@socketsecurity/cli 0.14.62 → 0.14.63

package/dist/require/cli.js

@@ -16,25 +16,20 @@ var ponyCause = _socketInterop(require('pony-cause'));
 var vendor = require('./vendor.js');
 var colors = _socketInterop(require('yoctocolors-cjs'));
 var logger = require('@socketsecurity/registry/lib/logger');
-var micromatch = _socketInterop(require('micromatch'));
-var simpleGit = _socketInterop(require('simple-git'));
-var sdk = require('@socketsecurity/sdk');
-var events = require('node:events');
-var fs = require('node:fs');
-var path = require('node:path');
-var ndjson = _socketInterop(require('ndjson'));
+var commonTags = _socketInterop(require('common-tags'));
+var fs = require('node:fs/promises');
+var ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'));
+var contrib = _socketInterop(require('blessed-contrib'));
 var shadowNpmInject = require('./shadow-npm-inject.js');
 var constants = require('./constants.js');
+var path$1 = require('node:path');
 var objects = require('@socketsecurity/registry/lib/objects');
-var path$1 = require('@socketsecurity/registry/lib/path');
+var path = require('@socketsecurity/registry/lib/path');
 var regexps = require('@socketsecurity/registry/lib/regexps');
-var commonTags = _socketInterop(require('common-tags'));
-var fs$1 = require('node:fs/promises');
-var ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'));
-var contrib = _socketInterop(require('blessed-contrib'));
 var prompts = require('@socketsecurity/registry/lib/prompts');
 var yargsParse = _socketInterop(require('yargs-parser'));
 var words = require('@socketsecurity/registry/lib/words');
+var fs$1 = require('node:fs');
 var shadowBin = require('./shadow-bin.js');
 var chalkTable = _socketInterop(require('chalk-table'));
 var require$$0$1 = require('node:util');
@@ -67,1229 +62,6 @@ var BoxWidget = _socketInterop(require('blessed/lib/widgets/box'));
 var TableWidget = _socketInterop(require('blessed-contrib/lib/widget/table'));
 var readline$1 = require('node:readline');
 
-// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/classes.py
-
-class Comment {
-  id = 0;
-  body = '';
-  body_list = [];
-  constructor(arg) {
-    this.id = arg.id ?? this.id;
-    this.body = arg.body ?? this.body;
-    this.body_list = arg.body_list ?? this.body_list;
-  }
-}
-class Diff {
-  newPackages = [];
-  newCapabilities = {};
-  removedPackages = [];
-  newAlerts = [];
-  id = '';
-  sbom = '';
-  packages = {};
-  reportUrl = '';
-  diffUrl = '';
-}
-class FullScan {
-  id = '';
-  created_at = '';
-  updated_at = '';
-  organizationId = '';
-  repositoryId = '';
-  branch = '';
-  commit_message = '';
-  commit_hash = '';
-  pull_request = 0;
-  sbom_artifacts = [];
-  packages = {};
-  constructor(obj = {}) {
-    this.id = obj.id ?? this.id;
-    this.created_at = obj.created_at ?? this.created_at;
-    this.updated_at = obj.updated_at ?? this.updated_at;
-    this.organizationId = obj.organizationId ?? this.organizationId;
-    this.repositoryId = obj.repositoryId ?? this.repositoryId;
-    this.branch = obj.branch ?? this.branch;
-    this.commit_message = obj.commit_message ?? this.commit_message;
-    this.commit_hash = obj.commit_hash ?? this.commit_hash;
-    this.pull_request = obj.pull_request ?? this.pull_request;
-    this.sbom_artifacts = obj.sbom_artifacts ?? this.sbom_artifacts;
-    this.packages = obj.packages ?? this.packages;
-  }
-}
-class Issue {
-  pkg_type = '';
-  pkg_name = '';
-  pkg_version = '';
-  category = '';
-  type = '';
-  severity = '';
-  pkg_id = '';
-  props = {};
-  key = '';
-  error = false;
-  warn = false;
-  ignore = false;
-  monitor = false;
-  description = '';
-  title = '';
-  emoji = '';
-  next_step_title = '';
-  suggestion = '';
-  introduced_by = [];
-  manifests = '';
-  url = '';
-  purl = '';
-  constructor(arg) {
-    this.pkg_type = arg.pkg_type ?? this.pkg_type;
-    this.pkg_name = arg.pkg_name ?? this.pkg_name;
-    this.pkg_version = arg.pkg_version ?? this.pkg_version;
-    this.type = arg.type ?? this.type;
-    this.severity = arg.severity ?? this.severity;
-    this.pkg_id = arg.pkg_id ?? this.pkg_id;
-    this.props = arg.props ?? this.props;
-    this.key = arg.key ?? this.key;
-    this.error = arg.error ?? this.error;
-    this.warn = arg.warn ?? this.warn;
-    this.ignore = arg.ignore ?? this.ignore;
-    this.monitor = arg.monitor ?? this.monitor;
-    this.description = arg.description ?? this.description;
-    this.title = arg.title ?? this.title;
-    this.next_step_title = arg.next_step_title ?? this.next_step_title;
-    this.suggestion = arg.suggestion ?? this.suggestion;
-    if (arg.introduced_by) {
-      const arr = [];
-      for (const item of arg.introduced_by) {
-        const [, manifest] = item;
-        arr.push(manifest);
-      }
-      this.manifests = arr.join(';');
-    }
-  }
-}
-class Package {
-  type = '';
-  name = '';
-  version = '';
-  release = '';
-  id = '';
-  direct = false;
-  manifestFiles = [];
-  author = [];
-  size = 0;
-  scores = {};
-  alerts = [];
-  alert_counts = {};
-  topLevelAncestors = [];
-  url = '';
-  transitives = 0;
-  license = 'NoLicenseFound';
-  license_text = '';
-  purl = '';
-  constructor(arg) {
-    this.type = arg.type ?? this.type;
-    this.name = arg.name ?? this.name;
-    this.version = arg.version ?? this.version;
-    this.release = arg.release ?? this.release;
-    this.id = arg.id ?? this.id;
-    this.manifestFiles = arg.manifestFiles ?? this.manifestFiles;
-    this.author = arg.author ?? this.author;
-    this.size = arg.size ?? this.size;
-    this.alerts = arg.alerts ?? this.alerts;
-    this.topLevelAncestors = arg.topLevelAncestors ?? this.topLevelAncestors;
-    this.license = arg.license ?? this.license;
-    this.url = `https://socket.dev/${this.type}/package/${this.name}/overview/${this.version}`;
-    this.score = new Score(arg.score ?? {
-      supplyChain: 0,
-      quality: 0,
-      license: 0,
-      overall: 0,
-      vulnerability: 0
-    });
-    this.alert_counts = {
-      critical: 0,
-      high: 0,
-      middle: 0,
-      low: 0
-    };
-    this.purl = `${this.type}/${this.name}@${this.version}`;
-  }
-}
-class Purl {
-  id = '';
-  name = '';
-  version = '';
-  ecosystem = '';
-  direct = false;
-  author = [];
-  size = 0;
-  transitives = 0;
-  introduced_by = [];
-  capabilities = [];
-  // is_new = false
-  author_url = '';
-  url = '';
-  purl = '';
-  constructor(arg) {
-    this.id = arg.id ?? this.id;
-    this.name = arg.name ?? this.name;
-    this.version = arg.version ?? this.version;
-    this.ecosystem = arg.ecosystem ?? this.ecosystem;
-    this.direct = arg.direct ?? this.direct;
-    this.author = arg.author ?? this.author;
-    this.size = arg.size ?? this.size;
-    this.transitives = arg.transitives ?? this.transitives;
-    this.introduced_by = arg.introduced_by ?? this.introduced_by;
-    this.url = arg.url ?? this.url;
-    this.purl = arg.purl ?? this.purl;
-    this.author_url = this.generateAuthorData(this.author, this.ecosystem);
-  }
-  generateAuthorData(authors, ecosystem) {
-    const arr = [];
-    for (const author of authors) {
-      const url = `https://socket.dev/${ecosystem}/user/${author}`;
-      arr.push(`[${author}](${url})`);
-    }
-    return arr.join(',');
-  }
-}
-class Score {
-  supplyChain = 0;
-  quality = 0;
-  license = 0;
-  overall = 0;
-  vulnerability = 0;
-  constructor(arg) {
-    this.supplyChain = (arg.supplyChain ?? 0) * 100;
-    this.quality = (arg.quality ?? 0) * 100;
-    this.license = (arg.license ?? 0) * 100;
-    this.overall = (arg.overall ?? 0) * 100;
-    this.vulnerability = (arg.vulnerability ?? 0) * 100;
-  }
-}
-
-// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/__init__.py
-class Core {
-  securityPolicy = {};
-  constructor({
-    owner,
-    repo,
-    socket
-  }) {
-    this.socket = socket;
-    this.owner = owner;
-    this.repo = repo;
-    this.files = [];
-  }
-  async getSbomData({
-    fullScanId
-  }) {
-    const orgFullScanResponse = await this.socket.getOrgFullScan(this.owner, fullScanId, undefined);
-    if (!orgFullScanResponse.success) {
-      return [];
-    }
-    const {
-      data: readStream
-    } = orgFullScanResponse;
-    const sbomArtifacts = [];
-    readStream.pipe(ndjson.parse()).on('data', sbomArtifact => sbomArtifacts.push(sbomArtifact));
-    await events.once(readStream, 'end');
-    return sbomArtifacts;
-  }
-  async createFullScan({
-    params
-  }) {
-    const orgFullScanResponse = await this.socket.createOrgFullScan(this.owner,
-    // Ignoring because pull_request is of type number but URLSearchParams will convert it to a string
-    // @ts-ignore
-    new URLSearchParams({
-      repo: this.repo,
-      ...params
-    }), this.files);
-    if (!orgFullScanResponse.success) {
-      return new FullScan();
-    }
-    const {
-      id: fullScanId
-    } = orgFullScanResponse.data;
-    const fullScan = new FullScan(orgFullScanResponse.data);
-    if (fullScanId !== undefined) {
-      fullScan.sbom_artifacts = await this.getSbomData({
-        fullScanId
-      });
-    }
-    return fullScan;
-  }
-  getSourceData({
-    packages,
-    pkg
-  }) {
-    const introducedBy = [];
-    if (pkg.direct) {
-      const manifests = pkg.manifestFiles.map(({
-        file
-      }) => file).join(';');
-      introducedBy.push(['direct', manifests]);
-    } else {
-      for (const topId of pkg.topLevelAncestors) {
-        const topPackage = packages[topId];
-        if (!topPackage) {
-          continue;
-        }
-        const topPurl = `${topPackage.type}/${topPackage.name}@${topPackage.version}`;
-        const manifests = topPackage.manifestFiles.map(({
-          file
-        }) => file).join(';');
-        introducedBy.push([topPurl, manifests]);
-      }
-    }
-    return introducedBy;
-  }
-  createPurl({
-    packageId,
-    packages
-  }) {
-    const pkg = packages[packageId];
-    const introducedBy = this.getSourceData({
-      pkg,
-      packages
-    });
-    const purl = new Purl({
-      id: pkg.id,
-      name: pkg.name,
-      version: pkg.version,
-      ecosystem: pkg.type,
-      direct: pkg.direct,
-      introduced_by: introducedBy,
-      author: pkg.author,
-      size: pkg.size,
-      transitives: pkg.transitives,
-      url: pkg.url,
-      purl: pkg.purl
-    });
-    return {
-      purl,
-      pkg
-    };
-  }
-  async createIssueAlerts({
-    alerts,
-    packages,
-    pkg
-  }) {
-    const issues = JSON.parse(fs.readFileSync(path.join(undefined, 'issues.json'), 'utf8'));
-    for (const alert of pkg.alerts) {
-      const issue = issues[alert.type];
-      let description = '';
-      let title = '';
-      let suggestion = '';
-      let nextStepTitle = '';
-      if (issue !== undefined) {
-        description = issue['description'] ?? '';
-        title = issue['title'] ?? '';
-        suggestion = issue['suggestion'] ?? '';
-        nextStepTitle = issue['nextStepTitle'] ?? '';
-      }
-      const introducedBy = this.getSourceData({
-        pkg,
-        packages
-      });
-      const issueAlert = new Issue({
-        pkg_type: pkg.type,
-        pkg_name: pkg.name,
-        pkg_version: pkg.version,
-        pkg_id: pkg.id,
-        type: alert.type,
-        severity: alert.severity,
-        key: alert.key,
-        props: alert.props,
-        description,
-        title,
-        suggestion,
-        next_step_title: nextStepTitle,
-        introduced_by: introducedBy,
-        purl: pkg.purl,
-        url: pkg.url,
-        error: false,
-        ignore: false,
-        warn: false,
-        monitor: false
-      });
-      if (alert.type in this.securityPolicy) {
-        const action = this.securityPolicy[alert.type]?.action;
-        if (action !== undefined) {
-          issueAlert[action] = true;
-        }
-      }
-      if (issueAlert.type !== 'licenseSpdxDisj') {
-        if (!(issueAlert.key in alerts)) {
-          alerts[issueAlert.key] = [issueAlert];
-        } else {
-          alerts[issueAlert.key].push(issueAlert);
-        }
-      }
-    }
-    return alerts;
-  }
-  compareIssueAlerts({
-    alerts,
-    headScanAlerts,
-    newScanAlerts
-  }) {
-    const consolidatedAlerts = new Set();
-    for (const alertKey in newScanAlerts) {
-      if (!(alertKey in headScanAlerts)) {
-        const newAlerts = newScanAlerts[alertKey];
-        for (const alert of newAlerts) {
-          const alertStr = `${alert.purl},${alert.manifests},${alert.type}`;
-          if (alert.error || alert.warn) {
-            if (!consolidatedAlerts.has(alertStr)) {
-              alerts.push(alert);
-              consolidatedAlerts.add(alertStr);
-            }
-          }
-        }
-      } else {
-        const newAlerts = newScanAlerts[alertKey];
-        const headAlerts = headScanAlerts[alertKey];
-        for (const alert of newAlerts) {
-          const alertStr = `${alert.purl},${alert.manifests},${alert.type}`;
-          if (!headAlerts.includes(alert) && !consolidatedAlerts.has(alertStr)) {
-            if (alert.error || alert.warn) {
-              alerts.push(alert);
-              consolidatedAlerts.add(alertStr);
-            }
-          }
-        }
-      }
-    }
-    return alerts;
-  }
-  checkAlertCapabilities({
-    capabilities,
-    headPackage,
-    packageId,
-    pkg
-  }) {
-    const alertTypes = {
-      envVars: 'Environment',
-      networkAccess: 'Network',
-      filesystemAccess: 'File System',
-      shellAccess: 'Shell'
-    };
-    for (const alert of pkg.alerts) {
-      let newAlert = true;
-      if (headPackage !== undefined && headPackage.alerts.includes(alert)) {
-        newAlert = false;
-      }
-      if (alert.type in alertTypes && newAlert) {
-        const value = alertTypes[alert.type];
-        if (!(packageId in capabilities)) {
-          capabilities[packageId] = [value];
-        } else {
-          if (!capabilities[packageId].includes(value)) {
-            capabilities[packageId].push(value);
-          }
-        }
-      }
-    }
-    return capabilities;
-  }
-  compareCapabilities({
-    headPackages,
-    newPackages
-  }) {
-    let capabilities = {};
-    for (const packageId in newPackages) {
-      const pkg = newPackages[packageId];
-      if (packageId in headPackages) {
-        const headPackage = headPackages[packageId];
-        for (const alert of pkg.alerts) {
-          if (!headPackage.alerts.includes(alert)) {
-            capabilities = this.checkAlertCapabilities({
-              pkg,
-              capabilities,
-              packageId,
-              headPackage
-            });
-          }
-        }
-      } else {
-        capabilities = this.checkAlertCapabilities({
-          pkg,
-          capabilities,
-          packageId
-        });
-      }
-    }
-    return capabilities;
-  }
-  addCapabilitiesToPurl(diff) {
-    const newPackages = [];
-    for (const purl of diff.newPackages) {
-      if (purl.id in diff.newCapabilities) {
-        const capabilities = diff.newCapabilities[purl.id];
-        if (capabilities.length > 0) {
-          purl.capabilities = capabilities;
-          newPackages.push(purl);
-        }
-      } else {
-        newPackages.push(purl);
-      }
-    }
-    diff.newPackages = newPackages;
-    return diff;
-  }
-  async compareSBOMs({
-    headScan,
-    newScan
-  }) {
-    let diff = new Diff();
-    const newPackages = this.createSbomDict(newScan);
-    const headPackages = this.createSbomDict(headScan);
-    let newScanAlerts = {};
-    let headScanAlerts = {};
-    const consolidated = new Set();
-    for (const packageId in newPackages) {
-      const {
-        pkg,
-        purl
-      } = this.createPurl({
-        packageId,
-        packages: newPackages
-      });
-      const basePurl = `${purl.ecosystem}/${purl.name}@${purl.version}`;
-      if (!(packageId in headPackages) && pkg.direct && !consolidated.has(basePurl)) {
-        diff.newPackages.push(purl);
-        consolidated.add(basePurl);
-      }
-      // eslint-disable-next-line no-await-in-loop
-      newScanAlerts = await this.createIssueAlerts({
-        pkg,
-        alerts: newScanAlerts,
-        packages: newPackages
-      });
-    }
-    for (const packageId in headPackages) {
-      const {
-        pkg,
-        purl
-      } = this.createPurl({
-        packageId,
-        packages: headPackages
-      });
-      if (!(packageId in newPackages) && pkg.direct) {
-        diff.removedPackages.push(purl);
-      }
-      // eslint-disable-next-line no-await-in-loop
-      headScanAlerts = await this.createIssueAlerts({
-        pkg,
-        alerts: headScanAlerts,
-        packages: headPackages
-      });
-    }
-    diff.newAlerts = this.compareIssueAlerts({
-      newScanAlerts,
-      headScanAlerts,
-      alerts: diff.newAlerts
-    });
-    diff.newCapabilities = this.compareCapabilities({
-      newPackages,
-      headPackages
-    });
-    diff = this.addCapabilitiesToPurl(diff);
-    return diff;
-  }
-  createPackageFromSbomArtifact(sbomArtifact) {
-    return sbomArtifact.map(sbomArtifact => new Package({
-      type: sbomArtifact.type,
-      name: sbomArtifact.name,
-      version: sbomArtifact.version,
-      release: sbomArtifact.release,
-      id: sbomArtifact.id,
-      direct: sbomArtifact.direct,
-      manifestFiles: sbomArtifact.manifestFiles,
-      author: sbomArtifact.author,
-      size: sbomArtifact.size,
-      score: sbomArtifact.score,
-      alerts: sbomArtifact.alerts,
-      topLevelAncestors: sbomArtifact.topLevelAncestors,
-      license: sbomArtifact.license
-    }));
-  }
-  getLicenseDetails({
-    package: pkg
-  }) {
-    const licenseText = JSON.parse(fs.readFileSync(path.join(undefined, 'license_texts.json'), 'utf8'));
-    const licenseStr = licenseText[pkg.license];
-    if (licenseStr !== undefined) {
-      pkg.license_text = licenseStr;
-    }
-    return pkg;
-  }
-  createSbomDict(sbomArtifacts) {
-    const packages = {};
-    const topLevelCount = {};
-    for (const sbomArtifact of sbomArtifacts) {
-      let pkg = new Package({
-        type: sbomArtifact.type,
-        name: sbomArtifact.name,
-        version: sbomArtifact.version,
-        release: sbomArtifact.release,
-        id: sbomArtifact.id,
-        direct: sbomArtifact.direct,
-        manifestFiles: sbomArtifact.manifestFiles,
-        author: sbomArtifact.author,
-        size: sbomArtifact.size,
-        score: sbomArtifact.score,
-        alerts: sbomArtifact.alerts,
-        topLevelAncestors: sbomArtifact.topLevelAncestors,
-        license: sbomArtifact.license
-      });
-      if (pkg.id in packages) {
-        logger.logger.log('Duplicate package?');
-      } else {
-        pkg = this.getLicenseDetails({
-          package: pkg
-        });
-        packages[pkg.id] = pkg;
-        for (const topId in sbomArtifact.topLevelAncestors ?? []) {
-          if (!(topId in topLevelCount)) {
-            topLevelCount[topId] = 1;
-          } else {
-            topLevelCount[topId] += 1;
-          }
-        }
-      }
-    }
-    if (Object.keys(topLevelCount).length > 0) {
-      for (const packageId in topLevelCount) {
-        const pkg = packages[packageId];
-        if (pkg) {
-          pkg.transitives = topLevelCount[packageId] ?? 0;
-        }
-      }
-    }
-    return packages;
-  }
-  async createNewDiff({
-    params = {}
-  }) {
-    let headFullScanId = '';
-    let headFullScan = [];
-    try {
-      const orgRepoResponse = await this.socket.getOrgRepo(this.owner, this.repo);
-      if (orgRepoResponse.success) {
-        headFullScanId = orgRepoResponse.data.head_full_scan_id ?? '';
-        if (headFullScanId !== '') {
-          headFullScan = await this.getSbomData({
-            fullScanId: headFullScanId
-          });
-        }
-      }
-    } catch (e) {
-      logger.logger.error(e);
-    }
-    const newFullScan = await this.createFullScan({
-      params
-    });
-    newFullScan.packages = this.createSbomDict(newFullScan.sbom_artifacts);
-    const diffReport = await this.compareSBOMs({
-      newScan: newFullScan.sbom_artifacts,
-      headScan: headFullScan
-    });
-    diffReport.packages = newFullScan.packages;
-    const baseSocket = 'https://socket.dev/dashboard/org';
-    diffReport.id = newFullScan.id;
-    diffReport.reportUrl = `${baseSocket}/${this.owner}/sbom/${diffReport.id}`;
-    if (headFullScanId !== '') {
-      diffReport.diffUrl = `${baseSocket}/${this.owner}/diff/${diffReport.id}/${headFullScanId}`;
-    } else {
-      diffReport.diffUrl = diffReport.reportUrl;
-    }
-    return diffReport;
-  }
-}
-
-// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/scm_comments.py
-function checkForSocketComments({
-  comments
-}) {
-  const socketComments = {
-    security: undefined,
-    overview: undefined,
-    ignore: []
-  };
-  for (const commentId in comments) {
-    const comment = comments[commentId];
-    if (comment.body.includes('socket-security-comment-actions')) {
-      socketComments.security = comment;
-    } else if (comment.body.includes('socket-overview-comment-actions')) {
-      socketComments.overview = comment;
-    } else if (
-    // Based on:
-    // To ignore an alert, reply with a comment starting with @SocketSecurity ignore
-    // followed by a space separated list of ecosystem/package-name@version specifiers.
-    // e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all
-    comment.body.split('\n').at(0)?.includes('SocketSecurity ignore')) {
-      socketComments.ignore.push(comment);
-    }
-  }
-  return socketComments;
-}
-
-// Parses the ignore command
-// @SocketSecurity ignore pkg1 pkg2 ...
-// @SocketSecurity ignore ignore-all
-function parseIgnoreCommand(line) {
-  const result = {
-    packages: [],
-    ignoreAll: false
-  };
-  const words = line.trim().replace(/\s+/g, ' ').split(' ');
-  if (words.at(1) === 'ignore-all') {
-    result.ignoreAll = true;
-    return result;
-  }
-  if (words.at(1) === 'ignore') {
-    for (let i = 2; i < words.length; i++) {
-      const pkg = words[i];
-      result.packages.push(pkg);
-    }
-    return result;
-  }
-  return result;
-}
-
-// Ref: https://github.com/socketdev-demo/javascript-threats/pull/89#issuecomment-2456015512
-function processSecurityComment({
-  ignore: ignoreComments,
-  security: securityComment
-}) {
-  const result = [];
-  let start = false;
-  let ignoreAll = false;
-  const ignoredPackages = [];
-  for (const ignoreComment of ignoreComments) {
-    const parsed = parseIgnoreCommand(ignoreComment.body?.split('\n').at(0) ?? '');
-    if (parsed.ignoreAll) {
-      ignoreAll = true;
-      break;
-    }
-    ignoredPackages.push(parsed.packages);
-  }
-
-  // Split the comment body into lines and update them
-  // to generate a new comment body
-  for (let line of securityComment?.body?.split('\n') ?? []) {
-    line = line.trim();
-    if (line.includes('start-socket-alerts-table')) {
-      start = true;
-      result.push(line);
-    } else if (start && !line.includes('end-socket-alerts-table') &&
-    // is not heading line?
-    !(line === '|Alert|Package|Introduced by|Manifest File|CI|' || line.includes(':---')) && line !== '') {
-      // Parsing Markdown data colunms
-      const [_, _title, packageLink, _introducedBy, _manifest, _ci] = line.split('|');
-
-      // Parsing package link [npm/pkg](url)
-      const [_ecosystem, pkg] = packageLink.slice(1, packageLink.indexOf(']')).split('/', 2);
-      const [pkgName, pkgVersion] = pkg.split('@');
-
-      // Checking if this package should be ignored
-      let ignore = false;
-      if (ignoreAll) {
-        ignore = true;
-      } else {
-        for (const [ignoredPkgName, ignorePkgVersion] of ignoredPackages) {
-          if (pkgName === ignoredPkgName && (ignorePkgVersion === '*' || pkgVersion === ignorePkgVersion)) {
-            ignore = true;
-            break;
-          }
-        }
-      }
-      if (ignore) {
-        break;
-      }
-      result.push(line);
-    } else if (line.includes('end-socket-alerts-table')) {
-      start = false;
-      result.push(line);
-    } else {
-      result.push(line);
-    }
-  }
-  return result.join('\n');
-}
-function getIgnoreOptions({
-  comments
-}) {
-  const ignoreCommands = [];
-  let ignoreAll = false;
-  for (const comment of comments.ignore) {
-    let firstLine = comment.body_list[0];
-    if (!ignoreAll && firstLine.includes('SocketSecurity ignore')) {
-      try {
-        firstLine = firstLine.replace(/@/, '');
-        let [, command] = firstLine.split('SocketSecurity ');
-        command = command.trim();
-        if (command === 'ignore-all') {
-          ignoreAll = true;
-        } else {
-          command = command.replace(/ignore/, '').trim();
-          const [name, version] = command.split('@');
-          const data = `${name}/${version}`;
-          ignoreCommands.push(data);
-        }
-      } catch (e) {
-        logger.logger.fail(`Unable to process ignore command for ${comment}`);
-        logger.logger.error(e);
-      }
-    }
-  }
-  return {
-    ignoreAll,
-    ignoreCommands
-  };
-}
-function removeAlerts({
-  comments,
-  newAlerts
-}) {
-  const alerts = [];
-  if (comments.ignore.length === 0) {
-    return newAlerts;
-  }
-  const {
-    ignoreAll,
-    ignoreCommands
-  } = getIgnoreOptions({
-    comments
-  });
-  for (const alert of newAlerts) {
-    if (ignoreAll) {
-      break;
-    } else {
-      const fullName = `${alert.pkg_type}/${alert.pkg_name}`;
-      const purl = `${fullName}/${alert.pkg_version}`;
-      const purlStar = `${fullName}/*`;
-      if (ignoreCommands.includes(purl) || ignoreCommands.includes(purlStar)) {
-        logger.logger.log(`Alerts for ${alert.pkg_name}@${alert.pkg_version} ignored`);
-      } else {
-        logger.logger.log(`Adding alert ${alert.type} for ${alert.pkg_name}@${alert.pkg_version}`);
-        alerts.push(alert);
-      }
-    }
-  }
-  return alerts;
-}
-
-// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/github.py
-/* eslint-disable no-await-in-loop */
-class GitHub {
-  octokit = new vendor.Octokit();
-  constructor() {
-    const [owner = '', repo = ''] = (process.env['GITHUB_REPOSITORY'] ?? '').split('/');
-    // https://github.com/actions/checkout/issues/58#issuecomment-2264361099
-    const prNumber = parseInt(process.env['GITHUB_REF']?.match(/refs\/pull\/(\d+)\/merge/)?.at(1) ?? '');
-    this.owner = owner;
-    this.repo = repo;
-    this.prNumber = prNumber;
-  }
-  checkEventType() {
-    switch (process.env['GITHUB_EVENT_NAME']) {
-      case 'push':
-        return this.prNumber ? 'diff' : 'main';
-      case 'pull_request':
-        {
-          // This env variable needs to be set in the GitHub action.
-          // Add this code below to GitHub action:
-          // - steps:
-          //   - name: Get PR State
-          //     if: github.event_name == 'pull_request'
-          //     run: echo "EVENT_ACTION=${{ github.event.action }}" >> $GITHUB_ENV
-          const eventAction = process.env['EVENT_ACTION'];
-          if (eventAction === 'opened' || eventAction === 'synchronize') {
-            return 'diff';
-          }
-          if (!eventAction) {
-            throw new Error('Missing event action');
-          }
-          logger.logger.log(`Pull request action: ${eventAction} is not supported`);
-          process.exit();
-        }
-      case 'issue_comment':
-        return 'comment';
-      default:
-        throw new Error(`Unknown event type: ${process.env['GITHUB_EVENT_NAME']}`);
-    }
-  }
-  async getCommentsForPR() {
-    const {
-      data: githubComments
-    } = await this.octokit.rest.issues.listComments({
-      owner: this.owner,
-      repo: this.repo,
-      issue_number: this.prNumber
-    });
-    const comments = {};
-    for (const githubComment of githubComments) {
-      comments[githubComment.id] = new Comment({
-        id: githubComment.id,
-        body: githubComment.body ?? '',
-        body_list: (githubComment.body ?? '').split('\n')
-      });
-    }
-    return checkForSocketComments({
-      comments
-    });
-  }
-  async commentReactionExists({
-    commentId
-  }) {
-    const {
-      data
-    } = await this.octokit.reactions.listForIssueComment({
-      owner: this.owner,
-      repo: this.repo,
-      comment_id: commentId
-    });
-    return data.some(reaction => reaction.content === '+1');
-  }
-  async postReaction({
-    commentId
-  }) {
-    await this.octokit.reactions.createForIssueComment({
-      owner: this.owner,
-      repo: this.repo,
-      comment_id: commentId,
-      content: '+1'
-    });
-  }
-  async handleIgnoreReactons({
-    comments
-  }) {
-    for (const ignoreComment of comments.ignore) {
-      if (ignoreComment.body?.includes('SocketSecurity ignore') && !(await this.commentReactionExists({
-        commentId: ignoreComment.id
-      }))) {
-        await this.postReaction({
-          commentId: ignoreComment.id
-        });
-      }
-    }
-  }
-  async updateComment({
-    body,
-    id
-  }) {
-    await this.octokit.issues.updateComment({
-      owner: this.owner,
-      repo: this.repo,
-      comment_id: id,
-      body
-    });
-  }
-  async removeCommentAlerts({
-    comments
-  }) {
-    const securityAlert = comments.security;
-    if (securityAlert !== undefined) {
-      const newBody = processSecurityComment({
-        security: comments.security,
-        ignore: comments.ignore
-      });
-      await this.handleIgnoreReactons({
-        comments
-      });
-      await this.updateComment({
-        id: securityAlert.id,
-        body: newBody
-      });
-    }
-  }
-  async postComment({
-    body
-  }) {
-    await this.octokit.issues.createComment({
-      owner: this.owner,
-      repo: this.repo,
-      issue_number: this.prNumber,
-      body
-    });
-  }
-  async addSocketComments({
-    comments,
-    newOverviewComment,
-    newSecurityComment,
-    overviewComment,
-    securityComment
-  }) {
-    const {
-      overview: existingOverviewComment,
-      security: existingSecurityComment
-    } = comments;
-    if (newOverviewComment) {
-      logger.logger.log('New Dependency Overview comment');
-      if (existingOverviewComment !== undefined) {
-        logger.logger.log('Previous version of Dependency Overview, updating');
-        await this.updateComment({
-          body: overviewComment,
-          id: existingOverviewComment.id
-        });
-      } else {
-        logger.logger.log('No previous version of Dependency Overview, posting');
-        await this.postComment({
-          body: overviewComment
-        });
-      }
-    }
-    if (newSecurityComment) {
-      logger.logger.log('New Security Issue Comment');
-      if (existingSecurityComment !== undefined) {
-        logger.logger.log('Previous version of Security Issue comment, updating');
-        await this.updateComment({
-          body: securityComment,
-          id: existingSecurityComment.id
-        });
-      } else {
-        logger.logger.log('No Previous version of Security Issue comment, posting');
-        await this.postComment({
-          body: securityComment
-        });
-      }
-    }
-  }
-}
-
-// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/core/messages.py
-
-function createPurlLink(purl) {
-  const packageUrl = `[${purl.purl}](${purl.url})`;
-  return packageUrl;
-}
-function createAddedTable(diff) {
-  const overviewTable = ['Package', 'Direct', 'Capabilities', 'Transitives', 'Size', 'Author'];
-  const rows = [];
-  for (const added of diff.newPackages) {
-    const packageUrl = createPurlLink(added);
-    const capabilities = added.capabilities.join(', ');
-    const row = [packageUrl, added.direct, capabilities, added.transitives, `${added.size} KB`, added.author_url];
-    rows.push(row);
-  }
-  let md = '';
-  md += `|${overviewTable.join('|')}|\n`;
-  md += '|---|---|---|---|---|---|\n';
-  for (const row of rows) {
-    md += `|${row.join('|')}|\n`;
-  }
-  return md;
-}
-function createRemoveLine(diff) {
-  const removedLine = ['Removed packages:'];
-  for (const removed of diff.removedPackages) {
-    const packageUrl = createPurlLink(removed);
-    removedLine.push(packageUrl);
-  }
-  return removedLine.join(', ');
-}
-function dependencyOverviewTemplate(diff) {
-  let md = '';
-  md += '<!-- socket-overview-comment-actions -->\n';
-  md += '# Socket Security: Dependency Overview\n';
-  md += 'New and removed dependencies detected. Learn more about [socket.dev](https://socket.dev)\n\n';
-  md += createAddedTable(diff);
-  if (diff.removedPackages.length > 0) {
-    md += createRemoveLine(diff);
-  }
-  return md;
-}
-function createSources(alert) {
-  const sources = [];
-  const manifests = [];
-  for (const [source, manifest] of alert.introduced_by) {
-    const addStr = `<li>${manifest}</li>`;
-    const sourceStr = `<li>${source}</li>`;
-    if (!sources.includes(sourceStr)) {
-      sources.push(sourceStr);
-    }
-    if (!manifests.includes(addStr)) {
-      manifests.push(addStr);
-    }
-  }
-  const manifestList = manifests.join('');
-  const sourceList = sources.join('');
-  const manifestStr = `<ul>${manifestList}</ul>`;
-  const sourcesStr = `<ul>${sourceList}</ul>`;
-  return [manifestStr, sourcesStr];
-}
-function createSecurityAlertTable(diff) {
-  const alertTable = ['Alert', 'Package', 'Introduced by', 'Manifest File', 'CI'];
-  const nextSteps = {};
-  const ignoreCommands = [];
-  const rows = [];
-  for (const alert of diff.newAlerts) {
-    if (!(alert.next_step_title in nextSteps)) {
-      nextSteps[alert.next_step_title] = [alert.description, alert.suggestion];
-    }
-    const ignore = `\`SocketSecurity ignore ${alert.purl}\``;
-    if (!ignoreCommands.includes(ignore)) {
-      ignoreCommands.push(ignore);
-    }
-    const [manifestStr, sourceStr] = createSources(alert);
-    const purlUrl = `[${alert.purl}](${alert.url})`;
-    if (alert.error) {
-      alert.emoji = ':no_entry_sign:';
-    } else {
-      alert.emoji = ':warning:';
-    }
-    const row = [alert.title, purlUrl, sourceStr, manifestStr, alert.emoji];
-    if (!rows.some(r => r.join() === row.join())) {
-      rows.push(row);
-    }
-  }
-  let md = '';
-  md += `|${alertTable.join('|')}|\n`;
-  md += '|---|---|---|---|---|\n';
-  for (const row of rows) {
-    md += `|${row.join('|')}|\n`;
-  }
-  return {
-    ignoreCommands,
-    nextSteps,
-    mdTable: md
-  };
-}
-function createNextSteps(nextSteps) {
-  let md = '';
-  for (const step in nextSteps) {
-    const detail = nextSteps[step];
-    md += '<details>\n';
-    md += `<summary>${step}</summary>\n`;
-    for (const line of detail) {
-      md += `${line}\n`;
-    }
-    md += '</details>\n';
-  }
-  return md;
-}
-function createDeeperLook() {
-  let md = '';
-  md += '<details>\n';
-  md += '<summary>Take a deeper look at the dependency</summary>\n';
-  md += "Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.\n";
-  md += '</details>\n';
-  return md;
-}
-function createRemovePackage() {
-  let md = '';
-  md += '<details>\n';
-  md += '<summary>Remove the package</summary>\n';
-  md += 'If you happen to install a dependency that Socket reports as [https://socket.dev/npm/issue/malware](Known Malware) you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.\n';
-  md += '</details>\n';
-  return md;
-}
-function createAcceptableRisk(ignoreCommands) {
-  let md = '';
-  md += '<details>\n';
-  md += '<summary>Mark a package as acceptable risk</summary>\n';
-  md += 'To ignore an alert, reply with a comment starting with `SocketSecurity ignore` followed by a space separated list of `ecosystem/package-name@version` specifiers. e.g. `SocketSecurity ignore npm/foo@1.0.0` or ignore all packages with `SocketSecurity ignore-all`\n';
-  md += '<ul>\n';
-  for (const ignore of ignoreCommands) {
-    md += `<li>${ignore}</li>\n`;
-  }
-  md += '</ul>\n';
-  md += '</details>\n';
-  return md;
-}
-function securityCommentTemplate(diff) {
-  let md = '';
-  md += '<!-- socket-security-comment-actions -->\n';
-  md += '# Socket Security: Issues Report\n';
-  md += 'Potential security issues detected. Learn more about [socket.dev](https://socket.dev)\n';
-  md += 'To accept the risk, merge this PR and you will not be notified again.\n\n';
-  md += '<!-- start-socket-alerts-table -->\n';
-  const {
-    ignoreCommands,
-    mdTable,
-    nextSteps
-  } = createSecurityAlertTable(diff);
-  md += mdTable;
-  md += '<!-- end-socket-alerts-table -->\n\n';
-  md += createNextSteps(nextSteps);
-  md += createDeeperLook();
-  md += createRemovePackage();
-  md += createAcceptableRisk(ignoreCommands);
-  return md.trim();
-}
-
-// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/socketcli.py
-
-
-// TODO: is this a github action handler?
-async function runAction(githubEventBefore, githubEventAfter) {
-  //TODO
-  const socket = new sdk.SocketSdk(shadowNpmInject.getDefaultToken());
-  const git = simpleGit.simpleGit();
-  const changedFiles = (await git.diff(process.env['GITHUB_EVENT_NAME'] === 'pull_request' ? ['--name-only', 'HEAD^1', 'HEAD'] : ['--name-only', githubEventBefore, githubEventAfter])).split('\n');
-  logger.logger.log({
-    changedFiles
-  });
-  // supportedFiles have 3-level deep globs
-  const patterns = Object.values(await socket.getReportSupportedFiles()).flatMap(i => Object.values(i)).flatMap(i => Object.values(i)).flatMap(i => Object.values(i));
-  const files = micromatch(changedFiles, patterns);
-  const scm = new GitHub();
-  if (scm.checkEventType() === 'comment') {
-    logger.logger.log('Comment initiated flow');
-    const comments = await scm.getCommentsForPR();
-    await scm.removeCommentAlerts({
-      comments
-    });
-  } else if (scm.checkEventType() === 'diff') {
-    logger.logger.log('Push initiated flow');
-    const core = new Core({
-      owner: scm.owner,
-      repo: scm.repo,
-      files,
-      socket
-    });
-    const diff = await core.createNewDiff({});
-    const comments = await scm.getCommentsForPR();
-    diff.newAlerts = removeAlerts({
-      comments,
-      newAlerts: diff.newAlerts
-    });
-    const overviewComment = dependencyOverviewTemplate(diff);
-    const securityComment = securityCommentTemplate(diff);
-    let newSecurityComment = true;
-    let newOverviewComment = true;
-    const updateOldSecurityComment = comments.security !== undefined;
-    const updateOldOverviewComment = comments.overview !== undefined;
-    if (diff.newAlerts.length === 0) {
-      if (!updateOldSecurityComment) {
-        newSecurityComment = false;
-        logger.logger.log('No new alerts or security issue comment disabled');
-      } else {
-        logger.logger.log('Updated security comment with no new alerts');
-      }
-    }
-    if (diff.newPackages.length === 0 && diff.removedPackages.length === 0) {
-      if (!updateOldOverviewComment) {
-        newOverviewComment = false;
-        logger.logger.log('No new/removed packages or Dependency Overview comment disabled');
-      } else {
-        logger.logger.log('Updated overview comment with no dependencies');
-      }
-    }
-    await scm.addSocketComments({
-      securityComment,
-      overviewComment,
-      comments,
-      newSecurityComment,
-      newOverviewComment
-    });
-  }
-}
-
 const {
   API_V0_URL
 } = constants;
@@ -1323,288 +95,20 @@ async function handleAPIError(code) {
   if (code === 400) {
     return 'One of the options passed might be incorrect.';
   } else if (code === 403) {
-    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
-  }
-}
-function getLastFiveOfApiToken(token) {
-  // Get the last 5 characters of the API token before the trailing "_api".
-  return token.slice(-9, -4);
-}
-async function queryAPI(path, apiToken) {
-  return await fetch(`${API_V0_URL}/${path}`, {
-    method: 'GET',
-    headers: {
-      Authorization: `Basic ${btoa(`${apiToken}:${apiToken}`)}`
-    }
-  });
-}
-
-function getFlagListOutput(list, indent, {
-  keyPrefix = '--',
-  padName
-} = {}) {
-  return getHelpListOutput({
-    ...list
-  }, indent, {
-    keyPrefix,
-    padName
-  });
-}
-function getHelpListOutput(list, indent, {
-  keyPrefix = '',
-  padName = 18
-} = {}) {
-  let result = '';
-  const names = Object.keys(list).sort();
-  for (const name of names) {
-    const rawDescription = list[name];
-    const description = (typeof rawDescription === 'object' ? rawDescription.description : rawDescription) || '';
-    result += ''.padEnd(indent) + (keyPrefix + name).padEnd(padName) + description + '\n';
-  }
-  return result.trim();
-}
-
-// TODO: not sure if I'm missing something but meow doesn't seem to expose this?
-
-// Note: we use this description in getFlagListOutput, meow doesn't care
-
-const commonFlags = {
-  help: {
-    type: 'boolean',
-    default: false,
-    shortFlag: 'h',
-    description: 'Print this help.'
-  },
-  dryRun: {
-    type: 'boolean',
-    default: false,
-    description: 'Do input validation for a command and exit 0 when input is ok'
-  }
-};
-const outputFlags = {
-  json: {
-    type: 'boolean',
-    shortFlag: 'j',
-    default: false,
-    description: 'Output result as json'
-  },
-  markdown: {
-    type: 'boolean',
-    shortFlag: 'm',
-    default: false,
-    description: 'Output result as markdown'
-  }
-};
-const validationFlags = {
-  all: {
-    type: 'boolean',
-    default: false,
-    description: 'Include all issues'
-  },
-  strict: {
-    type: 'boolean',
-    default: false,
-    description: 'Exits with an error code if any matching issues are found'
-  }
-};
-
-const {
-  DRY_RUN_LABEL: DRY_RUN_LABEL$1,
-  REDACTED
-} = constants;
-async function meowWithSubcommands(subcommands, options) {
-  const {
-    aliases = {},
-    argv,
-    defaultSub,
-    importMeta,
-    name,
-    ...additionalOptions
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const [commandOrAliasNamex, ...rawCommandArgv] = argv;
-  let commandOrAliasName = commandOrAliasNamex;
-  if (!commandOrAliasName && defaultSub) {
-    commandOrAliasName = defaultSub;
-  }
-  // If we got at least some args, then lets find out if we can find a command.
-  if (commandOrAliasName) {
-    const alias = aliases[commandOrAliasName];
-    // First: Resolve argv data from alias if its an alias that's been given.
-    const [commandName, ...commandArgv] = alias ? [...alias.argv, ...rawCommandArgv] : [commandOrAliasName, ...rawCommandArgv];
-    // Second: Find a command definition using that data.
-    const commandDefinition = commandName ? subcommands[commandName] : undefined;
-    // Third: If a valid command has been found, then we run it...
-    if (commandDefinition) {
-      return await commandDefinition.run(commandArgv, importMeta, {
-        parentName: name
-      });
-    }
-  }
-  const flags = {
-    ...commonFlags,
-    ...additionalOptions.flags
-  };
-  // ...else we provide basic instructions and help.
-
-  emitBanner(name);
-  const cli = vendor.meow(`
-    Usage
-      $ ${name} <command>
-
-    Commands
-      ${getHelpListOutput({
-    ...objects.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
-      1: subcommand
-    }) => !subcommand.hidden))),
-    ...objects.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(({
-      1: alias
-    }) => {
-      const {
-        hidden
-      } = alias;
-      const cmdName = hidden ? '' : alias.argv[0];
-      const subcommand = cmdName ? subcommands[cmdName] : undefined;
-      return subcommand && !subcommand.hidden;
-    })))
-  }, 6)}
-
-    Options
-      ${getFlagListOutput(flags, 6)}
-
-    Examples
-      $ ${name} --help
-  `, {
-    argv,
-    importMeta,
-    ...additionalOptions,
-    flags,
-    autoHelp: false // otherwise we can't exit(0)
-  });
-  if (!cli.flags['help'] && cli.flags['dryRun']) {
-    process.exitCode = 0;
-    logger.logger.log(`${DRY_RUN_LABEL$1}: No-op, call a sub-command; ok`);
-  } else {
-    cli.showHelp();
-  }
-}
-
-/**
- * Note: meow will exit immediately if it calls its .showHelp()
- */
-function meowOrExit({
-  allowUnknownFlags,
-  // commands that pass-through args need to allow this
-  argv,
-  config,
-  importMeta,
-  parentName
-}) {
-  const command = `${parentName} ${config.commandName}`;
-  emitBanner(command);
-
-  // This exits if .printHelp() is called either by meow itself or by us.
-  const cli = vendor.meow({
-    argv,
-    description: config.description,
-    help: config.help(command, config),
-    importMeta,
-    flags: config.flags,
-    allowUnknownFlags: Boolean(allowUnknownFlags),
-    autoHelp: false // otherwise we can't exit(0)
-  });
-  if (cli.flags['help']) {
-    cli.showHelp();
+    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
   }
-  return cli;
-}
-function emitBanner(name) {
-  // Print a banner at the top of each command.
-  // This helps with brand recognition and marketing.
-  // It also helps with debugging since it contains version and command details.
-  // Note: print over stderr to preserve stdout for flags like --json and
-  //       --markdown. If we don't do this, you can't use --json in particular
-  //       and pipe the result to other tools. By emitting the banner over stderr
-  //       you can do something like `socket scan view xyz | jq | process`.
-  //       The spinner also emits over stderr for example.
-  logger.logger.error(getAsciiHeader(name));
 }
-function getAsciiHeader(command) {
-  const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
-  "0.14.62:681c774:be9a8ff8:pub";
-  const nodeVersion = process.version;
-  const apiToken = shadowNpmInject.getSetting('apiToken');
-  const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
-  const relCwd = path$1.normalizePath(process.cwd().replace(new RegExp(`^${regexps.escapeRegExp(constants.homePath)}(?:${path.sep}|$)`, 'i'), '~/'));
-  const body = `
-   _____         _       _        /---------------
-  |   __|___ ___| |_ ___| |_      | Socket.dev CLI ver ${cliVersion}
-  |__   | . |  _| '_| -_|  _|     | Node: ${nodeVersion}, API token set: ${shownToken}
-  |_____|___|___|_,_|___|_|.dev   | Command: \`${command}\`, cwd: ${relCwd}`.trimStart();
-  return `   ${body}\n`;
+function getLastFiveOfApiToken(token) {
+  // Get the last 5 characters of the API token before the trailing "_api".
+  return token.slice(-9, -4);
 }
-
-// https://github.com/SocketDev/socket-python-cli/blob/6d4fc56faee68d3a4764f1f80f84710635bdaf05/socketsecurity/socketcli.py
-
-const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$B
-} = constants;
-const config$C = {
-  commandName: 'action',
-  description: 'Socket action command',
-  // GitHub Action ?
-  hidden: true,
-  flags: {
-    // This flag is unused
-    // socketSecurityApiKey: { // deprecate this asap.
-    //   type: 'string',
-    //   default: 'env var SOCKET_SECURITY_API_KEY',
-    //   description: 'Socket API token'
-    // },
-    githubEventBefore: {
-      type: 'string',
-      default: '',
-      description: 'Before marker'
-    },
-    githubEventAfter: {
-      type: 'string',
-      default: '',
-      description: 'After marker'
+async function queryAPI(path, apiToken) {
+  return await fetch(`${API_V0_URL}/${path}`, {
+    method: 'GET',
+    headers: {
+      Authorization: `Basic ${btoa(`${apiToken}:${apiToken}`)}`
     }
-  },
-  help: (command, {
-    flags
-  }) => `
-    Usage
-      $ ${command} [options]
-
-    Options
-      ${getFlagListOutput(flags, 6)}
-  `
-};
-const cmdAction = {
-  description: config$C.description,
-  hidden: config$C.hidden,
-  run: run$C
-};
-async function run$C(argv, importMeta, {
-  parentName
-}) {
-  const cli = meowOrExit({
-    argv,
-    config: config$C,
-    importMeta,
-    parentName
   });
-  const githubEventBefore = String(cli.flags['githubEventBefore'] || '');
-  const githubEventAfter = String(cli.flags['githubEventAfter'] || '');
-  if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$B);
-    return;
-  }
-  await runAction(githubEventBefore, githubEventAfter);
 }
 
 async function fetchOrgAnalyticsData(time, spinner, apiToken) {
@@ -1765,7 +269,7 @@ async function outputAnalyticsWithToken({
     if (!serialized) return;
     if (filePath && filePath !== '-') {
       try {
-        await fs$1.writeFile(filePath, serialized, 'utf8');
+        await fs.writeFile(filePath, serialized, 'utf8');
         logger.logger.log(`Data successfully written to ${filePath}`);
       } catch (e) {
         process.exitCode = 1;
@@ -1781,7 +285,7 @@ async function outputAnalyticsWithToken({
       const serialized = renderMarkdown(fdata, time, repo);
       if (filePath && filePath !== '-') {
         try {
-          await fs$1.writeFile(filePath, serialized, 'utf8');
+          await fs.writeFile(filePath, serialized, 'utf8');
           logger.logger.log(`Data successfully written to ${filePath}`);
         } catch (e) {
           logger.logger.error(e);
@@ -1950,10 +454,217 @@ function renderLineCharts(grid, screen, title, coords, data) {
   line.setData([lineData]);
 }
 
+// TODO: not sure if I'm missing something but meow doesn't seem to expose this?
+
+// Note: we use this description in getFlagListOutput, meow doesn't care
+
+const commonFlags = {
+  help: {
+    type: 'boolean',
+    default: false,
+    shortFlag: 'h',
+    description: 'Print this help.'
+  },
+  dryRun: {
+    type: 'boolean',
+    default: false,
+    description: 'Do input validation for a command and exit 0 when input is ok'
+  }
+};
+const outputFlags = {
+  json: {
+    type: 'boolean',
+    shortFlag: 'j',
+    default: false,
+    description: 'Output result as json'
+  },
+  markdown: {
+    type: 'boolean',
+    shortFlag: 'm',
+    default: false,
+    description: 'Output result as markdown'
+  }
+};
+const validationFlags = {
+  all: {
+    type: 'boolean',
+    default: false,
+    description: 'Include all issues'
+  },
+  strict: {
+    type: 'boolean',
+    default: false,
+    description: 'Exits with an error code if any matching issues are found'
+  }
+};
+
+function getFlagListOutput(list, indent, {
+  keyPrefix = '--',
+  padName
+} = {}) {
+  return getHelpListOutput({
+    ...list
+  }, indent, {
+    keyPrefix,
+    padName
+  });
+}
+function getHelpListOutput(list, indent, {
+  keyPrefix = '',
+  padName = 18
+} = {}) {
+  let result = '';
+  const names = Object.keys(list).sort();
+  for (const name of names) {
+    const rawDescription = list[name];
+    const description = (typeof rawDescription === 'object' ? rawDescription.description : rawDescription) || '';
+    result += ''.padEnd(indent) + (keyPrefix + name).padEnd(padName) + description + '\n';
+  }
+  return result.trim();
+}
+
+const {
+  DRY_RUN_LABEL: DRY_RUN_LABEL$1,
+  REDACTED
+} = constants;
+async function meowWithSubcommands(subcommands, options) {
+  const {
+    aliases = {},
+    argv,
+    defaultSub,
+    importMeta,
+    name,
+    ...additionalOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const [commandOrAliasNamex, ...rawCommandArgv] = argv;
+  let commandOrAliasName = commandOrAliasNamex;
+  if (!commandOrAliasName && defaultSub) {
+    commandOrAliasName = defaultSub;
+  }
+  // If we got at least some args, then lets find out if we can find a command.
+  if (commandOrAliasName) {
+    const alias = aliases[commandOrAliasName];
+    // First: Resolve argv data from alias if its an alias that's been given.
+    const [commandName, ...commandArgv] = alias ? [...alias.argv, ...rawCommandArgv] : [commandOrAliasName, ...rawCommandArgv];
+    // Second: Find a command definition using that data.
+    const commandDefinition = commandName ? subcommands[commandName] : undefined;
+    // Third: If a valid command has been found, then we run it...
+    if (commandDefinition) {
+      return await commandDefinition.run(commandArgv, importMeta, {
+        parentName: name
+      });
+    }
+  }
+  const flags = {
+    ...commonFlags,
+    ...additionalOptions.flags
+  };
+  // ...else we provide basic instructions and help.
+
+  emitBanner(name);
+  const cli = vendor.meow(`
+    Usage
+      $ ${name} <command>
+
+    Commands
+      ${getHelpListOutput({
+    ...objects.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(({
+      1: subcommand
+    }) => !subcommand.hidden))),
+    ...objects.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(({
+      1: alias
+    }) => {
+      const {
+        hidden
+      } = alias;
+      const cmdName = hidden ? '' : alias.argv[0];
+      const subcommand = cmdName ? subcommands[cmdName] : undefined;
+      return subcommand && !subcommand.hidden;
+    })))
+  }, 6)}
+
+    Options
+      ${getFlagListOutput(flags, 6)}
+
+    Examples
+      $ ${name} --help
+  `, {
+    argv,
+    importMeta,
+    ...additionalOptions,
+    flags,
+    autoHelp: false // otherwise we can't exit(0)
+  });
+  if (!cli.flags['help'] && cli.flags['dryRun']) {
+    process.exitCode = 0;
+    logger.logger.log(`${DRY_RUN_LABEL$1}: No-op, call a sub-command; ok`);
+  } else {
+    cli.showHelp();
+  }
+}
+
+/**
+ * Note: meow will exit immediately if it calls its .showHelp()
+ */
+function meowOrExit({
+  allowUnknownFlags,
+  // commands that pass-through args need to allow this
+  argv,
+  config,
+  importMeta,
+  parentName
+}) {
+  const command = `${parentName} ${config.commandName}`;
+  emitBanner(command);
+
+  // This exits if .printHelp() is called either by meow itself or by us.
+  const cli = vendor.meow({
+    argv,
+    description: config.description,
+    help: config.help(command, config),
+    importMeta,
+    flags: config.flags,
+    allowUnknownFlags: Boolean(allowUnknownFlags),
+    autoHelp: false // otherwise we can't exit(0)
+  });
+  if (cli.flags['help']) {
+    cli.showHelp();
+  }
+  return cli;
+}
+function emitBanner(name) {
+  // Print a banner at the top of each command.
+  // This helps with brand recognition and marketing.
+  // It also helps with debugging since it contains version and command details.
+  // Note: print over stderr to preserve stdout for flags like --json and
+  //       --markdown. If we don't do this, you can't use --json in particular
+  //       and pipe the result to other tools. By emitting the banner over stderr
+  //       you can do something like `socket scan view xyz | jq | process`.
+  //       The spinner also emits over stderr for example.
+  logger.logger.error(getAsciiHeader(name));
+}
+function getAsciiHeader(command) {
+  const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
+  "0.14.63:988a495:e7fc86b0:pub";
+  const nodeVersion = process.version;
+  const apiToken = shadowNpmInject.getSetting('apiToken');
+  const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
+  const relCwd = path.normalizePath(process.cwd().replace(new RegExp(`^${regexps.escapeRegExp(constants.homePath)}(?:${path$1.sep}|$)`, 'i'), '~/'));
+  const body = `
+   _____         _       _        /---------------
+  |   __|___ ___| |_ ___| |_      | Socket.dev CLI ver ${cliVersion}
+  |__   | . |  _| '_| -_|  _|     | Node: ${nodeVersion}, API token set: ${shownToken}
+  |_____|___|___|_,_|___|_|.dev   | Command: \`${command}\`, cwd: ${relCwd}`.trimStart();
+  return `   ${body}\n`;
+}
+
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$A
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$B
 } = constants;
-const config$B = {
+const config$C = {
   commandName: 'analytics',
   description: `Look up analytics data`,
   hidden: false,
@@ -2004,16 +715,16 @@ const config$B = {
   `
 };
 const cmdAnalytics = {
-  description: config$B.description,
-  hidden: config$B.hidden,
-  run: run$B
+  description: config$C.description,
+  hidden: config$C.hidden,
+  run: run$C
 };
-async function run$B(argv, importMeta, {
+async function run$C(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$B,
+    config: config$C,
     importMeta,
     parentName
   });
@@ -2050,7 +761,7 @@ async function run$B(argv, importMeta, {
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$A);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$B);
     return;
   }
   return await displayAnalytics({
@@ -2183,14 +894,14 @@ async function getAuditLogWithToken({
   spinner.start(`Looking up audit log for ${orgSlug}`);
   const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, {
-    outputJson: outputKind === 'json',
-    // I'm not sure this is used at all
-    outputMarkdown: outputKind === 'markdown',
-    // I'm not sure this is used at all
+    // I'm not sure this is used at all.
+    outputJson: String(outputKind === 'json'),
+    // I'm not sure this is used at all.
+    outputMarkdown: String(outputKind === 'markdown'),
     orgSlug,
     type: logType,
-    page,
-    per_page: perPage
+    page: String(page),
+    per_page: String(perPage)
   }), `Looking up audit log for ${orgSlug}\n`);
   if (!result.success) {
     handleUnsuccessfulApiResponse('getAuditLogEvents', result);
@@ -2201,9 +912,9 @@ async function getAuditLogWithToken({
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$z
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$A
 } = constants;
-const config$A = {
+const config$B = {
   commandName: 'audit-log',
   description: 'Look up the audit log for an organization',
   hidden: false,
@@ -2244,16 +955,16 @@ const config$A = {
   `
 };
 const cmdAuditLog = {
-  description: config$A.description,
-  hidden: config$A.hidden,
-  run: run$A
+  description: config$B.description,
+  hidden: config$B.hidden,
+  run: run$B
 };
-async function run$A(argv, importMeta, {
+async function run$B(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$A,
+    config: config$B,
     importMeta,
     parentName
   });
@@ -2278,7 +989,7 @@ async function run$A(argv, importMeta, {
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$z);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$A);
     return;
   }
   await getAuditLog({
@@ -2309,8 +1020,8 @@ async function runCycloneDX(yargvWithYes) {
     ...yargvWithYes
   };
   const yesArgs = yes ? ['--yes'] : [];
-  if (yargv.type !== YARN$1 && nodejsPlatformTypes.has(yargv.type) && fs.existsSync(`./${YARN_LOCK}`)) {
-    if (fs.existsSync(`./${PACKAGE_LOCK_JSON}`)) {
+  if (yargv.type !== YARN$1 && nodejsPlatformTypes.has(yargv.type) && fs$1.existsSync(`./${YARN_LOCK}`)) {
+    if (fs$1.existsSync(`./${PACKAGE_LOCK_JSON}`)) {
       yargv.type = NPM$f;
     } else {
       // Use synp to create a package-lock.json from the yarn.lock,
@@ -2326,14 +1037,14 @@ async function runCycloneDX(yargvWithYes) {
   }
   await shadowBin(NPX$3, [...yesArgs,
   // The '@rollup/plugin-replace' will replace "process.env['INLINED_CYCLONEDX_CDXGEN_VERSION']".
-  `@cyclonedx/cdxgen@${"^11.2.1"}`, ...argvToArray(yargv)]);
+  `@cyclonedx/cdxgen@${"^11.2.2"}`, ...argvToArray(yargv)]);
   if (cleanupPackageLock) {
     try {
-      await fs.promises.rm(`./${PACKAGE_LOCK_JSON}`);
+      await fs$1.promises.rm(`./${PACKAGE_LOCK_JSON}`);
     } catch {}
   }
-  const fullOutputPath = path.join(process$1.cwd(), yargv.output);
-  if (fs.existsSync(fullOutputPath)) {
+  const fullOutputPath = path$1.join(process$1.cwd(), yargv.output);
+  if (fs$1.existsSync(fullOutputPath)) {
     logger.logger.log(colors.cyanBright(`${yargv.output} created!`));
   }
 }
@@ -2395,7 +1106,7 @@ function isHelpFlag(cmdArg) {
 
 // import { meowOrExit } from '../../utils/meow-with-subcommands'
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$y
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$z
 } = constants;
 
 // TODO: convert yargs to meow. Or convert all the other things to yargs.
@@ -2472,7 +1183,7 @@ const yargsConfig = {
   'yes'],
   string: ['api-key', 'lifecycle', 'output', 'parent-project-id', 'profile', 'project-group', 'project-name', 'project-version', 'project-id', 'server-host', 'server-port', 'server-url', 'spec-version']
 };
-const config$z = {
+const config$A = {
   commandName: 'cdxgen',
   description: 'Create an SBOM with CycloneDX generator (cdxgen)',
   hidden: false,
@@ -2488,18 +1199,18 @@ const config$z = {
   `
 };
 const cmdCdxgen = {
-  description: config$z.description,
-  hidden: config$z.hidden,
-  run: run$z
+  description: config$A.description,
+  hidden: config$A.hidden,
+  run: run$A
 };
-async function run$z(argv, importMeta, {
+async function run$A(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     allowUnknownFlags: true,
     // Don't let meow take over --help.
     argv: argv.filter(a => !isHelpFlag(a)),
-    config: config$z,
+    config: config$A,
     importMeta,
     parentName
   });
@@ -2531,7 +1242,7 @@ async function run$z(argv, importMeta, {
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$y);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$z);
     return;
   }
   if (yargv.output === undefined) {
@@ -2598,9 +1309,9 @@ async function findDependencies({
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$x
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$y
 } = constants;
-const config$y = {
+const config$z = {
   commandName: 'dependencies',
   description: 'Search for any dependency that is being used in your organization',
   hidden: false,
@@ -2632,21 +1343,21 @@ const config$y = {
   `
 };
 const cmdScanCreate$1 = {
-  description: config$y.description,
-  hidden: config$y.hidden,
-  run: run$y
+  description: config$z.description,
+  hidden: config$z.hidden,
+  run: run$z
 };
-async function run$y(argv, importMeta, {
+async function run$z(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$y,
+    config: config$z,
     importMeta,
     parentName
   });
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$x);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$y);
     return;
   }
 
@@ -2721,7 +1432,7 @@ async function getDiffScanWithToken({
     }
     if (file && file !== '-') {
       logger.logger.log(`Writing json to \`${file}\``);
-      fs.writeFile(file, JSON.stringify(result, null, 2), err => {
+      fs$1.writeFile(file, JSON.stringify(result, null, 2), err => {
         if (err) {
           logger.logger.fail(`Writing to \`${file}\` failed...`);
           logger.logger.error(err);
@@ -2754,9 +1465,9 @@ async function getDiffScanWithToken({
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$w
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$x
 } = constants;
-const config$x = {
+const config$y = {
   commandName: 'get',
   description: 'Get a diff scan for an organization',
   hidden: false,
@@ -2808,16 +1519,16 @@ const config$x = {
   `
 };
 const cmdDiffScanGet = {
-  description: config$x.description,
-  hidden: config$x.hidden,
-  run: run$x
+  description: config$y.description,
+  hidden: config$y.hidden,
+  run: run$y
 };
-async function run$x(argv, importMeta, {
+async function run$y(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$x,
+    config: config$y,
     importMeta,
     parentName
   });
@@ -2837,7 +1548,7 @@ async function run$x(argv, importMeta, {
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$w);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$x);
     return;
   }
   await getDiffScan({
@@ -2850,9 +1561,9 @@ async function run$x(argv, importMeta, {
   });
 }
 
-const description$5 = 'Diff scans related commands';
+const description$6 = 'Diff scans related commands';
 const cmdDiffScan = {
-  description: description$5,
+  description: description$6,
   // Hidden because it was broken all this time (nobody could be using it)
   // and we're not sure if it's useful to anyone in its current state.
   // Until we do, we'll hide this to keep the help tidier.
@@ -2865,7 +1576,7 @@ const cmdDiffScan = {
       get: cmdDiffScanGet
     }, {
       argv,
-      description: description$5,
+      description: description$6,
       importMeta,
       name: parentName + ' diff-scan'
     });
@@ -3297,7 +2008,7 @@ const readLockFileByAgent = (() => {
   const binaryReader = wrapReader(shadowNpmInject.readFileBinary);
   const defaultReader = wrapReader(async lockPath => await shadowNpmInject.readFileUtf8(lockPath));
   return new Map([[BUN$5, wrapReader(async (lockPath, agentExecPath) => {
-    const ext = path.extname(lockPath);
+    const ext = path$1.extname(lockPath);
     if (ext === LOCK_EXT$1) {
       return await defaultReader(lockPath);
     }
@@ -3323,12 +2034,12 @@ async function detectPackageEnvironment({
   let lockPath = await shadowNpmInject.findUp(Object.keys(LOCKS), {
     cwd
   });
-  let lockName = lockPath ? path.basename(lockPath) : undefined;
+  let lockName = lockPath ? path$1.basename(lockPath) : undefined;
   const isHiddenLockFile = lockName === HIDDEN_PACKAGE_LOCK_JSON;
-  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../${PACKAGE_JSON}`) : await shadowNpmInject.findUp(PACKAGE_JSON, {
+  const pkgJsonPath = lockPath ? path$1.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../${PACKAGE_JSON}`) : await shadowNpmInject.findUp(PACKAGE_JSON, {
     cwd
   });
-  const pkgPath = pkgJsonPath && fs.existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
+  const pkgPath = pkgJsonPath && fs$1.existsSync(pkgJsonPath) ? path$1.dirname(pkgJsonPath) : undefined;
   const editablePkgJson = pkgPath ? await packages.readPackageJson(pkgPath, {
     editable: true
   }) : undefined;
@@ -3513,7 +2224,7 @@ async function detectAndValidatePackageEnvironment(cwd, options) {
     logger?.fail(cmdPrefixMessage(cmdName, `--prod not supported for ${agent}${agentVersion ? `@${agentVersion}` : ''}`));
     return;
   }
-  if (details.lockPath && path.relative(cwd, details.lockPath).startsWith('.')) {
+  if (details.lockPath && path$1.relative(cwd, details.lockPath).startsWith('.')) {
     logger?.warn(cmdPrefixMessage(cmdName, `Package ${lockName} found at ${details.lockPath}`));
   }
   return details;
@@ -3555,9 +2266,9 @@ async function runFix() {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$v
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$w
 } = constants;
-const config$w = {
+const config$x = {
   commandName: 'fix',
   description: 'Fix "fixable" Socket alerts',
   hidden: true,
@@ -3573,27 +2284,27 @@ const config$w = {
   `
 };
 const cmdFix = {
-  description: config$w.description,
-  hidden: config$w.hidden,
-  run: run$w
+  description: config$x.description,
+  hidden: config$x.hidden,
+  run: run$x
 };
-async function run$w(argv, importMeta, {
+async function run$x(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$w,
+    config: config$x,
     importMeta,
     parentName
   });
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$v);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$w);
     return;
   }
   await runFix();
 }
 
-async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
+async function fetchPackageInfo$1(pkgName, pkgVersion, includeAllIssues) {
   const socketSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package');
   const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score');
@@ -3614,7 +2325,7 @@ async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
 const {
   NPM: NPM$9
 } = registryConstants;
-function formatScore(score) {
+function formatScore$1(score) {
   if (score > 80) {
     return colors.green(`${score}`);
   } else if (score < 80 && score > 60) {
@@ -3653,7 +2364,7 @@ function logPackageIssuesDetails(packageData, outputMarkdown) {
     }
   }
 }
-function logPackageInfo({
+function logPackageInfo$1({
   data,
   score,
   severityCount
@@ -3684,7 +2395,7 @@ function logPackageInfo({
     License: Math.floor(score.license.score * 100)
   };
   logger.logger.log('\n');
-  Object.entries(scoreResult).map(score => logger.logger.log(`- ${score[0]}: ${formatScore(score[1])}`));
+  Object.entries(scoreResult).map(score => logger.logger.log(`- ${score[0]}: ${formatScore$1(score[1])}`));
   logger.logger.log('\n');
   if (objects.hasKeys(severityCount)) {
     if (outputKind === 'markdown') {
@@ -3727,10 +2438,10 @@ async function getPackageInfo({
     spinner
   } = constants;
   spinner.start(pkgVersion === 'latest' ? `Looking up data for the latest version of ${pkgName}` : `Looking up data for version ${pkgVersion} of ${pkgName}`);
-  const packageData = await fetchPackageInfo(pkgName, pkgVersion, includeAllIssues);
+  const packageData = await fetchPackageInfo$1(pkgName, pkgVersion, includeAllIssues);
   spinner.successAndStop('Data fetched');
   if (packageData) {
-    logPackageInfo(packageData, {
+    logPackageInfo$1(packageData, {
       name: commandName,
       outputKind,
       pkgName,
@@ -3744,9 +2455,9 @@ async function getPackageInfo({
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$u
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$v
 } = constants;
-const config$v = {
+const config$w = {
   commandName: 'info',
   description: 'Look up info regarding a package',
   hidden: false,
@@ -3768,16 +2479,16 @@ const config$v = {
   `
 };
 const cmdInfo = {
-  description: config$v.description,
-  hidden: config$v.hidden,
-  run: run$v
+  description: config$w.description,
+  hidden: config$w.hidden,
+  run: run$w
 };
-async function run$v(argv, importMeta, {
+async function run$w(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$v,
+    config: config$w,
     importMeta,
     parentName
   });
@@ -3802,11 +2513,11 @@ async function run$v(argv, importMeta, {
   const pkgName = versionSeparator < 1 ? rawPkgName : rawPkgName.slice(0, versionSeparator);
   const pkgVersion = versionSeparator < 1 ? 'latest' : rawPkgName.slice(versionSeparator + 1);
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$u);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$v);
     return;
   }
   await getPackageInfo({
-    commandName: `${parentName} ${config$v.commandName}`,
+    commandName: `${parentName} ${config$w.commandName}`,
     includeAllIssues: Boolean(all),
     outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
     pkgName,
@@ -3893,9 +2604,9 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$t
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$u
 } = constants;
-const config$u = {
+const config$v = {
   commandName: 'login',
   description: 'Socket API login',
   hidden: false,
@@ -3925,23 +2636,23 @@ const config$u = {
   `
 };
 const cmdLogin = {
-  description: config$u.description,
-  hidden: config$u.hidden,
-  run: run$u
+  description: config$v.description,
+  hidden: config$v.hidden,
+  run: run$v
 };
-async function run$u(argv, importMeta, {
+async function run$v(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$u,
+    config: config$v,
     importMeta,
     parentName
   });
   const apiBaseUrl = cli.flags['apiBaseUrl'];
   const apiProxy = cli.flags['apiProxy'];
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$t);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$u);
     return;
   }
   if (!isInteractive()) {
@@ -3967,9 +2678,9 @@ function attemptLogout() {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$s
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$t
 } = constants;
-const config$t = {
+const config$u = {
   commandName: 'logout',
   description: 'Socket API logout',
   hidden: false,
@@ -3984,21 +2695,21 @@ const config$t = {
   `
 };
 const cmdLogout = {
-  description: config$t.description,
-  hidden: config$t.hidden,
-  run: run$t
+  description: config$u.description,
+  hidden: config$u.hidden,
+  run: run$u
 };
-async function run$t(argv, importMeta, {
+async function run$u(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$t,
+    config: config$u,
     importMeta,
     parentName
   });
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$s);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$t);
     return;
   }
   attemptLogout();
@@ -4009,8 +2720,8 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
   const {
     spinner
   } = constants;
-  const rbin = path.resolve(bin);
-  const rtarget = path.resolve(target);
+  const rbin = path$1.resolve(bin);
+  const rtarget = path$1.resolve(target);
   if (verbose) {
     logger.logger.group('gradle2maven:');
     logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\``);
@@ -4030,7 +2741,7 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     // I'd prefer something plain-text if it is to be committed.
 
     // Note: init.gradle will be exported by .config/rollup.dist.config.mjs
-    const initLocation = path.join(constants.rootDistPath, 'init.gradle');
+    const initLocation = path$1.join(constants.rootDistPath, 'init.gradle');
     const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
     if (verbose) {
       logger.logger.log('[VERBOSE] Executing:', bin, commandArgs);
@@ -4103,9 +2814,9 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$r
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$s
 } = constants;
-const config$s = {
+const config$t = {
   commandName: 'gradle',
   description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Gradle/Java/Kotlin/etc project',
   hidden: false,
@@ -4177,22 +2888,22 @@ const config$s = {
   `
 };
 const cmdManifestGradle = {
-  description: config$s.description,
-  hidden: config$s.hidden,
-  run: run$s
+  description: config$t.description,
+  hidden: config$t.hidden,
+  run: run$t
 };
-async function run$s(argv, importMeta, {
+async function run$t(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$s,
+    config: config$t,
     importMeta,
     parentName
   });
   const verbose = Boolean(cli.flags['verbose']);
   if (verbose) {
-    logger.logger.group('- ', parentName, config$s.commandName, ':');
+    logger.logger.group('- ', parentName, config$t.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
     logger.logger.log('- input:', cli.input);
@@ -4219,7 +2930,7 @@ async function run$s(argv, importMeta, {
   if (cli.flags['bin']) {
     bin = cli.flags['bin'];
   } else {
-    bin = path.join(target, 'gradlew');
+    bin = path$1.join(target, 'gradlew');
   }
   let out = './socket.pom.xml';
   if (cli.flags['out']) {
@@ -4240,7 +2951,7 @@ async function run$s(argv, importMeta, {
     gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$r);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$s);
     return;
   }
   await convertGradleToMaven(target, bin, out, verbose, gradleOpts);
@@ -4251,8 +2962,8 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
   const {
     spinner
   } = constants;
-  const rbin = path.resolve(bin);
-  const rtarget = path.resolve(target);
+  const rbin = path$1.resolve(bin);
+  const rtarget = path$1.resolve(target);
   if (verbose) {
     logger.logger.group('sbt2maven:');
     logger.logger.log(`[VERBOSE] - Absolute bin path: \`${rbin}\``);
@@ -4345,9 +3056,9 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$q
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$r
 } = constants;
-const config$r = {
+const config$s = {
   commandName: 'scala',
   description: "[beta] Generate a manifest file (`pom.xml`) from Scala's `build.sbt` file",
   hidden: false,
@@ -4420,22 +3131,22 @@ const config$r = {
   `
 };
 const cmdManifestScala = {
-  description: config$r.description,
-  hidden: config$r.hidden,
-  run: run$r
+  description: config$s.description,
+  hidden: config$s.hidden,
+  run: run$s
 };
-async function run$r(argv, importMeta, {
+async function run$s(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$r,
+    config: config$s,
     importMeta,
     parentName
   });
   const verbose = Boolean(cli.flags['verbose']);
   if (verbose) {
-    logger.logger.group('- ', parentName, config$r.commandName, ':');
+    logger.logger.group('- ', parentName, config$s.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
     logger.logger.log('- input:', cli.input);
@@ -4481,16 +3192,16 @@ async function run$r(argv, importMeta, {
     sbtOpts = cli.flags['sbtOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$q);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$r);
     return;
   }
   await convertSbtToMaven(target, bin, out, verbose, sbtOpts);
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$p
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$q
 } = constants;
-const config$q = {
+const config$r = {
   commandName: 'auto',
   description: 'Auto-detect build and attempt to generate manifest file',
   hidden: false,
@@ -4520,23 +3231,23 @@ const config$q = {
   `
 };
 const cmdManifestAuto = {
-  description: config$q.description,
-  hidden: config$q.hidden,
-  run: run$q
+  description: config$r.description,
+  hidden: config$r.hidden,
+  run: run$r
 };
-async function run$q(argv, importMeta, {
+async function run$r(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$q,
+    config: config$r,
     importMeta,
     parentName
   });
   const verbose = !!cli.flags['verbose'];
   const cwd = cli.flags['cwd'] ?? process.cwd();
   if (verbose) {
-    logger.logger.group('- ', parentName, config$q.commandName, ':');
+    logger.logger.group('- ', parentName, config$r.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
     logger.logger.log('- input:', cli.input);
@@ -4548,14 +3259,14 @@ async function run$q(argv, importMeta, {
     subArgs.push('--verbose');
   }
   const dir = cwd;
-  if (fs.existsSync(path.join(dir, 'build.sbt'))) {
+  if (fs$1.existsSync(path$1.join(dir, 'build.sbt'))) {
     logger.logger.log('Detected a Scala sbt build, running default Scala generator...');
     if (cwd) {
       subArgs.push('--cwd', cwd);
     }
     subArgs.push(dir);
     if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAIL_TEXT$p);
+      logger.logger.log(DRY_RUN_BAIL_TEXT$q);
       return;
     }
     await cmdManifestScala.run(subArgs, importMeta, {
@@ -4563,14 +3274,14 @@ async function run$q(argv, importMeta, {
     });
     return;
   }
-  if (fs.existsSync(path.join(dir, 'gradlew'))) {
+  if (fs$1.existsSync(path$1.join(dir, 'gradlew'))) {
     logger.logger.log('Detected a gradle build, running default gradle generator...');
     if (cwd) {
       // This command takes the cwd as first arg.
       subArgs.push(cwd);
     }
     if (cli.flags['dryRun']) {
-      logger.logger.log(DRY_RUN_BAIL_TEXT$p);
+      logger.logger.log(DRY_RUN_BAIL_TEXT$q);
       return;
     }
     await cmdManifestGradle.run(subArgs, importMeta, {
@@ -4579,13 +3290,13 @@ async function run$q(argv, importMeta, {
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$p);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$q);
     return;
   }
 
   // Show new help screen and exit.
   vendor.meow(`
-    $ ${parentName} ${config$q.commandName}
+    $ ${parentName} ${config$r.commandName}
 
     Unfortunately this script did not discover a supported language in the
     current folder.
@@ -4598,13 +3309,13 @@ async function run$q(argv, importMeta, {
     your target language.
   `, {
     argv: [],
-    description: config$q.description,
+    description: config$r.description,
     importMeta
   }).showHelp();
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$o
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$p
 } = constants;
 
 // TODO: we may want to dedupe some pieces for all gradle languages. I think it
@@ -4612,7 +3323,7 @@ const {
 //       sense for the help panels to note the requested language, rather than
 //       `socket manifest kotlin` to print help screens with `gradle` as the
 //       command. Room for improvement.
-const config$p = {
+const config$q = {
   commandName: 'kotlin',
   description: '[beta] Use Gradle to generate a manifest file (`pom.xml`) for a Kotlin project',
   hidden: false,
@@ -4684,22 +3395,22 @@ const config$p = {
   `
 };
 const cmdManifestKotlin = {
-  description: config$p.description,
-  hidden: config$p.hidden,
-  run: run$p
+  description: config$q.description,
+  hidden: config$q.hidden,
+  run: run$q
 };
-async function run$p(argv, importMeta, {
+async function run$q(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$p,
+    config: config$q,
     importMeta,
     parentName
   });
   const verbose = Boolean(cli.flags['verbose']);
   if (verbose) {
-    logger.logger.group('- ', parentName, config$p.commandName, ':');
+    logger.logger.group('- ', parentName, config$q.commandName, ':');
     logger.logger.group('- flags:', cli.flags);
     logger.logger.groupEnd();
     logger.logger.log('- input:', cli.input);
@@ -4726,7 +3437,7 @@ async function run$p(argv, importMeta, {
   if (cli.flags['bin']) {
     bin = cli.flags['bin'];
   } else {
-    bin = path.join(target, 'gradlew');
+    bin = path$1.join(target, 'gradlew');
   }
   let out = './socket.pom.xml';
   if (cli.flags['out']) {
@@ -4747,13 +3458,13 @@ async function run$p(argv, importMeta, {
     gradleOpts = cli.flags['gradleOpts'].split(' ').map(s => s.trim()).filter(Boolean);
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$o);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$p);
     return;
   }
   await convertGradleToMaven(target, bin, out, verbose, gradleOpts);
 }
 
-const config$o = {
+const config$p = {
   commandName: 'manifest',
   description: 'Generate a dependency manifest for given file or dir',
   hidden: false,
@@ -4761,11 +3472,11 @@ const config$o = {
     ...commonFlags
   }};
 const cmdManifest = {
-  description: config$o.description,
-  hidden: config$o.hidden,
-  run: run$o
+  description: config$p.description,
+  hidden: config$p.hidden,
+  run: run$p
 };
-async function run$o(argv, importMeta, {
+async function run$p(argv, importMeta, {
   parentName
 }) {
   await meowWithSubcommands({
@@ -4777,15 +3488,15 @@ async function run$o(argv, importMeta, {
     argv,
     aliases: {
       yolo: {
-        description: config$o.description,
+        description: config$p.description,
         hidden: true,
         argv: ['auto']
       }
     },
-    description: config$o.description,
+    description: config$p.description,
     importMeta,
-    flags: config$o.flags,
-    name: `${parentName} ${config$o.commandName}`
+    flags: config$p.flags,
+    name: `${parentName} ${config$p.commandName}`
   });
 }
 
@@ -4799,10 +3510,10 @@ async function wrapNpm(argv) {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$n,
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$o,
   NPM: NPM$7
 } = constants;
-const config$n = {
+const config$o = {
   commandName: 'npm',
   description: `${NPM$7} wrapper functionality`,
   hidden: false,
@@ -4813,22 +3524,22 @@ const config$n = {
   `
 };
 const cmdNpm = {
-  description: config$n.description,
-  hidden: config$n.hidden,
-  run: run$n
+  description: config$o.description,
+  hidden: config$o.hidden,
+  run: run$o
 };
-async function run$n(argv, importMeta, {
+async function run$o(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     allowUnknownFlags: true,
     argv,
-    config: config$n,
+    config: config$o,
     importMeta,
     parentName
   });
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$n);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$o);
     return;
   }
   await wrapNpm(argv);
@@ -4844,10 +3555,10 @@ async function wrapNpx(argv) {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$m,
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$n,
   NPX: NPX$1
 } = constants;
-const config$m = {
+const config$n = {
   commandName: 'npx',
   description: `${NPX$1} wrapper functionality`,
   hidden: false,
@@ -4858,31 +3569,31 @@ const config$m = {
   `
 };
 const cmdNpx = {
-  description: config$m.description,
-  hidden: config$m.hidden,
-  run: run$m
+  description: config$n.description,
+  hidden: config$n.hidden,
+  run: run$n
 };
-async function run$m(argv, importMeta, {
+async function run$n(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     allowUnknownFlags: true,
     argv,
-    config: config$m,
+    config: config$n,
     importMeta,
     parentName
   });
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$m);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$n);
     return;
   }
   await wrapNpx(argv);
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$l
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$m
 } = constants;
-const config$l = {
+const config$m = {
   commandName: 'oops',
   description: 'Trigger an intentional error (for development)',
   hidden: true,
@@ -4897,21 +3608,21 @@ const config$l = {
   `
 };
 const cmdOops = {
-  description: config$l.description,
-  hidden: config$l.hidden,
-  run: run$l
+  description: config$m.description,
+  hidden: config$m.hidden,
+  run: run$m
 };
-async function run$l(argv, importMeta, {
+async function run$m(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$l,
+    config: config$m,
     importMeta,
     parentName
   });
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$l);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$m);
     return;
   }
   throw new Error('This error was intentionally left blank');
@@ -5030,7 +3741,7 @@ const PNPM_WORKSPACE = `${PNPM$4}-workspace`;
 async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
   let workspacePatterns;
   if (agent === PNPM$4) {
-    for (const workspacePath of [path.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), path.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
+    for (const workspacePath of [path$1.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), path$1.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
       // eslint-disable-next-line no-await-in-loop
       const yml = await shadowNpmInject.safeReadFile(workspacePath);
       if (yml) {
@@ -5398,7 +4109,7 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
   const {
     content: pkgJson
   } = editablePkgJson;
-  const workspaceName = path.relative(rootPath, pkgPath);
+  const workspaceName = path$1.relative(rootPath, pkgPath);
   const workspaceGlobs = await getWorkspaceGlobs(agent, pkgPath, pkgJson);
   const isRoot = pkgPath === rootPath;
   const isLockScanned = isRoot && !prod;
@@ -5532,7 +4243,7 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
     });
     // Chunk package names to process them in parallel 3 at a time.
     await promises.pEach(workspacePkgJsonPaths, 3, async workspacePkgJsonPath => {
-      const otherState = await addOverrides(path.dirname(workspacePkgJsonPath), pkgEnvDetails, {
+      const otherState = await addOverrides(path$1.dirname(workspacePkgJsonPath), pkgEnvDetails, {
         logger,
         pin,
         prod,
@@ -5570,7 +4281,7 @@ async function updateLockfile(pkgEnvDetails, options) {
     __proto__: null,
     ...options
   };
-  const isSpinning = !!spinner?.isSpinning;
+  const isSpinning = !!spinner?.['isSpinning'];
   if (!isSpinning) {
     spinner?.start();
   }
@@ -5642,9 +4353,9 @@ async function applyOptimization(cwd, pin, prod) {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$k
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$l
 } = constants;
-const config$k = {
+const config$l = {
   commandName: 'optimize',
   description: 'Optimize dependencies with @socketregistry overrides',
   hidden: false,
@@ -5674,22 +4385,22 @@ const config$k = {
   `
 };
 const cmdOptimize = {
-  description: config$k.description,
-  hidden: config$k.hidden,
-  run: run$k
+  description: config$l.description,
+  hidden: config$l.hidden,
+  run: run$l
 };
-async function run$k(argv, importMeta, {
+async function run$l(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$k,
+    config: config$l,
     importMeta,
     parentName
   });
   const cwd = process$1.cwd();
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$k);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$l);
     return;
   }
   await applyOptimization(cwd, Boolean(cli.flags['pin']), Boolean(cli.flags['prod']));
@@ -5763,9 +4474,9 @@ async function printOrganizationsFromToken(apiToken, format = 'text') {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$j
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$k
 } = constants;
-const config$j = {
+const config$k = {
   commandName: 'list',
   description: 'List organizations associated with the API key used',
   hidden: false,
@@ -5778,20 +4489,20 @@ const config$j = {
       $ ${command}
 
     Options
-      ${getFlagListOutput(config$j.flags, 6)}
+      ${getFlagListOutput(config$k.flags, 6)}
   `
 };
 const cmdOrganizationList = {
-  description: config$j.description,
-  hidden: config$j.hidden,
-  run: run$j
+  description: config$k.description,
+  hidden: config$k.hidden,
+  run: run$k
 };
-async function run$j(argv, importMeta, {
+async function run$k(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$j,
+    config: config$k,
     importMeta,
     parentName
   });
@@ -5810,7 +4521,7 @@ ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$j);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$k);
     return;
   }
   await getOrganization(json ? 'json' : markdown ? 'markdown' : 'text');
@@ -5858,11 +4569,11 @@ async function getSecurityPolicyWithToken(apiToken, orgSlug, format) {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$i
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$j
 } = constants;
 
 // TODO: secret toplevel alias `socket security policy`?
-const config$i = {
+const config$j = {
   commandName: 'security',
   description: 'Retrieve the security policy of an organization.',
   hidden: true,
@@ -5875,7 +4586,7 @@ const config$i = {
       $ ${command} <org slug>
 
     Options
-      ${getFlagListOutput(config$i.flags, 6)}
+      ${getFlagListOutput(config$j.flags, 6)}
 
     Your API token will need the \`security-policy:read\` permission otherwise
     the request will fail with an authentication error.
@@ -5886,16 +4597,16 @@ const config$i = {
   `
 };
 const cmdOrganizationPolicyPolicy = {
-  description: config$i.description,
-  hidden: config$i.hidden,
-  run: run$i
+  description: config$j.description,
+  hidden: config$j.hidden,
+  run: run$j
 };
-async function run$i(argv, importMeta, {
+async function run$j(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$i,
+    config: config$j,
     importMeta,
     parentName
   });
@@ -5916,15 +4627,15 @@ ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$i);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$j);
     return;
   }
   await getSecurityPolicy(orgSlug, json ? 'json' : markdown ? 'markdown' : 'text');
 }
 
-const description$4 = 'Organization policy details';
+const description$5 = 'Organization policy details';
 const cmdOrganizationPolicy = {
-  description: description$4,
+  description: description$5,
   // Hidden because it was broken all this time (nobody could be using it)
   // and we're not sure if it's useful to anyone in its current state.
   // Until we do, we'll hide this to keep the help tidier.
@@ -5937,7 +4648,7 @@ const cmdOrganizationPolicy = {
       security: cmdOrganizationPolicyPolicy
     }, {
       argv,
-      description: description$4,
+      description: description$5,
       defaultSub: 'list',
       // Backwards compat
       importMeta,
@@ -5988,9 +4699,9 @@ async function getQuotaWithToken(apiToken, format = 'text') {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$h
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$i
 } = constants;
-const config$h = {
+const config$i = {
   commandName: 'quota',
   description: 'List organizations associated with the API key used',
   hidden: true,
@@ -6003,20 +4714,20 @@ const config$h = {
       $ ${command}
 
     Options
-      ${getFlagListOutput(config$h.flags, 6)}
+      ${getFlagListOutput(config$i.flags, 6)}
   `
 };
 const cmdOrganizationQuota = {
-  description: config$h.description,
-  hidden: config$h.hidden,
-  run: run$h
+  description: config$i.description,
+  hidden: config$i.hidden,
+  run: run$i
 };
-async function run$h(argv, importMeta, {
+async function run$i(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$h,
+    config: config$i,
     importMeta,
     parentName
   });
@@ -6035,15 +4746,15 @@ ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$h);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$i);
     return;
   }
   await getQuota(json ? 'json' : markdown ? 'markdown' : 'text');
 }
 
-const description$3 = 'Account details';
+const description$4 = 'Account details';
 const cmdOrganization = {
-  description: description$3,
+  description: description$4,
   // Hidden because it was broken all this time (nobody could be using it)
   // and we're not sure if it's useful to anyone in its current state.
   // Until we do, we'll hide this to keep the help tidier.
@@ -6058,7 +4769,7 @@ const cmdOrganization = {
       policy: cmdOrganizationPolicy
     }, {
       argv,
-      description: description$3,
+      description: description$4,
       defaultSub: 'list',
       // Backwards compat
       importMeta,
@@ -6067,6 +4778,298 @@ const cmdOrganization = {
   }
 };
 
+// Either an ecosystem was given or all args must be (namespaced) purls
+// The `pkg:` part is optional here. We'll scan for `eco/name@version`.
+// Not hardcoding the namespace since we don't know what the server accepts.
+// The ecosystem is considered as the first package if it is not an a-z string.
+function parsePackageSpecifiers(ecosystem, pkgs) {
+  let valid = true;
+  const purls = [];
+  if (!ecosystem) {
+    valid = false;
+  } else if (/^[a-zA-Z]+$/.test(ecosystem)) {
+    for (let i = 0; i < pkgs.length; ++i) {
+      const pkg = pkgs[i] ?? '';
+      if (!pkg) {
+        valid = false;
+        break;
+      } else if (pkg.startsWith('pkg:')) {
+        // keep
+        purls.push(pkg);
+      } else if (pkg.includes('/')) {
+        // Looks like this arg was already namespaced
+        purls.push('pkg:' + pkg);
+      } else {
+        purls.push('pkg:' + ecosystem + '/' + pkg);
+      }
+    }
+    if (!purls.length) {
+      valid = false;
+    }
+  } else {
+    // Assume ecosystem is a purl, too
+    pkgs.unshift(ecosystem);
+    for (let i = 0; i < pkgs.length; ++i) {
+      const pkg = pkgs[i] ?? '';
+      if (!/^(?:pkg:)?[a-zA-Z]+\/./.test(pkg)) {
+        // At least one purl did not start with `pkg:eco/x` or `eco/x`
+        valid = false;
+        break;
+      } else if (pkg.startsWith('pkg:')) {
+        purls.push(pkg);
+      } else {
+        purls.push('pkg:' + pkg);
+      }
+    }
+    if (!purls.length) {
+      valid = false;
+    }
+  }
+  return {
+    purls,
+    valid
+  };
+}
+
+async function fetchPackageInfo(purls) {
+  const socketSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
+
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  logger.logger.error(`Requesting shallow score data for ${purls.length} package urls (purl): ${purls.join(', ')}`);
+  spinner.start(`Requesting data ...`);
+  const result = await handleApiCall(socketSdk.batchPackageFetch({
+    alerts: 'true'
+    // compact: false,
+    // fixable: false,
+    // licenseattrib: false,
+    // licensedetails: false
+  }, {
+    components: purls.map(purl => ({
+      purl
+    }))
+  }), 'looking up package');
+  spinner.successAndStop('Request completed');
+  if (result.success) {
+    return result;
+  } else {
+    handleUnsuccessfulApiResponse('batchPackageFetch', result);
+  }
+}
+
+function logPackageInfo(purls, packageData, outputKind) {
+  if (outputKind === 'json') {
+    // In JSON simply return what the server responds with. Don't bother trying
+    // to match the response with the requested packages/purls.
+    logger.logger.log(JSON.stringify(packageData, undefined, 2));
+    return;
+  }
+
+  // Make some effort to match the requested data with the response
+
+  const set = new Set();
+  packageData.forEach(data => {
+    set.add('pkg:' + data.type + '/' + data.name + '@' + data.version);
+    set.add('pkg:' + data.type + '/' + data.name);
+  });
+  const missing = purls.filter(purl => {
+    if (set.has(purl)) return false;
+    if (purl.endsWith('@latest') && set.has(purl.slice(0, -'@latest'.length))) return false;
+    return true; // not found
+  });
+  if (outputKind === 'markdown') {
+    logger.logger.log(commonTags.stripIndents`
+      # Shallow Package Report
+
+      This report contains the response for requesting data on some package url(s).
+
+      Please note: The listed scores are ONLY for the package itself. It does NOT
+                   reflect the scores of any dependencies, transitive or otherwise.
+
+      ${missing.length ? `\n## Missing response\n\nAt least one package had no response or the purl was not canonical:\n\n${missing.map(purl => '- ' + purl + '\n').join('')}` : ''}
+
+      ${packageData.map(data => '## ' + formatReportCard(data, false)).join('\n\n\n')}
+    `);
+    return;
+  }
+  logger.logger.log('\n' + colors.bold('Shallow Package Score') + '\n');
+  logger.logger.log('Please note: The listed scores are ONLY for the package itself. It does NOT\n' + '             reflect the scores of any dependencies, transitive or otherwise.');
+  if (missing.length) {
+    logger.logger.log(`\nAt least one package had no response or the purl was not canonical:\n${missing.map(purl => '\n- ' + colors.bold(purl)).join('')}`);
+  }
+  packageData.forEach(data => {
+    logger.logger.log('\n');
+    logger.logger.log(formatReportCard(data, true));
+  });
+  logger.logger.log('');
+}
+function formatReportCard(data, color) {
+  const scoreResult = {
+    'Supply Chain Risk': Math.floor((data.score?.supplyChain ?? 0) * 100),
+    Maintenance: Math.floor((data.score?.maintenance ?? 0) * 100),
+    Quality: Math.floor((data.score?.quality ?? 0) * 100),
+    Vulnerabilities: Math.floor((data.score?.vulnerability ?? 0) * 100),
+    License: Math.floor((data.score?.license ?? 0) * 100)
+  };
+  const alertString = getAlertString(data.alerts, !color);
+  const purl = 'pkg:' + data.type + '/' + data.name + '@' + data.version;
+  return ['Package: ' + (color ? colors.bold(purl) : purl), '', ...Object.entries(scoreResult).map(score => `- ${score[0]}:`.padEnd(20, ' ') + `  ${formatScore(score[1], !color, true)}`), alertString].join('\n');
+}
+function formatScore(score, noColor = false, pad = false) {
+  const padded = String(score).padStart(pad ? 3 : 0, ' ');
+  if (noColor) return padded;else if (score >= 80) return colors.green(padded);else if (score >= 60) return colors.yellow(padded);else return colors.red(padded);
+}
+function getAlertString(alerts, noColor = false) {
+  if (!alerts?.length) {
+    return noColor ? `- Alerts: none!` : `- Alerts: ${colors.green('none')}!`;
+  } else {
+    const bad = alerts.filter(alert => alert.severity !== 'low' && alert.severity !== 'middle').sort((a, b) => a.type < b.type ? -1 : a.type > b.type ? 1 : 0);
+    const mid = alerts.filter(alert => alert.severity === 'middle').sort((a, b) => a.type < b.type ? -1 : a.type > b.type ? 1 : 0);
+    const low = alerts.filter(alert => alert.severity === 'low').sort((a, b) => a.type < b.type ? -1 : a.type > b.type ? 1 : 0);
+
+    // We need to create the no-color string regardless because the actual string
+    // contains a bunch of invisible ANSI chars which would screw up length checks.
+    const colorless = `- Alerts (${bad.length}/${mid.length.toString()}/${low.length}):`;
+    if (noColor) {
+      return colorless + ' '.repeat(Math.max(0, 20 - colorless.length)) + '  ' + [bad.map(alert => `[${alert.severity}] ` + alert.type).join(', '), mid.map(alert => `[${alert.severity}] ` + alert.type).join(', '), low.map(alert => `[${alert.severity}] ` + alert.type).join(', ')].filter(Boolean).join(', ');
+    }
+    return `- Alerts (${colors.red(bad.length.toString())}/${colors.yellow(mid.length.toString())}/${low.length}):` + ' '.repeat(Math.max(0, 20 - colorless.length)) + '  ' + [bad.map(alert => colors.red(colors.dim(`[${alert.severity}] `) + alert.type)).join(', '), mid.map(alert => colors.yellow(colors.dim(`[${alert.severity}] `) + alert.type)).join(', '), low.map(alert => colors.dim(`[${alert.severity}] `) + alert.type).join(', ')].filter(Boolean).join(', ');
+  }
+}
+
+async function showPurlInfo({
+  outputKind,
+  purls
+}) {
+  const packageData = await fetchPackageInfo(purls);
+  if (packageData) {
+    logPackageInfo(purls, packageData.data, outputKind);
+  }
+}
+
+const {
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$h
+} = constants;
+const config$h = {
+  commandName: 'shallow',
+  description: 'Look up info regarding one or more packages but not their transitives',
+  hidden: true,
+  flags: {
+    ...commonFlags,
+    ...outputFlags
+  },
+  help: (command, config) => `
+    Usage
+      $ ${command} <<ecosystem> <name> [<name> ...] | <purl> [<purl> ...]>
+
+    Options
+      ${getFlagListOutput(config.flags, 6)}
+
+    Requirements
+      - quota: 100
+      - scope: \`packages:list\`
+
+    Show scoring details for one or more packages purely based on their own package.
+    This means that any dependency scores are not reflected by the score. You can
+    use the \`socket package score <pkg>\` command to get its full transitive score.
+
+    Only a few ecosystems are supported like npm, golang, and maven.
+
+    A "purl" is a standard package name formatting: \`pkg:eco/name@version\`
+    This command will automatically prepend "pkg:" when not present.
+
+    If the first arg is an ecosystem, remaining args that are not a purl are
+    assumed to be scoped to that ecosystem.
+
+    Examples
+      $ ${command} npm webtorrent
+      $ ${command} npm webtorrent@1.9.1
+      $ ${command} npm/webtorrent@1.9.1
+      $ ${command} pkg:npm/webtorrent@1.9.1
+      $ ${command} maven webtorrent babel
+      $ ${command} npm/webtorrent golang/babel
+      $ ${command} npm npm/webtorrent@1.0.1 babel
+  `
+};
+const cmdPackageShallow = {
+  description: config$h.description,
+  hidden: config$h.hidden,
+  alias: {
+    shallowScore: {
+      description: config$h.description,
+      hidden: true,
+      argv: []
+    }
+  },
+  run: run$h
+};
+async function run$h(argv, importMeta, {
+  parentName
+}) {
+  const cli = meowOrExit({
+    argv,
+    config: config$h,
+    importMeta,
+    parentName
+  });
+  const {
+    json,
+    markdown
+  } = cli.flags;
+  const [ecosystem = '', ...pkgs] = cli.input;
+  const {
+    purls,
+    valid
+  } = parsePackageSpecifiers(ecosystem, pkgs);
+  if (!valid || !purls.length) {
+    // Use exit status of 2 to indicate incorrect usage, generally invalid
+    // options or missing arguments.
+    // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
+    process.exitCode = 2;
+    logger.logger.fail(`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:\n
+      - First parameter should be an ecosystem or all args must be purls ${!valid ? colors.red('(bad!)') : colors.green('(ok)')}\n
+      - Expecting at least one package ${!purls.length ? colors.red('(missing!)') : colors.green('(ok)')}\n
+    `);
+    return;
+  }
+  if (cli.flags['dryRun']) {
+    logger.logger.log(DRY_RUN_BAIL_TEXT$h);
+    return;
+  }
+  await showPurlInfo({
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'text',
+    purls
+  });
+}
+
+const description$3 = 'Commands relating to looking up published packages';
+const cmdPackage = {
+  description: description$3,
+  hidden: true,
+  // [beta]
+  async run(argv, importMeta, {
+    parentName
+  }) {
+    await meowWithSubcommands({
+      shallow: cmdPackageShallow
+    }, {
+      aliases: {
+        pkg: {
+          description: description$3,
+          hidden: true,
+          argv: []
+        }
+      },
+      argv,
+      description: description$3,
+      importMeta,
+      name: parentName + ' package'
+    });
+  }
+};
+
 async function runRawNpm(argv) {
   const spawnPromise = spawn.spawn(shadowNpmPaths.getNpmBinPath(), argv, {
     stdio: 'inherit'
@@ -6394,7 +5397,7 @@ async function run$e(argv, importMeta, {
 
   // TODO: Allow setting a custom cwd and/or configFile path?
   const cwd = process$1.cwd();
-  const absoluteConfigPath = path.join(cwd, 'socket.yml');
+  const absoluteConfigPath = path$1.join(cwd, 'socket.yml');
   const dryRun = Boolean(cli.flags['dryRun']);
   const json = Boolean(cli.flags['json']);
   const markdown = Boolean(cli.flags['markdown']);
@@ -6775,8 +5778,8 @@ async function listReposWithToken({
   const result = await handleApiCall(socketSdk.getOrgRepoList(orgSlug, {
     sort,
     direction,
-    per_page,
-    page
+    per_page: String(per_page),
+    page: String(page)
   }), 'listing repositories');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgRepoList', result);
@@ -7237,13 +6240,13 @@ async function suggestRepoSlug(socketSdk, orgSlug) {
     // There's no guarantee that the cwd is part of this page. If it's not
     // then do an additional request and specific search for it instead.
     // This way we can offer the tip of "do you want to create [cwd]?".
-    perPage: 10,
-    page: 0
+    perPage: '10',
+    page: '0'
   }), 'looking up known repos');
   // Ignore a failed request here. It was not the primary goal of
   // running this command and reporting it only leads to end-user confusion.
   if (result.success) {
-    const currentDirName = dirNameToSlug(path.basename(process$1.cwd()));
+    const currentDirName = dirNameToSlug(path$1.basename(process$1.cwd()));
     let cwdIsKnown = !!currentDirName && result.data.results.some(obj => obj.slug === currentDirName);
     if (!cwdIsKnown && currentDirName) {
       // Do an explicit request so we can assert that the cwd exists or not
@@ -7463,9 +6466,9 @@ async function createFullScan({
     repo: repoName,
     branch: branchName,
     commit_message: commitMessage,
-    make_default_branch: defaultBranch,
-    set_as_pending_head: pendingHead,
-    tmp
+    make_default_branch: String(defaultBranch),
+    set_as_pending_head: String(pendingHead),
+    tmp: String(tmp)
   }, packagePaths, cwd), 'Creating scan');
   if (!result.success) {
     handleUnsuccessfulApiResponse('CreateOrgFullScan', result);
@@ -7782,8 +6785,8 @@ async function listFullScansWithToken({
   const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, {
     sort,
     direction,
-    per_page,
-    page,
+    per_page: String(per_page),
+    page: String(page),
     from: from_time
   }), 'Listing scans');
   if (!result.success) {
@@ -8391,7 +7394,7 @@ async function reportFullScan({
     const json = short ? JSON.stringify(scanReport) : toJsonReport(scanReport);
     if (filePath && filePath !== '-') {
       logger.logger.log('Writing json report to', filePath);
-      return await fs$1.writeFile(filePath, json);
+      return await fs.writeFile(filePath, json);
     }
     logger.logger.log(json);
     return;
@@ -8400,7 +7403,7 @@ async function reportFullScan({
     const md = short ? `healthy = ${scanReport.healthy}` : toMarkdownReport(scanReport);
     if (filePath && filePath !== '-') {
       logger.logger.log('Writing markdown report to', filePath);
-      return await fs$1.writeFile(filePath, md);
+      return await fs.writeFile(filePath, md);
     }
     logger.logger.log(md);
     return;
@@ -8641,7 +7644,7 @@ View this report at: https://socket.dev/dashboard/org/${orgSlug}/sbom/${fullScan
   `.trim() + '\n';
   if (filePath && filePath !== '-') {
     try {
-      await fs$1.writeFile(filePath, report, 'utf8');
+      await fs.writeFile(filePath, report, 'utf8');
       logger.logger.log(`Data successfully written to ${filePath}`);
     } catch (e) {
       process.exitCode = 1;
@@ -9004,7 +8007,7 @@ async function run$1(argv, importMeta, {
 }
 
 function addSocketWrapper(file) {
-  return fs.appendFile(file, 'alias npm="socket npm"\nalias npx="socket npx"\n', err => {
+  return fs$1.appendFile(file, 'alias npm="socket npm"\nalias npx="socket npx"\n', err => {
     if (err) {
       return new Error(`There was an error setting up the alias: ${err}`);
     }
@@ -9018,7 +8021,7 @@ If you want to disable it at any time, run \`socket wrapper --disable\`
 }
 
 function checkSocketWrapperSetup(file) {
-  const fileContent = fs.readFileSync(file, 'utf8');
+  const fileContent = fs$1.readFileSync(file, 'utf8');
   const linesWithSocketAlias = fileContent.split('\n').filter(l => l === 'alias npm="socket npm"' || l === 'alias npx="socket npx"');
   if (linesWithSocketAlias.length) {
     logger.logger.log(`The Socket npm/npx wrapper is set up in your bash profile (${file}).`);
@@ -9033,7 +8036,7 @@ function postinstallWrapper() {
     bashRcPath,
     zshRcPath
   } = constants;
-  const socketWrapperEnabled = fs.existsSync(bashRcPath) && checkSocketWrapperSetup(bashRcPath) || fs.existsSync(zshRcPath) && checkSocketWrapperSetup(zshRcPath);
+  const socketWrapperEnabled = fs$1.existsSync(bashRcPath) && checkSocketWrapperSetup(bashRcPath) || fs$1.existsSync(zshRcPath) && checkSocketWrapperSetup(zshRcPath);
   if (!socketWrapperEnabled) {
     installSafeNpm(`The Socket CLI is now successfully installed! 🎉
 
@@ -9065,10 +8068,10 @@ function askQuestion(rl, query) {
         zshRcPath
       } = constants;
       try {
-        if (fs.existsSync(bashRcPath)) {
+        if (fs$1.existsSync(bashRcPath)) {
           addSocketWrapper(bashRcPath);
         }
-        if (fs.existsSync(zshRcPath)) {
+        if (fs$1.existsSync(zshRcPath)) {
           addSocketWrapper(zshRcPath);
         }
       } catch (e) {
@@ -9084,7 +8087,7 @@ function askQuestion(rl, query) {
 }
 
 function removeSocketWrapper(file) {
-  return fs.readFile(file, 'utf8', function (err, data) {
+  return fs$1.readFile(file, 'utf8', function (err, data) {
     if (err) {
       logger.logger.fail('There was an error removing the alias:');
       logger.logger.error(err);
@@ -9092,7 +8095,7 @@ function removeSocketWrapper(file) {
     }
     const linesWithoutSocketAlias = data.split('\n').filter(l => l !== 'alias npm="socket npm"' && l !== 'alias npx="socket npx"');
     const updatedFileContent = linesWithoutSocketAlias.join('\n');
-    fs.writeFile(file, updatedFileContent, function (err) {
+    fs$1.writeFile(file, updatedFileContent, function (err) {
       if (err) {
         logger.logger.error(err);
         return;
@@ -9181,21 +8184,21 @@ async function run(argv, importMeta, {
     zshRcPath
   } = constants;
   if (enable) {
-    if (fs.existsSync(bashRcPath) && !checkSocketWrapperSetup(bashRcPath)) {
+    if (fs$1.existsSync(bashRcPath) && !checkSocketWrapperSetup(bashRcPath)) {
       addSocketWrapper(bashRcPath);
     }
-    if (fs.existsSync(zshRcPath) && !checkSocketWrapperSetup(zshRcPath)) {
+    if (fs$1.existsSync(zshRcPath) && !checkSocketWrapperSetup(zshRcPath)) {
       addSocketWrapper(zshRcPath);
     }
   } else {
-    if (fs.existsSync(bashRcPath)) {
+    if (fs$1.existsSync(bashRcPath)) {
       removeSocketWrapper(bashRcPath);
     }
-    if (fs.existsSync(zshRcPath)) {
+    if (fs$1.existsSync(zshRcPath)) {
       removeSocketWrapper(zshRcPath);
     }
   }
-  if (!fs.existsSync(bashRcPath) && !fs.existsSync(zshRcPath)) {
+  if (!fs$1.existsSync(bashRcPath) && !fs$1.existsSync(zshRcPath)) {
     logger.logger.fail('There was an issue setting up the alias in your bash profile');
   }
 }
@@ -9209,12 +8212,11 @@ void (async () => {
   await vendor.updater({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: "0.14.62",
+    version: "0.14.63",
     ttl: 86_400_000 /* 24 hours in milliseconds */
   });
   try {
     await meowWithSubcommands({
-      action: cmdAction,
       cdxgen: cmdCdxgen,
       fix: cmdFix,
       info: cmdInfo,
@@ -9225,6 +8227,7 @@ void (async () => {
       oops: cmdOops,
       optimize: cmdOptimize,
       organization: cmdOrganization,
+      package: cmdPackage,
       'raw-npm': cmdRawNpm,
       'raw-npx': cmdRawNpx,
       report: cmdReport,
@@ -9276,5 +8279,5 @@ void (async () => {
     await shadowNpmInject.captureException(e);
   }
 })();
-//# debugId=a794b9bc-963d-4504-a1af-e5c87018417b
+//# debugId=c590986b-fa07-40bd-8503-b619777b396e
 //# sourceMappingURL=cli.js.map