@socketsecurity/cli 0.8.0 → 0.9.0

package/lib/commands/info/index.js

@@ -20,10 +20,13 @@ export const info = {
     const name = parentName + ' info'
 
     const input = setupCommand(name, info.description, argv, importMeta)
-    const packageData = input && await fetchPackageData(input.pkgName, input.pkgVersion, input)
-
-    if (packageData) {
-      formatPackageDataOutput(packageData, { name, ...input })
+    if (input) {
+      const spinnerText = input.pkgVersion === 'latest' ? `Looking up data for the latest version of ${input.pkgName}\n` : `Looking up data for version ${input.pkgVersion} of ${input.pkgName}\n`
+      const spinner = ora(spinnerText).start()
+      const packageData = await fetchPackageData(input.pkgName, input.pkgVersion, input, spinner)
+      if (packageData) {
+        formatPackageDataOutput(packageData, { name, ...input }, spinner)
+      }
     }
   }
 }
@@ -90,16 +93,8 @@ function setupCommand (name, description, argv, importMeta) {
 
   const versionSeparator = rawPkgName.lastIndexOf('@')
 
-  if (versionSeparator < 1) {
-    throw new InputError('Need to specify a full package identifier, like eg: webtorrent@1.0.0')
-  }
-
-  const pkgName = rawPkgName.slice(0, versionSeparator)
-  const pkgVersion = rawPkgName.slice(versionSeparator + 1)
-
-  if (!pkgVersion) {
-    throw new InputError('Need to specify a version, like eg: webtorrent@1.0.0')
-  }
+  const pkgName = versionSeparator < 1 ? rawPkgName : rawPkgName.slice(0, versionSeparator)
+  const pkgVersion = versionSeparator < 1 ? 'latest' : rawPkgName.slice(versionSeparator + 1)
 
   return {
     includeAllIssues,
@@ -115,53 +110,78 @@ function setupCommand (name, description, argv, importMeta) {
  * @typedef PackageData
  * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} data
  * @property {Record<import('../../utils/format-issues').SocketIssue['severity'], number>} severityCount
+ * @property {import('@socketsecurity/sdk').SocketSdkReturnType<'getScoreByNPMPackage'>["data"]} score
  */
 
 /**
  * @param {string} pkgName
  * @param {string} pkgVersion
- * @param {Pick<CommandContext, 'includeAllIssues' | 'strict'>} context
+ * @param {Pick<CommandContext, 'includeAllIssues'>} context
+ * @param {import('ora').Ora} spinner
  * @returns {Promise<void|PackageData>}
  */
-async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict }) {
+async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues }, spinner) {
   const socketSdk = await setupSdk(getDefaultKey() || FREE_API_KEY)
-  const spinner = ora(`Looking up data for version ${pkgVersion} of ${pkgName}`).start()
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package')
+  const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score')
 
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getIssuesByNPMPackage', result, spinner)
   }
 
-  // Conclude the status of the API call
+  if (scoreResult.success === false) {
+    return handleUnsuccessfulApiResponse('getScoreByNPMPackage', scoreResult, spinner)
+  }
 
+  // Conclude the status of the API call
   const severityCount = getSeverityCount(result.data, includeAllIssues ? undefined : 'high')
 
-  if (objectSome(severityCount)) {
-    const issueSummary = formatSeverityCount(severityCount)
-    spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
-  } else {
-    spinner.succeed('Package has no issues')
-  }
-
   return {
     data: result.data,
     severityCount,
+    score: scoreResult.data
   }
 }
 
 /**
  * @param {PackageData} packageData
  * @param {{ name: string } & CommandContext} context
+ * @param {import('ora').Ora} spinner
  * @returns {void}
  */
- function formatPackageDataOutput ({ data, severityCount }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }) {
+ function formatPackageDataOutput ({ data, severityCount, score }, { name, outputJson, outputMarkdown, pkgName, pkgVersion, strict }, spinner) {
   if (outputJson) {
     console.log(JSON.stringify(data, undefined, 2))
   } else {
+    console.log('\nPackage report card:')
+    const scoreResult = {
+      'Supply Chain Risk': Math.floor(score.supplyChainRisk.score * 100),
+      'Maintenance': Math.floor(score.maintenance.score * 100),
+      'Quality': Math.floor(score.quality.score * 100),
+      'Vulnerabilities': Math.floor(score.vulnerability.score * 100),
+      'License': Math.floor(score.license.score * 100)
+    }
+    Object.entries(scoreResult).map(score => console.log(`- ${score[0]}: ${formatScore(score[1])}`))
+
+    // Package issues list
+    if (objectSome(severityCount)) {
+      const issueSummary = formatSeverityCount(severityCount)
+      console.log('\n')
+      spinner[strict ? 'fail' : 'succeed'](`Package has these issues: ${issueSummary}`)
+      formatPackageIssuesDetails(data, outputMarkdown)
+    } else {
+      console.log('\n')
+      spinner.succeed('Package has no issues')
+    }
+
+    // Link to issues list
     const format = new ChalkOrMarkdown(!!outputMarkdown)
     const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`
-
-    console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName} v${pkgVersion}`, url, { fallbackToUrl: true }))
+    if (pkgVersion === 'latest') {
+      console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName}`, url, { fallbackToUrl: true }))
+    } else {
+      console.log('\nDetailed info on socket.dev: ' + format.hyperlink(`${pkgName} v${pkgVersion}`, url, { fallbackToUrl: true }))
+    }
     if (!outputMarkdown) {
       console.log(chalk.dim('\nOr rerun', chalk.italic(name), 'using the', chalk.italic('--json'), 'flag to get full JSON output'))
     }
@@ -171,3 +191,55 @@ async function fetchPackageData (pkgName, pkgVersion, { includeAllIssues, strict
     process.exit(1)
   }
 }
+
+/**
+ * @param {import('@socketsecurity/sdk').SocketSdkReturnType<'getIssuesByNPMPackage'>["data"]} packageData
+ * @param {boolean} outputMarkdown
+ * @returns {void[]}
+ */
+function formatPackageIssuesDetails (packageData, outputMarkdown) {
+  const issueDetails = packageData.filter(d => d.value?.severity === 'high' || d.value?.severity === 'critical')
+
+  const uniqueIssues = issueDetails.reduce((/** @type {{ [key: string]: {count: Number, label: string | undefined} }} */ acc, issue) => {
+  const { type } = issue
+    if (type) {
+      if (!acc[type]) {
+        acc[type] = {
+          label: issue.value?.label,
+          count: 1
+        }
+      } else {
+        // @ts-ignore
+        acc[type].count += 1
+      }
+    }
+    return acc
+  }, {})
+
+  const format = new ChalkOrMarkdown(!!outputMarkdown)
+  return Object.keys(uniqueIssues).map(issue => {
+    const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, `https://socket.dev/npm/issue/${issue}`, { fallbackToUrl: true })
+    if (uniqueIssues[issue]?.count === 1) {
+      return console.log(`- ${issueWithLink}`)
+    }
+    return console.log(`- ${issueWithLink}: ${uniqueIssues[issue]?.count}`)
+  })
+}
+
+/**
+ * @param {number} score
+ * @returns {string}
+ */
+function formatScore (score) {
+  const error = chalk.hex('#de7c7b')
+  const warning = chalk.hex('#e59361')
+  const success = chalk.hex('#a4cb9d')
+
+  if (score > 80) {
+    return `${success(score)}`
+  } else if (score < 80 && score > 60) {
+    return `${warning(score)}`
+  } else {
+    return `${error(score)}`
+  }
+}

package/lib/commands/login/index.js

@@ -5,6 +5,8 @@ import prompts from 'prompts'
 import terminalLink from 'terminal-link'
 
 import { AuthError, InputError } from '../../utils/errors.js'
+import { prepareFlags } from '../../utils/flags.js'
+import { printFlagList } from '../../utils/formatting.js'
 import { FREE_API_KEY, setupSdk } from '../../utils/sdk.js'
 import { getSetting, updateSetting } from '../../utils/settings.js'
 
@@ -14,6 +16,16 @@ const description = 'Socket API login'
 export const login = {
   description,
   run: async (argv, importMeta, { parentName }) => {
+    const flags = prepareFlags({
+      apiBaseUrl: {
+        type: 'string',
+        description: 'API server to connect to for login',
+      },
+      apiProxy: {
+        type: 'string',
+        description: 'Proxy to use when making connection to API server'
+      }
+    })
     const name = parentName + ' login'
     const cli = meow(`
       Usage
@@ -21,12 +33,19 @@ export const login = {
 
       Logs into the Socket API by prompting for an API key
 
+      Options
+        ${printFlagList({
+          'api-base-url': flags.apiBaseUrl.description,
+          'api-proxy': flags.apiProxy.description
+        }, 8)}
+
       Examples
         $ ${name}
     `, {
       argv,
       description,
       importMeta,
+      flags
     })
 
     /**
@@ -58,13 +77,27 @@ export const login = {
 
     const apiKey = result.apiKey || FREE_API_KEY
 
+    /**
+     * @type {string | null | undefined}
+     */
+    let apiBaseUrl = cli.flags.apiBaseUrl
+    apiBaseUrl ??= getSetting('apiBaseUrl') ??
+      undefined
+
+    /**
+     * @type {string | null | undefined}
+     */
+    let apiProxy = cli.flags.apiProxy
+    apiProxy ??= getSetting('apiProxy') ??
+      undefined
+
     const spinner = ora('Verifying API key...').start()
 
     /** @type {import('@socketsecurity/sdk').SocketSdkReturnType<'getOrganizations'>['data']} */
     let orgs
 
     try {
-      const sdk = await setupSdk(apiKey)
+      const sdk = await setupSdk(apiKey, apiBaseUrl, apiProxy)
       const result = await sdk.getOrganizations()
       if (!result.success) throw new AuthError()
       orgs = result.data
@@ -131,6 +164,7 @@ export const login = {
     updateSetting('enforcedOrgs', enforcedOrgs)
     const oldKey = getSetting('apiKey')
     updateSetting('apiKey', apiKey)
+    updateSetting('apiBaseUrl', apiBaseUrl)
     spinner.succeed(`API credentials ${oldKey ? 'updated' : 'set'}`)
   }
 }

package/lib/commands/logout/index.js

@@ -27,6 +27,8 @@ export const logout = {
     if (cli.input.length) cli.showHelp()
 
     updateSetting('apiKey', null)
+    updateSetting('apiBaseUrl', null)
+    updateSetting('apiProxy', null)
     updateSetting('enforcedOrgs', null)
     ora('Successfully logged out').succeed()
   }

package/lib/commands/report/create.js

@@ -179,7 +179,6 @@ async function setupCommand (name, description, argv, importMeta) {
       }
     })
 
-  // TODO: setupSdk(getDefaultKey() || FREE_API_KEY)
   const socketSdk = await setupSdk()
   const supportedFiles = await socketSdk.getReportSupportedFiles()
     .then(res => {

package/lib/shadow/npm-injection.cjs

@@ -40,34 +40,50 @@ try {
  */
 
 const pubTokenPromise = sdkPromise.then(({ getDefaultKey, FREE_API_KEY }) => getDefaultKey() || FREE_API_KEY)
-const apiKeySettingsPromise = sdkPromise.then(async ({ setupSdk }) => {
-  const sdk = await setupSdk(await pubTokenPromise)
-  const orgResult = await sdk.getOrganizations()
-  if (!orgResult.success) {
-    throw new Error('Failed to fetch Socket organization info: ' + orgResult.error.message)
-  }
-  /**
-   * @type {(Exclude<typeof orgResult.data.organizations[string], undefined>)[]}
-   */
-  const orgs = []
-  for (const org of Object.values(orgResult.data.organizations)) {
-    if (org) {
-      orgs.push(org)
+const apiKeySettingsInit = sdkPromise.then(async ({ setupSdk }) => {
+  try {
+    const sdk = await setupSdk(await pubTokenPromise)
+    const orgResult = await sdk.getOrganizations()
+    if (!orgResult.success) {
+      throw new Error('Failed to fetch Socket organization info: ' + orgResult.error.message)
+    }
+    /**
+     * @type {(Exclude<typeof orgResult.data.organizations[string], undefined>)[]}
+     */
+    const orgs = []
+    for (const org of Object.values(orgResult.data.organizations)) {
+      if (org) {
+        orgs.push(org)
+      }
+    }
+    const result = await sdk.postSettings(orgs.map(org => {
+      return {
+        organization: org.id
+      }
+    }))
+    if (!result.success) {
+      throw new Error('Failed to fetch API key settings: ' + result.error.message)
     }
-  }
-  const result = await sdk.postSettings(orgs.map(org => {
     return {
-      organization: org.id
+      orgs,
+      settings: result.data
     }
-  }))
-  if (!result.success) {
-    throw new Error('Failed to fetch API key settings: ' + result.error.message)
-  }
-  return {
-    orgs,
-    settings: result.data
+  } catch (e) {
+    if (e && typeof e === 'object' && 'cause' in e) {
+      const cause = e.cause
+      if (isErrnoException(cause)) {
+        if (cause.code === 'ENOTFOUND' || cause.code === 'ECONNREFUSED') {
+          throw new Error('Unable to connect to socket.dev, ensure internet connectivity before retrying', {
+            cause: e
+          })
+        }
+      }
+    }
+    throw e
   }
 })
+// mark apiKeySettingsInit as handled
+apiKeySettingsInit.catch(() => {})
 
 /**
  *
@@ -78,42 +94,43 @@ async function findSocketYML () {
   const fs = require('fs/promises')
   while (dir !== prevDir) {
     const ymlPath = path.join(dir, 'socket.yml')
+    const yml = fs.readFile(ymlPath, 'utf-8')
     // mark as handled
-    const yml = fs.readFile(ymlPath, 'utf-8').catch(() => {})
+    yml.catch(() => {})
     const yamlPath = path.join(dir, 'socket.yaml')
+    const yaml = fs.readFile(yamlPath, 'utf-8')
     // mark as handled
-    const yaml = fs.readFile(yamlPath, 'utf-8').catch(() => {})
-    try {
-      const txt = await yml
-      if (txt != null) {
-        return {
-          path: ymlPath,
-          parsed: config.parseSocketConfig(txt)
-        }
-      }
-    } catch (e) {
+    yaml.catch(() => {})
+    /**
+     * @param {unknown} e
+     * @returns {boolean}
+     */
+    function checkFileFoundError (e) {
       if (isErrnoException(e)) {
         if (e.code !== 'ENOENT' && e.code !== 'EISDIR') {
           throw e
         }
-      } else {
+        return false
+      }
+      return true
+    }
+    try {
+      return {
+        path: ymlPath,
+        parsed: config.parseSocketConfig(await yml)
+      }
+    } catch (e) {
+      if (checkFileFoundError(e)) {
         throw new Error('Found file but was unable to parse ' + ymlPath)
       }
     }
     try {
-      const txt = await yaml
-      if (txt != null) {
-        return {
-          path: yamlPath,
-          parsed: config.parseSocketConfig(txt)
-        }
+      return {
+        path: ymlPath,
+        parsed: config.parseSocketConfig(await yaml)
       }
     } catch (e) {
-      if (isErrnoException(e)) {
-        if (e.code !== 'ENOENT' && e.code !== 'EISDIR') {
-          throw e
-        }
-      } else {
+      if (checkFileFoundError(e)) {
         throw new Error('Found file but was unable to parse ' + yamlPath)
       }
     }
@@ -124,11 +141,12 @@ async function findSocketYML () {
 }
 
 /**
- * @type {Promise<ReturnType<import('../utils/issue-rules.cjs')['createIssueUXLookup']>>}
+ * @type {Promise<ReturnType<import('../utils/issue-rules.cjs')['createIssueUXLookup']> | undefined>}
  */
-const uxLookupPromise = settingsPromise.then(async ({ getSetting }) => {
+const uxLookupInit = settingsPromise.then(async ({ getSetting }) => {
   const enforcedOrgs = getSetting('enforcedOrgs') ?? []
-  const { orgs, settings } = await apiKeySettingsPromise
+  const remoteSettings = await apiKeySettingsInit
+  const { orgs, settings } = remoteSettings
 
   // remove any organizations not being enforced
   for (const [i, org] of orgs.entries()) {
@@ -152,6 +170,8 @@ const uxLookupPromise = settingsPromise.then(async ({ getSetting }) => {
   }
   return createIssueUXLookup(settings)
 })
+// mark uxLookupInit as handled
+uxLookupInit.catch(() => {})
 
 // shadow `npm` and `npx` to mitigate subshells
 require('./link.cjs')(fs.realpathSync(path.join(__dirname, 'bin')), 'npm')
@@ -506,7 +526,7 @@ async function packagesHaveRiskyIssues (safeArb, _registry, pkgs, ora = null, _i
     const pkgDatas = []
     try {
       // TODO: determine org based on cwd, pass in
-      const uxLookup = await uxLookupPromise
+      const uxLookup = await uxLookupInit
 
       for await (const pkgData of batchScan(pkgs.map(pkg => pkg.pkgid))) {
         /**

package/lib/shadow/tty-server.cjs

@@ -1,7 +1,8 @@
 const path = require('path')
 const { PassThrough } = require('stream')
-const { isErrnoException } = require('../utils/type-helpers.cjs')
+
 const ipc_version = require('../../package.json').version
+const { isErrnoException } = require('../utils/type-helpers.cjs')
 
 /**
  * @typedef {import('stream').Readable} Readable
@@ -22,7 +23,7 @@ module.exports = async function createTTYServer (colorLevel, isInteractive, npml
    * @type {import('readline')}
    */
   let readline
-  const isSTDINInteractive = true || isInteractive
+  const isSTDINInteractive = isInteractive
   if (!isSTDINInteractive && TTY_IPC) {
     return {
       async captureTTY (mutexFn) {

package/lib/utils/path-resolve.js

@@ -5,7 +5,6 @@ import { globby } from 'globby'
 import ignore from 'ignore'
 // @ts-ignore This package provides no types
 import { directories } from 'ignore-by-default'
-import micromatch from 'micromatch'
 import { ErrorWithCause } from 'pony-cause'
 
 import { InputError } from './errors.js'
@@ -94,85 +93,65 @@ export async function mapGlobResultToFiles (entries, supportedFiles) {
  * @throws {InputError}
  */
 export async function mapGlobEntryToFiles (entry, supportedFiles) {
-  /** @type {string|undefined} */
-  let pkgJSFile
-  /** @type {string[]} */
-  let jsLockFiles = []
-  /** @type {string[]} */
-  let pyFiles = []
-  /** @type {string|undefined} */
-  let pkgGoFile
-  /** @type {string[]} */
-  let goExtraFiles = []
-
   const jsSupported = supportedFiles['npm'] || {}
-  const jsLockFilePatterns = Object.keys(jsSupported)
-    .filter(key => key !== 'packagejson')
-    .map(key => /** @type {{ pattern: string }} */ (jsSupported[key]).pattern)
+  const jsLockFilePatterns = Object.values(jsSupported)
+    // .filter(key => key !== 'packagejson')
+    .map(p => `**/${/** @type {{ pattern: string }} */ (p).pattern}`)
 
   const pyFilePatterns = Object.values(supportedFiles['pypi'] || {})
-    .map(p => /** @type {{ pattern: string }} */ (p).pattern)
+    .map(p => `**/${/** @type {{ pattern: string }} */ (p).pattern}`)
 
   const goSupported = supportedFiles['go'] || {}
-  const goSupplementalPatterns = Object.keys(goSupported)
-    .filter(key => key !== 'gomod')
-    .map(key => /** @type {{ pattern: string }} */ (goSupported[key]).pattern)
-
-  if (entry.endsWith('/')) {
-    // If the match is a folder and that folder contains a package.json file, then include it
-    const jsPkg = path.resolve(entry, 'package.json')
-    if (await fileExists(jsPkg)) pkgJSFile = jsPkg
-
-    const goPkg = path.resolve(entry, 'go.mod')
-    if (await fileExists(goPkg)) pkgGoFile = goPkg
-
-    pyFiles = await globby(pyFilePatterns, {
-      ...BASE_GLOBBY_OPTS,
-      cwd: entry
-    })
-  } else {
-    const entryFile = path.basename(entry)
-
-    if (entryFile === 'package.json') {
-      // If the match is a package.json file, then include it
-      pkgJSFile = entry
-    } else if (micromatch.isMatch(entryFile, jsLockFilePatterns)) {
-      jsLockFiles = [entry]
-      pkgJSFile = path.resolve(path.dirname(entry), 'package.json')
-      if (!(await fileExists(pkgJSFile))) return []
-    } else if (entryFile === 'go.mod') {
-      pkgGoFile = entry
-    } else if (micromatch.isMatch(entryFile, goSupplementalPatterns)) {
-      goExtraFiles = [entry]
-      pkgGoFile = path.resolve(path.dirname(entry), 'go.mod')
-    } else if (micromatch.isMatch(entryFile, pyFilePatterns)) {
-      pyFiles = [entry]
-    }
-  }
-
-  // If we will include a package.json file but don't already have a corresponding lockfile, then look for one
-  if (!jsLockFiles.length && pkgJSFile) {
-    const pkgDir = path.dirname(pkgJSFile)
-
-    jsLockFiles = await globby(jsLockFilePatterns, {
-      ...BASE_GLOBBY_OPTS,
-      cwd: pkgDir
-    })
-  }
-
-  if (!goExtraFiles.length && pkgGoFile) {
-    // get go.sum whenever possible
-    const pkgDir = path.dirname(pkgGoFile)
-
-    goExtraFiles = await globby(goSupplementalPatterns, {
-      ...BASE_GLOBBY_OPTS,
-      cwd: pkgDir
-    })
-  }
-
-  return [...jsLockFiles, ...pyFiles, ...goExtraFiles]
-    .concat(pkgJSFile ? [pkgJSFile] : [])
-    .concat(pkgGoFile ? [pkgGoFile] : [])
+  const goSupplementalPatterns = Object.values(goSupported)
+    // .filter(key => key !== 'gomod')
+    .map(p => `**/${/** @type {{ pattern: string }} */ (p).pattern}`)
+
+  const files = await globby([
+    ...jsLockFilePatterns,
+    ...pyFilePatterns,
+    ...goSupplementalPatterns
+  ], {
+    ...BASE_GLOBBY_OPTS,
+    onlyFiles: true,
+    cwd: path.resolve((await stat(entry)).isDirectory() ? entry : path.dirname(entry))
+  })
+  return files
+
+  // if (entry.endsWith('/')) {
+  //   // If the match is a folder and that folder contains a package.json file, then include it
+  //   const jsPkg = path.resolve(entry, 'package.json')
+  //   if (await fileExists(jsPkg)) pkgJSFile = jsPkg
+
+  //   const goPkg = path.resolve(entry, 'go.mod')
+  //   if (await fileExists(goPkg)) pkgGoFile = goPkg
+
+  //   pyFiles = await globby(pyFilePatterns, {
+  //     ...BASE_GLOBBY_OPTS,
+  //     cwd: entry
+  //   })
+  // } else {
+  //   const entryFile = path.basename(entry)
+
+  //   if (entryFile === 'package.json') {
+  //     // If the match is a package.json file, then include it
+  //     pkgJSFile = entry
+  //   } else if (micromatch.isMatch(entryFile, jsLockFilePatterns)) {
+  //     jsLockFiles = [entry]
+  //     pkgJSFile = path.resolve(path.dirname(entry), 'package.json')
+  //     if (!(await fileExists(pkgJSFile))) return []
+  //   } else if (entryFile === 'go.mod') {
+  //     pkgGoFile = entry
+  //   } else if (micromatch.isMatch(entryFile, goSupplementalPatterns)) {
+  //     goExtraFiles = [entry]
+  //     pkgGoFile = path.resolve(path.dirname(entry), 'go.mod')
+  //   } else if (micromatch.isMatch(entryFile, pyFilePatterns)) {
+  //     pyFiles = [entry]
+  //   }
+  // }
+
+  // return [...jsLockFiles, ...pyFiles, ...goExtraFiles]
+  //   .concat(pkgJSFile ? [pkgJSFile] : [])
+  //   .concat(pkgGoFile ? [pkgGoFile] : [])
 }
 
 /**

package/lib/utils/sdk.js

@@ -20,15 +20,47 @@ let defaultKey
 
 /** @returns {string | undefined} */
 export function getDefaultKey () {
-  defaultKey = getSetting('apiKey') || process.env['SOCKET_SECURITY_API_KEY'] || defaultKey
+  defaultKey = process.env['SOCKET_SECURITY_API_KEY'] || getSetting('apiKey') || defaultKey
   return defaultKey
 }
 
+/**
+ * The API server that should be used for operations
+ *
+ * @type {string | undefined}
+ */
+let defaultAPIBaseUrl
+
+/**
+ * @returns {string | undefined}
+ */
+export function getDefaultAPIBaseUrl () {
+  defaultAPIBaseUrl = process.env['SOCKET_SECURITY_API_BASE_URL'] || getSetting('apiBaseUrl') || undefined
+  return defaultAPIBaseUrl
+}
+
+/**
+ * The API server that should be used for operations
+ *
+ * @type {string | undefined}
+ */
+let defaultApiProxy
+
+/**
+ * @returns {string | undefined}
+ */
+export function getDefaultHTTPProxy () {
+  defaultApiProxy = process.env['SOCKET_SECURITY_API_PROXY'] || getSetting('apiProxy') || undefined
+  return defaultApiProxy
+}
+
 /**
  * @param {string} [apiKey]
+ * @param {string} [apiBaseUrl]
+ * @param {string} [proxy]
  * @returns {Promise<import('@socketsecurity/sdk').SocketSdk>}
  */
-export async function setupSdk (apiKey = getDefaultKey()) {
+export async function setupSdk (apiKey = getDefaultKey(), apiBaseUrl = getDefaultAPIBaseUrl(), proxy = getDefaultHTTPProxy()) {
   if (apiKey == null && isInteractive()) {
     /**
      * @type {{ apiKey: string }}
@@ -49,11 +81,11 @@ export async function setupSdk (apiKey = getDefaultKey()) {
   /** @type {import('@socketsecurity/sdk').SocketSdkOptions["agent"]} */
   let agent
 
-  if (process.env['SOCKET_SECURITY_API_PROXY']) {
+  if (proxy) {
     const { HttpProxyAgent, HttpsProxyAgent } = await import('hpagent')
     agent = {
-      http: new HttpProxyAgent({ proxy: process.env['SOCKET_SECURITY_API_PROXY'] }),
-      https: new HttpsProxyAgent({ proxy: process.env['SOCKET_SECURITY_API_PROXY'] }),
+      http: new HttpProxyAgent({ proxy }),
+      https: new HttpsProxyAgent({ proxy }),
     }
   }
   const packageJsonPath = join(dirname(fileURLToPath(import.meta.url)), '../../package.json')
@@ -62,7 +94,7 @@ export async function setupSdk (apiKey = getDefaultKey()) {
   /** @type {import('@socketsecurity/sdk').SocketSdkOptions} */
   const sdkOptions = {
     agent,
-    baseUrl: process.env['SOCKET_SECURITY_API_BASE_URL'],
+    baseUrl: apiBaseUrl,
     userAgent: createUserAgentFromPkgJson(JSON.parse(packageJson))
   }
 

package/lib/utils/settings.js

@@ -23,7 +23,7 @@ const settingsPath = path.join(dataHome, 'socket', 'settings')
  * @typedef {Record<string, boolean | {action: 'error' | 'warn' | 'ignore' | 'defer'}>} IssueRules
  */
 
-/** @type {{apiKey?: string | null, enforcedOrgs?: string[] | null}} */
+/** @type {{apiKey?: string | null, enforcedOrgs?: string[] | null, apiBaseUrl?: string | null, apiProxy?: string | null}} */
 let settings = {}
 
 if (fs.existsSync(settingsPath)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/cli",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "CLI tool for Socket.dev",
   "homepage": "http://github.com/SocketDev/socket-cli-js",
   "repository": {
@@ -82,7 +82,7 @@
   "dependencies": {
     "@apideck/better-ajv-errors": "^0.3.6",
     "@socketsecurity/config": "^2.0.0",
-    "@socketsecurity/sdk": "^0.7.2",
+    "@socketsecurity/sdk": "^0.7.3",
     "chalk": "^5.1.2",
     "globby": "^13.1.3",
     "hpagent": "^1.2.0",
@@ -91,7 +91,6 @@
     "is-interactive": "^2.0.0",
     "is-unicode-supported": "^1.3.0",
     "meow": "^12.0.1",
-    "micromatch": "^4.0.5",
     "ora": "^6.1.2",
     "pony-cause": "^2.1.8",
     "prompts": "^2.4.2",