socket 0.14.40 → 0.14.42

package/dist/constants.d.ts

@@ -1,20 +1,28 @@
 import registryConstants from '@socketsecurity/registry/lib/constants';
 type RegistryEnv = typeof registryConstants.ENV;
-type IPCObject = {
+type RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)'];
+type Internals = Omit<RegistryInternals, 'getIPC'> & Readonly<{
+    getIPC: {
+        (): Promise<IPC>;
+        <K extends keyof IPC | undefined>(key?: K): Promise<K extends keyof IPC ? IPC[K] : IPC>;
+    };
+}>;
+type ENV = RegistryEnv & Readonly<{
+    SOCKET_CLI_DEBUG: boolean;
+}>;
+type IPC = Readonly<{
     SOCKET_CLI_FIX_PACKAGE_LOCK_FILE: boolean;
     SOCKET_CLI_UPDATE_OVERRIDES_IN_PACKAGE_LOCK_FILE: boolean;
-    [key: string]: any;
-};
-type Constants = {
+}>;
+type Constants = Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' | 'ENV' | 'IPC'> & {
+    readonly 'Symbol(kInternalsSymbol)': Internals;
     readonly API_V0_URL: 'https://api.socket.dev/v0';
     readonly BABEL_RUNTIME: '@babel/runtime';
     readonly BINARY_LOCK_EXT: '.lockb';
     readonly BUN: 'bun';
-    readonly ENV: RegistryEnv & {
-        SOCKET_CLI_DEBUG: boolean;
-    };
+    readonly ENV: ENV;
     readonly DIST_TYPE: 'module-sync' | 'require';
-    readonly IPC: IPCObject;
+    readonly IPC: IPC;
     readonly LOCK_EXT: '.lock';
     readonly MODULE_SYNC: 'module-sync';
     readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org';
@@ -38,7 +46,7 @@ type Constants = {
     readonly rootPkgJsonPath: string;
     readonly shadowBinPath: string;
     readonly synpBinPath: string;
-} & typeof registryConstants;
+};
 declare const constants: Constants;
 export { constants as default };
 //# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAGtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,SAAS,GAAG;IACf,gCAAgC,EAAE,OAAO,CAAA;IACzC,gDAAgD,EAAE,OAAO,CAAA;IACzD,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CACnB,CAAA;AAED,KAAK,SAAS,GAAG;IACf,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG;QAC1B,gBAAgB,EAAE,OAAO,CAAA;KAC1B,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAA;IACvB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAA;IACnC,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAA;IAC3B,QAAQ,CAAC,gBAAgB,EAAE,kBAAkB,CAAA;IAC7C,QAAQ,CAAC,gCAAgC,EAAE,kCAAkC,CAAA;IAC7E,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,gDAAgD,EAAE,kDAAkD,CAAA;IAC7G,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,GAAG,OAAO,iBAAiB,CAAA;AAiF5B,QAAA,MAAM,SAAS,WAiDd,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAIA,OAAO,iBAAiB,MAAM,wCAAwC,CAAA;AAWtE,KAAK,WAAW,GAAG,OAAO,iBAAiB,CAAC,GAAG,CAAA;AAE/C,KAAK,iBAAiB,GAAG,CAAC,OAAO,iBAAiB,CAAC,CAAC,0BAA0B,CAAC,CAAA;AAE/E,KAAK,SAAS,GAAG,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,GAChD,QAAQ,CAAC;IACP,MAAM,EAAE;QACN,IAAI,OAAO,CAAC,GAAG,CAAC,CAAA;QAChB,CAAC,CAAC,SAAS,MAAM,GAAG,GAAG,SAAS,EAC9B,GAAG,CAAC,EAAE,CAAC,GACN,OAAO,CAAC,CAAC,SAAS,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAA;KAC/C,CAAA;CACF,CAAC,CAAA;AAEJ,KAAK,GAAG,GAAG,WAAW,GACpB,QAAQ,CAAC;IACP,gBAAgB,EAAE,OAAO,CAAA;CAC1B,CAAC,CAAA;AAEJ,KAAK,GAAG,GAAG,QAAQ,CAAC;IAClB,gCAAgC,EAAE,OAAO,CAAA;IACzC,gDAAgD,EAAE,OAAO,CAAA;CAC1D,CAAC,CAAA;AAEF,KAAK,SAAS,GAAG,IAAI,CACnB,OAAO,iBAAiB,EACxB,0BAA0B,GAAG,KAAK,GAAG,KAAK,CAC3C,GAAG;IACF,QAAQ,CAAC,0BAA0B,EAAE,SAAS,CAAA;IAC9C,QAAQ,CAAC,UAAU,EAAE,2BAA2B,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,gBAAgB,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAA;IAClC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAA;IACjB,QAAQ,CAAC,SAAS,EAAE,aAAa,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAA;IACjB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAA;IACnC,QAAQ,CAAC,gBAAgB,EAAE,4BAA4B,CAAA;IACvD,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAA;IAC3B,QAAQ,CAAC,gBAAgB,EAAE,kBAAkB,CAAA;IAC7C,QAAQ,CAAC,gCAAgC,EAAE,kCAAkC,CAAA;IAC7E,QAAQ,CAAC,qBAAqB,EAAE,gDAAgD,CAAA;IAChF,QAAQ,CAAC,gDAAgD,EAAE,kDAAkD,CAAA;IAC7G,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAA;IACjC,QAAQ,CAAC,YAAY,EAAE,cAAc,CAAA;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B,CAAA;AAyED,QAAA,MAAM,SAAS,WAiDd,CAAA"}

package/dist/module-sync/cli.js

@@ -24,14 +24,13 @@ var constants = require('./constants.js');
 var spinner = require('@socketsecurity/registry/lib/spinner');
 var spawn = _socketInterop(require('@npmcli/promise-spawn'));
 var objects = require('@socketsecurity/registry/lib/objects');
-var pathResolve = require('./path-resolve.js');
+var npmPaths = require('./npm-paths.js');
 var meow = _socketInterop(require('meow'));
 var registryConstants = require('@socketsecurity/registry/lib/constants');
 var socketUrl = require('./socket-url.js');
 var terminalLink = _socketInterop(require('terminal-link'));
 var isInteractive = require('@socketregistry/is-interactive/index.cjs');
 var prompts = require('@socketsecurity/registry/lib/prompts');
-var fs$1 = require('node:fs/promises');
 var npa = _socketInterop(require('npm-package-arg'));
 var semver = _socketInterop(require('semver'));
 var tinyglobby = _socketInterop(require('tinyglobby'));
@@ -44,6 +43,7 @@ var strings = require('@socketsecurity/registry/lib/strings');
 var browserslist = _socketInterop(require('browserslist'));
 var which = _socketInterop(require('which'));
 var index_cjs = require('@socketregistry/hyrious__bun.lockb/index.cjs');
+var sorts = require('@socketsecurity/registry/lib/sorts');
 var betterAjvErrors = _socketInterop(require('@apideck/better-ajv-errors'));
 var config = require('@socketsecurity/config');
 var os = require('node:os');
@@ -51,6 +51,7 @@ var readline = require('node:readline');
 var readline$1 = require('node:readline/promises');
 var open = _socketInterop(require('open'));
 var chalkTable = _socketInterop(require('chalk-table'));
+var fs$1 = require('node:fs/promises');
 var ScreenWidget = _socketInterop(require('blessed/lib/widgets/screen'));
 var GridLayout = _socketInterop(require('blessed-contrib/lib/layout/grid'));
 var BarChart = _socketInterop(require('blessed-contrib/lib/widget/charts/bar'));
@@ -224,24 +225,30 @@ const {
 } = constants;
 function shadowNpmInstall(opts) {
   const {
-    flags = [],
+    flags: flags_ = [],
     ipc,
     ...spawnOptions
   } = {
     __proto__: null,
     ...opts
   };
+  const flags = flags_.filter(f => f !== '--audit' && f !== '--fund' && f !== '--progress' && f !== '--no-audit' && f !== '--no-fund' && f !== '--no-progress');
   const useIpc = objects.isObject(ipc);
-  const useDebug = pathResolve.isDebug();
-  const promise = spawn(
+  const useDebug = npmPaths.isDebug();
+  const spawnPromise = spawn(
   // Lazily access constants.execPath.
   constants.execPath, [
-  // Lazily access constants.rootBinPath.
-  path.join(constants.rootBinPath, 'npm-cli.js'), 'install',
-  // Even though the 'silent' flag is passed npm will still run through code
-  // paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund' flags
-  // are passed.
-  ...(useDebug ? ['--no-audit', '--no-fund'] : ['silent', '--no-audit', '--no-fund']), ...flags], {
+  // Lazily access constants.nodeNoWarningsFlags.
+  ...constants.nodeNoWarningsFlags, '--require',
+  // Lazily access constants.distPath.
+  path.join(constants.distPath, 'npm-injection.js'), npmPaths.getNpmBinPath(), 'install',
+  // Even though the '--silent' flag is passed npm will still run through
+  // code paths for 'audit' and 'fund' unless '--no-audit' and '--no-fund'
+  // flags are passed.
+  '--no-audit', '--no-fund',
+  // Add `--no-progress` flags to fix input being swallowed by the spinner
+  // when running the command with recent versions of npm.
+  '--no-progress', ...(useDebug || flags.some(f => f.startsWith('--loglevel') || f === '-d' || f === '--dd' || f === '--ddd' || f === '-q' || f === '--quiet' || f === '-s' || f === '--silent') ? [] : ['--silent']), ...flags], {
     signal: abortSignal$3,
     // Set stdio to include 'ipc'.
     // See https://github.com/nodejs/node/blob/v23.6.0/lib/child_process.js#L161-L166
@@ -258,9 +265,9 @@ function shadowNpmInstall(opts) {
     }
   });
   if (useIpc) {
-    promise.process.send(ipc);
+    spawnPromise.process.send(ipc);
   }
-  return promise;
+  return spawnPromise;
 }
 
 const {
@@ -335,47 +342,6 @@ const validationFlags = {
   }
 };
 
-const {
-  API_V0_URL
-} = constants;
-function handleUnsuccessfulApiResponse(_name, result, spinner) {
-  // SocketSdkErrorType['error'] is not typed.
-  const resultErrorMessage = result.error?.message;
-  const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
-  if (result.status === 401 || result.status === 403) {
-    spinner.stop();
-    throw new socketUrl.AuthError(message);
-  }
-  spinner.error(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
-  process$1.exit(1);
-}
-async function handleApiCall(value, description) {
-  let result;
-  try {
-    result = await value;
-  } catch (cause) {
-    throw new ponyCause.ErrorWithCause(`Failed ${description}`, {
-      cause
-    });
-  }
-  return result;
-}
-async function handleAPIError(code) {
-  if (code === 400) {
-    return 'One of the options passed might be incorrect.';
-  } else if (code === 403) {
-    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
-  }
-}
-async function queryAPI(path, apiKey) {
-  return await fetch(`${API_V0_URL}/${path}`, {
-    method: 'GET',
-    headers: {
-      Authorization: `Basic ${btoa(`${apiKey}:${apiKey}`)}`
-    }
-  });
-}
-
 function objectSome(obj) {
   for (const key in obj) {
     if (obj[key]) {
@@ -392,31 +358,6 @@ function pick(input, keys) {
   return result;
 }
 
-function getFlagListOutput(list, indent, {
-  keyPrefix = '--',
-  padName
-} = {}) {
-  return getHelpListOutput({
-    ...list
-  }, indent, {
-    keyPrefix,
-    padName
-  });
-}
-function getHelpListOutput(list, indent, {
-  keyPrefix = '',
-  padName = 18
-} = {}) {
-  let result = '';
-  const names = Object.keys(list).sort();
-  for (const name of names) {
-    const rawDescription = list[name];
-    const description = (typeof rawDescription === 'object' ? rawDescription.description : rawDescription) || '';
-    result += ''.padEnd(indent) + (keyPrefix + name).padEnd(padName) + description + '\n';
-  }
-  return result.trim();
-}
-
 function stringJoinWithSeparateFinalSeparator(list, separator = ' and ') {
   const values = list.filter(Boolean);
   const {
@@ -432,6 +373,7 @@ function stringJoinWithSeparateFinalSeparator(list, separator = ' and ') {
   return `${values.join(', ')}${separator}${finalValue}`;
 }
 
+// Ordered from most severe to least.
 const SEVERITIES_BY_ORDER = ['critical', 'high', 'middle', 'low'];
 function getDesiredSeverities(lowestToInclude) {
   const result = [];
@@ -473,6 +415,72 @@ function getSeverityCount(issues, lowestToInclude) {
   return severityCount;
 }
 
+const {
+  API_V0_URL
+} = constants;
+function handleUnsuccessfulApiResponse(_name, result, spinner) {
+  // SocketSdkErrorType['error'] is not typed.
+  const resultErrorMessage = result.error?.message;
+  const message = typeof resultErrorMessage === 'string' ? resultErrorMessage : 'No error message returned';
+  if (result.status === 401 || result.status === 403) {
+    spinner.stop();
+    throw new socketUrl.AuthError(message);
+  }
+  spinner.error(`${colors.bgRed(colors.white('API returned an error:'))} ${message}`);
+  process$1.exit(1);
+}
+async function handleApiCall(value, description) {
+  let result;
+  try {
+    result = await value;
+  } catch (cause) {
+    throw new ponyCause.ErrorWithCause(`Failed ${description}`, {
+      cause
+    });
+  }
+  return result;
+}
+async function handleAPIError(code) {
+  if (code === 400) {
+    return 'One of the options passed might be incorrect.';
+  } else if (code === 403) {
+    return 'You might be trying to access an organization that is not linked to the API key you are logged in with.';
+  }
+}
+async function queryAPI(path, apiKey) {
+  return await fetch(`${API_V0_URL}/${path}`, {
+    method: 'GET',
+    headers: {
+      Authorization: `Basic ${btoa(`${apiKey}:${apiKey}`)}`
+    }
+  });
+}
+
+function getFlagListOutput(list, indent, {
+  keyPrefix = '--',
+  padName
+} = {}) {
+  return getHelpListOutput({
+    ...list
+  }, indent, {
+    keyPrefix,
+    padName
+  });
+}
+function getHelpListOutput(list, indent, {
+  keyPrefix = '',
+  padName = 18
+} = {}) {
+  let result = '';
+  const names = Object.keys(list).sort();
+  for (const name of names) {
+    const rawDescription = list[name];
+    const description = (typeof rawDescription === 'object' ? rawDescription.description : rawDescription) || '';
+    result += ''.padEnd(indent) + (keyPrefix + name).padEnd(padName) + description + '\n';
+  }
+  return result.trim();
+}
+
 const {
   NPM: NPM$4
 } = registryConstants;
@@ -834,48 +842,6 @@ const npx = {
   }
 };
 
-function existsSync(filepath) {
-  try {
-    return filepath ? fs.existsSync(filepath) : false;
-  } catch {}
-  return false;
-}
-async function findUp(name, {
-  cwd = process$1.cwd()
-}) {
-  let dir = path.resolve(cwd);
-  const {
-    root
-  } = path.parse(dir);
-  const names = [name].flat();
-  while (dir && dir !== root) {
-    for (const name of names) {
-      const filePath = path.join(dir, name);
-      try {
-        // eslint-disable-next-line no-await-in-loop
-        const stats = await fs.promises.stat(filePath);
-        if (stats.isFile()) {
-          return filePath;
-        }
-      } catch {}
-    }
-    dir = path.dirname(dir);
-  }
-  return undefined;
-}
-async function readFileBinary(filepath, options) {
-  return await fs.promises.readFile(filepath, {
-    ...options,
-    encoding: 'binary'
-  });
-}
-async function readFileUtf8(filepath, options) {
-  return await fs.promises.readFile(filepath, {
-    ...options,
-    encoding: 'utf8'
-  });
-}
-
 const {
   BINARY_LOCK_EXT,
   BUN: BUN$1,
@@ -888,12 +854,6 @@ const {
   YARN_CLASSIC: YARN_CLASSIC$1
 } = constants;
 const AGENTS = [BUN$1, NPM$2, PNPM$1, YARN_BERRY$1, YARN_CLASSIC$1, VLT$1];
-const {
-  compare: alphanumericComparator
-} = new Intl.Collator(undefined, {
-  numeric: true,
-  sensitivity: 'base'
-});
 const binByAgent = {
   __proto__: null,
   [BUN$1]: BUN$1,
@@ -951,8 +911,8 @@ const readLockFileByAgent = (() => {
       return undefined;
     };
   }
-  const binaryReader = wrapReader(readFileBinary);
-  const defaultReader = wrapReader(async lockPath => await readFileUtf8(lockPath));
+  const binaryReader = wrapReader(socketUrl.readFileBinary);
+  const defaultReader = wrapReader(async lockPath => await socketUrl.readFileUtf8(lockPath));
   return {
     [BUN$1]: wrapReader(async (lockPath, agentExecPath) => {
       const ext = path.extname(lockPath);
@@ -984,15 +944,15 @@ async function detect({
   cwd = process$1.cwd(),
   onUnknown
 } = {}) {
-  let lockPath = await findUp(Object.keys(LOCKS), {
+  let lockPath = await socketUrl.findUp(Object.keys(LOCKS), {
     cwd
   });
   let lockBasename = lockPath ? path.basename(lockPath) : undefined;
   const isHiddenLockFile = lockBasename === '.package-lock.json';
-  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await findUp('package.json', {
+  const pkgJsonPath = lockPath ? path.resolve(lockPath, `${isHiddenLockFile ? '../' : ''}../package.json`) : await socketUrl.findUp('package.json', {
     cwd
   });
-  const pkgPath = existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
+  const pkgPath = pkgJsonPath && fs.existsSync(pkgJsonPath) ? path.dirname(pkgJsonPath) : undefined;
   const editablePkgJson = pkgPath ? await packages.readPackageJson(pkgPath, {
     editable: true
   }) : undefined;
@@ -1049,7 +1009,7 @@ async function detect({
     }
     const browserslistQuery = pkgJson['browserslist'];
     if (Array.isArray(browserslistQuery)) {
-      const browserslistTargets = browserslist(browserslistQuery).map(s => s.toLowerCase()).sort(alphanumericComparator);
+      const browserslistTargets = browserslist(browserslistQuery).map(s => s.toLowerCase()).sort(sorts.naturalCompare);
       const browserslistNodeTargets = browserslistTargets.filter(v => v.startsWith('node ')).map(v => v.slice(5 /*'node '.length*/));
       if (!targets.browser && browserslistTargets.length) {
         targets.browser = browserslistTargets.length !== browserslistNodeTargets.length;
@@ -1475,11 +1435,11 @@ async function getWorkspaceGlobs(agent, pkgPath, pkgJson) {
   let workspacePatterns;
   if (agent === PNPM) {
     for (const workspacePath of [path.join(pkgPath, `${PNPM_WORKSPACE}.yaml`), path.join(pkgPath, `${PNPM_WORKSPACE}.yml`)]) {
-      if (existsSync(workspacePath)) {
+      // eslint-disable-next-line no-await-in-loop
+      const yml = await socketUrl.safeReadFile(workspacePath, 'utf8');
+      if (yml) {
         try {
-          workspacePatterns = yaml.parse(
-          // eslint-disable-next-line no-await-in-loop
-          await fs$1.readFile(workspacePath, 'utf8'))?.packages;
+          workspacePatterns = yaml.parse(yml)?.packages;
         } catch {}
         if (workspacePatterns) {
           break;
@@ -1964,16 +1924,7 @@ async function setupCommand$j(name, description, argv, importMeta) {
     cli.showHelp();
     return;
   }
-  const {
-    path: binPath
-  } = await pathResolve.findBinPathDetails(binName$1);
-  if (!binPath) {
-    // The exit code 127 indicates that the command or binary being executed
-    // could not be found.
-    console.error(`Socket unable to locate ${binName$1}; ensure it is available in the PATH environment variable.`);
-    process$1.exit(127);
-  }
-  const spawnPromise = spawn(binPath, argv, {
+  const spawnPromise = spawn(npmPaths.getNpmBinPath(), argv, {
     signal: abortSignal$1,
     stdio: 'inherit'
   });
@@ -2032,16 +1983,7 @@ async function setupCommand$i(name, description, argv, importMeta) {
     cli.showHelp();
     return;
   }
-  const {
-    path: binPath
-  } = await pathResolve.findBinPathDetails(binName);
-  if (!binPath) {
-    // The exit code 127 indicates that the command or binary being executed
-    // could not be found.
-    console.error(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable.`);
-    process$1.exit(127);
-  }
-  const spawnPromise = spawn(binPath, argv, {
+  const spawnPromise = spawn(npmPaths.getNpxBinPath(), argv, {
     signal: abortSignal,
     stdio: 'inherit'
   });
@@ -2218,7 +2160,6 @@ const create$2 = {
         }));
         if (reportData) {
           formatReportDataOutput(reportData, {
-            includeAllIssues,
             name,
             outputJson,
             outputMarkdown,
@@ -2330,7 +2271,7 @@ async function setupCommand$g(name, description, argv, importMeta) {
       cause
     });
   });
-  const packagePaths = await pathResolve.getPackageFiles(cwd, cli.input, config$1, supportedFiles);
+  const packagePaths = await npmPaths.getPackageFiles(cwd, cli.input, config$1, supportedFiles);
   return {
     config: config$1,
     cwd,
@@ -2348,7 +2289,7 @@ async function createReport(packagePaths, {
   cwd,
   dryRun
 }) {
-  pathResolve.debugLog('Uploading:', packagePaths.join(`\n${pathResolve.logSymbols.info} Uploading: `));
+  npmPaths.debugLog('Uploading:', packagePaths.join(`\n${npmPaths.logSymbols.info} Uploading: `));
   if (dryRun) {
     return;
   }
@@ -2718,7 +2659,7 @@ async function setupCommand$e(name, description, argv, importMeta) {
       cause
     });
   });
-  const packagePaths = await pathResolve.getPackageFilesFullScans(cwd, cli.input, supportedFiles);
+  const packagePaths = await npmPaths.getPackageFilesFullScans(cwd, cli.input, supportedFiles);
   const {
     branch: branchName,
     repo: repoName
@@ -3833,7 +3774,7 @@ const dependencies = {
   }) {
     const name = parentName + ' dependencies';
     const input = setupCommand$3(name, dependencies.description, argv, importMeta);
-    {
+    if (input) {
       await searchDeps(input);
     }
   }
@@ -4401,7 +4342,7 @@ const threatFeed = {
   }) {
     const name = `${parentName} threat-feed`;
     const input = setupCommand(name, threatFeed.description, argv, importMeta);
-    {
+    if (input) {
       const apiKey = socketUrl.getDefaultToken();
       if (!apiKey) {
         throw new socketUrl.AuthError('User must be authenticated to run this command. To log in, run the command `socket login` and enter your API key.');
@@ -4622,7 +4563,7 @@ void (async () => {
     } else {
       errorTitle = 'Unexpected error with no details';
     }
-    console.error(`${pathResolve.logSymbols.error} ${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
+    console.error(`${npmPaths.logSymbols.error} ${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
     if (errorBody) {
       console.error(`\n${errorBody}`);
     }