socket 1.1.11 → 1.1.13

package/dist/utils.js

@@ -23,8 +23,8 @@ var fs$1 = require('node:fs');
 var require$$13 = require('../external/@socketsecurity/registry/lib/url');
 var promises = require('node:timers/promises');
 var npm = require('../external/@socketsecurity/registry/lib/npm');
-var globs = require('../external/@socketsecurity/registry/lib/globs');
 var packages = require('../external/@socketsecurity/registry/lib/packages');
+var globs = require('../external/@socketsecurity/registry/lib/globs');
 var streams = require('../external/@socketsecurity/registry/lib/streams');
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
@@ -565,7 +565,7 @@ async function handleApiCallNoSpinner(value, description) {
 async function queryApi(path, apiToken) {
   const baseUrl = getDefaultApiBaseUrl();
   if (!baseUrl) {
-    throw new Error('Socket API endpoint is not configured');
+    throw new Error('Socket API base URL is not configured.');
   }
   return await fetch(`${baseUrl}${baseUrl.endsWith('/') ? '' : '/'}${path}`, {
     method: 'GET',
@@ -1344,9 +1344,12 @@ async function meowWithSubcommands(subcommands, options) {
     //'json',
     'license', 'login', 'logout', 'manifest', constants.NPM, constants.NPX, 'optimize', 'organization', 'package',
     //'patch',
+    // PNPM,
     'raw-npm', 'raw-npx', 'repository', 'scan',
     //'security',
-    'threat-feed', 'uninstall', 'wrapper']);
+    'threat-feed', 'uninstall', 'wrapper'
+    // YARN,
+    ]);
     Object.entries(subcommands).filter(([_name, subcommand]) => !subcommand.hidden).map(([name]) => name).forEach(name => {
       if (commands.has(name)) {
         commands.delete(name);
@@ -1390,6 +1393,11 @@ async function meowWithSubcommands(subcommands, options) {
   }
   lines.push(`  ${getFlagListOutput({
     ...flags$1,
+    // Explicitly document the negated --no-banner variant.
+    noBanner: {
+      ...flags$1['banner'],
+      hidden: false
+    },
     // Explicitly document the negated --no-spinner variant.
     noSpinner: {
       ...flags$1['spinner'],
@@ -1400,7 +1408,7 @@ async function meowWithSubcommands(subcommands, options) {
     padName: HELP_PAD_NAME
   })}`);
   if (isRootCommand) {
-    lines.push('', 'Environment variables', '  SOCKET_CLI_API_TOKEN        Set the Socket API token', '  SOCKET_CLI_CONFIG           A JSON stringified Socket configuration object', '  SOCKET_CLI_GITHUB_API_URL   Change the base URL for GitHub REST API calls', '  SOCKET_CLI_GIT_USER_EMAIL   The git config `user.email` used by Socket CLI', `                              ${vendor.yoctocolorsCjsExports.italic('Defaults:')} github-actions[bot]@users.noreply.github.com`, '  SOCKET_CLI_GIT_USER_NAME    The git config `user.name` used by Socket CLI', `                              ${vendor.yoctocolorsCjsExports.italic('Defaults:')} github-actions[bot]`, `  SOCKET_CLI_GITHUB_TOKEN     A classic or fine-grained ${vendor.terminalLinkExports('GitHub personal access token', 'https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens')}`, `                              ${vendor.yoctocolorsCjsExports.italic('Aliases:')} GITHUB_TOKEN`, '  SOCKET_CLI_NO_API_TOKEN     Make the default API token `undefined`', '  SOCKET_CLI_NPM_PATH         The absolute location of the npm directory', '  SOCKET_CLI_ORG_SLUG         Specify the Socket organization slug', '', '  SOCKET_CLI_ACCEPT_RISKS     Accept risks of a Socket wrapped npm/npx run', '  SOCKET_CLI_VIEW_ALL_RISKS   View all risks of a Socket wrapped npm/npx run', '', 'Environment variables for development', '  SOCKET_CLI_API_BASE_URL     Change the base URL for Socket API calls', `                              ${vendor.yoctocolorsCjsExports.italic('Defaults:')} The "apiBaseUrl" value of socket/settings local app data`, '                              if present, else https://api.socket.dev/v0/', '  SOCKET_CLI_API_PROXY        Set the proxy Socket API requests are routed through, e.g. if set to', `                              ${vendor.terminalLinkExports('http://127.0.0.1:9090', 'https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries')} then all request are passed through that proxy`, `                              ${vendor.yoctocolorsCjsExports.italic('Aliases:')} HTTPS_PROXY, https_proxy, HTTP_PROXY, and http_proxy`, '  SOCKET_CLI_API_TIMEOUT      Set the timeout in milliseconds for Socket API requests', '  SOCKET_CLI_DEBUG            Enable debug logging in Socket CLI', `  DEBUG                       Enable debug logging based on the ${vendor.terminalLinkExports('debug', 'https://socket.dev/npm/package/debug')} package`);
+    lines.push('', 'Environment variables', '  SOCKET_CLI_API_TOKEN        Set the Socket API token', '  SOCKET_CLI_CONFIG           A JSON stringified Socket configuration object', '  SOCKET_CLI_GITHUB_API_URL   Change the base URL for GitHub REST API calls', '  SOCKET_CLI_GIT_USER_EMAIL   The git config `user.email` used by Socket CLI', `                              ${vendor.yoctocolorsCjsExports.italic('Defaults:')} github-actions[bot]@users.noreply.github.com`, '  SOCKET_CLI_GIT_USER_NAME    The git config `user.name` used by Socket CLI', `                              ${vendor.yoctocolorsCjsExports.italic('Defaults:')} github-actions[bot]`, `  SOCKET_CLI_GITHUB_TOKEN     A classic or fine-grained ${vendor.terminalLinkExports('GitHub personal access token', 'https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens')}`, `                              ${vendor.yoctocolorsCjsExports.italic('Aliases:')} GITHUB_TOKEN`, '  SOCKET_CLI_NO_API_TOKEN     Make the default API token `undefined`', '  SOCKET_CLI_NPM_PATH         The absolute location of the npm directory', '  SOCKET_CLI_ORG_SLUG         Specify the Socket organization slug', '', '  SOCKET_CLI_ACCEPT_RISKS     Accept risks of a Socket wrapped npm/npx run', '  SOCKET_CLI_VIEW_ALL_RISKS   View all risks of a Socket wrapped npm/npx run', '', 'Environment variables for development', '  SOCKET_CLI_API_BASE_URL     Change the base URL for Socket API calls', `                              ${vendor.yoctocolorsCjsExports.italic('Defaults:')} The "apiBaseUrl" value of socket/settings local app data`, `                              if present, else ${constants.API_V0_URL}`, '  SOCKET_CLI_API_PROXY        Set the proxy Socket API requests are routed through, e.g. if set to', `                              ${vendor.terminalLinkExports('http://127.0.0.1:9090', 'https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries')} then all request are passed through that proxy`, `                              ${vendor.yoctocolorsCjsExports.italic('Aliases:')} HTTPS_PROXY, https_proxy, HTTP_PROXY, and http_proxy`, '  SOCKET_CLI_API_TIMEOUT      Set the timeout in milliseconds for Socket API requests', '  SOCKET_CLI_DEBUG            Enable debug logging in Socket CLI', `  DEBUG                       Enable debug logging based on the ${vendor.terminalLinkExports('debug', `${constants.SOCKET_WEBSITE_URL}/npm/package/debug`)} package`);
   }
 
   // Parse it again. Config overrides should now be applied (may affect help).
@@ -1465,10 +1473,10 @@ function meowOrExit({
     importMeta
   });
   const {
-    help,
+    help: helpFlag,
     org: orgFlag,
     spinner: spinnerFlag,
-    version
+    version: versionFlag
   } = cli.flags;
   const noSpinner = spinnerFlag === false;
 
@@ -1501,12 +1509,12 @@ function meowOrExit({
   //   })
   // }
 
-  if (help) {
+  if (helpFlag) {
     cli.showHelp(0);
   }
 
   // Meow doesn't detect 'version' as an unknown flag, so we do the leg work here.
-  if (version && !require$$11.hasOwn(config.flags, 'version')) {
+  if (versionFlag && !require$$11.hasOwn(config.flags, 'version')) {
     // Use `console.error` here instead of `logger.error` to match Meow behavior.
     console.error('Unknown flag\n--version');
     // eslint-disable-next-line n/no-process-exit
@@ -2555,7 +2563,7 @@ async function getPackageFilesForScan(inputPaths, supportedFiles, options) {
   return filterBySupportedScanFiles(filepaths, supportedFiles);
 }
 
-function exitWithBinPathError(binName) {
+function exitWithBinPathError$2(binName) {
   logger.logger.fail(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable`);
   // The exit code 127 indicates that the command or binary being executed
   // could not be found.
@@ -2567,7 +2575,7 @@ function getNpmBinPath() {
   if (_npmBinPath === undefined) {
     _npmBinPath = getNpmBinPathDetails().path;
     if (!_npmBinPath) {
-      exitWithBinPathError(constants.NPM);
+      exitWithBinPathError$2(constants.NPM);
     }
   }
   return _npmBinPath;
@@ -2617,7 +2625,7 @@ function getNpxBinPath() {
   if (_npxBinPath === undefined) {
     _npxBinPath = getNpxBinPathDetails().path;
     if (!_npxBinPath) {
-      exitWithBinPathError('npx');
+      exitWithBinPathError$2('npx');
     }
   }
   return _npxBinPath;
@@ -2858,7 +2866,8 @@ async function spawnCoana(args, orgSlug, options, extra) {
     };
   } catch (e) {
     const stderr = e?.stderr;
-    const message = stderr ? stderr : e?.message;
+    const cause = e?.message || constants.UNKNOWN_ERROR;
+    const message = stderr ? stderr : cause;
     return {
       ok: false,
       data: e,
@@ -2883,30 +2892,45 @@ function readOrDefaultSocketJson(cwd) {
   // This should be unreachable but it makes TS happy.
   getDefaultSocketJson();
 }
+async function findSocketJsonUp(cwd) {
+  return await findUp(constants.SOCKET_JSON, {
+    onlyFiles: true,
+    cwd
+  });
+}
+async function readOrDefaultSocketJsonUp(cwd) {
+  const socketJsonPath = await findSocketJsonUp(cwd);
+  if (socketJsonPath) {
+    const socketJsonDir = path.dirname(socketJsonPath);
+    const jsonCResult = readSocketJsonSync(socketJsonDir, true);
+    return jsonCResult.ok ? jsonCResult.data : getDefaultSocketJson();
+  }
+  return getDefaultSocketJson();
+}
 function getDefaultSocketJson() {
   return {
-    ' _____         _       _     ': 'Local config file for Socket CLI tool ( https://npmjs.org/socket ), to work with https://socket.dev',
+    ' _____         _       _     ': `Local config file for Socket CLI tool ( ${constants.SOCKET_WEBSITE_URL}/npm/package/${constants.SOCKET_JSON.replace('.json', '')} ), to work with ${constants.SOCKET_WEBSITE_URL}`,
     '|   __|___ ___| |_ ___| |_   ': '     The config in this file is used to set as defaults for flags or command args when using the CLI',
     "|__   | . |  _| '_| -_|  _|  ": '     in this dir, often a repo root. You can choose commit or .ignore this file, both works.',
-    '|_____|___|___|_,_|___|_|.dev': 'Warning: This file may be overwritten without warning by `socket manifest setup` or other commands',
+    '|_____|___|___|_,_|___|_|.dev': `Warning: This file may be overwritten without warning by \`${constants.SOCKET_JSON.replace('.json', '')} manifest setup\` or other commands`,
     version: 1
   };
 }
 function readSocketJsonSync(cwd, defaultOnError = false) {
-  const sockJsonPath = path.join(cwd, 'socket.json');
+  const sockJsonPath = path.join(cwd, constants.SOCKET_JSON);
   if (!fs$1.existsSync(sockJsonPath)) {
-    require$$9.debugFn('notice', `miss: socket.json not found at ${cwd}`);
+    require$$9.debugFn('notice', `miss: ${constants.SOCKET_JSON} not found at ${cwd}`);
     return {
       ok: true,
       data: getDefaultSocketJson()
     };
   }
-  let json = null;
+  let jsonContent = null;
   try {
-    json = fs$1.readFileSync(sockJsonPath, 'utf8');
+    jsonContent = fs$1.readFileSync(sockJsonPath, 'utf8');
   } catch (e) {
     if (defaultOnError) {
-      logger.logger.warn('Failed to read socket.json, using default');
+      logger.logger.warn(`Failed to read ${constants.SOCKET_JSON}, using default`);
       require$$9.debugDir('inspect', {
         error: e
       });
@@ -2915,27 +2939,29 @@ function readSocketJsonSync(cwd, defaultOnError = false) {
         data: getDefaultSocketJson()
       };
     }
-    const msg = e?.message;
+    const cause = e?.message;
     require$$9.debugDir('inspect', {
       error: e
     });
     return {
       ok: false,
-      message: 'Failed to read socket.json',
-      cause: `An error occurred while trying to read socket.json${msg ? `: ${msg}` : ''}`
+      message: `Failed to read ${constants.SOCKET_JSON}`,
+      cause: `An error occurred while trying to read ${constants.SOCKET_JSON}${cause ? `: ${cause}` : ''}`
     };
   }
-  let obj;
+  let jsonObj;
   try {
-    obj = JSON.parse(json);
+    jsonObj = JSON.parse(jsonContent);
   } catch (e) {
     require$$9.debugFn('error', 'caught: JSON.parse error');
     require$$9.debugDir('inspect', {
-      error: e,
-      json
+      jsonContent
+    });
+    require$$9.debugDir('inspect', {
+      error: e
     });
     if (defaultOnError) {
-      logger.logger.warn('Failed to parse socket.json, using default');
+      logger.logger.warn(`Failed to parse ${constants.SOCKET_JSON}, using default`);
       return {
         ok: true,
         data: getDefaultSocketJson()
@@ -2943,11 +2969,11 @@ function readSocketJsonSync(cwd, defaultOnError = false) {
     }
     return {
       ok: false,
-      message: 'Failed to parse socket.json',
-      cause: 'socket.json does not contain valid JSON, please verify'
+      message: `Failed to parse ${constants.SOCKET_JSON}`,
+      cause: `${constants.SOCKET_JSON} does not contain valid JSON, please verify`
     };
   }
-  if (!obj) {
+  if (!jsonObj) {
     logger.logger.warn('Warning: file contents was empty, using default');
     return {
       ok: true,
@@ -2955,17 +2981,17 @@ function readSocketJsonSync(cwd, defaultOnError = false) {
     };
   }
 
-  // Do we really care to validate? All properties are optional so code will have
-  // to check every step of the way regardless. Who cares about validation here...?
+  // TODO: Do we need to validate? All properties are optional so code will have
+  // to check every step of the way regardless.
   return {
     ok: true,
-    data: obj
+    data: jsonObj
   };
 }
 async function writeSocketJson(cwd, sockJson) {
-  let json = '';
+  let jsonContent = '';
   try {
-    json = JSON.stringify(sockJson, null, 2);
+    jsonContent = JSON.stringify(sockJson, null, 2);
   } catch (e) {
     require$$9.debugFn('error', 'caught: JSON.stringify error');
     require$$9.debugDir('inspect', {
@@ -2975,11 +3001,11 @@ async function writeSocketJson(cwd, sockJson) {
     return {
       ok: false,
       message: 'Failed to serialize to JSON',
-      cause: 'There was an unexpected problem converting the socket json object to a JSON string. Unable to store it.'
+      cause: `There was an unexpected problem converting the ${constants.SOCKET_JSON} object to a JSON string. Unable to store it.`
     };
   }
-  const filepath = path.join(cwd, 'socket.json');
-  await fs$1.promises.writeFile(filepath, json + '\n', 'utf8');
+  const filepath = path.join(cwd, constants.SOCKET_JSON);
+  await fs$1.promises.writeFile(filepath, `${jsonContent}\n`, 'utf8');
   return {
     ok: true,
     data: undefined
@@ -3065,7 +3091,11 @@ async function fetchGhsaDetails(ids) {
       }
     }
   } catch (e) {
-    require$$9.debugFn('error', `Failed to fetch GHSA details: ${e?.message || constants.UNKNOWN_ERROR}`);
+    const cause = e?.message;
+    require$$9.debugFn('error', `Failed to fetch GHSA details${cause ? `: ${cause}` : ''}`);
+    require$$9.debugDir('inspect', {
+      error: e
+    });
   }
   return results;
 }
@@ -3364,6 +3394,58 @@ function captureExceptionSync(exception, hint) {
   return Sentry.captureException(exception, hint);
 }
 
+function exitWithBinPathError$1(binName) {
+  logger.logger.fail(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable`);
+  // The exit code 127 indicates that the command or binary being executed
+  // could not be found.
+  // eslint-disable-next-line n/no-process-exit
+  process.exit(127);
+}
+let _yarnBinPath;
+function getYarnBinPath() {
+  if (_yarnBinPath === undefined) {
+    _yarnBinPath = getYarnBinPathDetails().path;
+    if (!_yarnBinPath) {
+      exitWithBinPathError$1(constants.default.YARN);
+    }
+  }
+  return _yarnBinPath;
+}
+let _yarnBinPathDetails;
+function getYarnBinPathDetails() {
+  if (_yarnBinPathDetails === undefined) {
+    _yarnBinPathDetails = findBinPathDetailsSync(constants.default.YARN);
+  }
+  return _yarnBinPathDetails;
+}
+function isYarnBinPathShadowed() {
+  return getYarnBinPathDetails().shadowed;
+}
+
+let _isYarnBerry;
+function isYarnBerry() {
+  if (_isYarnBerry === undefined) {
+    try {
+      const yarnBinPath = getYarnBinPath();
+      const result = spawn.spawnSync(yarnBinPath, ['--version'], {
+        encoding: 'utf8',
+        shell: constants.default.WIN32
+      });
+      if (result.status === 0 && result.stdout) {
+        const version = result.stdout;
+        // Yarn Berry starts from version 2.x
+        const majorVersion = parseInt(version.split('.')[0], 10);
+        _isYarnBerry = majorVersion >= 2;
+      } else {
+        _isYarnBerry = false;
+      }
+    } catch {
+      _isYarnBerry = false;
+    }
+  }
+  return _isYarnBerry;
+}
+
 function npa(...args) {
   try {
     return Reflect.apply(vendor.npaExports, undefined, args);
@@ -3532,10 +3614,10 @@ const LOCKS = {
   // will be ignored.
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#package-lockjson-vs-npm-shrinkwrapjson
   'npm-shrinkwrap.json': NPM,
-  'package-lock.json': NPM,
-  'pnpm-lock.yaml': PNPM,
-  'pnpm-lock.yml': PNPM,
-  [`yarn${EXT_LOCK}`]: YARN_CLASSIC,
+  [constants.PACKAGE_LOCK_JSON]: NPM,
+  [constants.PNPM_LOCK_YAML]: PNPM,
+  ['pnpm-lock.yml']: PNPM,
+  [constants.YARN_LOCK]: YARN_CLASSIC,
   'vlt-lock.json': VLT,
   // Lastly, look for a hidden lock file which is present if .npmrc has package-lock=false:
   // https://docs.npmjs.com/cli/v10/configuring-npm/package-lock-json#hidden-lockfiles
@@ -3807,6 +3889,105 @@ function getEcosystemChoicesForMeow() {
   return [...ALL_ECOSYSTEMS];
 }
 
+function exitWithBinPathError(binName) {
+  logger.logger.fail(`Socket unable to locate ${binName}; ensure it is available in the PATH environment variable`);
+  // The exit code 127 indicates that the command or binary being executed
+  // could not be found.
+  // eslint-disable-next-line n/no-process-exit
+  process.exit(127);
+}
+let _pnpmBinPath;
+function getPnpmBinPath() {
+  if (_pnpmBinPath === undefined) {
+    _pnpmBinPath = getPnpmBinPathDetails().path;
+    if (!_pnpmBinPath) {
+      exitWithBinPathError('pnpm');
+    }
+  }
+  return _pnpmBinPath;
+}
+let _pnpmBinPathDetails;
+function getPnpmBinPathDetails() {
+  if (_pnpmBinPathDetails === undefined) {
+    _pnpmBinPathDetails = findBinPathDetailsSync('pnpm');
+  }
+  return _pnpmBinPathDetails;
+}
+function isPnpmBinPathShadowed() {
+  return getPnpmBinPathDetails().shadowed;
+}
+
+function toFilterConfig(obj) {
+  const normalized = {
+    __proto__: null
+  };
+  const keys = require$$11.isObject(obj) ? Object.keys(obj) : [];
+  for (const key of keys) {
+    const value = obj[key];
+    if (typeof value === 'boolean' || Array.isArray(value)) {
+      normalized[key] = value;
+    }
+  }
+  return normalized;
+}
+
+function idToNpmPurl(id) {
+  return `pkg:${constants.NPM}/${id}`;
+}
+
+async function extractPurlsFromPnpmLockfile(lockfile) {
+  const packages = lockfile?.packages ?? {};
+  const seen = new Set();
+  const visit = pkgPath => {
+    if (seen.has(pkgPath)) {
+      return;
+    }
+    const pkg = packages[pkgPath];
+    if (!pkg) {
+      return;
+    }
+    seen.add(pkgPath);
+    const deps = {
+      __proto__: null,
+      ...pkg.dependencies,
+      ...pkg.optionalDependencies,
+      ...pkg.devDependencies
+    };
+    for (const depName in deps) {
+      const ref = deps[depName];
+      const subKey = isPnpmDepPath(ref) ? ref : `/${depName}@${ref}`;
+      visit(subKey);
+    }
+  };
+  for (const pkgPath of Object.keys(packages)) {
+    visit(pkgPath);
+  }
+  return Array.from(seen).map(p => idToNpmPurl(stripPnpmPeerSuffix(stripLeadingPnpmDepPathSlash(p))));
+}
+function isPnpmDepPath(maybeDepPath) {
+  return maybeDepPath.length > 0 && maybeDepPath.charCodeAt(0) === 47; /*'/'*/
+}
+function parsePnpmLockfile(lockfileContent) {
+  let result;
+  if (typeof lockfileContent === 'string') {
+    try {
+      result = vendor.jsYaml.load(strings.stripBom(lockfileContent));
+    } catch {}
+  }
+  return require$$11.isObjectObject(result) ? result : null;
+}
+async function readPnpmLockfile(lockfilePath) {
+  return fs$1.existsSync(lockfilePath) ? await fs.readFileUtf8(lockfilePath) : undefined;
+}
+function stripLeadingPnpmDepPathSlash(depPath) {
+  return isPnpmDepPath(depPath) ? depPath.slice(1) : depPath;
+}
+function stripPnpmPeerSuffix(depPath) {
+  const parenIndex = depPath.indexOf('(');
+  const index = parenIndex === -1 ? depPath.indexOf('_') : parenIndex;
+  return index === -1 ? depPath : depPath.slice(0, index);
+}
+
 function isArtifactAlertCve(alert) {
   const {
     type
@@ -3870,20 +4051,6 @@ class ColorOrMarkdown {
   }
 }
 
-function toFilterConfig(obj) {
-  const normalized = {
-    __proto__: null
-  };
-  const keys = require$$11.isObject(obj) ? Object.keys(obj) : [];
-  for (const key of keys) {
-    const value = obj[key];
-    if (typeof value === 'boolean' || Array.isArray(value)) {
-      normalized[key] = value;
-    }
-  }
-  return normalized;
-}
-
 const require$1 = require$$5.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('utils.js', document.baseURI).href)));
 let _translations;
 function getTranslations() {
@@ -4237,10 +4404,13 @@ function logAlertsMap(alertsMap, options) {
   output.write('\n');
 }
 
-function idToNpmPurl(id) {
-  return `pkg:${constants.NPM}/${id}`;
+async function getAlertsMapFromPnpmLockfile(lockfile, options) {
+  const purls = await extractPurlsFromPnpmLockfile(lockfile);
+  return await getAlertsMapFromPurls(purls, {
+    overrides: lockfile.overrides,
+    ...options
+  });
 }
-
 async function getAlertsMapFromPurls(purls, options) {
   const uniqPurls = arrays.arrayUnique(purls);
   require$$9.debugDir('silly', {
@@ -4274,11 +4444,11 @@ async function getAlertsMapFromPurls(purls, options) {
   });
   if (!sockSdkCResult.ok) {
     spinner?.stop();
-    throw new Error('Auth error: Run `socket login` first');
+    throw new Error('Auth error: Run `socket login` first.');
   }
   const sockSdk = sockSdkCResult.data;
   const socketYmlResult = findSocketYmlSync();
-  const socketYml = socketYmlResult.ok ? socketYmlResult.data.parsed : undefined;
+  const socketYml = socketYmlResult.ok && socketYmlResult.data ? socketYmlResult.data.parsed : undefined;
   const alertsMapOptions = {
     consolidate: opts.consolidate,
     filter: opts.filter,
@@ -4357,6 +4527,7 @@ exports.fetchGhsaDetails = fetchGhsaDetails;
 exports.fetchOrganization = fetchOrganization;
 exports.filterFlags = filterFlags;
 exports.findUp = findUp;
+exports.getAlertsMapFromPnpmLockfile = getAlertsMapFromPnpmLockfile;
 exports.getAlertsMapFromPurls = getAlertsMapFromPurls;
 exports.getBaseBranch = getBaseBranch;
 exports.getBashrcDetails = getBashrcDetails;
@@ -4376,6 +4547,7 @@ exports.getOctokitGraphql = getOctokitGraphql;
 exports.getOrgSlugs = getOrgSlugs;
 exports.getOutputKind = getOutputKind;
 exports.getPackageFilesForScan = getPackageFilesForScan;
+exports.getPnpmBinPath = getPnpmBinPath;
 exports.getPublicApiToken = getPublicApiToken;
 exports.getPurlObject = getPurlObject;
 exports.getRepoInfo = getRepoInfo;
@@ -4384,6 +4556,7 @@ exports.getSocketDevPackageOverviewUrlFromPurl = getSocketDevPackageOverviewUrlF
 exports.getSupportedConfigEntries = getSupportedConfigEntries;
 exports.getSupportedConfigKeys = getSupportedConfigKeys;
 exports.getVisibleTokenPrefix = getVisibleTokenPrefix;
+exports.getYarnBinPath = getYarnBinPath;
 exports.gitBranch = gitBranch;
 exports.gitCheckoutBranch = gitCheckoutBranch;
 exports.gitCommit = gitCommit;
@@ -4402,10 +4575,13 @@ exports.idToNpmPurl = idToNpmPurl;
 exports.isHelpFlag = isHelpFlag;
 exports.isNpmBinPathShadowed = isNpmBinPathShadowed;
 exports.isNpxBinPathShadowed = isNpxBinPathShadowed;
+exports.isPnpmBinPathShadowed = isPnpmBinPathShadowed;
 exports.isReadOnlyConfig = isReadOnlyConfig;
 exports.isReportSupportedFile = isReportSupportedFile;
 exports.isSensitiveConfigKey = isSensitiveConfigKey;
 exports.isSupportedConfigKey = isSupportedConfigKey;
+exports.isYarnBerry = isYarnBerry;
+exports.isYarnBinPathShadowed = isYarnBinPathShadowed;
 exports.logAlertsMap = logAlertsMap;
 exports.mapToObject = mapToObject;
 exports.mdTable = mdTable;
@@ -4416,9 +4592,12 @@ exports.meowWithSubcommands = meowWithSubcommands;
 exports.msAtHome = msAtHome;
 exports.normalizePurl = normalizePurl;
 exports.npa = npa;
+exports.parsePnpmLockfile = parsePnpmLockfile;
 exports.queryApiSafeJson = queryApiSafeJson;
 exports.queryApiSafeText = queryApiSafeText;
 exports.readOrDefaultSocketJson = readOrDefaultSocketJson;
+exports.readOrDefaultSocketJsonUp = readOrDefaultSocketJsonUp;
+exports.readPnpmLockfile = readPnpmLockfile;
 exports.readSocketJsonSync = readSocketJsonSync;
 exports.runAgentInstall = runAgentInstall;
 exports.sendApiRequest = sendApiRequest;
@@ -4432,5 +4611,5 @@ exports.toFilterConfig = toFilterConfig;
 exports.updateConfigValue = updateConfigValue;
 exports.walkNestedMap = walkNestedMap;
 exports.writeSocketJson = writeSocketJson;
-//# debugId=5923006d-eb5f-4f79-acbc-223ba7f465ba
+//# debugId=1da7b4a0-f584-4be9-bf6b-9269a66c830
 //# sourceMappingURL=utils.js.map