@socketsecurity/cli 0.14.65 → 0.14.67

package/dist/require/cli.js

@@ -55,18 +55,18 @@ var tinyglobby = _socketInterop(require('tinyglobby'));
 var promises = require('@socketsecurity/registry/lib/promises');
 var yaml = _socketInterop(require('yaml'));
 var betterAjvErrors = _socketInterop(require('@apideck/better-ajv-errors'));
-var config$D = require('@socketsecurity/config');
-var assert = require('node:assert');
+var config$H = require('@socketsecurity/config');
 var readline = require('node:readline/promises');
 var BoxWidget = _socketInterop(require('blessed/lib/widgets/box'));
 var TableWidget = _socketInterop(require('blessed-contrib/lib/widget/table'));
 var readline$1 = require('node:readline');
 
-function handleUnsuccessfulApiResponse(_name, result) {
-  // SocketSdkErrorType['error'] is not typed.
-  const resultErrorMessage = result.error?.message;
-  const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
-  if (result.status === 401 || result.status === 403) {
+function handleUnsuccessfulApiResponse(_name, sockSdkError) {
+  const message = sockSdkError.error || 'No error message returned';
+  const {
+    status
+  } = sockSdkError;
+  if (status === 401 || status === 403) {
     // Lazily access constants.spinner.
     const {
       spinner
@@ -88,7 +88,7 @@ async function handleApiCall(value, description) {
   }
   return result;
 }
-async function handleAPIError(code) {
+async function handleApiError(code) {
   if (code === 400) {
     return 'One of the options passed might be incorrect.';
   } else if (code === 403) {
@@ -102,22 +102,22 @@ function getLastFiveOfApiToken(token) {
 
 // The API server that should be used for operations.
 function getDefaultApiBaseUrl() {
-  const baseUrl = process$1.env['SOCKET_SECURITY_API_BASE_URL'] || shadowNpmInject.getSetting('apiBaseUrl');
+  const baseUrl = process$1.env['SOCKET_SECURITY_API_BASE_URL'] || shadowNpmInject.getConfigValue('apiBaseUrl');
   return strings.isNonEmptyString(baseUrl) ? baseUrl : undefined;
 }
-async function queryAPI(path, apiToken) {
+async function queryApi(path, apiToken) {
   const API_V0_URL = getDefaultApiBaseUrl();
   return await fetch(`${API_V0_URL}/${path}`, {
     method: 'GET',
     headers: {
-      Authorization: `Basic ${btoa(`${apiToken}:${apiToken}`)}`
+      Authorization: `Basic ${btoa(`${apiToken}:`)}`
     }
   });
 }
 
 async function fetchOrgAnalyticsData(time, spinner, apiToken) {
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getOrgAnalytics(time.toString()), 'fetching analytics data');
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
+  const result = await handleApiCall(sockSdk.getOrgAnalytics(time.toString()), 'fetching analytics data');
   if (result.success === false) {
     handleUnsuccessfulApiResponse('getOrgAnalytics', result);
     return undefined;
@@ -131,8 +131,8 @@ async function fetchOrgAnalyticsData(time, spinner, apiToken) {
 }
 
 async function fetchRepoAnalyticsData(repo, time, spinner, apiToken) {
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getRepoAnalytics(repo, time.toString()), 'fetching analytics data');
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
+  const result = await handleApiCall(sockSdk.getRepoAnalytics(repo, time.toString()), 'fetching analytics data');
   if (result.success === false) {
     handleUnsuccessfulApiResponse('getRepoAnalytics', result);
     return undefined;
@@ -652,9 +652,9 @@ function emitBanner(name) {
 }
 function getAsciiHeader(command) {
   const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION_HASH']".
-  "0.14.65:ace6cae:9b43c652:pub";
+  "0.14.67:a2db5d2:39ede5c0:pub";
   const nodeVersion = process.version;
-  const apiToken = shadowNpmInject.getSetting('apiToken');
+  const apiToken = shadowNpmInject.getConfigValue('apiToken');
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
   const relCwd = path.normalizePath(process.cwd().replace(new RegExp(`^${regexps.escapeRegExp(constants.homePath)}(?:${path$1.sep}|$)`, 'i'), '~/'));
   const body = `
@@ -666,9 +666,9 @@ function getAsciiHeader(command) {
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$B
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$F
 } = constants;
-const config$C = {
+const config$G = {
   commandName: 'analytics',
   description: `Look up analytics data`,
   hidden: false,
@@ -719,16 +719,16 @@ const config$C = {
   `
 };
 const cmdAnalytics = {
-  description: config$C.description,
-  hidden: config$C.hidden,
-  run: run$C
+  description: config$G.description,
+  hidden: config$G.hidden,
+  run: run$G
 };
-async function run$C(argv, importMeta, {
+async function run$G(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$C,
+    config: config$G,
     importMeta,
     parentName
   });
@@ -765,7 +765,7 @@ async function run$C(argv, importMeta, {
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$B);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$F);
     return;
   }
   return await displayAnalytics({
@@ -808,8 +808,8 @@ async function fetchAuditLogWithToken(apiToken, {
     spinner
   } = constants;
   spinner.start(`Looking up audit log for ${orgSlug}`);
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, {
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
+  const result = await handleApiCall(sockSdk.getAuditLogEvents(orgSlug, {
     // I'm not sure this is used at all.
     outputJson: String(outputKind === 'json'),
     // I'm not sure this is used at all.
@@ -952,9 +952,9 @@ async function handleAuditLog({
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$A
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$E
 } = constants;
-const config$B = {
+const config$F = {
   commandName: 'audit-log',
   description: 'Look up the audit log for an organization',
   hidden: false,
@@ -995,16 +995,16 @@ const config$B = {
   `
 };
 const cmdAuditLog = {
-  description: config$B.description,
-  hidden: config$B.hidden,
-  run: run$B
+  description: config$F.description,
+  hidden: config$F.hidden,
+  run: run$F
 };
-async function run$B(argv, importMeta, {
+async function run$F(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$B,
+    config: config$F,
     importMeta,
     parentName
   });
@@ -1029,7 +1029,7 @@ async function run$B(argv, importMeta, {
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$A);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$E);
     return;
   }
   await handleAuditLog({
@@ -1146,7 +1146,7 @@ function isHelpFlag(cmdArg) {
 
 // import { meowOrExit } from '../../utils/meow-with-subcommands'
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$z
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$D
 } = constants;
 
 // TODO: convert yargs to meow. Or convert all the other things to yargs.
@@ -1223,7 +1223,7 @@ const yargsConfig = {
   'yes'],
   string: ['api-key', 'lifecycle', 'output', 'parent-project-id', 'profile', 'project-group', 'project-name', 'project-version', 'project-id', 'server-host', 'server-port', 'server-url', 'spec-version']
 };
-const config$A = {
+const config$E = {
   commandName: 'cdxgen',
   description: 'Create an SBOM with CycloneDX generator (cdxgen)',
   hidden: false,
@@ -1239,18 +1239,18 @@ const config$A = {
   `
 };
 const cmdCdxgen = {
-  description: config$A.description,
-  hidden: config$A.hidden,
-  run: run$A
+  description: config$E.description,
+  hidden: config$E.hidden,
+  run: run$E
 };
-async function run$A(argv, importMeta, {
+async function run$E(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     allowUnknownFlags: true,
     // Don't let meow take over --help.
     argv: argv.filter(a => !isHelpFlag(a)),
-    config: config$A,
+    config: config$E,
     importMeta,
     parentName
   });
@@ -1282,7 +1282,7 @@ async function run$A(argv, importMeta, {
     return;
   }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$z);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$D);
     return;
   }
   if (yargv.output === undefined) {
@@ -1291,212 +1291,611 @@ async function run$A(argv, importMeta, {
   await runCycloneDX(yargv);
 }
 
-async function fetchDependencies({
-  limit,
-  offset
-}) {
-  const apiToken = shadowNpmInject.getDefaultToken();
-  if (!apiToken) {
-    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
-  return await fetchDependenciesWithToken(apiToken, {
-    limit,
-    offset
-  });
-}
-async function fetchDependenciesWithToken(apiToken, {
-  limit,
-  offset
-}) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  spinner.start('Fetching organization dependencies...');
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.searchDependencies({
-    limit,
-    offset
-  }), 'Searching dependencies');
-  spinner?.successAndStop('Received organization dependencies response.');
-  if (!result.success) {
-    handleUnsuccessfulApiResponse('searchDependencies', result);
-    return;
-  }
-  return result.data;
-}
-
-// @ts-ignore
-async function outputDependencies(data, {
-  limit,
-  offset,
-  outputKind
-}) {
+async function outputConfigGet(key, value, outputKind) {
   if (outputKind === 'json') {
-    let json;
-    try {
-      json = JSON.stringify(data, null, 2);
-    } catch (e) {
-      process.exitCode = 1;
-      logger.logger.fail('There was a problem converting the data to JSON, please try without the `--json` flag');
-      return;
-    }
-    logger.logger.log(json);
-    return;
+    logger.logger.log(JSON.stringify({
+      success: true,
+      result: {
+        key,
+        value
+      }
+    }));
+  } else if (outputKind === 'markdown') {
+    logger.logger.log(`# Config Value`);
+    logger.logger.log('');
+    logger.logger.log(`Config key '${key}' has value '${value}`);
+  } else {
+    logger.logger.log(`${key}: ${value}`);
   }
-  logger.logger.log('Request details: Offset:', offset, ', limit:', limit, ', is there more data after this?', data.end ? 'no' : 'yes');
-  const options = {
-    columns: [{
-      field: 'namespace',
-      name: colors.cyan('Namespace')
-    }, {
-      field: 'name',
-      name: colors.cyan('Name')
-    }, {
-      field: 'version',
-      name: colors.cyan('Version')
-    }, {
-      field: 'repository',
-      name: colors.cyan('Repository')
-    }, {
-      field: 'branch',
-      name: colors.cyan('Branch')
-    }, {
-      field: 'type',
-      name: colors.cyan('Type')
-    }, {
-      field: 'direct',
-      name: colors.cyan('Direct')
-    }]
-  };
-  logger.logger.log(chalkTable(options, data.rows));
 }
 
-async function handleDependencies({
-  limit,
-  offset,
+async function handleConfigGet({
+  key,
   outputKind
 }) {
-  const data = await fetchDependencies({
-    limit,
-    offset
-  });
-  if (!data) return;
-  await outputDependencies(data, {
-    limit,
-    offset,
-    outputKind
-  });
+  const value = shadowNpmInject.getConfigValue(key);
+  await outputConfigGet(key, value, outputKind);
 }
 
 const {
-  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$y
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$C
 } = constants;
-const config$z = {
-  commandName: 'dependencies',
-  description: 'Search for any dependency that is being used in your organization',
+const config$D = {
+  commandName: 'get',
+  description: 'Get the value of a local CLI config item',
   hidden: false,
   flags: {
     ...commonFlags,
-    limit: {
-      type: 'number',
-      shortFlag: 'l',
-      default: 50,
-      description: 'Maximum number of dependencies returned'
-    },
-    offset: {
-      type: 'number',
-      shortFlag: 'o',
-      default: 0,
-      description: 'Page number'
-    },
     ...outputFlags
   },
   help: (command, config) => `
     Usage
-      ${command}
+      $ ${command} <org slug>
 
     Options
       ${getFlagListOutput(config.flags, 6)}
 
+    Keys:
+
+${Array.from(shadowNpmInject.supportedConfigKeys.entries()).map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
+
     Examples
-      ${command} --limit 20 --offset 10
+      $ ${command} FakeOrg --repoName=test-repo
   `
 };
-const cmdScanCreate$1 = {
-  description: config$z.description,
-  hidden: config$z.hidden,
-  run: run$z
+const cmdConfigGet = {
+  description: config$D.description,
+  hidden: config$D.hidden,
+  run: run$D
 };
-async function run$z(argv, importMeta, {
+async function run$D(argv, importMeta, {
   parentName
 }) {
   const cli = meowOrExit({
     argv,
-    config: config$z,
+    config: config$D,
     importMeta,
     parentName
   });
   const {
     json,
-    limit,
-    markdown,
-    offset
+    markdown
   } = cli.flags;
+  const [key = ''] = cli.input;
+  if (!shadowNpmInject.supportedConfigKeys.has(key) && key !== 'test') {
+    // Use exit status of 2 to indicate incorrect usage, generally invalid
+    // options or missing arguments.
+    // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
+    process.exitCode = 2;
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Config key should be the first arg ${!key ? colors.red('(missing!)') : !shadowNpmInject.supportedConfigKeys.has(key) ? colors.red('(invalid config key!)') : colors.green('(ok)')}
+    `);
+    return;
+  }
   if (cli.flags['dryRun']) {
-    logger.logger.log(DRY_RUN_BAIL_TEXT$y);
+    logger.logger.log(DRY_RUN_BAIL_TEXT$C);
     return;
   }
-  await handleDependencies({
-    limit: Number(limit || 0) || 0,
-    offset: Number(offset || 0) || 0,
+  await handleConfigGet({
+    key: key,
     outputKind: json ? 'json' : markdown ? 'markdown' : 'text'
   });
 }
 
-async function fetchDiffScan({
-  after,
-  before,
-  orgSlug
+async function outputConfigList({
+  full,
+  outputKind
 }) {
-  const apiToken = shadowNpmInject.getDefaultToken();
-  if (!apiToken) {
-    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  if (outputKind === 'json') {
+    const obj = {};
+    for (const key of shadowNpmInject.supportedConfigKeys.keys()) {
+      let value = shadowNpmInject.getConfigValue(key);
+      if (!full && shadowNpmInject.sensitiveConfigKeys.has(key)) {
+        value = '********';
+      }
+      if (full || value !== undefined) {
+        obj[key] = value ?? '<none>';
+      }
+    }
+    logger.logger.log(JSON.stringify({
+      success: true,
+      full,
+      config: obj
+    }, null, 2));
+  } else {
+    const maxWidth = Array.from(shadowNpmInject.supportedConfigKeys.keys()).reduce((a, b) => Math.max(a, b.length), 0);
+    logger.logger.log('# Local CLI Config');
+    logger.logger.log('');
+    logger.logger.log(`This is the local CLI config (full=${!!full}):`);
+    logger.logger.log('');
+    for (const key of shadowNpmInject.supportedConfigKeys.keys()) {
+      let value = shadowNpmInject.getConfigValue(key);
+      if (!full && shadowNpmInject.sensitiveConfigKeys.has(key)) {
+        value = '********';
+      }
+      if (full || value !== undefined) {
+        logger.logger.log(`- ${key}:${' '.repeat(Math.max(0, maxWidth - key.length + 3))} ${Array.isArray(value) ? value.join(', ') || '<none>' : value ?? '<none>'}`);
+      }
+    }
   }
-  return await fetchDiffScanWithToken(apiToken, {
-    after,
-    before,
-    orgSlug
-  });
 }
-async function fetchDiffScanWithToken(apiToken, {
-  after,
-  before,
-  orgSlug
+
+const {
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$B
+} = constants;
+const config$C = {
+  commandName: 'list',
+  description: 'Show all local CLI config items and their values',
+  hidden: false,
+  flags: {
+    ...commonFlags,
+    ...outputFlags,
+    full: {
+      type: 'boolean',
+      default: false,
+      description: 'Show full tokens in plaintext (unsafe)'
+    }
+  },
+  help: (command, config) => `
+    Usage
+      $ ${command} <org slug>
+
+    Options
+      ${getFlagListOutput(config.flags, 6)}
+
+    Keys:
+
+${Array.from(shadowNpmInject.supportedConfigKeys.entries()).map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
+
+    Examples
+      $ ${command} FakeOrg --repoName=test-repo
+  `
+};
+const cmdConfigList = {
+  description: config$C.description,
+  hidden: config$C.hidden,
+  run: run$C
+};
+async function run$C(argv, importMeta, {
+  parentName
 }) {
-  // Lazily access constants.spinner.
+  const cli = meowOrExit({
+    argv,
+    config: config$C,
+    importMeta,
+    parentName
+  });
   const {
-    spinner
-  } = constants;
-  spinner.start('Fetching diff-scan...');
-  const response = await queryAPI(`orgs/${orgSlug}/full-scans/diff?before=${encodeURIComponent(before)}&after=${encodeURIComponent(after)}`, apiToken);
-  spinner?.successAndStop('Received diff-scan response');
-  if (!response.ok) {
-    const err = await handleAPIError(response.status);
-    spinner.errorAndStop(`${colors.bgRed(colors.white(response.statusText))}: ${err}`);
+    full,
+    json,
+    markdown
+  } = cli.flags;
+  if (cli.flags['dryRun']) {
+    logger.logger.log(DRY_RUN_BAIL_TEXT$B);
     return;
   }
-  const result = await handleApiCall(await response.json(), 'Deserializing json');
-  return result;
+  await outputConfigList({
+    full: !!full,
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'text'
+  });
 }
 
-async function outputDiffScan(result, {
-  depth,
-  file,
-  outputKind
-}) {
-  const dashboardUrl = result.diff_report_url;
-  const dashboardMessage = dashboardUrl ? `\n View this diff scan in the Socket dashboard: ${colors.cyan(dashboardUrl)}` : '';
+async function outputConfigSet(key, _value, outputKind) {
+  if (outputKind === 'json') {
+    logger.logger.log(JSON.stringify({
+      success: true,
+      message: `Config key '${key}' was updated`
+    }));
+  } else if (outputKind === 'markdown') {
+    logger.logger.log(`# Update config`);
+    logger.logger.log('');
+    logger.logger.log(`Config key '${key}' was updated`);
+  } else {
+    logger.logger.log(`OK`);
+  }
+}
+
+async function handleConfigSet({
+  key,
+  outputKind,
+  value
+}) {
+  shadowNpmInject.updateConfigValue(key, value);
+  await outputConfigSet(key, value, outputKind);
+}
+
+const {
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$A
+} = constants;
+const config$B = {
+  commandName: 'set',
+  description: 'Update the value of a local CLI config item',
+  hidden: false,
+  flags: {
+    ...commonFlags,
+    ...outputFlags
+  },
+  help: (command, config) => `
+    Usage
+      $ ${command} <key> <value>
+
+    Options
+      ${getFlagListOutput(config.flags, 6)}
+
+    This is a crude way of updating the local configuration for this CLI tool.
+
+    Note that updating a value here is nothing more than updating a key/value
+    store entry. No validation is happening. The server may reject your config.
+
+    Keys:
+
+${Array.from(shadowNpmInject.supportedConfigKeys.entries()).map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
+
+    Examples
+      $ ${command} apiProxy https://example.com
+  `
+};
+const cmdConfigSet = {
+  description: config$B.description,
+  hidden: config$B.hidden,
+  run: run$B
+};
+async function run$B(argv, importMeta, {
+  parentName
+}) {
+  const cli = meowOrExit({
+    argv,
+    config: config$B,
+    importMeta,
+    parentName
+  });
+  const {
+    json,
+    markdown
+  } = cli.flags;
+  const [key = '', ...rest] = cli.input;
+  const value = rest.join(' ');
+  if (!shadowNpmInject.supportedConfigKeys.has(key) && key !== 'test' || !value) {
+    // Use exit status of 2 to indicate incorrect usage, generally invalid
+    // options or missing arguments.
+    // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
+    process.exitCode = 2;
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Config key should be the first arg ${!key ? colors.red('(missing!)') : !shadowNpmInject.supportedConfigKeys.has(key) ? colors.red('(invalid config key!)') : colors.green('(ok)')}
+
+      - Key value should be the remaining args (use \`del\` to unset a value) ${!value ? colors.red('(missing!)') : colors.green('(ok)')}`);
+    return;
+  }
+  if (cli.flags['dryRun']) {
+    logger.logger.log(DRY_RUN_BAIL_TEXT$A);
+    return;
+  }
+  await handleConfigSet({
+    key: key,
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'text',
+    value
+  });
+}
+
+async function outputConfigUnset(key, outputKind) {
+  if (outputKind === 'json') {
+    logger.logger.log(JSON.stringify({
+      success: true,
+      message: `Config key '${key}' was unset`
+    }));
+  } else if (outputKind === 'markdown') {
+    logger.logger.log(`# Update config`);
+    logger.logger.log('');
+    logger.logger.log(`Config key '${key}' was unset`);
+  } else {
+    logger.logger.log(`OK`);
+  }
+}
+
+async function handleConfigUnset({
+  key,
+  outputKind
+}) {
+  shadowNpmInject.updateConfigValue(key, undefined);
+  await outputConfigUnset(key, outputKind);
+}
+
+const {
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$z
+} = constants;
+const config$A = {
+  commandName: 'unset',
+  description: 'Clear the value of a local CLI config item',
+  hidden: false,
+  flags: {
+    ...commonFlags,
+    ...outputFlags
+  },
+  help: (command, config) => `
+    Usage
+      $ ${command} <org slug>
+
+    Options
+      ${getFlagListOutput(config.flags, 6)}
+
+    Keys:
+
+${Array.from(shadowNpmInject.supportedConfigKeys.entries()).map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
+
+    Examples
+      $ ${command} FakeOrg --repoName=test-repo
+  `
+};
+const cmdConfigUnset = {
+  description: config$A.description,
+  hidden: config$A.hidden,
+  run: run$A
+};
+async function run$A(argv, importMeta, {
+  parentName
+}) {
+  const cli = meowOrExit({
+    argv,
+    config: config$A,
+    importMeta,
+    parentName
+  });
+  const {
+    json,
+    markdown
+  } = cli.flags;
+  const [key = ''] = cli.input;
+  if (!shadowNpmInject.supportedConfigKeys.has(key) && key !== 'test') {
+    // Use exit status of 2 to indicate incorrect usage, generally invalid
+    // options or missing arguments.
+    // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
+    process.exitCode = 2;
+    logger.logger.fail(commonTags.stripIndents`${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
+
+      - Config key should be the first arg ${!key ? colors.red('(missing!)') : !shadowNpmInject.supportedConfigKeys.has(key) ? colors.red('(invalid config key!)') : colors.green('(ok)')}
+    `);
+    return;
+  }
+  if (cli.flags['dryRun']) {
+    logger.logger.log(DRY_RUN_BAIL_TEXT$z);
+    return;
+  }
+  await handleConfigUnset({
+    key: key,
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'text'
+  });
+}
+
+const description$7 = 'Commands related to the local CLI configuration';
+const cmdConfig = {
+  description: description$7,
+  hidden: true,
+  // [beta]
+  async run(argv, importMeta, {
+    parentName
+  }) {
+    await meowWithSubcommands({
+      unset: cmdConfigUnset,
+      get: cmdConfigGet,
+      list: cmdConfigList,
+      set: cmdConfigSet
+    }, {
+      argv,
+      description: description$7,
+      importMeta,
+      name: `${parentName} config`
+    });
+  }
+};
+
+async function fetchDependencies({
+  limit,
+  offset
+}) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  return await fetchDependenciesWithToken(apiToken, {
+    limit,
+    offset
+  });
+}
+async function fetchDependenciesWithToken(apiToken, {
+  limit,
+  offset
+}) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start('Fetching organization dependencies...');
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
+  const result = await handleApiCall(sockSdk.searchDependencies({
+    limit,
+    offset
+  }), 'Searching dependencies');
+  spinner?.successAndStop('Received organization dependencies response.');
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('searchDependencies', result);
+    return;
+  }
+  return result.data;
+}
+
+// @ts-ignore
+async function outputDependencies(data, {
+  limit,
+  offset,
+  outputKind
+}) {
+  if (outputKind === 'json') {
+    let json;
+    try {
+      json = JSON.stringify(data, null, 2);
+    } catch (e) {
+      process.exitCode = 1;
+      logger.logger.fail('There was a problem converting the data to JSON, please try without the `--json` flag');
+      return;
+    }
+    logger.logger.log(json);
+    return;
+  }
+  logger.logger.log('Request details: Offset:', offset, ', limit:', limit, ', is there more data after this?', data.end ? 'no' : 'yes');
+  const options = {
+    columns: [{
+      field: 'namespace',
+      name: colors.cyan('Namespace')
+    }, {
+      field: 'name',
+      name: colors.cyan('Name')
+    }, {
+      field: 'version',
+      name: colors.cyan('Version')
+    }, {
+      field: 'repository',
+      name: colors.cyan('Repository')
+    }, {
+      field: 'branch',
+      name: colors.cyan('Branch')
+    }, {
+      field: 'type',
+      name: colors.cyan('Type')
+    }, {
+      field: 'direct',
+      name: colors.cyan('Direct')
+    }]
+  };
+  logger.logger.log(chalkTable(options, data.rows));
+}
+
+async function handleDependencies({
+  limit,
+  offset,
+  outputKind
+}) {
+  const data = await fetchDependencies({
+    limit,
+    offset
+  });
+  if (!data) return;
+  await outputDependencies(data, {
+    limit,
+    offset,
+    outputKind
+  });
+}
+
+const {
+  DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$y
+} = constants;
+const config$z = {
+  commandName: 'dependencies',
+  description: 'Search for any dependency that is being used in your organization',
+  hidden: false,
+  flags: {
+    ...commonFlags,
+    limit: {
+      type: 'number',
+      shortFlag: 'l',
+      default: 50,
+      description: 'Maximum number of dependencies returned'
+    },
+    offset: {
+      type: 'number',
+      shortFlag: 'o',
+      default: 0,
+      description: 'Page number'
+    },
+    ...outputFlags
+  },
+  help: (command, config) => `
+    Usage
+      ${command}
+
+    Options
+      ${getFlagListOutput(config.flags, 6)}
+
+    Examples
+      ${command} --limit 20 --offset 10
+  `
+};
+const cmdScanCreate$1 = {
+  description: config$z.description,
+  hidden: config$z.hidden,
+  run: run$z
+};
+async function run$z(argv, importMeta, {
+  parentName
+}) {
+  const cli = meowOrExit({
+    argv,
+    config: config$z,
+    importMeta,
+    parentName
+  });
+  const {
+    json,
+    limit,
+    markdown,
+    offset
+  } = cli.flags;
+  if (cli.flags['dryRun']) {
+    logger.logger.log(DRY_RUN_BAIL_TEXT$y);
+    return;
+  }
+  await handleDependencies({
+    limit: Number(limit || 0) || 0,
+    offset: Number(offset || 0) || 0,
+    outputKind: json ? 'json' : markdown ? 'markdown' : 'text'
+  });
+}
+
+async function fetchDiffScan({
+  after,
+  before,
+  orgSlug
+}) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  return await fetchDiffScanWithToken(apiToken, {
+    after,
+    before,
+    orgSlug
+  });
+}
+async function fetchDiffScanWithToken(apiToken, {
+  after,
+  before,
+  orgSlug
+}) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start('Fetching diff-scan...');
+  const response = await queryApi(`orgs/${orgSlug}/full-scans/diff?before=${encodeURIComponent(before)}&after=${encodeURIComponent(after)}`, apiToken);
+  spinner?.successAndStop('Received diff-scan response');
+  if (!response.ok) {
+    const err = await handleApiError(response.status);
+    spinner.errorAndStop(`${colors.bgRed(colors.white(response.statusText))}: ${err}`);
+    return;
+  }
+  const result = await handleApiCall(await response.json(), 'Deserializing json');
+  return result;
+}
+
+async function outputDiffScan(result, {
+  depth,
+  file,
+  outputKind
+}) {
+  const dashboardUrl = result.diff_report_url;
+  const dashboardMessage = dashboardUrl ? `\n View this diff scan in the Socket dashboard: ${colors.cyan(dashboardUrl)}` : '';
 
   // When forcing json, or dumping to file, serialize to string such that it
   // won't get truncated. The only way to dump the full raw JSON to stdout is
@@ -1827,12 +2226,12 @@ async function getAlertsMapFromPnpmLockfile(lockfile, options) {
   }
   const getText = () => `Looking up data for ${remaining} packages`;
   spinner?.start(getText());
-  const socketSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
+  const sockSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
   const toAlertsMapOptions = {
     overrides: lockfile.overrides,
     ...options
   };
-  for await (const batchPackageFetchResult of socketSdk.batchPackageStream({
+  for await (const batchPackageFetchResult of sockSdk.batchPackageStream({
     alerts: 'true',
     compact: 'true',
     fixable: include.unfixable ? 'false' : 'true'
@@ -2431,15 +2830,15 @@ async function run$x(argv, importMeta, {
 }
 
 async function fetchPackageInfo(pkgName, pkgVersion, includeAllIssues) {
-  const socketSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
+  const sockSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
 
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
   spinner.start(pkgVersion === 'latest' ? `Looking up data for the latest version of ${pkgName}` : `Looking up data for version ${pkgVersion} of ${pkgName}`);
-  const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package');
-  const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score');
+  const result = await handleApiCall(sockSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package');
+  const scoreResult = await handleApiCall(sockSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score');
   spinner.successAndStop('Data fetched');
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result);
@@ -2467,7 +2866,7 @@ function formatScore$1(score) {
   return colors.red(`${score}`);
 }
 function outputPackageIssuesDetails(packageData, outputMarkdown) {
-  const issueDetails = packageData.filter(d => d.value?.severity === shadowNpmInject.SEVERITY.critical || d.value?.severity === shadowNpmInject.SEVERITY.high);
+  const issueDetails = packageData.filter(d => d.value?.severity === shadowNpmInject.ALERT_SEVERITY.critical || d.value?.severity === shadowNpmInject.ALERT_SEVERITY.high);
   const uniqueIssueDetails = issueDetails.reduce((acc, issue) => {
     const {
       type
@@ -2654,18 +3053,18 @@ async function run$w(argv, importMeta, {
 }
 
 function applyLogin(apiToken, enforcedOrgs, apiBaseUrl, apiProxy) {
-  shadowNpmInject.updateSetting('enforcedOrgs', enforcedOrgs);
-  shadowNpmInject.updateSetting('apiToken', apiToken);
-  shadowNpmInject.updateSetting('apiBaseUrl', apiBaseUrl);
-  shadowNpmInject.updateSetting('apiProxy', apiProxy);
+  shadowNpmInject.updateConfigValue('enforcedOrgs', enforcedOrgs);
+  shadowNpmInject.updateConfigValue('apiToken', apiToken);
+  shadowNpmInject.updateConfigValue('apiBaseUrl', apiBaseUrl);
+  shadowNpmInject.updateConfigValue('apiProxy', apiProxy);
 }
 
 const {
   SOCKET_PUBLIC_API_TOKEN
 } = constants;
 async function attemptLogin(apiBaseUrl, apiProxy) {
-  apiBaseUrl ??= shadowNpmInject.getSetting('apiBaseUrl') ?? undefined;
-  apiProxy ??= shadowNpmInject.getSetting('apiProxy') ?? undefined;
+  apiBaseUrl ??= shadowNpmInject.getConfigValue('apiBaseUrl') ?? undefined;
+  apiProxy ??= shadowNpmInject.getConfigValue('apiProxy') ?? undefined;
   const apiToken = (await prompts.password({
     message: `Enter your ${terminalLink('Socket.dev API key', 'https://docs.socket.dev/docs/api-keys')} (leave blank for a public key)`
   })) || SOCKET_PUBLIC_API_TOKEN;
@@ -2721,7 +3120,7 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
     }
   }
   spinner.stop();
-  const oldToken = shadowNpmInject.getSetting('apiToken');
+  const oldToken = shadowNpmInject.getConfigValue('apiToken');
   try {
     applyLogin(apiToken, enforcedOrgs, apiBaseUrl, apiProxy);
     logger.logger.success(`API credentials ${oldToken ? 'updated' : 'set'}`);
@@ -2789,10 +3188,10 @@ async function run$v(argv, importMeta, {
 }
 
 function applyLogout() {
-  shadowNpmInject.updateSetting('apiToken', null);
-  shadowNpmInject.updateSetting('apiBaseUrl', null);
-  shadowNpmInject.updateSetting('apiProxy', null);
-  shadowNpmInject.updateSetting('enforcedOrgs', null);
+  shadowNpmInject.updateConfigValue('apiToken', null);
+  shadowNpmInject.updateConfigValue('apiBaseUrl', null);
+  shadowNpmInject.updateConfigValue('apiProxy', null);
+  shadowNpmInject.updateConfigValue('enforcedOrgs', null);
 }
 
 function attemptLogout() {
@@ -4541,14 +4940,14 @@ async function fetchOrganization() {
   return await fetchOrganizationWithToken(apiToken);
 }
 async function fetchOrganizationWithToken(apiToken) {
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
 
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
   spinner.start('Fetching organization list...');
-  const result = await handleApiCall(socketSdk.getOrganizations(), 'looking up organizations');
+  const result = await handleApiCall(sockSdk.getOrganizations(), 'looking up organizations');
   spinner.successAndStop('Received organization list response.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrganizations', result);
@@ -4678,9 +5077,9 @@ async function fetchSecurityPolicyWithToken(apiToken, orgSlug) {
   const {
     spinner
   } = constants;
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
   spinner.start('Fetching organization quota...');
-  const result = await handleApiCall(socketSdk.getOrgSecurityPolicy(orgSlug), 'looking up organization quota');
+  const result = await handleApiCall(sockSdk.getOrgSecurityPolicy(orgSlug), 'looking up organization quota');
   spinner?.successAndStop('Received organization quota response.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgSecurityPolicy', result);
@@ -4823,9 +5222,9 @@ async function fetchQuotaWithToken(apiToken) {
   const {
     spinner
   } = constants;
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
   spinner.start('Fetching organization quota...');
-  const result = await handleApiCall(socketSdk.getQuota(), 'looking up organization quota');
+  const result = await handleApiCall(sockSdk.getQuota(), 'looking up organization quota');
   spinner?.successAndStop('Recieved organization quota response.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getQuota', result);
@@ -4952,8 +5351,8 @@ async function fetchPurlsShallowScore(purls) {
     spinner
   } = constants;
   spinner.start(`Requesting data ...`);
-  const socketSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
-  const result = await handleApiCall(socketSdk.batchPackageFetch({
+  const sockSdk = await shadowNpmInject.setupSdk(shadowNpmInject.getPublicToken());
+  const result = await handleApiCall(sockSdk.batchPackageFetch({
     alerts: 'true'
     // compact: false,
     // fixable: false,
@@ -5354,8 +5753,8 @@ async function createReport(socketConfig, inputPaths, {
   const {
     spinner
   } = constants;
-  const socketSdk = await shadowNpmInject.setupSdk();
-  const supportedFiles = await socketSdk.getReportSupportedFiles().then(res => {
+  const sockSdk = await shadowNpmInject.setupSdk();
+  const supportedFiles = await sockSdk.getReportSupportedFiles().then(res => {
     if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res);
     return res.data;
   }).catch(cause => {
@@ -5363,7 +5762,7 @@ async function createReport(socketConfig, inputPaths, {
       cause
     });
   });
-  const packagePaths = await shadowNpmPaths.getPackageFilesFullScans(cwd, inputPaths, supportedFiles, socketConfig);
+  const packagePaths = await shadowNpmPaths.getPackageFilesForScan(cwd, inputPaths, supportedFiles, socketConfig);
   const packagePathsCount = packagePaths.length;
   if (packagePathsCount && debug.isDebug()) {
     for (const pkgPath of packagePaths) {
@@ -5375,7 +5774,7 @@ async function createReport(socketConfig, inputPaths, {
     return undefined;
   }
   spinner.start(`Creating report with ${packagePathsCount} package ${words.pluralize('file', packagePathsCount)}`);
-  const apiCall = socketSdk.createReportFromFilePaths(packagePaths, cwd, socketConfig?.issueRules);
+  const apiCall = sockSdk.createReportFromFilePaths(packagePaths, cwd, socketConfig?.issueRules);
   const result = await handleApiCall(apiCall, 'creating report');
   if (!result.success) {
     handleUnsuccessfulApiResponse('createReport', result);
@@ -5386,8 +5785,8 @@ async function createReport(socketConfig, inputPaths, {
 }
 
 async function getSocketConfig(absoluteConfigPath) {
-  const socketConfig = await config$D.readSocketConfig(absoluteConfigPath).catch(cause => {
-    if (cause && typeof cause === 'object' && cause instanceof config$D.SocketValidationError) {
+  const socketConfig = await config$H.readSocketConfig(absoluteConfigPath).catch(cause => {
+    if (cause && typeof cause === 'object' && cause instanceof config$H.SocketValidationError) {
       // Inspired by workbox-build:
       // https://github.com/GoogleChrome/workbox/blob/95f97a207fd51efb3f8a653f6e3e58224183a778/packages/workbox-build/src/lib/validate-options.ts#L68-L71
       const betterErrors = betterAjvErrors.betterAjvErrors({
@@ -5415,12 +5814,12 @@ async function fetchReportData$1(reportId, includeAllIssues, strict) {
   } = constants;
   spinner.log('Fetching report with ID ${reportId} (this could take a while)');
   spinner.start(`Fetch started... (this could take a while)`);
-  const socketSdk = await shadowNpmInject.setupSdk();
+  const sockSdk = await shadowNpmInject.setupSdk();
   let result;
   for (let retry = 1; !result; ++retry) {
     try {
       // eslint-disable-next-line no-await-in-loop
-      result = await handleApiCall(socketSdk.getReport(reportId), 'fetching report');
+      result = await handleApiCall(sockSdk.getReport(reportId), 'fetching report');
     } catch (err) {
       if (retry >= MAX_TIMEOUT_RETRY || !(err instanceof Error) || err.cause?.cause?.response?.statusCode !== HTTP_CODE_TIMEOUT) {
         spinner.stop(`Failed to fetch report`);
@@ -5472,7 +5871,7 @@ function formatReportDataOutput(reportId, data, commandName, outputKind, strict,
   }
 }
 
-async function getFullScan(orgSlug, fullScanId) {
+async function fetchScan(orgSlug, scanId) {
   // Lazily access constants.spinner.
   const {
     spinner
@@ -5482,10 +5881,10 @@ async function getFullScan(orgSlug, fullScanId) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   spinner.start('Fetching full-scan...');
-  const response = await queryAPI(`orgs/${orgSlug}/full-scans/${encodeURIComponent(fullScanId)}`, apiToken);
+  const response = await queryApi(`orgs/${orgSlug}/full-scans/${encodeURIComponent(scanId)}`, apiToken);
   spinner.stop('Fetch complete.');
   if (!response.ok) {
-    const err = await handleAPIError(response.status);
+    const err = await handleApiError(response.status);
     logger.logger.fail(`${colors.bgRed(colors.white(response.statusText))}: Fetch error: ${err}`);
     return;
   }
@@ -5511,7 +5910,7 @@ async function viewReport(reportId, {
   strict
 }) {
   const result = await fetchReportData$1(reportId, all, strict);
-  const artifacts = await getFullScan('socketdev', reportId);
+  const artifacts = await fetchScan('socketdev', reportId);
   if (result) {
     formatReportDataOutput(reportId, result, commandName, outputKind, strict, artifacts);
   }
@@ -5712,9 +6111,9 @@ async function fetchCreateRepoWithToken(apiToken, {
   const {
     spinner
   } = constants;
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
   spinner.start('Sending request ot create a repository...');
-  const result = await handleApiCall(socketSdk.createOrgRepo(orgSlug, {
+  const result = await handleApiCall(sockSdk.createOrgRepo(orgSlug, {
     name: repoName,
     description,
     homepage,
@@ -5859,8 +6258,8 @@ async function deleteRepoWithToken(orgSlug, repoName, apiToken) {
     spinner
   } = constants;
   spinner.start('Deleting repository...');
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.deleteOrgRepo(orgSlug, repoName), 'deleting repository');
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
+  const result = await handleApiCall(sockSdk.deleteOrgRepo(orgSlug, repoName), 'deleting repository');
   if (!result.success) {
     handleUnsuccessfulApiResponse('deleteOrgRepo', result);
     return;
@@ -5955,9 +6354,9 @@ async function fetchListReposWithToken(apiToken, {
   const {
     spinner
   } = constants;
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
   spinner.start('Fetching list of repositories...');
-  const result = await handleApiCall(socketSdk.getOrgRepoList(orgSlug, {
+  const result = await handleApiCall(sockSdk.getOrgRepoList(orgSlug, {
     sort,
     direction,
     per_page: String(per_page),
@@ -6144,8 +6543,8 @@ async function fetchUpdateRepoWithToken(apiToken, {
     spinner
   } = constants;
   spinner.start('Sending request to update a repository...');
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.updateOrgRepo(orgSlug, repoName, {
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
+  const result = await handleApiCall(sockSdk.updateOrgRepo(orgSlug, repoName, {
     orgSlug,
     name: repoName,
     description,
@@ -6292,9 +6691,9 @@ async function fetchViewRepoWithToken(orgSlug, repoName, apiToken) {
   const {
     spinner
   } = constants;
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
   spinner.start('Fetching repository data...');
-  const result = await handleApiCall(socketSdk.getOrgRepo(orgSlug, repoName), 'fetching repository');
+  const result = await handleApiCall(sockSdk.getOrgRepo(orgSlug, repoName), 'fetching repository');
   spinner.successAndStop('Received response while fetched repository data.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgRepo', result);
@@ -6448,8 +6847,106 @@ const cmdRepos = {
   }
 };
 
-async function suggestOrgSlug(socketSdk) {
-  const result = await handleApiCall(socketSdk.getOrganizations(), 'looking up organizations');
+async function fetchCreateOrgFullScan(packagePaths, orgSlug, repoName, branchName, commitMessage, defaultBranch, pendingHead, tmp, cwd) {
+  const sockSdk = await shadowNpmInject.setupSdk();
+
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start(`Creating a scan with ${packagePaths.length} packages...`);
+  const result = await handleApiCall(sockSdk.createOrgFullScan(orgSlug, {
+    repo: repoName,
+    branch: branchName,
+    commit_message: commitMessage,
+    make_default_branch: String(defaultBranch),
+    set_as_pending_head: String(pendingHead),
+    tmp: String(tmp)
+  }, packagePaths, cwd), 'Creating scan');
+  spinner.successAndStop('Scan created successfully');
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('CreateOrgFullScan', result);
+    return;
+  }
+  return result.data;
+}
+
+async function fetchSupportedScanFileNames() {
+  const sockSdk = await shadowNpmInject.setupSdk();
+
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  spinner.start('Requesting supported scan file types from API...');
+  const result = await handleApiCall(sockSdk.getReportSupportedFiles(), 'fetching supported scan file types');
+  spinner.successAndStop('Received response while fetched supported scan file types.');
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('getReportSupportedFiles', result);
+    return;
+  }
+  return result.data;
+}
+
+async function outputCreateNewScan(data) {
+  const link = colors.underline(colors.cyan(`${data.html_report_url}`));
+  logger.logger.log(`Available at: ${link}`);
+  const rl = readline.createInterface({
+    input: process$1.stdin,
+    output: process$1.stdout
+  });
+  const answer = await rl.question('Would you like to open it in your browser? (y/n)');
+  if (answer.toLowerCase() === 'y') {
+    await vendor.open(`${data.html_report_url}`);
+  }
+  rl.close();
+}
+
+async function handleCreateNewScan({
+  branchName,
+  commitMessage,
+  cwd,
+  defaultBranch,
+  orgSlug,
+  pendingHead,
+  readOnly,
+  repoName,
+  targets,
+  tmp
+}) {
+  const apiToken = shadowNpmInject.getDefaultToken();
+
+  // Note: you need an apiToken to request supportedScanFileNames from the API
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to create and submit new scans. To log in, run the command `socket login` and enter your API key.');
+  }
+  const supportedFileNames = await fetchSupportedScanFileNames();
+  if (!supportedFileNames) return;
+  const packagePaths = await shadowNpmPaths.getPackageFilesForScan(cwd, targets, supportedFileNames
+  // socketConfig
+  );
+  if (!packagePaths.length) {
+    // Use exit status of 2 to indicate incorrect usage, generally invalid
+    // options or missing arguments.
+    // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
+    process$1.exitCode = 2;
+    logger.logger.fail(commonTags.stripIndents`
+      ${colors.bgRed(colors.white('Input error'))}: The TARGET did not contain any matching / supported files for a scan
+    `);
+    return;
+  }
+  if (readOnly) {
+    logger.logger.log('[ReadOnly] Bailing now');
+    return;
+  }
+  const data = await fetchCreateOrgFullScan(packagePaths, orgSlug, repoName, branchName, commitMessage, defaultBranch, pendingHead, tmp, cwd);
+  if (!data) return;
+  await outputCreateNewScan(data);
+}
+
+async function suggestOrgSlug() {
+  const sockSdk = await shadowNpmInject.setupSdk();
+  const result = await handleApiCall(sockSdk.getOrganizations(), 'looking up organizations');
   // Ignore a failed request here. It was not the primary goal of
   // running this command and reporting it only leads to end-user confusion.
   if (result.success) {
@@ -6470,13 +6967,17 @@ async function suggestOrgSlug(socketSdk) {
     if (proceed) {
       return proceed;
     }
+  } else {
+    logger.logger.fail('Failed to lookup organization list from API, unable to suggest.');
   }
 }
 
-async function suggestRepoSlug(socketSdk, orgSlug) {
+async function suggestRepoSlug(orgSlug) {
+  const sockSdk = await shadowNpmInject.setupSdk();
+
   // Same as above, but if there's a repo with the same name as cwd then
   // default the selection to that name.
-  const result = await handleApiCall(socketSdk.getOrgRepoList(orgSlug, {
+  const result = await handleApiCall(sockSdk.getOrgRepoList(orgSlug, {
     orgSlug,
     sort: 'name',
     direction: 'asc',
@@ -6486,6 +6987,7 @@ async function suggestRepoSlug(socketSdk, orgSlug) {
     perPage: '10',
     page: '0'
   }), 'looking up known repos');
+
   // Ignore a failed request here. It was not the primary goal of
   // running this command and reporting it only leads to end-user confusion.
   if (result.success) {
@@ -6493,7 +6995,7 @@ async function suggestRepoSlug(socketSdk, orgSlug) {
     let cwdIsKnown = !!currentDirName && result.data.results.some(obj => obj.slug === currentDirName);
     if (!cwdIsKnown && currentDirName) {
       // Do an explicit request so we can assert that the cwd exists or not
-      const result = await handleApiCall(socketSdk.getOrgRepo(orgSlug, currentDirName), 'checking if current cwd is a known repo');
+      const result = await handleApiCall(sockSdk.getOrgRepo(orgSlug, currentDirName), 'checking if current cwd is a known repo');
       if (result.success) {
         cwdIsKnown = true;
       }
@@ -6532,203 +7034,64 @@ async function suggestRepoSlug(socketSdk, orgSlug) {
         }
       });
       return {
-        slug: repoName,
-        defaultBranch: repoDefaultBranch
-      };
-    }
-  }
-}
-function dirNameToSlug(name) {
-  // Uses slug specs asserted by our servers
-  // Note: this can lead to collisions; eg. slug for `x--y` and `x---y` is `x-y`
-  return name.toLowerCase().replace(/[^[a-zA-Z0-9_.-]/g, '_').replace(/--+/g, '-').replace(/__+/g, '_').replace(/\.\.+/g, '.').replace(/[._-]+$/, '');
-}
-
-async function suggestBranchSlug(repoDefaultBranch) {
-  const spawnResult = spawn.spawnSync('git', ['branch', '--show-current']);
-  const currentBranch = spawnResult.stdout.toString('utf8').trim();
-  if (currentBranch && spawnResult.status === 0) {
-    const proceed = await prompts.select({
-      message: 'Use the current git branch as target branch name?',
-      choices: [{
-        name: `Yes [${currentBranch}]`,
-        value: currentBranch,
-        description: 'Use the current git branch for branch name'
-      }, ...(repoDefaultBranch && repoDefaultBranch !== currentBranch ? [{
-        name: `No, use the default branch [${repoDefaultBranch}]`,
-        value: repoDefaultBranch,
-        description: 'Use the default branch for target repo as the target branch name'
-      }] : []), {
-        name: 'No',
-        value: '',
-        description: 'Do not use the current git branch as name (will end in a no-op)'
-      }].filter(Boolean)
-    });
-    if (proceed) {
-      return proceed;
-    }
-  }
-}
-
-async function suggestTarget() {
-  // We could prefill this with sub-dirs of the current
-  // dir ... but is that going to be useful?
-  const proceed = await prompts.select({
-    message: 'No TARGET given. Do you want to use the current directory?',
-    choices: [{
-      name: 'Yes',
-      value: true,
-      description: 'Target the current directory'
-    }, {
-      name: 'No',
-      value: false,
-      description: 'Do not use the current directory (this will end in a no-op)'
-    }]
-  });
-  if (proceed) {
-    return ['.'];
-  }
-}
-
-async function createFullScan({
-  branchName,
-  commitHash: _commitHash,
-  commitMessage,
-  committers: _committers,
-  cwd,
-  defaultBranch,
-  orgSlug,
-  pendingHead,
-  pullRequest: _pullRequest,
-  readOnly,
-  repoName,
-  targets,
-  tmp
-}) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  const socketSdk = await shadowNpmInject.setupSdk();
-  const supportedFiles = await socketSdk.getReportSupportedFiles().then(res => {
-    if (!res.success) {
-      handleUnsuccessfulApiResponse('getReportSupportedFiles', res);
-      assert(false, 'handleUnsuccessfulApiResponse should unconditionally throw');
-    }
-    return res.data;
-  }).catch(cause => {
-    throw new Error('Failed getting supported files for report', {
-      cause
-    });
-  });
-
-  // If we updated any inputs then we should print the command line to repeat
-  // the command without requiring user input, as a suggestion.
-  let updatedInput = false;
-  if (!targets.length) {
-    const received = await suggestTarget();
-    targets = received ?? [];
-    updatedInput = true;
-  }
-
-  // // TODO: we'll probably use socket.json or something else soon...
-  // const absoluteConfigPath = path.join(cwd, 'socket.yml')
-  // const socketConfig = await getSocketConfig(absoluteConfigPath)
-
-  const packagePaths = await shadowNpmPaths.getPackageFilesFullScans(cwd, targets, supportedFiles
-  // socketConfig
-  );
-
-  // We're going to need an api token to suggest data because those suggestions
-  // must come from data we already know. Don't error on missing api token yet.
-  // If the api-token is not set, ignore it for the sake of suggestions.
-  const apiToken = shadowNpmInject.getDefaultToken();
-
-  // If the current cwd is unknown and is used as a repo slug anyways, we will
-  // first need to register the slug before we can use it.
-  let repoDefaultBranch = '';
-  if (apiToken) {
-    if (!orgSlug) {
-      const suggestion = await suggestOrgSlug(socketSdk);
-      if (suggestion) orgSlug = suggestion;
-      updatedInput = true;
-    }
-
-    // (Don't bother asking for the rest if we didn't get an org slug above)
-    if (orgSlug && !repoName) {
-      const suggestion = await suggestRepoSlug(socketSdk, orgSlug);
-      if (suggestion) {
-        repoDefaultBranch = suggestion.defaultBranch;
-        repoName = suggestion.slug;
-      }
-      updatedInput = true;
-    }
-
-    // (Don't bother asking for the rest if we didn't get an org/repo above)
-    if (orgSlug && repoName && !branchName) {
-      const suggestion = await suggestBranchSlug(repoDefaultBranch);
-      if (suggestion) branchName = suggestion;
-      updatedInput = true;
+        slug: repoName,
+        defaultBranch: repoDefaultBranch
+      };
     }
+  } else {
+    logger.logger.fail('Failed to lookup repo list from API, unable to suggest.');
   }
-  if (!orgSlug || !repoName || !branchName || !packagePaths.length) {
-    // Use exit status of 2 to indicate incorrect usage, generally invalid
-    // options or missing arguments.
-    // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
-    process$1.exitCode = 2;
-    logger.logger.fail(commonTags.stripIndents`
-      ${colors.bgRed(colors.white('Input error'))}: Please provide the required fields:
-
-      - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
-
-      - Repository name using --repo ${!repoName ? colors.red('(missing!)') : colors.green('(ok)')}
-
-      - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}
-
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!packagePaths.length ? colors.red(targets.length > 0 ? '(TARGET' + (targets.length ? 's' : '') + ' contained no matching/supported files!)' : '(missing)') : colors.green('(ok)')}
+}
+function dirNameToSlug(name) {
+  // Uses slug specs asserted by our servers
+  // Note: this can lead to collisions; eg. slug for `x--y` and `x---y` is `x-y`
+  return name.toLowerCase().replace(/[^[a-zA-Z0-9_.-]/g, '_').replace(/--+/g, '-').replace(/__+/g, '_').replace(/\.\.+/g, '.').replace(/[._-]+$/, '');
+}
 
-      ${!apiToken ? 'Note: was unable to make suggestions because no API Token was found; this would make command fail regardless' : ''}
-      `);
-    return;
-  }
-  if (updatedInput) {
-    logger.logger.log('Note: You can invoke this command next time to skip the interactive questions:');
-    logger.logger.log('```');
-    logger.logger.log(`    socket scan create [other flags...] --repo ${repoName} --branch ${branchName} ${orgSlug} ${targets.join(' ')}`);
-    logger.logger.log('```');
-  }
-  if (!apiToken) {
-    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
-  if (readOnly) {
-    logger.logger.log('[ReadOnly] Bailing now');
-    return;
-  }
-  spinner.start(`Creating a scan with ${packagePaths.length} packages...`);
-  const result = await handleApiCall(socketSdk.createOrgFullScan(orgSlug, {
-    repo: repoName,
-    branch: branchName,
-    commit_message: commitMessage,
-    make_default_branch: String(defaultBranch),
-    set_as_pending_head: String(pendingHead),
-    tmp: String(tmp)
-  }, packagePaths, cwd), 'Creating scan');
-  if (!result.success) {
-    handleUnsuccessfulApiResponse('CreateOrgFullScan', result);
-    return;
+async function suggestBranchSlug(repoDefaultBranch) {
+  const spawnResult = spawn.spawnSync('git', ['branch', '--show-current']);
+  const currentBranch = spawnResult.stdout.toString('utf8').trim();
+  if (currentBranch && spawnResult.status === 0) {
+    const proceed = await prompts.select({
+      message: 'Use the current git branch as target branch name?',
+      choices: [{
+        name: `Yes [${currentBranch}]`,
+        value: currentBranch,
+        description: 'Use the current git branch for branch name'
+      }, ...(repoDefaultBranch && repoDefaultBranch !== currentBranch ? [{
+        name: `No, use the default branch [${repoDefaultBranch}]`,
+        value: repoDefaultBranch,
+        description: 'Use the default branch for target repo as the target branch name'
+      }] : []), {
+        name: 'No',
+        value: '',
+        description: 'Do not use the current git branch as name (will end in a no-op)'
+      }].filter(Boolean)
+    });
+    if (proceed) {
+      return proceed;
+    }
   }
-  spinner.successAndStop('Scan created successfully');
-  const link = colors.underline(colors.cyan(`${result.data.html_report_url}`));
-  logger.logger.log(`Available at: ${link}`);
-  const rl = readline.createInterface({
-    input: process$1.stdin,
-    output: process$1.stdout
+}
+
+async function suggestTarget() {
+  // We could prefill this with sub-dirs of the current
+  // dir ... but is that going to be useful?
+  const proceed = await prompts.select({
+    message: 'No TARGET given. Do you want to use the current directory?',
+    choices: [{
+      name: 'Yes',
+      value: true,
+      description: 'Target the current directory'
+    }, {
+      name: 'No',
+      value: false,
+      description: 'Do not use the current directory (this will end in a no-op)'
+    }]
   });
-  const answer = await rl.question('Would you like to open it in your browser? (y/n)');
-  if (answer.toLowerCase() === 'y') {
-    await vendor.open(`${result.data.html_report_url}`);
+  if (proceed) {
+    return ['.'];
   }
-  rl.close();
 }
 
 const {
@@ -6852,18 +7215,66 @@ async function run$7(argv, importMeta, {
     importMeta,
     parentName
   });
-  const [orgSlug = '', ...targets] = cli.input;
-  const cwd = cli.flags['cwd'] && cli.flags['cwd'] !== 'process.cwd()' ? String(cli.flags['cwd']) : process$1.cwd();
   const {
+    cwd: cwdOverride,
+    dryRun
+  } = cli.flags;
+  const cwd = cwdOverride && cwdOverride !== 'process.cwd()' ? String(cwdOverride) : process$1.cwd();
+  let {
     branch: branchName,
     repo: repoName
   } = cli.flags;
-  const apiToken = shadowNpmInject.getDefaultToken(); // This checks if we _can_ suggest anything
+  let [orgSlug = '', ...targets] = cli.input;
 
-  if (!apiToken && (!orgSlug || !repoName || !branchName || !targets.length)) {
-    // Without api token we cannot recover because we can't request more info
-    // from the server, to match and help with the current cwd/git status.
-    //
+  // We're going to need an api token to suggest data because those suggestions
+  // must come from data we already know. Don't error on missing api token yet.
+  // If the api-token is not set, ignore it for the sake of suggestions.
+  const apiToken = shadowNpmInject.getDefaultToken();
+
+  // If we updated any inputs then we should print the command line to repeat
+  // the command without requiring user input, as a suggestion.
+  let updatedInput = false;
+  if (!targets.length && !dryRun) {
+    const received = await suggestTarget();
+    targets = received ?? [];
+    updatedInput = true;
+  }
+
+  // If the current cwd is unknown and is used as a repo slug anyways, we will
+  // first need to register the slug before we can use it.
+  let repoDefaultBranch = '';
+  // Only do suggestions with an apiToken and when not in dryRun mode
+  if (apiToken && !dryRun) {
+    if (!orgSlug) {
+      const suggestion = await suggestOrgSlug();
+      if (suggestion) orgSlug = suggestion;
+      updatedInput = true;
+    }
+
+    // (Don't bother asking for the rest if we didn't get an org slug above)
+    if (orgSlug && !repoName) {
+      const suggestion = await suggestRepoSlug(orgSlug);
+      if (suggestion) {
+        repoDefaultBranch = suggestion.defaultBranch;
+        repoName = suggestion.slug;
+      }
+      updatedInput = true;
+    }
+
+    // (Don't bother asking for the rest if we didn't get an org/repo above)
+    if (orgSlug && repoName && !branchName) {
+      const suggestion = await suggestBranchSlug(repoDefaultBranch);
+      if (suggestion) branchName = suggestion;
+      updatedInput = true;
+    }
+  }
+  if (updatedInput && repoName && branchName && orgSlug && targets?.length) {
+    logger.logger.error('Note: You can invoke this command next time to skip the interactive questions:');
+    logger.logger.error('```');
+    logger.logger.error(`    socket scan create [other flags...] --repo ${repoName} --branch ${branchName} ${orgSlug} ${targets.join(' ')}`);
+    logger.logger.error('```\n');
+  }
+  if (!orgSlug || !repoName || !branchName || !targets.length) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
@@ -6877,28 +7288,25 @@ async function run$7(argv, importMeta, {
 
       - Branch name using --branch ${!branchName ? colors.red('(missing!)') : colors.green('(ok)')}
 
-      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!targets.length ? '(missing)' : colors.green('(ok)')}
+      - At least one TARGET (e.g. \`.\` or \`./package.json\`) ${!targets.length ? colors.red('(missing)') : colors.green('(ok)')}
 
-      (Additionally, no API Token was set so we cannot auto-discover these details)
+      ${!apiToken ? 'Note: was unable to make suggestions because no API Token was found; this would make the command fail regardless' : ''}
     `);
     return;
   }
 
   // Note exiting earlier to skirt a hidden auth requirement
-  if (cli.flags['dryRun']) {
+  if (dryRun) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$7);
     return;
   }
-  await createFullScan({
+  await handleCreateNewScan({
     branchName: branchName,
-    commitHash: cli.flags['commitHash'] ?? '',
     commitMessage: cli.flags['commitMessage'] ?? '',
-    committers: cli.flags['committers'] ?? '',
     cwd,
     defaultBranch: Boolean(cli.flags['defaultBranch']),
     orgSlug,
     pendingHead: Boolean(cli.flags['pendingHead']),
-    pullRequest: cli.flags['pullRequest'] ?? undefined,
     readOnly: Boolean(cli.flags['readOnly']),
     repoName: repoName,
     targets,
@@ -6906,26 +7314,37 @@ async function run$7(argv, importMeta, {
   });
 }
 
-async function deleteOrgFullScan(orgSlug, fullScanId) {
+async function fetchDeleteOrgFullScan(orgSlug, scanId) {
   const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await deleteOrgFullScanWithToken(orgSlug, fullScanId, apiToken);
+  await fetchDeleteOrgFullScanWithToken(apiToken, orgSlug, scanId);
 }
-async function deleteOrgFullScanWithToken(orgSlug, fullScanId, apiToken) {
+async function fetchDeleteOrgFullScanWithToken(apiToken, orgSlug, scanId) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
-  spinner.start('Deleting scan...');
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.deleteOrgFullScan(orgSlug, fullScanId), 'Deleting scan');
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
+  spinner.start('Requesting the scan to be deleted...');
+  const result = await handleApiCall(sockSdk.deleteOrgFullScan(orgSlug, scanId), 'Deleting scan');
+  spinner.successAndStop('Received response for deleting a scan.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('deleteOrgFullScan', result);
     return;
   }
-  spinner.successAndStop('Scan deleted successfully');
+  return result.data;
+}
+
+async function outputDeleteScan(_data) {
+  logger.logger.success('Scan deleted successfully');
+}
+
+async function handleDeleteScan(orgSlug, scanId) {
+  const data = await fetchDeleteOrgFullScan(orgSlug, scanId);
+  if (!data) return;
+  await outputDeleteScan();
 }
 
 const {
@@ -6964,8 +7383,8 @@ async function run$6(argv, importMeta, {
     importMeta,
     parentName
   });
-  const [orgSlug = '', fullScanId = ''] = cli.input;
-  if (!orgSlug || !fullScanId) {
+  const [orgSlug = '', scanId = ''] = cli.input;
+  if (!orgSlug || !scanId) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
@@ -6974,22 +7393,20 @@ async function run$6(argv, importMeta, {
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
 
-      - Full Scan ID to delete as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}`);
+      - Full Scan ID to delete as second argument ${!scanId ? colors.red('(missing!)') : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$6);
     return;
   }
-  await deleteOrgFullScan(orgSlug, fullScanId);
+  await handleDeleteScan(orgSlug, scanId);
 }
 
-// @ts-ignore
-async function listFullScans({
+async function fetchListScans({
   direction,
   from_time,
   orgSlug,
-  outputKind,
   page,
   per_page,
   sort
@@ -6998,23 +7415,19 @@ async function listFullScans({
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await listFullScansWithToken({
-    apiToken,
+  await fetchListScansWithToken(apiToken, {
     direction,
     from_time,
     orgSlug,
-    outputKind,
     page,
     per_page,
     sort
   });
 }
-async function listFullScansWithToken({
-  apiToken,
+async function fetchListScansWithToken(apiToken, {
   direction,
   from_time,
   orgSlug,
-  outputKind,
   page,
   per_page,
   sort
@@ -7023,22 +7436,27 @@ async function listFullScansWithToken({
   const {
     spinner
   } = constants;
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
   spinner.start('Fetching list of scans...');
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, {
+  const result = await handleApiCall(sockSdk.getOrgFullScanList(orgSlug, {
     sort,
     direction,
     per_page: String(per_page),
     page: String(page),
     from: from_time
   }), 'Listing scans');
+  spinner.successAndStop(`Received response for list of scans.`);
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgFullScanList', result);
     return;
   }
-  spinner.stop(`Fetch complete`);
+  return result.data;
+}
+
+// @ts-ignore
+async function outputListScans(data, outputKind) {
   if (outputKind === 'json') {
-    logger.logger.log(result.data);
+    logger.logger.log(data);
     return;
   }
   const options = {
@@ -7056,7 +7474,7 @@ async function listFullScansWithToken({
       name: colors.magenta('Created at')
     }]
   };
-  const formattedResults = result.data.results.map(d => {
+  const formattedResults = data.results.map(d => {
     return {
       id: d.id,
       report_url: colors.underline(`${d.html_report_url}`),
@@ -7071,6 +7489,27 @@ async function listFullScansWithToken({
   logger.logger.log(chalkTable(options, formattedResults));
 }
 
+async function handleListScans({
+  direction,
+  from_time,
+  orgSlug,
+  outputKind,
+  page,
+  per_page,
+  sort
+}) {
+  const data = await fetchListScans({
+    direction,
+    from_time,
+    orgSlug,
+    page,
+    per_page,
+    sort
+  });
+  if (!data) return;
+  await outputListScans(data, outputKind);
+}
+
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$5
 } = constants;
@@ -7158,7 +7597,7 @@ async function run$5(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$5);
     return;
   }
-  await listFullScans({
+  await handleListScans({
     direction: String(cli.flags['direction'] || ''),
     from_time: String(cli.flags['fromTime'] || ''),
     orgSlug,
@@ -7169,46 +7608,56 @@ async function run$5(argv, importMeta, {
   });
 }
 
-async function getOrgScanMetadata(orgSlug, scanId, outputKind) {
+async function fetchScanMetadata(orgSlug, scanId) {
   const apiToken = shadowNpmInject.getDefaultToken();
   if (!apiToken) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
-  await getOrgScanMetadataWithToken(orgSlug, scanId, apiToken, outputKind);
+  await fetchScanMetadataWithToken(apiToken, orgSlug, scanId);
 }
-async function getOrgScanMetadataWithToken(orgSlug, scanId, apiToken, outputKind) {
+async function fetchScanMetadataWithToken(apiToken, orgSlug, scanId) {
   // Lazily access constants.spinner.
   const {
     spinner
   } = constants;
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
   spinner.start('Fetching meta data for a full scan...');
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const result = await handleApiCall(socketSdk.getOrgFullScanMetadata(orgSlug, scanId), 'Listing scans');
+  const result = await handleApiCall(sockSdk.getOrgFullScanMetadata(orgSlug, scanId), 'Listing scans');
+  spinner.successAndStop('Received response for scan meta data.');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgFullScanMetadata', result);
     return;
   }
-  spinner?.successAndStop('Fetched the meta data\n');
+  return result.data;
+}
+
+async function outputScanMetadata(data, scanId, outputKind) {
   if (outputKind === 'json') {
-    logger.logger.log(result.data);
+    logger.logger.log(data);
   } else {
     // Markdown = print
     if (outputKind === 'markdown') {
       logger.logger.log('# Scan meta data\n');
     }
     logger.logger.log(`Scan ID: ${scanId}\n`);
-    for (const [key, value] of Object.entries(result.data)) {
+    for (const [key, value] of Object.entries(data)) {
       if (['id', 'updated_at', 'organization_id', 'repository_id', 'commit_hash', 'html_report_url'].includes(key)) continue;
       logger.logger.log(`- ${key}:`, value);
     }
     if (outputKind === 'markdown') {
-      logger.logger.log(`\nYou can view this report at: [${result.data.html_report_url}](${result.data.html_report_url})\n`);
+      logger.logger.log(`\nYou can view this report at: [${data.html_report_url}](${data.html_report_url})\n`);
     } else {
-      logger.logger.log(`\nYou can view this report at: ${result.data.html_report_url}]\n`);
+      logger.logger.log(`\nYou can view this report at: ${data.html_report_url}]\n`);
     }
   }
 }
 
+async function handleOrgScanMetadata(orgSlug, scanId, outputKind) {
+  const data = await fetchScanMetadata(orgSlug, scanId);
+  if (!data) return;
+  await outputScanMetadata(data, scanId, outputKind);
+}
+
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$4
 } = constants;
@@ -7245,8 +7694,8 @@ async function run$4(argv, importMeta, {
     importMeta,
     parentName
   });
-  const [orgSlug = '', fullScanId = ''] = cli.input;
-  if (!orgSlug || !fullScanId) {
+  const [orgSlug = '', scanId = ''] = cli.input;
+  if (!orgSlug || !scanId) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
@@ -7255,14 +7704,14 @@ async function run$4(argv, importMeta, {
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
 
-      - Full Scan ID to inspect as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}`);
+      - Full Scan ID to inspect as second argument ${!scanId ? colors.red('(missing!)') : colors.green('(ok)')}`);
     return;
   }
   if (cli.flags['dryRun']) {
     logger.logger.log(DRY_RUN_BAIL_TEXT$4);
     return;
   }
-  await getOrgScanMetadata(orgSlug, fullScanId, cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print');
+  await handleOrgScanMetadata(orgSlug, scanId, cli.flags['json'] ? 'json' : cli.flags['markdown'] ? 'markdown' : 'print');
 }
 
 /**
@@ -7270,7 +7719,7 @@ async function run$4(argv, importMeta, {
  * full scan ID.
  * It can optionally only fetch the security or license side of things.
  */
-async function fetchReportData(orgSlug, fullScanId,
+async function fetchReportData(orgSlug, scanId,
 // includeLicensePolicy: boolean,
 includeSecurityPolicy) {
   let haveScan = false;
@@ -7307,18 +7756,18 @@ includeSecurityPolicy) {
     throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   updateProgress();
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
 
   // @ts-ignore
   const [scan,
   // licensePolicyMaybe,
   securityPolicyMaybe] = await Promise.all([(async () => {
     try {
-      const response = await queryAPI(`orgs/${orgSlug}/full-scans/${encodeURIComponent(fullScanId)}`, apiToken);
+      const response = await queryApi(`orgs/${orgSlug}/full-scans/${encodeURIComponent(scanId)}`, apiToken);
       haveScan = true;
       updateProgress();
       if (!response.ok) {
-        const err = await handleAPIError(response.status);
+        const err = await handleApiError(response.status);
         logger.logger.fail(`${colors.bgRed(colors.white(response.statusText))}: Fetch error: ${err}`);
         return undefined;
       }
@@ -7340,7 +7789,7 @@ includeSecurityPolicy) {
   })(),
   // includeLicensePolicy &&
   //   (async () => {
-  //     const r = await socketSdk.getOrgSecurityPolicy(orgSlug)
+  //     const r = await sockSdk.getOrgSecurityPolicy(orgSlug)
   //     haveLicensePolicy = true
   //     updateProgress()
   //     return await handleApiCall(
@@ -7349,7 +7798,7 @@ includeSecurityPolicy) {
   //     )
   //   })(),
   includeSecurityPolicy && (async () => {
-    const r = await socketSdk.getOrgSecurityPolicy(orgSlug);
+    const r = await sockSdk.getOrgSecurityPolicy(orgSlug);
     haveSecurityPolicy = true;
     updateProgress();
     return await handleApiCall(r, "looking up organization's security policy");
@@ -7595,40 +8044,31 @@ function* walkNestedMap(map, keys = []) {
   }
 }
 
-async function reportFullScan({
+async function outputScanReport(scan,
+// licensePolicy: undefined | SocketSdkReturnType<'getOrgSecurityPolicy'>,
+securityPolicy, {
   filePath,
   fold,
-  fullScanId,
   includeLicensePolicy,
   includeSecurityPolicy,
   orgSlug,
   outputKind,
   reportLevel,
+  scanId,
   short
 }) {
-  logger.logger.error('output:', outputKind, ', file:', filePath, ', fold:', fold, ', reportLevel:', reportLevel);
   if (!includeSecurityPolicy) {
+    process.exitCode = 1;
     return; // caller should assert
   }
-  const {
-    // licensePolicy,
-    ok,
-    scan,
-    securityPolicy
-  } = await fetchReportData(orgSlug, fullScanId,
-  // includeLicensePolicy
-  includeSecurityPolicy);
-  if (!ok) {
-    return;
-  }
   const scanReport = generateReport(scan, undefined,
   // licensePolicy,
   securityPolicy, {
     orgSlug,
-    scanId: fullScanId,
+    scanId,
     fold,
-    short,
-    reportLevel
+    reportLevel,
+    short
   });
   if (!scanReport.healthy) {
     process.exitCode = 1;
@@ -7715,6 +8155,43 @@ ${!report.alerts.size ? '' : mdTable(flatData, ['Policy', 'Alert Type', 'Package
   return md;
 }
 
+async function handleScanReport({
+  filePath,
+  fold,
+  includeLicensePolicy,
+  includeSecurityPolicy,
+  orgSlug,
+  outputKind,
+  reportLevel,
+  scanId,
+  short
+}) {
+  if (!includeSecurityPolicy) {
+    process.exitCode = 1;
+    return; // caller should assert
+  }
+  const {
+    // licensePolicy,
+    ok,
+    scan,
+    securityPolicy
+  } = await fetchReportData(orgSlug, scanId,
+  // includeLicensePolicy
+  includeSecurityPolicy);
+  if (!ok) return;
+  await outputScanReport(scan, securityPolicy, {
+    filePath,
+    fold,
+    scanId: scanId,
+    includeLicensePolicy,
+    includeSecurityPolicy,
+    orgSlug,
+    outputKind,
+    reportLevel,
+    short
+  });
+}
+
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$3
 } = constants;
@@ -7801,8 +8278,8 @@ async function run$3(argv, importMeta, {
     reportLevel = 'warn',
     security
   } = cli.flags;
-  const [orgSlug = '', fullScanId = '', file = '-'] = cli.input;
-  if (!orgSlug || !fullScanId ||
+  const [orgSlug = '', scanId = '', file = '-'] = cli.input;
+  if (!orgSlug || !scanId ||
   // (!license && !security) ||
   json && markdown) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
@@ -7814,7 +8291,7 @@ async function run$3(argv, importMeta, {
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
 
-      - Full Scan ID to fetch as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}
+      - Full Scan ID to fetch as second argument ${!scanId ? colors.red('(missing!)') : colors.green('(ok)')}
 
       - Not both the --json and --markdown flags ${json && markdown ? colors.red('(pick one!)') : colors.green('(ok)')}
     `
@@ -7826,9 +8303,9 @@ async function run$3(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAIL_TEXT$3);
     return;
   }
-  await reportFullScan({
+  await handleScanReport({
     orgSlug,
-    fullScanId,
+    scanId: scanId,
     includeLicensePolicy: false,
     // !!license,
     includeSecurityPolicy: typeof security === 'boolean' ? security : true,
@@ -7840,29 +8317,7 @@ async function run$3(argv, importMeta, {
   });
 }
 
-async function streamFullScan(orgSlug, fullScanId, file) {
-  // Lazily access constants.spinner.
-  const {
-    spinner
-  } = constants;
-  const apiToken = shadowNpmInject.getDefaultToken();
-  if (!apiToken) {
-    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
-  }
-  spinner.start('Fetching scan...');
-  const socketSdk = await shadowNpmInject.setupSdk(apiToken);
-  const data = await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file === '-' ? undefined : file), 'Fetching a scan');
-  if (!data?.success) {
-    handleUnsuccessfulApiResponse('getOrgFullScan', data);
-    return;
-  }
-  spinner?.successAndStop(file ? `Full scan details written to ${file}` : 'stdout');
-  return data;
-}
-
-async function viewFullScan(orgSlug, fullScanId, filePath) {
-  const artifacts = await getFullScan(orgSlug, fullScanId);
-  if (!artifacts) return;
+async function outputScanView(artifacts, orgSlug, scanId, filePath) {
   const display = artifacts.map(art => {
     const author = Array.isArray(art.author) ? `${art.author[0]}${art.author.length > 1 ? ' et.al.' : ''}` : art.author;
     return {
@@ -7879,11 +8334,11 @@ async function viewFullScan(orgSlug, fullScanId, filePath) {
 
 These are the artifacts and their scores found.
 
-Sscan ID: ${fullScanId}
+Scan ID: ${scanId}
 
 ${md}
 
-View this report at: https://socket.dev/dashboard/org/${orgSlug}/sbom/${fullScanId}
+View this report at: https://socket.dev/dashboard/org/${orgSlug}/sbom/${scanId}
   `.trim() + '\n';
   if (filePath && filePath !== '-') {
     try {
@@ -7899,6 +8354,32 @@ View this report at: https://socket.dev/dashboard/org/${orgSlug}/sbom/${fullScan
   }
 }
 
+async function handleScanView(orgSlug, scanId, filePath) {
+  const data = await fetchScan(orgSlug, scanId);
+  if (!data) return;
+  await outputScanView(data, orgSlug, scanId, filePath);
+}
+
+async function streamScan(orgSlug, scanId, file) {
+  // Lazily access constants.spinner.
+  const {
+    spinner
+  } = constants;
+  const apiToken = shadowNpmInject.getDefaultToken();
+  if (!apiToken) {
+    throw new shadowNpmInject.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+  }
+  const sockSdk = await shadowNpmInject.setupSdk(apiToken);
+  spinner.start('Fetching scan...');
+  const data = await handleApiCall(sockSdk.getOrgFullScan(orgSlug, scanId, file === '-' ? undefined : file), 'Fetching a scan');
+  spinner?.successAndStop(file ? `Full scan details written to ${file}` : 'stdout');
+  if (!data?.success) {
+    handleUnsuccessfulApiResponse('getOrgFullScan', data);
+    return;
+  }
+  return data;
+}
+
 const {
   DRY_RUN_BAIL_TEXT: DRY_RUN_BAIL_TEXT$2
 } = constants;
@@ -7937,8 +8418,8 @@ async function run$2(argv, importMeta, {
     importMeta,
     parentName
   });
-  const [orgSlug = '', fullScanId = '', file = '-'] = cli.input;
-  if (!orgSlug || !fullScanId) {
+  const [orgSlug = '', scanId = '', file = '-'] = cli.input;
+  if (!orgSlug || !scanId) {
     // Use exit status of 2 to indicate incorrect usage, generally invalid
     // options or missing arguments.
     // https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
@@ -7948,7 +8429,7 @@ async function run$2(argv, importMeta, {
 
       - Org name as the first argument ${!orgSlug ? colors.red('(missing!)') : colors.green('(ok)')}
 
-      - Full Scan ID to fetch as second argument ${!fullScanId ? colors.red('(missing!)') : colors.green('(ok)')}
+      - Full Scan ID to fetch as second argument ${!scanId ? colors.red('(missing!)') : colors.green('(ok)')}
     `);
     return;
   }
@@ -7957,9 +8438,9 @@ async function run$2(argv, importMeta, {
     return;
   }
   if (cli.flags['json']) {
-    await streamFullScan(orgSlug, fullScanId, file);
+    await streamScan(orgSlug, scanId, file);
   } else {
-    await viewFullScan(orgSlug, fullScanId, file);
+    await handleScanView(orgSlug, scanId, file);
   }
 }
 
@@ -8032,7 +8513,7 @@ async function getThreatFeedWithToken({
   } = constants;
   const queryParams = new URLSearchParams([['direction', direction], ['ecosystem', ecosystem], ['filter', filter], ['page', page], ['per_page', String(perPage)]]);
   spinner.start('Fetching Threat Feed data...');
-  const response = await queryAPI(`threat-feed?${queryParams}`, apiToken);
+  const response = await queryApi(`threat-feed?${queryParams}`, apiToken);
   const data = await response.json();
   spinner.stop('Threat feed data fetched');
   if (outputKind === 'json') {
@@ -8455,12 +8936,13 @@ void (async () => {
   await vendor.updater({
     name: SOCKET_CLI_BIN_NAME,
     // The '@rollup/plugin-replace' will replace "process.env['INLINED_SOCKET_CLI_VERSION']".
-    version: "0.14.65",
+    version: "0.14.67",
     ttl: 86_400_000 /* 24 hours in milliseconds */
   });
   try {
     await meowWithSubcommands({
       cdxgen: cmdCdxgen,
+      config: cmdConfig,
       fix: cmdFix,
       info: cmdInfo,
       login: cmdLogin,
@@ -8522,5 +9004,5 @@ void (async () => {
     await shadowNpmInject.captureException(e);
   }
 })();
-//# debugId=765ca9f4-3784-4e50-beb4-36197117fbea
+//# debugId=199d20b5-2692-44b6-b880-34650eeaae46
 //# sourceMappingURL=cli.js.map