@socketsecurity/cli 0.14.64 → 0.14.65

package/dist/require/cli.js

@@ -20,6 +20,7 @@ var commonTags = _socketInterop(require('common-tags'));
 var fs = require('node:fs/promises');
 var ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'));
 var contrib = _socketInterop(require('blessed-contrib'));
+var strings = require('@socketsecurity/registry/lib/strings');
 var shadowNpmInject = require('./shadow-npm-inject.js');
 var constants = require('./constants.js');
 var path$1 = require('node:path');
@@ -46,7 +47,6 @@ var semver = _socketInterop(require('semver'));
 var which = _socketInterop(require('which'));
 var index_cjs = require('@socketregistry/hyrious__bun.lockb/index.cjs');
 var sorts = require('@socketsecurity/registry/lib/sorts');
-var strings = require('@socketsecurity/registry/lib/strings');
 var registryConstants = require('@socketsecurity/registry/lib/constants');
 var isInteractive = require('@socketregistry/is-interactive/index.cjs');
 var terminalLink = _socketInterop(require('terminal-link'));
@@ -62,9 +62,6 @@ var BoxWidget = _socketInterop(require('blessed/lib/widgets/box'));
 var TableWidget = _socketInterop(require('blessed-contrib/lib/widget/table'));
 var readline$1 = require('node:readline');
 
-const {
-  API_V0_URL
-} = constants;
 function handleUnsuccessfulApiResponse(_name, result) {
   // SocketSdkErrorType['error'] is not typed.
   const resultErrorMessage = result.error?.message;
@@ -96,13 +93,20 @@ async function handleAPIError(code) {
     return 'One of the options passed might be incorrect.';
   } else if (code === 403) {
     return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
-  }
+  } else ;
 }
 function getLastFiveOfApiToken(token) {
   // Get the last 5 characters of the API token before the trailing "_api".
   return token.slice(-9, -4);
 }
+
+// The API server that should be used for operations.
+function getDefaultApiBaseUrl() {
+  const baseUrl = process$1.env['SOCKET_SECURITY_API_BASE_URL'] || shadowNpmInject.getSetting('apiBaseUrl');
+  return strings.isNonEmptyString(baseUrl) ? baseUrl : undefined;
+}
 async function queryAPI(path, apiToken) {
+  const API_V0_URL = getDefaultApiBaseUrl();
   return await fetch(`${API_V0_URL}/${path}`, {
     method: 'GET',
     headers: {
@@ -648,7 +652,7 @@ function emitBanner(name) {
 }
 function getAsciiHeader(command) {
   const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
-  "0.14.64:6005821:68cf541a:pub";
+  "0.14.65:ace6cae:9b43c652:pub";
   const nodeVersion = process.version;
   const apiToken = shadowNpmInject.getSetting('apiToken');
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
@@ -773,7 +777,7 @@ async function run$C(argv, importMeta, {
   });
 }
 
-async function getAuditLog({
+async function fetchAuditLog({
   logType,
   orgSlug,
   outputKind,
@@ -784,16 +788,59 @@ async function getAuditLog({
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  const auditLogs = await getAuditLogWithToken({
-    apiToken,
+  return await fetchAuditLogWithToken(apiToken, {
+    logType,
     orgSlug,
     outputKind,
     page,
-    perPage,
-    logType
+    perPage
   });
-  if (!auditLogs) return;
-  if (outputKind === 'json') await outputAsJson(auditLogs.results, orgSlug, logType, page, perPage);else if (outputKind === 'markdown') await outputAsMarkdown(auditLogs.results, orgSlug, logType, page, perPage);else await outputAsPrint(auditLogs.results, orgSlug, logType);
+}
+async function fetchAuditLogWithToken(apiToken, {
+  logType,
+  orgSlug,
+  outputKind,
+  page,
+  perPage
+}) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start(`Looking up audit log for ${orgSlug}`);
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, {
+    // I'm not sure this is used at all.
+    outputJson: String(outputKind === 'json'),
+    // I'm not sure this is used at all.
+    outputMarkdown: String(outputKind === 'markdown'),
+    orgSlug,
+    type: logType,
+    page: String(page),
+    per_page: String(perPage)
+  }), `Looking up audit log for ${orgSlug}\n`);
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('getAuditLogEvents', result);
+    return;
+  }
+  spinner.stop();
+  return result.data;
+}
+
+async function outputAuditLog(auditLogs, {
+  logType,
+  orgSlug,
+  outputKind,
+  page,
+  perPage
+}) {
+  if (outputKind === 'json') {
+    await outputAsJson(auditLogs.results, orgSlug, logType, page, perPage);
+  } else if (outputKind === 'markdown') {
+    await outputAsMarkdown(auditLogs.results, orgSlug, logType, page, perPage);
+  } else {
+    await outputAsPrint(auditLogs.results, orgSlug, logType);
+  }
 }
 async function outputAsJson(auditLogs, orgSlug, logType, page, perPage) {
   let json;
@@ -879,36 +926,29 @@ async function outputAsPrint(auditLogs, orgSlug, logType) {
     pageSize: 30
   })]);
 }
-async function getAuditLogWithToken({
-  apiToken,
+
+async function handleAuditLog({
   logType,
   orgSlug,
   outputKind,
   page,
   perPage
 }) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  spinner.start(`Looking up audit log for ${orgSlug}`);
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, {
-    // I'm not sure this is used at all.
-    outputJson: String(outputKind === 'json'),
-    // I'm not sure this is used at all.
-    outputMarkdown: String(outputKind === 'markdown'),
+  const auditLogs = await fetchAuditLog({
     orgSlug,
-    type: logType,
-    page: String(page),
-    per_page: String(perPage)
-  }), `Looking up audit log for ${orgSlug}\n`);
-  if (!result.success) {
-    handleUnsuccessfulApiResponse('getAuditLogEvents', result);
-    return;
-  }
-  spinner.stop();
-  return result.data;
+    outputKind,
+    page,
+    perPage,
+    logType
+  });
+  if (!auditLogs) return;
+  await outputAuditLog(auditLogs, {
+    logType,
+    orgSlug,
+    outputKind,
+    page,
+    perPage
+  });
 }
 
 const {
@@ -992,7 +1032,7 @@ async function run$B(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$A);
     return;
   }
-  await getAuditLog({
+  await handleAuditLog({
     orgSlug,
     outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
     page: Number(page || 0),
@@ -1251,36 +1291,60 @@ async function run$A(argv, importMeta, {
   await runCycloneDX(yargv);
 }
 
-// @ts-ignore
-async function findDependencies({
+async function fetchDependencies({
   limit,
-  offset,
-  outputJson
+  offset
 }) {
   const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
+  return await fetchDependenciesWithToken(apiToken, {
+    limit,
+    offset
+  });
+}
+async function fetchDependenciesWithToken(apiToken, {
+  limit,
+  offset
+}) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Searching dependencies...');
+  spinner.start('Fetching organization dependencies...');
   const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.searchDependencies({
     limit,
     offset
   }), 'Searching dependencies');
+  spinner?.successAndStop('Received organization dependencies response.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('searchDependencies', result);
     return;
   }
-  spinner.stop('Organization dependencies:');
-  if (outputJson) {
-    logger.logger.log(result.data);
+  return result.data;
+}
+
+// @ts-ignore
+async function outputDependencies(data, {
+  limit,
+  offset,
+  outputKind
+}) {
+  if (outputKind === 'json') {
+    let json;
+    try {
+      json = JSON.stringify(data, null, 2);
+    } catch (e) {
+      process.exitCode = 1;
+      logger.logger.fail('There was a problem converting the data to JSON, please try without the `--json` flag');
+      return;
+    }
+    logger.logger.log(json);
     return;
   }
-  logger.logger.log('Request details: Offset:', offset, ', limit:', limit, ', is there more data after this?', result.data.end ? 'no' : 'yes');
+  logger.logger.log('Request details: Offset:', offset, ', limit:', limit, ', is there more data after this?', data.end ? 'no' : 'yes');
   const options = {
     columns: [{
       field: 'namespace',
@@ -1305,7 +1369,24 @@ async function findDependencies({
       name: colors.cyan('Direct')
     }]
   };
-  logger.logger.log(chalkTable(options, result.data.rows));
+  logger.logger.log(chalkTable(options, data.rows));
+}
+
+async function handleDependencies({
+  limit,
+  offset,
+  outputKind
+}) {
+  const data = await fetchDependencies({
+    limit,
+    offset
+  });
+  if (!data) return;
+  await outputDependencies(data, {
+    limit,
+    offset,
+    outputKind
+  });
 }
 
 const {
@@ -1356,70 +1437,71 @@ async function run$z(argv, importMeta, {
     importMeta,
     parentName
   });
+  const {
+    json,
+    limit,
+    markdown,
+    offset
+  } = cli.flags;
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$y);
     return;
   }
-
-  // TODO: markdown flag is ignored
-  await findDependencies({
-    limit: Number(cli.flags['limit'] || 0) || 0,
-    offset: Number(cli.flags['offset'] || 0) || 0,
-    outputJson: Boolean(cli.flags['json'])
+  await handleDependencies({
+    limit: Number(limit || 0) || 0,
+    offset: Number(offset || 0) || 0,
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'text'
   });
 }
 
-async function getDiffScan({
+async function fetchDiffScan({
   after,
   before,
-  depth,
-  file,
-  orgSlug,
-  outputJson
+  orgSlug
 }) {
   const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await getDiffScanWithToken({
+  return await fetchDiffScanWithToken(apiToken, {
     after,
     before,
-    depth,
-    file,
-    orgSlug,
-    outputJson,
-    apiToken
+    orgSlug
   });
 }
-async function getDiffScanWithToken({
+async function fetchDiffScanWithToken(apiToken, {
   after,
-  apiToken,
   before,
-  depth,
-  file,
-  orgSlug,
-  outputJson
+  orgSlug
 }) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Getting diff scan...');
+  spinner.start('Fetching diff-scan...');
   const response = await queryAPI(`orgs/${orgSlug}/full-scans/diff?before=${encodeURIComponent(before)}&after=${encodeURIComponent(after)}`, apiToken);
+  spinner?.successAndStop('Received diff-scan response');
   if (!response.ok) {
     const err = await handleAPIError(response.status);
     spinner.errorAndStop(`${colors.bgRed(colors.white(response.statusText))}: ${err}`);
     return;
   }
   const result = await handleApiCall(await response.json(), 'Deserializing json');
-  spinner.stop();
-  const dashboardUrl = result?.['diff_report_url'];
+  return result;
+}
+
+async function outputDiffScan(result, {
+  depth,
+  file,
+  outputKind
+}) {
+  const dashboardUrl = result.diff_report_url;
   const dashboardMessage = dashboardUrl ? `\n View this diff scan in the Socket dashboard: ${colors.cyan(dashboardUrl)}` : '';
 
   // When forcing json, or dumping to file, serialize to string such that it
   // won't get truncated. The only way to dump the full raw JSON to stdout is
   // to use `--json --file -` (the dash is a standard notation for stdout)
-  if (outputJson || file) {
+  if (outputKind === 'json' || file) {
     let json;
     try {
       json = JSON.stringify(result, null, 2);
@@ -1464,6 +1546,27 @@ async function getDiffScanWithToken({
   logger.logger.log(dashboardMessage);
 }
 
+async function handleDiffScan({
+  after,
+  before,
+  depth,
+  file,
+  orgSlug,
+  outputKind
+}) {
+  const data = await fetchDiffScan({
+    after,
+    before,
+    orgSlug
+  });
+  if (!data) return;
+  await outputDiffScan(data, {
+    depth,
+    file,
+    outputKind
+  });
+}
+
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$x
 } = constants;
@@ -1532,8 +1635,14 @@ async function run$y(argv, importMeta, {
     importMeta,
     parentName
   });
-  const before = String(cli.flags['before'] || '');
-  const after = String(cli.flags['after'] || '');
+  const {
+    after,
+    before,
+    depth,
+    file,
+    json,
+    markdown
+  } = cli.flags;
   const [orgSlug = ''] = cli.input;
   if (!before || !after || cli.input.length < 1) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
@@ -1551,13 +1660,13 @@ async function run$y(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$x);
     return;
   }
-  await getDiffScan({
-    outputJson: Boolean(cli.flags['json']),
-    before,
-    after,
-    depth: Number(cli.flags['depth']),
+  await handleDiffScan({
+    before: String(before || ''),
+    after: String(after || ''),
+    depth: Number(depth),
     orgSlug,
-    file: String(cli.flags['file'] || '')
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'text',
+    file: String(file || '')
   });
 }
 
@@ -1696,11 +1805,17 @@ async function npmFix(_pkgEnvDetails, cwd, options) {
 
 async function getAlertsMapFromPnpmLockfile(lockfile, options) {
   const {
+    include: _include,
     spinner
   } = {
     __proto__: null,
     ...options
   };
+  const include = {
+    __proto__: null,
+    unfixable: true,
+    ..._include
+  };
   const depTypes = lockfile_detectDepTypes.detectDepTypes(lockfile);
   const pkgIds = Object.keys(depTypes);
   let {
@@ -1712,12 +1827,23 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options) {
   }
   const getText = () => `Looking up data for ${remaining} packages`;
   spinner?.start(getText());
+  const socketSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
   const toAlertsMapOptions = {
     overrides: lockfile.overrides,
     ...options
   };
-  for await (const artifact of shadowNpmInject.batchScan(pkgIds)) {
-    await shadowNpmInject.addArtifactToAlertsMap(artifact, alertsByPkgId, toAlertsMapOptions);
+  for await (const batchPackageFetchResult of socketSdk.batchPackageStream({
+    alerts: 'true',
+    compact: 'true',
+    fixable: include.unfixable ? 'false' : 'true'
+  }, {
+    components: pkgIds.map(id => ({
+      purl: `pkg:npm/${id}`
+    }))
+  })) {
+    if (batchPackageFetchResult.success) {
+      await shadowNpmInject.addArtifactToAlertsMap(batchPackageFetchResult.data, alertsByPkgId, toAlertsMapOptions);
+    }
     remaining -= 1;
     if (spinner && remaining > 0) {
       spinner.start();
@@ -2304,10 +2430,17 @@ async function run$x(argv, importMeta, {
   await runFix();
 }
 
-async function fetchPackageInfo$1(pkgName, pkgVersion, includeAllIssues) {
+async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
   const socketSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
+
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start(pkgVersion === 'latest' ? `Looking up data for the latest version of ${pkgName}` : `Looking up data for version ${pkgVersion} of ${pkgName}`);
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package');
   const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score');
+  spinner.successAndStop('Data fetched');
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result);
   }
@@ -2333,7 +2466,7 @@ function formatScore$1(score) {
   }
   return colors.red(`${score}`);
 }
-function logPackageIssuesDetails(packageData, outputMarkdown) {
+function outputPackageIssuesDetails(packageData, outputMarkdown) {
   const issueDetails = packageData.filter(d => d.value?.severity === shadowNpmInject.SEVERITY.critical || d.value?.severity === shadowNpmInject.SEVERITY.high);
   const uniqueIssueDetails = issueDetails.reduce((acc, issue) => {
     const {
@@ -2364,7 +2497,7 @@ function logPackageIssuesDetails(packageData, outputMarkdown) {
     }
   }
 }
-function logPackageInfo$1({
+function outputPackageInfo({
   data,
   score,
   severityCount
@@ -2402,7 +2535,7 @@ function logPackageInfo$1({
       logger.logger.log('# Issues\n');
     }
     logger.logger.log(`Package has these issues: ${shadowNpmInject.formatSeverityCount(severityCount)}\n`);
-    logPackageIssuesDetails(data, outputKind === 'markdown');
+    outputPackageIssuesDetails(data, outputKind === 'markdown');
   } else {
     logger.logger.log('Package has no issues');
   }
@@ -2425,7 +2558,7 @@ function logPackageInfo$1({
   }
 }
 
-async function getPackageInfo({
+async function handlePackageInfo({
   commandName,
   includeAllIssues,
   outputKind,
@@ -2433,15 +2566,9 @@ async function getPackageInfo({
   pkgVersion,
   strict
 }) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  spinner.start(pkgVersion === 'latest' ? `Looking up data for the latest version of ${pkgName}` : `Looking up data for version ${pkgVersion} of ${pkgName}`);
-  const packageData = await fetchPackageInfo$1(pkgName, pkgVersion, includeAllIssues);
-  spinner.successAndStop('Data fetched');
+  const packageData = await fetchPackageInfo(pkgName, pkgVersion, includeAllIssues);
   if (packageData) {
-    logPackageInfo$1(packageData, {
+    outputPackageInfo(packageData, {
       name: commandName,
       outputKind,
       pkgName,
@@ -2516,7 +2643,7 @@ async function run$w(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$v);
     return;
   }
-  await getPackageInfo({
+  await handlePackageInfo({
     commandName: `${parentName} ${config$w.commandName}`,
     includeAllIssues: Boolean(all),
     outputKind: json ? 'json' : markdown ? 'markdown' : 'print',
@@ -4406,29 +4533,35 @@ async function run$l(argv, importMeta, {
   await applyOptimization(cwd, Boolean(cli.flags['pin']), Boolean(cli.flags['prod']));
 }
 
-async function getOrganization(format = 'text') {
+async function fetchOrganization() {
   const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await printOrganizationsFromToken(apiToken, format);
+  return await fetchOrganizationWithToken(apiToken);
 }
-async function printOrganizationsFromToken(apiToken, format = 'text') {
+async function fetchOrganizationWithToken(apiToken) {
+  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Fetching organizations...');
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  spinner.start('Fetching organization list...');
   const result = await handleApiCall(socketSdk.getOrganizations(), 'looking up organizations');
+  spinner.successAndStop('Received organization list response.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrganizations', result);
     return;
   }
-  spinner.stop();
-  const organizations = Object.values(result.data.organizations);
-  const lastFiveOfApiToken = getLastFiveOfApiToken(apiToken);
-  switch (format) {
+  return result.data;
+}
+
+async function outputOrganizationList(data, outputKind = 'text') {
+  const organizations = Object.values(data.organizations);
+  const apiToken = shadowNpmInject.getDefaultToken();
+  const lastFiveOfApiToken = getLastFiveOfApiToken(apiToken ?? '?????');
+  switch (outputKind) {
     case 'json':
       {
         logger.logger.log(JSON.stringify(organizations.map(o => ({
@@ -4473,6 +4606,12 @@ async function printOrganizationsFromToken(apiToken, format = 'text') {
   }
 }
 
+async function handleOrganizationList(outputKind = 'text') {
+  const data = await fetchOrganization();
+  if (!data) return;
+  await outputOrganizationList(data, outputKind);
+}
+
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$k
 } = constants;
@@ -4524,48 +4663,63 @@ ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields
     logger.logger.log(DRY_RUN_BAIL_TEXT$k);
     return;
   }
-  await getOrganization(json ? 'json' : markdown ? 'markdown' : 'text');
+  await handleOrganizationList(json ? 'json' : markdown ? 'markdown' : 'text');
 }
 
-async function getSecurityPolicy(orgSlug, format) {
+async function fetchSecurityPolicy(orgSlug) {
   const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await getSecurityPolicyWithToken(apiToken, orgSlug, format);
+  return await fetchSecurityPolicyWithToken(apiToken, orgSlug);
 }
-async function getSecurityPolicyWithToken(apiToken, orgSlug, format) {
+async function fetchSecurityPolicyWithToken(apiToken, orgSlug) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Fetching organization quota...');
   const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  spinner.start('Fetching organization quota...');
   const result = await handleApiCall(socketSdk.getOrgSecurityPolicy(orgSlug), 'looking up organization quota');
+  spinner?.successAndStop('Received organization quota response.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgSecurityPolicy', result);
     return;
   }
-  spinner.stop();
-  switch (format) {
-    case 'json':
-      {
-        logger.logger.log(JSON.stringify(result.data, null, 2));
-        return;
-      }
-    default:
-      {
-        logger.logger.log('# Security policy\n');
-        logger.logger.log(`The default security policy setting is: "${result.data.securityPolicyDefault}"\n`);
-        logger.logger.log('These are the security policies per setting for your organization:\n');
-        const data = result.data;
-        const rules = data.securityPolicyRules;
-        const entries = Object.entries(rules);
-        const mapped = entries.map(([key, value]) => [key, value.action]);
-        mapped.sort(([a], [b]) => a < b ? -1 : a > b ? 1 : 0);
-        logger.logger.log(mdTableOfPairs(mapped, ['name', 'action']));
-      }
+  return result.data;
+}
+
+async function getSecurityPolicy(data, outputKind) {
+  if (outputKind === 'json') {
+    let json;
+    try {
+      json = JSON.stringify(data, null, 2);
+    } catch {
+      console.error('Failed to convert the server response to json, try running the same command without --json');
+      return;
+    }
+    logger.logger.log(json);
+    logger.logger.log('');
+    return;
   }
+  logger.logger.log('# Security policy');
+  logger.logger.log('');
+  logger.logger.log(`The default security policy setting is: "${data.securityPolicyDefault}"`);
+  logger.logger.log('');
+  logger.logger.log('These are the security policies per setting for your organization:');
+  logger.logger.log('');
+  const rules = data.securityPolicyRules;
+  const entries = Object.entries(rules);
+  const mapped = entries.map(([key, value]) => [key, value.action]);
+  mapped.sort(([a], [b]) => a < b ? -1 : a > b ? 1 : 0);
+  logger.logger.log(mdTableOfPairs(mapped, ['name', 'action']));
+  logger.logger.log('');
+}
+
+async function handleSecurityPolicy(orgSlug, outputKind) {
+  const data = await fetchSecurityPolicy(orgSlug);
+  if (!data) return;
+  await getSecurityPolicy(data, outputKind);
 }
 
 const {
@@ -4630,7 +4784,7 @@ ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields
     logger.logger.log(DRY_RUN_BAIL_TEXT$j);
     return;
   }
-  await getSecurityPolicy(orgSlug, json ? 'json' : markdown ? 'markdown' : 'text');
+  await handleSecurityPolicy(orgSlug, json ? 'json' : markdown ? 'markdown' : 'text');
 }
 
 const description$5 = 'Organization policy details';
@@ -4657,45 +4811,57 @@ const cmdOrganizationPolicy = {
   }
 };
 
-async function getQuota(format = 'text') {
+async function fetchQuota() {
   const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await getQuotaWithToken(apiToken, format);
+  return await fetchQuotaWithToken(apiToken);
 }
-async function getQuotaWithToken(apiToken, format = 'text') {
+async function fetchQuotaWithToken(apiToken) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Fetching organization quota...');
   const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  spinner.start('Fetching organization quota...');
   const result = await handleApiCall(socketSdk.getQuota(), 'looking up organization quota');
+  spinner?.successAndStop('Recieved organization quota response.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getQuota', result);
     return;
   }
-  spinner.stop();
-  switch (format) {
-    case 'json':
-      {
-        logger.logger.log(JSON.stringify({
-          quota: result.data.quota
-        }, null, 2));
-        return;
-      }
-    case 'markdown':
-      {
-        logger.logger.log('# Quota\n');
-        logger.logger.log(`Quota left on the current API token: ${result.data.quota}\n`);
-        return;
-      }
-    default:
-      {
-        logger.logger.log(`Quota left on the current API token: ${result.data.quota}\n`);
-      }
+  return result.data;
+}
+
+async function outputQuota(data, outputKind = 'text') {
+  if (outputKind === 'json') {
+    let json;
+    try {
+      json = JSON.stringify(data, null, 2);
+    } catch {
+      console.error('Failed to convert the server response to json, try running the same command without --json');
+      return;
+    }
+    logger.logger.log(json);
+    logger.logger.log('');
+    return;
   }
+  if (outputKind === 'markdown') {
+    logger.logger.log('# Quota');
+    logger.logger.log('');
+    logger.logger.log(`Quota left on the current API token: ${data.quota}`);
+    logger.logger.log('');
+    return;
+  }
+  logger.logger.log(`Quota left on the current API token: ${data.quota}`);
+  logger.logger.log('');
+}
+
+async function handleQuota(outputKind = 'text') {
+  const data = await fetchQuota();
+  if (!data) return;
+  await outputQuota(data, outputKind);
 }
 
 const {
@@ -4749,7 +4915,7 @@ ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields
     logger.logger.log(DRY_RUN_BAIL_TEXT$i);
     return;
   }
-  await getQuota(json ? 'json' : markdown ? 'markdown' : 'text');
+  await handleQuota(json ? 'json' : markdown ? 'markdown' : 'text');
 }
 
 const description$4 = 'Account details';
@@ -4778,68 +4944,15 @@ const cmdOrganization = {
   }
 };
 
-// Either an ecosystem was given or all args must be (namespaced) purls
-// The `pkg:` part is optional here. We'll scan for `eco/name@version`.
-// Not hardcoding the namespace since we don't know what the server accepts.
-// The ecosystem is considered as the first package if it is not an a-z string.
-function parsePackageSpecifiers(ecosystem, pkgs) {
-  let valid = true;
-  const purls = [];
-  if (!ecosystem) {
-    valid = false;
-  } else if (/^[a-zA-Z]+$/.test(ecosystem)) {
-    for (let i = 0; i < pkgs.length; ++i) {
-      const pkg = pkgs[i] ?? '';
-      if (!pkg) {
-        valid = false;
-        break;
-      } else if (pkg.startsWith('pkg:')) {
-        // keep
-        purls.push(pkg);
-      } else if (pkg.includes('/')) {
-        // Looks like this arg was already namespaced
-        purls.push('pkg:' + pkg);
-      } else {
-        purls.push('pkg:' + ecosystem + '/' + pkg);
-      }
-    }
-    if (!purls.length) {
-      valid = false;
-    }
-  } else {
-    // Assume ecosystem is a purl, too
-    pkgs.unshift(ecosystem);
-    for (let i = 0; i < pkgs.length; ++i) {
-      const pkg = pkgs[i] ?? '';
-      if (!/^(?:pkg:)?[a-zA-Z]+\/./.test(pkg)) {
-        // At least one purl did not start with `pkg:eco/x` or `eco/x`
-        valid = false;
-        break;
-      } else if (pkg.startsWith('pkg:')) {
-        purls.push(pkg);
-      } else {
-        purls.push('pkg:' + pkg);
-      }
-    }
-    if (!purls.length) {
-      valid = false;
-    }
-  }
-  return {
-    purls,
-    valid
-  };
-}
-
-async function fetchPackageInfo(purls) {
-  const socketSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
+async function fetchPurlsShallowScore(purls) {
+  logger.logger.error(`Requesting shallow score data for ${purls.length} package urls (purl): ${purls.join(', ')}`);
 
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  logger.logger.error(`Requesting shallow score data for ${purls.length} package urls (purl): ${purls.join(', ')}`);
   spinner.start(`Requesting data ...`);
+  const socketSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
   const result = await handleApiCall(socketSdk.batchPackageFetch({
     alerts: 'true'
     // compact: false,
@@ -4854,12 +4967,11 @@ async function fetchPackageInfo(purls) {
   spinner.successAndStop('Request completed');
   if (result.success) {
     return result;
-  } else {
-    handleUnsuccessfulApiResponse('batchPackageFetch', result);
   }
+  handleUnsuccessfulApiResponse('batchPackageFetch', result);
 }
 
-function logPackageInfo(purls, packageData, outputKind) {
+function outputPurlsShallowScore(purls, packageData, outputKind) {
   if (outputKind === 'json') {
     // In JSON simply return what the server responds with. Don't bother trying
     // to match the response with the requested packages/purls.
@@ -4939,14 +5051,67 @@ function getAlertString(alerts, noColor = false) {
   }
 }
 
-async function showPurlInfo({
+async function handlePurlsShallowScore({
   outputKind,
   purls
 }) {
-  const packageData = await fetchPackageInfo(purls);
+  const packageData = await fetchPurlsShallowScore(purls);
   if (packageData) {
-    logPackageInfo(purls, packageData.data, outputKind);
+    outputPurlsShallowScore(purls, packageData.data, outputKind);
+  }
+}
+
+// Either an ecosystem was given or all args must be (namespaced) purls
+// The `pkg:` part is optional here. We'll scan for `eco/name@version`.
+// Not hardcoding the namespace since we don't know what the server accepts.
+// The ecosystem is considered as the first package if it is not an a-z string.
+function parsePackageSpecifiers(ecosystem, pkgs) {
+  let valid = true;
+  const purls = [];
+  if (!ecosystem) {
+    valid = false;
+  } else if (/^[a-zA-Z]+$/.test(ecosystem)) {
+    for (let i = 0; i < pkgs.length; ++i) {
+      const pkg = pkgs[i] ?? '';
+      if (!pkg) {
+        valid = false;
+        break;
+      } else if (pkg.startsWith('pkg:')) {
+        // keep
+        purls.push(pkg);
+      } else if (pkg.includes('/')) {
+        // Looks like this arg was already namespaced
+        purls.push('pkg:' + pkg);
+      } else {
+        purls.push('pkg:' + ecosystem + '/' + pkg);
+      }
+    }
+    if (!purls.length) {
+      valid = false;
+    }
+  } else {
+    // Assume ecosystem is a purl, too
+    pkgs.unshift(ecosystem);
+    for (let i = 0; i < pkgs.length; ++i) {
+      const pkg = pkgs[i] ?? '';
+      if (!/^(?:pkg:)?[a-zA-Z]+\/./.test(pkg)) {
+        // At least one purl did not start with `pkg:eco/x` or `eco/x`
+        valid = false;
+        break;
+      } else if (pkg.startsWith('pkg:')) {
+        purls.push(pkg);
+      } else {
+        purls.push('pkg:' + pkg);
+      }
+    }
+    if (!purls.length) {
+      valid = false;
+    }
   }
+  return {
+    purls,
+    valid
+  };
 }
 
 const {
@@ -5038,7 +5203,7 @@ async function run$h(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$h);
     return;
   }
-  await showPurlInfo({
+  await handlePurlsShallowScore({
     outputKind: json ? 'json' : markdown ? 'markdown' : 'text',
     purls
   });
@@ -5514,7 +5679,7 @@ const cmdReport = {
   }
 };
 
-async function createRepo({
+async function fetchCreateRepo({
   default_branch,
   description,
   homepage,
@@ -5526,8 +5691,7 @@ async function createRepo({
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await createRepoWithToken({
-    apiToken,
+  return await fetchCreateRepoWithToken(apiToken, {
     default_branch,
     description,
     homepage,
@@ -5536,8 +5700,7 @@ async function createRepo({
     visibility
   });
 }
-async function createRepoWithToken({
-  apiToken,
+async function fetchCreateRepoWithToken(apiToken, {
   default_branch,
   description,
   homepage,
@@ -5549,8 +5712,8 @@ async function createRepoWithToken({
   const {
     spinner
   } = constants;
-  spinner.start('Creating repository...');
   const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  spinner.start('Sending request ot create a repository...');
   const result = await handleApiCall(socketSdk.createOrgRepo(orgSlug, {
     name: repoName,
     description,
@@ -5558,11 +5721,36 @@ async function createRepoWithToken({
     default_branch,
     visibility
   }), 'creating repository');
+  spinner.successAndStop('Received response requesting to create a repository.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('createOrgRepo', result);
     return;
   }
-  spinner.successAndStop('Repository created successfully');
+  return result.data;
+}
+
+async function outputCreateRepo(_data) {
+  logger.logger.success('Repository created successfully');
+}
+
+async function handleCreateRepo({
+  default_branch,
+  description,
+  homepage,
+  orgSlug,
+  repoName,
+  visibility
+}) {
+  const data = await fetchCreateRepo({
+    default_branch,
+    description,
+    homepage,
+    orgSlug,
+    repoName,
+    visibility
+  });
+  if (!data) return;
+  await outputCreateRepo();
 }
 
 const {
@@ -5648,7 +5836,7 @@ async function run$c(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$c);
     return;
   }
-  await createRepo({
+  await handleCreateRepo({
     orgSlug,
     repoName,
     description: String(cli.flags['repoDescription'] || ''),
@@ -5658,7 +5846,7 @@ async function run$c(argv, importMeta, {
   });
 }
 
-async function deleteRepo(orgSlug, repoName) {
+async function handleDeleteRepo(orgSlug, repoName) {
   const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
@@ -5734,14 +5922,12 @@ async function run$b(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$b);
     return;
   }
-  await deleteRepo(orgSlug, repoName);
+  await handleDeleteRepo(orgSlug, repoName);
 }
 
-// @ts-ignore
-async function listRepos({
+async function fetchListRepos({
   direction,
   orgSlug,
-  outputKind,
   page,
   per_page,
   sort
@@ -5750,21 +5936,17 @@ async function listRepos({
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await listReposWithToken({
-    apiToken,
+  return await fetchListReposWithToken(apiToken, {
     direction,
     orgSlug,
-    outputKind,
     page,
     per_page,
     sort
   });
 }
-async function listReposWithToken({
-  apiToken,
+async function fetchListReposWithToken(apiToken, {
   direction,
   orgSlug,
-  outputKind,
   page,
   per_page,
   sort
@@ -5773,28 +5955,33 @@ async function listReposWithToken({
   const {
     spinner
   } = constants;
-  spinner.start('Fetching list of repositories...');
   const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  spinner.start('Fetching list of repositories...');
   const result = await handleApiCall(socketSdk.getOrgRepoList(orgSlug, {
     sort,
     direction,
     per_page: String(per_page),
     page: String(page)
   }), 'listing repositories');
+  spinner.successAndStop('Received response for repository list.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgRepoList', result);
     return;
   }
-  spinner.stop('Fetch complete.');
+  return result.data;
+}
+
+// @ts-ignore
+async function outputListRepos(data, outputKind) {
   if (outputKind === 'json') {
-    const data = result.data.results.map(o => ({
+    const json = data.results.map(o => ({
       id: o.id,
       name: o.name,
       visibility: o.visibility,
       defaultBranch: o.default_branch,
       archived: o.archived
     }));
-    logger.logger.log(JSON.stringify(data, null, 2));
+    logger.logger.log(JSON.stringify(json, null, 2));
     return;
   }
   const options = {
@@ -5815,7 +6002,26 @@ async function listReposWithToken({
       name: colors.magenta('Archived')
     }]
   };
-  logger.logger.log(chalkTable(options, result.data.results));
+  logger.logger.log(chalkTable(options, data.results));
+}
+
+async function handleListRepos({
+  direction,
+  orgSlug,
+  outputKind,
+  page,
+  per_page,
+  sort
+}) {
+  const data = await fetchListRepos({
+    direction,
+    orgSlug,
+    page,
+    per_page,
+    sort
+  });
+  if (!data) return;
+  await outputListRepos(data, outputKind);
 }
 
 const {
@@ -5894,7 +6100,7 @@ async function run$a(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$a);
     return;
   }
-  await listRepos({
+  await handleListRepos({
     direction: cli.flags['direction'] === 'asc' ? 'asc' : 'desc',
     orgSlug,
     outputKind: cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print',
@@ -5904,7 +6110,7 @@ async function run$a(argv, importMeta, {
   });
 }
 
-async function updateRepo({
+async function fetchUpdateRepo({
   default_branch,
   description,
   homepage,
@@ -5916,8 +6122,7 @@ async function updateRepo({
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await updateRepoWithToken({
-    apiToken,
+  return await fetchUpdateRepoWithToken(apiToken, {
     default_branch,
     description,
     homepage,
@@ -5926,8 +6131,7 @@ async function updateRepo({
     visibility
   });
 }
-async function updateRepoWithToken({
-  apiToken,
+async function fetchUpdateRepoWithToken(apiToken, {
   default_branch,
   description,
   homepage,
@@ -5939,7 +6143,7 @@ async function updateRepoWithToken({
   const {
     spinner
   } = constants;
-  spinner.start('Updating repository...');
+  spinner.start('Sending request to update a repository...');
   const socketSdk = await shadowNpmInject.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.updateOrgRepo(orgSlug, repoName, {
     orgSlug,
@@ -5949,11 +6153,36 @@ async function updateRepoWithToken({
     default_branch,
     visibility
   }), 'updating repository');
+  spinner.successAndStop('Received response trying to update a repository');
   if (!result.success) {
     handleUnsuccessfulApiResponse('updateOrgRepo', result);
     return;
   }
-  spinner.successAndStop('Repository updated successfully');
+  return result.data;
+}
+
+async function outputUpdateRepo(_data) {
+  logger.logger.success('Repository updated successfully');
+}
+
+async function handleUpdateRepo({
+  default_branch,
+  description,
+  homepage,
+  orgSlug,
+  repoName,
+  visibility
+}) {
+  const data = await fetchUpdateRepo({
+    default_branch,
+    description,
+    homepage,
+    orgSlug,
+    repoName,
+    visibility
+  });
+  if (!data) return;
+  await outputUpdateRepo();
 }
 
 const {
@@ -6041,7 +6270,7 @@ async function run$9(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$9);
     return;
   }
-  await updateRepo({
+  await handleUpdateRepo({
     orgSlug,
     repoName,
     description: String(cli.flags['repoDescription'] || ''),
@@ -6051,27 +6280,31 @@ async function run$9(argv, importMeta, {
   });
 }
 
-// @ts-ignore
-async function viewRepo(orgSlug, repoName, outputKind) {
+async function fetchViewRepo(orgSlug, repoName) {
   const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await viewRepoWithToken(orgSlug, repoName, apiToken, outputKind);
+  return await fetchViewRepoWithToken(orgSlug, repoName, apiToken);
 }
-async function viewRepoWithToken(orgSlug, repoName, apiToken, outputKind) {
+async function fetchViewRepoWithToken(orgSlug, repoName, apiToken) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Fetching repository data...');
   const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  spinner.start('Fetching repository data...');
   const result = await handleApiCall(socketSdk.getOrgRepo(orgSlug, repoName), 'fetching repository');
+  spinner.successAndStop('Received response while fetched repository data.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgRepo', result);
     return;
   }
-  spinner.stop('Fetched repository data.');
+  return result.data;
+}
+
+// @ts-ignore
+async function outputViewRepo(data, outputKind) {
   if (outputKind === 'json') {
     const {
       archived,
@@ -6081,7 +6314,7 @@ async function viewRepoWithToken(orgSlug, repoName, apiToken, outputKind) {
       id,
       name,
       visibility
-    } = result.data;
+    } = data;
     logger.logger.log(JSON.stringify({
       id,
       name,
@@ -6117,7 +6350,13 @@ async function viewRepoWithToken(orgSlug, repoName, apiToken, outputKind) {
       name: colors.magenta('Created at')
     }]
   };
-  logger.logger.log(chalkTable(options, [result.data]));
+  logger.logger.log(chalkTable(options, [data]));
+}
+
+async function handleViewRepo(orgSlug, repoName, outputKind) {
+  const data = await fetchViewRepo(orgSlug, repoName);
+  if (!data) return;
+  await outputViewRepo(data, outputKind);
 }
 
 const {
@@ -6161,7 +6400,11 @@ async function run$8(argv, importMeta, {
     importMeta,
     parentName
   });
-  const repoName = cli.flags['repoName'];
+  const {
+    json,
+    markdown,
+    repoName
+  } = cli.flags;
   const [orgSlug = ''] = cli.input;
   if (!repoName || typeof repoName !== 'string' || !orgSlug) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
@@ -6181,7 +6424,7 @@ async function run$8(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$8);
     return;
   }
-  await viewRepo(orgSlug, repoName, cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print');
+  await handleViewRepo(orgSlug, repoName, json ? 'json' : markdown ? 'markdown' : 'text');
 }
 
 const description$1 = 'Repositories related commands';
@@ -8212,7 +8455,7 @@ void (async () => {
   await vendor.updater({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: "0.14.64",
+    version: "0.14.65",
     ttl: 86_400_000 /* 24 hours in milliseconds */
   });
   try {
@@ -8279,5 +8522,5 @@ void (async () => {
     await shadowNpmInject.captureException(e);
   }
 })();
-//# debugId=d4abad4f-7d38-443a-9c42-5e600d5d7ba0
+//# debugId=765ca9f4-3784-4e50-beb4-36197117fbea
 //# sourceMappingURL=cli.js.map