socket 0.14.12 → 0.14.13

package/dist/cli.js

@@ -12,6 +12,8 @@ var sdk = require('./sdk.js');
 var require$$1$2 = require('@inquirer/prompts');
 var require$$3$2 = require('@npmcli/package-json');
 var require$$4 = require('@socketsecurity/registry');
+var require$$6$1 = require('npm-package-arg');
+var require$$8 = require('pacote');
 var require$$3$1 = require('semver');
 var require$$1$3 = require('@socketregistry/hyrious__bun.lockb');
 var require$$3 = require('browserslist');
@@ -24,6 +26,7 @@ var require$$3$4 = require('node:readline');
 var require$$0$1 = require('node:process');
 var require$$2$2 = require('node:readline/promises');
 var require$$2$3 = require('chalk-table');
+var require$$1$4 = require('node:fs/promises');
 var require$$2$4 = require('blessed');
 var require$$3$5 = require('blessed-contrib');
 var require$$0$2 = require('node:util');
@@ -41,7 +44,7 @@ Object.defineProperty(cdxgen, "__esModule", {
   value: true
 });
 cdxgen.cdxgen = void 0;
-var _nodeFs$5 = require$$0;
+var _nodeFs$4 = require$$0;
 var _nodePath$7 = require$$1;
 var _promiseSpawn$6 = require$$1$1;
 var _chalk$j = _interopRequireDefault$s(vendor.source);
@@ -168,14 +171,14 @@ cdxgen.cdxgen = {
       return;
     }
     let cleanupPackageLock = false;
-    if (yargv.type !== 'yarn' && nodejsPlatformTypes.includes(yargv.type) && (0, _nodeFs$5.existsSync)('./yarn.lock')) {
-      if ((0, _nodeFs$5.existsSync)('./package-lock.json')) {
+    if (yargv.type !== 'yarn' && nodejsPlatformTypes.includes(yargv.type) && (0, _nodeFs$4.existsSync)('./yarn.lock')) {
+      if ((0, _nodeFs$4.existsSync)('./package-lock.json')) {
         yargv.type = 'npm';
       } else {
         // Use synp to create a package-lock.json from the yarn.lock,
         // based on the node_modules folder, for a more accurate SBOM.
         try {
-          await _promiseSpawn$6(execPath, [await _nodeFs$5.promises.realpath(synpBinPath), '--source-file', './yarn.lock'], {
+          await _promiseSpawn$6(execPath, [await _nodeFs$4.promises.realpath(synpBinPath), '--source-file', './yarn.lock'], {
             shell: true
           });
           yargv.type = 'npm';
@@ -186,7 +189,7 @@ cdxgen.cdxgen = {
     if (yargv.output === undefined) {
       yargv.output = 'socket-cdx.json';
     }
-    await _promiseSpawn$6(execPath, [await _nodeFs$5.promises.realpath(cdxgenBinPath), ...argvToArray(yargv)], {
+    await _promiseSpawn$6(execPath, [await _nodeFs$4.promises.realpath(cdxgenBinPath), ...argvToArray(yargv)], {
       env: {
         NODE_ENV: '',
         SBOM_SIGN_ALGORITHM,
@@ -198,11 +201,11 @@ cdxgen.cdxgen = {
     });
     if (cleanupPackageLock) {
       try {
-        await _nodeFs$5.promises.unlink('./package-lock.json');
+        await _nodeFs$4.promises.unlink('./package-lock.json');
       } catch {}
     }
     const fullOutputPath = _nodePath$7.join(process.cwd(), yargv.output);
-    if ((0, _nodeFs$5.existsSync)(fullOutputPath)) {
+    if ((0, _nodeFs$4.existsSync)(fullOutputPath)) {
       console.log(_chalk$j.default.cyanBright(`${yargv.output} created!`));
     }
   }
@@ -215,7 +218,15 @@ var flags$1 = {};
 Object.defineProperty(flags$1, "__esModule", {
   value: true
 });
-flags$1.validationFlags = flags$1.outputFlags = flags$1.commandFlags = void 0;
+flags$1.validationFlags = flags$1.outputFlags = flags$1.commonFlags = flags$1.commandFlags = void 0;
+flags$1.commonFlags = {
+  help: {
+    type: 'boolean',
+    default: false,
+    shortFlag: 'h',
+    description: 'Print this help.'
+  }
+};
 flags$1.commandFlags = {
   enable: {
     type: 'boolean',
@@ -313,15 +324,10 @@ var objects = {};
 Object.defineProperty(objects, "__esModule", {
   value: true
 });
-objects.getOwn = getOwn;
 objects.hasOwn = hasOwn;
 objects.isObjectObject = isObjectObject;
 objects.objectSome = objectSome;
 objects.pick = pick;
-function getOwn(obj, propKey) {
-  if (obj === null || obj === undefined) return undefined;
-  return Object.hasOwn(obj, propKey) ? obj[propKey] : undefined;
-}
 function hasOwn(obj, propKey) {
   if (obj === null || obj === undefined) return false;
   return Object.hasOwn(obj, propKey);
@@ -403,8 +409,6 @@ function printFlagList(list, indent, {
   padName
 } = {}) {
   return printHelpList({
-    help: 'Print this help and exits.',
-    version: 'Prints current version and exits.',
     ...list
   }, indent, {
     keyPrefix,
@@ -415,8 +419,8 @@ function printHelpList(list, indent, {
   keyPrefix = '',
   padName = 18
 } = {}) {
-  const names = Object.keys(list).sort();
   let result = '';
+  const names = Object.keys(list).sort();
   for (const name of names) {
     const rawDescription = list[name];
     const description = (typeof rawDescription === 'object' ? rawDescription.description : rawDescription) || '';
@@ -433,7 +437,7 @@ info$1.info = void 0;
 var _chalk$h = _interopRequireDefault$q(vendor.source);
 var _meow$p = _interopRequireDefault$q(vendor.build);
 var _ora$l = _interopRequireDefault$q(vendor.ora);
-var _flags$i = flags$1;
+var _flags$k = flags$1;
 var _apiHelpers$i = apiHelpers;
 var _chalkMarkdown$3 = sdk.chalkMarkdown;
 var _errors$k = sdk.errors;
@@ -467,8 +471,9 @@ const info = info$1.info = {
 function setupCommand$m(name, description, argv, importMeta) {
   const flags = {
     __proto__: null,
-    ..._flags$i.outputFlags,
-    ..._flags$i.validationFlags
+    ..._flags$k.commonFlags,
+    ..._flags$k.outputFlags,
+    ..._flags$k.validationFlags
   };
   const cli = (0, _meow$p.default)(`
     Usage
@@ -486,19 +491,17 @@ function setupCommand$m(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-  const {
-    all: includeAllIssues,
-    json: outputJson,
-    markdown: outputMarkdown,
-    strict
-  } = cli.flags;
   if (cli.input.length > 1) {
     throw new _errors$k.InputError('Only one package lookup supported at once');
   }
   const {
     0: rawPkgName = ''
   } = cli.input;
+  let showHelp = cli.flags['help'];
   if (!rawPkgName) {
+    showHelp = true;
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -506,12 +509,12 @@ function setupCommand$m(name, description, argv, importMeta) {
   const pkgName = versionSeparator < 1 ? rawPkgName : rawPkgName.slice(0, versionSeparator);
   const pkgVersion = versionSeparator < 1 ? 'latest' : rawPkgName.slice(versionSeparator + 1);
   return {
-    includeAllIssues,
-    outputJson,
-    outputMarkdown,
+    includeAllIssues: cli.flags['all'],
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     pkgName,
     pkgVersion,
-    strict
+    strict: cli.flags['strict']
   };
 }
 async function fetchPackageData(pkgName, pkgVersion, {
@@ -654,6 +657,9 @@ const flags = {
     description: 'Proxy to use when making connection to API server'
   }
 };
+function nonNullish(value) {
+  return value !== null && value !== undefined;
+}
 login.login = {
   description: description$7,
   async run(argv, importMeta, {
@@ -680,8 +686,13 @@ login.login = {
       importMeta,
       flags
     });
+    let showHelp = cli.flags['help'];
     if (cli.input.length) {
+      showHelp = true;
+    }
+    if (showHelp) {
       cli.showHelp();
+      return;
     }
     if (!(0, _isInteractive.default)()) {
       throw new _errors$j.InputError('Cannot prompt for credentials in a non-interactive shell');
@@ -707,7 +718,6 @@ login.login = {
       spinner.fail('Invalid API key');
       return;
     }
-    const nonNullish = value => value != null;
     const enforcedChoices = Object.values(orgs.organizations).filter(nonNullish).filter(org => org.plan === 'enterprise').map(org => ({
       name: org.name,
       value: org.id
@@ -776,8 +786,13 @@ logout.logout = {
       description: description$6,
       importMeta
     });
+    let showHelp = cli.flags['help'];
     if (cli.input.length) {
+      showHelp = true;
+    }
+    if (showHelp) {
       cli.showHelp();
+      return;
     }
     (0, _settings.updateSetting)('apiKey', null);
     (0, _settings.updateSetting)('apiBaseUrl', null);
@@ -858,11 +873,11 @@ fs.existsSync = existsSync;
 fs.findUp = findUp;
 fs.readFileBinary = readFileBinary;
 fs.readFileUtf8 = readFileUtf8;
-var _nodeFs$4 = require$$0;
+var _nodeFs$3 = require$$0;
 var _nodePath$4 = require$$1;
 function existsSync(filepath) {
   try {
-    return filepath ? (0, _nodeFs$4.existsSync)(filepath) : false;
+    return filepath ? (0, _nodeFs$3.existsSync)(filepath) : false;
   } catch {}
   return false;
 }
@@ -879,7 +894,7 @@ async function findUp(name, {
       const filePath = _nodePath$4.join(dir, name);
       try {
         // eslint-disable-next-line no-await-in-loop
-        const stats = await _nodeFs$4.promises.stat(filePath);
+        const stats = await _nodeFs$3.promises.stat(filePath);
         if (stats.isFile()) {
           return filePath;
         }
@@ -890,13 +905,13 @@ async function findUp(name, {
   return undefined;
 }
 async function readFileBinary(filepath, options) {
-  return await _nodeFs$4.promises.readFile(filepath, {
+  return await _nodeFs$3.promises.readFile(filepath, {
     ...options,
     encoding: 'binary'
   });
 }
 async function readFileUtf8(filepath, options) {
-  return await _nodeFs$4.promises.readFile(filepath, {
+  return await _nodeFs$3.promises.readFile(filepath, {
     ...options,
     encoding: 'utf8'
   });
@@ -932,7 +947,7 @@ function isNonEmptyString(value) {
 Object.defineProperty(packageManagerDetector, "__esModule", {
   value: true
 });
-packageManagerDetector.LOCKS = packageManagerDetector.AGENTS = void 0;
+packageManagerDetector.AGENTS = void 0;
 packageManagerDetector.detect = detect;
 var _nodePath$3 = require$$1;
 var _hyrious__bun = require$$1$3;
@@ -943,10 +958,41 @@ var _which = require$$5$1;
 var _fs = fs;
 var _json = json;
 var _objects$1 = objects;
-var _strings = strings;
-const PNPM_WORKSPACE = 'pnpm-workspace';
+var _strings$1 = strings;
 const AGENTS = packageManagerDetector.AGENTS = ['bun', 'npm', 'pnpm', 'yarn'];
-const LOCKS = packageManagerDetector.LOCKS = {
+const numericCollator = new Intl.Collator(undefined, {
+  numeric: true,
+  sensitivity: 'base'
+});
+const {
+  compare: alphaNumericComparator
+} = numericCollator;
+const maintainedNodeVersions = (() => {
+  // Under the hood browserlist uses the node-releases package which is out of date:
+  // https://github.com/chicoxyzzy/node-releases/issues/37
+  // So we maintain a manual version list for now.
+  // https://nodejs.org/en/about/previous-releases#looking-for-latest-release-of-a-version-branch
+  const manualPrev = '18.20.4';
+  const manualCurr = '20.18.0';
+  const manualNext = '22.10.0';
+  const query = _browserslist('maintained node versions')
+  // Trim value, e.g. 'node 22.5.0' to '22.5.0'.
+  .map(s => s.slice(5 /*'node '.length*/))
+  // Sort ascending.
+  .toSorted(alphaNumericComparator);
+  const queryPrev = query.at(0) ?? manualPrev;
+  const queryCurr = query.at(1) ?? manualCurr;
+  const queryNext = query.at(2) ?? manualNext;
+  const previous = _semver$1.maxSatisfying([queryPrev, manualPrev], `^${_semver$1.major(queryPrev)}`);
+  const current = _semver$1.maxSatisfying([queryCurr, manualCurr], `^${_semver$1.major(queryCurr)}`);
+  const next = _semver$1.maxSatisfying([queryNext, manualNext], `^${_semver$1.major(queryNext)}`);
+  return Object.freeze(Object.assign([previous, current, next], {
+    previous,
+    current,
+    next
+  }));
+})();
+const LOCKS = {
   'bun.lockb': 'bun',
   'pnpm-lock.yaml': 'pnpm',
   'pnpm-lock.yml': 'pnpm',
@@ -964,16 +1010,16 @@ const LOCKS = packageManagerDetector.LOCKS = {
   // it has to be handled differently.
   'node_modules/.package-lock.json': 'npm'
 };
-const MAINTAINED_NODE_VERSIONS = _browserslist('maintained node versions')
-// Trim value, e.g. 'node 22.5.0' to '22.5.0'
-.map(v => v.slice(5));
+const PNPM_WORKSPACE = 'pnpm-workspace';
 const readLockFileByAgent = (() => {
-  const wrapReader = reader => async (lockPath, agentExecPath) => {
-    try {
-      return await reader(lockPath, agentExecPath);
-    } catch {}
-    return undefined;
-  };
+  function wrapReader(reader) {
+    return async (lockPath, agentExecPath) => {
+      try {
+        return await reader(lockPath, agentExecPath);
+      } catch {}
+      return undefined;
+    };
+  }
   return {
     bun: wrapReader(async (lockPath, agentExecPath) => {
       let lockBuffer;
@@ -987,7 +1033,7 @@ const readLockFileByAgent = (() => {
       } catch {}
       // To print a Yarn lockfile to your console without writing it to disk use `bun bun.lockb`.
       // https://bun.sh/guides/install/yarnlock
-      return (await _promiseSpawn$3(agentExecPath ?? 'bun', [lockPath])).stdout;
+      return (await _promiseSpawn$3(agentExecPath, [lockPath])).stdout;
     }),
     npm: wrapReader(async lockPath => await (0, _fs.readFileUtf8)(lockPath)),
     pnpm: wrapReader(async lockPath => await (0, _fs.readFileUtf8)(lockPath)),
@@ -1009,7 +1055,7 @@ async function detect({
   // https://nodejs.org/api/packages.html#packagemanager
   const pkgJsonStr = (0, _fs.existsSync)(pkgJsonPath) ? await (0, _fs.readFileUtf8)(pkgJsonPath) : undefined;
   const pkgJson = typeof pkgJsonStr === 'string' ? (0, _json.parseJSONObject)(pkgJsonStr) ?? undefined : undefined;
-  const pkgManager = (0, _strings.isNonEmptyString)((0, _objects$1.getOwn)(pkgJson, 'packageManager')) ? pkgJson?.['packageManager'] : undefined;
+  const pkgManager = (0, _strings$1.isNonEmptyString)(pkgJson?.['packageManager']) ? pkgJson['packageManager'] : undefined;
   let agent;
   let agentVersion;
   if (pkgManager) {
@@ -1033,50 +1079,44 @@ async function detect({
   const agentExecPath = (await _which(agent, {
     nothrow: true
   })) ?? agent;
-  let lockSrc;
   const targets = {
     browser: false,
     node: true
   };
+  let lockSrc;
   let isPrivate = false;
   let isWorkspace = false;
+  let minimumNodeVersion = maintainedNodeVersions.previous;
   if (pkgJson) {
     const pkgPath = _nodePath$3.dirname(pkgJsonPath);
     isPrivate = !!pkgJson['private'];
     isWorkspace = !!pkgJson['workspaces'] || (0, _fs.existsSync)(_nodePath$3.join(pkgPath, `${PNPM_WORKSPACE}.yaml`)) || (0, _fs.existsSync)(_nodePath$3.join(pkgPath, `${PNPM_WORKSPACE}.yml`));
-    let browser;
-    let node;
-    const browserField = (0, _objects$1.getOwn)(pkgJson, 'browser');
-    if ((0, _strings.isNonEmptyString)(browserField) || (0, _objects$1.isObjectObject)(browserField)) {
-      browser = true;
+    const browserField = pkgJson['browser'];
+    if ((0, _strings$1.isNonEmptyString)(browserField) || (0, _objects$1.isObjectObject)(browserField)) {
+      targets.browser = true;
     }
-    const nodeRange = (0, _objects$1.getOwn)(pkgJson['engines'], 'node');
-    if ((0, _strings.isNonEmptyString)(nodeRange)) {
-      node = MAINTAINED_NODE_VERSIONS.some(v => {
-        const coerced = _semver$1.coerce(nodeRange);
-        return coerced && _semver$1.satisfies(coerced, `^${_semver$1.major(v)}`);
-      });
+    const nodeRange = pkgJson['engines']?.['node'];
+    if ((0, _strings$1.isNonEmptyString)(nodeRange)) {
+      const coerced = _semver$1.coerce(nodeRange);
+      if (coerced && _semver$1.lt(coerced, minimumNodeVersion)) {
+        minimumNodeVersion = coerced.version;
+      }
     }
-    const browserslistQuery = (0, _objects$1.getOwn)(pkgJson, 'browserslist');
+    const browserslistQuery = pkgJson['browserslist'];
     if (Array.isArray(browserslistQuery)) {
-      const browserslistTargets = _browserslist(browserslistQuery);
-      const browserslistNodeTargets = browserslistTargets.filter(v => v.startsWith('node ')).map(v => v.slice(5));
-      if (browser === undefined && browserslistTargets.length) {
-        browser = browserslistTargets.length !== browserslistNodeTargets.length;
+      const browserslistTargets = _browserslist(browserslistQuery).map(s => s.toLowerCase()).toSorted(alphaNumericComparator);
+      const browserslistNodeTargets = browserslistTargets.filter(v => v.startsWith('node ')).map(v => v.slice(5 /*'node '.length*/));
+      if (!targets.browser && browserslistTargets.length) {
+        targets.browser = browserslistTargets.length !== browserslistNodeTargets.length;
       }
-      if (node === undefined && browserslistNodeTargets.length) {
-        node = MAINTAINED_NODE_VERSIONS.some(v => browserslistNodeTargets.some(t => {
-          const coerced = _semver$1.coerce(t);
-          return coerced && _semver$1.satisfies(coerced, `^${_semver$1.major(v)}`);
-        }));
+      if (browserslistNodeTargets.length) {
+        const coerced = _semver$1.coerce(browserslistNodeTargets[0]);
+        if (coerced && _semver$1.lt(coerced, minimumNodeVersion)) {
+          minimumNodeVersion = coerced.version;
+        }
       }
     }
-    if (browser !== undefined) {
-      targets.browser = browser;
-    }
-    if (node !== undefined) {
-      targets.node = node;
-    }
+    targets.node = maintainedNodeVersions.some(v => _semver$1.satisfies(v, `>=${minimumNodeVersion}`));
     lockSrc = typeof lockPath === 'string' ? await readLockFileByAgent[agent](lockPath, agentExecPath) : undefined;
   } else {
     lockPath = undefined;
@@ -1089,6 +1129,7 @@ async function detect({
     isWorkspace,
     lockPath,
     lockSrc,
+    minimumNodeVersion,
     pkgJson,
     pkgJsonPath,
     pkgJsonStr,
@@ -1097,6 +1138,57 @@ async function detect({
   };
 }
 
+var promises = {};
+
+var arrays = {};
+
+Object.defineProperty(arrays, "__esModule", {
+  value: true
+});
+arrays.arrayChunk = arrayChunk;
+arrays.arrayUnique = arrayUnique;
+function arrayChunk(arr, size = 2) {
+  const {
+    length
+  } = arr;
+  const chunkSize = Math.min(length, size);
+  const chunks = [];
+  for (let i = 0; i < length; i += chunkSize) {
+    chunks.push(arr.slice(i, i + chunkSize));
+  }
+  return chunks;
+}
+function arrayUnique(arr) {
+  return [...new Set(arr)];
+}
+
+Object.defineProperty(promises, "__esModule", {
+  value: true
+});
+promises.pEach = pEach;
+promises.pEachChunk = pEachChunk;
+var _arrays = arrays;
+async function pEach(array, concurrency, callbackFn, options) {
+  await pEachChunk((0, _arrays.arrayChunk)(array, concurrency), callbackFn, options);
+}
+async function pEachChunk(chunks, callbackFn, options) {
+  const {
+    signal
+  } = {
+    __proto__: null,
+    ...options
+  };
+  for (const chunk of chunks) {
+    if (signal?.aborted) {
+      return;
+    }
+    // eslint-disable-next-line no-await-in-loop
+    await Promise.all(chunk.map(value => signal?.aborted ? undefined : callbackFn(value, {
+      signal
+    })));
+  }
+}
+
 var regexps = {};
 
 Object.defineProperty(regexps, "__esModule", {
@@ -1138,20 +1230,24 @@ var _promiseSpawn$2 = require$$1$1;
 var _packageJson = require$$3$2;
 var _registry = require$$4;
 var _meow$m = _interopRequireDefault$n(vendor.build);
+var _npmPackageArg = require$$6$1;
 var _ora$i = _interopRequireDefault$n(vendor.ora);
+var _pacote = require$$8;
 var _semver = require$$3$1;
+var _flags$j = flags$1;
 var _formatting$k = formatting;
 var _objects = objects;
 var _packageManagerDetector = packageManagerDetector;
+var _promises$2 = promises;
 var _regexps = regexps;
 var _sorts$1 = sorts;
+var _strings = strings;
 const distPath$1 = __dirname;
 const COMMAND_TITLE = 'Socket Optimize';
 const OVERRIDES_FIELD_NAME = 'overrides';
 const RESOLUTIONS_FIELD_NAME = 'resolutions';
-const availableOverrides = (0, _registry.getManifestData)('npm').filter(({
-  1: d
-}) => d.engines?.node?.startsWith('>=18'));
+const manifestNpmOverrides = (0, _registry.getManifestData)('npm');
+const packumentCache = new Map();
 const getOverridesDataByAgent = {
   // npm overrides documentation:
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-json#overrides
@@ -1238,11 +1334,10 @@ async function addOverrides({
   isWorkspace,
   lockSrc,
   lockIncludes,
-  pkgJsonPath
-}, aoState) {
-  const {
-    packageNames
-  } = aoState;
+  manifestEntries,
+  pkgJsonPath,
+  pin
+}, state) {
   const editablePkgJson = await _packageJson.load(_nodePath$2.dirname(pkgJsonPath));
   const {
     dependencies,
@@ -1271,10 +1366,12 @@ async function addOverrides({
   } else {
     overridesDataObjects.push(getOverridesDataByAgent['npm'](editablePkgJson.content), getOverridesDataByAgent['yarn'](editablePkgJson.content));
   }
-  const aliasMap = new Map();
-  for (const {
+  const depAliasMap = new Map();
+  const spinner = (0, _ora$i.default)(`Fetching override manifests...`).start();
+  // Chunk package names to process them in parallel 3 at a time.
+  await (0, _promises$2.pEach)(manifestEntries, 3, async ({
     1: data
-  } of availableOverrides) {
+  }) => {
     const {
       name: regPkgName,
       package: origPkgName,
@@ -1285,145 +1382,194 @@ async function addOverrides({
     } of depEntries) {
       let pkgSpec = depObj[origPkgName];
       if (pkgSpec) {
+        let thisVersion = version;
         // Add package aliases for direct dependencies to avoid npm EOVERRIDE errors.
         // https://docs.npmjs.com/cli/v8/using-npm/package-spec#aliases
-        const overrideSpecPrefix = `npm:${regPkgName}@`;
-        if (!pkgSpec.startsWith(overrideSpecPrefix)) {
-          aliasMap.set(regPkgName, pkgSpec);
+        const specStartsWith = `npm:${regPkgName}@`;
+        const existingVersion = pkgSpec.startsWith(specStartsWith) ? _semver.coerce(_npmPackageArg(pkgSpec).rawSpec)?.version ?? '' : '';
+        if (existingVersion) {
+          thisVersion = existingVersion;
         } else {
-          packageNames.add(regPkgName);
-          pkgSpec = `${overrideSpecPrefix}^${version}`;
+          pkgSpec = `${specStartsWith}^${version}`;
           depObj[origPkgName] = pkgSpec;
+          state.added.add(regPkgName);
         }
-        aliasMap.set(origPkgName, pkgSpec);
+        depAliasMap.set(origPkgName, {
+          id: pkgSpec,
+          version: thisVersion
+        });
       }
     }
-    for (const {
-      type,
-      overrides
-    } of overridesDataObjects) {
-      if (!(0, _objects.hasOwn)(overrides, origPkgName) && lockIncludes(lockSrc, origPkgName)) {
-        packageNames.add(regPkgName);
-        overrides[origPkgName] =
-        // With npm you may not set an override for a package that you directly
-        // depend on unless both the dependency and the override itself share
+    // Chunk package names to process them in parallel 3 at a time.
+    await (0, _promises$2.pEach)(overridesDataObjects, 3, async ({
+      overrides,
+      type
+    }) => {
+      const overrideExists = (0, _objects.hasOwn)(overrides, origPkgName);
+      if (overrideExists || lockIncludes(lockSrc, origPkgName)) {
+        // With npm one may not set an override for a package that one directly
+        // depends on unless both the dependency and the override itself share
         // the exact same spec. To make this limitation easier to deal with,
         // overrides may also be defined as a reference to a spec for a direct
-        // dependency by prefixing the name of the package you wish the version
-        // to match with a $.
+        // dependency by prefixing the name of the package to match the version
+        // of with a $.
         // https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides
-        type === 'npm' && aliasMap.has(origPkgName) && `$${origPkgName}` || `npm:${regPkgName}@^${_semver.major(version)}`;
+        const oldSpec = overrides[origPkgName];
+        const depAlias = depAliasMap.get(origPkgName);
+        const thisVersion = overrideExists && (0, _strings.isNonEmptyString)(oldSpec) ? (await fetchPackageManifest(oldSpec.startsWith('$') ? depAlias?.id ?? oldSpec : oldSpec))?.version ?? version : version;
+        const newSpec = depAlias && type === 'npm' ? `$${origPkgName}` : `npm:${regPkgName}@^${pin ? thisVersion : _semver.major(thisVersion)}`;
+        if (newSpec !== oldSpec) {
+          if (overrideExists) {
+            state.updated.add(regPkgName);
+          } else {
+            state.added.add(regPkgName);
+          }
+          overrides[origPkgName] = newSpec;
+        }
       }
-    }
-  }
-  if (packageNames.size) {
+    });
+  });
+  spinner.stop();
+  if (state.added.size || state.updated.size) {
     editablePkgJson.update(Object.fromEntries(depEntries));
     for (const {
-      type,
-      overrides
+      overrides,
+      type
     } of overridesDataObjects) {
       updateManifestByAgent[type](editablePkgJson, (0, _sorts$1.toSortedObject)(overrides));
     }
     await editablePkgJson.save();
   }
-  return aoState;
+  return state;
+}
+async function fetchPackageManifest(pkgNameOrId, options) {
+  const pacoteOptions = {
+    __proto__: null,
+    ...options,
+    packumentCache,
+    preferOffline: true
+  };
+  const {
+    signal
+  } = pacoteOptions;
+  if (signal?.aborted) {
+    return null;
+  }
+  let result;
+  try {
+    result = await _pacote.manifest(pkgNameOrId, pacoteOptions);
+  } catch {}
+  if (signal?.aborted) {
+    return null;
+  }
+  return result;
 }
 const optimize = optimize$1.optimize = {
   description: 'Optimize dependencies with @socketregistry overrides',
   async run(argv, importMeta, {
     parentName
   }) {
-    const commandContext = setupCommand$l(`${parentName} dependency optimize`, optimize.description, argv, importMeta);
-    if (commandContext) {
-      const cwd = process.cwd();
-      const {
-        agent,
-        agentExecPath,
+    const commandContext = setupCommand$l(`${parentName} optimize`, optimize.description, argv, importMeta);
+    if (!commandContext) {
+      return;
+    }
+    const {
+      pin
+    } = commandContext;
+    const cwd = process.cwd();
+    const {
+      agent,
+      agentExecPath,
+      isPrivate,
+      isWorkspace,
+      lockSrc,
+      lockPath,
+      minimumNodeVersion,
+      pkgJsonPath,
+      pkgJson,
+      supported
+    } = await (0, _packageManagerDetector.detect)({
+      cwd,
+      onUnknown(pkgManager) {
+        console.log(`⚠️ ${COMMAND_TITLE}: Unknown package manager${pkgManager ? ` ${pkgManager}` : ''}, defaulting to npm`);
+      }
+    });
+    if (!supported) {
+      console.log(`✘ ${COMMAND_TITLE}: No supported Node or browser range detected`);
+      return;
+    }
+    const lockName = lockPath ? _nodePath$2.basename(lockPath) : 'lock file';
+    if (lockSrc === undefined) {
+      console.log(`✘ ${COMMAND_TITLE}: No ${lockName} found`);
+      return;
+    }
+    if (pkgJson === undefined) {
+      console.log(`✘ ${COMMAND_TITLE}: No package.json found`);
+      return;
+    }
+    if (lockPath && _nodePath$2.relative(cwd, lockPath).startsWith('.')) {
+      console.log(`⚠️ ${COMMAND_TITLE}: Package ${lockName} found at ${lockPath}`);
+    }
+    const state = {
+      added: new Set(),
+      updated: new Set()
+    };
+    if (lockSrc) {
+      const lockIncludes = agent === 'bun' ? lockIncludesByAgent.yarn : lockIncludesByAgent[agent];
+      const nodeRange = `>=${minimumNodeVersion}`;
+      const manifestEntries = manifestNpmOverrides.filter(({
+        1: data
+      }) => _semver.satisfies(_semver.coerce(data.engines.node), nodeRange));
+      await addOverrides({
+        __proto__: null,
+        agent: agent === 'bun' ? 'yarn' : agent,
         isPrivate,
         isWorkspace,
+        lockIncludes,
         lockSrc,
-        lockPath,
-        pkgJsonPath,
-        pkgJsonStr,
-        pkgJson,
-        supported
-      } = await (0, _packageManagerDetector.detect)({
-        cwd,
-        onUnknown(pkgManager) {
-          console.log(`⚠️ ${COMMAND_TITLE}: Unknown package manager${pkgManager ? ` ${pkgManager}` : ''}, defaulting to npm`);
+        manifestEntries,
+        pin,
+        pkgJsonPath
+      }, state);
+    }
+    const pkgJsonChanged = state.updated.size > 0 || state.updated.size > 0;
+    if (state.updated.size > 0) {
+      console.log(`Updated ${state.updated.size} Socket.dev optimized overrides ${state.added.size ? '.' : '🚀'}`);
+    }
+    if (state.added.size > 0) {
+      console.log(`Added ${state.added.size} Socket.dev optimized overrides 🚀`);
+    }
+    if (!pkgJsonChanged) {
+      console.log('Congratulations! Already Socket.dev optimized 🎉');
+    }
+    const isNpm = agent === 'npm';
+    if (isNpm || pkgJsonChanged) {
+      // Always update package-lock.json until the npm overrides PR lands:
+      // https://github.com/npm/cli/pull/7025
+      const spinner = (0, _ora$i.default)(`Updating ${lockName}...`).start();
+      try {
+        if (isNpm) {
+          const wrapperPath = _nodePath$2.join(distPath$1, 'npm-cli.js');
+          await _promiseSpawn$2(process.execPath, [wrapperPath, 'install'], {
+            stdio: 'pipe',
+            env: {
+              __proto__: null,
+              ...process.env,
+              UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: '1'
+            }
+          });
+        } else {
+          await _promiseSpawn$2(agentExecPath, ['install'], {
+            stdio: 'pipe'
+          });
         }
-      });
-      if (!supported) {
-        console.log(`✘ ${COMMAND_TITLE}: Package engines.node range is not supported`);
-        return;
-      }
-      const lockName = lockPath ? _nodePath$2.basename(lockPath) : 'lock file';
-      if (lockSrc === undefined) {
-        console.log(`✘ ${COMMAND_TITLE}: No ${lockName} found`);
-        return;
-      }
-      if (pkgJson === undefined) {
-        console.log(`✘ ${COMMAND_TITLE}: No package.json found`);
-        return;
-      }
-      if (lockPath && _nodePath$2.relative(cwd, lockPath).startsWith('.')) {
-        console.log(`⚠️ ${COMMAND_TITLE}: Package ${lockName} found at ${lockPath}`);
-      }
-      const aoState = {
-        output: pkgJsonStr,
-        packageNames: new Set()
-      };
-      if (lockSrc) {
-        const lockIncludes = agent === 'bun' ? lockIncludesByAgent.yarn : lockIncludesByAgent[agent];
-        await addOverrides({
-          __proto__: null,
-          agent: agent === 'bun' ? 'yarn' : agent,
-          isPrivate,
-          isWorkspace,
-          lockIncludes,
-          lockSrc,
-          pkgJsonPath,
-          pkgJsonStr,
-          pkgJson
-        }, aoState);
-      }
-      const {
-        size: count
-      } = aoState.packageNames;
-      if (count) {
-        console.log(`Added ${count} Socket.dev optimized overrides 🚀`);
-      } else {
-        console.log('Congratulations! Already Socket.dev optimized 🎉');
-      }
-      const isNpm = agent === 'npm';
-      if (isNpm || count) {
-        // Always update package-lock.json until the npm overrides PR lands:
-        // https://github.com/npm/cli/pull/7025
-        const spinner = (0, _ora$i.default)(`Updating ${lockName}...`).start();
-        try {
-          if (isNpm) {
-            const wrapperPath = _nodePath$2.join(distPath$1, 'npm-cli.js');
-            await _promiseSpawn$2(process.execPath, [wrapperPath, 'install'], {
-              stdio: 'pipe',
-              env: {
-                __proto__: null,
-                ...process.env,
-                UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: '1'
-              }
-            });
-          } else {
-            await _promiseSpawn$2(agentExecPath, ['install'], {
-              stdio: 'pipe'
-            });
-          }
-          spinner.stop();
-          if (isNpm) {
-            console.log(`💡 Re-run ${COMMAND_TITLE} whenever ${lockName} changes.\n   This can be skipped once npm ships https://github.com/npm/cli/pull/7025.`);
-          }
-        } catch {
-          spinner.stop();
-          console.log(`✘ ${COMMAND_TITLE}: ${agent} install failed to update ${lockName}`);
+        spinner.stop();
+        if (isNpm) {
+          console.log(`💡 Re-run ${COMMAND_TITLE} whenever ${lockName} changes.\n   This can be skipped once npm ships https://github.com/npm/cli/pull/7025.`);
         }
+      } catch {
+        spinner.stop();
+        console.log(`✘ ${COMMAND_TITLE}: ${agent} install failed to update ${lockName}`);
       }
     }
   }
@@ -1432,7 +1578,15 @@ const optimize = optimize$1.optimize = {
 // Internal functions
 
 function setupCommand$l(name, description, argv, importMeta) {
-  const flags = {};
+  const flags = {
+    __proto__: null,
+    ..._flags$j.commonFlags,
+    pin: {
+      type: 'boolean',
+      default: false,
+      description: 'Pin overrides to their latest version'
+    }
+  };
   const cli = (0, _meow$m.default)(`
     Usage
       $ ${name}
@@ -1449,16 +1603,15 @@ function setupCommand$l(name, description, argv, importMeta) {
     flags
   });
   const {
-    json: outputJson,
-    markdown: outputMarkdown,
-    limit,
-    offset
+    help,
+    pin
   } = cli.flags;
+  if (help) {
+    cli.showHelp();
+    return;
+  }
   return {
-    outputJson,
-    outputMarkdown,
-    limit,
-    offset
+    pin
   };
 }
 
@@ -1530,7 +1683,7 @@ Object.defineProperty(rawNpm$1, "__esModule", {
 rawNpm$1.rawNpm = void 0;
 var _promiseSpawn$1 = require$$1$1;
 var _meow$k = _interopRequireDefault$l(vendor.build);
-var _flags$h = flags$1;
+var _flags$i = flags$1;
 var _formatting$j = formatting;
 const rawNpm = rawNpm$1.rawNpm = {
   description: 'Temporarily disable the Socket npm wrapper',
@@ -1541,7 +1694,11 @@ const rawNpm = rawNpm$1.rawNpm = {
   }
 };
 async function setupCommand$j(name, description, argv, importMeta) {
-  const flags = _flags$h.validationFlags;
+  const flags = {
+    __proto__: null,
+    ..._flags$i.commonFlags,
+    ..._flags$i.validationFlags
+  };
   const cli = (0, _meow$k.default)(`
     Usage
       $ ${name} <npm command>
@@ -1557,7 +1714,11 @@ async function setupCommand$j(name, description, argv, importMeta) {
     importMeta,
     flags
   });
+  let showHelp = cli.flags['help'];
   if (!argv[0]) {
+    showHelp = true;
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -1583,7 +1744,7 @@ Object.defineProperty(rawNpx$1, "__esModule", {
 rawNpx$1.rawNpx = void 0;
 var _promiseSpawn = require$$1$1;
 var _meow$j = _interopRequireDefault$k(vendor.build);
-var _flags$g = flags$1;
+var _flags$h = flags$1;
 var _formatting$i = formatting;
 const rawNpx = rawNpx$1.rawNpx = {
   description: 'Temporarily disable the Socket npm/npx wrapper',
@@ -1594,7 +1755,11 @@ const rawNpx = rawNpx$1.rawNpx = {
   }
 };
 async function setupCommand$i(name, description, argv, importMeta) {
-  const flags = _flags$g.validationFlags;
+  const flags = {
+    __proto__: null,
+    ..._flags$h.commonFlags,
+    ..._flags$h.validationFlags
+  };
   const cli = (0, _meow$j.default)(`
     Usage
       $ ${name} <npx command>
@@ -1610,7 +1775,11 @@ async function setupCommand$i(name, description, argv, importMeta) {
     importMeta,
     flags
   });
+  let showHelp = cli.flags['help'];
   if (!argv[0]) {
+    showHelp = true;
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -1644,7 +1813,7 @@ var _chalk$f = _interopRequireDefault$j(vendor.source);
 var _meow$i = _interopRequireDefault$j(vendor.build);
 var _ora$g = _interopRequireDefault$j(vendor.ora);
 var _ponyCause$3 = require$$6;
-var _flags$f = flags$1;
+var _flags$g = flags$1;
 var _apiHelpers$g = apiHelpers;
 var _chalkMarkdown$2 = sdk.chalkMarkdown;
 var _errors$h = sdk.errors;
@@ -1673,8 +1842,9 @@ const view$2 = view$3.view = {
 function setupCommand$h(name, description, argv, importMeta) {
   const flags = {
     __proto__: null,
-    ..._flags$f.outputFlags,
-    ..._flags$f.validationFlags
+    ..._flags$g.commonFlags,
+    ..._flags$g.outputFlags,
+    ..._flags$g.validationFlags
   };
   const cli = (0, _meow$i.default)(`
     Usage
@@ -1691,32 +1861,26 @@ function setupCommand$h(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-
-  // Extract the input
-
-  const {
-    all: includeAllIssues,
-    json: outputJson,
-    markdown: outputMarkdown,
-    strict
-  } = cli.flags;
+  // Extract the input.
   const [reportId, ...extraInput] = cli.input;
-  if (!reportId) {
+  let showHelp = cli.flags['help'];
+  if (reportId) {
+    showHelp = true;
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
-
-  // Validate the input
-
+  // Validate the input.
   if (extraInput.length) {
     throw new _errors$h.InputError(`Can only handle a single report ID at a time, but got ${cli.input.length} report ID:s: ${cli.input.join(', ')}`);
   }
   return {
-    includeAllIssues,
-    outputJson,
-    outputMarkdown,
+    includeAllIssues: cli.flags['all'],
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     reportId,
-    strict
+    strict: cli.flags['strict']
   };
 }
 const MAX_TIMEOUT_RETRY = 5;
@@ -1725,7 +1889,6 @@ async function fetchReportData(reportId, {
   strict
 }) {
   // Do the API call
-
   const socketSdk = await (0, _sdk$g.setupSdk)();
   const spinner = (0, _ora$g.default)(`Fetching report with ID ${reportId} (this could take a while)`).start();
   let result;
@@ -1795,7 +1958,7 @@ var _meow$h = _interopRequireDefault$i(vendor.build);
 var _ora$f = _interopRequireDefault$i(vendor.ora);
 var _ponyCause$2 = require$$6;
 var _view$2 = view$3;
-var _flags$e = flags$1;
+var _flags$f = flags$1;
 var _apiHelpers$f = apiHelpers;
 var _chalkMarkdown$1 = sdk.chalkMarkdown;
 var _errors$g = sdk.errors;
@@ -1860,8 +2023,9 @@ const create$4 = create$5.create = {
 async function setupCommand$g(name, description, argv, importMeta) {
   const flags = {
     __proto__: null,
-    ..._flags$e.outputFlags,
-    ..._flags$e.validationFlags,
+    ..._flags$f.commonFlags,
+    ..._flags$f.outputFlags,
+    ..._flags$f.validationFlags,
     debug: {
       type: 'boolean',
       shortFlag: 'd',
@@ -1915,18 +2079,17 @@ async function setupCommand$g(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-  const {
-    all: includeAllIssues,
-    dryRun,
-    json: outputJson,
-    markdown: outputMarkdown,
-    strict,
-    view
-  } = cli.flags;
+  let showHelp = cli.flags['help'];
   if (!cli.input[0]) {
+    showHelp = true;
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
+  const {
+    dryRun
+  } = cli.flags;
   const debugLog = (0, _misc$1.createDebugLogger)(!dryRun || cli.flags['debug']);
 
   // TODO: Allow setting a custom cwd and/or configFile path?
@@ -1964,12 +2127,12 @@ async function setupCommand$g(name, description, argv, importMeta) {
     cwd,
     debugLog,
     dryRun,
-    includeAllIssues,
-    outputJson,
-    outputMarkdown,
+    includeAllIssues: cli.flags['all'],
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     packagePaths,
-    strict,
-    view
+    strict: cli.flags['strict'],
+    view: cli.flags['view']
   };
 }
 async function createReport(packagePaths, {
@@ -2019,6 +2182,7 @@ meowWithSubcommands$1.meowWithSubcommands = meowWithSubcommands;
 var _meow$g = _interopRequireDefault$h(vendor.build);
 var _formatting$f = formatting;
 var _sorts = sorts;
+var _flags$e = flags$1;
 async function meowWithSubcommands(subcommands, options) {
   const {
     aliases = {},
@@ -2026,19 +2190,18 @@ async function meowWithSubcommands(subcommands, options) {
     name,
     importMeta,
     ...additionalOptions
-  } = options;
+  } = {
+    __proto__: null,
+    ...options
+  };
   const [commandOrAliasName, ...rawCommandArgv] = argv;
-
   // If we got at least some args, then lets find out if we can find a command
   if (commandOrAliasName) {
     const alias = aliases[commandOrAliasName];
-
     // First: Resolve argv data from alias if its an alias that's been given
     const [commandName, ...commandArgv] = alias ? [...alias.argv, ...rawCommandArgv] : [commandOrAliasName, ...rawCommandArgv];
-
     // Second: Find a command definition using that data
     const commandDefinition = commandName ? subcommands[commandName] : undefined;
-
     // Third: If a valid command has been found, then we run it...
     if (commandDefinition) {
       return await commandDefinition.run(commandArgv, importMeta, {
@@ -2046,7 +2209,11 @@ async function meowWithSubcommands(subcommands, options) {
       });
     }
   }
-
+  const flags = {
+    __proto__: null,
+    ..._flags$e.commonFlags,
+    ...additionalOptions.flags
+  };
   // ...else we provide basic instructions and help
   const cli = (0, _meow$g.default)(`
     Usage
@@ -2059,14 +2226,15 @@ async function meowWithSubcommands(subcommands, options) {
   }, 6)}
 
     Options
-      ${(0, _formatting$f.printFlagList)({}, 6)}
+      ${(0, _formatting$f.printFlagList)(flags, 6)}
 
     Examples
       $ ${name} --help
   `, {
     argv,
     importMeta,
-    ...additionalOptions
+    ...additionalOptions,
+    flags
   });
   cli.showHelp();
 }
@@ -2103,7 +2271,7 @@ Object.defineProperty(wrapper$1, "__esModule", {
   value: true
 });
 wrapper$1.wrapper = void 0;
-var _nodeFs$3 = require$$0;
+var _nodeFs$2 = require$$0;
 var _nodeOs = require$$2$1;
 var _nodeReadline = require$$3$4;
 var _meow$f = _interopRequireDefault$g(vendor.build);
@@ -2137,12 +2305,8 @@ function setupCommand$f(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-  const {
-    enable,
-    disable
-  } = cli.flags;
   if (argv[0] === '--postinstall') {
-    const socketWrapperEnabled = _nodeFs$3.existsSync(BASH_FILE) && checkSocketWrapperAlreadySetup(BASH_FILE) || _nodeFs$3.existsSync(ZSH_BASH_FILE) && checkSocketWrapperAlreadySetup(ZSH_BASH_FILE);
+    const socketWrapperEnabled = _nodeFs$2.existsSync(BASH_FILE) && checkSocketWrapperAlreadySetup(BASH_FILE) || _nodeFs$2.existsSync(ZSH_BASH_FILE) && checkSocketWrapperAlreadySetup(ZSH_BASH_FILE);
     if (!socketWrapperEnabled) {
       installSafeNpm(`The Socket CLI is now successfully installed! 🎉
 
@@ -2152,31 +2316,38 @@ function setupCommand$f(name, description, argv, importMeta) {
     }
     return;
   }
+  const {
+    enable,
+    disable
+  } = cli.flags;
+  let showHelp = cli.flags['help'];
   if (!enable && !disable) {
+    showHelp = true;
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
   if (enable) {
-    if (_nodeFs$3.existsSync(BASH_FILE)) {
+    if (_nodeFs$2.existsSync(BASH_FILE)) {
       const socketWrapperEnabled = checkSocketWrapperAlreadySetup(BASH_FILE);
       !socketWrapperEnabled && addAlias(BASH_FILE);
     }
-    if (_nodeFs$3.existsSync(ZSH_BASH_FILE)) {
+    if (_nodeFs$2.existsSync(ZSH_BASH_FILE)) {
       const socketWrapperEnabled = checkSocketWrapperAlreadySetup(ZSH_BASH_FILE);
       !socketWrapperEnabled && addAlias(ZSH_BASH_FILE);
     }
   } else if (disable) {
-    if (_nodeFs$3.existsSync(BASH_FILE)) {
+    if (_nodeFs$2.existsSync(BASH_FILE)) {
       removeAlias(BASH_FILE);
     }
-    if (_nodeFs$3.existsSync(ZSH_BASH_FILE)) {
+    if (_nodeFs$2.existsSync(ZSH_BASH_FILE)) {
       removeAlias(ZSH_BASH_FILE);
     }
   }
-  if (!_nodeFs$3.existsSync(BASH_FILE) && !_nodeFs$3.existsSync(ZSH_BASH_FILE)) {
+  if (!_nodeFs$2.existsSync(BASH_FILE) && !_nodeFs$2.existsSync(ZSH_BASH_FILE)) {
     console.error('There was an issue setting up the alias in your bash profile');
   }
-  return;
 }
 const installSafeNpm = query => {
   console.log(`
@@ -2196,10 +2367,10 @@ const askQuestion = (rl, query) => {
   rl.question(query, ans => {
     if (ans.toLowerCase() === 'y') {
       try {
-        if (_nodeFs$3.existsSync(BASH_FILE)) {
+        if (_nodeFs$2.existsSync(BASH_FILE)) {
           addAlias(BASH_FILE);
         }
-        if (_nodeFs$3.existsSync(ZSH_BASH_FILE)) {
+        if (_nodeFs$2.existsSync(ZSH_BASH_FILE)) {
           addAlias(ZSH_BASH_FILE);
         }
       } catch (e) {
@@ -2214,7 +2385,7 @@ const askQuestion = (rl, query) => {
   });
 };
 const addAlias = file => {
-  return _nodeFs$3.appendFile(file, 'alias npm="socket npm"\nalias npx="socket npx"\n', err => {
+  return _nodeFs$2.appendFile(file, 'alias npm="socket npm"\nalias npx="socket npx"\n', err => {
     if (err) {
       return new Error(`There was an error setting up the alias: ${err}`);
     }
@@ -2225,14 +2396,14 @@ If you want to disable it at any time, run \`socket wrapper --disable\`
   });
 };
 const removeAlias = file => {
-  return _nodeFs$3.readFile(file, 'utf8', function (err, data) {
+  return _nodeFs$2.readFile(file, 'utf8', function (err, data) {
     if (err) {
       console.error(`There was an error removing the alias: ${err}`);
       return;
     }
     const linesWithoutSocketAlias = data.split('\n').filter(l => l !== 'alias npm="socket npm"' && l !== 'alias npx="socket npx"');
     const updatedFileContent = linesWithoutSocketAlias.join('\n');
-    _nodeFs$3.writeFile(file, updatedFileContent, function (err) {
+    _nodeFs$2.writeFile(file, updatedFileContent, function (err) {
       if (err) {
         console.log(err);
         return;
@@ -2243,7 +2414,7 @@ const removeAlias = file => {
   });
 };
 const checkSocketWrapperAlreadySetup = file => {
-  const fileContent = _nodeFs$3.readFileSync(file, 'utf-8');
+  const fileContent = _nodeFs$2.readFileSync(file, 'utf-8');
   const linesWithSocketAlias = fileContent.split('\n').filter(l => l === 'alias npm="socket npm"' || l === 'alias npx="socket npx"');
   if (linesWithSocketAlias.length) {
     console.log(`The Socket npm/npx wrapper is set up in your bash profile (${file}).`);
@@ -2262,7 +2433,7 @@ Object.defineProperty(create$3, "__esModule", {
 });
 create$3.create = void 0;
 var _nodeProcess = require$$0$1;
-var _promises = require$$2$2;
+var _promises$1 = require$$2$2;
 var _chalk$e = _interopRequireDefault$f(vendor.source);
 var _meow$e = _interopRequireDefault$f(vendor.build);
 var _open = _interopRequireDefault$f(vendor.open);
@@ -2369,18 +2540,11 @@ async function setupCommand$e(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-  const {
-    repo: repoName,
-    branch: branchName,
-    commitMessage,
-    defaultBranch,
-    pendingHead,
-    tmp,
-    committers,
-    commitHash,
-    pullRequest
-  } = cli.flags;
+  let showHelp = cli.flags['help'];
   if (!cli.input[0]) {
+    showHelp = true;
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -2400,11 +2564,18 @@ async function setupCommand$e(name, description, argv, importMeta) {
   });
   const debugLog = (0, _misc.createDebugLogger)(false);
   const packagePaths = await (0, _pathResolve.getPackageFilesFullScans)(cwd, cli.input, supportedFiles, debugLog);
+  const {
+    repo: repoName,
+    branch: branchName
+  } = cli.flags;
   if (!repoName || !branchName || !packagePaths.length) {
+    showHelp = true;
     console.error(`${_chalk$e.default.white.bgRed('Input error')}: Please provide the required fields:\n
-- Repository name using --repo,\n
-- Branch name using --branch\n
-- At least one file path (e.g. ./package.json).\n`);
+    - Repository name using --repo,\n
+    - Branch name using --branch\n
+    - At least one file path (e.g. ./package.json).`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -2412,14 +2583,14 @@ async function setupCommand$e(name, description, argv, importMeta) {
     orgSlug,
     repoName,
     branchName,
-    commitMessage,
-    defaultBranch,
-    pendingHead,
-    tmp,
+    commitMessage: cli.flags['commitMessage'],
+    defaultBranch: cli.flags['defaultBranch'],
+    pendingHead: cli.flags['pendingHead'],
+    tmp: cli.flags['tmp'],
     packagePaths,
-    commitHash,
-    committers,
-    pullRequest
+    commitHash: cli.flags['commitHash'],
+    committers: cli.flags['committers'],
+    pullRequest: cli.flags['pullRequest']
   };
 }
 async function createFullScan(input, spinner, apiKey) {
@@ -2450,7 +2621,7 @@ async function createFullScan(input, spinner, apiKey) {
   console.log('\n✅ Scan created successfully\n');
   const link = _chalk$e.default.hex('#00FFFF').underline(`${result.data.html_report_url}`);
   console.log(`Available at: ${link}\n`);
-  const rl = _promises.createInterface({
+  const rl = _promises$1.createInterface({
     input: _nodeProcess.stdin,
     output: _nodeProcess.stdout
   });
@@ -2499,6 +2670,8 @@ const del$1 = _delete$3.del = {
 
 function setupCommand$d(name, description, argv, importMeta) {
   const flags = {
+    __proto__: null,
+    ..._flags$c.commonFlags,
     ..._flags$c.outputFlags
   };
   const cli = (0, _meow$d.default)(`
@@ -2516,12 +2689,12 @@ function setupCommand$d(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-  const {
-    json: outputJson,
-    markdown: outputMarkdown
-  } = cli.flags;
+  let showHelp = cli.flags['help'];
   if (cli.input.length < 2) {
+    showHelp = true;
     console.error(`${_chalk$d.default.white.bgRed('Input error')}: Please specify an organization slug and a scan ID.\n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -2530,8 +2703,8 @@ function setupCommand$d(name, description, argv, importMeta) {
     1: fullScanId = ''
   } = cli.input;
   return {
-    outputJson,
-    outputMarkdown,
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     orgSlug,
     fullScanId
   };
@@ -2544,7 +2717,7 @@ async function deleteOrgFullScan(orgSlug, fullScanId, spinner, apiKey) {
     return;
   }
   spinner.stop();
-  console.log('\n ✅ Scan deleted successfully\n');
+  console.log('✅ Scan deleted successfully');
 }
 
 var list$3 = {};
@@ -2626,8 +2799,10 @@ const listFullScanFlags = {
 
 function setupCommand$c(name, description, argv, importMeta) {
   const flags = {
-    ..._flags$b.outputFlags,
-    ...listFullScanFlags
+    __proto__: null,
+    ..._flags$b.commonFlags,
+    ...listFullScanFlags,
+    ..._flags$b.outputFlags
   };
   const cli = (0, _meow$c.default)(`
     Usage
@@ -2644,18 +2819,12 @@ function setupCommand$c(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-  const {
-    json: outputJson,
-    markdown: outputMarkdown,
-    sort,
-    direction,
-    perPage,
-    page,
-    fromTime,
-    untilTime
-  } = cli.flags;
+  let showHelp = cli.flags['help'];
   if (!cli.input[0]) {
+    showHelp = true;
     console.error(`${_chalk$c.default.white.bgRed('Input error')}: Please specify an organization slug.\n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -2663,15 +2832,15 @@ function setupCommand$c(name, description, argv, importMeta) {
     0: orgSlug = ''
   } = cli.input;
   return {
-    outputJson,
-    outputMarkdown,
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     orgSlug,
-    sort,
-    direction,
-    per_page: perPage,
-    page,
-    from_time: fromTime,
-    until_time: untilTime
+    sort: cli.flags['sort'],
+    direction: cli.flags['direction'],
+    per_page: cli.flags['perPage'],
+    page: cli.flags['page'],
+    from_time: cli.flags['fromTime'],
+    until_time: cli.flags['untilTime']
   };
 }
 async function listOrgFullScan(orgSlug, input, spinner, apiKey) {
@@ -2751,6 +2920,8 @@ const metadata = metadata$1.metadata = {
 
 function setupCommand$b(name, description, argv, importMeta) {
   const flags = {
+    __proto__: null,
+    ..._flags$a.commonFlags,
     ..._flags$a.outputFlags
   };
   const cli = (0, _meow$b.default)(`
@@ -2768,12 +2939,12 @@ function setupCommand$b(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-  const {
-    json: outputJson,
-    markdown: outputMarkdown
-  } = cli.flags;
+  let showHelp = cli.flags['help'];
   if (cli.input.length < 2) {
+    showHelp = true;
     console.error(`${_chalk$b.default.white.bgRed('Input error')}: Please specify an organization slug and a scan ID.\n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -2782,8 +2953,8 @@ function setupCommand$b(name, description, argv, importMeta) {
     1: scanID = ''
   } = cli.input;
   return {
-    outputJson,
-    outputMarkdown,
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     orgSlug,
     scanID
   };
@@ -2838,6 +3009,8 @@ const stream = stream$1.stream = {
 
 function setupCommand$a(name, description, argv, importMeta) {
   const flags = {
+    __proto__: null,
+    ..._flags$9.commonFlags,
     ..._flags$9.outputFlags
   };
   const cli = (0, _meow$a.default)(`
@@ -2855,12 +3028,12 @@ function setupCommand$a(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-  const {
-    json: outputJson,
-    markdown: outputMarkdown
-  } = cli.flags;
+  let showHelp = cli.flags['help'];
   if (cli.input.length < 2) {
+    showHelp = true;
     console.error(`${_chalk$a.default.white.bgRed('Input error')}: Please specify an organization slug and a scan ID.\n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -2870,8 +3043,8 @@ function setupCommand$a(name, description, argv, importMeta) {
     2: file
   } = cli.input;
   return {
-    outputJson,
-    outputMarkdown,
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     orgSlug,
     fullScanId,
     file
@@ -2979,6 +3152,7 @@ function setupCommand$9(name, description, argv, importMeta) {
   const flags = {
     __proto__: null,
     ...auditLogFlags,
+    ..._flags$8.commonFlags,
     ..._flags$8.outputFlags
   };
   const cli = (0, _meow$9.default)(`
@@ -2996,6 +3170,15 @@ function setupCommand$9(name, description, argv, importMeta) {
     importMeta,
     flags
   });
+  let showHelp = cli.flags['help'];
+  if (cli.input.length < 1) {
+    showHelp = true;
+    console.error(`${_chalk$9.default.white.bgRed('Input error')}: Please provide an organization slug\n`);
+  }
+  if (showHelp) {
+    cli.showHelp();
+    return;
+  }
   const {
     json: outputJson,
     markdown: outputMarkdown,
@@ -3003,11 +3186,6 @@ function setupCommand$9(name, description, argv, importMeta) {
     perPage
   } = cli.flags;
   const type = cli.flags['type'];
-  if (cli.input.length < 1) {
-    console.error(`${_chalk$9.default.white.bgRed('Input error')}: Please provide an organization slug\n`);
-    cli.showHelp();
-    return;
-  }
   const {
     0: orgSlug = ''
   } = cli.input;
@@ -3126,6 +3304,7 @@ const repositoryCreationFlags = {
 function setupCommand$8(name, description, argv, importMeta) {
   const flags = {
     __proto__: null,
+    ..._flags$7.commonFlags,
     ..._flags$7.outputFlags,
     ...repositoryCreationFlags
   };
@@ -3145,34 +3324,30 @@ function setupCommand$8(name, description, argv, importMeta) {
     flags
   });
   const {
-    json: outputJson,
-    markdown: outputMarkdown,
-    repoName,
-    repoDescription,
-    homepage,
-    defaultBranch,
-    visibility
+    repoName
   } = cli.flags;
   const [orgSlug = ''] = cli.input;
+  let showHelp = cli.flags['help'];
   if (!orgSlug) {
+    showHelp = true;
     console.error(`${_chalk$8.default.white.bgRed('Input error')}: Please provide an organization slug\n`);
-    cli.showHelp();
-    return;
-  }
-  if (!repoName) {
+  } else if (!repoName) {
+    showHelp = true;
     console.error(`${_chalk$8.default.white.bgRed('Input error')}: Repository name is required.\n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
   return {
-    outputJson,
-    outputMarkdown,
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     orgSlug,
     name: repoName,
-    description: repoDescription,
-    homepage,
-    default_branch: defaultBranch,
-    visibility
+    description: cli.flags['repoDescription'],
+    homepage: cli.flags['homepage'],
+    default_branch: cli.flags['defaultBranch'],
+    visibility: cli.flags['visibility']
   };
 }
 async function createRepo(orgSlug, input, spinner, apiKey) {
@@ -3236,8 +3411,12 @@ function setupCommand$7(name, description, argv, importMeta) {
     0: orgSlug = '',
     1: repoName = ''
   } = cli.input;
+  let showHelp = cli.flags['help'];
   if (!orgSlug || !repoName) {
+    showHelp = true;
     console.error(`${_chalk$7.default.white.bgRed('Input error')}: Please provide an organization slug and repository slug\n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -3323,8 +3502,10 @@ const listRepoFlags = {
 
 function setupCommand$6(name, description, argv, importMeta) {
   const flags = {
-    ..._flags$6.outputFlags,
-    ...listRepoFlags
+    __proto__: null,
+    ..._flags$6.commonFlags,
+    ...listRepoFlags,
+    ..._flags$6.outputFlags
   };
   const cli = (0, _meow$6.default)(`
     Usage
@@ -3341,16 +3522,12 @@ function setupCommand$6(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-  const {
-    json: outputJson,
-    markdown: outputMarkdown,
-    perPage,
-    sort,
-    direction,
-    page
-  } = cli.flags;
+  let showHelp = cli.flags['help'];
   if (!cli.input[0]) {
+    showHelp = true;
     console.error(`${_chalk$6.default.white.bgRed('Input error')}: Please provide an organization slug\n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -3358,13 +3535,13 @@ function setupCommand$6(name, description, argv, importMeta) {
     0: orgSlug = ''
   } = cli.input;
   return {
-    outputJson,
-    outputMarkdown,
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     orgSlug,
-    sort,
-    direction,
-    page,
-    per_page: perPage
+    sort: cli.flags['sort'],
+    direction: cli.flags['direction'],
+    page: cli.flags['page'],
+    per_page: cli.flags['perPage']
   };
 }
 async function listOrgRepos(orgSlug, input, spinner, apiKey) {
@@ -3466,6 +3643,8 @@ const repositoryUpdateFlags = {
 
 function setupCommand$5(name, description, argv, importMeta) {
   const flags = {
+    __proto__: null,
+    ..._flags$5.commonFlags,
     ..._flags$5.outputFlags,
     ...repositoryUpdateFlags
   };
@@ -3485,34 +3664,30 @@ function setupCommand$5(name, description, argv, importMeta) {
     flags
   });
   const {
-    json: outputJson,
-    markdown: outputMarkdown,
-    repoName,
-    repoDescription,
-    homepage,
-    defaultBranch,
-    visibility
+    repoName
   } = cli.flags;
   const [orgSlug = ''] = cli.input;
+  let showHelp = cli.flags['help'];
   if (!orgSlug) {
+    showHelp = true;
     console.error(`${_chalk$5.default.white.bgRed('Input error')}: Please provide an organization slug and repository name\n`);
-    cli.showHelp();
-    return;
-  }
-  if (!repoName) {
+  } else if (!repoName) {
+    showHelp = true;
     console.error(`${_chalk$5.default.white.bgRed('Input error')}: Repository name is required.\n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
   return {
-    outputJson,
-    outputMarkdown,
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     orgSlug,
     name: repoName,
-    description: repoDescription,
-    homepage,
-    default_branch: defaultBranch,
-    visibility
+    description: cli.flags['repoDescription'],
+    homepage: cli.flags['homepage'],
+    default_branch: cli.flags['defaultBranch'],
+    visibility: cli.flags['visibility']
   };
 }
 async function updateRepository(orgSlug, input, spinner, apiKey) {
@@ -3567,6 +3742,8 @@ const view = view$1.view = {
 
 function setupCommand$4(name, description, argv, importMeta) {
   const flags = {
+    __proto__: null,
+    ..._flags$4.commonFlags,
     ..._flags$4.outputFlags
   };
   const cli = (0, _meow$4.default)(`
@@ -3584,12 +3761,12 @@ function setupCommand$4(name, description, argv, importMeta) {
     importMeta,
     flags
   });
-  const {
-    json: outputJson,
-    markdown: outputMarkdown
-  } = cli.flags;
+  let showHelp = cli.flags['help'];
   if (!cli.input[0]) {
+    showHelp = true;
     console.error(`${_chalk$4.default.white.bgRed('Input error')}: Please provide an organization slug and repository name\n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -3598,8 +3775,8 @@ function setupCommand$4(name, description, argv, importMeta) {
     1: repositoryName = ''
   } = cli.input;
   return {
-    outputJson,
-    outputMarkdown,
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     orgSlug,
     repositoryName
   };
@@ -3720,8 +3897,9 @@ const dependenciesFlags = {
 function setupCommand$3(name, description, argv, importMeta) {
   const flags = {
     __proto__: null,
-    ..._flags$3.outputFlags,
-    ...dependenciesFlags
+    ..._flags$3.commonFlags,
+    ...dependenciesFlags,
+    ..._flags$3.outputFlags
   };
   const cli = (0, _meow$3.default)(`
     Usage
@@ -3811,7 +3989,7 @@ Object.defineProperty(analytics$1, "__esModule", {
   value: true
 });
 analytics$1.analytics = void 0;
-var _nodeFs$2 = require$$0;
+var _promises = require$$1$4;
 var _blessed$1 = require$$2$4;
 var _blessedContrib$1 = require$$3$5;
 var _chalk$2 = _interopRequireDefault$3(vendor.source);
@@ -3880,6 +4058,7 @@ const analyticsFlags = {
 function setupCommand$2(name, description, argv, importMeta) {
   const flags = {
     __proto__: null,
+    ..._flags$2.commonFlags,
     ..._flags$2.outputFlags,
     ...analyticsFlags
   };
@@ -3901,11 +4080,9 @@ function setupCommand$2(name, description, argv, importMeta) {
     flags
   });
   const {
-    json: outputJson,
-    scope,
-    time,
     repo,
-    file
+    scope,
+    time
   } = cli.flags;
   if (scope !== 'org' && scope !== 'repo') {
     throw new _errors$3.InputError("The scope must either be 'org' or 'repo'");
@@ -3913,8 +4090,12 @@ function setupCommand$2(name, description, argv, importMeta) {
   if (time !== 7 && time !== 30 && time !== 90) {
     throw new _errors$3.InputError('The time filter must either be 7, 30 or 90');
   }
+  let showHelp = cli.flags['help'];
   if (scope === 'repo' && !repo) {
+    showHelp = true;
     console.error(`${_chalk$2.default.bgRed.white('Input error')}: Please provide a repository name when using the repository scope. \n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
@@ -3922,8 +4103,8 @@ function setupCommand$2(name, description, argv, importMeta) {
     scope,
     time,
     repo,
-    outputJson,
-    file
+    outputJson: cli.flags['json'],
+    file: cli.flags['file']
   };
 }
 const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
@@ -3942,9 +4123,12 @@ async function fetchOrgAnalyticsData(time, spinner, apiKey, outputJson, filePath
     return console.log(result.data);
   }
   if (filePath) {
-    _nodeFs$2.writeFile(filePath, JSON.stringify(result.data), err => {
-      err ? console.error(err) : console.log(`Data successfully written to ${filePath}`);
-    });
+    try {
+      await _promises.writeFile(filePath, JSON.stringify(result.data), 'utf8');
+      console.log(`Data successfully written to ${filePath}`);
+    } catch (e) {
+      console.error(e);
+    }
     return;
   }
   return displayAnalyticsScreen(data);
@@ -4052,9 +4236,12 @@ async function fetchRepoAnalyticsData(repo, time, spinner, apiKey, outputJson, f
     return console.log(result.data);
   }
   if (filePath) {
-    _nodeFs$2.writeFile(filePath, JSON.stringify(result.data), err => {
-      err ? console.error(err) : console.log(`Data successfully written to ${filePath}`);
-    });
+    try {
+      await _promises.writeFile(filePath, JSON.stringify(result.data), 'utf8');
+      console.log(`Data successfully written to ${filePath}`);
+    } catch (e) {
+      console.error(e);
+    }
     return;
   }
   return displayAnalyticsScreen(data);
@@ -4184,8 +4371,9 @@ const getDiffScanFlags = {
 function setupCommand$1(name, description, argv, importMeta) {
   const flags = {
     __proto__: null,
-    ..._flags$1.outputFlags,
-    ...getDiffScanFlags
+    ..._flags$1.commonFlags,
+    ...getDiffScanFlags,
+    ..._flags$1.outputFlags
   };
   const cli = (0, _meow$1.default)(`
     Usage
@@ -4203,32 +4391,30 @@ function setupCommand$1(name, description, argv, importMeta) {
     flags
   });
   const {
-    json: outputJson,
-    markdown: outputMarkdown,
     before,
-    after,
-    preview,
-    file
+    after
   } = cli.flags;
+  let showHelp = cli.flags['help'];
   if (!before || !after) {
+    showHelp = true;
     console.error(`${_chalk$1.default.bgRed.white('Input error')}: Please specify a before and after full scan ID. To get full scans IDs, you can run the command "socket scan list <your org slug>".\n`);
-    cli.showHelp();
-    return;
-  }
-  if (cli.input.length < 1) {
+  } else if (cli.input.length < 1) {
+    showHelp = true;
     console.error(`${_chalk$1.default.bgRed.white('Input error')}: Please provide an organization slug\n`);
+  }
+  if (showHelp) {
     cli.showHelp();
     return;
   }
   const [orgSlug = ''] = cli.input;
   return {
-    outputJson,
-    outputMarkdown,
+    outputJson: cli.flags['json'],
+    outputMarkdown: cli.flags['markdown'],
     before,
     after,
-    preview,
+    preview: cli.flags['preview'],
     orgSlug,
-    file
+    file: cli.flags['file']
   };
 }
 async function getDiffScan({
@@ -4361,8 +4547,9 @@ const threatFeedFlags = {
 function setupCommand(name, description, argv, importMeta) {
   const flags = {
     __proto__: null,
-    ...threatFeedFlags,
-    ..._flags.outputFlags
+    ..._flags.commonFlags,
+    ..._flags.outputFlags,
+    ...threatFeedFlags
   };
   const cli = (0, _meow.default)(`
     Usage