socket 1.0.49 → 1.0.51

package/dist/cli.js

@@ -20,7 +20,6 @@ var npm = require('../external/@socketsecurity/registry/lib/npm');
 var packages = require('../external/@socketsecurity/registry/lib/packages');
 var sorts = require('../external/@socketsecurity/registry/lib/sorts');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
-var path$1 = require('../external/@socketsecurity/registry/lib/path');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var fs$2 = require('../external/@socketsecurity/registry/lib/fs');
 var shadowNpmInject = require('./shadow-npm-inject.js');
@@ -33,20 +32,20 @@ var promises = require('node:stream/promises');
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 async function fetchOrgAnalyticsData(time) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getOrgAnalytics(time.toString()), 'analytics data');
 }
 
 async function fetchRepoAnalyticsData(repo, time) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getRepoAnalytics(repo, time.toString()), 'analytics data');
 }
 
@@ -455,11 +454,11 @@ async function fetchAuditLog({
   page,
   perPage
 }) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getAuditLogEvents(orgSlug, {
     // I'm not sure this is used at all.
     outputJson: String(outputKind === 'json'),
@@ -872,11 +871,11 @@ async function getDefaultOrgSlug() {
       data: defaultOrgResult
     };
   }
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   const result = await utils.handleApiCall(sockSdk.getOrganizations(), 'list of organizations');
   if (!result.ok) {
     return result;
@@ -906,6 +905,9 @@ async function getDefaultOrgSlug() {
   };
 }
 
+const {
+  SOCKET_DEFAULT_REPOSITORY: SOCKET_DEFAULT_REPOSITORY$3
+} = constants;
 async function fetchCreateOrgFullScan(packagePaths, orgSlug, defaultBranch, pendingHead, tmp, cwd, {
   branchName,
   commitHash,
@@ -914,11 +916,12 @@ async function fetchCreateOrgFullScan(packagePaths, orgSlug, defaultBranch, pend
   pullRequest,
   repoName
 }) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
+  const repo = repoName || (await utils.getRepoName(cwd)) || SOCKET_DEFAULT_REPOSITORY$3;
   return await utils.handleApiCall(sockSdk.createOrgFullScan(orgSlug, {
     ...(branchName ? {
       branch: branchName
@@ -936,19 +939,19 @@ async function fetchCreateOrgFullScan(packagePaths, orgSlug, defaultBranch, pend
     ...(pullRequest ? {
       pull_request: String(pullRequest)
     } : {}),
-    repo: repoName || 'socket-default-repository',
-    // mandatory, this is server default for repo
+    // The repo is mandatory, this is server default for repo.
+    repo,
     set_as_pending_head: String(pendingHead),
     tmp: String(tmp)
   }, packagePaths, cwd), 'to create a scan');
 }
 
 async function fetchSupportedScanFileNames() {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getReportSupportedFiles(), 'supported scan file types');
 }
 
@@ -957,11 +960,11 @@ async function fetchSupportedScanFileNames() {
  * full scan ID.
  */
 async function fetchReportData(orgSlug, scanId, includeLicensePolicy) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   let policyStatus = 'requested...';
   let scanStatus = 'requested...';
   let finishedFetching = false;
@@ -1998,12 +2001,12 @@ async function handleCreateNewScan({
     });
     logger.logger.info('Auto generation finished. Proceeding with Scan creation.');
   }
-  const supportedFileNames = await fetchSupportedScanFileNames();
-  if (!supportedFileNames.ok) {
-    await outputCreateNewScan(supportedFileNames, outputKind, interactive);
+  const fileNamesCResult = await fetchSupportedScanFileNames();
+  if (!fileNamesCResult.ok) {
+    await outputCreateNewScan(fileNamesCResult, outputKind, interactive);
     return;
   }
-  const packagePaths = await utils.getPackageFilesForScan(cwd, targets, supportedFileNames.data);
+  const packagePaths = await utils.getPackageFilesForScan(cwd, targets, fileNamesCResult.data);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
     test: packagePaths.length > 0,
@@ -2051,6 +2054,10 @@ async function handleCreateNewScan({
   }
 }
 
+const {
+  SOCKET_DEFAULT_BRANCH: SOCKET_DEFAULT_BRANCH$2,
+  SOCKET_DEFAULT_REPOSITORY: SOCKET_DEFAULT_REPOSITORY$2
+} = constants;
 async function handleCI(autoManifest) {
   // ci: {
   //   description: 'Alias for "report create --view --strict"',
@@ -2059,16 +2066,16 @@ async function handleCI(autoManifest) {
   const result = await getDefaultOrgSlug();
   if (!result.ok) {
     process.exitCode = result.code ?? 1;
-    // Always assume json mode
+    // Always assume json mode.
     logger.logger.log(utils.serializeResultJson(result));
     return;
   }
+  const cwd = process.cwd();
 
-  // TODO: does it make sense to discover the commit details from local git?
   // TODO: does it makes sense to use custom branch/repo names here? probably socket.yml, right
   await handleCreateNewScan({
     autoManifest,
-    branchName: 'socket-default-branch',
+    branchName: (await utils.gitBranch(cwd)) || SOCKET_DEFAULT_BRANCH$2,
     commitMessage: '',
     commitHash: '',
     committers: '',
@@ -2077,14 +2084,15 @@ async function handleCI(autoManifest) {
     interactive: false,
     orgSlug: result.data,
     outputKind: 'json',
+    // When 'pendingHead' is true, it requires 'branchName' set and 'tmp' false.
     pendingHead: true,
-    // when true, requires branch name set, tmp false
     pullRequest: 0,
-    repoName: 'socket-default-repository',
+    repoName: (await utils.getRepoName(cwd)) || SOCKET_DEFAULT_REPOSITORY$2,
     readOnly: false,
     report: true,
     targets: ['.'],
-    tmp: false // don't set when pendingHead is true
+    // Don't set 'tmp' when 'pendingHead' is true.
+    tmp: false
   });
 }
 
@@ -2252,11 +2260,11 @@ async function discoverConfigValue(key) {
   };
 }
 async function getDefaultOrgFromToken() {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
     return undefined;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   const result = await utils.handleApiCall(sockSdk.getOrganizations(), 'list of organizations');
   if (result.ok) {
     const arr = Array.from(Object.values(result.data.organizations)).map(({
@@ -2273,11 +2281,11 @@ async function getDefaultOrgFromToken() {
   return undefined;
 }
 async function getEnforceableOrgsFromToken() {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
     return undefined;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   const result = await utils.handleApiCall(sockSdk.getOrganizations(), 'list of organizations');
   if (result.ok) {
     const arr = Array.from(Object.values(result.data.organizations)).map(({
@@ -2999,36 +3007,6 @@ function createSocketBranchParser(options) {
   };
 }
 const genericSocketBranchParser = createSocketBranchParser();
-async function getBaseGitBranch(cwd = process.cwd()) {
-  // Lazily access constants.ENV properties.
-  const {
-    GITHUB_BASE_REF,
-    GITHUB_REF_NAME,
-    GITHUB_REF_TYPE
-  } = constants.ENV;
-  // 1. In a pull request, this is always the base branch.
-  if (GITHUB_BASE_REF) {
-    return GITHUB_BASE_REF;
-  }
-  // 2. If it's a branch (not a tag), GITHUB_REF_TYPE should be 'branch'.
-  if (GITHUB_REF_TYPE === 'branch' && GITHUB_REF_NAME) {
-    return GITHUB_REF_NAME;
-  }
-  // 3. Try to resolve the default remote branch using 'git remote show origin'.
-  // This handles detached HEADs or workflows triggered by tags/releases.
-  try {
-    const originDetails = (await spawn.spawn('git', ['remote', 'show', 'origin'], {
-      cwd
-    })).stdout;
-    const match = /(?<=HEAD branch: ).+/.exec(originDetails);
-    if (match?.[0]) {
-      return match[0].trim();
-    }
-  } catch {}
-  // GitHub defaults to branch name "main"
-  // https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
-  return 'main';
-}
 function getSocketBranchFullNameComponent(pkgName) {
   const purlObj = utils.getPurlObject(typeof pkgName === 'string' && !pkgName.startsWith('pkg:') ? vendor.packageurlJsExports.PackageURL.fromString(`pkg:unknown/${pkgName}`) : pkgName);
   const branchMaybeNamespace = purlObj.namespace ? `${formatBranchName(purlObj.namespace)}--` : '';
@@ -3088,184 +3066,6 @@ function getSocketPullRequestTitle(purl, newVersion, workspace) {
   const fullName = utils.getPkgFullNameFromPurl(purlObj);
   return `Bump ${fullName} from ${purlObj.version} to ${newVersion}${workspace ? ` in ${workspace}` : ''}`;
 }
-async function gitCleanFdx(cwd = process.cwd()) {
-  const stdioIgnoreOptions = {
-    cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
-  };
-  // TODO: propagate CResult?
-  await spawn.spawn('git', ['clean', '-fdx'], stdioIgnoreOptions);
-}
-async function gitCheckoutBranch(branch, cwd = process.cwd()) {
-  const stdioIgnoreOptions = {
-    cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
-  };
-  try {
-    await spawn.spawn('git', ['checkout', branch], stdioIgnoreOptions);
-    return true;
-  } catch {}
-  return false;
-}
-async function gitCreateAndPushBranch(branch, commitMsg, filepaths, options) {
-  if (!filepaths.length) {
-    debug.debugFn('notice', `miss: no filepaths to add`);
-    return false;
-  }
-  const {
-    cwd = process.cwd(),
-    // Lazily access constants.ENV.SOCKET_CLI_GIT_USER_EMAIL.
-    email = constants.ENV.SOCKET_CLI_GIT_USER_EMAIL,
-    // Lazily access constants.ENV.SOCKET_CLI_GIT_USER_NAME.
-    user = constants.ENV.SOCKET_CLI_GIT_USER_NAME
-  } = {
-    __proto__: null,
-    ...options
-  };
-  const stdioIgnoreOptions = {
-    cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
-  };
-  try {
-    await gitEnsureIdentity(user, email, cwd);
-    await spawn.spawn('git', ['checkout', '-b', branch], stdioIgnoreOptions);
-    await spawn.spawn('git', ['add', ...filepaths], stdioIgnoreOptions);
-    await spawn.spawn('git', ['commit', '-m', commitMsg], stdioIgnoreOptions);
-    await spawn.spawn('git', ['push', '--force', '--set-upstream', 'origin', branch], stdioIgnoreOptions);
-    return true;
-  } catch (e) {
-    debug.debugFn('error', `caught: git push --force --set-upstream origin ${branch} failed`);
-    debug.debugDir('inspect', {
-      error: e
-    });
-  }
-  return false;
-}
-async function gitDeleteBranch(branch, cwd = process.cwd()) {
-  const stdioIgnoreOptions = {
-    cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
-  };
-  try {
-    // Will throw with exit code 1 if branch does not exist.
-    await spawn.spawn('git', ['branch', '-D', branch], stdioIgnoreOptions);
-    return true;
-  } catch {}
-  return false;
-}
-async function gitRepoInfo(cwd = process.cwd()) {
-  try {
-    const remoteUrl = (await spawn.spawn('git', ['remote', 'get-url', 'origin'], {
-      cwd
-    })).stdout;
-    // 1. Handle SSH-style, e.g. git@github.com:owner/repo.git
-    const sshMatch = /^git@[^:]+:([^/]+)\/(.+?)(?:\.git)?$/.exec(remoteUrl);
-    if (sshMatch) {
-      return {
-        owner: sshMatch[1],
-        repo: sshMatch[2]
-      };
-    }
-    // 2. Handle HTTPS/URL-style, e.g. https://github.com/owner/repo.git
-    try {
-      const parsed = new URL(remoteUrl);
-      const segments = parsed.pathname.split('/');
-      const owner = segments.at(-2);
-      const repo = segments.at(-1)?.replace(/\.git$/, '');
-      if (owner && repo) {
-        return {
-          owner,
-          repo
-        };
-      }
-    } catch {}
-    debug.debugFn('error', 'git: unmatched git remote URL format');
-    debug.debugDir('inspect', {
-      remoteUrl
-    });
-  } catch (e) {
-    debug.debugFn('error', 'caught: `git remote get-url origin` failed');
-    debug.debugDir('inspect', {
-      error: e
-    });
-  }
-  return null;
-}
-async function gitEnsureIdentity(name, email, cwd = process.cwd()) {
-  const stdioIgnoreOptions = {
-    cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
-  };
-  const stdioPipeOptions = {
-    cwd
-  };
-  const identEntries = [['user.email', name], ['user.name', email]];
-  await Promise.all(identEntries.map(async ({
-    0: prop,
-    1: value
-  }) => {
-    let configValue;
-    try {
-      // Will throw with exit code 1 if the config property is not set.
-      configValue = (await spawn.spawn('git', ['config', '--get', prop], stdioPipeOptions)).stdout;
-    } catch {}
-    if (configValue !== value) {
-      try {
-        await spawn.spawn('git', ['config', prop, value], stdioIgnoreOptions);
-      } catch (e) {
-        debug.debugFn('error', `caught: git config ${prop} ${value} failed`);
-        debug.debugDir('inspect', {
-          error: e
-        });
-      }
-    }
-  }));
-}
-async function gitRemoteBranchExists(branch, cwd = process.cwd()) {
-  const stdioPipeOptions = {
-    cwd
-  };
-  try {
-    return (await spawn.spawn('git', ['ls-remote', '--heads', 'origin', branch], stdioPipeOptions)).stdout.length > 0;
-  } catch {}
-  return false;
-}
-async function gitResetAndClean(branch = 'HEAD', cwd = process.cwd()) {
-  // Discards tracked changes.
-  await gitResetHard(branch, cwd);
-  // Deletes all untracked files and directories.
-  await gitCleanFdx(cwd);
-}
-async function gitResetHard(branch = 'HEAD', cwd = process.cwd()) {
-  const stdioIgnoreOptions = {
-    cwd,
-    stdio: debug.isDebug('stdio') ? 'inherit' : 'ignore'
-  };
-  await spawn.spawn('git', ['reset', '--hard', branch], stdioIgnoreOptions);
-}
-async function gitUnstagedModifiedFiles(cwd = process.cwd()) {
-  try {
-    const stdioPipeOptions = {
-      cwd
-    };
-    const changedFilesDetails = (await spawn.spawn('git', ['diff', '--name-only'], stdioPipeOptions)).stdout;
-    const relPaths = changedFilesDetails.split('\n') ?? [];
-    return {
-      ok: true,
-      data: relPaths.map(p => path$1.normalizePath(p))
-    };
-  } catch (e) {
-    debug.debugFn('error', 'caught: git diff --name-only failed');
-    debug.debugDir('inspect', {
-      error: e
-    });
-    return {
-      ok: false,
-      message: 'Git Error',
-      cause: 'Unexpected error while trying to ask git whether repo is dirty'
-    };
-  }
-}
 
 function getPrsForPurl(fixEnv, partialPurl) {
   if (!fixEnv) {
@@ -3686,11 +3486,21 @@ function ciRepoInfo() {
   };
 }
 async function getFixEnv() {
-  const baseBranch = await getBaseGitBranch();
+  const baseBranch = await utils.getBaseBranch();
   const gitEmail = constants.ENV.SOCKET_CLI_GIT_USER_EMAIL;
   const gitUser = constants.ENV.SOCKET_CLI_GIT_USER_NAME;
   const githubToken = constants.ENV.SOCKET_CLI_GITHUB_TOKEN;
   const isCi = !!(constants.ENV.CI && gitEmail && gitUser && githubToken);
+  if (
+  // If isCi is false,
+  !isCi && (
+  // but some CI checks are passing,
+  constants.ENV.CI || gitEmail || gitUser || githubToken) &&
+  // then log about it when in debug mode.
+  debug.isDebug('notice')) {
+    const envVars = [...(constants.ENV.CI ? [] : ['process.env.CI']), ...(gitEmail ? [] : ['process.env.SOCKET_CLI_GIT_USER_EMAIL']), ...(gitUser ? [] : ['process.env.SOCKET_CLI_GIT_USER_NAME']), ...(githubToken ? [] : ['process.env.GITHUB_TOKEN'])];
+    debug.debugFn('notice', `miss: fixEnv.isCi is false, expected ${arrays.joinAnd(envVars)} to be set`);
+  }
   let repoInfo = null;
   if (isCi) {
     repoInfo = ciRepoInfo();
@@ -3699,7 +3509,7 @@ async function getFixEnv() {
     if (isCi) {
       debug.debugFn('notice', 'falling back to `git remote get-url origin`');
     }
-    repoInfo = await gitRepoInfo();
+    repoInfo = await utils.getRepoInfo();
   }
   const prs = isCi && repoInfo ? await getSocketPrs(repoInfo.owner, repoInfo.repo, {
     author: gitUser,
@@ -3821,6 +3631,9 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
     pkgPath: rootPath
   } = pkgEnvDetails;
   const fixEnv = await getFixEnv();
+  debug.debugDir('inspect', {
+    fixEnv
+  });
   const {
     autoMerge,
     cwd,
@@ -3883,7 +3696,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
     packumentCache.clear();
   };
   const getModifiedFiles = async (cwd = process.cwd()) => {
-    const unstagedCResult = await gitUnstagedModifiedFiles(cwd);
+    const unstagedCResult = await utils.gitUnstagedModifiedFiles(cwd);
     return unstagedCResult.ok ? unstagedCResult.data.filter(filepath => {
       const basename = path.basename(filepath);
       return basename === 'package.json' || basename === pkgEnvDetails.lockName;
@@ -4025,7 +3838,7 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
           }
           if (fixEnv.isCi && (
           // eslint-disable-next-line no-await-in-loop
-          await gitRemoteBranchExists(branch, cwd))) {
+          await utils.gitRemoteBranchExists(branch, cwd))) {
             debug.debugFn('notice', `skip: remote branch "${branch}" for ${name}@${newVersion} exists`);
             seenBranches.add(branch);
             continue infosLoop;
@@ -4060,9 +3873,9 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
             // Reset things just in case.
             if (fixEnv.isCi) {
               // eslint-disable-next-line no-await-in-loop
-              await gitResetAndClean(fixEnv.baseBranch, cwd);
+              await utils.gitResetAndClean(fixEnv.baseBranch, cwd);
               // eslint-disable-next-line no-await-in-loop
-              await gitCheckoutBranch(fixEnv.baseBranch, cwd);
+              await utils.gitCheckoutBranch(fixEnv.baseBranch, cwd);
             }
             continue infosLoop;
           }
@@ -4108,22 +3921,27 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
           if (!errored && fixEnv.isCi && fixEnv.repoInfo) {
             debug.debugFn('notice', 'pr: creating');
             try {
-              if (
+              const pushed =
               // eslint-disable-next-line no-await-in-loop
-              !(await gitCreateAndPushBranch(branch, getSocketCommitMessage(oldPurl, newVersion, workspace),
+              (await utils.gitCreateBranch(branch, cwd)) && (
+              // eslint-disable-next-line no-await-in-loop
+              await utils.gitCommit(getSocketCommitMessage(oldPurl, newVersion, workspace),
               // eslint-disable-next-line no-await-in-loop
               await getModifiedFiles(cwd), {
                 cwd,
                 email: fixEnv.gitEmail,
                 user: fixEnv.gitUser
-              }))) {
+              })) && (
+              // eslint-disable-next-line no-await-in-loop
+              await utils.gitPushBranch(branch, cwd));
+              if (!pushed) {
                 logger.logger.warn('Unexpected condition: Push failed, skipping PR creation.');
                 // eslint-disable-next-line no-await-in-loop
-                await gitResetAndClean(fixEnv.baseBranch, cwd);
+                await utils.gitResetAndClean(fixEnv.baseBranch, cwd);
                 // eslint-disable-next-line no-await-in-loop
-                await gitCheckoutBranch(fixEnv.baseBranch, cwd);
+                await utils.gitCheckoutBranch(fixEnv.baseBranch, cwd);
                 // eslint-disable-next-line no-await-in-loop
-                await gitDeleteBranch(branch, cwd);
+                await utils.gitDeleteBranch(branch, cwd);
                 // eslint-disable-next-line no-await-in-loop
                 const maybeActualTree = await installer(pkgEnvDetails, {
                   cwd,
@@ -4184,9 +4002,9 @@ async function agentFix(pkgEnvDetails, actualTree, alertsMap, installer, {
           if (fixEnv.isCi) {
             spinner?.start();
             // eslint-disable-next-line no-await-in-loop
-            await gitResetAndClean(branch, cwd);
+            await utils.gitResetAndClean(branch, cwd);
             // eslint-disable-next-line no-await-in-loop
-            await gitCheckoutBranch(fixEnv.baseBranch, cwd);
+            await utils.gitCheckoutBranch(fixEnv.baseBranch, cwd);
             // eslint-disable-next-line no-await-in-loop
             const maybeActualTree = await installer(pkgEnvDetails, {
               cwd,
@@ -7883,11 +7701,11 @@ async function fetchDependencies({
   limit,
   offset
 }) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.searchDependencies({
     limit,
     offset
@@ -8057,11 +7875,11 @@ async function run$q(argv, importMeta, {
 }
 
 async function fetchLicensePolicy(orgSlug) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getOrgLicensePolicy(orgSlug), 'organization license policy');
 }
 
@@ -8182,11 +8000,11 @@ async function run$p(argv, importMeta, {
 }
 
 async function fetchSecurityPolicy(orgSlug) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getOrgSecurityPolicy(orgSlug), 'organization security policy');
 }
 
@@ -8310,11 +8128,11 @@ async function run$o(argv, importMeta, {
 }
 
 async function fetchOrganization() {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getOrganizations(), 'organization list');
 }
 
@@ -8469,11 +8287,11 @@ const cmdOrganizationPolicy = {
 };
 
 async function fetchQuota() {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getQuota(), 'token quota');
 }
 
@@ -8935,11 +8753,11 @@ async function run$l(argv, importMeta, {
 
 async function fetchPurlsShallowScore(purls) {
   logger.logger.info(`Requesting shallow score data for ${purls.length} package urls (purl): ${purls.join(', ')}`);
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   const result = await utils.handleApiCall(sockSdk.batchPackageFetch({
     alerts: 'true'
   }, {
@@ -9450,11 +9268,11 @@ async function fetchCreateRepo({
   repoName,
   visibility
 }) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.createOrgRepo(orgSlug, {
     name: repoName,
     description,
@@ -9627,11 +9445,11 @@ async function run$h(argv, importMeta, {
 }
 
 async function fetchDeleteRepo(orgSlug, repoName) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.deleteOrgRepo(orgSlug, repoName), 'to delete a repository');
 }
 
@@ -9755,11 +9573,11 @@ async function fetchListAllRepos({
   orgSlug,
   sort
 }) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   const rows = [];
   let protection = 0;
   let nextPage = 0;
@@ -9805,11 +9623,11 @@ async function fetchListRepos({
   per_page,
   sort
 }) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getOrgRepoList(orgSlug, {
     sort,
     direction,
@@ -10049,11 +9867,11 @@ async function fetchUpdateRepo({
   repoName,
   visibility
 }) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.updateOrgRepo(orgSlug, repoName, {
     orgSlug,
     name: repoName,
@@ -10226,11 +10044,11 @@ async function run$e(argv, importMeta, {
 }
 
 async function fetchViewRepo(orgSlug, repoName) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getOrgRepo(orgSlug, repoName), 'repository data');
 }
 
@@ -10423,7 +10241,9 @@ async function suggestTarget() {
 }
 
 const {
-  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$c
+  DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$c,
+  SOCKET_DEFAULT_BRANCH: SOCKET_DEFAULT_BRANCH$1,
+  SOCKET_DEFAULT_REPOSITORY: SOCKET_DEFAULT_REPOSITORY$1
 } = constants;
 const config$c = {
   commandName: 'create',
@@ -10594,10 +10414,10 @@ async function run$c(argv, importMeta, {
     report
   } = cli.flags;
   let [orgSlug] = await utils.determineOrgSlug(String(orgFlag || ''), interactive, dryRun);
+  const cwd = cwdOverride && cwdOverride !== 'process.cwd()' ? path.resolve(process.cwd(), String(cwdOverride)) : process.cwd();
 
   // Accept zero or more paths. Default to cwd() if none given.
-  let targets = cli.input || [process.cwd()];
-  const cwd = cwdOverride && cwdOverride !== 'process.cwd()' ? path.resolve(process.cwd(), String(cwdOverride)) : process.cwd();
+  let targets = cli.input || [cwd];
   const sockJson = await utils.readOrDefaultSocketJson(cwd);
 
   // Note: This needs meow booleanDefault=undefined
@@ -10614,7 +10434,7 @@ async function run$c(argv, importMeta, {
       branchName = sockJson.defaults.scan.create.branch;
       logger.logger.info('Using default --branch from socket.json:', branchName);
     } else {
-      branchName = 'socket-default-branch';
+      branchName = (await utils.gitBranch(cwd)) || SOCKET_DEFAULT_BRANCH$1;
     }
   }
   if (!repoName) {
@@ -10622,7 +10442,7 @@ async function run$c(argv, importMeta, {
       repoName = sockJson.defaults.scan.create.repo;
       logger.logger.info('Using default --repo from socket.json:', repoName);
     } else {
-      repoName = 'socket-default-repository';
+      repoName = (await utils.getRepoName(cwd)) || SOCKET_DEFAULT_REPOSITORY$1;
     }
   }
   if (typeof report !== 'boolean') {
@@ -10750,11 +10570,11 @@ async function run$c(argv, importMeta, {
 }
 
 async function fetchDeleteOrgFullScan(orgSlug, scanId) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.deleteOrgFullScan(orgSlug, scanId), 'to delete a scan');
 }
 
@@ -12042,11 +11862,11 @@ async function fetchListScans({
   repo,
   sort
 }) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getOrgFullScanList(orgSlug, {
     ...(branch ? {
       branch
@@ -12293,11 +12113,11 @@ async function run$8(argv, importMeta, {
 }
 
 async function fetchScanMetadata(orgSlug, scanId) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.getOrgFullScanMetadata(orgSlug, scanId), 'meta data for a full scan');
 }
 
@@ -12697,6 +12517,10 @@ async function outputScanConfigResult(result) {
   logger.logger.log('');
 }
 
+const {
+  SOCKET_DEFAULT_BRANCH,
+  SOCKET_DEFAULT_REPOSITORY
+} = constants;
 async function setupScanConfig(cwd, defaultOnReadError = false) {
   const jsonPath = path.join(cwd, `socket.json`);
   if (fs$1.existsSync(jsonPath)) {
@@ -12747,7 +12571,7 @@ async function setupScanConfig(cwd, defaultOnReadError = false) {
         if (!sockJson.defaults.scan.create) {
           sockJson.defaults.scan.create = {};
         }
-        const result = await configureScan(sockJson.defaults.scan.create);
+        const result = await configureScan(sockJson.defaults.scan.create, cwd);
         if (!result.ok || result.data.canceled) {
           return result;
         }
@@ -12788,10 +12612,10 @@ async function setupScanConfig(cwd, defaultOnReadError = false) {
   }
   return canceledByUser();
 }
-async function configureScan(config) {
+async function configureScan(config, cwd = process.cwd()) {
   const defaultRepoName = await prompts.input({
     message: '(--repo) What repo name (slug) should be reported to Socket for this dir?',
-    default: config.repo || 'socket-default-repository',
+    default: config.repo || (await utils.getRepoName(cwd)) || SOCKET_DEFAULT_REPOSITORY,
     required: false
     // validate: async string => bool
   });
@@ -12799,7 +12623,7 @@ async function configureScan(config) {
     return canceledByUser();
   }
   if (defaultRepoName) {
-    // Even if it's 'socket-default-repository' store it because if we change
+    // Even if it's SOCKET_DEFAULT_REPOSITORY store it because if we change
     // this default then an existing user probably would not expect the change?
     config.repo = defaultRepoName;
   } else {
@@ -12807,7 +12631,7 @@ async function configureScan(config) {
   }
   const defaultBranchName = await prompts.input({
     message: '(--branch) What branch name (slug) should be reported to Socket for this dir?',
-    default: config.branch || 'socket-default-branch',
+    default: config.branch || (await utils.gitBranch(cwd)) || SOCKET_DEFAULT_BRANCH,
     required: false
     // validate: async string => bool
   });
@@ -12815,7 +12639,7 @@ async function configureScan(config) {
     return canceledByUser();
   }
   if (defaultBranchName) {
-    // Even if it's 'socket-default-branch' store it because if we change
+    // Even if it's SOCKET_DEFAULT_BRANCH store it because if we change
     // this default then an existing user probably would not expect the change?
     config.branch = defaultBranchName;
   } else {
@@ -13162,11 +12986,11 @@ async function handleScanView(orgSlug, scanId, filePath, outputKind) {
 }
 
 async function streamScan(orgSlug, scanId, file) {
-  const sockSdkResult = await utils.setupSdk();
-  if (!sockSdkResult.ok) {
-    return sockSdkResult;
+  const sockSdkCResult = await utils.setupSdk();
+  if (!sockSdkCResult.ok) {
+    return sockSdkCResult;
   }
-  const sockSdk = sockSdkResult.data;
+  const sockSdk = sockSdkCResult.data;
   logger.logger.info('Requesting data from API...');
 
   // Note: this will write to stdout or target file. It's not a noop
@@ -14316,5 +14140,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=58e3aaaf-7fac-4e39-b6b9-5bb2c754bc3d
+//# debugId=404eb6bb-65e8-45cb-9cb8-b36c31796d71
 //# sourceMappingURL=cli.js.map