@socketsecurity/cli 0.14.58 → 0.14.60

package/dist/require/cli.js

@@ -900,19 +900,20 @@ class GitHub {
       case 'push':
         return this.prNumber ? 'diff' : 'main';
       case 'pull_request':
-        // This env variable needs to be set in the GitHub action.
-        // Add this code below to GitHub action:
-        // - steps:
-        //   - name: Get PR State
-        //     if: github.event_name == 'pull_request'
-        //     run: echo "EVENT_ACTION=${{ github.event.action }}" >> $GITHUB_ENV
-        const eventAction = process.env['EVENT_ACTION'];
-        if (!eventAction) {
-          throw new Error('Missing event action');
-        }
-        if (['opened', 'synchronize'].includes(eventAction)) {
-          return 'diff';
-        } else {
+        {
+          // This env variable needs to be set in the GitHub action.
+          // Add this code below to GitHub action:
+          // - steps:
+          //   - name: Get PR State
+          //     if: github.event_name == 'pull_request'
+          //     run: echo "EVENT_ACTION=${{ github.event.action }}" >> $GITHUB_ENV
+          const eventAction = process.env['EVENT_ACTION'];
+          if (eventAction === 'opened' || eventAction === 'synchronize') {
+            return 'diff';
+          }
+          if (!eventAction) {
+            throw new Error('Missing event action');
+          }
           logger.logger.log(`Pull request action: ${eventAction} is not supported`);
           process.exit();
         }
@@ -1515,14 +1516,14 @@ function emitBanner(name) {
   // It also helps with debugging since it contains version and command details.
   // Note: print over stderr to preserve stdout for flags like --json and
   //       --markdown. If we don't do this, you can't use --json in particular
-  //       and pipe the result to other tools. By emiting the banner over stderr
+  //       and pipe the result to other tools. By emitting the banner over stderr
   //       you can do something like `socket scan view xyz | jq | process`.
   //       The spinner also emits over stderr for example.
   logger.logger.error(getAsciiHeader(name));
 }
 function getAsciiHeader(command) {
-  const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['SOCKET_CLI_VERSION_HASH']".
-  "0.14.58:f270068:a200f991:pub";
+  const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
+  "0.14.60:48319f6:78cf0eae:pub";
   const nodeVersion = process.version;
   const apiToken = shadowNpmInject.getSetting('apiToken');
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
@@ -2255,30 +2256,45 @@ async function run$x(argv, importMeta, {
 }
 
 const {
-  NPM: NPM$g,
+  NPM: NPM$f,
   NPX: NPX$3,
-  PNPM: PNPM$a
+  PACKAGE_LOCK_JSON,
+  PNPM: PNPM$a,
+  YARN: YARN$1,
+  YARN_LOCK
 } = constants;
-const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$g, PNPM$a, 'ts', 'tsx', 'typescript']);
-async function runCycloneDX(yargv) {
+const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$f, PNPM$a, 'ts', 'tsx', 'typescript']);
+async function runCycloneDX(yargvWithYes) {
   let cleanupPackageLock = false;
-  if (yargv.type !== 'yarn' && nodejsPlatformTypes.has(yargv.type) && fs.existsSync('./yarn.lock')) {
-    if (fs.existsSync('./package-lock.json')) {
-      yargv.type = NPM$g;
+  const {
+    yes,
+    ...yargv
+  } = {
+    __proto__: null,
+    ...yargvWithYes
+  };
+  const yesArgs = yes ? ['--yes'] : [];
+  if (yargv.type !== YARN$1 && nodejsPlatformTypes.has(yargv.type) && fs.existsSync(`./${YARN_LOCK}`)) {
+    if (fs.existsSync(`./${PACKAGE_LOCK_JSON}`)) {
+      yargv.type = NPM$f;
     } else {
       // Use synp to create a package-lock.json from the yarn.lock,
       // based on the node_modules folder, for a more accurate SBOM.
       try {
-        await shadowBin(NPX$3, ['synp@1.9.14', '--', '--source-file', './yarn.lock'], 2);
-        yargv.type = NPM$g;
+        await shadowBin(NPX$3, [...yesArgs,
+        // The '@rollup/plugin-replace' will replace "process.env['INLINED_SYNP_VERSION']".
+        `synp@${"^1.9.14"}`, '--source-file', `./${YARN_LOCK}`]);
+        yargv.type = NPM$f;
         cleanupPackageLock = true;
       } catch {}
     }
   }
-  await shadowBin(NPX$3, ['@cyclonedx/cdxgen@11.2.0', '--', ...argvToArray(yargv)], 2);
+  await shadowBin(NPX$3, [...yesArgs,
+  // The '@rollup/plugin-replace' will replace "process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']".
+  `@cyclonedx/cdxgen@${"^11.2.1"}`, ...argvToArray(yargv)]);
   if (cleanupPackageLock) {
     try {
-      await fs.promises.rm('./package-lock.json');
+      await fs.promises.rm(`./${PACKAGE_LOCK_JSON}`);
     } catch {}
   }
   const fullOutputPath = path.join(process$1.cwd(), yargv.output);
@@ -2287,13 +2303,17 @@ async function runCycloneDX(yargv) {
   }
 }
 function argvToArray(argv) {
-  if (argv['help']) return ['--help'];
+  if (argv['help']) {
+    return ['--help'];
+  }
   const result = [];
   for (const {
     0: key,
     1: value
   } of Object.entries(argv)) {
-    if (key === '_' || key === '--') continue;
+    if (key === '_' || key === '--') {
+      continue;
+    }
     if (key === 'babel' || key === 'install-deps' || key === 'validate') {
       // cdxgen documents no-babel, no-install-deps, and no-validate flags so
       // use them when relevant.
@@ -2312,6 +2332,32 @@ function argvToArray(argv) {
   return result;
 }
 
+const helpFlags = new Set(['--help', '-h']);
+function cmdFlagsToString(args) {
+  const result = [];
+  for (let i = 0, {
+      length
+    } = args; i < length; i += 1) {
+    if (args[i].startsWith('--')) {
+      // Check if the next item exists and is NOT another flag.
+      if (i + 1 < length && !args[i + 1].startsWith('--')) {
+        result.push(`${args[i]}=${args[i + 1]}`);
+        i += 1;
+      } else {
+        result.push(args[i]);
+      }
+    }
+  }
+  return result.join(' ');
+}
+function cmdPrefixMessage(cmdName, text) {
+  const cmdPrefix = cmdName ? `${cmdName}: ` : '';
+  return `${cmdPrefix}${text}`;
+}
+function isHelpFlag(cmdArg) {
+  return helpFlags.has(cmdArg);
+}
+
 // import { meowOrExit } from '../../utils/meow-with-subcommands'
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$v
@@ -2366,7 +2412,8 @@ const yargsConfig = {
     recurse: ['r'],
     'resolve-class': ['c'],
     type: ['t'],
-    version: ['v']
+    version: ['v'],
+    yes: ['y']
   },
   array: [{
     key: 'author',
@@ -2384,7 +2431,10 @@ const yargsConfig = {
     key: 'standard',
     type: 'string'
   }],
-  boolean: ['auto-compositions', 'babel', 'deep', 'evidence', 'fail-on-error', 'generate-key-and-sign', 'help', 'include-formulation', 'include-crypto', 'install-deps', 'print', 'required-only', 'server', 'validate', 'version'],
+  boolean: ['auto-compositions', 'babel', 'deep', 'evidence', 'fail-on-error', 'generate-key-and-sign', 'help', 'include-formulation', 'include-crypto', 'install-deps', 'print', 'required-only', 'server', 'validate', 'version',
+  // The --yes flag and -y alias map to the corresponding flag and alias of npx.
+  // https://docs.npmjs.com/cli/v7/commands/npx#compatibility-with-older-npx-versions
+  'yes'],
   string: ['api-key', 'lifecycle', 'output', 'parent-project-id', 'profile', 'project-group', 'project-name', 'project-version', 'project-id', 'server-host', 'server-port', 'server-url', 'spec-version']
 };
 const config$w = {
@@ -2412,14 +2462,12 @@ async function run$w(argv, importMeta, {
 }) {
   const cli = meowOrExit({
     allowUnknownFlags: true,
-    argv: argv.filter(s => s !== '--help' && s !== '-h'),
-    // Don't let meow take over --help
+    // Don't let meow take over --help.
+    argv: argv.filter(a => !isHelpFlag(a)),
     config: config$w,
     importMeta,
     parentName
   });
-  //
-  //
   // if (cli.input.length)
   //   logger.fail(
   //     stripIndents`
@@ -2431,11 +2479,10 @@ async function run$w(argv, importMeta, {
   //   return
   // }
 
-  // TODO: convert to meow
+  // TODO: Convert to meow.
   const yargv = {
     ...yargsParse(argv, yargsConfig)
-  }; // as Record<string, unknown>;
-
+  };
   const unknown = yargv._;
   const {
     length: unknownLength
@@ -2448,13 +2495,13 @@ async function run$w(argv, importMeta, {
     logger.logger.fail(`Unknown ${words.pluralize('argument', unknownLength)}: ${yargv._.join(', ')}`);
     return;
   }
-  if (yargv.output === undefined) {
-    yargv.output = 'socket-cdx.json';
-  }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$v);
     return;
   }
+  if (yargv.output === undefined) {
+    yargv.output = 'socket-cdx.json';
+  }
   await runCycloneDX(yargv);
 }
 
@@ -2791,7 +2838,7 @@ const cmdDiffScan = {
 };
 
 const {
-  NPM: NPM$f
+  NPM: NPM$e
 } = constants;
 function isTopLevel(tree, node) {
   return tree.children.get(node.name) === node;
@@ -2835,7 +2882,7 @@ async function npmFix(_pkgEnvDetails, cwd, options) {
     // eslint-disable-next-line no-await-in-loop
     await arb.buildIdealTree();
     const tree = arb.idealTree;
-    const hasUpgrade = !!registry.getManifestData(NPM$f, name);
+    const hasUpgrade = !!registry.getManifestData(NPM$e, name);
     if (hasUpgrade) {
       spinner?.info(`Skipping ${name}. Socket Optimize package exists.`);
       continue;
@@ -2935,24 +2982,6 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options) {
   return alertsByPkgId;
 }
 
-function cmdFlagsToString(args) {
-  const result = [];
-  for (let i = 0, {
-      length
-    } = args; i < length; i += 1) {
-    if (args[i].startsWith('--')) {
-      // Check if the next item exists and is NOT another flag.
-      if (i + 1 < length && !args[i + 1].startsWith('--')) {
-        result.push(`${args[i]}=${args[i + 1]}`);
-        i += 1;
-      } else {
-        result.push(args[i]);
-      }
-    }
-  }
-  return result.join(' ');
-}
-
 const {
   SOCKET_IPC_HANDSHAKE
 } = constants;
@@ -2970,27 +2999,28 @@ function safeNpmInstall(options) {
   const useIpc = objects.isObject(ipc);
   const useDebug = debug.isDebug();
   const terminatorPos = args.indexOf('--');
-  const npmArgs = (terminatorPos === -1 ? args : args.slice(0, terminatorPos)).filter(a => !npm.isAuditFlag(a) && !npm.isFundFlag(a) && !npm.isProgressFlag(a));
+  const binArgs = (terminatorPos === -1 ? args : args.slice(0, terminatorPos)).filter(a => !npm.isAuditFlag(a) && !npm.isFundFlag(a) && !npm.isProgressFlag(a));
   const otherArgs = terminatorPos === -1 ? [] : args.slice(terminatorPos);
-  const isSilent = !useDebug && !npmArgs.some(npm.isLoglevelFlag);
-  const logLevelArgs = isSilent ? ['--loglevel', 'error'] : [];
+  const isSilent = !useDebug && !binArgs.some(npm.isLoglevelFlag);
+  const logLevelArgs = isSilent ? ['--loglevel', 'silent'] : [];
   const spawnPromise = spawn.spawn(
   // Lazily access constants.execPath.
   constants.execPath, [
   // Lazily access constants.nodeHardenFlags.
   ...constants.nodeHardenFlags,
   // Lazily access constants.nodeNoWarningsFlags.
-  ...constants.nodeNoWarningsFlags, '--require',
+  ...constants.nodeNoWarningsFlags,
+  // Lazily access false.
+  ...([]), '--require',
   // Lazily access constants.distShadowNpmInjectPath.
   constants.distShadowNpmInjectPath, agentExecPath, 'install',
   // Avoid code paths for 'audit' and 'fund'.
   '--no-audit', '--no-fund',
-  // Add `--no-progress` flag to fix input being swallowed by the spinner
-  // when running the command with recent versions of npm.
+  // Add '--no-progress' to fix input being swallowed by the npm spinner.
   '--no-progress',
-  // Add '--loglevel=error' if a loglevel flag is not provided and the
+  // Add '--loglevel=silent' if a loglevel flag is not provided and the
   // SOCKET_CLI_DEBUG environment variable is not truthy.
-  ...logLevelArgs, ...npmArgs, ...otherArgs], {
+  ...logLevelArgs, ...binArgs, ...otherArgs], {
     spinner,
     // Set stdio to include 'ipc'.
     // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
@@ -3011,7 +3041,7 @@ function safeNpmInstall(options) {
 }
 
 const {
-  NPM: NPM$e
+  NPM: NPM$d
 } = constants;
 function runAgentInstall(pkgEnvDetails, options) {
   const {
@@ -3019,7 +3049,7 @@ function runAgentInstall(pkgEnvDetails, options) {
     agentExecPath
   } = pkgEnvDetails;
   // All package managers support the "install" command.
-  if (agent === NPM$e) {
+  if (agent === NPM$d) {
     return safeNpmInstall({
       agentExecPath,
       ...options
@@ -3050,7 +3080,7 @@ function runAgentInstall(pkgEnvDetails, options) {
 }
 
 const {
-  NPM: NPM$d,
+  NPM: NPM$c,
   OVERRIDES: OVERRIDES$2,
   PNPM: PNPM$9
 } = constants;
@@ -3098,7 +3128,7 @@ async function pnpmFix(pkgEnvDetails, cwd, options) {
     1: infos
   } of infoByPkg) {
     const tree = arb.actualTree;
-    const hasUpgrade = !!registry.getManifestData(NPM$d, name);
+    const hasUpgrade = !!registry.getManifestData(NPM$c, name);
     if (hasUpgrade) {
       spinner?.info(`Skipping ${name}. Socket Optimize package exists.`);
       continue;
@@ -3163,24 +3193,27 @@ async function pnpmFix(pkgEnvDetails, cwd, options) {
 
 const {
   BINARY_LOCK_EXT,
-  BUN: BUN$6,
+  BUN: BUN$5,
+  HIDDEN_PACKAGE_LOCK_JSON,
   LOCK_EXT: LOCK_EXT$1,
-  NPM: NPM$c,
+  NPM: NPM$b,
+  NPM_BUGGY_OVERRIDES_PATCHED_VERSION: NPM_BUGGY_OVERRIDES_PATCHED_VERSION$1,
+  PACKAGE_JSON,
   PNPM: PNPM$8,
-  VLT: VLT$6,
+  VLT: VLT$5,
   YARN,
-  YARN_BERRY: YARN_BERRY$6,
+  YARN_BERRY: YARN_BERRY$5,
   YARN_CLASSIC: YARN_CLASSIC$6
 } = constants;
-const AGENTS = [BUN$6, NPM$c, PNPM$8, YARN_BERRY$6, YARN_CLASSIC$6, VLT$6];
+const AGENTS = [BUN$5, NPM$b, PNPM$8, YARN_BERRY$5, YARN_CLASSIC$6, VLT$5];
 const binByAgent = {
   __proto__: null,
-  [BUN$6]: BUN$6,
-  [NPM$c]: NPM$c,
+  [BUN$5]: BUN$5,
+  [NPM$b]: NPM$b,
   [PNPM$8]: PNPM$8,
-  [YARN_BERRY$6]: YARN,
+  [YARN_BERRY$5]: YARN,
   [YARN_CLASSIC$6]: YARN,
-  [VLT$6]: VLT$6
+  [VLT$5]: VLT$5
 };
 async function getAgentExecPath(agent) {
   const binName = binByAgent[agent];
@@ -3202,24 +3235,24 @@ async function getAgentVersion(agentExecPath, cwd) {
 
 // The order of LOCKS properties IS significant as it affects iteration order.
 const LOCKS = {
-  [`bun${LOCK_EXT$1}`]: BUN$6,
-  [`bun${BINARY_LOCK_EXT}`]: BUN$6,
+  [`bun${LOCK_EXT$1}`]: BUN$5,
+  [`bun${BINARY_LOCK_EXT}`]: BUN$5,
   // If both package-lock.json and npm-shrinkwrap.json are present in the root
   // of a project, npm-shrinkwrap.json will take precedence and package-lock.json
   // will be ignored.
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#package-lockjson-vs-npm-shrinkwrapjson
-  'npm-shrinkwrap.json': NPM$c,
-  'package-lock.json': NPM$c,
+  'npm-shrinkwrap.json': NPM$b,
+  'package-lock.json': NPM$b,
   'pnpm-lock.yaml': PNPM$8,
   'pnpm-lock.yml': PNPM$8,
   [`yarn${LOCK_EXT$1}`]: YARN_CLASSIC$6,
-  'vlt-lock.json': VLT$6,
+  'vlt-lock.json': VLT$5,
   // Lastly, look for a hidden lock file which is present if .npmrc has package-lock=false:
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#hidden-lockfiles
   //
   // Unlike the other LOCKS keys this key contains a directory AND filename so
   // it has to be handled differently.
-  'node_modules/.package-lock.json': NPM$c
+  'node_modules/.package-lock.json': NPM$b
 };
 const readLockFileByAgent = (() => {
   function wrapReader(reader) {
@@ -3233,7 +3266,7 @@ const readLockFileByAgent = (() => {
   const binaryReader = wrapReader(shadowNpmInject.readFileBinary);
   const defaultReader = wrapReader(async lockPath => await shadowNpmInject.readFileUtf8(lockPath));
   return {
-    [BUN$6]: wrapReader(async (lockPath, agentExecPath) => {
+    [BUN$5]: wrapReader(async (lockPath, agentExecPath) => {
       const ext = path.extname(lockPath);
       if (ext === LOCK_EXT$1) {
         return await defaultReader(lockPath);
@@ -3252,10 +3285,10 @@ const readLockFileByAgent = (() => {
       }
       return undefined;
     }),
-    [NPM$c]: defaultReader,
+    [NPM$b]: defaultReader,
     [PNPM$8]: defaultReader,
-    [VLT$6]: defaultReader,
-    [YARN_BERRY$6]: defaultReader,
+    [VLT$5]: defaultReader,
+    [YARN_BERRY$5]: defaultReader,
     [YARN_CLASSIC$6]: defaultReader
   };
 })();
@@ -3267,8 +3300,8 @@ async function detectPackageEnvironment({
     cwd
   });
   let lockName = lockPath ? path.basename(lockPath) : undefined;
-  const isHiddenLockFile = lockName === '.package-lock.json';
-  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await shadowNpmInject.findUp('package.json', {
+  const isHiddenLockFile = lockName === HIDDEN_PACKAGE_LOCK_JSON;
+  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../${PACKAGE_JSON}`) : await shadowNpmInject.findUp(PACKAGE_JSON, {
     cwd
   });
   const pkgPath = pkgJsonPath && fs.existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
@@ -3296,16 +3329,16 @@ async function detectPackageEnvironment({
     agent = LOCKS[lockName];
   }
   if (agent === undefined) {
-    agent = NPM$c;
+    agent = NPM$b;
     onUnknown?.(pkgManager);
   }
   const agentExecPath = await getAgentExecPath(agent);
-  const npmExecPath = agent === NPM$c ? agentExecPath : await getAgentExecPath(NPM$c);
+  const npmExecPath = agent === NPM$b ? agentExecPath : await getAgentExecPath(NPM$b);
   if (agentVersion === undefined) {
     agentVersion = await getAgentVersion(agentExecPath, cwd);
   }
   if (agent === YARN_CLASSIC$6 && (agentVersion?.major ?? 0) > 1) {
-    agent = YARN_BERRY$6;
+    agent = YARN_BERRY$5;
   }
   const targets = {
     browser: false,
@@ -3347,6 +3380,8 @@ async function detectPackageEnvironment({
     lockName = undefined;
     lockPath = undefined;
   }
+  const pkgSupported = targets.browser || targets.node;
+  const npmBuggyOverrides = agent === NPM$b && !!agentVersion && semver.lt(agentVersion, NPM_BUGGY_OVERRIDES_PATCHED_VERSION$1);
   return {
     agent,
     agentExecPath,
@@ -3358,19 +3393,16 @@ async function detectPackageEnvironment({
     npmExecPath,
     pkgJson: editablePkgJson,
     pkgPath,
-    supported: targets.browser || targets.node,
+    pkgSupported,
+    features: {
+      npmBuggyOverrides
+    },
     targets
   };
 }
-
-const {
-  BUN: BUN$5,
-  VLT: VLT$5,
-  YARN_BERRY: YARN_BERRY$5
-} = constants;
-const COMMAND_TITLE$2 = 'Socket Optimize';
 async function detectAndValidatePackageEnvironment(cwd, options) {
   const {
+    cmdName = '',
     logger,
     prod
   } = {
@@ -3380,44 +3412,45 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
   const details = await detectPackageEnvironment({
     cwd,
     onUnknown(pkgManager) {
-      logger?.warn(`${COMMAND_TITLE$2}: Unknown package manager${pkgManager ? ` ${pkgManager}` : ''}, defaulting to npm`);
+      logger?.warn(cmdPrefixMessage(cmdName, `Unknown package manager${pkgManager ? ` ${pkgManager}` : ''}, defaulting to npm`));
     }
   });
-  if (!details.supported) {
-    logger?.fail(`${COMMAND_TITLE$2}: No supported Node or browser range detected`);
+  if (!details.pkgSupported) {
+    logger?.fail(cmdPrefixMessage(cmdName, 'No supported Node or browser range detected'));
     return;
   }
   if (details.agent === VLT$5) {
-    logger?.fail(`${COMMAND_TITLE$2}: ${details.agent} does not support overrides. Soon, though ⚡`);
+    logger?.fail(cmdPrefixMessage(cmdName, `${details.agent} does not support overrides. Soon, though ⚡`));
     return;
   }
   const lockName = details.lockName ?? 'lock file';
   if (details.lockName === undefined || details.lockSrc === undefined) {
-    logger?.fail(`${COMMAND_TITLE$2}: No ${lockName} found`);
+    logger?.fail(cmdPrefixMessage(cmdName, `No ${lockName} found`));
     return;
   }
   if (details.lockSrc.trim() === '') {
-    logger?.fail(`${COMMAND_TITLE$2}: ${lockName} is empty`);
+    logger?.fail(cmdPrefixMessage(cmdName, `${lockName} is empty`));
     return;
   }
   if (details.pkgPath === undefined) {
-    logger?.fail(`${COMMAND_TITLE$2}: No package.json found`);
+    logger?.fail(cmdPrefixMessage(cmdName, `No ${PACKAGE_JSON} found`));
     return;
   }
   if (prod && (details.agent === BUN$5 || details.agent === YARN_BERRY$5)) {
-    logger?.fail(`${COMMAND_TITLE$2}: --prod not supported for ${details.agent}${details.agentVersion ? `@${details.agentVersion.toString()}` : ''}`);
+    logger?.fail(cmdPrefixMessage(cmdName, `--prod not supported for ${details.agent}${details.agentVersion ? `@${details.agentVersion.version}` : ''}`));
     return;
   }
   if (details.lockPath && path.relative(cwd, details.lockPath).startsWith('.')) {
-    logger?.warn(`${COMMAND_TITLE$2}: Package ${lockName} found at ${details.lockPath}`);
+    logger?.warn(cmdPrefixMessage(cmdName, `Package ${lockName} found at ${details.lockPath}`));
   }
   return details;
 }
 
 const {
-  NPM: NPM$b,
+  NPM: NPM$a,
   PNPM: PNPM$7
 } = constants;
+const CMD_NAME$2 = 'socket fix';
 async function runFix() {
   // Lazily access constants.spinner.
   const {
@@ -3426,6 +3459,7 @@ async function runFix() {
   spinner.start();
   const cwd = process.cwd();
   const pkgEnvDetails = await detectAndValidatePackageEnvironment(cwd, {
+    cmdName: CMD_NAME$2,
     logger: logger.logger
   });
   if (!pkgEnvDetails) {
@@ -3433,7 +3467,7 @@ async function runFix() {
     return;
   }
   switch (pkgEnvDetails.agent) {
-    case NPM$b:
+    case NPM$a:
       {
         await npmFix(pkgEnvDetails, cwd);
         break;
@@ -3505,7 +3539,7 @@ async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
 }
 
 const {
-  NPM: NPM$a
+  NPM: NPM$9
 } = registryConstants;
 function formatScore(score) {
   if (score > 80) {
@@ -3589,7 +3623,7 @@ function logPackageInfo({
     logger.logger.log('Package has no issues');
   }
   const format = new shadowNpmInject.ColorOrMarkdown(outputKind === 'markdown');
-  const url = shadowNpmInject.getSocketDevPackageOverviewUrl(NPM$a, pkgName, pkgVersion);
+  const url = shadowNpmInject.getSocketDevPackageOverviewUrl(NPM$9, pkgName, pkgVersion);
   logger.logger.log('\n');
   if (pkgVersion === 'latest') {
     logger.logger.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName}`, url, {
@@ -3916,9 +3950,11 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     logger.logger.groupEnd();
   }
   try {
-    // Run sbt with the init script we provide which should yield zero or more pom files.
-    // We have to figure out where to store those pom files such that we can upload them and predict them through the GitHub API.
-    // We could do a .socket folder. We could do a socket.pom.gz with all the poms, although I'd prefer something plain-text if it is to be committed.
+    // Run sbt with the init script we provide which should yield zero or more
+    // pom files. We have to figure out where to store those pom files such that
+    // we can upload them and predict them through the GitHub API. We could do a
+    // .socket folder. We could do a socket.pom.gz with all the poms, although
+    // I'd prefer something plain-text if it is to be committed.
 
     // Note: init.gradle will be exported by .config/rollup.dist.config.mjs
     const initLocation = path.join(constants.rootDistPath, 'init.gradle');
@@ -3965,7 +4001,7 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     // // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
     // if (out === '-') {
     //   spinner.start('Result:\n```')
-    //   spinner.log(await safeReadFile(loc, 'utf8'))
+    //   spinner.log(await safeReadFile(loc))
     //   spinner.log('```')
     //   spinner.successAndStop(`OK`)
     // } else {
@@ -4200,7 +4236,7 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
     // TODO: maybe we can add an option to target a specific file to dump to stdout
     if (out === '-' && poms.length === 1) {
       logger.logger.log('Result:\n```');
-      logger.logger.log(await shadowNpmInject.safeReadFile(poms[0], 'utf8'));
+      logger.logger.log(await shadowNpmInject.safeReadFile(poms[0]));
       logger.logger.log('```');
       logger.logger.success(`OK`);
     } else if (out === '-') {
@@ -4677,21 +4713,21 @@ async function run$l(argv, importMeta, {
 }
 
 const {
-  NPM: NPM$9
+  NPM: NPM$8
 } = constants;
 async function wrapNpm(argv) {
   // Lazily access constants.distShadowNpmBinPath.
   const shadowBin = require(constants.distShadowNpmBinPath);
-  await shadowBin(NPM$9, argv);
+  await shadowBin(NPM$8, argv);
 }
 
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$k,
-  NPM: NPM$8
+  NPM: NPM$7
 } = constants;
 const config$k = {
   commandName: 'npm',
-  description: `${NPM$8} wrapper functionality`,
+  description: `${NPM$7} wrapper functionality`,
   hidden: false,
   flags: {},
   help: (command, _config) => `
@@ -4806,7 +4842,7 @@ async function run$i(argv, importMeta, {
 
 const {
   BUN: BUN$4,
-  NPM: NPM$7,
+  NPM: NPM$6,
   PNPM: PNPM$6,
   VLT: VLT$4,
   YARN_BERRY: YARN_BERRY$4,
@@ -4818,7 +4854,7 @@ function matchLsCmdViewHumanStdout(stdout, name) {
 function matchQueryCmdStdout(stdout, name) {
   return stdout.includes(`"${name}"`);
 }
-const depsIncludesByAgent = new Map([[BUN$4, matchLsCmdViewHumanStdout], [NPM$7, matchQueryCmdStdout], [PNPM$6, matchQueryCmdStdout], [VLT$4, matchQueryCmdStdout], [YARN_BERRY$4, matchLsCmdViewHumanStdout], [YARN_CLASSIC$5, matchLsCmdViewHumanStdout]]);
+const depsIncludesByAgent = new Map([[BUN$4, matchLsCmdViewHumanStdout], [NPM$6, matchQueryCmdStdout], [PNPM$6, matchQueryCmdStdout], [VLT$4, matchQueryCmdStdout], [YARN_BERRY$4, matchLsCmdViewHumanStdout], [YARN_CLASSIC$5, matchLsCmdViewHumanStdout]]);
 
 function getDependencyEntries(pkgJson) {
   const {
@@ -4846,7 +4882,7 @@ function getDependencyEntries(pkgJson) {
 
 const {
   BUN: BUN$3,
-  NPM: NPM$6,
+  NPM: NPM$5,
   OVERRIDES: OVERRIDES$1,
   PNPM: PNPM$5,
   RESOLUTIONS: RESOLUTIONS$1,
@@ -4867,7 +4903,7 @@ function getOverridesDataBun(pkgJson) {
 function getOverridesDataNpm(pkgJson) {
   const overrides = pkgJson?.[OVERRIDES$1] ?? {};
   return {
-    type: NPM$6,
+    type: NPM$5,
     overrides
   };
 }
@@ -4908,7 +4944,7 @@ function getOverridesDataClassic(pkgJson) {
     overrides
   };
 }
-const overridesDataByAgent = new Map([[BUN$3, getOverridesDataBun], [NPM$6, getOverridesDataNpm], [PNPM$5, getOverridesDataPnpm], [VLT$3, getOverridesDataVlt], [YARN_BERRY$3, getOverridesDataYarn], [YARN_CLASSIC$4, getOverridesDataClassic]]);
+const overridesDataByAgent = new Map([[BUN$3, getOverridesDataBun], [NPM$5, getOverridesDataNpm], [PNPM$5, getOverridesDataPnpm], [VLT$3, getOverridesDataVlt], [YARN_BERRY$3, getOverridesDataYarn], [YARN_CLASSIC$4, getOverridesDataClassic]]);
 
 const {
   PNPM: PNPM$4
@@ -4919,7 +4955,7 @@ async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
   if (agent === PNPM$4) {
     for (const workspacePath of [path.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), path.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
       // eslint-disable-next-line no-await-in-loop
-      const yml = await shadowNpmInject.safeReadFile(workspacePath, 'utf8');
+      const yml = await shadowNpmInject.safeReadFile(workspacePath);
       if (yml) {
         try {
           workspacePatterns = yaml.parse(yml)?.packages;
@@ -4956,7 +4992,7 @@ function workspacePatternToGlobPattern(workspace) {
 const {
   BUN: BUN$2,
   LOCK_EXT,
-  NPM: NPM$5,
+  NPM: NPM$4,
   PNPM: PNPM$3,
   VLT: VLT$2,
   YARN_BERRY: YARN_BERRY$2,
@@ -5000,11 +5036,11 @@ function includesYarn(lockSrc, name) {
   //   , name@
   `(?<=(?:^\\s*|,\\s*)"?)${escapedName}(?=@)`, 'm').test(lockSrc);
 }
-const lockfileIncludesByAgent = new Map([[BUN$2, includesBun], [NPM$5, includesNpm], [PNPM$3, includesPnpm], [VLT$2, includesVlt], [YARN_BERRY$2, includesYarn], [YARN_CLASSIC$3, includesYarn]]);
+const lockfileIncludesByAgent = new Map([[BUN$2, includesBun], [NPM$4, includesNpm], [PNPM$3, includesPnpm], [VLT$2, includesVlt], [YARN_BERRY$2, includesYarn], [YARN_CLASSIC$3, includesYarn]]);
 
 const {
   BUN: BUN$1,
-  NPM: NPM$4,
+  NPM: NPM$3,
   PNPM: PNPM$2,
   VLT: VLT$1,
   YARN_BERRY: YARN_BERRY$1,
@@ -5074,7 +5110,7 @@ async function lsNpm(agentExecPath, cwd) {
 }
 async function lsPnpm(agentExecPath, cwd, options) {
   const npmExecPath = options?.npmExecPath;
-  if (npmExecPath && npmExecPath !== NPM$4) {
+  if (npmExecPath && npmExecPath !== NPM$3) {
     const result = await npmQuery(npmExecPath, cwd);
     if (result) {
       return result;
@@ -5125,35 +5161,7 @@ async function lsYarnClassic(agentExecPath, cwd) {
   } catch {}
   return '';
 }
-const lsByAgent = new Map([[BUN$1, lsBun], [NPM$4, lsNpm], [PNPM$2, lsPnpm], [VLT$1, lsVlt], [YARN_BERRY$1, lsYarnBerry], [YARN_CLASSIC$2, lsYarnClassic]]);
-
-const {
-  NPM: NPM$3
-} = constants;
-const COMMAND_TITLE$1 = 'Socket Optimize';
-async function updateLockfile(pkgEnvDetails, options) {
-  const {
-    logger,
-    spinner
-  } = {
-    __proto__: null,
-    ...options
-  };
-  spinner?.start(`Updating ${pkgEnvDetails.lockName}...`);
-  try {
-    await runAgentInstall(pkgEnvDetails, {
-      spinner
-    });
-    spinner?.stop();
-    if (pkgEnvDetails.agent === NPM$3) {
-      logger?.log(`💡 Re-run ${COMMAND_TITLE$1} whenever ${pkgEnvDetails.lockName} changes.\n   This can be skipped once npm v11.2.0 is released.`);
-    }
-  } catch (e) {
-    spinner?.stop();
-    logger?.fail(`${COMMAND_TITLE$1}: ${pkgEnvDetails.agent} install failed to update ${pkgEnvDetails.lockName}`);
-    logger?.error(e);
-  }
-}
+const lsByAgent = new Map([[BUN$1, lsBun], [NPM$3, lsNpm], [PNPM$2, lsPnpm], [VLT$1, lsVlt], [YARN_BERRY$1, lsYarnBerry], [YARN_CLASSIC$2, lsYarnClassic]]);
 
 const {
   BUN,
@@ -5165,7 +5173,6 @@ const {
   YARN_BERRY,
   YARN_CLASSIC: YARN_CLASSIC$1
 } = constants;
-const PNPM_FIELD_NAME = PNPM$1;
 const depFields = ['dependencies', 'devDependencies', 'peerDependencies', 'peerDependenciesMeta', 'optionalDependencies', 'bundleDependencies'];
 function getEntryIndexes(entries, keys) {
   return keys.map(n => entries.findIndex(p => p[0] === n)).filter(n => n !== -1).sort((a, b) => a - b);
@@ -5176,26 +5183,30 @@ function getLowestEntryIndex(entries, keys) {
 function getHighestEntryIndex(entries, keys) {
   return getEntryIndexes(entries, keys).at(-1) ?? -1;
 }
-function updatePkgJson(editablePkgJson, field, value) {
+function updatePkgJsonField(editablePkgJson, field, value) {
   const {
     content: pkgJson
   } = editablePkgJson;
   const oldValue = pkgJson[field];
   if (oldValue) {
     // The field already exists so we simply update the field value.
-    if (field === PNPM_FIELD_NAME) {
+    if (field === PNPM$1) {
+      const isPnpmObj = objects.isObject(oldValue);
       if (objects.hasKeys(value)) {
         editablePkgJson.update({
           [field]: {
-            ...(objects.isObject(oldValue) ? oldValue : {}),
-            overrides: value
+            ...(isPnpmObj ? oldValue : {}),
+            overrides: {
+              ...(isPnpmObj ? oldValue[OVERRIDES] : {}),
+              ...value
+            }
           }
         });
       } else {
         // Properties with undefined values are omitted when saved as JSON.
-        editablePkgJson.update(objects.hasKeys(pkgJson[field]) ? {
+        editablePkgJson.update(objects.hasKeys(oldValue) ? {
           [field]: {
-            ...(objects.isObject(oldValue) ? oldValue : {}),
+            ...(isPnpmObj ? oldValue : {}),
             overrides: undefined
           }
         } : {
@@ -5214,7 +5225,7 @@ function updatePkgJson(editablePkgJson, field, value) {
     }
     return;
   }
-  if ((field === OVERRIDES || field === PNPM_FIELD_NAME || field === RESOLUTIONS) && !objects.hasKeys(value)) {
+  if ((field === OVERRIDES || field === PNPM$1 || field === RESOLUTIONS) && !objects.hasKeys(value)) {
     return;
   }
   // Since the field doesn't exist we want to insert it into the package.json
@@ -5232,7 +5243,7 @@ function updatePkgJson(editablePkgJson, field, value) {
   } else if (field === RESOLUTIONS) {
     isPlacingHigher = true;
     insertIndex = getHighestEntryIndex(entries, [...depFields, OVERRIDES, PNPM$1]);
-  } else if (field === PNPM_FIELD_NAME) {
+  } else if (field === PNPM$1) {
     insertIndex = getLowestEntryIndex(entries, [OVERRIDES, RESOLUTIONS]);
     if (insertIndex === -1) {
       isPlacingHigher = true;
@@ -5251,26 +5262,28 @@ function updatePkgJson(editablePkgJson, field, value) {
   } else if (isPlacingHigher) {
     insertIndex += 1;
   }
-  entries.splice(insertIndex, 0, [field, value]);
+  entries.splice(insertIndex, 0, [field, field === PNPM$1 ? {
+    [OVERRIDES]: value
+  } : value]);
   editablePkgJson.fromJSON(`${JSON.stringify(Object.fromEntries(entries), null, 2)}\n`);
 }
-function updateOverrides(editablePkgJson, overrides) {
-  updatePkgJson(editablePkgJson, OVERRIDES, overrides);
+function updateOverridesField(editablePkgJson, overrides) {
+  updatePkgJsonField(editablePkgJson, OVERRIDES, overrides);
 }
-function updateResolutions(editablePkgJson, overrides) {
-  updatePkgJson(editablePkgJson, RESOLUTIONS, overrides);
+function updateResolutionsField(editablePkgJson, overrides) {
+  updatePkgJsonField(editablePkgJson, RESOLUTIONS, overrides);
 }
-function pnpmUpdatePkgJson(editablePkgJson, overrides) {
-  updatePkgJson(editablePkgJson, PNPM_FIELD_NAME, overrides);
+function updatePnpmField(editablePkgJson, overrides) {
+  updatePkgJsonField(editablePkgJson, PNPM$1, overrides);
 }
-const updateManifestByAgent = new Map([[BUN, updateResolutions], [NPM$2, updateOverrides], [PNPM$1, pnpmUpdatePkgJson], [VLT, updateOverrides], [YARN_BERRY, updateResolutions], [YARN_CLASSIC$1, updateResolutions]]);
+const updateManifestByAgent = new Map([[BUN, updateResolutionsField], [NPM$2, updateOverridesField], [PNPM$1, updatePnpmField], [VLT, updateOverridesField], [YARN_BERRY, updateResolutionsField], [YARN_CLASSIC$1, updateResolutionsField]]);
 
 const {
   NPM: NPM$1,
   PNPM,
   YARN_CLASSIC
 } = constants;
-const COMMAND_TITLE = 'Socket Optimize';
+const CMD_NAME$1 = 'socket optimize';
 const manifestNpmOverrides = registry.getManifestData(NPM$1);
 async function addOverrides(pkgPath, pkgEnvDetails, options) {
   const {
@@ -5308,24 +5321,17 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
   const {
     content: pkgJson
   } = editablePkgJson;
-  const isRoot = pkgPath === rootPath;
-  const isLockScanned = isRoot && !prod;
   const workspaceName = path.relative(rootPath, pkgPath);
   const workspaceGlobs = await getWorkspaceGlobs(agent, pkgPath, pkgJson);
+  const isRoot = pkgPath === rootPath;
+  const isLockScanned = isRoot && !prod;
   const isWorkspace = !!workspaceGlobs;
-  if (isWorkspace && agent === PNPM && npmExecPath === NPM$1 && !state.warnedPnpmWorkspaceRequiresNpm) {
+  if (isWorkspace && agent === PNPM &&
+  // npmExecPath will === the agent name IF it CANNOT be resolved.
+  npmExecPath === NPM$1 && !state.warnedPnpmWorkspaceRequiresNpm) {
     state.warnedPnpmWorkspaceRequiresNpm = true;
-    logger?.warn(`${COMMAND_TITLE}: pnpm workspace support requires \`npm ls\`, falling back to \`pnpm list\``);
+    logger?.warn(cmdPrefixMessage(CMD_NAME$1, `${agent} workspace support requires \`npm ls\`, falling back to \`${agent} list\``));
   }
-  const thingToScan = isLockScanned ? lockSrc : await lsByAgent.get(agent)(agentExecPath, pkgPath, {
-    npmExecPath
-  });
-  // The AgentDepsIncludesFn and AgentLockIncludesFn types overlap in their
-  // first two parameters. AgentLockIncludesFn accepts an optional third
-  // parameter which AgentDepsIncludesFn will ignore so we cast thingScanner
-  // as an AgentLockIncludesFn type.
-  const thingScanner = isLockScanned ? lockfileIncludesByAgent.get(agent) : depsIncludesByAgent.get(agent);
-  const depEntries = getDependencyEntries(pkgJson);
   const overridesDataObjects = [];
   if (pkgJson['private'] || isWorkspace) {
     overridesDataObjects.push(overridesDataByAgent.get(agent)(pkgJson));
@@ -5334,10 +5340,12 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
   }
   spinner?.setText(`Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`);
   const depAliasMap = new Map();
+  const depEntries = getDependencyEntries(pkgJson);
   const nodeRange = `>=${pkgEnvDetails.minimumNodeVersion}`;
   const manifestEntries = manifestNpmOverrides.filter(({
     1: data
   }) => semver.satisfies(semver.coerce(data.engines.node), nodeRange));
+
   // Chunk package names to process them in parallel 3 at a time.
   await promises.pEach(manifestEntries, 3, async ({
     1: data
@@ -5374,6 +5382,14 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
       }
     }
     if (isRoot) {
+      // The AgentDepsIncludesFn and AgentLockIncludesFn types overlap in their
+      // first two parameters. AgentLockIncludesFn accepts an optional third
+      // parameter which AgentDepsIncludesFn will ignore so we cast thingScanner
+      // as an AgentLockIncludesFn type.
+      const thingScanner = isLockScanned ? lockfileIncludesByAgent.get(agent) : depsIncludesByAgent.get(agent);
+      const thingToScan = isLockScanned ? lockSrc : await lsByAgent.get(agent)(agentExecPath, pkgPath, {
+        npmExecPath
+      });
       // Chunk package names to process them in parallel 3 at a time.
       await promises.pEach(overridesDataObjects, 3, async ({
         overrides,
@@ -5450,11 +5466,50 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
   }
   return state;
 }
+
+const {
+  NPM_BUGGY_OVERRIDES_PATCHED_VERSION
+} = constants;
+async function updateLockfile(pkgEnvDetails, options) {
+  const {
+    cmdName = '',
+    logger,
+    spinner
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const isSpinning = !!spinner?.isSpinning;
+  if (!isSpinning) {
+    spinner?.start();
+  }
+  spinner?.setText(`Updating ${pkgEnvDetails.lockName}...`);
+  try {
+    await runAgentInstall(pkgEnvDetails, {
+      spinner
+    });
+    if (pkgEnvDetails.features.npmBuggyOverrides) {
+      logger?.log(`💡 Re-run ${cmdName ? `${cmdName} ` : ''}whenever ${pkgEnvDetails.lockName} changes.\n   This can be skipped for ${pkgEnvDetails.agent} >=${NPM_BUGGY_OVERRIDES_PATCHED_VERSION}.`);
+    }
+  } catch (e) {
+    spinner?.stop();
+    logger?.fail(cmdPrefixMessage(cmdName, `${pkgEnvDetails.agent} install failed to update ${pkgEnvDetails.lockName}`));
+    logger?.error(e);
+  }
+  if (isSpinning) {
+    spinner?.start();
+  } else {
+    spinner?.stop();
+  }
+}
+
+const CMD_NAME = 'socket optimize';
 function createActionMessage(verb, overrideCount, workspaceCount) {
   return `${verb} ${overrideCount} Socket.dev optimized ${words.pluralize('override', overrideCount)}${workspaceCount ? ` in ${workspaceCount} ${words.pluralize('workspace', workspaceCount)}` : ''}`;
 }
 async function applyOptimization(cwd, pin, prod) {
   const pkgEnvDetails = await detectAndValidatePackageEnvironment(cwd, {
+    cmdName: CMD_NAME,
     logger: logger.logger,
     prod
   });
@@ -5472,10 +5527,17 @@ async function applyOptimization(cwd, pin, prod) {
     prod,
     spinner
   });
-  spinner.stop();
   const addedCount = state.added.size;
   const updatedCount = state.updated.size;
   const pkgJsonChanged = addedCount > 0 || updatedCount > 0;
+  if (pkgJsonChanged || pkgEnvDetails.features.npmBuggyOverrides) {
+    await updateLockfile(pkgEnvDetails, {
+      cmdName: CMD_NAME,
+      logger: logger.logger,
+      spinner
+    });
+  }
+  spinner.stop();
   if (pkgJsonChanged) {
     if (updatedCount > 0) {
       logger.logger?.log(`${createActionMessage('Updated', updatedCount, state.updatedInWorkspaces.size)}${addedCount ? '.' : '🚀'}`);
@@ -5486,14 +5548,6 @@ async function applyOptimization(cwd, pin, prod) {
   } else {
     logger.logger?.log('Congratulations! Already Socket.dev optimized 🎉');
   }
-  if (pkgEnvDetails.agent === NPM$1 || pkgJsonChanged) {
-    // Always update package-lock.json until the npm overrides PR lands:
-    // https://github.com/npm/cli/pull/8089
-    await updateLockfile(pkgEnvDetails, {
-      logger: logger.logger,
-      spinner
-    });
-  }
 }
 
 const {
@@ -8226,15 +8280,15 @@ async function run(argv, importMeta, {
 }
 
 const {
-  SOCKET,
-  rootPkgJsonPath
+  SOCKET_CLI_BIN_NAME
 } = constants;
 
 // TODO: Add autocompletion using https://socket.dev/npm/package/omelette
 void (async () => {
   await vendor.updater({
-    name: SOCKET,
-    version: require(rootPkgJsonPath).version,
+    name: SOCKET_CLI_BIN_NAME,
+    // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
+    version: "0.14.60",
     ttl: 86_400_000 /* 24 hours in milliseconds */
   });
   try {
@@ -8270,7 +8324,7 @@ void (async () => {
         }
       },
       argv: process$1.argv.slice(2),
-      name: SOCKET,
+      name: SOCKET_CLI_BIN_NAME,
       importMeta: {
         url: `${require$$0.pathToFileURL(__filename)}`
       }
@@ -8294,12 +8348,12 @@ void (async () => {
     } else {
       errorTitle = 'Unexpected error with no details';
     }
-    logger.logger.fail(`${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
+    logger.logger.fail(`${colors.bgRed(colors.white(`${errorTitle}:`))} ${errorMessage}`);
     if (errorBody) {
       logger.logger.error(`\n${errorBody}`);
     }
     await shadowNpmInject.captureException(e);
   }
 })();
-//# debugId=e98c34cf-4eff-47b4-9597-64fc9504c674
+//# debugId=a4fe81ae-a54c-4a9c-bd36-803984c36419
 //# sourceMappingURL=cli.js.map