell: constants.WIN32
+        shell: constants.default.WIN32
       })).stdout;
     }
     return undefined;
@@ -3152,8 +3196,8 @@ const readLockFileByAgent = (() => {
 
 // The order of LOCKS properties IS significant as it affects iteration order.
 const LOCKS = {
-  [`bun${LOCK_EXT}`]: BUN,
-  [`bun${BINARY_LOCK_EXT}`]: BUN,
+  [`bun${EXT_LOCK}`]: BUN,
+  [`bun${EXT_LOCKB}`]: BUN,
   // If both package-lock.json and npm-shrinkwrap.json are present in the root
   // of a project, npm-shrinkwrap.json will take precedence and package-lock.json
   // will be ignored.
@@ -3162,19 +3206,19 @@ const LOCKS = {
   'package-lock.json': NPM,
   'pnpm-lock.yaml': PNPM,
   'pnpm-lock.yml': PNPM,
-  [`yarn${LOCK_EXT}`]: YARN_CLASSIC,
+  [`yarn${EXT_LOCK}`]: YARN_CLASSIC,
   'vlt-lock.json': VLT,
   // Lastly, look for a hidden lock file which is present if .npmrc has package-lock=false:
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#hidden-lockfiles
   //
   // Unlike the other LOCKS keys this key contains a directory AND filename so
   // it has to be handled differently.
-  'node_modules/.package-lock.json': NPM
+  [`${NODE_MODULES}/.package-lock.json`]: NPM
 };
 async function getAgentExecPath(agent) {
   const binName = binByAgent.get(agent);
   if (binName === NPM) {
-    return constants.npmExecPath;
+    return constants.default.npmExecPath;
   }
   return (await vendor.libExports$1(binName, {
     nothrow: true
@@ -3193,7 +3237,7 @@ async function getAgentVersion(agent, agentExecPath, cwd) {
     // All package managers support the "--version" flag.
     (await spawn.spawn(agentExecPath, ['--version'], {
       cwd,
-      shell: constants.WIN32
+      shell: constants.default.WIN32
     })).stdout) ?? undefined;
   } catch (e) {
     require$$9.debugFn('error', `caught: ${quotedCmd} failed`);
@@ -3249,8 +3293,8 @@ async function detectPackageEnvironment({
   }
   const {
     maintainedNodeVersions
-  } = constants;
-  const minSupportedAgentVersion = constants.minimumVersionByAgent.get(agent);
+  } = constants.default;
+  const minSupportedAgentVersion = constants.default.minimumVersionByAgent.get(agent);
   const minSupportedNodeMajor = vendor.semverExports.major(maintainedNodeVersions.last);
   const minSupportedNodeVersion = `${minSupportedNodeMajor}.0.0`;
   const minSupportedNodeRange = `>=${minSupportedNodeMajor}`;
@@ -3360,7 +3404,7 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
   } = details;
   const agentVersion = details.agentVersion ?? 'unknown';
   if (!details.agentSupported) {
-    const minVersion = constants.minimumVersionByAgent.get(agent);
+    const minVersion = constants.default.minimumVersionByAgent.get(agent);
     return {
       ok: false,
       message: 'Version mismatch',
@@ -3368,7 +3412,7 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
     };
   }
   if (!details.nodeSupported) {
-    const minVersion = constants.maintainedNodeVersions.last;
+    const minVersion = constants.default.maintainedNodeVersions.last;
     return {
       ok: false,
       message: 'Version mismatch',
@@ -3420,7 +3464,7 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
   }
   if (details.lockPath && path.relative(cwd, details.lockPath).startsWith('.')) {
     // Note: In tests we return <redacted> because otherwise snapshots will fail.
-    logger?.warn(cmdPrefixMessage(cmdName, `Package ${lockName} found at ${constants.ENV.VITEST ? constants.REDACTED : details.lockPath}`));
+    logger?.warn(cmdPrefixMessage(cmdName, `Package ${lockName} found at ${constants.default.ENV.VITEST ? constants.default.REDACTED : details.lockPath}`));
   }
   return {
     ok: true,
@@ -3428,7 +3472,7 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
   };
 }
 
-const ALL_ECOSYSTEMS = ['apk', 'bitbucket', 'cargo', 'chrome', 'cocoapods', 'composer', 'conan', 'conda', 'cran', 'deb', 'docker', 'gem', 'generic', 'github', 'golang', 'hackage', 'hex', 'huggingface', 'maven', 'mlflow', 'npm', 'nuget', 'oci', 'pub', 'pypi', 'qpkg', 'rpm', 'swift', 'swid', 'unknown'];
+const ALL_ECOSYSTEMS = ['apk', 'bitbucket', 'cargo', 'chrome', 'cocoapods', 'composer', 'conan', 'conda', 'cran', 'deb', 'docker', 'gem', 'generic', 'github', 'golang', 'hackage', 'hex', 'huggingface', 'maven', 'mlflow', constants.NPM, 'nuget', 'oci', 'pub', 'pypi', 'qpkg', 'rpm', 'swift', 'swid', 'unknown'];
 new Set(ALL_ECOSYSTEMS);
 function getEcosystemChoicesForMeow() {
   return [...ALL_ECOSYSTEMS];
@@ -3438,7 +3482,7 @@ function isArtifactAlertCve(alert) {
   const {
     type
   } = alert;
-  return type === constants.ALERT_TYPE_CVE || type === constants.ALERT_TYPE_MEDIUM_CVE || type === constants.ALERT_TYPE_MILD_CVE || type === constants.ALERT_TYPE_CRITICAL_CVE;
+  return type === constants.default.ALERT_TYPE_CVE || type === constants.default.ALERT_TYPE_MEDIUM_CVE || type === constants.default.ALERT_TYPE_MILD_CVE || type === constants.default.ALERT_TYPE_CRITICAL_CVE;
 }
 
 function createEnum(obj) {
@@ -3515,7 +3559,7 @@ const require$1 = Module.createRequire(require('node:url').pathToFileURL(__filen
 let _translations;
 function getTranslations() {
   if (_translations === undefined) {
-    _translations = /*@__PURE__*/require$1(path.join(constants.rootPath, 'translations.json'));
+    _translations = /*@__PURE__*/require$1(path.join(constants.default.rootPath, 'translations.json'));
   }
   return _translations;
 }
@@ -3865,7 +3909,7 @@ function logAlertsMap(alertsMap, options) {
 }
 
 function idToNpmPurl(id) {
-  return `pkg:npm/${id}`;
+  return `pkg:${constants.NPM}/${id}`;
 }
 
 async function getAlertsMapFromPurls(purls, options) {
@@ -4000,6 +4044,7 @@ exports.getOrgSlugs = getOrgSlugs;
 exports.getOutputKind = getOutputKind;
 exports.getPackageFilesForScan = getPackageFilesForScan;
 exports.getPublicApiToken = getPublicApiToken;
+exports.getPurlObject = getPurlObject;
 exports.getRepoInfo = getRepoInfo;
 exports.getRepoName = getRepoName;
 exports.getSocketDevPackageOverviewUrlFromPurl = getSocketDevPackageOverviewUrlFromPurl;
@@ -4036,6 +4081,7 @@ exports.mdTableStringNumber = mdTableStringNumber;
 exports.meowOrExit = meowOrExit;
 exports.meowWithSubcommands = meowWithSubcommands;
 exports.msAtHome = msAtHome;
+exports.normalizePurl = normalizePurl;
 exports.npa = npa;
 exports.queryApiSafeJson = queryApiSafeJson;
 exports.queryApiSafeText = queryApiSafeText;
@@ -4053,5 +4099,5 @@ exports.toFilterConfig = toFilterConfig;
 exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=c9a337ab-9c3d-4d21-a5a6-ef5d89be0e38
+//# debugId=bb13588e-acd6-4f09-97dc-878030632d5
 //# sourceMappingURL=utils.js.map