socket 0.14.20 → 0.14.21

package/dist/cli.js

@@ -511,8 +511,8 @@ async function fetchPackageData(pkgName, pkgVersion, {
 }
 function formatPackageDataOutput({
   data,
-  severityCount,
-  score
+  score,
+  severityCount
 }, {
   name,
   outputJson,
@@ -915,7 +915,7 @@ var _which = require$$6$1;
 var _fs$1 = fs;
 var _objects$1 = sdk.objects;
 var _strings$1 = strings;
-const AGENTS = packageManagerDetector.AGENTS = ['bun', 'npm', 'pnpm', 'yarn/berry', 'yarn/classic'];
+const AGENTS = packageManagerDetector.AGENTS = ['bun', 'npm', 'pnpm', 'yarn/berry', 'yarn/classic', 'vlt'];
 const numericCollator = new Intl.Collator(undefined, {
   numeric: true,
   sensitivity: 'base'
@@ -923,6 +923,22 @@ const numericCollator = new Intl.Collator(undefined, {
 const {
   compare: alphaNumericComparator
 } = numericCollator;
+async function getAgentExecPath(agent) {
+  return (await _which(agent, {
+    nothrow: true
+  })) ?? agent;
+}
+async function getAgentVersion(agentExecPath, cwd) {
+  let result;
+  try {
+    result = _semver$1.coerce(
+    // All package managers support the "--version" flag.
+    (await _promiseSpawn$3(agentExecPath, ['--version'], {
+      cwd
+    })).stdout) ?? undefined;
+  } catch {}
+  return result;
+}
 const maintainedNodeVersions = (() => {
   // Under the hood browserlist uses the node-releases package which is out of date:
   // https://github.com/chicoxyzzy/node-releases/issues/37
@@ -950,15 +966,16 @@ const maintainedNodeVersions = (() => {
 })();
 const LOCKS = {
   'bun.lockb': 'bun',
-  'pnpm-lock.yaml': 'pnpm',
-  'pnpm-lock.yml': 'pnpm',
-  'yarn.lock': 'yarn/classic',
   // If both package-lock.json and npm-shrinkwrap.json are present in the root
   // of a project, npm-shrinkwrap.json will take precedence and package-lock.json
   // will be ignored.
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#package-lockjson-vs-npm-shrinkwrapjson
   'npm-shrinkwrap.json': 'npm',
   'package-lock.json': 'npm',
+  'pnpm-lock.yaml': 'pnpm',
+  'pnpm-lock.yml': 'pnpm',
+  'yarn.lock': 'yarn/classic',
+  'vlt-lock.json': 'vlt',
   // Look for a hidden lock file if .npmrc has package-lock=false:
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#hidden-lockfiles
   //
@@ -975,6 +992,7 @@ const readLockFileByAgent = (() => {
       return undefined;
     };
   }
+  const defaultReader = wrapReader(async lockPath => await (0, _fs$1.readFileUtf8)(lockPath));
   return {
     bun: wrapReader(async (lockPath, agentExecPath) => {
       let lockBuffer;
@@ -986,14 +1004,16 @@ const readLockFileByAgent = (() => {
       try {
         return (0, _hyrious__bun.parse)(lockBuffer);
       } catch {}
-      // To print a Yarn lockfile to your console without writing it to disk use `bun bun.lockb`.
+      // To print a Yarn lockfile to your console without writing it to disk
+      // use `bun bun.lockb`.
       // https://bun.sh/guides/install/yarnlock
       return (await _promiseSpawn$3(agentExecPath, [lockPath])).stdout.trim();
     }),
-    npm: wrapReader(async lockPath => await (0, _fs$1.readFileUtf8)(lockPath)),
-    pnpm: wrapReader(async lockPath => await (0, _fs$1.readFileUtf8)(lockPath)),
-    'yarn/berry': wrapReader(async lockPath => await (0, _fs$1.readFileUtf8)(lockPath)),
-    'yarn/classic': wrapReader(async lockPath => await (0, _fs$1.readFileUtf8)(lockPath))
+    npm: defaultReader,
+    pnpm: defaultReader,
+    vlt: defaultReader,
+    'yarn/berry': defaultReader,
+    'yarn/classic': defaultReader
   };
 })();
 async function detect({
@@ -1033,17 +1053,10 @@ async function detect({
     agent = 'npm';
     onUnknown?.(pkgManager);
   }
-  const agentExecPath = (await _which(agent, {
-    nothrow: true
-  })) ?? agent;
+  const agentExecPath = await getAgentExecPath(agent);
+  const npmExecPath = agent === 'npm' ? agentExecPath : await getAgentExecPath('npm');
   if (agentVersion === undefined) {
-    try {
-      agentVersion = _semver$1.coerce(
-      // All package managers support the "--version" flag.
-      (await _promiseSpawn$3(agentExecPath, ['--version'], {
-        cwd
-      })).stdout) ?? undefined;
-    } catch {}
+    agentVersion = await getAgentVersion(agentExecPath, cwd);
   }
   if (agent === 'yarn/classic' && (agentVersion?.major ?? 0) > 1) {
     agent = 'yarn/berry';
@@ -1092,6 +1105,7 @@ async function detect({
     lockPath,
     lockSrc,
     minimumNodeVersion,
+    npmExecPath,
     pkgJson: editablePkgJson,
     pkgPath,
     supported: targets.browser || targets.node,
@@ -1244,6 +1258,13 @@ const getOverridesDataByAgent = {
       overrides
     };
   },
+  vlt(pkgJson) {
+    const overrides = pkgJson?.overrides ?? {};
+    return {
+      type: 'vlt',
+      overrides
+    };
+  },
   // Yarn resolutions documentation:
   // https://yarnpkg.com/configuration/manifest#resolutions
   'yarn/berry'(pkgJson) {
@@ -1264,7 +1285,7 @@ const getOverridesDataByAgent = {
   }
 };
 const lockIncludesByAgent = (() => {
-  const yarn = (lockSrc, name) => {
+  function yarnLockIncludes(lockSrc, name) {
     const escapedName = (0, _regexps.escapeRegExp)(name);
     return new RegExp(
     // Detects the package name in the following cases:
@@ -1273,9 +1294,9 @@ const lockIncludesByAgent = (() => {
     //   name@
     //   , name@
     `(?<=(?:^\\s*|,\\s*)"?)${escapedName}(?=@)`, 'm').test(lockSrc);
-  };
+  }
   return {
-    bun: yarn,
+    bun: yarnLockIncludes,
     npm(lockSrc, name) {
       // Detects the package name in the following cases:
       //   "name":
@@ -1291,111 +1312,179 @@ const lockIncludesByAgent = (() => {
       //   name@
       `(?<=^\\s*)(?:(['/])${escapedName}\\1|${escapedName}(?=[:@]))`, 'm').test(lockSrc);
     },
-    'yarn/berry': yarn,
-    'yarn/classic': yarn
+    vlt(lockSrc, name) {
+      // Detects the package name in the following cases:
+      //   "name"
+      return lockSrc.includes(`"${name}"`);
+    },
+    'yarn/berry': yarnLockIncludes,
+    'yarn/classic': yarnLockIncludes
   };
 })();
-const updateManifestByAgent = {
-  bun(pkgJson, overrides) {
-    pkgJson.update({
-      [RESOLUTIONS_FIELD_NAME]: overrides
-    });
-  },
-  npm(pkgJson, overrides) {
+const updateManifestByAgent = (() => {
+  function updateOverrides(pkgJson, overrides) {
     pkgJson.update({
       [OVERRIDES_FIELD_NAME]: overrides
     });
-  },
-  pnpm(pkgJson, overrides) {
-    pkgJson.update({
-      pnpm: {
-        ...pkgJson.content['pnpm'],
-        [OVERRIDES_FIELD_NAME]: overrides
-      }
-    });
-  },
-  'yarn/berry'(pkgJson, overrides) {
-    pkgJson.update({
-      [RESOLUTIONS_FIELD_NAME]: overrides
-    });
-  },
-  'yarn/classic'(pkgJson, overrides) {
+  }
+  function updateResolutions(pkgJson, overrides) {
     pkgJson.update({
       [RESOLUTIONS_FIELD_NAME]: overrides
     });
   }
-};
-const lsByAgent = {
-  async bun(agentExecPath, cwd, _rootPath) {
-    try {
-      // Bun does not support filtering by production packages yet.
-      // https://github.com/oven-sh/bun/issues/8283
-      return (await _promiseSpawn$2(agentExecPath, ['pm', 'ls', '--all'], {
-        cwd
-      })).stdout;
-    } catch {}
-    return '';
-  },
-  async npm(agentExecPath, cwd, rootPath) {
-    try {
-      let {
-        stdout
-      } = await _promiseSpawn$2(agentExecPath, ['ls', '--parseable', '--omit', 'dev', '--all'], {
-        cwd
-      });
-      stdout = stdout.trim();
-      stdout = stdout.replaceAll(cwd, '');
-      stdout = rootPath === cwd ? stdout : stdout.replaceAll(rootPath, '');
-      return stdout.replaceAll('\\', '/');
-    } catch {}
-    return '';
-  },
-  async pnpm(agentExecPath, cwd, rootPath) {
-    try {
-      let {
-        stdout
-      } = await _promiseSpawn$2(agentExecPath, ['ls', '--parseable', '--prod', '--depth', 'Infinity'], {
-        cwd
+  return {
+    bun: updateResolutions,
+    npm: updateOverrides,
+    pnpm(pkgJson, overrides) {
+      pkgJson.update({
+        pnpm: {
+          ...pkgJson.content['pnpm'],
+          [OVERRIDES_FIELD_NAME]: overrides
+        }
       });
-      stdout = stdout.trim();
-      stdout = stdout.replaceAll(cwd, '');
-      stdout = rootPath === cwd ? stdout : stdout.replaceAll(rootPath, '');
-      return stdout.replaceAll('\\', '/');
-    } catch {}
-    return '';
-  },
-  async 'yarn/berry'(agentExecPath, cwd, _rootPath) {
+    },
+    vlt: updateOverrides,
+    'yarn/berry': updateResolutions,
+    'yarn/classic': updateResolutions
+  };
+})();
+const lsByAgent = (() => {
+  function cleanupQueryStdout(stdout) {
+    if (stdout === '') {
+      return '';
+    }
+    let pkgs;
     try {
-      return (
-        // Yarn Berry does not support filtering by production packages yet.
-        // https://github.com/yarnpkg/berry/issues/5117
-        (await _promiseSpawn$2(agentExecPath, ['info', '--recursive', '--name-only'], {
-          cwd
-        })).stdout.trim()
-      );
+      pkgs = JSON.parse(stdout);
     } catch {}
-    return '';
-  },
-  async 'yarn/classic'(agentExecPath, cwd, _rootPath) {
+    if (!Array.isArray(pkgs)) {
+      return '';
+    }
+    const names = new Set();
+    for (const {
+      _id,
+      name,
+      pkgid
+    } of pkgs) {
+      // `npm query` results may not have a "name" property, in which case we
+      // fallback to "_id" and then "pkgid".
+      // `vlt ls --view json` results always have a "name" property.
+      const fallback = _id ?? pkgid ?? '';
+      const resolvedName = name ?? fallback.slice(0, fallback.indexOf('@', 1));
+      if (resolvedName) {
+        names.add(resolvedName);
+      }
+    }
+    return JSON.stringify([...names], null, 2);
+  }
+  function parseableToQueryStdout(stdout) {
+    if (stdout === '') {
+      return '';
+    }
+    // Convert the parseable stdout into a json array of unique names.
+    // The matchAll regexp looks for a forward (posix) or backward (win32) slash
+    // and matches one or more non-slashes until the newline.
+    const names = new Set(stdout.matchAll(/(?<=[/\\])[^/\\]+(?=\n)/g));
+    return JSON.stringify([...names], null, 2);
+  }
+  async function npmQuery(npmExecPath, cwd) {
+    let stdout = '';
     try {
-      // However, Yarn Classic does support it.
-      // https://github.com/yarnpkg/yarn/releases/tag/v1.0.0
-      // > Fix: Excludes dev dependencies from the yarn list output when the
-      //   environment is production
-      return (await _promiseSpawn$2(agentExecPath, ['list', '--prod'], {
+      stdout = (await _promiseSpawn$2(npmExecPath, ['query', ':not(.dev)'], {
         cwd
-      })).stdout.trim();
+      })).stdout;
     } catch {}
-    return '';
+    return cleanupQueryStdout(stdout);
   }
-};
-const depsIncludesByAgent = {
-  bun: (stdout, name) => stdout.includes(` ${name}@`),
-  npm: (stdout, name) => stdout.includes(`/${name}\n`),
-  pnpm: (stdout, name) => stdout.includes(`/${name}\n`),
-  'yarn/berry': (stdout, name) => stdout.includes(` ${name}@`),
-  'yarn/classic': (stdout, name) => stdout.includes(` ${name}@`)
-};
+  return {
+    async bun(agentExecPath, cwd) {
+      try {
+        // Bun does not support filtering by production packages yet.
+        // https://github.com/oven-sh/bun/issues/8283
+        return (await _promiseSpawn$2(agentExecPath, ['pm', 'ls', '--all'], {
+          cwd
+        })).stdout;
+      } catch {}
+      return '';
+    },
+    async npm(agentExecPath, cwd) {
+      return await npmQuery(agentExecPath, cwd);
+    },
+    async pnpm(agentExecPath, cwd, options) {
+      const {
+        npmExecPath
+      } = {
+        __proto__: null,
+        ...options
+      };
+      if (npmExecPath && npmExecPath !== 'npm') {
+        const result = await npmQuery(npmExecPath, cwd);
+        if (result) {
+          return result;
+        }
+      }
+      let stdout = '';
+      try {
+        stdout = (await _promiseSpawn$2(agentExecPath, ['ls', '--parseable', '--prod', '--depth', 'Infinity'], {
+          cwd
+        })).stdout;
+      } catch {}
+      return parseableToQueryStdout(stdout);
+    },
+    async vlt(agentExecPath, cwd) {
+      let stdout = '';
+      try {
+        stdout = (await _promiseSpawn$2(agentExecPath, ['ls', '--view', 'human', ':not(.dev)'], {
+          cwd
+        })).stdout;
+      } catch {}
+      return cleanupQueryStdout(stdout);
+    },
+    async 'yarn/berry'(agentExecPath, cwd) {
+      try {
+        return (
+          // Yarn Berry does not support filtering by production packages yet.
+          // https://github.com/yarnpkg/berry/issues/5117
+          (await _promiseSpawn$2(agentExecPath, ['info', '--recursive', '--name-only'], {
+            cwd
+          })).stdout.trim()
+        );
+      } catch {}
+      return '';
+    },
+    async 'yarn/classic'(agentExecPath, cwd) {
+      try {
+        // However, Yarn Classic does support it.
+        // https://github.com/yarnpkg/yarn/releases/tag/v1.0.0
+        // > Fix: Excludes dev dependencies from the yarn list output when the
+        //   environment is production
+        return (await _promiseSpawn$2(agentExecPath, ['list', '--prod'], {
+          cwd
+        })).stdout.trim();
+      } catch {}
+      return '';
+    }
+  };
+})();
+const depsIncludesByAgent = (() => {
+  function matchHumanStdout(stdout, name) {
+    return stdout.includes(` ${name}@`);
+  }
+  function matchQueryStdout(stdout, name) {
+    return stdout.includes(`"${name}"`);
+  }
+  return {
+    bun: matchHumanStdout,
+    npm: matchQueryStdout,
+    pnpm: matchQueryStdout,
+    vlt: matchQueryStdout,
+    'yarn/berry': matchHumanStdout,
+    'yarn/classic': matchHumanStdout
+  };
+})();
+function createActionMessage(verb, overrideCount, workspaceCount) {
+  return `${verb} ${overrideCount} Socket.dev optimized overrides${workspaceCount ? ` in ${workspaceCount} workspace${workspaceCount > 1 ? 's' : ''}` : ''}`;
+}
 function getDependencyEntries(pkgJson) {
   const {
     dependencies,
@@ -1419,28 +1508,33 @@ function getDependencyEntries(pkgJson) {
     1: o
   }) => o);
 }
-async function getWorkspaces(agent, pkgPath, pkgJson) {
-  if (agent !== 'pnpm') {
-    return Array.isArray(pkgJson['workspaces']) ? pkgJson['workspaces'].filter(_strings.isNonEmptyString) : undefined;
-  }
-  for (const workspacePath of [_nodePath$2.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), _nodePath$2.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
-    if ((0, _fs.existsSync)(workspacePath)) {
-      let packages;
-      try {
-        // eslint-disable-next-line no-await-in-loop
-        packages = (0, _yaml.parse)(await _promises$2.readFile(workspacePath, 'utf8'))?.packages;
-      } catch {}
-      if (Array.isArray(packages)) {
-        return packages.filter(_strings.isNonEmptyString);
+async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
+  let workspacePatterns;
+  if (agent === 'pnpm') {
+    for (const workspacePath of [_nodePath$2.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), _nodePath$2.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
+      if ((0, _fs.existsSync)(workspacePath)) {
+        try {
+          workspacePatterns = (0, _yaml.parse)(
+          // eslint-disable-next-line no-await-in-loop
+          await _promises$2.readFile(workspacePath, 'utf8'))?.packages;
+        } catch {}
+        if (workspacePatterns) {
+          break;
+        }
       }
     }
+  } else {
+    workspacePatterns = pkgJson['workspaces'];
   }
-  return undefined;
+  return Array.isArray(workspacePatterns) ? workspacePatterns.filter(_strings.isNonEmptyString).map(workspacePatternToGlobPattern) : undefined;
 }
-function workspaceToGlobPattern(workspace) {
+function workspacePatternToGlobPattern(workspace) {
   const {
     length
   } = workspace;
+  if (!length) {
+    return '';
+  }
   // If the workspace ends with "/"
   if (workspace.charCodeAt(length - 1) === 47 /*'/'*/) {
     return `${workspace}/*/package.json`;
@@ -1452,21 +1546,29 @@ function workspaceToGlobPattern(workspace) {
   // Things like "packages/a" or "packages/*"
   return `${workspace}/package.json`;
 }
+function createAddOverridesState(initials) {
+  return {
+    added: new Set(),
+    addedInWorkspaces: new Set(),
+    spinner: undefined,
+    updated: new Set(),
+    updatedInWorkspaces: new Set(),
+    warnedPnpmWorkspaceRequiresNpm: false,
+    ...initials
+  };
+}
 async function addOverrides({
   agent,
   agentExecPath,
   lockSrc,
   manifestEntries,
+  npmExecPath,
   pin,
   pkgJson: editablePkgJson,
   pkgPath,
   prod,
   rootPath
-}, state = {
-  added: new Set(),
-  spinner: undefined,
-  updated: new Set()
-}) {
+}, state = createAddOverridesState()) {
   if (editablePkgJson === undefined) {
     editablePkgJson = await _packageJson.load(pkgPath);
   }
@@ -1476,19 +1578,26 @@ async function addOverrides({
   const pkgJson = editablePkgJson.content;
   const isRoot = pkgPath === rootPath;
   const isLockScanned = isRoot && !prod;
-  const thingToScan = isLockScanned ? lockSrc : await lsByAgent[agent](agentExecPath, pkgPath, rootPath);
+  const workspaceName = _nodePath$2.relative(rootPath, pkgPath);
+  const workspaceGlobs = await getWorkspaceGlobs(agent, pkgPath, pkgJson);
+  const isWorkspace = !!workspaceGlobs;
+  if (isWorkspace && agent === 'pnpm' && npmExecPath === 'npm' && !state.warnedPnpmWorkspaceRequiresNpm) {
+    state.warnedPnpmWorkspaceRequiresNpm = true;
+    console.log(`⚠️ ${COMMAND_TITLE}: pnpm workspace support requires \`npm ls\`, falling back to \`pnpm list\``);
+  }
+  const thingToScan = isLockScanned ? lockSrc : await lsByAgent[agent](agentExecPath, pkgPath, {
+    npmExecPath
+  });
   const thingScanner = isLockScanned ? lockIncludesByAgent[agent] : depsIncludesByAgent[agent];
   const depEntries = getDependencyEntries(pkgJson);
-  const workspaces = await getWorkspaces(agent, pkgPath, pkgJson);
-  const isWorkspace = !!workspaces;
   const overridesDataObjects = [];
   if (pkgJson['private'] || isWorkspace) {
     overridesDataObjects.push(getOverridesDataByAgent[agent](pkgJson));
   } else {
-    overridesDataObjects.push(getOverridesDataByAgent['npm'](pkgJson), getOverridesDataByAgent['yarn/classic'](pkgJson));
+    overridesDataObjects.push(getOverridesDataByAgent.npm(pkgJson), getOverridesDataByAgent['yarn/classic'](pkgJson));
   }
   if (spinner) {
-    spinner.text = `Adding overrides${isRoot ? '' : ` to ${_nodePath$2.relative(rootPath, pkgPath)}`}...`;
+    spinner.text = `Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`;
   }
   const depAliasMap = new Map();
   // Chunk package names to process them in parallel 3 at a time.
@@ -1517,6 +1626,7 @@ async function addOverrides({
           pkgSpec = `${regSpecStartsLike}^${version}`;
           depObj[origPkgName] = pkgSpec;
           state.added.add(regPkgName);
+          state.addedInWorkspaces.add(workspaceName);
         }
         depAliasMap.set(origPkgName, {
           id: pkgSpec,
@@ -1557,46 +1667,43 @@ async function addOverrides({
           }
         }
         if (newSpec !== oldSpec) {
+          overrides[origPkgName] = newSpec;
           if (overrideExists) {
             state.updated.add(regPkgName);
+            state.updatedInWorkspaces.add(workspaceName);
           } else {
             state.added.add(regPkgName);
+            state.addedInWorkspaces.add(workspaceName);
           }
-          overrides[origPkgName] = newSpec;
         }
       }
     });
   });
-  if (workspaces) {
-    const wsPkgJsonPaths = await (0, _tinyglobby.glob)(workspaces.map(workspaceToGlobPattern), {
+  if (workspaceGlobs) {
+    const workspacePkgJsonPaths = await (0, _tinyglobby.glob)(workspaceGlobs, {
       absolute: true,
       cwd: pkgPath,
       ignore: ['**/node_modules/**', '**/bower_components/**']
     });
     // Chunk package names to process them in parallel 3 at a time.
-    await (0, _promises2.pEach)(wsPkgJsonPaths, 3, async wsPkgJsonPath => {
-      const {
-        added,
-        updated
-      } = await addOverrides({
+    await (0, _promises2.pEach)(workspacePkgJsonPaths, 3, async workspacePkgJsonPath => {
+      const otherState = await addOverrides({
         agent,
         agentExecPath,
         lockSrc,
         manifestEntries,
+        npmExecPath,
         pin,
-        pkgPath: _nodePath$2.dirname(wsPkgJsonPath),
+        pkgPath: _nodePath$2.dirname(workspacePkgJsonPath),
         prod,
         rootPath
-      }, {
-        added: new Set(),
-        spinner,
-        updated: new Set()
-      });
-      for (const regPkgName of added) {
-        state.added.add(regPkgName);
-      }
-      for (const regPkgName of updated) {
-        state.updated.add(regPkgName);
+      }, createAddOverridesState({
+        spinner
+      }));
+      for (const key of ['added', 'addedInWorkspaces', 'updated', 'updatedInWorkspaces']) {
+        for (const value of otherState[key]) {
+          state[key].add(value);
+        }
       }
     });
   }
@@ -1680,9 +1787,10 @@ const optimize = optimize$1.optimize = {
       agent,
       agentExecPath,
       agentVersion,
-      lockSrc,
       lockPath,
+      lockSrc,
       minimumNodeVersion,
+      npmExecPath,
       pkgJson,
       pkgPath,
       supported
@@ -1696,6 +1804,10 @@ const optimize = optimize$1.optimize = {
       console.log(`✘ ${COMMAND_TITLE}: No supported Node or browser range detected`);
       return;
     }
+    if (agent === 'vlt') {
+      console.log(`✘ ${COMMAND_TITLE}: ${agent} does not support overrides. Soon, though ⚡`);
+      return;
+    }
     const lockName = lockPath ? _nodePath$2.basename(lockPath) : 'lock file';
     if (lockSrc === undefined) {
       console.log(`✘ ${COMMAND_TITLE}: No ${lockName} found`);
@@ -1717,11 +1829,9 @@ const optimize = optimize$1.optimize = {
       console.log(`⚠️ ${COMMAND_TITLE}: Package ${lockName} found at ${lockPath}`);
     }
     const spinner = (0, _ora$i.default)('Socket optimizing...');
-    const state = {
-      added: new Set(),
-      spinner,
-      updated: new Set()
-    };
+    const state = createAddOverridesState({
+      spinner
+    });
     spinner.start();
     const nodeRange = `>=${minimumNodeVersion}`;
     const manifestEntries = manifestNpmOverrides.filter(({
@@ -1732,6 +1842,7 @@ const optimize = optimize$1.optimize = {
       agentExecPath,
       lockSrc,
       manifestEntries,
+      npmExecPath,
       pin,
       pkgJson,
       pkgPath,
@@ -1739,13 +1850,15 @@ const optimize = optimize$1.optimize = {
       rootPath: pkgPath
     }, state);
     spinner.stop();
-    const pkgJsonChanged = state.added.size > 0 || state.updated.size > 0;
+    const addedCount = state.added.size;
+    const updatedCount = state.updated.size;
+    const pkgJsonChanged = addedCount > 0 || updatedCount > 0;
     if (pkgJsonChanged) {
-      if (state.updated.size > 0) {
-        console.log(`Updated ${state.updated.size} Socket.dev optimized overrides ${state.added.size ? '.' : '🚀'}`);
+      if (updatedCount > 0) {
+        console.log(`${createActionMessage('Updated', updatedCount, state.updatedInWorkspaces.size)}${addedCount ? '.' : '🚀'}`);
       }
-      if (state.added.size > 0) {
-        console.log(`Added ${state.added.size} Socket.dev optimized overrides 🚀`);
+      if (addedCount > 0) {
+        console.log(`${createActionMessage('Added', addedCount, state.addedInWorkspaces.size)} 🚀`);
       }
     } else {
       console.log('Congratulations! Already Socket.dev optimized 🎉');
@@ -1759,7 +1872,7 @@ const optimize = optimize$1.optimize = {
         if (isNpm) {
           const wrapperPath = _nodePath$2.join(distPath$1, 'npm-cli.js');
           await _promiseSpawn$2(process.execPath, [wrapperPath, 'install', '--no-audit', '--no-fund'], {
-            stdio: 'pipe',
+            stdio: 'ignore',
             env: {
               ...process.env,
               UPDATE_SOCKET_OVERRIDES_IN_PACKAGE_LOCK_FILE: '1'
@@ -1768,7 +1881,7 @@ const optimize = optimize$1.optimize = {
         } else {
           // All package managers support the "install" command.
           await _promiseSpawn$2(agentExecPath, ['install'], {
-            stdio: 'pipe'
+            stdio: 'ignore'
           });
         }
         spinner.stop();
@@ -2397,8 +2510,8 @@ async function meowWithSubcommands(subcommands, options) {
   const {
     aliases = {},
     argv,
-    name,
     importMeta,
+    name,
     ...additionalOptions
   } = {
     __proto__: null,
@@ -2526,8 +2639,8 @@ function setupCommand$f(name, description, argv, importMeta) {
     return;
   }
   const {
-    enable,
-    disable
+    disable,
+    enable
   } = cli.flags;
   let showHelp = cli.flags['help'];
   if (!enable && !disable) {
@@ -2774,8 +2887,8 @@ async function setupCommand$e(name, description, argv, importMeta) {
   const debugLog = (0, _misc.createDebugLogger)(false);
   const packagePaths = await (0, _pathResolve.getPackageFilesFullScans)(cwd, cli.input, supportedFiles, debugLog);
   const {
-    repo: repoName,
-    branch: branchName
+    branch: branchName,
+    repo: repoName
   } = cli.flags;
   if (!repoName || !branchName || !packagePaths.length) {
     showHelp = true;
@@ -2805,14 +2918,14 @@ async function setupCommand$e(name, description, argv, importMeta) {
 async function createFullScan(input, spinner, apiKey) {
   const socketSdk = await (0, _sdk$e.setupSdk)(apiKey);
   const {
-    orgSlug,
-    repoName,
     branchName,
     commitMessage,
     defaultBranch,
+    orgSlug,
+    packagePaths,
     pendingHead,
-    tmp,
-    packagePaths
+    repoName,
+    tmp
   } = input;
   const result = await (0, _apiHelpers$e.handleApiCall)(socketSdk.createOrgFullScan(orgSlug, {
     repo: repoName,
@@ -4117,8 +4230,8 @@ function setupCommand$3(name, description, argv, importMeta) {
   });
   const {
     json: outputJson,
-    markdown: outputMarkdown,
     limit,
+    markdown: outputMarkdown,
     offset
   } = cli.flags;
   return {
@@ -4588,8 +4701,8 @@ function setupCommand$1(name, description, argv, importMeta) {
     flags
   });
   const {
-    before,
-    after
+    after,
+    before
   } = cli.flags;
   let showHelp = cli.flags['help'];
   if (!before || !after) {
@@ -4615,10 +4728,10 @@ function setupCommand$1(name, description, argv, importMeta) {
   };
 }
 async function getDiffScan({
-  before,
   after,
-  orgSlug,
+  before,
   file,
+  orgSlug,
   outputJson
 }, spinner, apiKey) {
   const response = await (0, _apiHelpers$1.queryAPI)(`${orgSlug}/full-scans/diff?before=${before}&after=${after}&preview`, apiKey);
@@ -4764,12 +4877,12 @@ function setupCommand(name, description, argv, importMeta) {
     flags
   });
   const {
+    direction,
+    filter,
     json: outputJson,
     markdown: outputMarkdown,
-    perPage: per_page,
     page,
-    direction,
-    filter
+    perPage: per_page
   } = cli.flags;
   return {
     outputJson,
@@ -4781,11 +4894,11 @@ function setupCommand(name, description, argv, importMeta) {
   };
 }
 async function fetchThreatFeed({
-  per_page,
-  page,
   direction,
   filter,
-  outputJson
+  outputJson,
+  page,
+  per_page
 }, spinner, apiKey) {
   const formattedQueryParams = formatQueryParams({
     per_page,