@socketsecurity/cli 0.14.29 → 0.14.31

package/dist/module-sync/npm-injection.js

@@ -1,27 +1,38 @@
 'use strict';
 
-var constants = require('./constants.js');
-var require$$0$2 = require('@babel/runtime/helpers/interopRequireWildcard');
-var require$$0$1 = require('@babel/runtime/helpers/interopRequireDefault');
-var require$$1$2 = require('node:events');
-var require$$0 = require('node:fs');
-var require$$3$3 = require('node:https');
-var require$$1 = require('node:path');
-var require$$3 = require('node:readline');
-var require$$5 = require('node:stream');
-var require$$7$1 = require('node:timers/promises');
-var require$$3$1 = require('is-interactive');
-var require$$5$1 = require('npm-package-arg');
-var require$$3$2 = require('@socketregistry/yocto-spinner');
-var require$$4 = require('semver');
-var require$$6$1 = require('@socketsecurity/config');
-var require$$7 = require('@socketsecurity/registry/lib/objects');
-var require$$1$1 = require('node:net');
-var require$$2 = require('node:os');
-var require$$6 = require('../../package.json');
-var sdk = require('./sdk.js');
-var pathResolve = require('./path-resolve.js');
-var link = require('./link.js');
+function _interop(e) {
+  let d
+  if (e) {
+    let c = 0
+    for (const k in e) {
+      d = c++ === 0 && k === 'default' ? e[k] : void 0
+      if (!d) break
+    }
+  }
+  return d ?? e
+}
+
+var vendor = _interop(require('./vendor.js'));
+var constants = _interop(require('./constants.js'));
+var require$$1$3 = _interop(require('node:events'));
+var require$$0 = _interop(require('node:fs'));
+var require$$3$3 = _interop(require('node:https'));
+var require$$1 = _interop(require('node:path'));
+var require$$3 = _interop(require('node:readline'));
+var require$$6$2 = _interop(require('node:timers/promises'));
+var require$$1$2 = _interop(require('@inquirer/confirm'));
+var require$$3$2 = _interop(require('@socketregistry/yocto-spinner'));
+var require$$3$1 = _interop(require('is-interactive'));
+var require$$5$1 = _interop(require('npm-package-arg'));
+var require$$4 = _interop(require('semver'));
+var require$$6$1 = _interop(require('@socketsecurity/config'));
+var require$$7 = _interop(require('@socketsecurity/registry/lib/objects'));
+var require$$1$1 = _interop(require('node:net'));
+var require$$2 = _interop(require('node:os'));
+var require$$5 = _interop(require('node:stream'));
+var sdk = _interop(require('./sdk.js'));
+var pathResolve = _interop(require('./path-resolve.js'));
+var link = _interop(require('./link.js'));
 
 var npmInjection$2 = {};
 
@@ -31,6 +42,246 @@ var arborist = {};
 
 var ttyServer$1 = {};
 
+var name = "@socketsecurity/cli";
+var version = "0.14.31";
+var description = "CLI tool for Socket.dev";
+var homepage = "http://github.com/SocketDev/socket-cli";
+var license = "MIT";
+var repository = {
+	type: "git",
+	url: "git+https://github.com/SocketDev/socket-cli.git"
+};
+var author = {
+	name: "Socket Inc",
+	email: "eng@socket.dev",
+	url: "https://socket.dev"
+};
+var bin = {
+	cli: "./bin/cli.js",
+	socket: "./bin/cli.js",
+	"socket-npm": "./bin/npm-cli.js",
+	"socket-npx": "./bin/npx-cli.js"
+};
+var exports$1 = {
+	"./bin/cli.js": {
+		"module-sync": {
+			types: "./dist/module-sync/cli.d.ts",
+			"default": "./dist/module-sync/cli.js"
+		},
+		require: {
+			types: "./dist/require/cli.d.ts",
+			"default": "./dist/require/cli.js"
+		}
+	},
+	"./bin/npm-cli.js": {
+		"module-sync": {
+			types: "./dist/module-sync/npm-cli.d.ts",
+			"default": "./dist/module-sync/npm-cli.js"
+		},
+		require: {
+			types: "./dist/require/npm-cli.d.ts",
+			"default": "./dist/require/npm-cli.js"
+		}
+	},
+	"./bin/npx-cli.js": {
+		"module-sync": {
+			types: "./dist/module-sync/npx-cli.d.ts",
+			"default": "./dist/module-sync/npx-cli.js"
+		},
+		require: {
+			types: "./dist/require/npx-cli.d.ts",
+			"default": "./dist/require/npx-cli.js"
+		}
+	},
+	"./package.json": "./package.json",
+	"./translations.json": "./translations.json"
+};
+var scripts = {
+	build: "run-s build:*",
+	"build:dist": "rollup -c .config/rollup.dist.config.mjs",
+	"build:test": "rollup -c .config/rollup.test.config.mjs",
+	check: "run-p -c --aggregate-output check:*",
+	"check:lint": "eslint --report-unused-disable-directives .",
+	"check:tsc": "tsc",
+	"check:type-coverage": "type-coverage --detail --strict --at-least 95 --ignore-files 'test/*'",
+	"knip:dependencies": "knip --dependencies",
+	"knip:exports": "knip --include exports,duplicates",
+	lint: "oxlint -c=./.oxlintrc.json --ignore-path=./.prettierignore --tsconfig=./tsconfig.json .",
+	"lint:fix": "npm run lint -- --fix && npm run lint:fix:fast",
+	"lint:fix:fast": "prettier --cache --log-level warn --write .",
+	prepare: "husky && custompatch",
+	test: "run-s check build:* test:*",
+	"test:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
+	"test-ci": "run-s build:* test:*",
+	"test:unit": "tap-run",
+	"test:coverage": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
+};
+var dependencies = {
+	"@apideck/better-ajv-errors": "^0.3.6",
+	"@cyclonedx/cdxgen": "^11.0.5",
+	"@inquirer/confirm": "^5.0.2",
+	"@inquirer/password": "^4.0.3",
+	"@inquirer/select": "^4.0.3",
+	"@npmcli/promise-spawn": "^8.0.2",
+	"@socketregistry/hyrious__bun.lockb": "1.0.5",
+	"@socketregistry/yocto-spinner": "^1.0.1",
+	"@socketsecurity/config": "^2.1.3",
+	"@socketsecurity/registry": "^1.0.35",
+	"@socketsecurity/sdk": "^1.3.0",
+	blessed: "^0.1.81",
+	"blessed-contrib": "^4.11.0",
+	browserslist: "4.24.2",
+	"chalk-table": "^1.0.2",
+	"has-flag": "^4.0.0",
+	hpagent: "^1.2.0",
+	ignore: "^6.0.2",
+	micromatch: "^4.0.8",
+	"npm-package-arg": "^12.0.0",
+	"pony-cause": "^2.1.11",
+	semver: "^7.6.3",
+	synp: "^1.9.14",
+	tinyglobby: "^0.2.10",
+	which: "^5.0.0",
+	yaml: "^2.6.1",
+	"yargs-parser": "^21.1.1",
+	"yoctocolors-cjs": "^2.1.2"
+};
+var devDependencies = {
+	"@babel/core": "^7.26.0",
+	"@babel/plugin-proposal-export-default-from": "^7.25.9",
+	"@babel/plugin-syntax-dynamic-import": "^7.8.3",
+	"@babel/plugin-transform-export-namespace-from": "^7.25.9",
+	"@babel/plugin-transform-modules-commonjs": "^7.26.3",
+	"@babel/plugin-transform-runtime": "^7.25.9",
+	"@babel/preset-env": "^7.26.0",
+	"@babel/preset-typescript": "^7.26.0",
+	"@babel/runtime": "^7.26.0",
+	"@eslint/compat": "^1.2.4",
+	"@eslint/js": "^9.16.0",
+	"@rollup/plugin-commonjs": "^28.0.1",
+	"@rollup/plugin-json": "^6.1.0",
+	"@rollup/plugin-node-resolve": "^15.3.0",
+	"@rollup/plugin-replace": "^6.0.1",
+	"@rollup/pluginutils": "^5.1.3",
+	"@tapjs/run": "^4.0.1",
+	"@types/blessed": "^0.1.25",
+	"@types/micromatch": "^4.0.9",
+	"@types/mocha": "^10.0.10",
+	"@types/mock-fs": "^4.13.4",
+	"@types/node": "^22.10.1",
+	"@types/npmcli__arborist": "^5.6.11",
+	"@types/npmcli__promise-spawn": "^6.0.3",
+	"@types/proc-log": "^3.0.4",
+	"@types/semver": "^7.5.8",
+	"@types/update-notifier": "^6.0.8",
+	"@types/which": "^3.0.4",
+	"@types/yargs-parser": "^21.0.3",
+	"@typescript-eslint/eslint-plugin": "^8.17.0",
+	"@typescript-eslint/parser": "^8.17.0",
+	c8: "^10.1.2",
+	custompatch: "^1.0.28",
+	eslint: "^9.16.0",
+	"eslint-import-resolver-oxc": "^0.6.0",
+	"eslint-plugin-depend": "^0.12.0",
+	"eslint-plugin-import-x": "^4.5.0",
+	"eslint-plugin-n": "^17.14.0",
+	"eslint-plugin-sort-destructure-keys": "^2.0.0",
+	"eslint-plugin-unicorn": "^56.0.1",
+	husky: "^9.1.7",
+	"is-interactive": "^2.0.0",
+	"is-unicode-supported": "^2.1.0",
+	knip: "^5.39.2",
+	"magic-string": "^0.30.14",
+	meow: "^13.2.0",
+	"mock-fs": "^5.4.1",
+	nock: "^13.5.6",
+	"npm-run-all2": "^7.0.1",
+	open: "^10.1.0",
+	oxlint: "0.14.1",
+	prettier: "3.4.2",
+	"read-package-up": "^11.0.0",
+	rollup: "4.28.1",
+	"rollup-plugin-ts": "^3.4.5",
+	"terminal-link": "^3.0.0",
+	"tiny-updater": "^3.5.2",
+	"type-coverage": "^2.29.7",
+	typescript: "5.4.5",
+	"typescript-eslint": "^8.17.0",
+	"unplugin-purge-polyfills": "^0.0.7"
+};
+var overrides = {
+	"aggregate-error": "npm:@socketregistry/aggregate-error@^1",
+	"es-define-property": "npm:@socketregistry/es-define-property@^1",
+	"function-bind": "npm:@socketregistry/function-bind@^1",
+	globalthis: "npm:@socketregistry/globalthis@^1",
+	gopd: "npm:@socketregistry/gopd@^1",
+	"has-property-descriptors": "npm:@socketregistry/has-property-descriptors@^1",
+	"has-proto": "npm:@socketregistry/has-proto@^1",
+	"has-symbols": "npm:@socketregistry/has-symbols@^1",
+	hasown: "npm:@socketregistry/hasown@^1",
+	"indent-string": "npm:@socketregistry/indent-string@^1",
+	"is-core-module": "npm:@socketregistry/is-core-module@^1",
+	isarray: "npm:@socketregistry/isarray@^1",
+	"npm-package-arg": "$npm-package-arg",
+	"packageurl-js": "npm:@socketregistry/packageurl-js@^1",
+	"path-parse": "npm:@socketregistry/path-parse@^1",
+	"safe-buffer": "npm:@socketregistry/safe-buffer@^1",
+	"safer-buffer": "npm:@socketregistry/safer-buffer@^1",
+	semver: "$semver",
+	"set-function-length": "npm:@socketregistry/set-function-length@^1",
+	"side-channel": "npm:@socketregistry/side-channel@^1",
+	yaml: "$yaml"
+};
+var resolutions = {
+	"aggregate-error": "npm:@socketregistry/aggregate-error@^1",
+	"es-define-property": "npm:@socketregistry/es-define-property@^1",
+	"function-bind": "npm:@socketregistry/function-bind@^1",
+	globalthis: "npm:@socketregistry/globalthis@^1",
+	gopd: "npm:@socketregistry/gopd@^1",
+	"has-property-descriptors": "npm:@socketregistry/has-property-descriptors@^1",
+	"has-proto": "npm:@socketregistry/has-proto@^1",
+	"has-symbols": "npm:@socketregistry/has-symbols@^1",
+	hasown: "npm:@socketregistry/hasown@^1",
+	"indent-string": "npm:@socketregistry/indent-string@^1",
+	"is-core-module": "npm:@socketregistry/is-core-module@^1",
+	isarray: "npm:@socketregistry/isarray@^1",
+	"npm-package-arg": "^12.0.0",
+	"packageurl-js": "npm:@socketregistry/packageurl-js@^1",
+	"path-parse": "npm:@socketregistry/path-parse@^1",
+	"safe-buffer": "npm:@socketregistry/safe-buffer@^1",
+	"safer-buffer": "npm:@socketregistry/safer-buffer@^1",
+	semver: "^7.6.3",
+	"set-function-length": "npm:@socketregistry/set-function-length@^1",
+	"side-channel": "npm:@socketregistry/side-channel@^1",
+	yaml: "^2.6.0"
+};
+var engines = {
+	node: "^18.20.4 || ^20.9.0 || >=22.0.0"
+};
+var files = [
+	"bin/**",
+	"dist/**",
+	"translations.json"
+];
+var require$$6 = {
+	name: name,
+	version: version,
+	description: description,
+	homepage: homepage,
+	license: license,
+	repository: repository,
+	author: author,
+	bin: bin,
+	exports: exports$1,
+	scripts: scripts,
+	dependencies: dependencies,
+	devDependencies: devDependencies,
+	overrides: overrides,
+	resolutions: resolutions,
+	engines: engines,
+	files: files
+};
+
 Object.defineProperty(ttyServer$1, "__esModule", {
   value: true
 });
@@ -40,7 +291,7 @@ var _nodeNet = require$$1$1;
 var _nodeOs = require$$2;
 var _nodePath$1 = require$$1;
 var _nodeReadline$1 = require$$3;
-var _nodeStream$1 = require$$5;
+var _nodeStream = require$$5;
 var _package = require$$6;
 var _misc$1 = sdk.misc;
 const NEWLINE_CHAR_CODE = 10; /*'\n'*/
@@ -78,10 +329,10 @@ function createNonStandardTTYServer() {
               if (remote_ipc_version !== _package.version) {
                 throw new Error('Mismatched STDIO tunnel IPC version, ensure you only have 1 version of socket CLI being called.');
               }
-              const input = hasInput ? new _nodeStream$1.PassThrough() : null;
+              const input = hasInput ? new _nodeStream.PassThrough() : null;
               input?.pause();
               if (input) conn.pipe(input);
-              const output = hasOutput ? new _nodeStream$1.PassThrough() : null;
+              const output = hasOutput ? new _nodeStream.PassThrough() : null;
               if (output) {
                 output.pipe(conn)
                 // Make ora happy
@@ -235,7 +486,7 @@ var issueRules = {};
 Object.defineProperty(issueRules, "__esModule", {
   value: true
 });
-issueRules.createIssueUXLookup = createIssueUXLookup;
+issueRules.createAlertUXLookup = createAlertUXLookup;
 //#region UX Constants
 
 const IGNORE_UX = {
@@ -302,7 +553,7 @@ function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
 function issueRuleValueDoesNotDefer(issueRule) {
   if (issueRule === undefined) {
     return false;
-  } else if (typeof issueRule === 'object' && issueRule) {
+  } else if (issueRule !== null && typeof issueRule === 'object') {
     const {
       action
     } = issueRule;
@@ -334,11 +585,13 @@ function uxForDefinedNonDeferValue(issueRuleValue) {
 
 //#region exports
 
-function createIssueUXLookup(settings) {
+function createAlertUXLookup(settings) {
   const cachedUX = new Map();
   return context => {
-    const key = context.issue.type;
-    let ux = cachedUX.get(key);
+    const {
+      type
+    } = context.alert;
+    let ux = cachedUX.get(type);
     if (ux) {
       return ux;
     }
@@ -351,7 +604,7 @@ function createIssueUXLookup(settings) {
         if (!resolvedTarget) {
           break;
         }
-        const issueRuleValue = resolvedTarget.issueRules?.[key];
+        const issueRuleValue = resolvedTarget.issueRules?.[type];
         if (typeof issueRuleValue !== 'undefined') {
           orderedIssueRules.push(issueRuleValue);
         }
@@ -359,7 +612,7 @@ function createIssueUXLookup(settings) {
       }
       entriesOrderedIssueRules.push(orderedIssueRules);
     }
-    const defaultValue = settings.defaults.issueRules[key];
+    const defaultValue = settings.defaults.issueRules[type];
     let resolvedDefaultValue = {
       action: 'error'
     };
@@ -373,27 +626,27 @@ function createIssueUXLookup(settings) {
       };
     }
     ux = resolveIssueRuleUX(entriesOrderedIssueRules, resolvedDefaultValue);
-    cachedUX.set(key, ux);
+    cachedUX.set(type, ux);
     return ux;
   };
 }
 
-var _interopRequireDefault = require$$0$1.default;
+var _interopRequireDefault = vendor.interopRequireDefault.default;
 Object.defineProperty(arborist, "__esModule", {
   value: true
 });
 arborist.SafeArborist = void 0;
 arborist.installSafeArborist = installSafeArborist;
-var _nodeEvents = require$$1$2;
+var _nodeEvents = require$$1$3;
 var _nodeFs = require$$0;
 var _nodeHttps = require$$3$3;
 var _nodePath = require$$1;
 var _nodeReadline = require$$3;
-var _nodeStream = require$$5;
-var _promises = require$$7$1;
+var _promises = require$$6$2;
+var _confirm = require$$1$2;
+var _yoctoSpinner = require$$3$2;
 var _isInteractive = _interopRequireDefault(require$$3$1);
 var _npmPackageArg = require$$5$1;
-var _yoctoSpinner = require$$3$2;
 var _semver = require$$4;
 var _config = require$$6$1;
 var _objects = require$$7;
@@ -405,7 +658,7 @@ var _misc = sdk.misc;
 var _pathResolve = pathResolve.pathResolve;
 var _sdk = sdk.sdk;
 var _settings = sdk.settings;
-const POTENTIALLY_BUG_ERROR_SNIPPET = 'this is potentially a bug with socket-npm caused by changes to the npm cli';
+const POTENTIAL_BUG_ERROR_MESSAGE = `This is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${_constants$1.SOCKET_CLI_ISSUES_URL}.`;
 const npmEntrypoint = (0, _nodeFs.realpathSync)(process.argv[1]);
 const npmRootPath = (0, _pathResolve.findRoot)(_nodePath.dirname(npmEntrypoint));
 function tryRequire(...ids) {
@@ -431,12 +684,9 @@ function tryRequire(...ids) {
   return undefined;
 }
 if (npmRootPath === undefined) {
-  console.error(`Unable to find npm cli install directory, ${POTENTIALLY_BUG_ERROR_SNIPPET}.`);
-  console.error(`Searched parent directories of ${npmEntrypoint}`);
+  console.error(`Unable to find npm CLI install directory.\nSearched parent directories of ${npmEntrypoint}.\n\n${POTENTIAL_BUG_ERROR_MESSAGE}`);
   process.exit(127);
 }
-const LOOP_SENTINEL = 1_000_000;
-const NPM_REGISTRY_URL = 'https://registry.npmjs.org';
 const npmNmPath = _nodePath.join(npmRootPath, 'node_modules');
 const arboristPkgPath = _nodePath.join(npmNmPath, '@npmcli/arborist');
 const arboristClassPath = _nodePath.join(arboristPkgPath, 'lib/arborist/index.js');
@@ -449,7 +699,7 @@ const log = tryRequire([_nodePath.join(npmNmPath, 'proc-log/lib/index.js'),
 // is really that of its export log.
 mod => mod.log], _nodePath.join(npmNmPath, 'npmlog/lib/log.js'));
 if (log === undefined) {
-  console.error(`Unable to integrate with npm cli logging infrastructure, ${POTENTIALLY_BUG_ERROR_SNIPPET}.`);
+  console.error(`Unable to integrate with npm CLI logging infrastructure.\n\n${POTENTIAL_BUG_ERROR_MESSAGE}.`);
   process.exit(127);
 }
 const pacote = tryRequire(_nodePath.join(npmNmPath, 'pacote'), 'pacote');
@@ -469,7 +719,7 @@ const OverrideSet = require(arboristOverrideSetClassPatch);
 const kCtorArgs = Symbol('ctorArgs');
 const kRiskyReify = Symbol('riskyReify');
 const formatter = new _colorOrMarkdown.ColorOrMarkdown(false);
-const pubToken = (0, _sdk.getDefaultKey)() ?? _sdk.FREE_API_KEY;
+const pubToken = (0, _sdk.getDefaultKey)() ?? _constants$1.SOCKET_PUBLIC_API_KEY;
 const ttyServer = (0, _ttyServer.createTTYServer)((0, _isInteractive.default)({
   stream: process.stdin
 }), log);
@@ -484,31 +734,20 @@ async function uxLookup(settings) {
   return _uxLookup(settings);
 }
 async function* batchScan(pkgIds) {
-  const query = {
-    packages: pkgIds.map(id => {
-      const {
-        name,
-        version
-      } = pkgidParts(id);
-      return {
-        eco: 'npm',
-        pkg: name,
-        ver: version,
-        top: true
-      };
-    })
-  };
-  // TODO: Migrate to SDK.
-  const pkgDataReq = _nodeHttps.request(`${_constants$1.API_V0_URL}/scan/batch`, {
+  const req = _nodeHttps.request(`${_constants$1.API_V0_URL}/purl?alerts=true`, {
     method: 'POST',
     headers: {
       Authorization: `Basic ${Buffer.from(`${pubToken}:`).toString('base64url')}`
     },
     signal: abortSignal
-  }).end(JSON.stringify(query));
+  }).end(JSON.stringify({
+    components: pkgIds.map(id => ({
+      purl: `pkg:npm/${id}`
+    }))
+  }));
   const {
     0: res
-  } = await _nodeEvents.once(pkgDataReq, 'response');
+  } = await _nodeEvents.once(req, 'response');
   const ok = res.statusCode >= 200 && res.statusCode <= 299;
   if (!ok) {
     throw new Error(`Socket API Error: ${res.statusCode}`);
@@ -574,101 +813,118 @@ function findSpecificOverrideSet(first, second) {
   log.silly('Conflicting override sets', first, second);
   return undefined;
 }
+function isAlertFixable(alert) {
+  const {
+    type
+  } = alert;
+  if (type === 'cve' || type === 'mediumCVE' || type === 'mildCVE' || type === 'criticalCVE') {
+    return !!alert.props?.['firstPatchedVersionIdentifier'];
+  }
+  return type === 'socketUpgradeAvailable';
+}
 function maybeReadfileSync(filepath) {
   try {
     return (0, _nodeFs.readFileSync)(filepath, 'utf8');
   } catch {}
   return undefined;
 }
-async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
+async function getPackagesAlerts(safeArb, _registry, pkgs, output) {
   const spinner = _yoctoSpinner({
     stream: output
   });
-  let result = false;
   let {
     length: remaining
   } = pkgs;
+  const packageAlerts = [];
   if (!remaining) {
     spinner.success('No changes detected');
-    return result;
+    return packageAlerts;
   }
   const getText = () => `Looking up data for ${remaining} packages`;
   spinner.start(getText());
   try {
-    for await (const pkgData of batchScan(pkgs.map(p => p.pkgid))) {
+    for await (const artifact of batchScan(pkgs.map(p => p.pkgid))) {
+      if (!artifact.name || !artifact.version || !artifact.alerts?.length) {
+        continue;
+      }
       const {
-        pkg: name,
-        ver: version
-      } = pkgData;
-      const id = `${name}@${version}`;
+        version
+      } = artifact;
+      const name = `${artifact.namespace ? `${artifact.namespace}/` : ''}${artifact.name}`;
+      const id = `${name}@${artifact.version}`;
+      let blocked = false;
       let displayWarning = false;
-      let failures = [];
-      if (pkgData.type === 'missing') {
-        result = true;
-        failures.push({
-          type: 'missingDependency'
+      let alerts = [];
+      for (const alert of artifact.alerts) {
+        // eslint-disable-next-line no-await-in-loop
+        const ux = await uxLookup({
+          package: {
+            name,
+            version
+          },
+          alert: {
+            type: alert.type
+          }
         });
-      } else {
-        let blocked = false;
-        for (const failure of pkgData.value.issues) {
-          // eslint-disable-next-line no-await-in-loop
-          const ux = await uxLookup({
-            package: {
-              name,
-              version
-            },
-            issue: {
-              type: failure.type
-            }
+        if (ux.block) {
+          blocked = true;
+        }
+        if (ux.display) {
+          displayWarning = true;
+        }
+        if (ux.block || ux.display) {
+          alerts.push({
+            name,
+            version,
+            type: alert.type,
+            block: ux.block,
+            raw: alert,
+            fixable: isAlertFixable(alert)
           });
-          if (ux.display || ux.block) {
-            failures.push({
-              raw: failure,
-              block: ux.block
-            });
-            // Before we ask about problematic issues, check to see if they
-            // already existed in the old version if they did, be quiet.
-            const pkg = pkgs.find(p => p.pkgid === id && p.existing?.startsWith(`${name}@`));
-            if (pkg?.existing) {
-              // eslint-disable-next-line no-await-in-loop
-              for await (const oldPkgData of batchScan([pkg.existing])) {
-                if (oldPkgData.type === 'success') {
-                  failures = failures.filter(issue => oldPkgData.value.issues.find(oldIssue => oldIssue.type === issue.raw.type) == null);
-                }
-              }
-            }
-          }
-          if (ux.block) {
-            result = true;
-            blocked = true;
-          }
-          if (ux.display) {
-            displayWarning = true;
+          // Before we ask about problematic issues, check to see if they
+          // already existed in the old version if they did, be quiet.
+          const pkg = pkgs.find(p => p.pkgid === id && p.existing?.startsWith(`${name}@`));
+          if (pkg?.existing) {
+            const oldArtifact =
+            // eslint-disable-next-line no-await-in-loop
+            (await batchScan([pkg.existing]).next()).value;
+            console.log('oldArtifact', oldArtifact);
+            // if (oldArtifact.type === 'success') {
+            //   issues = issues.filter(
+            //     ({ type }) =>
+            //       oldPkgData.value.issues.find(
+            //         oldIssue => oldIssue.type === type
+            //       ) === undefined
+            //   )
+            // }
           }
         }
-        if (!blocked) {
-          const pkg = pkgs.find(p => p.pkgid === id);
-          if (pkg) {
-            await tarball.stream(id, stream => {
-              stream.resume();
-              return stream.promise();
-            }, {
-              ...safeArb[kCtorArgs][0]
-            });
-          }
+      }
+      if (!blocked) {
+        const pkg = pkgs.find(p => p.pkgid === id);
+        if (pkg) {
+          await tarball.stream(id, stream => {
+            stream.resume();
+            return stream.promise();
+          }, {
+            ...safeArb[kCtorArgs][0]
+          });
         }
       }
       if (displayWarning) {
         spinner.stop(`(socket) ${formatter.hyperlink(id, `https://socket.dev/npm/package/${name}/overview/${version}`)} contains risks:`);
-        failures.sort((a, b) => a.raw.type < b.raw.type ? -1 : 1);
+        alerts.sort((a, b) => a.type < b.type ? -1 : 1);
         const lines = new Set();
-        for (const failure of failures) {
-          const type = failure.raw.type;
-          if (type) {
-            const issueTypeTranslation = translations.issues[type];
-            // TODO: emoji seems to mis-align terminals sometimes
-            lines.add(`  ${issueTypeTranslation?.title ?? type}${failure.block ? '' : ' (non-blocking)'} - ${issueTypeTranslation?.description ?? ''}\n`);
-          }
+        for (const alert of alerts) {
+          // Based data from { pageProps: { alertTypes } } of:
+          // https://socket.dev/_next/data/94666139314b6437ee4491a0864e72b264547585/en-US.json
+          const info = translations.alerts[alert.type];
+          const title = info?.title ?? alert.type;
+          const attributes = [...(alert.fixable ? ['fixable'] : []), ...(alert.block ? [] : ['non-blocking'])];
+          const maybeAttributes = attributes.length ? ` (${attributes.join('; ')})` : '';
+          const maybeDesc = info?.description ? ` - ${info.description}` : '';
+          // TODO: emoji seems to mis-align terminals sometimes
+          lines.add(`  ${title}${maybeAttributes}${maybeDesc}\n`);
         }
         for (const line of lines) {
           output?.write(line);
@@ -677,20 +933,14 @@ async function packagesHaveRiskyIssues(safeArb, _registry, pkgs, output) {
       }
       remaining -= 1;
       spinner.text = remaining > 0 ? getText() : '';
+      packageAlerts.push(...alerts);
     }
-    return result;
+  } catch (e) {
+    console.log('error', e);
   } finally {
     spinner.stop();
   }
-}
-function pkgidParts(pkgid) {
-  const delimiter = pkgid.lastIndexOf('@');
-  const name = pkgid.slice(0, delimiter);
-  const version = pkgid.slice(delimiter + 1);
-  return {
-    name,
-    version
-  };
+  return packageAlerts;
 }
 function toRepoUrl(resolved) {
   return resolved.replace(/#[\s\S]*$/, '').replace(/\?[\s\S]*$/, '').replace(/\/[^/]*\/-\/[\s\S]*$/, '');
@@ -702,7 +952,7 @@ function walk(diff_, needInfoOn = []) {
     length: queueLength
   } = queue;
   while (pos < queueLength) {
-    if (pos === LOOP_SENTINEL) {
+    if (pos === _constants$1.LOOP_SENTINEL) {
       throw new Error('Detected infinite loop while walking Arborist diff');
     }
     const diff = queue[pos++];
@@ -1274,7 +1524,7 @@ class SafeOverrideSet extends OverrideSet {
       length: queueLength
     } = queue;
     while (pos < queueLength) {
-      if (pos === LOOP_SENTINEL) {
+      if (pos === _constants$1.LOOP_SENTINEL) {
         throw new Error('Detected infinite loop while comparing override sets');
       }
       const {
@@ -1416,43 +1666,26 @@ class SafeArborist extends Arborist {
     options['save'] = old.save;
     options['saveBundle'] = old.saveBundle;
     // Nothing to check, mmm already installed or all private?
-    if (diff.findIndex(c => c.repository_url === NPM_REGISTRY_URL) === -1) {
+    if (diff.findIndex(c => c.repository_url === _constants$1.NPM_REGISTRY_URL) === -1) {
       return await this[kRiskyReify](...args);
     }
-    let proceed = _constants$1.ENV.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE;
+    let proceed = _constants$1.ENV[_constants$1.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE];
     if (!proceed) {
       proceed = await ttyServer.captureTTY(async (input, output) => {
         if (input && output) {
-          const risky = await packagesHaveRiskyIssues(this, this['registry'], diff, output);
-          if (!risky) {
+          const alerts = await getPackagesAlerts(this, this['registry'], diff, output);
+          if (!alerts.length) {
             return true;
           }
-          const rlin = new _nodeStream.PassThrough();
-          input.pipe(rlin);
-          const rlout = new _nodeStream.PassThrough();
-          rlout.pipe(output, {
-            end: false
+          return await _confirm({
+            message: 'Accept risks of installing these packages?',
+            default: false
+          }, {
+            input,
+            output,
+            signal: abortSignal
           });
-          const rli = _nodeReadline.createInterface(rlin, rlout);
-          try {
-            while (true) {
-              // eslint-disable-next-line no-await-in-loop
-              const answer = await new Promise(resolve => {
-                rli.question('Accept risks of installing these packages (y/N)?\n', {
-                  signal: abortSignal
-                }, resolve);
-              });
-              if (/^\s*y(?:es)?\s*$/i.test(answer)) {
-                return true;
-              }
-              if (/^(?:\s*no?\s*|)$/i.test(answer)) {
-                return false;
-              }
-            }
-          } finally {
-            rli.close();
-          }
-        } else if (await packagesHaveRiskyIssues(this, this['registry'], diff, output)) {
+        } else if ((await getPackagesAlerts(this, this['registry'], diff, output)).length > 0) {
           throw new Error('Socket npm Unable to prompt to accept risk, need TTY to do so');
         }
         return true;
@@ -1553,7 +1786,7 @@ void (async () => {
       }
     });
   }
-  _uxLookup = (0, _issueRules.createIssueUXLookup)(settings);
+  _uxLookup = (0, _issueRules.createAlertUXLookup)(settings);
 })();
 
 var _constants = constants.constants;
@@ -1565,7 +1798,7 @@ var _link = link.link;
 
 (function (exports) {
 
-	var _interopRequireWildcard = require$$0$2.default;
+	var _interopRequireWildcard = vendor.interopRequireWildcard.default;
 	Object.defineProperty(exports, "__esModule", {
 	  value: true
 	});
@@ -1590,6 +1823,6 @@ var _link = link.link;
 	}); 
 } (npmInjection$2));
 
-var npmInjection = /*@__PURE__*/constants.getDefaultExportFromCjs(npmInjection$2);
+var npmInjection = /*@__PURE__*/vendor.getDefaultExportFromCjs(npmInjection$2);
 
 module.exports = npmInjection;