socket 0.14.40-alpha.9 → 0.14.40

package/dist/require/cli.js

@@ -10,6 +10,7 @@ function _socketInterop(e) {
   return c ? e.default : e
 }
 
+var process$1 = require('node:process');
 var require$$0 = require('node:url');
 var ponyCause = _socketInterop(require('pony-cause'));
 var vendor = require('./vendor.js');
@@ -22,7 +23,12 @@ var words = require('@socketsecurity/registry/lib/words');
 var constants = require('./constants.js');
 var spinner = require('@socketsecurity/registry/lib/spinner');
 var spawn = _socketInterop(require('@npmcli/promise-spawn'));
-var sdk = require('./sdk.js');
+var objects = require('@socketsecurity/registry/lib/objects');
+var pathResolve = require('./path-resolve.js');
+var registryConstants = require('@socketsecurity/registry/lib/constants');
+var socketUrl = require('./socket-url.js');
+var terminalLink = _socketInterop(require('terminal-link'));
+var isInteractive = require('@socketregistry/is-interactive/index.cjs');
 var prompts = require('@socketsecurity/registry/lib/prompts');
 var fs$1 = require('node:fs/promises');
 var npa = _socketInterop(require('npm-package-arg'));
@@ -30,20 +36,17 @@ var semver = _socketInterop(require('semver'));
 var tinyglobby = _socketInterop(require('tinyglobby'));
 var yaml = _socketInterop(require('yaml'));
 var registry = require('@socketsecurity/registry');
-var objects = require('@socketsecurity/registry/lib/objects');
 var packages = require('@socketsecurity/registry/lib/packages');
 var promises = require('@socketsecurity/registry/lib/promises');
 var regexps = require('@socketsecurity/registry/lib/regexps');
 var strings = require('@socketsecurity/registry/lib/strings');
 var browserslist = _socketInterop(require('browserslist'));
 var which = _socketInterop(require('which'));
-var hyrious__bun_lockb = require('@socketregistry/hyrious__bun.lockb');
-var pathResolve = require('./path-resolve.js');
+var index_cjs = require('@socketregistry/hyrious__bun.lockb/index.cjs');
 var betterAjvErrors = _socketInterop(require('@apideck/better-ajv-errors'));
 var config = require('@socketsecurity/config');
 var os = require('node:os');
 var readline = require('node:readline');
-var process$1 = require('node:process');
 var readline$1 = require('node:readline/promises');
 var chalkTable = _socketInterop(require('chalk-table'));
 var ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'));
@@ -54,7 +57,7 @@ var require$$0$1 = require('node:util');
 var TableWidget = _socketInterop(require('blessed-contrib/lib/widget/table'));
 
 const {
-  NPM: NPM$4,
+  NPM: NPM$5,
   PNPM: PNPM$2,
   cdxgenBinPath,
   synpBinPath
@@ -65,10 +68,10 @@ const {
   SBOM_SIGN_PRIVATE_KEY,
   // Location to the RSA private key
   SBOM_SIGN_PUBLIC_KEY // Optional. Location to the RSA public key
-} = process.env;
+} = process$1.env;
 const toLower = arg => arg.toLowerCase();
 const arrayToLower = arg => arg.map(toLower);
-const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$4, PNPM$2, 'ts', 'tsx', 'typescript']);
+const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$5, PNPM$2, 'ts', 'tsx', 'typescript']);
 const yargsConfig = {
   configuration: {
     'camel-case-expansion': false,
@@ -172,20 +175,20 @@ const cdxgen = {
       length: unknownLength
     } = unknown;
     if (unknownLength) {
-      process.exitCode = 1;
+      process$1.exitCode = 1;
       console.error(`Unknown ${words.pluralize('argument', unknownLength)}: ${yargv._.join(', ')}`);
       return;
     }
     let cleanupPackageLock = false;
     if (yargv.type !== 'yarn' && nodejsPlatformTypes.has(yargv.type) && fs.existsSync('./yarn.lock')) {
       if (fs.existsSync('./package-lock.json')) {
-        yargv.type = NPM$4;
+        yargv.type = NPM$5;
       } else {
         // Use synp to create a package-lock.json from the yarn.lock,
         // based on the node_modules folder, for a more accurate SBOM.
         try {
           await npm$1.runBin(await fs.promises.realpath(synpBinPath), ['--source-file', './yarn.lock']);
-          yargv.type = NPM$4;
+          yargv.type = NPM$5;
           cleanupPackageLock = true;
         } catch {}
       }
@@ -207,7 +210,7 @@ const cdxgen = {
         await fs.promises.rm('./package-lock.json');
       } catch {}
     }
-    const fullOutputPath = path.join(process.cwd(), yargv.output);
+    const fullOutputPath = path.join(process$1.cwd(), yargv.output);
     if (fs.existsSync(fullOutputPath)) {
       console.log(colors.cyanBright(`${yargv.output} created!`));
     }
@@ -217,45 +220,62 @@ const cdxgen = {
 const {
   abortSignal: abortSignal$3
 } = constants;
-async function shadowNpmInstall(opts) {
+function shadowNpmInstall(opts) {
   const {
     flags = [],
+    ipc,
     ...spawnOptions
   } = {
     __proto__: null,
     ...opts
   };
-  // Lazily access constants.ENV.
-  const {
-    SOCKET_CLI_DEBUG
-  } = constants.ENV;
-  return await spawn(
+  const useIpc = objects.isObject(ipc);
+  const useDebug = pathResolve.isDebug();
+  const promise = spawn(
   // Lazily access constants.execPath.
   constants.execPath, [
   // Lazily access constants.rootBinPath.
-  path.join(constants.rootBinPath, 'npm-cli.js'), 'install', ...(SOCKET_CLI_DEBUG ? ['silent'] : []), ...flags], {
+  path.join(constants.rootBinPath, 'npm-cli.js'), 'install',
+  // Even though the 'silent' flag is passed npm will still run through code
+  // paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund' flags
+  // are passed.
+  ...(useDebug ? ['--no-audit', '--no-fund'] : ['silent', '--no-audit', '--no-fund']), ...flags], {
     signal: abortSignal$3,
-    // Lazily access constants.ENV.
-    stdio: SOCKET_CLI_DEBUG ? 'inherit' : 'ignore',
+    // Set stdio to include 'ipc'.
+    // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
+    // and https://github.com/nodejs/node/blob/v23.6.0/lib/internal/child_process.js#L238.
+    stdio: useDebug ?
+    // 'inherit'
+    useIpc ? [0, 1, 2, 'ipc'] : 'inherit' :
+    // 'ignore'
+    useIpc ? ['ignore', 'ignore', 'ignore', 'ipc'] : 'ignore',
     ...spawnOptions,
     env: {
-      ...process.env,
+      ...process$1.env,
       ...spawnOptions.env
     }
   });
+  if (useIpc) {
+    promise.process.send(ipc);
+  }
+  return promise;
 }
 
 const {
-  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE
+  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
+  SOCKET_IPC_HANDSHAKE: SOCKET_IPC_HANDSHAKE$1
 } = constants;
 const fix = {
   description: 'Fix "fixable" Socket alerts',
+  hidden: true,
   async run() {
     const spinner$1 = new spinner.Spinner().start();
     try {
       await shadowNpmInstall({
-        env: {
-          [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: '1'
+        ipc: {
+          [SOCKET_IPC_HANDSHAKE$1]: {
+            [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: true
+          }
         }
       });
     } catch (e) {
@@ -322,10 +342,10 @@ function handleUnsuccessfulApiResponse(_name, result, spinner) {
   const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
   if (result.status === 401 || result.status === 403) {
     spinner.stop();
-    throw new sdk.AuthError(message);
+    throw new socketUrl.AuthError(message);
   }
   spinner.error(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
-  process.exit(1);
+  process$1.exit(1);
 }
 async function handleApiCall(value, description) {
   let result;
@@ -370,6 +390,46 @@ function pick(input, keys) {
   return result;
 }
 
+function getFlagListOutput(list, indent, {
+  keyPrefix = '--',
+  padName
+} = {}) {
+  return getHelpListOutput({
+    ...list
+  }, indent, {
+    keyPrefix,
+    padName
+  });
+}
+function getHelpListOutput(list, indent, {
+  keyPrefix = '',
+  padName = 18
+} = {}) {
+  let result = '';
+  const names = Object.keys(list).sort();
+  for (const name of names) {
+    const rawDescription = list[name];
+    const description = (typeof rawDescription === 'object' ? rawDescription.description : rawDescription) || '';
+    result += ''.padEnd(indent) + (keyPrefix + name).padEnd(padName) + description + '\n';
+  }
+  return result.trim();
+}
+
+function stringJoinWithSeparateFinalSeparator(list, separator = ' and ') {
+  const values = list.filter(Boolean);
+  const {
+    length
+  } = values;
+  if (!length) {
+    return '';
+  }
+  if (length === 1) {
+    return values[0];
+  }
+  const finalValue = values.pop();
+  return `${values.join(', ')}${separator}${finalValue}`;
+}
+
 const SEVERITIES_BY_ORDER = ['critical', 'high', 'middle', 'low'];
 function getDesiredSeverities(lowestToInclude) {
   const result = [];
@@ -388,7 +448,7 @@ function formatSeverityCount(severityCount) {
       summary.push(`${severityCount[severity]} ${severity}`);
     }
   }
-  return sdk.stringJoinWithSeparateFinalSeparator(summary);
+  return stringJoinWithSeparateFinalSeparator(summary);
 }
 function getSeverityCount(issues, lowestToInclude) {
   const severityCount = pick({
@@ -398,7 +458,9 @@ function getSeverityCount(issues, lowestToInclude) {
     critical: 0
   }, getDesiredSeverities(lowestToInclude));
   for (const issue of issues) {
-    const value = issue.value;
+    const {
+      value
+    } = issue;
     if (!value) {
       continue;
     }
@@ -409,34 +471,9 @@ function getSeverityCount(issues, lowestToInclude) {
   return severityCount;
 }
 
-function printFlagList(list, indent, {
-  keyPrefix = '--',
-  padName
-} = {}) {
-  return printHelpList({
-    ...list
-  }, indent, {
-    keyPrefix,
-    padName
-  });
-}
-function printHelpList(list, indent, {
-  keyPrefix = '',
-  padName = 18
-} = {}) {
-  let result = '';
-  const names = Object.keys(list).sort();
-  for (const name of names) {
-    const rawDescription = list[name];
-    const description = (typeof rawDescription === 'object' ? rawDescription.description : rawDescription) || '';
-    result += ''.padEnd(indent) + (keyPrefix + name).padEnd(padName) + description + '\n';
-  }
-  return result.trim();
-}
-
 const {
-  SOCKET_PUBLIC_API_KEY: SOCKET_PUBLIC_API_KEY$1
-} = constants;
+  NPM: NPM$4
+} = registryConstants;
 const info = {
   description: 'Look up info regarding a package',
   async run(argv, importMeta, {
@@ -473,7 +510,7 @@ function setupCommand$m(name, description, argv, importMeta) {
       $ ${name} <name>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} webtorrent
@@ -485,7 +522,7 @@ function setupCommand$m(name, description, argv, importMeta) {
     flags
   });
   if (cli.input.length > 1) {
-    throw new sdk.InputError('Only one package lookup supported at once');
+    throw new socketUrl.InputError('Only one package lookup supported at once');
   }
   const {
     0: rawPkgName = ''
@@ -513,7 +550,7 @@ function setupCommand$m(name, description, argv, importMeta) {
 async function fetchPackageData(pkgName, pkgVersion, {
   includeAllIssues
 }, spinner) {
-  const socketSdk = await sdk.setupSdk(sdk.getDefaultKey() ?? SOCKET_PUBLIC_API_KEY$1);
+  const socketSdk = await socketUrl.setupSdk(socketUrl.getPublicToken());
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package');
   const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score');
   if (result.success === false) {
@@ -560,8 +597,8 @@ function formatPackageDataOutput({
     } else {
       spinner.success('Package has no issues');
     }
-    const format = new sdk.ColorOrMarkdown(!!outputMarkdown);
-    const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`;
+    const format = new socketUrl.ColorOrMarkdown(!!outputMarkdown);
+    const url = socketUrl.getSocketDevPackageOverviewUrl(NPM$4, pkgName, pkgVersion);
     console.log('\n');
     if (pkgVersion === 'latest') {
       console.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName}`, url, {
@@ -577,7 +614,7 @@ function formatPackageDataOutput({
     }
   }
   if (strict && objectSome(severityCount)) {
-    process.exit(1);
+    process$1.exit(1);
   }
 }
 function formatPackageIssuesDetails(packageData, outputMarkdown) {
@@ -598,9 +635,9 @@ function formatPackageIssuesDetails(packageData, outputMarkdown) {
     }
     return acc;
   }, {});
-  const format = new sdk.ColorOrMarkdown(!!outputMarkdown);
+  const format = new socketUrl.ColorOrMarkdown(!!outputMarkdown);
   for (const issue of Object.keys(uniqueIssues)) {
-    const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, `https://socket.dev/npm/issue/${issue}`, {
+    const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, socketUrl.getSocketDevAlertUrl(issue), {
       fallbackToUrl: true
     });
     if (uniqueIssues[issue]?.count === 1) {
@@ -620,7 +657,7 @@ function formatScore(score) {
 }
 
 const {
-  SOCKET_PUBLIC_API_KEY
+  SOCKET_PUBLIC_API_TOKEN
 } = constants;
 const description$5 = 'Socket API login';
 const flags = {
@@ -649,7 +686,7 @@ const login = {
       Logs into the Socket API by prompting for an API key
 
       Options
-        ${printFlagList({
+        ${getFlagListOutput({
       'api-base-url': flags['apiBaseUrl'].description,
       'api-proxy': flags['apiProxy'].description
     }, 8)}
@@ -670,25 +707,25 @@ const login = {
       cli.showHelp();
       return;
     }
-    if (!vendor.isInteractive()) {
-      throw new sdk.InputError('Cannot prompt for credentials in a non-interactive shell');
+    if (!isInteractive()) {
+      throw new socketUrl.InputError('Cannot prompt for credentials in a non-interactive shell');
     }
-    const apiKey = (await prompts.password({
-      message: `Enter your ${vendor.terminalLink('Socket.dev API key', 'https://docs.socket.dev/docs/api-keys')} (leave blank for a public key)`
-    })) || SOCKET_PUBLIC_API_KEY;
+    const apiToken = (await prompts.password({
+      message: `Enter your ${terminalLink('Socket.dev API key', 'https://docs.socket.dev/docs/api-keys')} (leave blank for a public key)`
+    })) || SOCKET_PUBLIC_API_TOKEN;
     let apiBaseUrl = cli.flags['apiBaseUrl'];
-    apiBaseUrl ??= sdk.getSetting('apiBaseUrl') ?? undefined;
+    apiBaseUrl ??= socketUrl.getSetting('apiBaseUrl') ?? undefined;
     let apiProxy = cli.flags['apiProxy'];
-    apiProxy ??= sdk.getSetting('apiProxy') ?? undefined;
+    apiProxy ??= socketUrl.getSetting('apiProxy') ?? undefined;
     const spinner$1 = new spinner.Spinner({
       text: 'Verifying API key...'
     }).start();
     let orgs;
     try {
-      const sdk$1 = await sdk.setupSdk(apiKey, apiBaseUrl, apiProxy);
-      const result = await sdk$1.getOrganizations();
+      const sdk = await socketUrl.setupSdk(apiToken, apiBaseUrl, apiProxy);
+      const result = await sdk.getOrganizations();
       if (!result.success) {
-        throw new sdk.AuthError();
+        throw new socketUrl.AuthError();
       }
       orgs = result.data;
       spinner$1.success('API key verified');
@@ -725,12 +762,13 @@ const login = {
         }
       }
     }
-    sdk.updateSetting('enforcedOrgs', enforcedOrgs);
-    const oldKey = sdk.getSetting('apiKey');
-    sdk.updateSetting('apiKey', apiKey);
-    sdk.updateSetting('apiBaseUrl', apiBaseUrl);
-    sdk.updateSetting('apiProxy', apiProxy);
-    spinner$1.success(`API credentials ${oldKey ? 'updated' : 'set'}`);
+    socketUrl.updateSetting('enforcedOrgs', enforcedOrgs);
+    // TODO: Rename the 'apiKey' setting to 'apiToken'.
+    const oldToken = socketUrl.getSetting('apiKey');
+    socketUrl.updateSetting('apiKey', apiToken);
+    socketUrl.updateSetting('apiBaseUrl', apiBaseUrl);
+    socketUrl.updateSetting('apiProxy', apiProxy);
+    spinner$1.success(`API credentials ${oldToken ? 'updated' : 'set'}`);
   }
 };
 
@@ -762,10 +800,10 @@ const logout = {
       cli.showHelp();
       return;
     }
-    sdk.updateSetting('apiKey', null);
-    sdk.updateSetting('apiBaseUrl', null);
-    sdk.updateSetting('apiProxy', null);
-    sdk.updateSetting('enforcedOrgs', null);
+    socketUrl.updateSetting('apiKey', null);
+    socketUrl.updateSetting('apiBaseUrl', null);
+    socketUrl.updateSetting('apiProxy', null);
+    socketUrl.updateSetting('enforcedOrgs', null);
     new spinner.Spinner().success('Successfully logged out');
   }
 };
@@ -801,7 +839,7 @@ function existsSync(filepath) {
   return false;
 }
 async function findUp(name, {
-  cwd = process.cwd()
+  cwd = process$1.cwd()
 }) {
   let dir = path.resolve(cwd);
   const {
@@ -843,6 +881,7 @@ const {
   NPM: NPM$2,
   PNPM: PNPM$1,
   VLT: VLT$1,
+  YARN,
   YARN_BERRY: YARN_BERRY$1,
   YARN_CLASSIC: YARN_CLASSIC$1
 } = constants;
@@ -853,10 +892,20 @@ const {
   numeric: true,
   sensitivity: 'base'
 });
+const binByAgent = {
+  __proto__: null,
+  [BUN$1]: BUN$1,
+  [NPM$2]: NPM$2,
+  [PNPM$1]: PNPM$1,
+  [YARN_BERRY$1]: YARN,
+  [YARN_CLASSIC$1]: YARN,
+  [VLT$1]: VLT$1
+};
 async function getAgentExecPath(agent) {
-  return (await which(agent, {
+  const binName = binByAgent[agent];
+  return (await which(binName, {
     nothrow: true
-  })) ?? agent;
+  })) ?? binName;
 }
 async function getAgentVersion(agentExecPath, cwd) {
   let result;
@@ -912,7 +961,7 @@ const readLockFileByAgent = (() => {
         const lockBuffer = await binaryReader(lockPath);
         if (lockBuffer) {
           try {
-            return hyrious__bun_lockb.parse(lockBuffer);
+            return index_cjs.parse(lockBuffer);
           } catch {}
         }
         // To print a Yarn lockfile to your console without writing it to disk
@@ -930,7 +979,7 @@ const readLockFileByAgent = (() => {
   };
 })();
 async function detect({
-  cwd = process.cwd(),
+  cwd = process$1.cwd(),
   onUnknown
 } = {}) {
   let lockPath = await findUp(Object.keys(LOCKS), {
@@ -1041,6 +1090,7 @@ const {
   PNPM,
   RESOLUTIONS,
   SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE,
+  SOCKET_IPC_HANDSHAKE,
   VLT,
   YARN_BERRY,
   YARN_CLASSIC,
@@ -1052,6 +1102,7 @@ const PNPM_FIELD_NAME = PNPM;
 const PNPM_WORKSPACE = `${PNPM}-workspace`;
 const manifestNpmOverrides = registry.getManifestData(NPM$1);
 const getOverridesDataByAgent = {
+  __proto__: null,
   [BUN](pkgJson) {
     const overrides = pkgJson?.[RESOLUTIONS] ?? {};
     return {
@@ -1120,6 +1171,7 @@ const lockIncludesByAgent = (() => {
     `(?<=(?:^\\s*|,\\s*)"?)${escapedName}(?=@)`, 'm').test(lockSrc);
   }
   return {
+    __proto__: null,
     [BUN](lockSrc, name, lockBasename) {
       // This is a bit counterintuitive. When lockBasename ends with a .lockb
       // we treat it as a yarn.lock. When lockBasename ends with a .lock we
@@ -1242,6 +1294,7 @@ const updateManifestByAgent = (() => {
     updatePkgJson(editablePkgJson, RESOLUTIONS, overrides);
   }
   return {
+    __proto__: null,
     [BUN]: updateResolutions,
     [NPM$1]: updateOverrides,
     [PNPM](editablePkgJson, overrides) {
@@ -1303,6 +1356,7 @@ const lsByAgent = (() => {
     return cleanupQueryStdout(stdout);
   }
   return {
+    __proto__: null,
     async [BUN](agentExecPath, cwd) {
       try {
         // Bun does not support filtering by production packages yet.
@@ -1380,6 +1434,7 @@ const depsIncludesByAgent = (() => {
     return stdout.includes(`"${name}"`);
   }
   return {
+    __proto__: null,
     [BUN]: matchHumanStdout,
     [NPM$1]: matchQueryStdout,
     [PNPM]: matchQueryStdout,
@@ -1562,7 +1617,7 @@ async function addOverrides({
           const oldSpec = overrideExists ? overrides[origPkgName] : undefined;
           const depAlias = depAliasMap.get(origPkgName);
           const regSpecStartsLike = `${NPM$1}:${regPkgName}@`;
-          let newSpec = `${regSpecStartsLike}^${pin ? version : major}`;
+          let newSpec = `${regSpecStartsLike}${pin ? version : `^${major}`}`;
           let thisVersion = version;
           if (depAlias && type === NPM$1) {
             // With npm one may not set an override for a package that one directly
@@ -1579,7 +1634,7 @@ async function addOverrides({
               if (pin) {
                 thisVersion = semver.major(semver.coerce(npa(thisSpec).rawSpec)?.version ?? version) === major ? version : (await packages.fetchPackageManifest(thisSpec))?.version ?? version;
               }
-              newSpec = `${regSpecStartsLike}^${pin ? thisVersion : semver.major(thisVersion)}`;
+              newSpec = `${regSpecStartsLike}${pin ? thisVersion : `^${semver.major(thisVersion)}`}`;
             } else {
               newSpec = oldSpec;
             }
@@ -1647,7 +1702,7 @@ const optimize = {
       pin,
       prod
     } = commandContext;
-    const cwd = process.cwd();
+    const cwd = process$1.cwd();
     const {
       agent,
       agentExecPath,
@@ -1739,19 +1794,20 @@ const optimize = {
       spinner$1.start(`Updating ${lockName}...`);
       try {
         if (isNpm) {
-          await shadowNpmInstall({
-            env: {
-              [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
+          const ipc = {
+            [SOCKET_IPC_HANDSHAKE]: {
+              [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: true
             }
+          };
+          await shadowNpmInstall({
+            ipc
           });
           // TODO: This is a temporary workaround for a `npm ci` bug where it
           // will error out after Socket Optimize generates a lock file. More
           // investigation is needed.
           await shadowNpmInstall({
             flags: ['--ignore-scripts', '--package-lock-only'],
-            env: {
-              [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
-            }
+            ipc
           });
         } else {
           // All package managers support the "install" command.
@@ -1793,7 +1849,7 @@ function setupCommand$l(name, description, argv, importMeta) {
       $ ${name}
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name}
@@ -1841,14 +1897,14 @@ function setupCommand$k(name, description, argv, importMeta) {
   });
 }
 async function fetchOrganizations() {
-  const apiKey = sdk.getDefaultKey();
+  const apiKey = socketUrl.getDefaultToken();
   if (!apiKey) {
-    throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+    throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   const spinner$1 = new spinner.Spinner({
     text: 'Fetching organizations...'
   }).start();
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrganizations(), 'looking up organizations');
   if (result.success === false) {
     handleUnsuccessfulApiResponse('getOrganizations', result, spinner$1);
@@ -1888,7 +1944,7 @@ async function setupCommand$j(name, description, argv, importMeta) {
       $ ${name} <${binName$1} command>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} install
@@ -1913,7 +1969,7 @@ async function setupCommand$j(name, description, argv, importMeta) {
     // The exit code 127 indicates that the command or binary being executed
     // could not be found.
     console.error(`Socket unable to locate ${binName$1}; ensure it is available in the PATH environment variable.`);
-    process.exit(127);
+    process$1.exit(127);
   }
   const spawnPromise = spawn(binPath, argv, {
     signal: abortSignal$1,
@@ -1925,9 +1981,9 @@ async function setupCommand$j(name, description, argv, importMeta) {
       return;
     }
     if (signalName) {
-      process.kill(process.pid, signalName);
+      process$1.kill(process$1.pid, signalName);
     } else if (code !== null) {
-      process.exit(code);
+      process$1.exit(code);
     }
   });
   await spawnPromise;
@@ -1956,7 +2012,7 @@ async function setupCommand$i(name, description, argv, importMeta) {
       $ ${name} <${binName} command>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} install
@@ -1981,7 +2037,7 @@ async function setupCommand$i(name, description, argv, importMeta) {
     // The exit code 127 indicates that the command or binary being executed
     // could not be found.
     console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
-    process.exit(127);
+    process$1.exit(127);
   }
   const spawnPromise = spawn(binPath, argv, {
     signal: abortSignal,
@@ -1993,9 +2049,9 @@ async function setupCommand$i(name, description, argv, importMeta) {
       return;
     }
     if (signalName) {
-      process.kill(process.pid, signalName);
+      process$1.kill(process$1.pid, signalName);
     } else if (code !== null) {
-      process.exit(code);
+      process$1.exit(code);
     }
   });
   await spawnPromise;
@@ -2031,7 +2087,7 @@ function setupCommand$h(name, description, argv, importMeta) {
       $ ${name} <report-identifier>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
@@ -2053,7 +2109,7 @@ function setupCommand$h(name, description, argv, importMeta) {
   }
   // Validate the input.
   if (extraInput.length) {
-    throw new sdk.InputError(`Can only handle a single report ID at a time, but got ${cli.input.length} report ID:s: ${cli.input.join(', ')}`);
+    throw new socketUrl.InputError(`Can only handle a single report ID at a time, but got ${cli.input.length} report ID:s: ${cli.input.join(', ')}`);
   }
   return {
     includeAllIssues: cli.flags['all'],
@@ -2069,7 +2125,7 @@ async function fetchReportData(reportId, {
   strict
 }) {
   // Do the API call
-  const socketSdk = await sdk.setupSdk();
+  const socketSdk = await socketUrl.setupSdk();
   const spinner$1 = new spinner.Spinner({
     text: `Fetching report with ID ${reportId} (this could take a while)`
   }).start();
@@ -2115,7 +2171,7 @@ function formatReportDataOutput(data, {
   if (outputJson) {
     console.log(JSON.stringify(data, undefined, 2));
   } else {
-    const format = new sdk.ColorOrMarkdown(!!outputMarkdown);
+    const format = new socketUrl.ColorOrMarkdown(!!outputMarkdown);
     console.log('\nDetailed info on socket.dev: ' + format.hyperlink(reportId, data.url, {
       fallbackToUrl: true
     }));
@@ -2124,7 +2180,7 @@ function formatReportDataOutput(data, {
     }
   }
   if (strict && data.healthy === false) {
-    process.exit(1);
+    process$1.exit(1);
   }
 }
 
@@ -2139,7 +2195,6 @@ const create$2 = {
       const {
         config,
         cwd,
-        debugLog,
         dryRun,
         includeAllIssues,
         outputJson,
@@ -2151,7 +2206,6 @@ const create$2 = {
       const result = input && (await createReport(packagePaths, {
         config,
         cwd,
-        debugLog,
         dryRun
       }));
       if (result && view) {
@@ -2187,12 +2241,6 @@ async function setupCommand$g(name, description, argv, importMeta) {
     ...commonFlags,
     ...outputFlags,
     ...validationFlags,
-    debug: {
-      type: 'boolean',
-      shortFlag: 'd',
-      default: false,
-      description: 'Output debug information'
-    },
     dryRun: {
       type: 'boolean',
       default: false,
@@ -2219,9 +2267,8 @@ async function setupCommand$g(name, description, argv, importMeta) {
     default ignores from the "ignore-by-default" module.
 
     Options
-      ${printFlagList({
+      ${getFlagListOutput({
     all: 'Include all issues',
-    debug: 'Output debug information',
     'dry-run': 'Only output what will be done without actually doing it',
     json: 'Output result as json',
     markdown: 'Output result as markdown',
@@ -2251,10 +2298,9 @@ async function setupCommand$g(name, description, argv, importMeta) {
   const {
     dryRun
   } = cli.flags;
-  const debugLog = sdk.createDebugLogger(!dryRun || cli.flags['debug']);
 
   // TODO: Allow setting a custom cwd and/or configFile path?
-  const cwd = process.cwd();
+  const cwd = process$1.cwd();
   const absoluteConfigPath = path.join(cwd, 'socket.yml');
   const config$1 = await config.readSocketConfig(absoluteConfigPath).catch(cause => {
     if (cause && typeof cause === 'object' && cause instanceof config.SocketValidationError) {
@@ -2266,14 +2312,14 @@ async function setupCommand$g(name, description, argv, importMeta) {
         errors: cause.validationErrors,
         schema: cause.schema
       });
-      throw new sdk.InputError('The socket.yml config is not valid', betterErrors.map(err => `[${err.path}] ${err.message}.${err.suggestion ? err.suggestion : ''}`).join('\n'));
+      throw new socketUrl.InputError('The socket.yml config is not valid', betterErrors.map(err => `[${err.path}] ${err.message}.${err.suggestion ? err.suggestion : ''}`).join('\n'));
     } else {
       throw new ponyCause.ErrorWithCause('Failed to read socket.yml config', {
         cause
       });
     }
   });
-  const socketSdk = await sdk.setupSdk();
+  const socketSdk = await socketUrl.setupSdk();
   const supportedFiles = await socketSdk.getReportSupportedFiles().then(res => {
     if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res, new spinner.Spinner());
     return res.data;
@@ -2282,11 +2328,10 @@ async function setupCommand$g(name, description, argv, importMeta) {
       cause
     });
   });
-  const packagePaths = await pathResolve.getPackageFiles(cwd, cli.input, config$1, supportedFiles, debugLog);
+  const packagePaths = await pathResolve.getPackageFiles(cwd, cli.input, config$1, supportedFiles);
   return {
     config: config$1,
     cwd,
-    debugLog,
     dryRun,
     includeAllIssues: cli.flags['all'],
     outputJson: cli.flags['json'],
@@ -2299,14 +2344,13 @@ async function setupCommand$g(name, description, argv, importMeta) {
 async function createReport(packagePaths, {
   config,
   cwd,
-  debugLog,
   dryRun
 }) {
-  debugLog('Uploading:', packagePaths.join(`\n${sdk.logSymbols.info} Uploading: `));
+  pathResolve.debugLog('Uploading:', packagePaths.join(`\n${pathResolve.logSymbols.info} Uploading: `));
   if (dryRun) {
     return;
   }
-  const socketSdk = await sdk.setupSdk();
+  const socketSdk = await socketUrl.setupSdk();
   const spinner$1 = new spinner.Spinner({
     text: `Creating report with ${packagePaths.length} package files`
   }).start();
@@ -2327,7 +2371,7 @@ function formatReportCreationOutput(data, {
     console.log(JSON.stringify(data, undefined, 2));
     return;
   }
-  const format = new sdk.ColorOrMarkdown(!!outputMarkdown);
+  const format = new socketUrl.ColorOrMarkdown(!!outputMarkdown);
   console.log(`New report: ${format.hyperlink(data.id, data.url, {
     fallbackToUrl: true
   })}`);
@@ -2369,13 +2413,13 @@ async function meowWithSubcommands(subcommands, options) {
       $ ${name} <command>
 
     Commands
-      ${printHelpList({
-    ...objects.toSortedObject(subcommands),
-    ...objects.toSortedObject(aliases)
+      ${getHelpListOutput({
+    ...objects.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(entry => !entry[1].hidden))),
+    ...objects.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(entry => !subcommands[entry[1]?.argv[0]]?.hidden)))
   }, 6)}
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} --help
@@ -2406,8 +2450,9 @@ const report = {
   }
 };
 
-const BASH_FILE = `${os.homedir()}/.bashrc`;
-const ZSH_BASH_FILE = `${os.homedir()}/.zshrc`;
+const HOME_DIR = os.homedir();
+const BASH_FILE = `${HOME_DIR}/.bashrc`;
+const ZSH_BASH_FILE = `${HOME_DIR}/.zshrc`;
 const wrapper = {
   description: 'Enable or disable the Socket npm/npx wrapper',
   async run(argv, importMeta, {
@@ -2423,7 +2468,7 @@ function setupCommand$f(name, description, argv, importMeta) {
       $ ${name} <flag>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} --enable
@@ -2478,21 +2523,18 @@ function setupCommand$f(name, description, argv, importMeta) {
     console.error('There was an issue setting up the alias in your bash profile');
   }
 }
-const installSafeNpm = query => {
-  console.log(`
- _____         _       _
-|   __|___ ___| |_ ___| |_
-|__   | . |  _| '_| -_|  _|
-|_____|___|___|_,_|___|_|
-
+function addAlias(file) {
+  return fs.appendFile(file, 'alias npm="socket npm"\nalias npx="socket npx"\n', err => {
+    if (err) {
+      return new Error(`There was an error setting up the alias: ${err}`);
+    }
+    console.log(`
+The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
+If you want to disable it at any time, run \`socket wrapper --disable\`
 `);
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout
   });
-  return askQuestion(rl, query);
-};
-const askQuestion = (rl, query) => {
+}
+function askQuestion(rl, query) {
   rl.question(query, ans => {
     if (ans.toLowerCase() === 'y') {
       try {
@@ -2512,19 +2554,31 @@ const askQuestion = (rl, query) => {
       rl.close();
     }
   });
-};
-const addAlias = file => {
-  return fs.appendFile(file, 'alias npm="socket npm"\nalias npx="socket npx"\n', err => {
-    if (err) {
-      return new Error(`There was an error setting up the alias: ${err}`);
-    }
-    console.log(`
-The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
-If you want to disable it at any time, run \`socket wrapper --disable\`
+}
+function checkSocketWrapperAlreadySetup(file) {
+  const fileContent = fs.readFileSync(file, 'utf8');
+  const linesWithSocketAlias = fileContent.split('\n').filter(l => l === 'alias npm="socket npm"' || l === 'alias npx="socket npx"');
+  if (linesWithSocketAlias.length) {
+    console.log(`The Socket npm/npx wrapper is set up in your bash profile (${file}).`);
+    return true;
+  }
+  return false;
+}
+function installSafeNpm(query) {
+  console.log(`
+ _____         _       _
+|   __|___ ___| |_ ___| |_
+|__   | . |  _| '_| -_|  _|
+|_____|___|___|_,_|___|_|
+
 `);
+  const rl = readline.createInterface({
+    input: process$1.stdin,
+    output: process$1.stdout
   });
-};
-const removeAlias = file => {
+  return askQuestion(rl, query);
+}
+function removeAlias(file) {
   return fs.readFile(file, 'utf8', function (err, data) {
     if (err) {
       console.error(`There was an error removing the alias: ${err}`);
@@ -2541,16 +2595,7 @@ const removeAlias = file => {
       }
     });
   });
-};
-const checkSocketWrapperAlreadySetup = file => {
-  const fileContent = fs.readFileSync(file, 'utf8');
-  const linesWithSocketAlias = fileContent.split('\n').filter(l => l === 'alias npm="socket npm"' || l === 'alias npx="socket npx"');
-  if (linesWithSocketAlias.length) {
-    console.log(`The Socket npm/npx wrapper is set up in your bash profile (${file}).`);
-    return true;
-  }
-  return false;
-};
+}
 
 const create$1 = {
   description: 'Create a scan',
@@ -2560,9 +2605,9 @@ const create$1 = {
     const name = `${parentName} create`;
     const input = await setupCommand$e(name, create$1.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Creating a scan... \n';
       const spinner$1 = new spinner.Spinner({
@@ -2639,7 +2684,7 @@ async function setupCommand$e(name, description, argv, importMeta) {
       $ ${name} [...options]
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} --org=FakeOrg --repo=test-repo --branch=main ./package.json
@@ -2660,8 +2705,8 @@ async function setupCommand$e(name, description, argv, importMeta) {
   const {
     0: orgSlug = ''
   } = cli.input;
-  const cwd = process.cwd();
-  const socketSdk = await sdk.setupSdk();
+  const cwd = process$1.cwd();
+  const socketSdk = await socketUrl.setupSdk();
   const supportedFiles = await socketSdk.getReportSupportedFiles().then(res => {
     if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res, new spinner.Spinner());
     return res.data;
@@ -2671,8 +2716,7 @@ async function setupCommand$e(name, description, argv, importMeta) {
       cause
     });
   });
-  const debugLog = sdk.createDebugLogger(false);
-  const packagePaths = await pathResolve.getPackageFilesFullScans(cwd, cli.input, supportedFiles, debugLog);
+  const packagePaths = await pathResolve.getPackageFilesFullScans(cwd, cli.input, supportedFiles);
   const {
     branch: branchName,
     repo: repoName
@@ -2703,7 +2747,7 @@ async function setupCommand$e(name, description, argv, importMeta) {
   };
 }
 async function createFullScan(input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const {
     branchName,
     commitMessage,
@@ -2748,9 +2792,9 @@ const del$1 = {
     const name = `${parentName} del`;
     const input = setupCommand$d(name, del$1.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Deleting scan...';
       const spinner$1 = new spinner.Spinner({
@@ -2773,7 +2817,7 @@ function setupCommand$d(name, description, argv, importMeta) {
       $ ${name} <org slug> <scan ID>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0
@@ -2804,7 +2848,7 @@ function setupCommand$d(name, description, argv, importMeta) {
   };
 }
 async function deleteOrgFullScan(orgSlug, fullScanId, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.deleteOrgFullScan(orgSlug, fullScanId), 'Deleting scan');
   if (result.success) {
     spinner.success('Scan deleted successfully');
@@ -2822,9 +2866,9 @@ const list$1 = {
     const name = `${parentName} list`;
     const input = setupCommand$c(name, list$1.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Listing scans... \n';
       const spinner$1 = new spinner.Spinner({
@@ -2886,7 +2930,7 @@ function setupCommand$c(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg
@@ -2921,7 +2965,7 @@ function setupCommand$c(name, description, argv, importMeta) {
   };
 }
 async function listOrgFullScan(orgSlug, input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, input), 'Listing scans');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgFullScanList', result, spinner);
@@ -2966,9 +3010,9 @@ const metadata = {
     const name = `${parentName} metadata`;
     const input = setupCommand$b(name, metadata.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = "Getting scan's metadata... \n";
       const spinner$1 = new spinner.Spinner({
@@ -2991,7 +3035,7 @@ function setupCommand$b(name, description, argv, importMeta) {
       $ ${name} <org slug> <scan id>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0
@@ -3022,7 +3066,7 @@ function setupCommand$b(name, description, argv, importMeta) {
   };
 }
 async function getOrgScanMetadata(orgSlug, scanId, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrgFullScanMetadata(orgSlug, scanId), 'Listing scans');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgFullScanMetadata', result, spinner);
@@ -3040,9 +3084,9 @@ const stream = {
     const name = `${parentName} stream`;
     const input = setupCommand$a(name, stream.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinner$1 = new spinner.Spinner({
         text: 'Streaming scan...'
@@ -3069,7 +3113,7 @@ function setupCommand$a(name, description, argv, importMeta) {
       $ ${name} <org slug> <scan ID> <path to output file>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 ./stream.txt
@@ -3102,7 +3146,7 @@ function setupCommand$a(name, description, argv, importMeta) {
   };
 }
 async function getOrgFullScan(orgSlug, fullScanId, file, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   return await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file), 'Streaming a scan');
 }
 
@@ -3135,9 +3179,9 @@ const auditLog = {
     const name = parentName + ' audit-log';
     const input = setupCommand$9(name, auditLog.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinner$1 = new spinner.Spinner({
         text: `Looking up audit log for ${input.orgSlug}\n`
@@ -3180,7 +3224,7 @@ function setupCommand$9(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg
@@ -3219,7 +3263,7 @@ function setupCommand$9(name, description, argv, importMeta) {
   };
 }
 async function fetchOrgAuditLog(orgSlug, input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, input), `Looking up audit log for ${orgSlug}\n`);
   if (!result.success) {
     handleUnsuccessfulApiResponse('getAuditLogEvents', result, spinner);
@@ -3259,9 +3303,9 @@ const create = {
     const name = `${parentName} create`;
     const input = setupCommand$8(name, create.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Creating repository... \n';
       const spinner$1 = new spinner.Spinner({
@@ -3317,7 +3361,7 @@ function setupCommand$8(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg --repoName=test-repo
@@ -3355,7 +3399,7 @@ function setupCommand$8(name, description, argv, importMeta) {
   };
 }
 async function createRepo(orgSlug, input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.createOrgRepo(orgSlug, input), 'creating repository');
   if (result.success) {
     spinner.success('Repository created successfully');
@@ -3372,9 +3416,9 @@ const del = {
     const name = `${parentName} del`;
     const input = setupCommand$7(name, del.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Deleting repository... \n';
       const spinner$1 = new spinner.Spinner({
@@ -3418,7 +3462,7 @@ function setupCommand$7(name, description, argv, importMeta) {
   };
 }
 async function deleteRepository(orgSlug, repoName, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.deleteOrgRepo(orgSlug, repoName), 'deleting repository');
   if (result.success) {
     spinner.success('Repository deleted successfully');
@@ -3436,9 +3480,9 @@ const list = {
     const name = `${parentName} list`;
     const input = setupCommand$6(name, list.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Listing repositories... \n';
       const spinner$1 = new spinner.Spinner({
@@ -3487,7 +3531,7 @@ function setupCommand$6(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg
@@ -3520,7 +3564,7 @@ function setupCommand$6(name, description, argv, importMeta) {
   };
 }
 async function listOrgRepos(orgSlug, input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrgRepoList(orgSlug, input), 'listing repositories');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgRepoList', result, spinner);
@@ -3555,9 +3599,9 @@ const update = {
     const name = `${parentName} update`;
     const input = setupCommand$5(name, update.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Updating repository... \n';
       const spinner$1 = new spinner.Spinner({
@@ -3613,7 +3657,7 @@ function setupCommand$5(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg
@@ -3651,7 +3695,7 @@ function setupCommand$5(name, description, argv, importMeta) {
   };
 }
 async function updateRepository(orgSlug, input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.updateOrgRepo(orgSlug, input.name, input), 'updating repository');
   if (result.success) {
     spinner.success('Repository updated successfully');
@@ -3669,9 +3713,9 @@ const view = {
     const name = `${parentName} view`;
     const input = setupCommand$4(name, view.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Fetching repository... \n';
       const spinner$1 = new spinner.Spinner({
@@ -3694,7 +3738,7 @@ function setupCommand$4(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg
@@ -3725,7 +3769,7 @@ function setupCommand$4(name, description, argv, importMeta) {
   };
 }
 async function viewRepository(orgSlug, repoName, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrgRepo(orgSlug, repoName), 'fetching repository');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgRepo', result, spinner);
@@ -3820,7 +3864,7 @@ function setupCommand$3(name, description, argv, importMeta) {
       $ ${name}
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name}
@@ -3848,14 +3892,14 @@ async function searchDeps({
   offset,
   outputJson
 }) {
-  const apiKey = sdk.getDefaultKey();
+  const apiKey = socketUrl.getDefaultToken();
   if (!apiKey) {
-    throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+    throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   const spinner$1 = new spinner.Spinner({
     text: 'Searching dependencies...'
   }).start();
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.searchDependencies({
     limit,
     offset
@@ -3905,9 +3949,9 @@ const analytics = {
     const name = parentName + ' analytics';
     const input = setupCommand$2(name, analytics.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinner$1 = new spinner.Spinner({
         text: 'Fetching analytics data'
@@ -3962,7 +4006,7 @@ function setupCommand$2(name, description, argv, importMeta) {
       $ ${name} --scope=<scope> --time=<time filter>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} --scope=org --time=7
@@ -3980,10 +4024,10 @@ function setupCommand$2(name, description, argv, importMeta) {
     time
   } = cli.flags;
   if (scope !== 'org' && scope !== 'repo') {
-    throw new sdk.InputError("The scope must either be 'org' or 'repo'");
+    throw new socketUrl.InputError("The scope must either be 'org' or 'repo'");
   }
   if (time !== 7 && time !== 30 && time !== 90) {
-    throw new sdk.InputError('The time filter must either be 7, 30 or 90');
+    throw new socketUrl.InputError('The time filter must either be 7, 30 or 90');
   }
   let showHelp = cli.flags['help'];
   if (scope === 'repo' && !repo) {
@@ -4004,7 +4048,7 @@ function setupCommand$2(name, description, argv, importMeta) {
 }
 const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
 async function fetchOrgAnalyticsData(time, spinner, apiKey, outputJson, filePath) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrgAnalytics(time.toString()), 'fetching analytics data');
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getOrgAnalytics', result, spinner);
@@ -4117,7 +4161,7 @@ const formatData = (data, scope) => {
   };
 };
 async function fetchRepoAnalyticsData(repo, time, spinner, apiKey, outputJson, filePath) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getRepoAnalytics(repo, time.toString()), 'fetching analytics data');
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getRepoAnalytics', result, spinner);
@@ -4205,9 +4249,9 @@ const get = {
     const name = `${parentName} get`;
     const input = setupCommand$1(name, get.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Getting diff scan... \n';
       const spinner$1 = new spinner.Spinner({
@@ -4257,7 +4301,7 @@ function setupCommand$1(name, description, argv, importMeta) {
       $ ${name} <org slug> --before=<before> --after=<after>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeCorp --before=aaa0aa0a-aaaa-0000-0a0a-0000000a00a0 --after=aaa1aa1a-aaaa-1111-1a1a-1111111a11a1
@@ -4348,7 +4392,6 @@ const diffScan = {
   }
 };
 
-// @ts-ignore
 const threatFeed = {
   description: 'Look up the threat feed',
   async run(argv, importMeta, {
@@ -4357,9 +4400,9 @@ const threatFeed = {
     const name = `${parentName} threat-feed`;
     const input = setupCommand(name, threatFeed.description, argv, importMeta);
     {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinner$1 = new spinner.Spinner({
         text: 'Looking up the threat feed'
@@ -4408,7 +4451,7 @@ function setupCommand(name, description, argv, importMeta) {
       $ ${name}
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name}
@@ -4484,7 +4527,7 @@ async function fetchThreatFeed({
     data: formattedOutput
   });
   screen.render();
-  screen.key(['escape', 'q', 'C-c'], () => process.exit(0));
+  screen.key(['escape', 'q', 'C-c'], () => process$1.exit(0));
 }
 const formatResults = data => {
   return data.map(d => {
@@ -4553,7 +4596,7 @@ void (async () => {
           argv: ['report', 'create', '--view', '--strict']
         }
       },
-      argv: process.argv.slice(2),
+      argv: process$1.argv.slice(2),
       name: 'socket',
       importMeta: {
         url: `${require$$0.pathToFileURL(__filename)}`
@@ -4563,10 +4606,10 @@ void (async () => {
     let errorBody;
     let errorTitle;
     let errorMessage = '';
-    if (err instanceof sdk.AuthError) {
+    if (err instanceof socketUrl.AuthError) {
       errorTitle = 'Authentication error';
       errorMessage = err.message;
-    } else if (err instanceof sdk.InputError) {
+    } else if (err instanceof socketUrl.InputError) {
       errorTitle = 'Invalid input';
       errorMessage = err.message;
       errorBody = err.body;
@@ -4577,10 +4620,10 @@ void (async () => {
     } else {
       errorTitle = 'Unexpected error with no details';
     }
-    console.error(`${sdk.logSymbols.error} ${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
+    console.error(`${pathResolve.logSymbols.error} ${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
     if (errorBody) {
       console.error(`\n${errorBody}`);
     }
-    process.exit(1);
+    process$1.exit(1);
   }
 })();