socket 0.14.40-alpha.9 → 0.14.41

package/dist/require/cli.js

@@ -10,6 +10,7 @@ function _socketInterop(e) {
   return c ? e.default : e
 }
 
+var process$1 = require('node:process');
 var require$$0 = require('node:url');
 var ponyCause = _socketInterop(require('pony-cause'));
 var vendor = require('./vendor.js');
@@ -22,30 +23,33 @@ var words = require('@socketsecurity/registry/lib/words');
 var constants = require('./constants.js');
 var spinner = require('@socketsecurity/registry/lib/spinner');
 var spawn = _socketInterop(require('@npmcli/promise-spawn'));
-var sdk = require('./sdk.js');
+var objects = require('@socketsecurity/registry/lib/objects');
+var pathResolve = require('./path-resolve.js');
+var registryConstants = require('@socketsecurity/registry/lib/constants');
+var socketUrl = require('./socket-url.js');
+var terminalLink = _socketInterop(require('terminal-link'));
+var isInteractive = require('@socketregistry/is-interactive/index.cjs');
 var prompts = require('@socketsecurity/registry/lib/prompts');
-var fs$1 = require('node:fs/promises');
 var npa = _socketInterop(require('npm-package-arg'));
 var semver = _socketInterop(require('semver'));
 var tinyglobby = _socketInterop(require('tinyglobby'));
 var yaml = _socketInterop(require('yaml'));
 var registry = require('@socketsecurity/registry');
-var objects = require('@socketsecurity/registry/lib/objects');
 var packages = require('@socketsecurity/registry/lib/packages');
 var promises = require('@socketsecurity/registry/lib/promises');
 var regexps = require('@socketsecurity/registry/lib/regexps');
 var strings = require('@socketsecurity/registry/lib/strings');
 var browserslist = _socketInterop(require('browserslist'));
 var which = _socketInterop(require('which'));
-var hyrious__bun_lockb = require('@socketregistry/hyrious__bun.lockb');
-var pathResolve = require('./path-resolve.js');
+var index_cjs = require('@socketregistry/hyrious__bun.lockb/index.cjs');
+var sorts = require('@socketsecurity/registry/lib/sorts');
 var betterAjvErrors = _socketInterop(require('@apideck/better-ajv-errors'));
 var config = require('@socketsecurity/config');
 var os = require('node:os');
 var readline = require('node:readline');
-var process$1 = require('node:process');
 var readline$1 = require('node:readline/promises');
 var chalkTable = _socketInterop(require('chalk-table'));
+var fs$1 = require('node:fs/promises');
 var ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'));
 var GridLayout = _socketInterop(require('blessed-contrib/lib/layout/grid'));
 var BarChart = _socketInterop(require('blessed-contrib/lib/widget/charts/bar'));
@@ -54,7 +58,7 @@ var require$$0$1 = require('node:util');
 var TableWidget = _socketInterop(require('blessed-contrib/lib/widget/table'));
 
 const {
-  NPM: NPM$4,
+  NPM: NPM$5,
   PNPM: PNPM$2,
   cdxgenBinPath,
   synpBinPath
@@ -65,10 +69,10 @@ const {
   SBOM_SIGN_PRIVATE_KEY,
   // Location to the RSA private key
   SBOM_SIGN_PUBLIC_KEY // Optional. Location to the RSA public key
-} = process.env;
+} = process$1.env;
 const toLower = arg => arg.toLowerCase();
 const arrayToLower = arg => arg.map(toLower);
-const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$4, PNPM$2, 'ts', 'tsx', 'typescript']);
+const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', NPM$5, PNPM$2, 'ts', 'tsx', 'typescript']);
 const yargsConfig = {
   configuration: {
     'camel-case-expansion': false,
@@ -172,20 +176,20 @@ const cdxgen = {
       length: unknownLength
     } = unknown;
     if (unknownLength) {
-      process.exitCode = 1;
+      process$1.exitCode = 1;
       console.error(`Unknown ${words.pluralize('argument', unknownLength)}: ${yargv._.join(', ')}`);
       return;
     }
     let cleanupPackageLock = false;
     if (yargv.type !== 'yarn' && nodejsPlatformTypes.has(yargv.type) && fs.existsSync('./yarn.lock')) {
       if (fs.existsSync('./package-lock.json')) {
-        yargv.type = NPM$4;
+        yargv.type = NPM$5;
       } else {
         // Use synp to create a package-lock.json from the yarn.lock,
         // based on the node_modules folder, for a more accurate SBOM.
         try {
           await npm$1.runBin(await fs.promises.realpath(synpBinPath), ['--source-file', './yarn.lock']);
-          yargv.type = NPM$4;
+          yargv.type = NPM$5;
           cleanupPackageLock = true;
         } catch {}
       }
@@ -207,7 +211,7 @@ const cdxgen = {
         await fs.promises.rm('./package-lock.json');
       } catch {}
     }
-    const fullOutputPath = path.join(process.cwd(), yargv.output);
+    const fullOutputPath = path.join(process$1.cwd(), yargv.output);
     if (fs.existsSync(fullOutputPath)) {
       console.log(colors.cyanBright(`${yargv.output} created!`));
     }
@@ -217,45 +221,62 @@ const cdxgen = {
 const {
   abortSignal: abortSignal$3
 } = constants;
-async function shadowNpmInstall(opts) {
+function shadowNpmInstall(opts) {
   const {
     flags = [],
+    ipc,
     ...spawnOptions
   } = {
     __proto__: null,
     ...opts
   };
-  // Lazily access constants.ENV.
-  const {
-    SOCKET_CLI_DEBUG
-  } = constants.ENV;
-  return await spawn(
+  const useIpc = objects.isObject(ipc);
+  const useDebug = pathResolve.isDebug();
+  const promise = spawn(
   // Lazily access constants.execPath.
   constants.execPath, [
   // Lazily access constants.rootBinPath.
-  path.join(constants.rootBinPath, 'npm-cli.js'), 'install', ...(SOCKET_CLI_DEBUG ? ['silent'] : []), ...flags], {
+  path.join(constants.rootBinPath, 'npm-cli.js'), 'install',
+  // Even though the '--silent' flag is passed npm will still run through
+  // code paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund'
+  // flags are passed.
+  ...(useDebug ? ['--no-audit', '--no-fund'] : ['--silent', '--no-audit', '--no-fund']), ...flags], {
     signal: abortSignal$3,
-    // Lazily access constants.ENV.
-    stdio: SOCKET_CLI_DEBUG ? 'inherit' : 'ignore',
+    // Set stdio to include 'ipc'.
+    // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
+    // and https://github.com/nodejs/node/blob/v23.6.0/lib/internal/child_process.js#L238.
+    stdio: useDebug ?
+    // 'inherit'
+    useIpc ? [0, 1, 2, 'ipc'] : 'inherit' :
+    // 'ignore'
+    useIpc ? ['ignore', 'ignore', 'ignore', 'ipc'] : 'ignore',
     ...spawnOptions,
     env: {
-      ...process.env,
+      ...process$1.env,
       ...spawnOptions.env
     }
   });
+  if (useIpc) {
+    promise.process.send(ipc);
+  }
+  return promise;
 }
 
 const {
-  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE
+  SOCKET_CLI_FIX_PACKAGE_LOCK_FILE,
+  SOCKET_IPC_HANDSHAKE: SOCKET_IPC_HANDSHAKE$1
 } = constants;
 const fix = {
   description: 'Fix "fixable" Socket alerts',
+  hidden: true,
   async run() {
     const spinner$1 = new spinner.Spinner().start();
     try {
       await shadowNpmInstall({
-        env: {
-          [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: '1'
+        ipc: {
+          [SOCKET_IPC_HANDSHAKE$1]: {
+            [SOCKET_CLI_FIX_PACKAGE_LOCK_FILE]: true
+          }
         }
       });
     } catch (e) {
@@ -313,47 +334,6 @@ const validationFlags = {
   }
 };
 
-const {
-  API_V0_URL
-} = constants;
-function handleUnsuccessfulApiResponse(_name, result, spinner) {
-  // SocketSdkErrorType['error'] is not typed.
-  const resultErrorMessage = result.error?.message;
-  const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
-  if (result.status === 401 || result.status === 403) {
-    spinner.stop();
-    throw new sdk.AuthError(message);
-  }
-  spinner.error(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
-  process.exit(1);
-}
-async function handleApiCall(value, description) {
-  let result;
-  try {
-    result = await value;
-  } catch (cause) {
-    throw new ponyCause.ErrorWithCause(`Failed ${description}`, {
-      cause
-    });
-  }
-  return result;
-}
-async function handleAPIError(code) {
-  if (code === 400) {
-    return 'One of the options passed might be incorrect.';
-  } else if (code === 403) {
-    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
-  }
-}
-async function queryAPI(path, apiKey) {
-  return await fetch(`${API_V0_URL}/${path}`, {
-    method: 'GET',
-    headers: {
-      Authorization: `Basic ${btoa(`${apiKey}:${apiKey}`)}`
-    }
-  });
-}
-
 function objectSome(obj) {
   for (const key in obj) {
     if (obj[key]) {
@@ -370,6 +350,22 @@ function pick(input, keys) {
   return result;
 }
 
+function stringJoinWithSeparateFinalSeparator(list, separator = ' and ') {
+  const values = list.filter(Boolean);
+  const {
+    length
+  } = values;
+  if (!length) {
+    return '';
+  }
+  if (length === 1) {
+    return values[0];
+  }
+  const finalValue = values.pop();
+  return `${values.join(', ')}${separator}${finalValue}`;
+}
+
+// Ordered from most severe to least.
 const SEVERITIES_BY_ORDER = ['critical', 'high', 'middle', 'low'];
 function getDesiredSeverities(lowestToInclude) {
   const result = [];
@@ -388,7 +384,7 @@ function formatSeverityCount(severityCount) {
       summary.push(`${severityCount[severity]} ${severity}`);
     }
   }
-  return sdk.stringJoinWithSeparateFinalSeparator(summary);
+  return stringJoinWithSeparateFinalSeparator(summary);
 }
 function getSeverityCount(issues, lowestToInclude) {
   const severityCount = pick({
@@ -398,7 +394,9 @@ function getSeverityCount(issues, lowestToInclude) {
     critical: 0
   }, getDesiredSeverities(lowestToInclude));
   for (const issue of issues) {
-    const value = issue.value;
+    const {
+      value
+    } = issue;
     if (!value) {
       continue;
     }
@@ -409,18 +407,59 @@ function getSeverityCount(issues, lowestToInclude) {
   return severityCount;
 }
 
-function printFlagList(list, indent, {
+const {
+  API_V0_URL
+} = constants;
+function handleUnsuccessfulApiResponse(_name, result, spinner) {
+  // SocketSdkErrorType['error'] is not typed.
+  const resultErrorMessage = result.error?.message;
+  const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
+  if (result.status === 401 || result.status === 403) {
+    spinner.stop();
+    throw new socketUrl.AuthError(message);
+  }
+  spinner.error(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
+  process$1.exit(1);
+}
+async function handleApiCall(value, description) {
+  let result;
+  try {
+    result = await value;
+  } catch (cause) {
+    throw new ponyCause.ErrorWithCause(`Failed ${description}`, {
+      cause
+    });
+  }
+  return result;
+}
+async function handleAPIError(code) {
+  if (code === 400) {
+    return 'One of the options passed might be incorrect.';
+  } else if (code === 403) {
+    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
+  }
+}
+async function queryAPI(path, apiKey) {
+  return await fetch(`${API_V0_URL}/${path}`, {
+    method: 'GET',
+    headers: {
+      Authorization: `Basic ${btoa(`${apiKey}:${apiKey}`)}`
+    }
+  });
+}
+
+function getFlagListOutput(list, indent, {
   keyPrefix = '--',
   padName
 } = {}) {
-  return printHelpList({
+  return getHelpListOutput({
     ...list
   }, indent, {
     keyPrefix,
     padName
   });
 }
-function printHelpList(list, indent, {
+function getHelpListOutput(list, indent, {
   keyPrefix = '',
   padName = 18
 } = {}) {
@@ -435,8 +474,8 @@ function printHelpList(list, indent, {
 }
 
 const {
-  SOCKET_PUBLIC_API_KEY: SOCKET_PUBLIC_API_KEY$1
-} = constants;
+  NPM: NPM$4
+} = registryConstants;
 const info = {
   description: 'Look up info regarding a package',
   async run(argv, importMeta, {
@@ -473,7 +512,7 @@ function setupCommand$m(name, description, argv, importMeta) {
       $ ${name} <name>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} webtorrent
@@ -485,7 +524,7 @@ function setupCommand$m(name, description, argv, importMeta) {
     flags
   });
   if (cli.input.length > 1) {
-    throw new sdk.InputError('Only one package lookup supported at once');
+    throw new socketUrl.InputError('Only one package lookup supported at once');
   }
   const {
     0: rawPkgName = ''
@@ -513,7 +552,7 @@ function setupCommand$m(name, description, argv, importMeta) {
 async function fetchPackageData(pkgName, pkgVersion, {
   includeAllIssues
 }, spinner) {
-  const socketSdk = await sdk.setupSdk(sdk.getDefaultKey() ?? SOCKET_PUBLIC_API_KEY$1);
+  const socketSdk = await socketUrl.setupSdk(socketUrl.getPublicToken());
   const result = await handleApiCall(socketSdk.getIssuesByNPMPackage(pkgName, pkgVersion), 'looking up package');
   const scoreResult = await handleApiCall(socketSdk.getScoreByNPMPackage(pkgName, pkgVersion), 'looking up package score');
   if (result.success === false) {
@@ -560,8 +599,8 @@ function formatPackageDataOutput({
     } else {
       spinner.success('Package has no issues');
     }
-    const format = new sdk.ColorOrMarkdown(!!outputMarkdown);
-    const url = `https://socket.dev/npm/package/${pkgName}/overview/${pkgVersion}`;
+    const format = new socketUrl.ColorOrMarkdown(!!outputMarkdown);
+    const url = socketUrl.getSocketDevPackageOverviewUrl(NPM$4, pkgName, pkgVersion);
     console.log('\n');
     if (pkgVersion === 'latest') {
       console.log(`Detailed info on socket.dev: ${format.hyperlink(`${pkgName}`, url, {
@@ -577,7 +616,7 @@ function formatPackageDataOutput({
     }
   }
   if (strict && objectSome(severityCount)) {
-    process.exit(1);
+    process$1.exit(1);
   }
 }
 function formatPackageIssuesDetails(packageData, outputMarkdown) {
@@ -598,9 +637,9 @@ function formatPackageIssuesDetails(packageData, outputMarkdown) {
     }
     return acc;
   }, {});
-  const format = new sdk.ColorOrMarkdown(!!outputMarkdown);
+  const format = new socketUrl.ColorOrMarkdown(!!outputMarkdown);
   for (const issue of Object.keys(uniqueIssues)) {
-    const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, `https://socket.dev/npm/issue/${issue}`, {
+    const issueWithLink = format.hyperlink(`${uniqueIssues[issue]?.label}`, socketUrl.getSocketDevAlertUrl(issue), {
       fallbackToUrl: true
     });
     if (uniqueIssues[issue]?.count === 1) {
@@ -620,7 +659,7 @@ function formatScore(score) {
 }
 
 const {
-  SOCKET_PUBLIC_API_KEY
+  SOCKET_PUBLIC_API_TOKEN
 } = constants;
 const description$5 = 'Socket API login';
 const flags = {
@@ -649,7 +688,7 @@ const login = {
       Logs into the Socket API by prompting for an API key
 
       Options
-        ${printFlagList({
+        ${getFlagListOutput({
       'api-base-url': flags['apiBaseUrl'].description,
       'api-proxy': flags['apiProxy'].description
     }, 8)}
@@ -670,25 +709,25 @@ const login = {
       cli.showHelp();
       return;
     }
-    if (!vendor.isInteractive()) {
-      throw new sdk.InputError('Cannot prompt for credentials in a non-interactive shell');
+    if (!isInteractive()) {
+      throw new socketUrl.InputError('Cannot prompt for credentials in a non-interactive shell');
     }
-    const apiKey = (await prompts.password({
-      message: `Enter your ${vendor.terminalLink('Socket.dev API key', 'https://docs.socket.dev/docs/api-keys')} (leave blank for a public key)`
-    })) || SOCKET_PUBLIC_API_KEY;
+    const apiToken = (await prompts.password({
+      message: `Enter your ${terminalLink('Socket.dev API key', 'https://docs.socket.dev/docs/api-keys')} (leave blank for a public key)`
+    })) || SOCKET_PUBLIC_API_TOKEN;
     let apiBaseUrl = cli.flags['apiBaseUrl'];
-    apiBaseUrl ??= sdk.getSetting('apiBaseUrl') ?? undefined;
+    apiBaseUrl ??= socketUrl.getSetting('apiBaseUrl') ?? undefined;
     let apiProxy = cli.flags['apiProxy'];
-    apiProxy ??= sdk.getSetting('apiProxy') ?? undefined;
+    apiProxy ??= socketUrl.getSetting('apiProxy') ?? undefined;
     const spinner$1 = new spinner.Spinner({
       text: 'Verifying API key...'
     }).start();
     let orgs;
     try {
-      const sdk$1 = await sdk.setupSdk(apiKey, apiBaseUrl, apiProxy);
-      const result = await sdk$1.getOrganizations();
+      const sdk = await socketUrl.setupSdk(apiToken, apiBaseUrl, apiProxy);
+      const result = await sdk.getOrganizations();
       if (!result.success) {
-        throw new sdk.AuthError();
+        throw new socketUrl.AuthError();
       }
       orgs = result.data;
       spinner$1.success('API key verified');
@@ -725,12 +764,13 @@ const login = {
         }
       }
     }
-    sdk.updateSetting('enforcedOrgs', enforcedOrgs);
-    const oldKey = sdk.getSetting('apiKey');
-    sdk.updateSetting('apiKey', apiKey);
-    sdk.updateSetting('apiBaseUrl', apiBaseUrl);
-    sdk.updateSetting('apiProxy', apiProxy);
-    spinner$1.success(`API credentials ${oldKey ? 'updated' : 'set'}`);
+    socketUrl.updateSetting('enforcedOrgs', enforcedOrgs);
+    // TODO: Rename the 'apiKey' setting to 'apiToken'.
+    const oldToken = socketUrl.getSetting('apiKey');
+    socketUrl.updateSetting('apiKey', apiToken);
+    socketUrl.updateSetting('apiBaseUrl', apiBaseUrl);
+    socketUrl.updateSetting('apiProxy', apiProxy);
+    spinner$1.success(`API credentials ${oldToken ? 'updated' : 'set'}`);
   }
 };
 
@@ -762,10 +802,10 @@ const logout = {
       cli.showHelp();
       return;
     }
-    sdk.updateSetting('apiKey', null);
-    sdk.updateSetting('apiBaseUrl', null);
-    sdk.updateSetting('apiProxy', null);
-    sdk.updateSetting('enforcedOrgs', null);
+    socketUrl.updateSetting('apiKey', null);
+    socketUrl.updateSetting('apiBaseUrl', null);
+    socketUrl.updateSetting('apiProxy', null);
+    socketUrl.updateSetting('enforcedOrgs', null);
     new spinner.Spinner().success('Successfully logged out');
   }
 };
@@ -794,48 +834,6 @@ const npx = {
   }
 };
 
-function existsSync(filepath) {
-  try {
-    return filepath ? fs.existsSync(filepath) : false;
-  } catch {}
-  return false;
-}
-async function findUp(name, {
-  cwd = process.cwd()
-}) {
-  let dir = path.resolve(cwd);
-  const {
-    root
-  } = path.parse(dir);
-  const names = [name].flat();
-  while (dir && dir !== root) {
-    for (const name of names) {
-      const filePath = path.join(dir, name);
-      try {
-        // eslint-disable-next-line no-await-in-loop
-        const stats = await fs.promises.stat(filePath);
-        if (stats.isFile()) {
-          return filePath;
-        }
-      } catch {}
-    }
-    dir = path.dirname(dir);
-  }
-  return undefined;
-}
-async function readFileBinary(filepath, options) {
-  return await fs.promises.readFile(filepath, {
-    ...options,
-    encoding: 'binary'
-  });
-}
-async function readFileUtf8(filepath, options) {
-  return await fs.promises.readFile(filepath, {
-    ...options,
-    encoding: 'utf8'
-  });
-}
-
 const {
   BINARY_LOCK_EXT,
   BUN: BUN$1,
@@ -843,20 +841,25 @@ const {
   NPM: NPM$2,
   PNPM: PNPM$1,
   VLT: VLT$1,
+  YARN,
   YARN_BERRY: YARN_BERRY$1,
   YARN_CLASSIC: YARN_CLASSIC$1
 } = constants;
 const AGENTS = [BUN$1, NPM$2, PNPM$1, YARN_BERRY$1, YARN_CLASSIC$1, VLT$1];
-const {
-  compare: alphanumericComparator
-} = new Intl.Collator(undefined, {
-  numeric: true,
-  sensitivity: 'base'
-});
+const binByAgent = {
+  __proto__: null,
+  [BUN$1]: BUN$1,
+  [NPM$2]: NPM$2,
+  [PNPM$1]: PNPM$1,
+  [YARN_BERRY$1]: YARN,
+  [YARN_CLASSIC$1]: YARN,
+  [VLT$1]: VLT$1
+};
 async function getAgentExecPath(agent) {
-  return (await which(agent, {
+  const binName = binByAgent[agent];
+  return (await which(binName, {
     nothrow: true
-  })) ?? agent;
+  })) ?? binName;
 }
 async function getAgentVersion(agentExecPath, cwd) {
   let result;
@@ -900,8 +903,8 @@ const readLockFileByAgent = (() => {
       return undefined;
     };
   }
-  const binaryReader = wrapReader(readFileBinary);
-  const defaultReader = wrapReader(async lockPath => await readFileUtf8(lockPath));
+  const binaryReader = wrapReader(socketUrl.readFileBinary);
+  const defaultReader = wrapReader(async lockPath => await socketUrl.readFileUtf8(lockPath));
   return {
     [BUN$1]: wrapReader(async (lockPath, agentExecPath) => {
       const ext = path.extname(lockPath);
@@ -912,7 +915,7 @@ const readLockFileByAgent = (() => {
         const lockBuffer = await binaryReader(lockPath);
         if (lockBuffer) {
           try {
-            return hyrious__bun_lockb.parse(lockBuffer);
+            return index_cjs.parse(lockBuffer);
           } catch {}
         }
         // To print a Yarn lockfile to your console without writing it to disk
@@ -930,18 +933,18 @@ const readLockFileByAgent = (() => {
   };
 })();
 async function detect({
-  cwd = process.cwd(),
+  cwd = process$1.cwd(),
   onUnknown
 } = {}) {
-  let lockPath = await findUp(Object.keys(LOCKS), {
+  let lockPath = await socketUrl.findUp(Object.keys(LOCKS), {
     cwd
   });
   let lockBasename = lockPath ? path.basename(lockPath) : undefined;
   const isHiddenLockFile = lockBasename === '.package-lock.json';
-  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await findUp('package.json', {
+  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await socketUrl.findUp('package.json', {
     cwd
   });
-  const pkgPath = existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
+  const pkgPath = pkgJsonPath && fs.existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
   const editablePkgJson = pkgPath ? await packages.readPackageJson(pkgPath, {
     editable: true
   }) : undefined;
@@ -998,7 +1001,7 @@ async function detect({
     }
     const browserslistQuery = pkgJson['browserslist'];
     if (Array.isArray(browserslistQuery)) {
-      const browserslistTargets = browserslist(browserslistQuery).map(s => s.toLowerCase()).sort(alphanumericComparator);
+      const browserslistTargets = browserslist(browserslistQuery).map(s => s.toLowerCase()).sort(sorts.naturalCompare);
       const browserslistNodeTargets = browserslistTargets.filter(v => v.startsWith('node ')).map(v => v.slice(5 /*'node '.length*/));
       if (!targets.browser && browserslistTargets.length) {
         targets.browser = browserslistTargets.length !== browserslistNodeTargets.length;
@@ -1041,6 +1044,7 @@ const {
   PNPM,
   RESOLUTIONS,
   SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE,
+  SOCKET_IPC_HANDSHAKE,
   VLT,
   YARN_BERRY,
   YARN_CLASSIC,
@@ -1052,6 +1056,7 @@ const PNPM_FIELD_NAME = PNPM;
 const PNPM_WORKSPACE = `${PNPM}-workspace`;
 const manifestNpmOverrides = registry.getManifestData(NPM$1);
 const getOverridesDataByAgent = {
+  __proto__: null,
   [BUN](pkgJson) {
     const overrides = pkgJson?.[RESOLUTIONS] ?? {};
     return {
@@ -1120,6 +1125,7 @@ const lockIncludesByAgent = (() => {
     `(?<=(?:^\\s*|,\\s*)"?)${escapedName}(?=@)`, 'm').test(lockSrc);
   }
   return {
+    __proto__: null,
     [BUN](lockSrc, name, lockBasename) {
       // This is a bit counterintuitive. When lockBasename ends with a .lockb
       // we treat it as a yarn.lock. When lockBasename ends with a .lock we
@@ -1242,6 +1248,7 @@ const updateManifestByAgent = (() => {
     updatePkgJson(editablePkgJson, RESOLUTIONS, overrides);
   }
   return {
+    __proto__: null,
     [BUN]: updateResolutions,
     [NPM$1]: updateOverrides,
     [PNPM](editablePkgJson, overrides) {
@@ -1303,6 +1310,7 @@ const lsByAgent = (() => {
     return cleanupQueryStdout(stdout);
   }
   return {
+    __proto__: null,
     async [BUN](agentExecPath, cwd) {
       try {
         // Bun does not support filtering by production packages yet.
@@ -1380,6 +1388,7 @@ const depsIncludesByAgent = (() => {
     return stdout.includes(`"${name}"`);
   }
   return {
+    __proto__: null,
     [BUN]: matchHumanStdout,
     [NPM$1]: matchQueryStdout,
     [PNPM]: matchQueryStdout,
@@ -1418,11 +1427,11 @@ async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
   let workspacePatterns;
   if (agent === PNPM) {
     for (const workspacePath of [path.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), path.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
-      if (existsSync(workspacePath)) {
+      // eslint-disable-next-line no-await-in-loop
+      const yml = await socketUrl.safeReadFile(workspacePath, 'utf8');
+      if (yml) {
         try {
-          workspacePatterns = yaml.parse(
-          // eslint-disable-next-line no-await-in-loop
-          await fs$1.readFile(workspacePath, 'utf8'))?.packages;
+          workspacePatterns = yaml.parse(yml)?.packages;
         } catch {}
         if (workspacePatterns) {
           break;
@@ -1562,7 +1571,7 @@ async function addOverrides({
           const oldSpec = overrideExists ? overrides[origPkgName] : undefined;
           const depAlias = depAliasMap.get(origPkgName);
           const regSpecStartsLike = `${NPM$1}:${regPkgName}@`;
-          let newSpec = `${regSpecStartsLike}^${pin ? version : major}`;
+          let newSpec = `${regSpecStartsLike}${pin ? version : `^${major}`}`;
           let thisVersion = version;
           if (depAlias && type === NPM$1) {
             // With npm one may not set an override for a package that one directly
@@ -1579,7 +1588,7 @@ async function addOverrides({
               if (pin) {
                 thisVersion = semver.major(semver.coerce(npa(thisSpec).rawSpec)?.version ?? version) === major ? version : (await packages.fetchPackageManifest(thisSpec))?.version ?? version;
               }
-              newSpec = `${regSpecStartsLike}^${pin ? thisVersion : semver.major(thisVersion)}`;
+              newSpec = `${regSpecStartsLike}${pin ? thisVersion : `^${semver.major(thisVersion)}`}`;
             } else {
               newSpec = oldSpec;
             }
@@ -1647,7 +1656,7 @@ const optimize = {
       pin,
       prod
     } = commandContext;
-    const cwd = process.cwd();
+    const cwd = process$1.cwd();
     const {
       agent,
       agentExecPath,
@@ -1739,19 +1748,20 @@ const optimize = {
       spinner$1.start(`Updating ${lockName}...`);
       try {
         if (isNpm) {
-          await shadowNpmInstall({
-            env: {
-              [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
+          const ipc = {
+            [SOCKET_IPC_HANDSHAKE]: {
+              [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: true
             }
+          };
+          await shadowNpmInstall({
+            ipc
           });
           // TODO: This is a temporary workaround for a `npm ci` bug where it
           // will error out after Socket Optimize generates a lock file. More
           // investigation is needed.
           await shadowNpmInstall({
             flags: ['--ignore-scripts', '--package-lock-only'],
-            env: {
-              [SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE]: '1'
-            }
+            ipc
           });
         } else {
           // All package managers support the "install" command.
@@ -1793,7 +1803,7 @@ function setupCommand$l(name, description, argv, importMeta) {
       $ ${name}
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name}
@@ -1841,14 +1851,14 @@ function setupCommand$k(name, description, argv, importMeta) {
   });
 }
 async function fetchOrganizations() {
-  const apiKey = sdk.getDefaultKey();
+  const apiKey = socketUrl.getDefaultToken();
   if (!apiKey) {
-    throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+    throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   const spinner$1 = new spinner.Spinner({
     text: 'Fetching organizations...'
   }).start();
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrganizations(), 'looking up organizations');
   if (result.success === false) {
     handleUnsuccessfulApiResponse('getOrganizations', result, spinner$1);
@@ -1888,7 +1898,7 @@ async function setupCommand$j(name, description, argv, importMeta) {
       $ ${name} <${binName$1} command>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} install
@@ -1913,7 +1923,7 @@ async function setupCommand$j(name, description, argv, importMeta) {
     // The exit code 127 indicates that the command or binary being executed
     // could not be found.
     console.error(`Socket unable to locate ${binName$1}; ensure it is available in the PATH environment variable.`);
-    process.exit(127);
+    process$1.exit(127);
   }
   const spawnPromise = spawn(binPath, argv, {
     signal: abortSignal$1,
@@ -1925,9 +1935,9 @@ async function setupCommand$j(name, description, argv, importMeta) {
       return;
     }
     if (signalName) {
-      process.kill(process.pid, signalName);
+      process$1.kill(process$1.pid, signalName);
     } else if (code !== null) {
-      process.exit(code);
+      process$1.exit(code);
     }
   });
   await spawnPromise;
@@ -1956,7 +1966,7 @@ async function setupCommand$i(name, description, argv, importMeta) {
       $ ${name} <${binName} command>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} install
@@ -1981,7 +1991,7 @@ async function setupCommand$i(name, description, argv, importMeta) {
     // The exit code 127 indicates that the command or binary being executed
     // could not be found.
     console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
-    process.exit(127);
+    process$1.exit(127);
   }
   const spawnPromise = spawn(binPath, argv, {
     signal: abortSignal,
@@ -1993,9 +2003,9 @@ async function setupCommand$i(name, description, argv, importMeta) {
       return;
     }
     if (signalName) {
-      process.kill(process.pid, signalName);
+      process$1.kill(process$1.pid, signalName);
     } else if (code !== null) {
-      process.exit(code);
+      process$1.exit(code);
     }
   });
   await spawnPromise;
@@ -2031,7 +2041,7 @@ function setupCommand$h(name, description, argv, importMeta) {
       $ ${name} <report-identifier>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
@@ -2053,7 +2063,7 @@ function setupCommand$h(name, description, argv, importMeta) {
   }
   // Validate the input.
   if (extraInput.length) {
-    throw new sdk.InputError(`Can only handle a single report ID at a time, but got ${cli.input.length} report ID:s: ${cli.input.join(', ')}`);
+    throw new socketUrl.InputError(`Can only handle a single report ID at a time, but got ${cli.input.length} report ID:s: ${cli.input.join(', ')}`);
   }
   return {
     includeAllIssues: cli.flags['all'],
@@ -2069,7 +2079,7 @@ async function fetchReportData(reportId, {
   strict
 }) {
   // Do the API call
-  const socketSdk = await sdk.setupSdk();
+  const socketSdk = await socketUrl.setupSdk();
   const spinner$1 = new spinner.Spinner({
     text: `Fetching report with ID ${reportId} (this could take a while)`
   }).start();
@@ -2115,7 +2125,7 @@ function formatReportDataOutput(data, {
   if (outputJson) {
     console.log(JSON.stringify(data, undefined, 2));
   } else {
-    const format = new sdk.ColorOrMarkdown(!!outputMarkdown);
+    const format = new socketUrl.ColorOrMarkdown(!!outputMarkdown);
     console.log('\nDetailed info on socket.dev: ' + format.hyperlink(reportId, data.url, {
       fallbackToUrl: true
     }));
@@ -2124,7 +2134,7 @@ function formatReportDataOutput(data, {
     }
   }
   if (strict && data.healthy === false) {
-    process.exit(1);
+    process$1.exit(1);
   }
 }
 
@@ -2139,7 +2149,6 @@ const create$2 = {
       const {
         config,
         cwd,
-        debugLog,
         dryRun,
         includeAllIssues,
         outputJson,
@@ -2151,7 +2160,6 @@ const create$2 = {
       const result = input && (await createReport(packagePaths, {
         config,
         cwd,
-        debugLog,
         dryRun
       }));
       if (result && view) {
@@ -2187,12 +2195,6 @@ async function setupCommand$g(name, description, argv, importMeta) {
     ...commonFlags,
     ...outputFlags,
     ...validationFlags,
-    debug: {
-      type: 'boolean',
-      shortFlag: 'd',
-      default: false,
-      description: 'Output debug information'
-    },
     dryRun: {
       type: 'boolean',
       default: false,
@@ -2219,9 +2221,8 @@ async function setupCommand$g(name, description, argv, importMeta) {
     default ignores from the "ignore-by-default" module.
 
     Options
-      ${printFlagList({
+      ${getFlagListOutput({
     all: 'Include all issues',
-    debug: 'Output debug information',
     'dry-run': 'Only output what will be done without actually doing it',
     json: 'Output result as json',
     markdown: 'Output result as markdown',
@@ -2251,10 +2252,9 @@ async function setupCommand$g(name, description, argv, importMeta) {
   const {
     dryRun
   } = cli.flags;
-  const debugLog = sdk.createDebugLogger(!dryRun || cli.flags['debug']);
 
   // TODO: Allow setting a custom cwd and/or configFile path?
-  const cwd = process.cwd();
+  const cwd = process$1.cwd();
   const absoluteConfigPath = path.join(cwd, 'socket.yml');
   const config$1 = await config.readSocketConfig(absoluteConfigPath).catch(cause => {
     if (cause && typeof cause === 'object' && cause instanceof config.SocketValidationError) {
@@ -2266,14 +2266,14 @@ async function setupCommand$g(name, description, argv, importMeta) {
         errors: cause.validationErrors,
         schema: cause.schema
       });
-      throw new sdk.InputError('The socket.yml config is not valid', betterErrors.map(err => `[${err.path}] ${err.message}.${err.suggestion ? err.suggestion : ''}`).join('\n'));
+      throw new socketUrl.InputError('The socket.yml config is not valid', betterErrors.map(err => `[${err.path}] ${err.message}.${err.suggestion ? err.suggestion : ''}`).join('\n'));
     } else {
       throw new ponyCause.ErrorWithCause('Failed to read socket.yml config', {
         cause
       });
     }
   });
-  const socketSdk = await sdk.setupSdk();
+  const socketSdk = await socketUrl.setupSdk();
   const supportedFiles = await socketSdk.getReportSupportedFiles().then(res => {
     if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res, new spinner.Spinner());
     return res.data;
@@ -2282,11 +2282,10 @@ async function setupCommand$g(name, description, argv, importMeta) {
       cause
     });
   });
-  const packagePaths = await pathResolve.getPackageFiles(cwd, cli.input, config$1, supportedFiles, debugLog);
+  const packagePaths = await pathResolve.getPackageFiles(cwd, cli.input, config$1, supportedFiles);
   return {
     config: config$1,
     cwd,
-    debugLog,
     dryRun,
     includeAllIssues: cli.flags['all'],
     outputJson: cli.flags['json'],
@@ -2299,14 +2298,13 @@ async function setupCommand$g(name, description, argv, importMeta) {
 async function createReport(packagePaths, {
   config,
   cwd,
-  debugLog,
   dryRun
 }) {
-  debugLog('Uploading:', packagePaths.join(`\n${sdk.logSymbols.info} Uploading: `));
+  pathResolve.debugLog('Uploading:', packagePaths.join(`\n${pathResolve.logSymbols.info} Uploading: `));
   if (dryRun) {
     return;
   }
-  const socketSdk = await sdk.setupSdk();
+  const socketSdk = await socketUrl.setupSdk();
   const spinner$1 = new spinner.Spinner({
     text: `Creating report with ${packagePaths.length} package files`
   }).start();
@@ -2327,7 +2325,7 @@ function formatReportCreationOutput(data, {
     console.log(JSON.stringify(data, undefined, 2));
     return;
   }
-  const format = new sdk.ColorOrMarkdown(!!outputMarkdown);
+  const format = new socketUrl.ColorOrMarkdown(!!outputMarkdown);
   console.log(`New report: ${format.hyperlink(data.id, data.url, {
     fallbackToUrl: true
   })}`);
@@ -2369,13 +2367,13 @@ async function meowWithSubcommands(subcommands, options) {
       $ ${name} <command>
 
     Commands
-      ${printHelpList({
-    ...objects.toSortedObject(subcommands),
-    ...objects.toSortedObject(aliases)
+      ${getHelpListOutput({
+    ...objects.toSortedObject(Object.fromEntries(Object.entries(subcommands).filter(entry => !entry[1].hidden))),
+    ...objects.toSortedObject(Object.fromEntries(Object.entries(aliases).filter(entry => !subcommands[entry[1]?.argv[0]]?.hidden)))
   }, 6)}
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} --help
@@ -2406,8 +2404,9 @@ const report = {
   }
 };
 
-const BASH_FILE = `${os.homedir()}/.bashrc`;
-const ZSH_BASH_FILE = `${os.homedir()}/.zshrc`;
+const HOME_DIR = os.homedir();
+const BASH_FILE = `${HOME_DIR}/.bashrc`;
+const ZSH_BASH_FILE = `${HOME_DIR}/.zshrc`;
 const wrapper = {
   description: 'Enable or disable the Socket npm/npx wrapper',
   async run(argv, importMeta, {
@@ -2423,7 +2422,7 @@ function setupCommand$f(name, description, argv, importMeta) {
       $ ${name} <flag>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} --enable
@@ -2478,21 +2477,18 @@ function setupCommand$f(name, description, argv, importMeta) {
     console.error('There was an issue setting up the alias in your bash profile');
   }
 }
-const installSafeNpm = query => {
-  console.log(`
- _____         _       _
-|   __|___ ___| |_ ___| |_
-|__   | . |  _| '_| -_|  _|
-|_____|___|___|_,_|___|_|
-
+function addAlias(file) {
+  return fs.appendFile(file, 'alias npm="socket npm"\nalias npx="socket npx"\n', err => {
+    if (err) {
+      return new Error(`There was an error setting up the alias: ${err}`);
+    }
+    console.log(`
+The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
+If you want to disable it at any time, run \`socket wrapper --disable\`
 `);
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout
   });
-  return askQuestion(rl, query);
-};
-const askQuestion = (rl, query) => {
+}
+function askQuestion(rl, query) {
   rl.question(query, ans => {
     if (ans.toLowerCase() === 'y') {
       try {
@@ -2512,19 +2508,31 @@ const askQuestion = (rl, query) => {
       rl.close();
     }
   });
-};
-const addAlias = file => {
-  return fs.appendFile(file, 'alias npm="socket npm"\nalias npx="socket npx"\n', err => {
-    if (err) {
-      return new Error(`There was an error setting up the alias: ${err}`);
-    }
-    console.log(`
-The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
-If you want to disable it at any time, run \`socket wrapper --disable\`
+}
+function checkSocketWrapperAlreadySetup(file) {
+  const fileContent = fs.readFileSync(file, 'utf8');
+  const linesWithSocketAlias = fileContent.split('\n').filter(l => l === 'alias npm="socket npm"' || l === 'alias npx="socket npx"');
+  if (linesWithSocketAlias.length) {
+    console.log(`The Socket npm/npx wrapper is set up in your bash profile (${file}).`);
+    return true;
+  }
+  return false;
+}
+function installSafeNpm(query) {
+  console.log(`
+ _____         _       _
+|   __|___ ___| |_ ___| |_
+|__   | . |  _| '_| -_|  _|
+|_____|___|___|_,_|___|_|
+
 `);
+  const rl = readline.createInterface({
+    input: process$1.stdin,
+    output: process$1.stdout
   });
-};
-const removeAlias = file => {
+  return askQuestion(rl, query);
+}
+function removeAlias(file) {
   return fs.readFile(file, 'utf8', function (err, data) {
     if (err) {
       console.error(`There was an error removing the alias: ${err}`);
@@ -2541,16 +2549,7 @@ const removeAlias = file => {
       }
     });
   });
-};
-const checkSocketWrapperAlreadySetup = file => {
-  const fileContent = fs.readFileSync(file, 'utf8');
-  const linesWithSocketAlias = fileContent.split('\n').filter(l => l === 'alias npm="socket npm"' || l === 'alias npx="socket npx"');
-  if (linesWithSocketAlias.length) {
-    console.log(`The Socket npm/npx wrapper is set up in your bash profile (${file}).`);
-    return true;
-  }
-  return false;
-};
+}
 
 const create$1 = {
   description: 'Create a scan',
@@ -2560,9 +2559,9 @@ const create$1 = {
     const name = `${parentName} create`;
     const input = await setupCommand$e(name, create$1.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Creating a scan... \n';
       const spinner$1 = new spinner.Spinner({
@@ -2639,7 +2638,7 @@ async function setupCommand$e(name, description, argv, importMeta) {
       $ ${name} [...options]
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} --org=FakeOrg --repo=test-repo --branch=main ./package.json
@@ -2660,8 +2659,8 @@ async function setupCommand$e(name, description, argv, importMeta) {
   const {
     0: orgSlug = ''
   } = cli.input;
-  const cwd = process.cwd();
-  const socketSdk = await sdk.setupSdk();
+  const cwd = process$1.cwd();
+  const socketSdk = await socketUrl.setupSdk();
   const supportedFiles = await socketSdk.getReportSupportedFiles().then(res => {
     if (!res.success) handleUnsuccessfulApiResponse('getReportSupportedFiles', res, new spinner.Spinner());
     return res.data;
@@ -2671,8 +2670,7 @@ async function setupCommand$e(name, description, argv, importMeta) {
       cause
     });
   });
-  const debugLog = sdk.createDebugLogger(false);
-  const packagePaths = await pathResolve.getPackageFilesFullScans(cwd, cli.input, supportedFiles, debugLog);
+  const packagePaths = await pathResolve.getPackageFilesFullScans(cwd, cli.input, supportedFiles);
   const {
     branch: branchName,
     repo: repoName
@@ -2703,7 +2701,7 @@ async function setupCommand$e(name, description, argv, importMeta) {
   };
 }
 async function createFullScan(input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const {
     branchName,
     commitMessage,
@@ -2748,9 +2746,9 @@ const del$1 = {
     const name = `${parentName} del`;
     const input = setupCommand$d(name, del$1.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Deleting scan...';
       const spinner$1 = new spinner.Spinner({
@@ -2773,7 +2771,7 @@ function setupCommand$d(name, description, argv, importMeta) {
       $ ${name} <org slug> <scan ID>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0
@@ -2804,7 +2802,7 @@ function setupCommand$d(name, description, argv, importMeta) {
   };
 }
 async function deleteOrgFullScan(orgSlug, fullScanId, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.deleteOrgFullScan(orgSlug, fullScanId), 'Deleting scan');
   if (result.success) {
     spinner.success('Scan deleted successfully');
@@ -2822,9 +2820,9 @@ const list$1 = {
     const name = `${parentName} list`;
     const input = setupCommand$c(name, list$1.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Listing scans... \n';
       const spinner$1 = new spinner.Spinner({
@@ -2886,7 +2884,7 @@ function setupCommand$c(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg
@@ -2921,7 +2919,7 @@ function setupCommand$c(name, description, argv, importMeta) {
   };
 }
 async function listOrgFullScan(orgSlug, input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, input), 'Listing scans');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgFullScanList', result, spinner);
@@ -2966,9 +2964,9 @@ const metadata = {
     const name = `${parentName} metadata`;
     const input = setupCommand$b(name, metadata.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = "Getting scan's metadata... \n";
       const spinner$1 = new spinner.Spinner({
@@ -2991,7 +2989,7 @@ function setupCommand$b(name, description, argv, importMeta) {
       $ ${name} <org slug> <scan id>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0
@@ -3022,7 +3020,7 @@ function setupCommand$b(name, description, argv, importMeta) {
   };
 }
 async function getOrgScanMetadata(orgSlug, scanId, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrgFullScanMetadata(orgSlug, scanId), 'Listing scans');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgFullScanMetadata', result, spinner);
@@ -3040,9 +3038,9 @@ const stream = {
     const name = `${parentName} stream`;
     const input = setupCommand$a(name, stream.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinner$1 = new spinner.Spinner({
         text: 'Streaming scan...'
@@ -3069,7 +3067,7 @@ function setupCommand$a(name, description, argv, importMeta) {
       $ ${name} <org slug> <scan ID> <path to output file>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 ./stream.txt
@@ -3102,7 +3100,7 @@ function setupCommand$a(name, description, argv, importMeta) {
   };
 }
 async function getOrgFullScan(orgSlug, fullScanId, file, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   return await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file), 'Streaming a scan');
 }
 
@@ -3135,9 +3133,9 @@ const auditLog = {
     const name = parentName + ' audit-log';
     const input = setupCommand$9(name, auditLog.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinner$1 = new spinner.Spinner({
         text: `Looking up audit log for ${input.orgSlug}\n`
@@ -3180,7 +3178,7 @@ function setupCommand$9(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg
@@ -3219,7 +3217,7 @@ function setupCommand$9(name, description, argv, importMeta) {
   };
 }
 async function fetchOrgAuditLog(orgSlug, input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getAuditLogEvents(orgSlug, input), `Looking up audit log for ${orgSlug}\n`);
   if (!result.success) {
     handleUnsuccessfulApiResponse('getAuditLogEvents', result, spinner);
@@ -3259,9 +3257,9 @@ const create = {
     const name = `${parentName} create`;
     const input = setupCommand$8(name, create.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Creating repository... \n';
       const spinner$1 = new spinner.Spinner({
@@ -3317,7 +3315,7 @@ function setupCommand$8(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg --repoName=test-repo
@@ -3355,7 +3353,7 @@ function setupCommand$8(name, description, argv, importMeta) {
   };
 }
 async function createRepo(orgSlug, input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.createOrgRepo(orgSlug, input), 'creating repository');
   if (result.success) {
     spinner.success('Repository created successfully');
@@ -3372,9 +3370,9 @@ const del = {
     const name = `${parentName} del`;
     const input = setupCommand$7(name, del.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Deleting repository... \n';
       const spinner$1 = new spinner.Spinner({
@@ -3418,7 +3416,7 @@ function setupCommand$7(name, description, argv, importMeta) {
   };
 }
 async function deleteRepository(orgSlug, repoName, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.deleteOrgRepo(orgSlug, repoName), 'deleting repository');
   if (result.success) {
     spinner.success('Repository deleted successfully');
@@ -3436,9 +3434,9 @@ const list = {
     const name = `${parentName} list`;
     const input = setupCommand$6(name, list.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Listing repositories... \n';
       const spinner$1 = new spinner.Spinner({
@@ -3487,7 +3485,7 @@ function setupCommand$6(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg
@@ -3520,7 +3518,7 @@ function setupCommand$6(name, description, argv, importMeta) {
   };
 }
 async function listOrgRepos(orgSlug, input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrgRepoList(orgSlug, input), 'listing repositories');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgRepoList', result, spinner);
@@ -3555,9 +3553,9 @@ const update = {
     const name = `${parentName} update`;
     const input = setupCommand$5(name, update.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Updating repository... \n';
       const spinner$1 = new spinner.Spinner({
@@ -3613,7 +3611,7 @@ function setupCommand$5(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg
@@ -3651,7 +3649,7 @@ function setupCommand$5(name, description, argv, importMeta) {
   };
 }
 async function updateRepository(orgSlug, input, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.updateOrgRepo(orgSlug, input.name, input), 'updating repository');
   if (result.success) {
     spinner.success('Repository updated successfully');
@@ -3669,9 +3667,9 @@ const view = {
     const name = `${parentName} view`;
     const input = setupCommand$4(name, view.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Fetching repository... \n';
       const spinner$1 = new spinner.Spinner({
@@ -3694,7 +3692,7 @@ function setupCommand$4(name, description, argv, importMeta) {
       $ ${name} <org slug>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeOrg
@@ -3725,7 +3723,7 @@ function setupCommand$4(name, description, argv, importMeta) {
   };
 }
 async function viewRepository(orgSlug, repoName, spinner, apiKey) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrgRepo(orgSlug, repoName), 'fetching repository');
   if (!result.success) {
     handleUnsuccessfulApiResponse('getOrgRepo', result, spinner);
@@ -3820,7 +3818,7 @@ function setupCommand$3(name, description, argv, importMeta) {
       $ ${name}
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name}
@@ -3848,14 +3846,14 @@ async function searchDeps({
   offset,
   outputJson
 }) {
-  const apiKey = sdk.getDefaultKey();
+  const apiKey = socketUrl.getDefaultToken();
   if (!apiKey) {
-    throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+    throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
   }
   const spinner$1 = new spinner.Spinner({
     text: 'Searching dependencies...'
   }).start();
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.searchDependencies({
     limit,
     offset
@@ -3905,9 +3903,9 @@ const analytics = {
     const name = parentName + ' analytics';
     const input = setupCommand$2(name, analytics.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinner$1 = new spinner.Spinner({
         text: 'Fetching analytics data'
@@ -3962,7 +3960,7 @@ function setupCommand$2(name, description, argv, importMeta) {
       $ ${name} --scope=<scope> --time=<time filter>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} --scope=org --time=7
@@ -3980,10 +3978,10 @@ function setupCommand$2(name, description, argv, importMeta) {
     time
   } = cli.flags;
   if (scope !== 'org' && scope !== 'repo') {
-    throw new sdk.InputError("The scope must either be 'org' or 'repo'");
+    throw new socketUrl.InputError("The scope must either be 'org' or 'repo'");
   }
   if (time !== 7 && time !== 30 && time !== 90) {
-    throw new sdk.InputError('The time filter must either be 7, 30 or 90');
+    throw new socketUrl.InputError('The time filter must either be 7, 30 or 90');
   }
   let showHelp = cli.flags['help'];
   if (scope === 'repo' && !repo) {
@@ -4004,7 +4002,7 @@ function setupCommand$2(name, description, argv, importMeta) {
 }
 const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
 async function fetchOrgAnalyticsData(time, spinner, apiKey, outputJson, filePath) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getOrgAnalytics(time.toString()), 'fetching analytics data');
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getOrgAnalytics', result, spinner);
@@ -4117,7 +4115,7 @@ const formatData = (data, scope) => {
   };
 };
 async function fetchRepoAnalyticsData(repo, time, spinner, apiKey, outputJson, filePath) {
-  const socketSdk = await sdk.setupSdk(apiKey);
+  const socketSdk = await socketUrl.setupSdk(apiKey);
   const result = await handleApiCall(socketSdk.getRepoAnalytics(repo, time.toString()), 'fetching analytics data');
   if (result.success === false) {
     return handleUnsuccessfulApiResponse('getRepoAnalytics', result, spinner);
@@ -4205,9 +4203,9 @@ const get = {
     const name = `${parentName} get`;
     const input = setupCommand$1(name, get.description, argv, importMeta);
     if (input) {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinnerText = 'Getting diff scan... \n';
       const spinner$1 = new spinner.Spinner({
@@ -4257,7 +4255,7 @@ function setupCommand$1(name, description, argv, importMeta) {
       $ ${name} <org slug> --before=<before> --after=<after>
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name} FakeCorp --before=aaa0aa0a-aaaa-0000-0a0a-0000000a00a0 --after=aaa1aa1a-aaaa-1111-1a1a-1111111a11a1
@@ -4348,7 +4346,6 @@ const diffScan = {
   }
 };
 
-// @ts-ignore
 const threatFeed = {
   description: 'Look up the threat feed',
   async run(argv, importMeta, {
@@ -4357,9 +4354,9 @@ const threatFeed = {
     const name = `${parentName} threat-feed`;
     const input = setupCommand(name, threatFeed.description, argv, importMeta);
     {
-      const apiKey = sdk.getDefaultKey();
+      const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
-        throw new sdk.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
+        throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
       }
       const spinner$1 = new spinner.Spinner({
         text: 'Looking up the threat feed'
@@ -4408,7 +4405,7 @@ function setupCommand(name, description, argv, importMeta) {
       $ ${name}
 
     Options
-      ${printFlagList(flags, 6)}
+      ${getFlagListOutput(flags, 6)}
 
     Examples
       $ ${name}
@@ -4484,7 +4481,7 @@ async function fetchThreatFeed({
     data: formattedOutput
   });
   screen.render();
-  screen.key(['escape', 'q', 'C-c'], () => process.exit(0));
+  screen.key(['escape', 'q', 'C-c'], () => process$1.exit(0));
 }
 const formatResults = data => {
   return data.map(d => {
@@ -4553,7 +4550,7 @@ void (async () => {
           argv: ['report', 'create', '--view', '--strict']
         }
       },
-      argv: process.argv.slice(2),
+      argv: process$1.argv.slice(2),
       name: 'socket',
       importMeta: {
         url: `${require$$0.pathToFileURL(__filename)}`
@@ -4563,10 +4560,10 @@ void (async () => {
     let errorBody;
     let errorTitle;
     let errorMessage = '';
-    if (err instanceof sdk.AuthError) {
+    if (err instanceof socketUrl.AuthError) {
       errorTitle = 'Authentication error';
       errorMessage = err.message;
-    } else if (err instanceof sdk.InputError) {
+    } else if (err instanceof socketUrl.InputError) {
       errorTitle = 'Invalid input';
       errorMessage = err.message;
       errorBody = err.body;
@@ -4577,10 +4574,10 @@ void (async () => {
     } else {
       errorTitle = 'Unexpected error with no details';
     }
-    console.error(`${sdk.logSymbols.error} ${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
+    console.error(`${pathResolve.logSymbols.error} ${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
     if (errorBody) {
       console.error(`\n${errorBody}`);
     }
-    process.exit(1);
+    process$1.exit(1);
   }
 })();