socket 1.0.64 → 1.0.66

package/dist/cli.js

@@ -14,44 +14,59 @@ var prompts = require('../external/@socketsecurity/registry/lib/prompts');
 var fs$1 = require('node:fs');
 var path = require('node:path');
 var spawn = require('../external/@socketsecurity/registry/lib/spawn');
+var strings = require('../external/@socketsecurity/registry/lib/strings');
 var arrays = require('../external/@socketsecurity/registry/lib/arrays');
 var registry = require('../external/@socketsecurity/registry');
 var npm = require('../external/@socketsecurity/registry/lib/npm');
 var packages = require('../external/@socketsecurity/registry/lib/packages');
 var sorts = require('../external/@socketsecurity/registry/lib/sorts');
-var strings = require('../external/@socketsecurity/registry/lib/strings');
 var regexps = require('../external/@socketsecurity/registry/lib/regexps');
 var fs$2 = require('../external/@socketsecurity/registry/lib/fs');
 var shadowNpmInject = require('./shadow-npm-inject.js');
-var objects = require('../external/@socketsecurity/registry/lib/objects');
+var require$$7 = require('../external/@socketsecurity/registry/lib/objects');
 var shadowNpmBin = require('./shadow-npm-bin.js');
-var require$$7 = require('../external/@socketsecurity/registry/lib/promises');
+var require$$8 = require('../external/@socketsecurity/registry/lib/promises');
 var require$$1 = require('node:util');
 var os = require('node:os');
 var promises = require('node:stream/promises');
 
-var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-async function fetchOrgAnalyticsData(time) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchOrgAnalyticsData(time, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.getOrgAnalytics(time.toString()), 'analytics data');
+  return await utils.handleApiCall(sockSdk.getOrgAnalytics(time.toString()), {
+    desc: 'analytics data'
+  });
 }
 
-async function fetchRepoAnalyticsData(repo, time) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchRepoAnalyticsData(repo, time, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.getRepoAnalytics(repo, time.toString()), 'analytics data');
+  return await utils.handleApiCall(sockSdk.getRepoAnalytics(repo, time.toString()), {
+    desc: 'analytics data'
+  });
 }
 
 // Note: Widgets does not seem to actually work as code :'(
 
-const require$5 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
+const require$5 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
 const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
 
 // Note: This maps `new Date(date).getMonth()` to English three letters
@@ -130,12 +145,12 @@ ${utils.mdTableStringNumber('Name', 'Counts', data['top_five_alert_types'])}
 `.trim() + '\n';
 }
 function displayAnalyticsScreen(data) {
-  const ScreenWidget = require$5('../external/blessed/lib/widgets/screen.js');
+  const ScreenWidget = /*@__PURE__*/require$5('../external/blessed/lib/widgets/screen.js');
   // Lazily access constants.blessedOptions.
   const screen = new ScreenWidget({
     ...constants.blessedOptions
   });
-  const GridLayout = require$5('../external/blessed-contrib/lib/layout/grid.js');
+  const GridLayout = /*@__PURE__*/require$5('../external/blessed-contrib/lib/layout/grid.js');
   const grid = new GridLayout({
     rows: 5,
     cols: 4,
@@ -149,7 +164,7 @@ function displayAnalyticsScreen(data) {
   renderLineCharts(grid, screen, 'Total high alerts prevented from the main branch', [2, 2, 1, 2], data['total_high_prevented']);
   renderLineCharts(grid, screen, 'Total medium alerts prevented from the main branch', [3, 0, 1, 2], data['total_medium_prevented']);
   renderLineCharts(grid, screen, 'Total low alerts prevented from the main branch', [3, 2, 1, 2], data['total_low_prevented']);
-  const BarChart = require$5('../external/blessed-contrib/lib/widget/charts/bar.js');
+  const BarChart = /*@__PURE__*/require$5('../external/blessed-contrib/lib/widget/charts/bar.js');
   const bar = grid.set(4, 0, 1, 2, BarChart, {
     label: 'Top 5 alert types',
     barWidth: 10,
@@ -242,7 +257,7 @@ function formatDate(date) {
   return `${Months[new Date(date).getMonth()]} ${new Date(date).getDate()}`;
 }
 function renderLineCharts(grid, screen, title, coords, data) {
-  const LineChart = require$5('../external/blessed-contrib/lib/widget/charts/line.js');
+  const LineChart = /*@__PURE__*/require$5('../external/blessed-contrib/lib/widget/charts/line.js');
   const line = grid.set(...coords, LineChart, {
     style: {
       line: 'cyan',
@@ -303,7 +318,7 @@ async function handleAnalytics({
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$M
 } = constants;
-const config$P = {
+const config$M = {
   commandName: 'analytics',
   description: `Look up analytics data`,
   hidden: false,
@@ -341,8 +356,8 @@ const config$P = {
   `
 };
 const cmdAnalytics = {
-  description: config$P.description,
-  hidden: config$P.hidden,
+  description: config$M.description,
+  hidden: config$M.hidden,
   run: run$P
 };
 async function run$P(argv, importMeta, {
@@ -350,7 +365,7 @@ async function run$P(argv, importMeta, {
 }) {
   const cli = utils.meowOrExit({
     argv,
-    config: config$P,
+    config: config$M,
     importMeta,
     parentName
   });
@@ -447,18 +462,28 @@ async function run$P(argv, importMeta, {
   });
 }
 
-async function fetchAuditLog({
-  logType,
-  orgSlug,
-  outputKind,
-  page,
-  perPage
-}) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchAuditLog(config, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
+  const {
+    logType,
+    orgSlug,
+    outputKind,
+    page,
+    perPage
+  } = {
+    __proto__: null,
+    ...config
+  };
   return await utils.handleApiCall(sockSdk.getAuditLogEvents(orgSlug, {
     // I'm not sure this is used at all.
     outputJson: String(outputKind === 'json'),
@@ -468,10 +493,12 @@ async function fetchAuditLog({
     type: logType,
     page: String(page),
     per_page: String(perPage)
-  }), `audit log for ${orgSlug}`);
+  }), {
+    desc: `audit log for ${orgSlug}`
+  });
 }
 
-const require$4 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
+const require$4 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
 const {
   REDACTED
 } = constants;
@@ -539,10 +566,10 @@ async function outputAsJson(auditLogs, {
       desc: 'Audit logs for given query',
       // Lazily access constants.ENV.VITEST.
       generated: constants.ENV.VITEST ? REDACTED : new Date().toISOString(),
-      org: orgSlug,
       logType,
-      page,
       nextPage: auditLogs.data.nextPage,
+      org: orgSlug,
+      page,
       perPage,
       logs: auditLogs.data.results.map(log => {
         // Note: The subset is pretty arbitrary
@@ -603,7 +630,7 @@ async function outputWithBlessed(data, orgSlug) {
   const headers = [' Event id', ' Created at', ' Event type', ' User email', ' IP address', ' User agent'];
 
   // Note: this temporarily takes over the terminal (just like `man` does).
-  const ScreenWidget = require$4('../external/blessed/lib/widgets/screen.js');
+  const ScreenWidget = /*@__PURE__*/require$4('../external/blessed/lib/widgets/screen.js');
   // Lazily access constants.blessedOptions.
   const screen = new ScreenWidget({
     ...constants.blessedOptions
@@ -613,7 +640,7 @@ async function outputWithBlessed(data, orgSlug) {
   // node process just to exit it. That's very bad UX.
   // eslint-disable-next-line n/no-process-exit
   screen.key(['escape', 'q', 'C-c'], () => process.exit(0));
-  const TableWidget = require$4('../external/blessed-contrib/lib/widget/table.js');
+  const TableWidget = /*@__PURE__*/require$4('../external/blessed-contrib/lib/widget/table.js');
   const tipsBoxHeight = 1; // 1 row for tips box
   const detailsBoxHeight = 20; // bottom N rows for details box. 20 gives 4 lines for condensed payload before it scrolls out of view
 
@@ -643,7 +670,7 @@ async function outputWithBlessed(data, orgSlug) {
     columnSpacing: 4,
     truncate: '_'
   });
-  const BoxWidget = require$4('../external/blessed/lib/widgets/box.js');
+  const BoxWidget = /*@__PURE__*/require$4('../external/blessed/lib/widgets/box.js');
   const tipsBox = new BoxWidget({
     bottom: detailsBoxHeight,
     // sits just above the details box
@@ -709,11 +736,11 @@ async function handleAuditLog({
   perPage
 }) {
   const auditLogs = await fetchAuditLog({
+    logType,
     orgSlug,
     outputKind,
     page,
-    perPage,
-    logType
+    perPage
   });
   await outputAuditLog(auditLogs, {
     logType,
@@ -728,7 +755,7 @@ const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$L,
   SOCKET_WEBSITE_URL: SOCKET_WEBSITE_URL$3
 } = constants;
-const config$O = {
+const config$L = {
   commandName: 'audit-log',
   description: 'Look up the audit log for an organization',
   hidden: false,
@@ -786,8 +813,8 @@ const config$O = {
   `
 };
 const cmdAuditLog = {
-  description: config$O.description,
-  hidden: config$O.hidden,
+  description: config$L.description,
+  hidden: config$L.hidden,
   run: run$O
 };
 async function run$O(argv, importMeta, {
@@ -795,7 +822,7 @@ async function run$O(argv, importMeta, {
 }) {
   const cli = utils.meowOrExit({
     argv,
-    config: config$O,
+    config: config$L,
     importMeta,
     parentName
   });
@@ -861,68 +888,34 @@ async function run$O(argv, importMeta, {
   });
 }
 
-// Use the config defaultOrg when set, otherwise discover from remote
-async function getDefaultOrgSlug() {
-  const defaultOrgResult = utils.getConfigValueOrUndef('defaultOrg');
-  if (defaultOrgResult) {
-    debug.debugFn('notice', 'use: default org', defaultOrgResult);
-    return {
-      ok: true,
-      data: defaultOrgResult
-    };
-  }
-  const sockSdkCResult = await utils.setupSdk();
-  if (!sockSdkCResult.ok) {
-    return sockSdkCResult;
-  }
-  const sockSdk = sockSdkCResult.data;
-  const result = await utils.handleApiCall(sockSdk.getOrganizations(), 'list of organizations');
-  if (!result.ok) {
-    return result;
-  }
-  const orgs = result.data.organizations;
-  const keys = Object.keys(orgs);
-  if (!keys[0]) {
-    return {
-      ok: false,
-      message: 'Failed to establish identity',
-      data: `API did not return any organization associated with the current API token. Unable to continue.`
-    };
-  }
-  const slug = (keys[0] in orgs && orgs?.[keys[0]]?.name) ?? undefined;
-  if (!slug) {
-    return {
-      ok: false,
-      message: 'Failed to establish identity',
-      data: `Was unable to determine the default organization for the current API token. Unable to continue.`
-    };
-  }
-  debug.debugFn('notice', 'resolve: org', slug);
-  return {
-    ok: true,
-    message: 'Retrieved default org from server',
-    data: slug
+async function fetchCreateOrgFullScan(packagePaths, orgSlug, config, options) {
+  const {
+    branchName,
+    commitHash,
+    commitMessage,
+    committers,
+    pullRequest,
+    repoName
+  } = {
+    __proto__: null,
+    ...config
   };
-}
-
-const {
-  SOCKET_DEFAULT_REPOSITORY: SOCKET_DEFAULT_REPOSITORY$3
-} = constants;
-async function fetchCreateOrgFullScan(packagePaths, orgSlug, defaultBranch, pendingHead, tmp, cwd, {
-  branchName,
-  commitHash,
-  commitMessage,
-  committers,
-  pullRequest,
-  repoName
-}) {
-  const sockSdkCResult = await utils.setupSdk();
+  const {
+    cwd = process.cwd(),
+    defaultBranch,
+    pendingHead,
+    sdkOptions,
+    tmp
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  const repo = repoName || (await utils.getRepoName(cwd)) || SOCKET_DEFAULT_REPOSITORY$3;
-  return await utils.handleApiCall(sockSdk.createOrgFullScan(orgSlug, {
+  return await utils.handleApiCall(sockSdk.createOrgFullScan(orgSlug, packagePaths, cwd, {
     ...(branchName ? {
       branch: branchName
     } : {}),
@@ -939,28 +932,44 @@ async function fetchCreateOrgFullScan(packagePaths, orgSlug, defaultBranch, pend
     ...(pullRequest ? {
       pull_request: String(pullRequest)
     } : {}),
-    // The repo is mandatory, this is server default for repo.
-    repo,
+    repo: repoName,
     set_as_pending_head: String(pendingHead),
     tmp: String(tmp)
-  }, packagePaths, cwd), 'to create a scan');
+  }), {
+    desc: 'to create a scan'
+  });
 }
 
-async function fetchSupportedScanFileNames() {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchSupportedScanFileNames(options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.getReportSupportedFiles(), 'supported scan file types');
+  return await utils.handleApiCall(sockSdk.getSupportedScanFiles(), {
+    desc: 'supported scan file types'
+  });
 }
 
 /**
  * This fetches all the relevant pieces of data to generate a report, given a
  * full scan ID.
  */
-async function fetchReportData(orgSlug, scanId, includeLicensePolicy) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchScanData(orgSlug, scanId, options) {
+  const {
+    includeLicensePolicy,
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
@@ -1439,8 +1448,10 @@ async function handleScanReport({
   scanId,
   short
 }) {
-  const result = await fetchReportData(orgSlug, scanId, includeLicensePolicy);
-  await outputScanReport(result, {
+  const scanDataCResult = await fetchScanData(orgSlug, scanId, {
+    includeLicensePolicy
+  });
+  await outputScanReport(scanDataCResult, {
     filePath,
     fold,
     scanId: scanId,
@@ -1465,7 +1476,7 @@ async function outputCreateNewScan(result, outputKind, interactive) {
     return;
   }
   if (!result.data.id) {
-    logger.logger.fail('Did not receive a scan ID from the API...');
+    logger.logger.fail('Did not receive a scan ID from the API.');
     process.exitCode = 1;
   }
   if (outputKind === 'markdown') {
@@ -1745,20 +1756,23 @@ async function convertSbtToMaven({
   }
 }
 
+function prepareContent(content) {
+  return strings.stripAnsi(content.trim());
+}
 async function convertCondaToRequirements(filename, cwd, verbose) {
-  let contents;
+  let content;
   if (filename === '-') {
     if (verbose) {
       logger.logger.info(`[VERBOSE] reading input from stdin`);
     }
-    const buf = [];
-    contents = await new Promise((resolve, reject) => {
+    const strings = [];
+    content = await new Promise((resolve, reject) => {
       process.stdin.on('data', chunk => {
         const input = chunk.toString();
-        buf.push(input);
+        strings.push(input);
       });
       process.stdin.on('end', () => {
-        resolve(buf.join(''));
+        resolve(prepareContent(strings.join('')));
       });
       process.stdin.on('error', e => {
         if (verbose) {
@@ -1767,20 +1781,20 @@ async function convertCondaToRequirements(filename, cwd, verbose) {
         reject(e);
       });
       process.stdin.on('close', () => {
-        if (buf.length === 0) {
+        if (strings.length) {
           if (verbose) {
-            logger.logger.error('stdin closed explicitly without data received');
+            logger.logger.error('warning: stdin closed explicitly with some data received');
           }
-          reject(new Error('No data received from stdin'));
+          resolve(prepareContent(strings.join('')));
         } else {
           if (verbose) {
-            logger.logger.error('warning: stdin closed explicitly with some data received');
+            logger.logger.error('stdin closed explicitly without data received');
           }
-          resolve(buf.join(''));
+          reject(new Error('No data received from stdin'));
         }
       });
     });
-    if (!contents) {
+    if (!content) {
       return {
         ok: false,
         message: 'Manifest Generation Failed',
@@ -1799,8 +1813,8 @@ async function convertCondaToRequirements(filename, cwd, verbose) {
         cause: `The file was not found at ${filepath}`
       };
     }
-    contents = fs$1.readFileSync(filepath, 'utf8');
-    if (!contents) {
+    content = fs$1.readFileSync(filepath, 'utf8');
+    if (!content) {
       return {
         ok: false,
         message: 'Manifest Generation Failed',
@@ -1811,60 +1825,59 @@ async function convertCondaToRequirements(filename, cwd, verbose) {
   return {
     ok: true,
     data: {
-      contents,
-      pip: convertCondaToRequirementsFromInput(contents)
+      content,
+      pip: convertCondaToRequirementsFromInput(content)
     }
   };
 }
 
 // Just extract the first pip block, if one exists at all.
 function convertCondaToRequirementsFromInput(input) {
-  const keeping = [];
   let collecting = false;
   let delim = '-';
   let indent = '';
-  input.split('\n').some(line => {
-    if (!line) {
-      // Ignore empty lines
-      return;
+  const keeping = [];
+  for (const line of input.split('\n')) {
+    const trimmed = line.trim();
+    if (!trimmed) {
+      // Ignore empty lines.
+      continue;
     }
     if (collecting) {
       if (line.startsWith('#')) {
-        // Ignore comment lines (keep?)
-        return;
+        // Ignore comment lines (keep?).
+        continue;
       }
       if (line.startsWith(delim)) {
         // In this case we have a line with the same indentation as the
         // `- pip:` line, so we have reached the end of the pip block.
-        return true; // the end
-      } else {
-        if (!indent) {
-          // Store the indentation of the block
-          if (line.trim().startsWith('-')) {
-            indent = line.split('-')[0] + '-';
-            if (indent.length <= delim.length) {
-              // The first line after the `pip:` line does not indent further
-              // than that so the block is empty?
-              return true;
-            }
+        break;
+      }
+      if (!indent) {
+        // Store the indentation of the block.
+        if (trimmed.startsWith('-')) {
+          indent = line.split('-')[0] + '-';
+          if (indent.length <= delim.length) {
+            // The first line after the `pip:` line does not indent further
+            // than that so the block is empty?
+            break;
           }
         }
-        if (line.startsWith(indent)) {
-          keeping.push(line.slice(indent.length).trim());
-        } else {
-          // Unexpected input. bail.
-          return true;
-        }
       }
-    } else {
-      // Note: the line may end with a line comment so don't === it.
-      if (line.trim().startsWith('- pip:')) {
-        delim = line.split('-')[0] + '-';
-        collecting = true;
+      if (line.startsWith(indent)) {
+        keeping.push(line.slice(indent.length).trim());
+      } else {
+        // Unexpected input. bail.
+        break;
       }
     }
-  });
-  return keeping.join('\n');
+    // Note: the line may end with a line comment so don't === it.
+    else if (trimmed.startsWith('- pip:')) {
+      delim = line.split('-')[0] + '-';
+      collecting = true;
+    }
+  }
+  return prepareContent(keeping.join('\n'));
 }
 
 async function outputRequirements(result, outputKind, out) {
@@ -2035,13 +2048,18 @@ async function handleCreateNewScan({
     logger.logger.log('[ReadOnly] Bailing now');
     return;
   }
-  const fullScanCResult = await fetchCreateOrgFullScan(packagePaths, orgSlug, defaultBranch, pendingHead, tmp, cwd, {
+  const fullScanCResult = await fetchCreateOrgFullScan(packagePaths, orgSlug, {
     commitHash,
     commitMessage,
     committers,
     pullRequest,
     repoName,
     branchName
+  }, {
+    cwd,
+    defaultBranch,
+    pendingHead,
+    tmp
   });
   if (fullScanCResult.ok && report) {
     if (fullScanCResult.data?.id) {
@@ -2068,40 +2086,39 @@ async function handleCreateNewScan({
   }
 }
 
-const {
-  SOCKET_DEFAULT_BRANCH: SOCKET_DEFAULT_BRANCH$2,
-  SOCKET_DEFAULT_REPOSITORY: SOCKET_DEFAULT_REPOSITORY$2
-} = constants;
-async function handleCI(autoManifest) {
+async function handleCi(autoManifest) {
   // ci: {
   //   description: 'Alias for "report create --view --strict"',
   //     argv: ['report', 'create', '--view', '--strict']
   // }
-  const result = await getDefaultOrgSlug();
-  if (!result.ok) {
-    process.exitCode = result.code ?? 1;
+  const orgSlugCResult = await utils.getDefaultOrgSlug();
+  if (!orgSlugCResult.ok) {
+    process.exitCode = orgSlugCResult.code ?? 1;
     // Always assume json mode.
-    logger.logger.log(utils.serializeResultJson(result));
+    logger.logger.log(utils.serializeResultJson(orgSlugCResult));
     return;
   }
+  const orgSlug = orgSlugCResult.data;
   const cwd = process.cwd();
-
-  // TODO: does it makes sense to use custom branch/repo names here? probably socket.yml, right
+  // Lazily access constants.SOCKET_DEFAULT_BRANCH.
+  const branchName = (await utils.gitBranch(cwd)) || constants.SOCKET_DEFAULT_BRANCH;
+  // Lazily access constants.SOCKET_DEFAULT_REPOSITORY.
+  const repoName = (await utils.getRepoName(cwd)) || constants.SOCKET_DEFAULT_REPOSITORY;
   await handleCreateNewScan({
     autoManifest,
-    branchName: (await utils.gitBranch(cwd)) || SOCKET_DEFAULT_BRANCH$2,
+    branchName,
     commitMessage: '',
     commitHash: '',
     committers: '',
-    cwd: process.cwd(),
+    cwd,
     defaultBranch: false,
     interactive: false,
-    orgSlug: result.data,
+    orgSlug,
     outputKind: 'json',
     // When 'pendingHead' is true, it requires 'branchName' set and 'tmp' false.
     pendingHead: true,
     pullRequest: 0,
-    repoName: (await utils.getRepoName(cwd)) || SOCKET_DEFAULT_REPOSITORY$2,
+    repoName,
     readOnly: false,
     report: true,
     targets: ['.'],
@@ -2113,7 +2130,7 @@ async function handleCI(autoManifest) {
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$K
 } = constants;
-const config$N = {
+const config$K = {
   commandName: 'ci',
   description: 'Create a new scan and report whether it passes your security policy',
   hidden: true,
@@ -2131,7 +2148,7 @@ const config$N = {
       $ ${command} [options]
 
     Options
-      ${utils.getFlagListOutput(config$N.flags)}
+      ${utils.getFlagListOutput(config$K.flags)}
 
     This command is intended to use in CI runs to allow automated systems to
     accept or reject a current build. When the scan does not pass your security
@@ -2150,8 +2167,8 @@ const config$N = {
   `
 };
 const cmdCI = {
-  description: config$N.description,
-  hidden: config$N.hidden,
+  description: config$K.description,
+  hidden: config$K.hidden,
   run: run$N
 };
 async function run$N(argv, importMeta, {
@@ -2159,7 +2176,7 @@ async function run$N(argv, importMeta, {
 }) {
   const cli = utils.meowOrExit({
     argv,
-    config: config$N,
+    config: config$K,
     importMeta,
     parentName
   });
@@ -2167,7 +2184,7 @@ async function run$N(argv, importMeta, {
     logger.logger.log(DRY_RUN_BAILING_NOW$K);
     return;
   }
-  await handleCI(Boolean(cli.flags['autoManifest']));
+  await handleCi(Boolean(cli.flags['autoManifest']));
 }
 
 async function discoverConfigValue(key) {
@@ -2175,7 +2192,7 @@ async function discoverConfigValue(key) {
   // keys should request information from particular API endpoints while
   // others should simply return their default value, like endpoint URL.
 
-  if (!utils.supportedConfigKeys.has(key)) {
+  if (key !== 'test' && !utils.isSupportedConfigKey(key)) {
     return {
       ok: false,
       message: 'Auto discover failed',
@@ -2274,43 +2291,35 @@ async function discoverConfigValue(key) {
   };
 }
 async function getDefaultOrgFromToken() {
-  const sockSdkCResult = await utils.setupSdk();
-  if (!sockSdkCResult.ok) {
+  const orgsCResult = await utils.fetchOrganization();
+  if (!orgsCResult.ok) {
     return undefined;
   }
-  const sockSdk = sockSdkCResult.data;
-  const result = await utils.handleApiCall(sockSdk.getOrganizations(), 'list of organizations');
-  if (result.ok) {
-    const arr = Array.from(Object.values(result.data.organizations)).map(({
-      slug
-    }) => slug);
-    if (arr.length === 0) {
-      return undefined;
-    }
-    if (arr.length === 1) {
-      return arr[0];
-    }
-    return arr;
+  const {
+    organizations
+  } = orgsCResult.data;
+  const slugs = Array.from(Object.values(organizations)).map(o => o.slug);
+  if (slugs.length === 0) {
+    return undefined;
+  }
+  if (slugs.length === 1) {
+    return slugs[0];
   }
-  return undefined;
+  return slugs;
 }
 async function getEnforceableOrgsFromToken() {
-  const sockSdkCResult = await utils.setupSdk();
-  if (!sockSdkCResult.ok) {
+  const orgsCResult = await utils.fetchOrganization();
+  if (!orgsCResult.ok) {
     return undefined;
   }
-  const sockSdk = sockSdkCResult.data;
-  const result = await utils.handleApiCall(sockSdk.getOrganizations(), 'list of organizations');
-  if (result.ok) {
-    const arr = Array.from(Object.values(result.data.organizations)).map(({
-      slug
-    }) => slug);
-    if (arr.length === 0) {
-      return undefined;
-    }
-    return arr;
+  const {
+    organizations
+  } = orgsCResult.data;
+  const slugs = Array.from(Object.values(organizations)).map(o => o.slug);
+  if (!slugs.length) {
+    return undefined;
   }
-  return undefined;
+  return slugs;
 }
 
 async function outputConfigAuto(key, result, outputKind) {
@@ -2410,49 +2419,43 @@ async function handleConfigAuto({
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$J
 } = constants;
-const config$M = {
-  commandName: 'auto',
-  description: 'Automatically discover and set the correct value config item',
-  hidden: false,
-  flags: {
-    ...utils.commonFlags,
-    ...utils.outputFlags
-  },
-  help: (command, config) => `
+const description$a = 'Automatically discover and set the correct value config item';
+const hidden$2 = false;
+const cmdConfigAuto = {
+  description: description$a,
+  hidden: hidden$2,
+  run: run$M
+};
+async function run$M(argv, importMeta, {
+  parentName
+}) {
+  const config = {
+    commandName: 'auto',
+    description: description$a,
+    hidden: hidden$2,
+    flags: {
+      ...utils.commonFlags,
+      ...utils.outputFlags
+    },
+    help: (command, config) => `
     Usage
       $ ${command} [options] KEY
 
     Options
       ${utils.getFlagListOutput(config.flags)}
 
-    Attempt to automatically discover the correct value for given config KEY.
-
-    Keys:
-
-${Array.from(utils.supportedConfigKeys.entries()).map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
-
-    For certain keys it will request the value from server, for others it will
-    reset the value to the default. For some keys this has no effect.
-
-    Keys:
-
-${Array.from(utils.supportedConfigKeys.entries()).map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
+    Attempt to automatically discover the correct value for a given config KEY.
 
     Examples
       $ ${command} defaultOrg
+
+    Keys:
+${utils.getSupportedConfigEntries().map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
   `
-};
-const cmdConfigAuto = {
-  description: config$M.description,
-  hidden: config$M.hidden,
-  run: run$M
-};
-async function run$M(argv, importMeta, {
-  parentName
-}) {
+  };
   const cli = utils.meowOrExit({
     argv,
-    config: config$M,
+    config,
     importMeta,
     parentName
   });
@@ -2463,7 +2466,7 @@ async function run$M(argv, importMeta, {
   const [key = ''] = cli.input;
   const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
-    test: utils.supportedConfigKeys.has(key) && key !== 'test',
+    test: key !== 'test' && utils.isSupportedConfigKey(key),
     message: 'Config key should be the first arg',
     pass: 'ok',
     fail: key ? 'invalid config key' : 'missing'
@@ -2528,7 +2531,7 @@ async function handleConfigGet({
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$I
 } = constants;
-const config$L = {
+const config$J = {
   commandName: 'get',
   description: 'Get the value of a local CLI config item',
   hidden: false,
@@ -2548,15 +2551,15 @@ const config$L = {
 
     KEY is an enum. Valid keys:
 
-${Array.from(utils.supportedConfigKeys.entries()).map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
+${utils.getSupportedConfigEntries().map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
 
     Examples
       $ ${command} defaultOrg
   `
 };
 const cmdConfigGet = {
-  description: config$L.description,
-  hidden: config$L.hidden,
+  description: config$J.description,
+  hidden: config$J.hidden,
   run: run$L
 };
 async function run$L(argv, importMeta, {
@@ -2564,7 +2567,7 @@ async function run$L(argv, importMeta, {
 }) {
   const cli = utils.meowOrExit({
     argv,
-    config: config$L,
+    config: config$J,
     importMeta,
     parentName
   });
@@ -2575,7 +2578,7 @@ async function run$L(argv, importMeta, {
   const [key = ''] = cli.input;
   const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
-    test: utils.supportedConfigKeys.has(key) || key === 'test',
+    test: key === 'test' || utils.isSupportedConfigKey(key),
     message: 'Config key should be the first arg',
     pass: 'ok',
     fail: key ? 'invalid config key' : 'missing'
@@ -2604,16 +2607,17 @@ async function outputConfigList({
   outputKind
 }) {
   const readOnly = utils.isReadOnlyConfig();
+  const supportedConfigKeys = utils.getSupportedConfigKeys();
   if (outputKind === 'json') {
     let failed = false;
     const obj = {};
-    for (const key of utils.supportedConfigKeys.keys()) {
+    for (const key of supportedConfigKeys) {
       const result = utils.getConfigValue(key);
       let value = result.data;
       if (!result.ok) {
         value = `Failed to retrieve: ${result.message}`;
         failed = true;
-      } else if (!full && utils.sensitiveConfigKeys.has(key)) {
+      } else if (!full && utils.isSensitiveConfigKey(key)) {
         value = '********';
       }
       if (full || value !== undefined) {
@@ -2640,18 +2644,18 @@ async function outputConfigList({
       }
     }));
   } else {
-    const maxWidth = Array.from(utils.supportedConfigKeys.keys()).reduce((a, b) => Math.max(a, b.length), 0);
+    const maxWidth = supportedConfigKeys.reduce((a, b) => Math.max(a, b.length), 0);
     logger.logger.log('# Local CLI Config');
     logger.logger.log('');
     logger.logger.log(`This is the local CLI config (full=${!!full}):`);
     logger.logger.log('');
-    for (const key of utils.supportedConfigKeys.keys()) {
+    for (const key of supportedConfigKeys) {
       const result = utils.getConfigValue(key);
       if (!result.ok) {
         logger.logger.log(`- ${key}: failed to read: ${result.message}`);
       } else {
         let value = result.data;
-        if (!full && utils.sensitiveConfigKeys.has(key)) {
+        if (!full && utils.isSensitiveConfigKey(key)) {
           value = '********';
         }
         if (full || value !== undefined) {
@@ -2669,7 +2673,7 @@ async function outputConfigList({
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$H
 } = constants;
-const config$K = {
+const config$I = {
   commandName: 'list',
   description: 'Show all local CLI config items and their values',
   hidden: false,
@@ -2694,8 +2698,8 @@ const config$K = {
   `
 };
 const cmdConfigList = {
-  description: config$K.description,
-  hidden: config$K.hidden,
+  description: config$I.description,
+  hidden: config$I.hidden,
   run: run$K
 };
 async function run$K(argv, importMeta, {
@@ -2703,7 +2707,7 @@ async function run$K(argv, importMeta, {
 }) {
   const cli = utils.meowOrExit({
     argv,
-    config: config$K,
+    config: config$I,
     importMeta,
     parentName
   });
@@ -2775,15 +2779,25 @@ async function handleConfigSet({
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$G
 } = constants;
-const config$J = {
-  commandName: 'set',
-  description: 'Update the value of a local CLI config item',
-  hidden: false,
-  flags: {
-    ...utils.commonFlags,
-    ...utils.outputFlags
-  },
-  help: (command, config) => `
+const description$9 = 'Update the value of a local CLI config item';
+const hidden$1 = false;
+const cmdConfigSet = {
+  description: description$9,
+  hidden: hidden$1,
+  run: run$J
+};
+async function run$J(argv, importMeta, {
+  parentName
+}) {
+  const config = {
+    commandName: 'set',
+    description: description$9,
+    hidden: hidden$1,
+    flags: {
+      ...utils.commonFlags,
+      ...utils.outputFlags
+    },
+    help: (command, config) => `
     Usage
       $ ${command} [options] <KEY> <VALUE>
 
@@ -2801,23 +2815,15 @@ const config$J = {
 
     Keys:
 
-${Array.from(utils.supportedConfigKeys.entries()).map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
+${utils.getSupportedConfigEntries().map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
 
     Examples
       $ ${command} apiProxy https://example.com
   `
-};
-const cmdConfigSet = {
-  description: config$J.description,
-  hidden: config$J.hidden,
-  run: run$J
-};
-async function run$J(argv, importMeta, {
-  parentName
-}) {
+  };
   const cli = utils.meowOrExit({
     argv,
-    config: config$J,
+    config,
     importMeta,
     parentName
   });
@@ -2829,7 +2835,7 @@ async function run$J(argv, importMeta, {
   const value = rest.join(' ');
   const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
-    test: key === 'test' || utils.supportedConfigKeys.has(key),
+    test: key === 'test' || utils.isSupportedConfigKey(key),
     message: 'Config key should be the first arg',
     pass: 'ok',
     fail: key ? 'invalid config key' : 'missing'
@@ -2901,15 +2907,25 @@ async function handleConfigUnset({
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$F
 } = constants;
-const config$I = {
-  commandName: 'unset',
-  description: 'Clear the value of a local CLI config item',
-  hidden: false,
-  flags: {
-    ...utils.commonFlags,
-    ...utils.outputFlags
-  },
-  help: (command, config) => `
+const description$8 = 'Clear the value of a local CLI config item';
+const hidden = false;
+const cmdConfigUnset = {
+  description: description$8,
+  hidden,
+  run: run$I
+};
+async function run$I(argv, importMeta, {
+  parentName
+}) {
+  const config = {
+    commandName: 'unset',
+    description: description$8,
+    hidden,
+    flags: {
+      ...utils.commonFlags,
+      ...utils.outputFlags
+    },
+    help: (command, config) => `
     Usage
       $ ${command} [options] <KEY> <VALUE>
 
@@ -2921,23 +2937,15 @@ const config$I = {
 
     Keys:
 
-${Array.from(utils.supportedConfigKeys.entries()).map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
+${utils.getSupportedConfigEntries().map(([key, desc]) => `     - ${key} -- ${desc}`).join('\n')}
 
-    Examples
-      $ ${command} defaultOrg
-  `
-};
-const cmdConfigUnset = {
-  description: config$I.description,
-  hidden: config$I.hidden,
-  run: run$I
-};
-async function run$I(argv, importMeta, {
-  parentName
-}) {
+    Examples
+      $ ${command} defaultOrg
+  `
+  };
   const cli = utils.meowOrExit({
     argv,
-    config: config$I,
+    config,
     importMeta,
     parentName
   });
@@ -2948,7 +2956,7 @@ async function run$I(argv, importMeta, {
   const [key = ''] = cli.input;
   const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
-    test: key === 'test' || utils.supportedConfigKeys.has(key),
+    test: key === 'test' || utils.isSupportedConfigKey(key),
     message: 'Config key should be the first arg',
     pass: 'ok',
     fail: key ? 'invalid config key' : 'missing'
@@ -3566,9 +3574,9 @@ async function getActualTree(cwd = process.cwd()) {
 
 const {
   BUN: BUN$4,
-  NPM: NPM$8,
+  NPM: NPM$7,
   OVERRIDES: OVERRIDES$2,
-  PNPM: PNPM$8,
+  PNPM: PNPM$7,
   RESOLUTIONS: RESOLUTIONS$1,
   VLT: VLT$5,
   YARN_BERRY: YARN_BERRY$4,
@@ -3587,7 +3595,7 @@ function getOverridesDataBun(pkgEnvDetails, pkgJson = pkgEnvDetails.editablePkgJ
 function getOverridesDataNpm(pkgEnvDetails, pkgJson = pkgEnvDetails.editablePkgJson.content) {
   const overrides = pkgJson?.[OVERRIDES$2] ?? {};
   return {
-    type: NPM$8,
+    type: NPM$7,
     overrides
   };
 }
@@ -3595,9 +3603,9 @@ function getOverridesDataNpm(pkgEnvDetails, pkgJson = pkgEnvDetails.editablePkgJ
 // pnpm overrides documentation:
 // https://pnpm.io/package_json#pnpmoverrides
 function getOverridesDataPnpm(pkgEnvDetails, pkgJson = pkgEnvDetails.editablePkgJson.content) {
-  const overrides = pkgJson?.[PNPM$8]?.[OVERRIDES$2] ?? {};
+  const overrides = pkgJson?.[PNPM$7]?.[OVERRIDES$2] ?? {};
   return {
-    type: PNPM$8,
+    type: PNPM$7,
     overrides
   };
 }
@@ -3632,7 +3640,7 @@ function getOverridesData(pkgEnvDetails, pkgJson) {
   switch (pkgEnvDetails.agent) {
     case BUN$4:
       return getOverridesDataBun(pkgEnvDetails, pkgJson);
-    case PNPM$8:
+    case PNPM$7:
       return getOverridesDataPnpm(pkgEnvDetails, pkgJson);
     case VLT$5:
       return getOverridesDataVlt(pkgEnvDetails, pkgJson);
@@ -3640,7 +3648,7 @@ function getOverridesData(pkgEnvDetails, pkgJson) {
       return getOverridesDataYarn(pkgEnvDetails, pkgJson);
     case YARN_CLASSIC$4:
       return getOverridesDataYarnClassic(pkgEnvDetails, pkgJson);
-    case NPM$8:
+    case NPM$7:
     default:
       return getOverridesDataNpm(pkgEnvDetails, pkgJson);
   }
@@ -4266,7 +4274,7 @@ async function outputFixResult(result, outputKind) {
 
 const {
   OVERRIDES: OVERRIDES$1,
-  PNPM: PNPM$7
+  PNPM: PNPM$6
 } = constants;
 async function install(pkgEnvDetails, options) {
   const {
@@ -4383,15 +4391,15 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
       const {
         overrides: oldOverrides
       } = getOverridesDataPnpm(pkgEnvDetails, editablePkgJson.content);
-      const oldPnpmSection = editablePkgJson.content[PNPM$7];
+      const oldPnpmSection = editablePkgJson.content[PNPM$6];
       const overrideKey = `${packument.name}@${vulnerableVersionRange}`;
       revertOverrides = undefined;
       revertOverridesSrc = utils.extractOverridesFromPnpmLockSrc(lockSrc);
       if (isWorkspaceRoot) {
         revertOverrides = {
-          [PNPM$7]: oldPnpmSection ? {
+          [PNPM$6]: oldPnpmSection ? {
             ...oldPnpmSection,
-            [OVERRIDES$1]: objects.hasKeys(oldOverrides) ? {
+            [OVERRIDES$1]: require$$7.hasKeys(oldOverrides) ? {
               ...oldOverrides,
               [overrideKey]: undefined
             } : undefined
@@ -4400,7 +4408,7 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
         // Update overrides in the root package.json so that when `pnpm install`
         // generates pnpm-lock.yaml it updates transitive dependencies too.
         editablePkgJson.update({
-          [PNPM$7]: {
+          [PNPM$6]: {
             ...oldPnpmSection,
             [OVERRIDES$1]: {
               ...oldOverrides,
@@ -4451,16 +4459,13 @@ async function pnpmFix(pkgEnvDetails, fixConfig) {
   }, fixConfig);
 }
 
-const {
-  NPM: NPM$7,
-  PNPM: PNPM$6
-} = constants;
 async function handleFix({
   autoMerge,
   cwd,
   ghsas,
   limit,
   minSatisfying,
+  orgSlug,
   outputKind,
   prCheck,
   purls,
@@ -4470,49 +4475,66 @@ async function handleFix({
   testScript,
   unknownFlags
 }) {
-  let {
-    length: ghsasCount
-  } = ghsas;
-  if (ghsasCount) {
-    spinner?.start('Fetching GHSA IDs...');
-    if (ghsasCount === 1 && ghsas[0] === 'auto') {
-      const autoCResult = await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd], {
-        cwd,
-        spinner
-      });
-      spinner?.stop();
-      if (autoCResult.ok) {
-        ghsas = utils.cmdFlagValueToArray(/(?<=Vulnerabilities found: )[^\n]+/.exec(autoCResult.data)?.[0]);
-        ghsasCount = ghsas.length;
-      } else {
-        debug.debugFn('error', 'fail: Coana CLI');
-        debug.debugDir('inspect', {
-          message: autoCResult.message,
-          cause: autoCResult.cause
-        });
-        ghsas = [];
-        ghsasCount = 0;
+  if (ghsas.length === 1 && ghsas[0] === 'auto') {
+    let lastCResult;
+    const sockSdkCResult = await utils.setupSdk();
+    lastCResult = sockSdkCResult;
+    const sockSdk = sockSdkCResult.ok ? sockSdkCResult.data : undefined;
+    const supportedFilesCResult = sockSdk ? await fetchSupportedScanFileNames() : undefined;
+    if (supportedFilesCResult) {
+      lastCResult = supportedFilesCResult;
+    }
+    const supportedFiles = supportedFilesCResult?.ok ? supportedFilesCResult.data : undefined;
+    const packagePaths = supportedFiles ? await utils.getPackageFilesForScan(['.'], supportedFiles, {
+      cwd
+    }) : [];
+    const uploadCResult = sockSdk ? await utils.handleApiCall(sockSdk?.uploadManifestFiles(orgSlug, packagePaths), {
+      desc: 'upload manifests'
+    }) : undefined;
+    if (uploadCResult) {
+      lastCResult = uploadCResult;
+    }
+    const tarHash = uploadCResult?.ok ? uploadCResult.data.tarHash : '';
+    const idsOutputCResult = tarHash ? await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash], {
+      cwd,
+      spinner,
+      env: {
+        SOCKET_ORG_SLUG: orgSlug
       }
-      spinner?.start();
+    }) : undefined;
+    if (idsOutputCResult) {
+      lastCResult = idsOutputCResult;
     }
-    if (ghsasCount) {
-      spinner?.info(`Found ${ghsasCount} GHSA ${words.pluralize('ID', ghsasCount)}.`);
-      const applyFixesCResult = await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd, '--apply-fixes-to', ...ghsas, ...unknownFlags], {
-        cwd,
-        spinner
-      });
-      spinner?.stop();
-      if (!applyFixesCResult.ok) {
-        debug.debugFn('error', 'fail: Coana CLI');
-        debug.debugDir('inspect', {
-          message: applyFixesCResult.message,
-          cause: applyFixesCResult.cause
-        });
+    const idsOutput = idsOutputCResult?.ok ? idsOutputCResult.data : '';
+    const ids = utils.cmdFlagValueToArray(/(?<=Vulnerabilities found: )[^\n]+/.exec(idsOutput)?.[0]);
+    const fixCResult = ids.length ? await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...ids, ...unknownFlags], {
+      cwd,
+      spinner,
+      env: {
+        SOCKET_ORG_SLUG: orgSlug
       }
-      await outputFixResult(applyFixesCResult, outputKind);
+    }) : undefined;
+    if (fixCResult) {
+      lastCResult = fixCResult;
+    }
+    // const fixCResult = await spawnCoana(
+    //   [
+    //     cwd,
+    //     '--socket-mode',
+    //     DOT_SOCKET_DOT_FACTS_JSON,
+    //     '--manifests-tar-hash',
+    //     tarHash,
+    //     ...unknownFlags,
+    //   ],
+    //   { cwd, spinner, env: { SOCKET_ORG_SLUG: orgSlug } },
+    // )
+    debug.debugDir('inspect', {
+      lastCResult
+    });
+    if (!lastCResult.ok) {
+      await outputFixResult(lastCResult, outputKind);
       return;
     }
-    spinner?.infoAndStop('No GHSA IDs found.');
     await outputFixResult({
       ok: true,
       data: ''
@@ -4538,11 +4560,17 @@ async function handleFix({
     }, outputKind);
     return;
   }
+
+  // Lazily access constants.
+  const {
+    NPM,
+    PNPM
+  } = constants;
   const {
     agent,
     agentVersion
   } = pkgEnvDetails;
-  if (agent !== NPM$7 && agent !== PNPM$6) {
+  if (agent !== NPM && agent !== PNPM) {
     await outputFixResult({
       ok: false,
       message: 'Not supported.',
@@ -4551,7 +4579,7 @@ async function handleFix({
     return;
   }
   logger.logger.info(`Fixing packages for ${agent} v${agentVersion}.\n`);
-  const fixer = agent === NPM$7 ? npmFix : pnpmFix;
+  const fixer = agent === NPM ? npmFix : pnpmFix;
   await outputFixResult(await fixer(pkgEnvDetails, {
     autoMerge,
     cwd,
@@ -4589,7 +4617,8 @@ const config$H = {
       type: 'string',
       default: [],
       description: `Provide a list of ${vendor.terminalLinkExports('GHSA IDs', 'https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids')} to compute fixes for, as either a comma separated value or as multiple flags.\n                        Use '--ghsa auto' to automatically lookup GHSA IDs and compute fixes for them.`,
-      isMultiple: true
+      isMultiple: true,
+      hidden: true
     },
     limit: {
       type: 'number',
@@ -4714,6 +4743,14 @@ async function run$H(argv, importMeta, {
     autoMerge = true;
     test = true;
   }
+  const orgSlugCResult = await utils.getDefaultOrgSlug();
+  if (!orgSlugCResult.ok) {
+    process.exitCode = orgSlugCResult.code ?? 1;
+    // Always assume json mode.
+    // logger.log(serializeResultJson(orgSlugCResult))
+    return;
+  }
+  const orgSlug = orgSlugCResult.data;
   const ghsas = utils.cmdFlagValueToArray(cli.flags['ghsa']);
   const limit = (cli.flags['limit'] ? parseInt(String(cli.flags['limit'] || ''), 10) : Infinity) || Infinity;
   const maxSatisfying = Boolean(cli.flags['maxSatisfying']);
@@ -4728,6 +4765,7 @@ async function run$H(argv, importMeta, {
     limit,
     minSatisfying,
     prCheck,
+    orgSlug,
     outputKind,
     purls,
     rangeStyle,
@@ -4819,7 +4857,7 @@ async function setupTabCompletion(targetName) {
   };
 }
 function getTabCompletionScriptRaw() {
-  const sourceDir = path.dirname(require$$0.fileURLToPath((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href))));
+  const sourceDir = path.dirname(require$$0.fileURLToPath(require('node:url').pathToFileURL(__filename).href));
   const sourcePath = path.join(sourceDir, 'socket-completion.bash');
   if (!fs$1.existsSync(sourcePath)) {
     return {
@@ -5022,22 +5060,31 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
     };
   }
   const apiToken = apiTokenInput || SOCKET_PUBLIC_API_TOKEN;
-  const sdk = await utils.setupSdk(apiToken, apiBaseUrl, apiProxy);
-  if (!sdk.ok) {
+  const sockSdkCResult = await utils.setupSdk({
+    apiBaseUrl,
+    apiProxy,
+    apiToken
+  });
+  if (!sockSdkCResult.ok) {
     process.exitCode = 1;
-    logger.logger.fail(utils.failMsgWithBadge(sdk.message, sdk.cause));
+    logger.logger.fail(utils.failMsgWithBadge(sockSdkCResult.message, sockSdkCResult.cause));
     return;
   }
-  const result = await utils.handleApiCall(sdk.data.getOrganizations(), 'token verification');
-  if (!result.ok) {
+  const sockSdk = sockSdkCResult.data;
+  const orgsCResult = await utils.handleApiCall(sockSdk.getOrganizations(), {
+    desc: 'token verification'
+  });
+  if (!orgsCResult.ok) {
     process.exitCode = 1;
-    logger.logger.fail(utils.failMsgWithBadge(result.message, result.cause));
+    logger.logger.fail(utils.failMsgWithBadge(orgsCResult.message, orgsCResult.cause));
     return;
   }
-  const orgs = result.data;
-  const orgSlugs = Object.values(orgs.organizations).map(obj => obj.slug);
+  const {
+    organizations
+  } = orgsCResult.data;
+  const orgSlugs = Object.values(organizations).map(obj => obj.slug);
   logger.logger.success(`API key verified: ${orgSlugs}`);
-  const enforcedChoices = Object.values(orgs.organizations).filter(org => org?.plan === 'enterprise').map(org => ({
+  const enforcedChoices = Object.values(organizations).filter(org => org?.plan === 'enterprise').map(org => ({
     name: org.name ?? 'undefined',
     value: org.id
   }));
@@ -6847,7 +6894,7 @@ async function run$v(argv, importMeta, {
   });
 }
 
-const require$3 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
+const require$3 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$u
 } = constants;
@@ -6896,11 +6943,11 @@ async function run$u(argv, importMeta, {
   }
 
   // Lazily access constants.shadowNpmBinPath.
-  const shadowBin = require$3(constants.shadowNpmBinPath);
+  const shadowBin = /*@__PURE__*/require$3(constants.shadowNpmBinPath);
   await shadowBin('npm', argv);
 }
 
-const require$2 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
+const require$2 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
 const {
   DRY_RUN_BAILING_NOW: DRY_RUN_BAILING_NOW$t
 } = constants;
@@ -6949,7 +6996,7 @@ async function run$t(argv, importMeta, {
   }
 
   // Lazily access constants.shadowNpmBinPath.
-  const shadowBin = require$2(constants.shadowNpmBinPath);
+  const shadowBin = /*@__PURE__*/require$2(constants.shadowNpmBinPath);
   await shadowBin('npx', argv);
 }
 
@@ -7348,8 +7395,8 @@ function updatePkgJsonField(editablePkgJson, field, value) {
   if (oldValue) {
     // The field already exists so we simply update the field value.
     if (field === PNPM$1) {
-      const isPnpmObj = objects.isObject(oldValue);
-      if (objects.hasKeys(value)) {
+      const isPnpmObj = require$$7.isObject(oldValue);
+      if (require$$7.hasKeys(value)) {
         editablePkgJson.update({
           [field]: {
             ...(isPnpmObj ? oldValue : {}),
@@ -7361,7 +7408,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
         });
       } else {
         // Properties with undefined values are omitted when saved as JSON.
-        editablePkgJson.update(objects.hasKeys(oldValue) ? {
+        editablePkgJson.update(require$$7.hasKeys(oldValue) ? {
           [field]: {
             ...(isPnpmObj ? oldValue : {}),
             overrides: undefined
@@ -7373,7 +7420,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
     } else if (field === OVERRIDES || field === RESOLUTIONS) {
       // Properties with undefined values are omitted when saved as JSON.
       editablePkgJson.update({
-        [field]: objects.hasKeys(value) ? value : undefined
+        [field]: require$$7.hasKeys(value) ? value : undefined
       });
     } else {
       editablePkgJson.update({
@@ -7382,7 +7429,7 @@ function updatePkgJsonField(editablePkgJson, field, value) {
     }
     return;
   }
-  if ((field === OVERRIDES || field === PNPM$1 || field === RESOLUTIONS) && !objects.hasKeys(value)) {
+  if ((field === OVERRIDES || field === PNPM$1 || field === RESOLUTIONS) && !require$$7.hasKeys(value)) {
     return;
   }
   // Since the field doesn't exist we want to insert it into the package.json
@@ -7517,7 +7564,7 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
   let loggedAddingText = false;
 
   // Chunk package names to process them in parallel 3 at a time.
-  await require$$7.pEach(manifestEntries, 3, async ({
+  await require$$8.pEach(manifestEntries, 3, async ({
     1: data
   }) => {
     const {
@@ -7531,11 +7578,11 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
     for (const {
       1: depObj
     } of depEntries) {
-      const sockSpec = objects.hasOwn(depObj, sockRegPkgName) ? depObj[sockRegPkgName] : undefined;
+      const sockSpec = require$$7.hasOwn(depObj, sockRegPkgName) ? depObj[sockRegPkgName] : undefined;
       if (sockSpec) {
         depAliasMap.set(sockRegPkgName, sockSpec);
       }
-      const origSpec = objects.hasOwn(depObj, origPkgName) ? depObj[origPkgName] : undefined;
+      const origSpec = require$$7.hasOwn(depObj, origPkgName) ? depObj[origPkgName] : undefined;
       if (origSpec) {
         let thisSpec = origSpec;
         // Add package aliases for direct dependencies to avoid npm EOVERRIDE
@@ -7571,11 +7618,11 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
         npmExecPath
       });
       // Chunk package names to process them in parallel 3 at a time.
-      await require$$7.pEach(overridesDataObjects, 3, async ({
+      await require$$8.pEach(overridesDataObjects, 3, async ({
         overrides,
         type
       }) => {
-        const overrideExists = objects.hasOwn(overrides, origPkgName);
+        const overrideExists = require$$7.hasOwn(overrides, origPkgName);
         if (overrideExists || thingScanner(pkgEnvDetails, thingToScan, origPkgName, lockName)) {
           const oldSpec = overrideExists ? overrides[origPkgName] : undefined;
           const origDepAlias = depAliasMap.get(origPkgName);
@@ -7625,7 +7672,7 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
   });
   if (isWorkspace) {
     // Chunk package names to process them in parallel 3 at a time.
-    await require$$7.pEach(workspacePkgJsonPaths, 3, async workspacePkgJsonPath => {
+    await require$$8.pEach(workspacePkgJsonPaths, 3, async workspacePkgJsonPath => {
       const otherState = await addOverrides(pkgEnvDetails, path.dirname(workspacePkgJsonPath), {
         logger,
         pin,
@@ -7646,7 +7693,7 @@ async function addOverrides(pkgEnvDetails, pkgPath, options) {
         overrides,
         type
       } of overridesDataObjects) {
-        updateManifest(type, pkgEnvDetails.editablePkgJson, objects.toSortedObject(overrides));
+        updateManifest(type, pkgEnvDetails.editablePkgJson, require$$7.toSortedObject(overrides));
       }
     }
     await pkgEnvDetails.editablePkgJson.save();
@@ -7891,19 +7938,31 @@ async function run$r(argv, importMeta, {
   });
 }
 
-async function fetchDependencies({
-  limit,
-  offset
-}) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchDependencies(config, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
+  const {
+    limit,
+    offset
+  } = {
+    __proto__: null,
+    ...config
+  };
   return await utils.handleApiCall(sockSdk.searchDependencies({
     limit,
     offset
-  }), 'organization dependencies');
+  }), {
+    desc: 'organization dependencies'
+  });
 }
 
 // @ts-ignore
@@ -8068,13 +8127,21 @@ async function run$q(argv, importMeta, {
   });
 }
 
-async function fetchLicensePolicy(orgSlug) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchLicensePolicy(orgSlug, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.getOrgLicensePolicy(orgSlug), 'organization license policy');
+  return await utils.handleApiCall(sockSdk.getOrgLicensePolicy(orgSlug), {
+    desc: 'organization license policy'
+  });
 }
 
 async function outputLicensePolicy(result, outputKind) {
@@ -8096,7 +8163,10 @@ async function outputLicensePolicy(result, outputKind) {
   logger.logger.log('');
   const rules = result.data['license_policy'];
   const entries = rules ? Object.entries(rules) : [];
-  const mapped = entries.map(([key, value]) => [key, value?.['allowed'] ? ' yes' : ' no']);
+  const mapped = entries.map(({
+    0: key,
+    1: value
+  }) => [key, value?.['allowed'] ? ' yes' : ' no']);
   mapped.sort(([a], [b]) => a < b ? -1 : a > b ? 1 : 0);
   logger.logger.log(utils.mdTableOfPairs(mapped, ['License Name', 'Allowed']));
   logger.logger.log('');
@@ -8193,13 +8263,21 @@ async function run$p(argv, importMeta, {
   await handleLicensePolicy(orgSlug, outputKind);
 }
 
-async function fetchSecurityPolicy(orgSlug) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchSecurityPolicy(orgSlug, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.getOrgSecurityPolicy(orgSlug), 'organization security policy');
+  return await utils.handleApiCall(sockSdk.getOrgSecurityPolicy(orgSlug), {
+    desc: 'organization security policy'
+  });
 }
 
 async function outputSecurityPolicy(result, outputKind) {
@@ -8222,7 +8300,10 @@ async function outputSecurityPolicy(result, outputKind) {
   logger.logger.log('');
   const rules = result.data.securityPolicyRules;
   const entries = rules ? Object.entries(rules) : [];
-  const mapped = entries.map(([key, value]) => [key, value.action]);
+  const mapped = entries.map(({
+    0: key,
+    1: value
+  }) => [key, value.action]);
   mapped.sort(([a], [b]) => a < b ? -1 : a > b ? 1 : 0);
   logger.logger.log(utils.mdTableOfPairs(mapped, ['name', 'action']));
   logger.logger.log('');
@@ -8321,15 +8402,6 @@ async function run$o(argv, importMeta, {
   await handleSecurityPolicy(orgSlug, outputKind);
 }
 
-async function fetchOrganization() {
-  const sockSdkCResult = await utils.setupSdk();
-  if (!sockSdkCResult.ok) {
-    return sockSdkCResult;
-  }
-  const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.getOrganizations(), 'organization list');
-}
-
 async function outputOrganizationList(result, outputKind = 'text') {
   if (!result.ok) {
     process.exitCode = result.code ?? 1;
@@ -8381,7 +8453,7 @@ async function outputOrganizationList(result, outputKind = 'text') {
 }
 
 async function handleOrganizationList(outputKind = 'text') {
-  const data = await fetchOrganization();
+  const data = await utils.fetchOrganization();
   await outputOrganizationList(data, outputKind);
 }
 
@@ -8480,13 +8552,21 @@ const cmdOrganizationPolicy = {
   }
 };
 
-async function fetchQuota() {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchQuota(options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.getQuota(), 'token quota');
+  return await utils.handleApiCall(sockSdk.getQuota(), {
+    desc: 'token quota'
+  });
 }
 
 async function outputQuota(result, outputKind = 'text') {
@@ -8945,20 +9025,28 @@ async function run$l(argv, importMeta, {
   await handlePurlDeepScore(purls[0] || '', outputKind);
 }
 
-async function fetchPurlsShallowScore(purls) {
-  logger.logger.info(`Requesting shallow score data for ${purls.length} package urls (purl): ${purls.join(', ')}`);
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchPurlsShallowScore(purls, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
+  logger.logger.info(`Requesting shallow score data for ${purls.length} package urls (purl): ${purls.join(', ')}`);
   const result = await utils.handleApiCall(sockSdk.batchPackageFetch({
-    alerts: 'true'
-  }, {
     components: purls.map(purl => ({
       purl
     }))
-  }), 'looking up package');
+  }, {
+    alerts: 'true'
+  }), {
+    desc: 'looking up package'
+  });
   if (!result.ok) {
     return result;
   }
@@ -9454,26 +9542,35 @@ async function run$i(argv, importMeta, {
   await runRawNpx(argv);
 }
 
-async function fetchCreateRepo({
-  default_branch,
-  description,
-  homepage,
-  orgSlug,
-  repoName,
-  visibility
-}) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchCreateRepo(config, options) {
+  const {
+    defaultBranch,
+    description,
+    homepage,
+    orgSlug,
+    repoName,
+    visibility
+  } = config;
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.createOrgRepo(orgSlug, {
-    name: repoName,
+    default_branch: defaultBranch,
     description,
     homepage,
-    default_branch,
+    name: repoName,
     visibility
-  }), 'to create a repository');
+  }), {
+    desc: 'to create a repository'
+  });
 }
 
 function outputCreateRepo(result, requestedName, outputKind) {
@@ -9495,7 +9592,7 @@ function outputCreateRepo(result, requestedName, outputKind) {
 }
 
 async function handleCreateRepo({
-  default_branch,
+  defaultBranch,
   description,
   homepage,
   orgSlug,
@@ -9503,7 +9600,7 @@ async function handleCreateRepo({
   visibility
 }, outputKind) {
   const data = await fetchCreateRepo({
-    default_branch,
+    defaultBranch,
     description,
     homepage,
     orgSlug,
@@ -9633,18 +9730,26 @@ async function run$h(argv, importMeta, {
     repoName: String(repoName),
     description: String(cli.flags['repoDescription'] || ''),
     homepage: String(cli.flags['homepage'] || ''),
-    default_branch: String(cli.flags['defaultBranch'] || ''),
+    defaultBranch: String(cli.flags['defaultBranch'] || ''),
     visibility: String(cli.flags['visibility'] || 'private')
   }, outputKind);
 }
 
-async function fetchDeleteRepo(orgSlug, repoName) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchDeleteRepo(orgSlug, repoName, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.deleteOrgRepo(orgSlug, repoName), 'to delete a repository');
+  return await utils.handleApiCall(sockSdk.deleteOrgRepo(orgSlug, repoName), {
+    desc: 'to delete a repository'
+  });
 }
 
 async function outputDeleteRepo(result, repoName, outputKind) {
@@ -9762,12 +9867,16 @@ async function run$g(argv, importMeta, {
   await handleDeleteRepo(orgSlug, repoName, outputKind);
 }
 
-async function fetchListAllRepos({
-  direction,
-  orgSlug,
-  sort
-}) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchListAllRepos(orgSlug, options) {
+  const {
+    direction,
+    sdkOptions,
+    sort
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
@@ -9790,7 +9899,9 @@ async function fetchListAllRepos({
       per_page: String(100),
       // max
       page: String(nextPage)
-    }), 'list of repositories');
+    }), {
+      desc: 'list of repositories'
+    });
     if (!orgRepoListCResult.ok) {
       debug.debugFn('error', 'fail: fetch repo');
       debug.debugDir('inspect', {
@@ -9810,14 +9921,24 @@ async function fetchListAllRepos({
   };
 }
 
-async function fetchListRepos({
-  direction,
-  orgSlug,
-  page,
-  per_page,
-  sort
-}) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchListRepos(config, options) {
+  const {
+    direction,
+    orgSlug,
+    page,
+    perPage,
+    sort
+  } = {
+    __proto__: null,
+    ...config
+  };
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
@@ -9825,9 +9946,11 @@ async function fetchListRepos({
   return await utils.handleApiCall(sockSdk.getOrgRepoList(orgSlug, {
     sort,
     direction,
-    per_page: String(per_page),
+    per_page: String(perPage),
     page: String(page)
-  }), 'list of repositories');
+  }), {
+    desc: 'list of repositories'
+  });
 }
 
 // @ts-ignore
@@ -9893,13 +10016,12 @@ async function handleListRepos({
   orgSlug,
   outputKind,
   page,
-  per_page,
+  perPage,
   sort
 }) {
   if (all) {
-    const data = await fetchListAllRepos({
+    const data = await fetchListAllRepos(orgSlug, {
       direction,
-      orgSlug,
       sort
     });
     await outputListRepos(data, outputKind, 0, 0, sort, Infinity, direction);
@@ -9908,14 +10030,14 @@ async function handleListRepos({
       direction,
       orgSlug,
       page,
-      per_page,
+      perPage,
       sort
     });
     if (!data.ok) {
       await outputListRepos(data, outputKind, 0, 0, '', 0, direction);
     } else {
       // Note: nextPage defaults to 0, is null when there's no next page
-      await outputListRepos(data, outputKind, page, data.data.nextPage, sort, per_page, direction);
+      await outputListRepos(data, outputKind, page, data.data.nextPage, sort, perPage, direction);
     }
   }
 }
@@ -10048,32 +10170,44 @@ async function run$f(argv, importMeta, {
     orgSlug,
     outputKind,
     page: Number(cli.flags['page']) || 1,
-    per_page: Number(cli.flags['perPage']) || 30,
+    perPage: Number(cli.flags['perPage']) || 30,
     sort: String(cli.flags['sort'] || 'created_at')
   });
 }
 
-async function fetchUpdateRepo({
-  default_branch,
-  description,
-  homepage,
-  orgSlug,
-  repoName,
-  visibility
-}) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchUpdateRepo(config, options) {
+  const {
+    defaultBranch,
+    description,
+    homepage,
+    orgSlug,
+    repoName,
+    visibility
+  } = {
+    __proto__: null,
+    ...config
+  };
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
   return await utils.handleApiCall(sockSdk.updateOrgRepo(orgSlug, repoName, {
-    orgSlug,
-    name: repoName,
+    default_branch: defaultBranch,
     description,
     homepage,
-    default_branch,
+    name: repoName,
+    orgSlug,
     visibility
-  }), 'to update a repository');
+  }), {
+    desc: 'to update a repository'
+  });
 }
 
 async function outputUpdateRepo(result, repoName, outputKind) {
@@ -10092,7 +10226,7 @@ async function outputUpdateRepo(result, repoName, outputKind) {
 }
 
 async function handleUpdateRepo({
-  default_branch,
+  defaultBranch,
   description,
   homepage,
   orgSlug,
@@ -10100,7 +10234,7 @@ async function handleUpdateRepo({
   visibility
 }, outputKind) {
   const data = await fetchUpdateRepo({
-    default_branch,
+    defaultBranch,
     description,
     homepage,
     orgSlug,
@@ -10232,18 +10366,26 @@ async function run$e(argv, importMeta, {
     repoName: String(repoName),
     description: String(cli.flags['repoDescription'] || ''),
     homepage: String(cli.flags['homepage'] || ''),
-    default_branch: String(cli.flags['defaultBranch'] || ''),
+    defaultBranch: String(cli.flags['defaultBranch'] || ''),
     visibility: String(cli.flags['visibility'] || 'private')
   }, outputKind);
 }
 
-async function fetchViewRepo(orgSlug, repoName) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchViewRepo(orgSlug, repoName, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.getOrgRepo(orgSlug, repoName), 'repository data');
+  return await utils.handleApiCall(sockSdk.getOrgRepo(orgSlug, repoName), {
+    desc: 'repository data'
+  });
 }
 
 // @ts-ignore
@@ -10685,7 +10827,7 @@ async function run$c(argv, importMeta, {
   if (detected.count > 0 && !autoManifest) {
     logger.logger.info(`Detected ${detected.count} manifest targets we could try to generate. Please set the --autoManifest flag if you want to include languages covered by \`socket manifest auto\` in the Scan.`);
   }
-  if (updatedInput && orgSlug && targets?.length) {
+  if (updatedInput && orgSlug && targets.length) {
     logger.logger.info('Note: You can invoke this command next time to skip the interactive questions:');
     logger.logger.info('```');
     logger.logger.info(`    socket scan create [other flags...] ${orgSlug} ${targets.join(' ')}`);
@@ -10753,20 +10895,28 @@ async function run$c(argv, importMeta, {
     pendingHead: Boolean(pendingHead),
     pullRequest: Number(pullRequest),
     readOnly: Boolean(readOnly),
-    repoName: repoName,
+    repoName,
     report,
     targets,
     tmp: Boolean(tmp)
   });
 }
 
-async function fetchDeleteOrgFullScan(orgSlug, scanId) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchDeleteOrgFullScan(orgSlug, scanId, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.deleteOrgFullScan(orgSlug, scanId), 'to delete a scan');
+  return await utils.handleApiCall(sockSdk.deleteOrgFullScan(orgSlug, scanId), {
+    desc: 'to delete a scan'
+  });
 }
 
 async function outputDeleteScan(result, outputKind) {
@@ -11200,10 +11350,6 @@ async function run$a(argv, importMeta, {
   });
 }
 
-// Supported manifest file name patterns
-// Keep in mind that we have to request these files through the GitHub API; that cost is much heavier than local disk searches
-// TODO: get this list from API instead? Is that too much? Has to fetch through gh api...
-const SUPPORTED_FILE_PATTERNS = [/.*[-.]spdx\.json/, /bom\.json/, /.*[-.]cyclonedx\.json/, /.*[-.]cyclonedx\.xml/, /package\.json/, /package-lock\.json/, /npm-shrinkwrap\.json/, /yarn\.lock/, /pnpm-lock\.yaml/, /pnpm-lock\.yml/, /pnpm-workspace\.yaml/, /pnpm-workspace\.yml/, /pipfile/, /pyproject\.toml/, /poetry\.lock/, /requirements[\\/].*\.txt/, /requirements-.*\.txt/, /requirements_.*\.txt/, /requirements\.frozen/, /setup\.py/, /pipfile\.lock/, /go\.mod/, /go\.sum/, /pom\.xml/, /.*\..*proj/, /.*\.props/, /.*\.targets/, /.*\.nuspec/, /nuget\.config/, /packages\.config/, /packages\.lock\.json/];
 async function createScanFromGithub({
   all,
   githubApiUrl,
@@ -11217,9 +11363,8 @@ async function createScanFromGithub({
   let targetRepos = repos.trim().split(',').map(r => r.trim()).filter(Boolean);
   if (all || targetRepos.length === 0) {
     // Fetch from Socket API
-    const result = await fetchListAllRepos({
+    const result = await fetchListAllRepos(orgSlug, {
       direction: 'asc',
-      orgSlug,
       sort: 'name'
     });
     if (!result.ok) {
@@ -11258,7 +11403,7 @@ async function createScanFromGithub({
   let scansCreated = 0;
   for (const repoSlug of targetRepos) {
     // eslint-disable-next-line no-await-in-loop
-    const result = await scanRepo(repoSlug, {
+    const scanCResult = await scanRepo(repoSlug, {
       githubApiUrl,
       githubToken,
       orgSlug,
@@ -11266,8 +11411,13 @@ async function createScanFromGithub({
       outputKind,
       repos
     });
-    if (result.ok && result.data.scanCreated) {
-      scansCreated += 1;
+    if (scanCResult.ok) {
+      const {
+        scanCreated
+      } = scanCResult.data;
+      if (scanCreated) {
+        scansCreated += 1;
+      }
     }
   }
   logger.logger.success(targetRepos.length, 'GitHub repos detected');
@@ -11453,7 +11603,9 @@ async function testAndDownloadManifestFile({
   tmpDir
 }) {
   debug.debugFn('notice', 'testing: file', file);
-  if (!SUPPORTED_FILE_PATTERNS.some(regex => regex.test(file))) {
+  const supportedFilesCResult = await fetchSupportedScanFileNames();
+  const supportedFiles = supportedFilesCResult.ok ? supportedFilesCResult.data : undefined;
+  if (!supportedFiles || !utils.isReportSupportedFile(file, supportedFiles)) {
     debug.debugFn('notice', '  - skip: not a known pattern');
     // Not an error.
     return {
@@ -11834,7 +11986,7 @@ async function handleCreateGithubScan({
   outputKind,
   repos
 }) {
-  const result = await createScanFromGithub({
+  const ghScanCResult = await createScanFromGithub({
     all: Boolean(all),
     githubApiUrl,
     githubToken,
@@ -11844,7 +11996,7 @@ async function handleCreateGithubScan({
     outputKind,
     repos: String(repos || '')
   });
-  await outputScanGithub(result, outputKind);
+  await outputScanGithub(ghScanCResult, outputKind);
 }
 
 const {
@@ -12051,21 +12203,31 @@ async function run$9(argv, importMeta, {
   });
 }
 
-async function fetchListScans({
-  branch,
-  direction,
-  from_time,
-  orgSlug,
-  page,
-  per_page,
-  repo,
-  sort
-}) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchOrgFullScanList(config, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
+  const {
+    branch,
+    direction,
+    from_time,
+    orgSlug,
+    page,
+    perPage,
+    repo,
+    sort
+  } = {
+    __proto__: null,
+    ...config
+  };
   return await utils.handleApiCall(sockSdk.getOrgFullScanList(orgSlug, {
     ...(branch ? {
       branch
@@ -12075,10 +12237,12 @@ async function fetchListScans({
     } : {}),
     sort,
     direction,
-    per_page: String(per_page),
+    per_page: String(perPage),
     page: String(page),
     from: from_time
-  }), 'list of scans');
+  }), {
+    desc: 'list of scans'
+  });
 }
 
 // @ts-ignore
@@ -12135,17 +12299,17 @@ async function handleListScans({
   orgSlug,
   outputKind,
   page,
-  per_page,
+  perPage,
   repo,
   sort
 }) {
-  const data = await fetchListScans({
+  const data = await fetchOrgFullScanList({
     branch,
     direction,
     from_time,
     orgSlug,
     page,
-    per_page,
+    perPage,
     repo,
     sort
   });
@@ -12305,19 +12469,27 @@ async function run$8(argv, importMeta, {
     orgSlug,
     outputKind,
     page: Number(cli.flags['page'] || 1),
-    per_page: Number(cli.flags['perPage'] || 30),
+    perPage: Number(cli.flags['perPage'] || 30),
     repo: repo ? String(repo) : '',
     sort: String(cli.flags['sort'] || '')
   });
 }
 
-async function fetchScanMetadata(orgSlug, scanId) {
-  const sockSdkCResult = await utils.setupSdk();
+async function fetchScanMetadata(orgSlug, scanId, options) {
+  const {
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
   const sockSdk = sockSdkCResult.data;
-  return await utils.handleApiCall(sockSdk.getOrgFullScanMetadata(orgSlug, scanId), 'meta data for a full scan');
+  return await utils.handleApiCall(sockSdk.getOrgFullScanMetadata(orgSlug, scanId), {
+    desc: 'meta data for a full scan'
+  });
 }
 
 async function outputScanMetadata(result, scanId, outputKind) {
@@ -13184,8 +13356,15 @@ async function handleScanView(orgSlug, scanId, filePath, outputKind) {
   await outputScanView(data, orgSlug, scanId, filePath, outputKind);
 }
 
-async function streamScan(orgSlug, scanId, file) {
-  const sockSdkCResult = await utils.setupSdk();
+async function streamScan(orgSlug, scanId, options) {
+  const {
+    file,
+    sdkOptions
+  } = {
+    __proto__: null,
+    ...options
+  };
+  const sockSdkCResult = await utils.setupSdk(sdkOptions);
   if (!sockSdkCResult.ok) {
     return sockSdkCResult;
   }
@@ -13193,7 +13372,9 @@ async function streamScan(orgSlug, scanId, file) {
   logger.logger.info('Requesting data from API...');
 
   // Note: this will write to stdout or target file. It's not a noop
-  return await utils.handleApiCall(sockSdk.getOrgFullScan(orgSlug, scanId, file === '-' ? undefined : file), 'a scan');
+  return await utils.handleApiCall(sockSdk.getOrgFullScan(orgSlug, scanId, file === '-' ? undefined : file), {
+    desc: 'a scan'
+  });
 }
 
 const {
@@ -13303,7 +13484,9 @@ async function run$3(argv, importMeta, {
     return;
   }
   if (json && stream) {
-    await streamScan(orgSlug, scanId, file);
+    await streamScan(orgSlug, scanId, {
+      file
+    });
   } else {
     await handleScanView(orgSlug, scanId, file, outputKind);
   }
@@ -13361,7 +13544,7 @@ async function fetchThreatFeed({
   return await utils.queryApiSafeJson(`orgs/${orgSlug}/threat-feed?${queryParams}`, 'the Threat Feed data');
 }
 
-const require$1 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
+const require$1 = require$$5.createRequire(require('node:url').pathToFileURL(__filename).href);
 async function outputThreatFeed(result, outputKind) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1;
@@ -13382,7 +13565,7 @@ async function outputThreatFeed(result, outputKind) {
   const descriptions = result.data.results.map(d => d.description);
 
   // Note: this temporarily takes over the terminal (just like `man` does).
-  const ScreenWidget = require$1('../external/blessed/lib/widgets/screen.js');
+  const ScreenWidget = /*@__PURE__*/require$1('../external/blessed/lib/widgets/screen.js');
   // Lazily access constants.blessedOptions.
   const screen = new ScreenWidget({
     ...constants.blessedOptions
@@ -13392,7 +13575,7 @@ async function outputThreatFeed(result, outputKind) {
   // node process just to exit it. That's very bad UX.
   // eslint-disable-next-line n/no-process-exit
   screen.key(['escape', 'q', 'C-c'], () => process.exit(0));
-  const TableWidget = require$1('../external/blessed-contrib/lib/widget/table.js');
+  const TableWidget = /*@__PURE__*/require$1('../external/blessed-contrib/lib/widget/table.js');
   const detailsBoxHeight = 20; // bottom N rows for details box
   const tipsBoxHeight = 1; // 1 row for tips box
 
@@ -13416,7 +13599,7 @@ async function outputThreatFeed(result, outputKind) {
     columnSpacing: 1,
     truncate: '_'
   });
-  const BoxWidget = require$1('../external/blessed/lib/widgets/box.js');
+  const BoxWidget = /*@__PURE__*/require$1('../external/blessed/lib/widgets/box.js');
   const tipsBox = new BoxWidget({
     bottom: detailsBoxHeight,
     // sits just above the details box
@@ -14143,7 +14326,7 @@ async function run(argv, importMeta, {
   }
 }
 
-const __filename$1 = require$$0.fileURLToPath((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
+const __filename$1 = require$$0.fileURLToPath(require('node:url').pathToFileURL(__filename).href);
 const {
   SOCKET_CLI_BIN_NAME
 } = constants;
@@ -14339,5 +14522,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=9f81fe97-c2db-4ad9-9cf7-ae11682e5f3c
+//# debugId=5e02c3b4-98c2-48aa-856d-526ed5a48fa7
 //# sourceMappingURL=cli.js.map