npm - socket - Versions diffs - 0.14.50 → 0.14.51 - Mend

socket 0.14.50 → 0.14.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/constants.js +2 -2
package/dist/constants.js.map +1 -1
package/dist/module-sync/cli.js +91 -108
package/dist/module-sync/cli.js.map +1 -1
package/dist/module-sync/index.d.ts +1 -1
package/dist/module-sync/index.js +18 -19
package/dist/module-sync/index.js.map +1 -1
package/dist/module-sync/npm-paths.js +3 -43
package/dist/module-sync/npm-paths.js.map +1 -1
package/dist/require/cli.js +91 -108
package/dist/require/cli.js.map +1 -1
package/package.json +6 -6
package/dist/module-sync/logging.d.ts +0 -16

package/dist/constants.js CHANGED Viewed

@@ -85,7 +85,7 @@ const LAZY_ENV = () => {
     [SOCKET_CLI_SHOW_BANNER]: env.envAsBoolean(env$1[SOCKET_CLI_SHOW_BANNER]),
     // Inlined flag set to determine the version hash of the build.
     // The '@rollup/plugin-replace' will replace "process.env[SOCKET_CLI_VERSION_HASH]".
-    [SOCKET_CLI_VERSION_HASH]: "0.14.50:c8e152a:9d057324:pub"
+    [SOCKET_CLI_VERSION_HASH]: "0.14.51:8252840:74d39aac:pub"
   });
 };
 const lazyBashRcPath = () =>
@@ -220,5 +220,5 @@ const constants = createConstantsObject({
 });
 module.exports = constants;
-//# debugId=a5771a10-6737-427c-9cb8-6f8ff5e25da9
+//# debugId=bdcb3caf-5282-4fa6-ae91-2e8d5092c6de
 //# sourceMappingURL=constants.js.map

package/dist/constants.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"constants.js","sources":["../../src/constants.ts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport os from 'node:os'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\nimport { envAsBoolean } from '@socketsecurity/registry/lib/env'\n\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst {\n NODE_MODULES,\n PACKAGE_JSON,\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n createConstantsObject\n }\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIPC'> &\n Readonly<{\n getIPC: {\n (): Promise<IPC>\n <K extends keyof IPC \| undefined>(\n key?: K\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_LEGACY_BUILD: boolean\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_PUBLISHED_BUILD: boolean\n SOCKET_CLI_SENTRY_BUILD: boolean\n SOCKET_CLI_SHOW_BANNER: boolean\n SOCKET_CLI_VERSION_HASH: string\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string\n SOCKET_CLI_OPTIMIZE?: boolean\n SOCKET_CLI_SAFE_WRAPPER?: boolean\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' \| 'ENV' \| 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE: 'socketUpgradeAvailable'\n readonly API_V0_URL: 'https://api.socket.dev/v0'\n readonly BABEL_RUNTIME: '@babel/runtime'\n readonly BATCH_PURL_ENDPOINT: 'https://api.socket.dev/v0/purl?alerts=true&compact=true'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly CLI: 'cli'\n readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n readonly CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE: 'vulnerableVersionRange'\n readonly ENV: ENV\n readonly DIST_TYPE: 'module-sync' \| 'require'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly MODULE_SYNC: 'module-sync'\n readonly NPM_INJECTION: 'npm-injection'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly NPX: 'npx'\n readonly PNPM: 'pnpm'\n readonly REQUIRE: 'require'\n readonly SHADOW_BIN: 'shadow-bin'\n readonly SOCKET: 'socket'\n readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_LEGACY_BUILD: 'SOCKET_CLI_LEGACY_BUILD'\n readonly SOCKET_CLI_NO_API_TOKEN: 'SOCKET_CLI_NO_API_TOKEN'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PUBLISHED_BUILD: 'SOCKET_CLI_PUBLISHED_BUILD'\n readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER'\n readonly SOCKET_CLI_SENTRY_BUILD: 'SOCKET_CLI_SENTRY_BUILD'\n readonly SOCKET_CLI_SHOW_BANNER: 'SOCKET_CLI_SHOW_BANNER'\n readonly SOCKET_CLI_VERSION_HASH: 'SOCKET_CLI_VERSION_HASH'\n readonly VLT: 'vlt'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly bashRcPath: string\n readonly cdxgenBinPath: string\n readonly distPath: string\n readonly homePath: string\n readonly instrumentWithSentryPath: string\n readonly nmBinPath: string\n readonly npmInjectionPath: string\n readonly rootBinPath: string\n readonly rootDistPath: string\n readonly rootPath: string\n readonly rootPkgJsonPath: string\n readonly shadowBinPath: string\n readonly synpBinPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE = 'socketUpgradeAvailable'\nconst API_V0_URL = 'https://api.socket.dev/v0'\nconst BABEL_RUNTIME = '@babel/runtime'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n 'firstPatchedVersionIdentifier'\nconst CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE = 'vulnerableVersionRange'\nconst LOCK_EXT = '.lock'\nconst MODULE_SYNC = 'module-sync'\nconst NPM_INJECTION = 'npm-injection'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst NPX = 'npx'\nconst PNPM = 'pnpm'\nconst REQUIRE = 'require'\nconst SHADOW_BIN = 'shadow-bin'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_BUILD = 'SOCKET_CLI_LEGACY_BUILD'\nconst SOCKET_CLI_NO_API_TOKEN = 'SOCKET_CLI_NO_API_TOKEN'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_PUBLISHED_BUILD = 'SOCKET_CLI_PUBLISHED_BUILD'\nconst SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER'\nconst SOCKET_CLI_SENTRY_BUILD = 'SOCKET_CLI_SENTRY_BUILD'\nconst SOCKET_CLI_SHOW_BANNER = 'SOCKET_CLI_SHOW_BANNER'\nconst SOCKET_CLI_VERSION_HASH = 'SOCKET_CLI_VERSION_HASH'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = `${YARN}/berry`\nconst YARN_CLASSIC = `${YARN}/classic`\n\nlet _Sentry: any\n\nconst LAZY_BATCH_PURL_ENDPOINT = () => {\n const query = new URLSearchParams()\n query.append('alerts', 'true')\n query.append('compact', 'true')\n return `${API_V0_URL}/purl?${query}`\n}\n\nconst LAZY_DIST_TYPE = () =>\n registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE\n\nconst LAZY_ENV = () => {\n const { env } = process\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Flag set to help debug Socket CLI.\n [SOCKET_CLI_DEBUG]: envAsBoolean(env[SOCKET_CLI_DEBUG]),\n // Inlined flag set to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_LEGACY_BUILD]\".\n [SOCKET_CLI_LEGACY_BUILD]: process.env[SOCKET_CLI_LEGACY_BUILD],\n // Flag set to make the default API token `undefined`.\n [SOCKET_CLI_NO_API_TOKEN]: envAsBoolean(env[SOCKET_CLI_NO_API_TOKEN]),\n // Inlined flag set to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_PUBLISHED_BUILD]\".\n [SOCKET_CLI_PUBLISHED_BUILD]: process.env[SOCKET_CLI_PUBLISHED_BUILD],\n // Inlined flag set to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_SENTRY_BUILD]\".\n [SOCKET_CLI_SENTRY_BUILD]: process.env[SOCKET_CLI_SENTRY_BUILD],\n // Flag set to toggle the informative ASCII art banner.\n [SOCKET_CLI_SHOW_BANNER]: envAsBoolean(env[SOCKET_CLI_SHOW_BANNER]),\n // Inlined flag set to determine the version hash of the build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_VERSION_HASH]\".\n [SOCKET_CLI_VERSION_HASH]: process.env[SOCKET_CLI_VERSION_HASH]\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyCdxgenBinPath = () =>\n // Lazily access constants.nmBinPath.\n path.join(constants.nmBinPath, 'cdxgen')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootDistPath and constants.DIST_TYPE.\n path.join(constants.rootDistPath, constants.DIST_TYPE)\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, 'instrument-with-sentry.js')\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, `${NODE_MODULES}/.bin`)\n\nconst lazyNpmInjectionPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${NPM_INJECTION}.js`)\n\nconst lazyRootBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyRootDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () =>\n // The '@rollup/plugin-replace' will replace \"process.env.['VITEST']\" with `false` and\n // it will be dead code eliminated by Rollup.\n path.resolve(\n realpathSync.native(__dirname),\n process.env['SOCKET_CLI_TEST_DIST_BUILD'] ? '../..' : '..'\n )\n\nconst lazyRootPkgJsonPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, PACKAGE_JSON)\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, SHADOW_BIN)\n\nconst lazySynpBinPath = () =>\n // Lazily access constants.nmBinPath.\n path.join(constants.nmBinPath, 'synp')\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants = <Constants>createConstantsObject(\n {\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE,\n API_V0_URL,\n BABEL_RUNTIME,\n // Lazily defined values are initialized as `undefined` to keep their key order.\n BATCH_PURL_ENDPOINT: undefined,\n BINARY_LOCK_EXT,\n BUN,\n CLI,\n CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE,\n DIST_TYPE: undefined,\n ENV: undefined,\n LOCK_EXT,\n MODULE_SYNC,\n NPM_INJECTION,\n NPM_REGISTRY_URL,\n NPX,\n PNPM,\n REQUIRE,\n SHADOW_BIN,\n SOCKET,\n SOCKET_CLI_DEBUG,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_LEGACY_BUILD,\n SOCKET_CLI_NO_API_TOKEN,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PUBLISHED_BUILD,\n SOCKET_CLI_SAFE_WRAPPER,\n SOCKET_CLI_SENTRY_BUILD,\n SOCKET_CLI_SHOW_BANNER,\n SOCKET_CLI_VERSION_HASH,\n VLT,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n bashRcPath: undefined,\n cdxgenBinPath: undefined,\n distPath: undefined,\n homePath: undefined,\n instrumentWithSentryPath: undefined,\n nmBinPath: undefined,\n npmInjectionPath: undefined,\n rootBinPath: undefined,\n rootDistPath: undefined,\n rootPath: undefined,\n rootPkgJsonPath: undefined,\n shadowBinPath: undefined,\n synpBinPath: undefined,\n zshRcPath: undefined\n },\n {\n getters: {\n BATCH_PURL_ENDPOINT: LAZY_BATCH_PURL_ENDPOINT,\n DIST_TYPE: LAZY_DIST_TYPE,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n distPath: lazyDistPath,\n cdxgenBinPath: lazyCdxgenBinPath,\n homePath: lazyHomePath,\n instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n nmBinPath: lazyNmBinPath,\n npmInjectionPath: lazyNpmInjectionPath,\n rootBinPath: lazyRootBinPath,\n rootDistPath: lazyRootDistPath,\n rootPath: lazyRootPath,\n rootPkgJsonPath: lazyRootPkgJsonPath,\n shadowBinPath: lazyShadowBinPath,\n synpBinPath: lazySynpBinPath,\n zshRcPath: lazyZshRcPath\n },\n internals: {\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n }\n },\n mixin: registryConstants\n }\n)\n\nexport default constants\n"],"names":["createConstantsObject","query","env","path","constants","BATCH_PURL_ENDPOINT","DIST_TYPE","ENV","bashRcPath","cdxgenBinPath","distPath","homePath","instrumentWithSentryPath","nmBinPath","npmInjectionPath","rootBinPath","rootDistPath","rootPath","rootPkgJsonPath","shadowBinPath","synpBinPath","zshRcPath","getters","internals","getSentry","_Sentry","mixin"],"mappings":";;;;;;;;;AAUA;;;;AAIE;AACEA;AACF;AACF;AAqGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACE;AACAC;AACAA;AACA;AACF;AAEA;AAGA;;AACUC;AAAI;AACZ;AACA;;AAEE;;AAEA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACAA;AAKF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEIC;;;;;;;;AASF;AACAC;;;;;;AAMAC;AACAC;;;;;;;;;;;;;;;;;;;;;;;;;AAyBAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;AACEjB;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;AACEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;;AAEFC;AACF;;","debugId":"a5771a10-6737-427c-9cb8-6f8ff5e25da9"}
1	+ {"version":3,"file":"constants.js","sources":["../../src/constants.ts"],"sourcesContent":["import { realpathSync } from 'node:fs'\nimport os from 'node:os'\nimport path from 'node:path'\nimport process from 'node:process'\n\nimport registryConstants from '@socketsecurity/registry/lib/constants'\nimport { envAsBoolean } from '@socketsecurity/registry/lib/env'\n\nimport type { Remap } from '@socketsecurity/registry/lib/objects'\n\nconst {\n NODE_MODULES,\n PACKAGE_JSON,\n kInternalsSymbol,\n [kInternalsSymbol as unknown as 'Symbol(kInternalsSymbol)']: {\n createConstantsObject\n }\n} = registryConstants\n\ntype RegistryEnv = typeof registryConstants.ENV\n\ntype RegistryInternals = (typeof registryConstants)['Symbol(kInternalsSymbol)']\n\ntype Sentry = any\n\ntype Internals = Remap<\n Omit<RegistryInternals, 'getIPC'> &\n Readonly<{\n getIPC: {\n (): Promise<IPC>\n <K extends keyof IPC \| undefined>(\n key?: K\n ): Promise<K extends keyof IPC ? IPC[K] : IPC>\n }\n getSentry: () => Sentry\n setSentry(Sentry: Sentry): boolean\n }>\n>\n\ntype ENV = Remap<\n RegistryEnv &\n Readonly<{\n SOCKET_CLI_DEBUG: boolean\n SOCKET_CLI_LEGACY_BUILD: boolean\n SOCKET_CLI_NO_API_TOKEN: boolean\n SOCKET_CLI_PUBLISHED_BUILD: boolean\n SOCKET_CLI_SENTRY_BUILD: boolean\n SOCKET_CLI_SHOW_BANNER: boolean\n SOCKET_CLI_VERSION_HASH: string\n }>\n>\n\ntype IPC = Readonly<{\n SOCKET_CLI_FIX?: string\n SOCKET_CLI_OPTIMIZE?: boolean\n SOCKET_CLI_SAFE_WRAPPER?: boolean\n}>\n\ntype Constants = Remap<\n Omit<typeof registryConstants, 'Symbol(kInternalsSymbol)' \| 'ENV' \| 'IPC'> & {\n readonly 'Symbol(kInternalsSymbol)': Internals\n readonly ALERT_TYPE_CRITICAL_CVE: 'criticalCVE'\n readonly ALERT_TYPE_CVE: 'cve'\n readonly ALERT_TYPE_MEDIUM_CVE: 'mediumCVE'\n readonly ALERT_TYPE_MILD_CVE: 'mildCVE'\n readonly ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE: 'socketUpgradeAvailable'\n readonly API_V0_URL: 'https://api.socket.dev/v0'\n readonly BABEL_RUNTIME: '@babel/runtime'\n readonly BATCH_PURL_ENDPOINT: 'https://api.socket.dev/v0/purl?alerts=true&compact=true'\n readonly BINARY_LOCK_EXT: '.lockb'\n readonly BUN: 'bun'\n readonly CLI: 'cli'\n readonly CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER: 'firstPatchedVersionIdentifier'\n readonly CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE: 'vulnerableVersionRange'\n readonly ENV: ENV\n readonly DIST_TYPE: 'module-sync' \| 'require'\n readonly IPC: IPC\n readonly LOCK_EXT: '.lock'\n readonly MODULE_SYNC: 'module-sync'\n readonly NPM_INJECTION: 'npm-injection'\n readonly NPM_REGISTRY_URL: 'https://registry.npmjs.org'\n readonly NPX: 'npx'\n readonly PNPM: 'pnpm'\n readonly REQUIRE: 'require'\n readonly SHADOW_BIN: 'shadow-bin'\n readonly SOCKET: 'socket'\n readonly SOCKET_CLI_DEBUG: 'SOCKET_CLI_DEBUG'\n readonly SOCKET_CLI_FIX: 'SOCKET_CLI_FIX'\n readonly SOCKET_CLI_ISSUES_URL: 'https://github.com/SocketDev/socket-cli/issues'\n readonly SOCKET_CLI_LEGACY_BUILD: 'SOCKET_CLI_LEGACY_BUILD'\n readonly SOCKET_CLI_NO_API_TOKEN: 'SOCKET_CLI_NO_API_TOKEN'\n readonly SOCKET_CLI_OPTIMIZE: 'SOCKET_CLI_OPTIMIZE'\n readonly SOCKET_CLI_PUBLISHED_BUILD: 'SOCKET_CLI_PUBLISHED_BUILD'\n readonly SOCKET_CLI_SAFE_WRAPPER: 'SOCKET_CLI_SAFE_WRAPPER'\n readonly SOCKET_CLI_SENTRY_BUILD: 'SOCKET_CLI_SENTRY_BUILD'\n readonly SOCKET_CLI_SHOW_BANNER: 'SOCKET_CLI_SHOW_BANNER'\n readonly SOCKET_CLI_VERSION_HASH: 'SOCKET_CLI_VERSION_HASH'\n readonly VLT: 'vlt'\n readonly YARN: 'yarn'\n readonly YARN_BERRY: 'yarn/berry'\n readonly YARN_CLASSIC: 'yarn/classic'\n readonly bashRcPath: string\n readonly cdxgenBinPath: string\n readonly distPath: string\n readonly homePath: string\n readonly instrumentWithSentryPath: string\n readonly nmBinPath: string\n readonly npmInjectionPath: string\n readonly rootBinPath: string\n readonly rootDistPath: string\n readonly rootPath: string\n readonly rootPkgJsonPath: string\n readonly shadowBinPath: string\n readonly synpBinPath: string\n readonly zshRcPath: string\n }\n>\n\nconst ALERT_TYPE_CRITICAL_CVE = 'criticalCVE'\nconst ALERT_TYPE_CVE = 'cve'\nconst ALERT_TYPE_MEDIUM_CVE = 'mediumCVE'\nconst ALERT_TYPE_MILD_CVE = 'mildCVE'\nconst ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE = 'socketUpgradeAvailable'\nconst API_V0_URL = 'https://api.socket.dev/v0'\nconst BABEL_RUNTIME = '@babel/runtime'\nconst BINARY_LOCK_EXT = '.lockb'\nconst BUN = 'bun'\nconst CLI = 'cli'\nconst CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER =\n 'firstPatchedVersionIdentifier'\nconst CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE = 'vulnerableVersionRange'\nconst LOCK_EXT = '.lock'\nconst MODULE_SYNC = 'module-sync'\nconst NPM_INJECTION = 'npm-injection'\nconst NPM_REGISTRY_URL = 'https://registry.npmjs.org'\nconst NPX = 'npx'\nconst PNPM = 'pnpm'\nconst REQUIRE = 'require'\nconst SHADOW_BIN = 'shadow-bin'\nconst SOCKET = 'socket'\nconst SOCKET_CLI_DEBUG = 'SOCKET_CLI_DEBUG'\nconst SOCKET_CLI_FIX = 'SOCKET_CLI_FIX'\nconst SOCKET_CLI_ISSUES_URL = 'https://github.com/SocketDev/socket-cli/issues'\nconst SOCKET_CLI_LEGACY_BUILD = 'SOCKET_CLI_LEGACY_BUILD'\nconst SOCKET_CLI_NO_API_TOKEN = 'SOCKET_CLI_NO_API_TOKEN'\nconst SOCKET_CLI_OPTIMIZE = 'SOCKET_CLI_OPTIMIZE'\nconst SOCKET_CLI_PUBLISHED_BUILD = 'SOCKET_CLI_PUBLISHED_BUILD'\nconst SOCKET_CLI_SAFE_WRAPPER = 'SOCKET_CLI_SAFE_WRAPPER'\nconst SOCKET_CLI_SENTRY_BUILD = 'SOCKET_CLI_SENTRY_BUILD'\nconst SOCKET_CLI_SHOW_BANNER = 'SOCKET_CLI_SHOW_BANNER'\nconst SOCKET_CLI_VERSION_HASH = 'SOCKET_CLI_VERSION_HASH'\nconst VLT = 'vlt'\nconst YARN = 'yarn'\nconst YARN_BERRY = `${YARN}/berry`\nconst YARN_CLASSIC = `${YARN}/classic`\n\nlet _Sentry: any\n\nconst LAZY_BATCH_PURL_ENDPOINT = () => {\n const query = new URLSearchParams()\n query.append('alerts', 'true')\n query.append('compact', 'true')\n return `${API_V0_URL}/purl?${query}`\n}\n\nconst LAZY_DIST_TYPE = () =>\n registryConstants.SUPPORTS_NODE_REQUIRE_MODULE ? MODULE_SYNC : REQUIRE\n\nconst LAZY_ENV = () => {\n const { env } = process\n // We inline some environment values so that they CANNOT be influenced by user\n // provided environment variables.\n return Object.freeze({\n // Lazily access registryConstants.ENV.\n ...registryConstants.ENV,\n // Flag set to help debug Socket CLI.\n [SOCKET_CLI_DEBUG]: envAsBoolean(env[SOCKET_CLI_DEBUG]),\n // Inlined flag set to determine if this is the Legacy build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_LEGACY_BUILD]\".\n [SOCKET_CLI_LEGACY_BUILD]: process.env[SOCKET_CLI_LEGACY_BUILD],\n // Flag set to make the default API token `undefined`.\n [SOCKET_CLI_NO_API_TOKEN]: envAsBoolean(env[SOCKET_CLI_NO_API_TOKEN]),\n // Inlined flag set to determine if this is a published build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_PUBLISHED_BUILD]\".\n [SOCKET_CLI_PUBLISHED_BUILD]: process.env[SOCKET_CLI_PUBLISHED_BUILD],\n // Inlined flag set to determine if this is the Sentry build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_SENTRY_BUILD]\".\n [SOCKET_CLI_SENTRY_BUILD]: process.env[SOCKET_CLI_SENTRY_BUILD],\n // Flag set to toggle the informative ASCII art banner.\n [SOCKET_CLI_SHOW_BANNER]: envAsBoolean(env[SOCKET_CLI_SHOW_BANNER]),\n // Inlined flag set to determine the version hash of the build.\n // The '@rollup/plugin-replace' will replace \"process.env[SOCKET_CLI_VERSION_HASH]\".\n [SOCKET_CLI_VERSION_HASH]: process.env[SOCKET_CLI_VERSION_HASH]\n })\n}\n\nconst lazyBashRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.bashrc')\n\nconst lazyCdxgenBinPath = () =>\n // Lazily access constants.nmBinPath.\n path.join(constants.nmBinPath, 'cdxgen')\n\nconst lazyDistPath = () =>\n // Lazily access constants.rootDistPath and constants.DIST_TYPE.\n path.join(constants.rootDistPath, constants.DIST_TYPE)\n\nconst lazyHomePath = () => os.homedir()\n\nconst lazyInstrumentWithSentryPath = () =>\n // Lazily access constants.rootDistPath.\n path.join(constants.rootDistPath, 'instrument-with-sentry.js')\n\nconst lazyNmBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, `${NODE_MODULES}/.bin`)\n\nconst lazyNpmInjectionPath = () =>\n // Lazily access constants.distPath.\n path.join(constants.distPath, `${NPM_INJECTION}.js`)\n\nconst lazyRootBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'bin')\n\nconst lazyRootDistPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, 'dist')\n\nconst lazyRootPath = () =>\n // The '@rollup/plugin-replace' will replace \"process.env.['VITEST']\" with `false` and\n // it will be dead code eliminated by Rollup.\n path.resolve(\n realpathSync.native(__dirname),\n process.env['SOCKET_CLI_TEST_DIST_BUILD'] ? '../..' : '..'\n )\n\nconst lazyRootPkgJsonPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, PACKAGE_JSON)\n\nconst lazyShadowBinPath = () =>\n // Lazily access constants.rootPath.\n path.join(constants.rootPath, SHADOW_BIN)\n\nconst lazySynpBinPath = () =>\n // Lazily access constants.nmBinPath.\n path.join(constants.nmBinPath, 'synp')\n\nconst lazyZshRcPath = () =>\n // Lazily access constants.homePath.\n path.join(constants.homePath, '.zshrc')\n\nconst constants = <Constants>createConstantsObject(\n {\n ALERT_TYPE_CRITICAL_CVE,\n ALERT_TYPE_CVE,\n ALERT_TYPE_MEDIUM_CVE,\n ALERT_TYPE_MILD_CVE,\n ALERT_TYPE_SOCKET_UPGRADE_AVAILABLE,\n API_V0_URL,\n BABEL_RUNTIME,\n // Lazily defined values are initialized as `undefined` to keep their key order.\n BATCH_PURL_ENDPOINT: undefined,\n BINARY_LOCK_EXT,\n BUN,\n CLI,\n CVE_ALERT_PROPS_FIRST_PATCHED_VERSION_IDENTIFIER,\n CVE_ALERT_PROPS_VULNERABLE_VERSION_RANGE,\n DIST_TYPE: undefined,\n ENV: undefined,\n LOCK_EXT,\n MODULE_SYNC,\n NPM_INJECTION,\n NPM_REGISTRY_URL,\n NPX,\n PNPM,\n REQUIRE,\n SHADOW_BIN,\n SOCKET,\n SOCKET_CLI_DEBUG,\n SOCKET_CLI_FIX,\n SOCKET_CLI_ISSUES_URL,\n SOCKET_CLI_LEGACY_BUILD,\n SOCKET_CLI_NO_API_TOKEN,\n SOCKET_CLI_OPTIMIZE,\n SOCKET_CLI_PUBLISHED_BUILD,\n SOCKET_CLI_SAFE_WRAPPER,\n SOCKET_CLI_SENTRY_BUILD,\n SOCKET_CLI_SHOW_BANNER,\n SOCKET_CLI_VERSION_HASH,\n VLT,\n YARN,\n YARN_BERRY,\n YARN_CLASSIC,\n bashRcPath: undefined,\n cdxgenBinPath: undefined,\n distPath: undefined,\n homePath: undefined,\n instrumentWithSentryPath: undefined,\n nmBinPath: undefined,\n npmInjectionPath: undefined,\n rootBinPath: undefined,\n rootDistPath: undefined,\n rootPath: undefined,\n rootPkgJsonPath: undefined,\n shadowBinPath: undefined,\n synpBinPath: undefined,\n zshRcPath: undefined\n },\n {\n getters: {\n BATCH_PURL_ENDPOINT: LAZY_BATCH_PURL_ENDPOINT,\n DIST_TYPE: LAZY_DIST_TYPE,\n ENV: LAZY_ENV,\n bashRcPath: lazyBashRcPath,\n distPath: lazyDistPath,\n cdxgenBinPath: lazyCdxgenBinPath,\n homePath: lazyHomePath,\n instrumentWithSentryPath: lazyInstrumentWithSentryPath,\n nmBinPath: lazyNmBinPath,\n npmInjectionPath: lazyNpmInjectionPath,\n rootBinPath: lazyRootBinPath,\n rootDistPath: lazyRootDistPath,\n rootPath: lazyRootPath,\n rootPkgJsonPath: lazyRootPkgJsonPath,\n shadowBinPath: lazyShadowBinPath,\n synpBinPath: lazySynpBinPath,\n zshRcPath: lazyZshRcPath\n },\n internals: {\n getSentry() {\n return _Sentry\n },\n setSentry(Sentry: Sentry): boolean {\n if (_Sentry === undefined) {\n _Sentry = Sentry\n return true\n }\n return false\n }\n },\n mixin: registryConstants\n }\n)\n\nexport default constants\n"],"names":["createConstantsObject","query","env","path","constants","BATCH_PURL_ENDPOINT","DIST_TYPE","ENV","bashRcPath","cdxgenBinPath","distPath","homePath","instrumentWithSentryPath","nmBinPath","npmInjectionPath","rootBinPath","rootDistPath","rootPath","rootPkgJsonPath","shadowBinPath","synpBinPath","zshRcPath","getters","internals","getSentry","_Sentry","mixin"],"mappings":";;;;;;;;;AAUA;;;;AAIE;AACEA;AACF;AACF;AAqGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AAEA;AACE;AACAC;AACAA;AACA;AACF;AAEA;AAGA;;AACUC;AAAI;AACZ;AACA;;AAEE;;AAEA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACF;AACF;AAEA;AACE;AACAC;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AAEA;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACA;AACAA;AAKF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEF;AACE;AACAA;AAEIC;;;;;;;;AASF;AACAC;;;;;;AAMAC;AACAC;;;;;;;;;;;;;;;;;;;;;;;;;AAyBAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACF;AAEEC;AACEjB;AACAC;AACAC;AACAC;AACAE;AACAD;AACAE;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;AACAC;;AAEFE;AACEC;AACE;;;;AAIEC;AACA;AACF;AACA;AACF;;AAEFC;AACF;;","debugId":"bdcb3caf-5282-4fa6-ae91-2e8d5092c6de"}

package/dist/module-sync/cli.js CHANGED Viewed

@@ -15,6 +15,7 @@ var node_url = require('node:url');
 var ponyCause = _socketInterop(require('pony-cause'));
 var updateNotifier = _socketInterop(require('tiny-updater'));
 var colors = _socketInterop(require('yoctocolors-cjs'));
+var logger = require('@socketsecurity/registry/lib/logger');
 var micromatch = _socketInterop(require('micromatch'));
 var simpleGit = _socketInterop(require('simple-git'));
 var sdk = require('@socketsecurity/sdk');
@@ -1517,7 +1518,7 @@ function meowOrExit({
 }
 function getAsciiHeader(command) {
   const cliVersion = // The '@rollup/plugin-replace' will replace "process.env['SOCKET_CLI_VERSION_HASH']".
-  "0.14.50:c8e152a:9d057324:pub";
+  "0.14.51:8252840:74d39aac:pub";
   const nodeVersion = process.version;
   const apiToken = index.getSetting('apiToken');
   const shownToken = apiToken ? getLastFiveOfApiToken(apiToken) : 'no';
@@ -2337,10 +2338,8 @@ async function getDiffScan({
   orgSlug,
   outputJson
 }, apiToken) {
-  const spinnerText = 'Getting diff scan... \n';
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Getting diff scan...');
   const response = await queryAPI(`${orgSlug}/full-scans/diff?before=${before}&after=${after}&preview`, apiToken);
   const data = await response.json();
   if (!response.ok) {
@@ -2517,9 +2516,7 @@ async function runFix() {
       const tree = arb.idealTree;
       const hasUpgrade = !!registry.getManifestData(NPM$d, name);
       if (hasUpgrade) {
-        spinner$1.stop();
-        console.log(`Skipping ${name}. Socket Optimize package exists.`);
-        spinner$1.start();
+        spinner$1.info(`Skipping ${name}. Socket Optimize package exists.`);
         continue;
       }
       const nodes = index.findPackageNodes(tree, name);
@@ -2545,10 +2542,10 @@ async function runFix() {
               try {
                 // eslint-disable-next-line no-await-in-loop
                 await npm.runScript('test', [], {
-                  stdio: 'pipe'
+                  spinner: spinner$1,
+                  stdio: 'ignore'
                 });
                 spinner$1.info(`Patched ${name} ${oldVersion} -> ${node.version}`);
-                spinner$1.start();
                 if (isTopLevel(tree, node)) {
                   for (const depField of ['dependencies', 'optionalDependencies', 'peerDependencies']) {
                     const oldVersion = editablePkgJson.content[depField]?.[name];
@@ -2561,14 +2558,11 @@ async function runFix() {
                 // eslint-disable-next-line no-await-in-loop
                 await editablePkgJson.save();
               } catch {
-                spinner$1.errorAndStop(`Reverting ${name} to ${oldVersion}`);
-                spinner$1.start();
+                spinner$1.error(`Reverting ${name} to ${oldVersion}`);
                 arb.idealTree = revertToIdealTree;
               }
             } else {
-              spinner$1.stop();
-              console.log(`Could not patch ${name} ${oldVersion}`);
-              spinner$1.start();
+              spinner$1.error(`Could not patch ${name} ${oldVersion}`);
             }
           }
         }
@@ -2909,9 +2903,8 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
   })) || SOCKET_PUBLIC_API_TOKEN;
   apiBaseUrl ??= index.getSetting('apiBaseUrl') ?? undefined;
   apiProxy ??= index.getSetting('apiProxy') ?? undefined;
-  const spinner$1 = new spinner.Spinner({
-    text: 'Verifying API key...'
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Verifying API key...');
   let orgs;
   try {
     const sdk = await index.setupSdk(apiToken, apiBaseUrl, apiProxy);
@@ -2938,6 +2931,8 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
         value: '',
         description: 'Pick "None" if this is a personal device'
       })
+    }, {
+      spinner: spinner$1
     });
     if (id) {
       enforcedOrgs = [id];
@@ -2946,6 +2941,8 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
     const confirmOrg = await prompts.confirm({
       message: `Should Socket enforce ${enforcedChoices[0]?.name}'s security policies system-wide?`,
       default: true
+    }, {
+      spinner: spinner$1
     });
     if (confirmOrg) {
       const existing = enforcedChoices[0];
@@ -3027,9 +3024,9 @@ function applyLogout() {
 function attemptLogout() {
   try {
     applyLogout();
-    new spinner.Spinner().success('Successfully logged out');
+    logger.logger.success('Successfully logged out');
   } catch {
-    new spinner.Spinner().success('Failed to complete logout steps');
+    logger.logger.error('Failed to complete logout steps');
   }
 }
@@ -3096,12 +3093,11 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     const initLocation = path.join(constants.rootDistPath, 'init.gradle');
     const commandArgs = ['--init-script', initLocation, ...gradleOpts, 'pom'];
     if (verbose) {
-      console.log('\n[VERBOSE] Executing:', bin, commandArgs);
+      spinner$1.log('[VERBOSE] Executing:', bin, commandArgs);
     }
     const output = await spawn(bin, commandArgs, {
       cwd: target || '.'
     });
-    spinner$1.stop();
     if (verbose) {
       console.group('[VERBOSE] gradle stdout:');
       console.log(output);
@@ -3117,7 +3113,6 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
       }
       process.exit(1);
     }
-    spinner$1.start();
     spinner$1.successAndStop('Executed gradle successfully');
     console.log('Reported exports:');
     output.stdout.replace(/^POM file copied to: (.*)/gm, (_all, fn) => {
@@ -3127,7 +3122,7 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     // const loc = output.stdout?.match(/Wrote (.*?.pom)\n/)?.[1]?.trim()
     // if (!loc) {
-    //   spinner.errorAndStop(
+    //   console.error(
     //     'There were no errors from sbt but could not find the location of resulting .pom file either'
     //   )
     //   process.exit(1)
@@ -3135,22 +3130,22 @@ async function convertGradleToMaven(target, bin, _out, verbose, gradleOpts) {
     //
     // // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
     // if (out === '-') {
-    //   spinner.start('Result:\n```').success()
+    //   spinner.start('Result:\n```')
     //   console.log(await safeReadFile(loc, 'utf8'))
     //   console.log('```')
-    //   spinner.start().success(`OK`)
+    //   spinner.successAndStop(`OK`)
     // } else {
+    //   spinner.start()
     //   if (verbose) {
-    //     spinner.start(
+    //     spinner.log(
     //       `Moving manifest file from \`${loc.replace(/^\/home\/[^/]*?\//, '~/')}\` to \`${out}\``
     //     )
     //   } else {
-    //     spinner.start('Moving output pom file')
+    //     spinner.log('Moving output pom file')
     //   }
     //   // TODO: do we prefer fs-extra? renaming can be gnarly on windows and fs-extra's version is better
     //   await renamep(loc, out)
-    //   spinner.successAndStop()
-    //   spinner.start().success(`OK. File should be available in \`${out}\``)
+    //   spinner.successAndStop(`OK. File should be available in \`${out}\``)
     // }
   } catch (e) {
     spinner$1.errorAndStop('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
@@ -3321,22 +3316,22 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
   const spinner$1 = new spinner.Spinner();
   spinner$1.start(`Converting sbt to maven from \`${bin}\` on \`${target}\`...`);
   try {
-    // Run sbt with the init script we provide which should yield zero or more pom files.
-    // We have to figure out where to store those pom files such that we can upload them and predict them through the GitHub API.
-    // We could do a .socket folder. We could do a socket.pom.gz with all the poms, although I'd prefer something plain-text if it is to be committed.
+    // Run sbt with the init script we provide which should yield zero or more
+    // pom files. We have to figure out where to store those pom files such that
+    // we can upload them and predict them through the GitHub API. We could do a
+    // .socket folder. We could do a socket.pom.gz with all the poms, although
+    // I'd prefer something plain-text if it is to be committed.
     const output = await spawn(bin, ['makePom'].concat(sbtOpts), {
       cwd: target || '.'
     });
-    spinner$1.successAndStop();
+    spinner$1.stop();
     if (verbose) {
       console.group('[VERBOSE] sbt stdout:');
       console.log(output);
       console.groupEnd();
     }
     if (output.stderr) {
-      spinner$1.start();
-      spinner$1.errorAndStop('There were errors while running sbt');
+      logger.logger.error('There were errors while running sbt');
       // (In verbose mode, stderr was printed above, no need to repeat it)
       if (!verbose) {
         console.group('[VERBOSE] stderr:');
@@ -3351,36 +3346,35 @@ async function convertSbtToMaven(target, bin, out, verbose, sbtOpts) {
       return fn;
     });
     if (!poms.length) {
-      spinner$1.errorAndStop('There were no errors from sbt but it seems to not have generated any poms either');
+      logger.logger.error('There were no errors from sbt but it seems to not have generated any poms either');
       process.exit(1);
     }
     // Move the pom file to ...? initial cwd? loc will be an absolute path, or dump to stdout
     // TODO: what to do with multiple output files? Do we want to dump them to stdout? Raw or with separators or ?
     // TODO: maybe we can add an option to target a specific file to dump to stdout
     if (out === '-' && poms.length === 1) {
-      spinner$1.start('Result:\n```').success();
+      logger.logger.log('Result:\n```');
       console.log(await index.safeReadFile(poms[0], 'utf8'));
-      console.log('```');
-      spinner$1.start().success(`OK`);
+      logger.logger.log('```');
+      logger.logger.success(`OK`);
     } else if (out === '-') {
-      spinner$1.start().error('Requested out target was stdout but there are multiple generated files');
+      logger.logger.error('Requested out target was stdout but there are multiple generated files');
       poms.forEach(fn => console.error('-', fn));
       console.error('Exiting now...');
       process.exit(1);
     } else {
       // if (verbose) {
-      //   spinner.start(
+      //   console.log(
       //     `Moving manifest file from \`${loc.replace(/^\/home\/[^/]*?\//, '~/')}\` to \`${out}\``
       //   )
       // } else {
-      //   spinner.start('Moving output pom file')
+      //   console.log('Moving output pom file')
       // }
       // TODO: do we prefer fs-extra? renaming can be gnarly on windows and fs-extra's version is better
       // await renamep(loc, out)
-      spinner$1.start().success(`Generated ${poms.length} pom files`);
+      logger.logger.success(`Generated ${poms.length} pom files`);
       poms.forEach(fn => console.log('-', fn));
-      spinner$1.start().success(`OK`);
+      logger.logger.success(`OK`);
     }
   } catch (e) {
     spinner$1.errorAndStop('There was an unexpected error while running this' + (verbose ? '' : ' (use --verbose for details)'));
@@ -4805,9 +4799,7 @@ async function addOverrides(pkgPath, pkgEnvDetails, options) {
   } else {
     overridesDataObjects.push(overridesDataByAgent.get(NPM$1)(pkgJson), overridesDataByAgent.get(YARN_CLASSIC)(pkgJson));
   }
-  if (spinner) {
-    spinner.text = `Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`;
-  }
+  spinner?.setText(`Adding overrides${workspaceName ? ` to ${workspaceName}` : ''}...`);
   const depAliasMap = new Map();
   const nodeRange = `>=${pkgEnvDetails.minimumNodeVersion}`;
   const manifestEntries = manifestNpmOverrides.filter(({
@@ -4984,9 +4976,8 @@ async function getOrganization(format = 'text') {
   await printOrganizationsFromToken(apiToken, format);
 }
 async function printOrganizationsFromToken(apiToken, format = 'text') {
-  const spinner$1 = new spinner.Spinner({
-    text: 'Fetching organizations...'
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Fetching organizations...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrganizations(), 'looking up organizations');
   if (!result.success) {
@@ -5228,24 +5219,28 @@ async function createReport(socketConfig, inputPaths, {
     });
   });
   const packagePaths = await npmPaths.getPackageFiles(cwd, inputPaths, socketConfig, supportedFiles);
-  npmPaths.debugLog('Uploading:', packagePaths.join(`\n${npmPaths.getLogSymbols().info} Uploading: `));
+  const {
+    length: packagePathsCount
+  } = packagePaths;
+  if (packagePathsCount && npmPaths.isDebug()) {
+    for (const pkgPath of packagePaths) {
+      npmPaths.debugLog(`Uploading: ${pkgPath}`);
+    }
+  }
   if (dryRun) {
     npmPaths.debugLog('[dryRun] Skipped actual upload');
     return undefined;
-  } else {
-    const socketSdk = await index.setupSdk();
-    const spinner$1 = new spinner.Spinner({
-      text: `Creating report with ${packagePaths.length} package files`
-    }).start();
-    const apiCall = socketSdk.createReportFromFilePaths(packagePaths, cwd, socketConfig?.issueRules);
-    const result = await handleApiCall(apiCall, 'creating report');
-    if (!result.success) {
-      handleUnsuccessfulApiResponse('createReport', result, spinner$1);
-      return undefined;
-    }
-    spinner$1.successAndStop();
-    return result;
   }
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start(`Creating report with ${packagePathsCount} package ${words.pluralize('file', packagePathsCount)}`);
+  const apiCall = socketSdk.createReportFromFilePaths(packagePaths, cwd, socketConfig?.issueRules);
+  const result = await handleApiCall(apiCall, 'creating report');
+  if (!result.success) {
+    handleUnsuccessfulApiResponse('createReport', result, spinner$1);
+    return undefined;
+  }
+  spinner$1.successAndStop();
+  return result;
 }
 async function getSocketConfig(absoluteConfigPath) {
@@ -5272,10 +5267,9 @@ async function getSocketConfig(absoluteConfigPath) {
 const MAX_TIMEOUT_RETRY = 5;
 const HTTP_CODE_TIMEOUT = 524;
 async function fetchReportData(reportId, includeAllIssues, strict) {
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start(`Fetching report with ID ${reportId} (this could take a while)`);
   const socketSdk = await index.setupSdk();
-  const spinner$1 = new spinner.Spinner({
-    text: `Fetching report with ID ${reportId} (this could take a while)`
-  }).start();
   let result;
   for (let retry = 1; !result; ++retry) {
     try {
@@ -5283,6 +5277,7 @@ async function fetchReportData(reportId, includeAllIssues, strict) {
       result = await handleApiCall(socketSdk.getReport(reportId), 'fetching report');
     } catch (err) {
       if (retry >= MAX_TIMEOUT_RETRY || !(err instanceof Error) || err.cause?.cause?.response?.statusCode !== HTTP_CODE_TIMEOUT) {
+        spinner$1.stop();
         throw err;
       }
     }
@@ -5291,21 +5286,21 @@ async function fetchReportData(reportId, includeAllIssues, strict) {
     return handleUnsuccessfulApiResponse('getReport', result, spinner$1);
   }
-  // Conclude the status of the API call
+  // Conclude the status of the API call.
   if (strict) {
     if (result.data.healthy) {
-      spinner$1.successAndStop('Report result is healthy and great!');
+      spinner$1.success('Report result is healthy and great!');
     } else {
-      spinner$1.errorAndStop('Report result deemed unhealthy for project');
+      spinner$1.error('Report result deemed unhealthy for project');
     }
   } else if (!result.data.healthy) {
     const severityCount = getSeverityCount(result.data.issues, includeAllIssues ? undefined : 'high');
     const issueSummary = formatSeverityCount(severityCount);
-    spinner$1.successAndStop(`Report has these issues: ${issueSummary}`);
+    spinner$1.success(`Report has these issues: ${issueSummary}`);
   } else {
-    spinner$1.successAndStop('Report has no issues');
+    spinner$1.success('Report has no issues');
   }
+  spinner$1.stop();
   return result.data;
 }
@@ -5527,10 +5522,8 @@ async function createRepo({
   repoName,
   visibility
 }) {
-  const spinnerText = 'Creating repository... \n';
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Creating repository...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.createOrgRepo(orgSlug, {
     outputJson,
@@ -5645,10 +5638,8 @@ async function run$b(argv, importMeta, {
 }
 async function deleteRepo(orgSlug, repoName, apiToken) {
-  const spinnerText = 'Deleting repository... \n';
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Deleting repository...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.deleteOrgRepo(orgSlug, repoName), 'deleting repository');
   if (result.success) {
@@ -6203,7 +6194,7 @@ function dirNameToSlug(name) {
 async function suggestBranchSlug(repoDefaultBranch) {
   const spawnResult = node_child_process.spawnSync('git', ['branch', '--show-current']);
   const currentBranch = spawnResult.stdout.toString('utf8').trim();
-  if (spawnResult.status === 0 && currentBranch) {
+  if (currentBranch && spawnResult.status === 0) {
     const proceed = await prompts.select({
       message: 'Use the current git branch as target branch name?',
       choices: [{
@@ -6523,17 +6514,15 @@ async function run$6(argv, importMeta, {
 }
 async function deleteOrgFullScan(orgSlug, fullScanId, apiToken) {
-  const spinnerText = 'Deleting scan...';
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Deleting scan...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.deleteOrgFullScan(orgSlug, fullScanId), 'Deleting scan');
-  if (result.success) {
-    spinner$1.successAndStop('Scan deleted successfully');
-  } else {
+  if (!result.success) {
     handleUnsuccessfulApiResponse('deleteOrgFullScan', result, spinner$1);
+    return;
   }
+  spinner$1.successAndStop('Scan deleted successfully');
 }
 const config$5 = {
@@ -6592,10 +6581,8 @@ async function run$5(argv, importMeta, {
 // @ts-ignore
 async function listFullScans(orgSlug, input, apiToken) {
-  const spinnerText = 'Listing scans... \n';
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Listing scans...');
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrgFullScanList(orgSlug, input), 'Listing scans');
   if (!result.success) {
@@ -6735,10 +6722,8 @@ async function run$4(argv, importMeta, {
 }
 async function getOrgScanMetadata(orgSlug, scanId, apiToken) {
-  const spinnerText = "Getting scan's metadata... \n";
-  const spinner$1 = new spinner.Spinner({
-    text: spinnerText
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start("Getting scan's metadata...");
   const socketSdk = await index.setupSdk(apiToken);
   const result = await handleApiCall(socketSdk.getOrgFullScanMetadata(orgSlug, scanId), 'Listing scans');
   if (!result.success) {
@@ -6804,9 +6789,8 @@ async function run$3(argv, importMeta, {
 }
 async function getFullScan(orgSlug, fullScanId, file, apiToken) {
-  const spinner$1 = new spinner.Spinner({
-    text: 'Streaming scan...'
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Streaming scan...');
   const socketSdk = await index.setupSdk(apiToken);
   const data = await handleApiCall(socketSdk.getOrgFullScan(orgSlug, fullScanId, file === '-' ? undefined : file), 'Streaming a scan');
   if (data?.success) {
@@ -6902,9 +6886,8 @@ async function getThreatFeed({
   page,
   perPage
 }) {
-  const spinner$1 = new spinner.Spinner({
-    text: 'Looking up the threat feed'
-  }).start();
+  const spinner$1 = new spinner.Spinner();
+  spinner$1.start('Looking up the threat feed');
   const formattedQueryParams = formatQueryParams({
     per_page: perPage,
     page,
@@ -7304,12 +7287,12 @@ void (async () => {
     } else {
       errorTitle = 'Unexpected error with no details';
     }
-    console.error(`${npmPaths.getLogSymbols().error} ${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
+    logger.logger.error(`${colors.bgRed(colors.white(errorTitle + ':'))} ${errorMessage}`);
     if (errorBody) {
       console.error(`\n${errorBody}`);
     }
     await index.captureException(e);
   }
 })();
-//# debugId=5ebdde59-83d7-40b0-a2b4-52200ebea950
+//# debugId=e73d6282-88a9-4605-949e-c9068eee1c15
 //# sourceMappingURL=cli.js.map