@socketsecurity/cli 0.14.33 → 0.14.34

package/dist/module-sync/npm-injection.js

@@ -1,38 +1,36 @@
 'use strict';
 
-function _interop(e) {
-  let d
-  if (e) {
-    let c = 0
-    for (const k in e) {
-      d = c++ === 0 && k === 'default' ? e[k] : void 0
-      if (!d) break
-    }
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c) break
   }
-  return d ?? e
+  return c ? e.default : e
 }
 
-var vendor = _interop(require('./vendor.js'));
-var constants = _interop(require('./constants.js'));
-var require$$1$3 = _interop(require('node:events'));
-var require$$0 = _interop(require('node:fs'));
-var require$$3$3 = _interop(require('node:https'));
-var require$$1 = _interop(require('node:path'));
-var require$$3 = _interop(require('node:readline'));
-var require$$6$2 = _interop(require('node:timers/promises'));
-var require$$1$2 = _interop(require('@inquirer/confirm'));
-var require$$3$2 = _interop(require('@socketregistry/yocto-spinner'));
-var require$$3$1 = _interop(require('is-interactive'));
-var require$$5$1 = _interop(require('npm-package-arg'));
-var require$$4 = _interop(require('semver'));
-var require$$6$1 = _interop(require('@socketsecurity/config'));
-var require$$7 = _interop(require('@socketsecurity/registry/lib/objects'));
-var require$$1$1 = _interop(require('node:net'));
-var require$$2 = _interop(require('node:os'));
-var require$$5 = _interop(require('node:stream'));
-var sdk = _interop(require('./sdk.js'));
-var pathResolve = _interop(require('./path-resolve.js'));
-var link = _interop(require('./link.js'));
+var vendor = require('./vendor.js');
+var constants = require('./constants.js');
+var require$$1$3 = require('node:events');
+var require$$0 = require('node:fs');
+var require$$3$3 = require('node:https');
+var require$$1 = require('node:path');
+var require$$3 = require('node:readline');
+var require$$6$2 = require('node:timers/promises');
+var require$$1$2 = require('@socketsecurity/registry/lib/prompts');
+var require$$3$2 = require('@socketregistry/yocto-spinner');
+var require$$2$1 = _socketInterop(require('is-interactive'));
+var require$$5$1 = _socketInterop(require('npm-package-arg'));
+var require$$3$1 = _socketInterop(require('semver'));
+var require$$6$1 = require('@socketsecurity/config');
+var require$$7 = require('@socketsecurity/registry/lib/objects');
+var require$$8 = require('@socketsecurity/registry/lib/packages');
+var require$$1$1 = require('node:net');
+var require$$2 = require('node:os');
+var require$$5 = require('node:stream');
+var sdk = require('./sdk.js');
+var pathResolve = require('./path-resolve.js');
+var link = require('./link.js');
 
 var npmInjection$2 = {};
 
@@ -43,7 +41,7 @@ var arborist = {};
 var ttyServer$1 = {};
 
 var name = "@socketsecurity/cli";
-var version = "0.14.33";
+var version = "0.14.34";
 var description = "CLI tool for Socket.dev";
 var homepage = "http://github.com/SocketDev/socket-cli";
 var license = "MIT";
@@ -64,34 +62,19 @@ var bin = {
 };
 var exports$1 = {
 	"./bin/cli.js": {
-		"module-sync": {
-			types: "./dist/module-sync/cli.d.ts",
-			"default": "./dist/module-sync/cli.js"
-		},
-		require: {
-			types: "./dist/require/cli.d.ts",
-			"default": "./dist/require/cli.js"
-		}
+		types: "./dist/module-sync/cli.d.ts",
+		"module-sync": "./dist/module-sync/cli.js",
+		require: "./dist/require/cli.js"
 	},
 	"./bin/npm-cli.js": {
-		"module-sync": {
-			types: "./dist/module-sync/npm-cli.d.ts",
-			"default": "./dist/module-sync/npm-cli.js"
-		},
-		require: {
-			types: "./dist/require/npm-cli.d.ts",
-			"default": "./dist/require/npm-cli.js"
-		}
+		types: "./dist/module-sync/npm-cli.d.ts",
+		"module-sync": "./dist/module-sync/npm-cli.js",
+		require: "./dist/require/npm-cli.js"
 	},
 	"./bin/npx-cli.js": {
-		"module-sync": {
-			types: "./dist/module-sync/npx-cli.d.ts",
-			"default": "./dist/module-sync/npx-cli.js"
-		},
-		require: {
-			types: "./dist/require/npx-cli.d.ts",
-			"default": "./dist/require/npx-cli.js"
-		}
+		types: "./dist/module-sync/npx-cli.d.ts",
+		"module-sync": "./dist/module-sync/npx-cli.js",
+		require: "./dist/require/npx-cli.js"
 	},
 	"./package.json": "./package.json",
 	"./translations.json": "./translations.json"
@@ -110,23 +93,20 @@ var scripts = {
 	"lint:fix": "npm run lint -- --fix && npm run lint:fix:fast",
 	"lint:fix:fast": "prettier --cache --log-level warn --write .",
 	prepare: "husky && custompatch",
-	test: "run-s check build:* test:*",
-	"test:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
+	test: "run-s check build:* test:* test:coverage:*",
 	"test-ci": "run-s build:* test:*",
 	"test:unit": "tap-run",
-	"test:coverage": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
+	"test:coverage:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
+	"test:coverage:merge": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
 };
 var dependencies = {
 	"@apideck/better-ajv-errors": "^0.3.6",
 	"@cyclonedx/cdxgen": "^11.0.5",
-	"@inquirer/confirm": "^5.0.2",
-	"@inquirer/password": "^4.0.3",
-	"@inquirer/select": "^4.0.3",
 	"@npmcli/promise-spawn": "^8.0.2",
 	"@socketregistry/hyrious__bun.lockb": "1.0.5",
 	"@socketregistry/yocto-spinner": "^1.0.1",
 	"@socketsecurity/config": "^2.1.3",
-	"@socketsecurity/registry": "^1.0.35",
+	"@socketsecurity/registry": "^1.0.51",
 	"@socketsecurity/sdk": "^1.3.0",
 	blessed: "^0.1.81",
 	"blessed-contrib": "^4.11.0",
@@ -230,6 +210,8 @@ var overrides = {
 	semver: "$semver",
 	"set-function-length": "npm:@socketregistry/set-function-length@^1",
 	"side-channel": "npm:@socketregistry/side-channel@^1",
+	"tiny-colors": "$yoctocolors-cjs",
+	typedarray: "npm:@socketregistry/typedarray@^1",
 	yaml: "$yaml"
 };
 var resolutions = {
@@ -253,6 +235,8 @@ var resolutions = {
 	semver: "^7.6.3",
 	"set-function-length": "npm:@socketregistry/set-function-length@^1",
 	"side-channel": "npm:@socketregistry/side-channel@^1",
+	"tiny-colors": "npm:yoctocolors-cjs@^2.1.2",
+	typedarray: "npm:@socketregistry/typedarray@^1",
 	yaml: "^2.6.0"
 };
 var engines = {
@@ -323,7 +307,7 @@ function createNonStandardTTYServer() {
                   output: hasOutput
                 },
                 ipc_version: remote_ipc_version
-              } = JSON.parse(lineBuff.subarray(0, eolIndex).toString('utf-8'));
+              } = JSON.parse(lineBuff.subarray(0, eolIndex).toString('utf8'));
               lineBuff = null;
               captured = true;
               if (remote_ipc_version !== _package.version) {
@@ -481,12 +465,12 @@ function createTTYServer(isInteractive, npmlog) {
   return !isInteractive && TTY_IPC ? createNonStandardTTYServer() : createStandardTTYServer(isInteractive, npmlog);
 }
 
-var issueRules = {};
+var alertRules = {};
 
-Object.defineProperty(issueRules, "__esModule", {
+Object.defineProperty(alertRules, "__esModule", {
   value: true
 });
-issueRules.createAlertUXLookup = createAlertUXLookup;
+alertRules.createAlertUXLookup = createAlertUXLookup;
 //#region UX Constants
 
 const IGNORE_UX = {
@@ -509,7 +493,7 @@ const ERROR_UX = {
  * all issue rules and finds the first defined value that does not defer otherwise
  * uses the defaultValue. Takes the value and converts into a UX workflow
  */
-function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
+function resolveAlertRuleUX(orderedRulesCollection, defaultValue) {
   if (defaultValue === true || defaultValue == null) {
     defaultValue = {
       action: 'error'
@@ -522,9 +506,9 @@ function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
   let block = false;
   let display = false;
   let needDefault = true;
-  iterate_entries: for (const issueRuleArr of entriesOrderedIssueRules) {
-    for (const rule of issueRuleArr) {
-      if (issueRuleValueDoesNotDefer(rule)) {
+  iterate_entries: for (const rules of orderedRulesCollection) {
+    for (const rule of rules) {
+      if (ruleValueDoesNotDefer(rule)) {
         needDefault = false;
         const narrowingFilter = uxForDefinedNonDeferValue(rule);
         block = block || narrowingFilter.block;
@@ -550,13 +534,13 @@ function resolveIssueRuleUX(entriesOrderedIssueRules, defaultValue) {
 /**
  * Negative form because it is narrowing the type
  */
-function issueRuleValueDoesNotDefer(issueRule) {
-  if (issueRule === undefined) {
+function ruleValueDoesNotDefer(rule) {
+  if (rule === undefined) {
     return false;
-  } else if (issueRule !== null && typeof issueRule === 'object') {
+  } else if (rule !== null && typeof rule === 'object') {
     const {
       action
-    } = issueRule;
+    } = rule;
     if (action === undefined || action === 'defer') {
       return false;
     }
@@ -567,13 +551,13 @@ function issueRuleValueDoesNotDefer(issueRule) {
 /**
  * Handles booleans for backwards compatibility
  */
-function uxForDefinedNonDeferValue(issueRuleValue) {
-  if (typeof issueRuleValue === 'boolean') {
-    return issueRuleValue ? ERROR_UX : IGNORE_UX;
+function uxForDefinedNonDeferValue(ruleValue) {
+  if (typeof ruleValue === 'boolean') {
+    return ruleValue ? ERROR_UX : IGNORE_UX;
   }
   const {
     action
-  } = issueRuleValue;
+  } = ruleValue;
   if (action === 'warn') {
     return WARN_UX;
   } else if (action === 'ignore') {
@@ -595,9 +579,9 @@ function createAlertUXLookup(settings) {
     if (ux) {
       return ux;
     }
-    const entriesOrderedIssueRules = [];
+    const orderedRulesCollection = [];
     for (const settingsEntry of settings.entries) {
-      const orderedIssueRules = [];
+      const orderedRules = [];
       let target = settingsEntry.start;
       while (target !== null) {
         const resolvedTarget = settingsEntry.settings[target];
@@ -606,11 +590,11 @@ function createAlertUXLookup(settings) {
         }
         const issueRuleValue = resolvedTarget.issueRules?.[type];
         if (typeof issueRuleValue !== 'undefined') {
-          orderedIssueRules.push(issueRuleValue);
+          orderedRules.push(issueRuleValue);
         }
         target = resolvedTarget.deferTo ?? null;
       }
-      entriesOrderedIssueRules.push(orderedIssueRules);
+      orderedRulesCollection.push(orderedRules);
     }
     const defaultValue = settings.defaults.issueRules[type];
     let resolvedDefaultValue = {
@@ -625,7 +609,7 @@ function createAlertUXLookup(settings) {
         action: defaultValue.action ?? 'error'
       };
     }
-    ux = resolveIssueRuleUX(entriesOrderedIssueRules, resolvedDefaultValue);
+    ux = resolveAlertRuleUX(orderedRulesCollection, resolvedDefaultValue);
     cachedUX.set(type, ux);
     return ux;
   };
@@ -643,22 +627,33 @@ var _nodeHttps = require$$3$3;
 var _nodePath = require$$1;
 var _nodeReadline = require$$3;
 var _promises = require$$6$2;
-var _confirm = require$$1$2;
+var _prompts = require$$1$2;
 var _yoctoSpinner = require$$3$2;
-var _isInteractive = _interopRequireDefault(require$$3$1);
+var _isInteractive = _interopRequireDefault(require$$2$1);
 var _npmPackageArg = require$$5$1;
-var _semver = require$$4;
+var _semver = require$$3$1;
 var _config = require$$6$1;
 var _objects = require$$7;
+var _packages = require$$8;
 var _ttyServer = ttyServer$1;
 var _constants$1 = constants.constants;
 var _colorOrMarkdown = sdk.colorOrMarkdown;
-var _issueRules = issueRules;
+var _alertRules = alertRules;
 var _misc = sdk.misc;
 var _pathResolve = pathResolve.pathResolve;
 var _sdk = sdk.sdk;
 var _settings = sdk.settings;
-const POTENTIAL_BUG_ERROR_MESSAGE = `This is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${_constants$1.SOCKET_CLI_ISSUES_URL}.`;
+const {
+  API_V0_URL,
+  ENV,
+  LOOP_SENTINEL,
+  NPM_REGISTRY_URL,
+  SOCKET_CLI_ISSUES_URL,
+  SOCKET_PUBLIC_API_KEY,
+  UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE,
+  rootPath
+} = _constants$1;
+const POTENTIAL_BUG_ERROR_MESSAGE = `This is may be a bug with socket-npm related to changes to the npm CLI.\nPlease report to ${SOCKET_CLI_ISSUES_URL}.`;
 const npmEntrypoint = (0, _nodeFs.realpathSync)(process.argv[1]);
 const npmRootPath = (0, _pathResolve.findRoot)(_nodePath.dirname(npmEntrypoint));
 function tryRequire(...ids) {
@@ -706,7 +701,7 @@ const pacote = tryRequire(_nodePath.join(npmNmPath, 'pacote'), 'pacote');
 const {
   tarball
 } = pacote;
-const translations = require(_nodePath.join(_constants$1.rootPath, 'translations.json'));
+const translations = require(_nodePath.join(rootPath, 'translations.json'));
 const abortController = new AbortController();
 const {
   signal: abortSignal
@@ -719,7 +714,7 @@ const OverrideSet = require(arboristOverrideSetClassPatch);
 const kCtorArgs = Symbol('ctorArgs');
 const kRiskyReify = Symbol('riskyReify');
 const formatter = new _colorOrMarkdown.ColorOrMarkdown(false);
-const pubToken = (0, _sdk.getDefaultKey)() ?? _constants$1.SOCKET_PUBLIC_API_KEY;
+const pubToken = (0, _sdk.getDefaultKey)() ?? SOCKET_PUBLIC_API_KEY;
 const ttyServer = (0, _ttyServer.createTTYServer)((0, _isInteractive.default)({
   stream: process.stdin
 }), log);
@@ -734,7 +729,7 @@ async function uxLookup(settings) {
   return _uxLookup(settings);
 }
 async function* batchScan(pkgIds) {
-  const req = _nodeHttps.request(`${_constants$1.API_V0_URL}/purl?alerts=true`, {
+  const req = _nodeHttps.request(`${API_V0_URL}/purl?alerts=true`, {
     method: 'POST',
     headers: {
       Authorization: `Basic ${Buffer.from(`${pubToken}:`).toString('base64url')}`
@@ -850,7 +845,7 @@ async function getPackagesAlerts(safeArb, _registry, pkgs, output) {
       const {
         version
       } = artifact;
-      const name = `${artifact.namespace ? `${artifact.namespace}/` : ''}${artifact.name}`;
+      const name = (0, _packages.resolvePackageName)(artifact);
       const id = `${name}@${artifact.version}`;
       let blocked = false;
       let displayWarning = false;
@@ -948,7 +943,7 @@ function walk(diff_, needInfoOn = []) {
     length: queueLength
   } = queue;
   while (pos < queueLength) {
-    if (pos === _constants$1.LOOP_SENTINEL) {
+    if (pos === LOOP_SENTINEL) {
       throw new Error('Detected infinite loop while walking Arborist diff');
     }
     const diff = queue[pos++];
@@ -1528,7 +1523,7 @@ class SafeOverrideSet extends OverrideSet {
       length: queueLength
     } = queue;
     while (pos < queueLength) {
-      if (pos === _constants$1.LOOP_SENTINEL) {
+      if (pos === LOOP_SENTINEL) {
         throw new Error('Detected infinite loop while comparing override sets');
       }
       const {
@@ -1670,10 +1665,10 @@ class SafeArborist extends Arborist {
     options['save'] = old.save;
     options['saveBundle'] = old.saveBundle;
     // Nothing to check, mmm already installed or all private?
-    if (diff.findIndex(c => c.repository_url === _constants$1.NPM_REGISTRY_URL) === -1) {
+    if (diff.findIndex(c => c.repository_url === NPM_REGISTRY_URL) === -1) {
       return await this[kRiskyReify](...args);
     }
-    let proceed = _constants$1.ENV[_constants$1.UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE];
+    let proceed = ENV[UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE];
     if (!proceed) {
       proceed = await ttyServer.captureTTY(async (input, output) => {
         if (input && output) {
@@ -1681,7 +1676,7 @@ class SafeArborist extends Arborist {
           if (!alerts.length) {
             return true;
           }
-          return await _confirm({
+          return await (0, _prompts.confirm)({
             message: 'Accept risks of installing these packages?',
             default: false
           }, {
@@ -1790,14 +1785,18 @@ void (async () => {
       }
     });
   }
-  _uxLookup = (0, _issueRules.createAlertUXLookup)(settings);
+  _uxLookup = (0, _alertRules.createAlertUXLookup)(settings);
 })();
 
 var _constants = constants.constants;
 var _arborist = arborist;
 var _link = link.link;
+const {
+  shadowBinPath
+} = _constants;
+
 // Shadow `npm` and `npx` to mitigate subshells.
-(0, _link.installLinks)(_constants.shadowBinPath, 'npm');
+(0, _link.installLinks)(shadowBinPath, 'npm');
 (0, _arborist.installSafeArborist)();
 
 (function (exports) {

package/dist/module-sync/npx-cli.js

@@ -1,23 +1,20 @@
 #!/usr/bin/env node
 'use strict';
 
-function _interop(e) {
-  let d
-  if (e) {
-    let c = 0
-    for (const k in e) {
-      d = c++ === 0 && k === 'default' ? e[k] : void 0
-      if (!d) break
-    }
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c) break
   }
-  return d ?? e
+  return c ? e.default : e
 }
 
-var vendor = _interop(require('./vendor.js'));
-var require$$1 = _interop(require('node:path'));
-var require$$1$1 = _interop(require('@npmcli/promise-spawn'));
-var constants = _interop(require('./constants.js'));
-var link = _interop(require('./link.js'));
+var vendor = require('./vendor.js');
+var require$$1 = require('node:path');
+var require$$1$1 = _socketInterop(require('@npmcli/promise-spawn'));
+var constants = require('./constants.js');
+var link = require('./link.js');
 
 var npxCli$2 = {};
 
@@ -27,10 +24,17 @@ var _nodePath = require$$1;
 var _promiseSpawn = require$$1$1;
 var _constants = constants.constants;
 var _link = link.link;
-const npxPath = (0, _link.installLinks)(_constants.shadowBinPath, 'npx');
-const injectionPath = _nodePath.join(_constants.distPath, 'npm-injection.js');
+const {
+  distPath,
+  execPath,
+  shadowBinPath
+} = _constants;
+const npxPath = (0, _link.installLinks)(shadowBinPath, 'npx');
+const injectionPath = _nodePath.join(distPath, 'npm-injection.js');
 process.exitCode = 1;
-const spawnPromise = _promiseSpawn(process.execPath, ['--disable-warning', 'ExperimentalWarning', '--require', injectionPath, npxPath, ...process.argv.slice(2)], {
+const spawnPromise = _promiseSpawn(execPath, [
+// Lazily access constants.nodeNoWarningsFlags.
+..._constants.nodeNoWarningsFlags, '--require', injectionPath, npxPath, ...process.argv.slice(2)], {
   stdio: 'inherit'
 });
 spawnPromise.process.on('exit', (code, signal) => {

package/dist/module-sync/path-resolve.js

@@ -1,22 +1,19 @@
 'use strict';
 
-function _interop(e) {
-  let d
-  if (e) {
-    let c = 0
-    for (const k in e) {
-      d = c++ === 0 && k === 'default' ? e[k] : void 0
-      if (!d) break
-    }
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c) break
   }
-  return d ?? e
+  return c ? e.default : e
 }
 
-var require$$1$1 = _interop(require('node:fs/promises'));
-var require$$1 = _interop(require('node:path'));
-var require$$2 = _interop(require('ignore'));
-var require$$3 = _interop(require('micromatch'));
-var require$$8 = _interop(require('tinyglobby'));
+var require$$1$1 = require('node:fs/promises');
+var require$$1 = require('node:path');
+var require$$2 = _socketInterop(require('ignore'));
+var require$$3 = _socketInterop(require('micromatch'));
+var require$$8 = _socketInterop(require('tinyglobby'));
 
 var pathResolve = {};
 

package/dist/module-sync/sdk.js

@@ -1,31 +1,28 @@
 'use strict';
 
-function _interop(e) {
-  let d
-  if (e) {
-    let c = 0
-    for (const k in e) {
-      d = c++ === 0 && k === 'default' ? e[k] : void 0
-      if (!d) break
-    }
+function _socketInterop(e) {
+  let c = 0
+  for (const k in e ?? {}) {
+    c = c === 0 && k === 'default' ? 1 : 0
+    if (!c) break
   }
-  return d ?? e
+  return c ? e.default : e
 }
 
-var vendor = _interop(require('./vendor.js'));
-var require$$1 = _interop(require('yoctocolors-cjs'));
-var require$$2 = _interop(require('is-unicode-supported'));
-var require$$3 = _interop(require('terminal-link'));
-var require$$1$2 = _interop(require('@inquirer/password'));
-var require$$2$2 = _interop(require('hpagent'));
-var require$$3$2 = _interop(require('is-interactive'));
-var require$$4 = _interop(require('@socketsecurity/registry/lib/strings'));
-var require$$5 = _interop(require('@socketsecurity/sdk'));
-var constants = _interop(require('./constants.js'));
-var require$$0 = _interop(require('node:fs'));
-var require$$2$1 = _interop(require('node:os'));
-var require$$1$1 = _interop(require('node:path'));
-var require$$3$1 = _interop(require('@socketregistry/yocto-spinner'));
+var vendor = require('./vendor.js');
+var require$$1 = _socketInterop(require('yoctocolors-cjs'));
+var require$$2 = _socketInterop(require('is-unicode-supported'));
+var require$$3 = _socketInterop(require('terminal-link'));
+var require$$1$2 = _socketInterop(require('hpagent'));
+var require$$2$2 = _socketInterop(require('is-interactive'));
+var require$$1$3 = require('@socketsecurity/registry/lib/prompts');
+var require$$4 = require('@socketsecurity/registry/lib/strings');
+var require$$5 = require('@socketsecurity/sdk');
+var constants = require('./constants.js');
+var require$$0 = require('node:fs');
+var require$$2$1 = require('node:os');
+var require$$1$1 = require('node:path');
+var require$$3$1 = require('@socketregistry/yocto-spinner');
 
 var errors = {};
 
@@ -168,7 +165,7 @@ if (!dataHome) {
 const settingsPath = _nodePath.join(dataHome, 'socket', 'settings');
 let settings = {};
 if ((0, _nodeFs.existsSync)(settingsPath)) {
-  const raw = (0, _nodeFs.readFileSync)(settingsPath, 'utf-8');
+  const raw = (0, _nodeFs.readFileSync)(settingsPath, 'utf8');
   try {
     settings = JSON.parse(Buffer.from(raw, 'base64').toString());
   } catch {
@@ -200,14 +197,18 @@ Object.defineProperty(sdk, "__esModule", {
 });
 sdk.getDefaultKey = getDefaultKey;
 sdk.setupSdk = setupSdk;
-var _password = require$$1$2;
-var _hpagent = require$$2$2;
-var _isInteractive = _interopRequireDefault(require$$3$2);
+var _hpagent = require$$1$2;
+var _isInteractive = _interopRequireDefault(require$$2$2);
+var _prompts = require$$1$3;
 var _strings = require$$4;
 var _sdk = require$$5;
 var _constants = constants.constants;
 var _errors = errors;
 var _settings = settings$1;
+const {
+  rootPkgJsonPath
+} = _constants;
+
 // This API key should be stored globally for the duration of the CLI execution.
 let defaultKey;
 function getDefaultKey() {
@@ -229,7 +230,7 @@ function getDefaultHTTPProxy() {
 }
 async function setupSdk(apiKey = getDefaultKey(), apiBaseUrl = getDefaultAPIBaseUrl(), proxy = getDefaultHTTPProxy()) {
   if (typeof apiKey !== 'string' && (0, _isInteractive.default)()) {
-    apiKey = await _password({
+    apiKey = await (0, _prompts.password)({
       message: 'Enter your Socket.dev API key (not saved, use socket login to persist)'
     });
     defaultKey = apiKey;
@@ -251,7 +252,7 @@ async function setupSdk(apiKey = getDefaultKey(), apiBaseUrl = getDefaultAPIBase
   const sdkOptions = {
     agent,
     baseUrl: apiBaseUrl,
-    userAgent: (0, _sdk.createUserAgentFromPkgJson)(require(_constants.rootPkgJsonPath))
+    userAgent: (0, _sdk.createUserAgentFromPkgJson)(require(rootPkgJsonPath))
   };
   return new _sdk.SocketSdk(apiKey || '', sdkOptions);
 }

package/dist/module-sync/vendor.js

@@ -1,17 +1,5 @@
 'use strict';
 
-function _interop(e) {
-  let d
-  if (e) {
-    let c = 0
-    for (const k in e) {
-      d = c++ === 0 && k === 'default' ? e[k] : void 0
-      if (!d) break
-    }
-  }
-  return d ?? e
-}
-
 function getDefaultExportFromCjs (x) {
 	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
 }