socket 1.1.12 → 1.1.14

package/CHANGELOG.md

@@ -4,15 +4,26 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.14](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.14) - 2025-09-17
+
+### Changed
+- Enhanced 3rd-party on-demand download and execution
+
+## [1.1.13](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.13) - 2025-09-16
+
+### Added
+- New `--output-file` flag for `socket fix` to save computed fixes to a JSON file
+- New `--only-compute` flag for `socket fix` to compute fixes without applying them
+
 ## [1.1.12](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.12) - 2025-09-15
 
 ### Fixed
-- Resolved runtime error when processing security alerts
+- Enhanced security alert processing for more reliable operations
 
 ## [1.1.11](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.11) - 2025-09-12
 
 ### Fixed
-- Updated Socket SDK to resolve issues with multipart uploads
+- Improved multipart upload reliability with Socket SDK update
 
 ## [1.1.10](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.10) - 2025-09-11
 
@@ -30,7 +41,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 ## [1.1.8](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.8) - 2025-09-11
 
 ### Changed
-- Made insufficient permissions errors more helpful
+- Clearer permission error messages to help resolve access issues
 
 ## [1.1.7](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.7) - 2025-09-11
 
@@ -38,18 +49,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - Control spinner display with new `--no-spinner` flag
 
 ### Fixed
-- Configurable proxy handling for requests
+- Enhanced proxy support for flexible network configurations
 
 ## [1.1.6](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.6) - 2025-09-10
 
 ### Fixed
-- GraphQL cache handling for PR operations
+- Improved pull request operations with better cache management
 
 ## [1.1.5](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.5) - 2025-09-10
 
 ### Fixed
-- Fixed reachability analysis spinner behavior in certain scenarios
-- Improved `--cwd` current working directory override handling
+- Enhanced reachability analysis spinner for consistent feedback
+- Better working directory control with `--cwd` flag improvements
 
 ## [1.1.4](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.4) - 2025-09-09
 
@@ -91,7 +102,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - Reimplemented `--range-style` flag for `socket fix`
 
 ### Fixed
-- Fixed reachability analysis and `socket fix` in CI environments
+- Enhanced CI/CD compatibility for reachability analysis and fixes
 
 ## [1.0.110](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.110) - 2025-09-03
 
@@ -101,112 +112,112 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 ## [1.0.109](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.109) - 2025-09-03
 
 ### Changed
-- Avoid setting `NODE_ENV` when built
+- Improved build environment handling for better compatibility
 
 ## [1.0.108](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.108) - 2025-09-03
 
 ### Changed
-- Made shadow bin runs more silent
+- Cleaner output from wrapped commands for focused results
 
 ## [1.0.107](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.107) - 2025-09-02
 
 ### Fixed
-- Fixed build regression
+- Restored build stability for reliable deployments
 
 ## [1.0.106](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.106) - 2025-09-02
 
 ### Added
-- Added `--reach-skip-cache` flag to disable reachability analysis configuration caching
+- Control reachability analysis caching with new `--reach-skip-cache` flag
 
 ## [1.0.104](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.104) - 2025-08-29
 
 ### Fixed
-- Improved GHSA resolving functionality
+- Enhanced security advisory resolution for accurate vulnerability tracking
 
 ## [1.0.103](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.103) - 2025-08-29
 
 ### Fixed
-- Fixed GHSA resolving issues
+- Improved GitHub Security Advisory processing
 
 ## [1.0.102](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.102) - 2025-08-29
 
 ### Fixed
-- Fixed `cmdFlagValueToArray` function
+- Enhanced command flag processing for better reliability
 
 ## [1.0.100](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.100) - 2025-08-29
 
 ### Added
-- Added more debug information for GHSA details
+- Richer debugging output for security advisory analysis
 
 ## [1.0.96](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.96) - 2025-08-27
 
 ### Changed
-- Improved `--org` flag usage with reachability analysis
+- Streamlined organization selection for reachability analysis
 
 ## [1.0.89](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.89) - 2025-08-15
 
 ### Added
-- Added support for uploading all manifest files when running `socket scan create --reach`
+- Comprehensive manifest scanning with `socket scan create --reach`
 
 ## [1.0.85](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.85) - 2025-08-01
 
 ### Added
-- Added support for `SOCKET_CLI_NPM_PATH` environment variable
+- Flexible npm path configuration via `SOCKET_CLI_NPM_PATH` environment variable
 
 ## [1.0.82](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.82) - 2025-07-30
 
 ### Added
-- Added support for `--max-old-space-size` and `--max-semi-space-size` flags
+- Memory optimization controls with `--max-old-space-size` and `--max-semi-space-size` flags
 
 ## [1.0.80](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.80) - 2025-07-29
 
 ### Changed
-- Add back logging of local files found in `socket scan create`
+- Enhanced file discovery feedback in `socket scan create`
 
 ## [1.0.73](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.73) - 2025-07-14
 
 ### Added
-- Added support for finding `.socket.facts.json` files
+- Automatic detection of `.socket.facts.json` configuration files
 
 ## [1.0.69](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.69) - 2025-07-10
 
 ### Added
-- Added `--no-pr-check` flag to `socket fix`
+- Skip pull request checks with new `--no-pr-check` flag for `socket fix`
 
 ## [1.0.10](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.10) - 2025-06-28
 
 ### Changed
-- Various improvements and optimizations
+- Enhanced performance and reliability across all commands
 
 ## [1.0.9](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.9) - 2025-06-28
 
 ### Changed
-- Bug fixes and performance improvements
+- Improved stability and command execution speed
 
 ## [1.0.8](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.8) - 2025-06-27
 
 ### Changed
-- Internal improvements and optimizations
+- Faster command processing with optimized internals
 
 ## [1.0.7](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.7) - 2025-06-25
 
 ### Changed
-- Code quality improvements
+- Enhanced reliability through improved code quality
 
 ## [1.0.6](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.6) - 2025-06-25
 
 ### Changed
-- Minor bug fixes and improvements
+- Smoother user experience with targeted improvements
 
 ## [1.0.5](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.5) - 2025-06-25
 
 ### Changed
-- Performance optimizations
+- Faster command execution with performance enhancements
 
 ## [1.0.4](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.4) - 2025-06-25
 
 ### Changed
-- Bug fixes and stability improvements
+- More stable operations with targeted fixes
 
 ## [1.0.3](https://github.com/SocketDev/socket-cli/releases/tag/v1.0.3) - 2025-06-25
 

package/dist/cli.js

@@ -19,7 +19,6 @@ var spawn = require('../external/@socketsecurity/registry/lib/spawn');
 var fs$2 = require('../external/@socketsecurity/registry/lib/fs');
 var strings = require('../external/@socketsecurity/registry/lib/strings');
 var path$1 = require('../external/@socketsecurity/registry/lib/path');
-var shadowNpmBin = require('./shadow-npm-bin.js');
 var require$$11 = require('../external/@socketsecurity/registry/lib/objects');
 var registry = require('../external/@socketsecurity/registry');
 var packages = require('../external/@socketsecurity/registry/lib/packages');
@@ -68,7 +67,7 @@ async function fetchRepoAnalyticsData(repo, time, options) {
 
 // Note: Widgets does not seem to actually work as code :'(
 
-const require$8 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
+const require$7 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
 
 // Note: This maps `new Date(date).getMonth()` to English three letters
@@ -147,11 +146,11 @@ ${utils.mdTableStringNumber('Name', 'Counts', data['top_five_alert_types'])}
 `.trim() + '\n';
 }
 function displayAnalyticsScreen(data) {
-  const ScreenWidget = /*@__PURE__*/require$8('../external/blessed/lib/widgets/screen.js');
+  const ScreenWidget = /*@__PURE__*/require$7('../external/blessed/lib/widgets/screen.js');
   const screen = new ScreenWidget({
     ...constants.default.blessedOptions
   });
-  const GridLayout = /*@__PURE__*/require$8('../external/blessed-contrib/lib/layout/grid.js');
+  const GridLayout = /*@__PURE__*/require$7('../external/blessed-contrib/lib/layout/grid.js');
   const grid = new GridLayout({
     rows: 5,
     cols: 4,
@@ -165,7 +164,7 @@ function displayAnalyticsScreen(data) {
   renderLineCharts(grid, screen, 'Total high alerts prevented from the main branch', [2, 2, 1, 2], data['total_high_prevented']);
   renderLineCharts(grid, screen, 'Total medium alerts prevented from the main branch', [3, 0, 1, 2], data['total_medium_prevented']);
   renderLineCharts(grid, screen, 'Total low alerts prevented from the main branch', [3, 2, 1, 2], data['total_low_prevented']);
-  const BarChart = /*@__PURE__*/require$8('../external/blessed-contrib/lib/widget/charts/bar.js');
+  const BarChart = /*@__PURE__*/require$7('../external/blessed-contrib/lib/widget/charts/bar.js');
   const bar = grid.set(4, 0, 1, 2, BarChart, {
     label: 'Top 5 alert types',
     barWidth: 10,
@@ -265,7 +264,7 @@ function formatDate(date) {
   return `${Months[new Date(date).getMonth()]} ${new Date(date).getDate()}`;
 }
 function renderLineCharts(grid, screen, title, coords, data) {
-  const LineChart = /*@__PURE__*/require$8('../external/blessed-contrib/lib/widget/charts/line.js');
+  const LineChart = /*@__PURE__*/require$7('../external/blessed-contrib/lib/widget/charts/line.js');
   const line = grid.set(...coords, LineChart, {
     style: {
       line: 'cyan',
@@ -500,7 +499,7 @@ async function fetchAuditLog(config, options) {
   });
 }
 
-const require$7 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
+const require$6 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 async function outputAuditLog(result, {
   logType,
   orgSlug,
@@ -628,7 +627,7 @@ async function outputWithBlessed(data, orgSlug) {
   const headers = [' Event id', ' Created at', ' Event type', ' User email', ' IP address', ' User agent'];
 
   // Note: this temporarily takes over the terminal (just like `man` does).
-  const ScreenWidget = /*@__PURE__*/require$7('../external/blessed/lib/widgets/screen.js');
+  const ScreenWidget = /*@__PURE__*/require$6('../external/blessed/lib/widgets/screen.js');
   const screen = new ScreenWidget({
     ...constants.default.blessedOptions
   });
@@ -637,7 +636,7 @@ async function outputWithBlessed(data, orgSlug) {
   // node process just to exit it. That's very bad UX.
   // eslint-disable-next-line n/no-process-exit
   screen.key(['escape', 'q', 'C-c'], () => process.exit(0));
-  const TableWidget = /*@__PURE__*/require$7('../external/blessed-contrib/lib/widget/table.js');
+  const TableWidget = /*@__PURE__*/require$6('../external/blessed-contrib/lib/widget/table.js');
   const tipsBoxHeight = 1; // 1 row for tips box
   const detailsBoxHeight = 20; // bottom N rows for details box. 20 gives 4 lines for condensed payload before it scrolls out of view
 
@@ -667,7 +666,7 @@ async function outputWithBlessed(data, orgSlug) {
     columnSpacing: 4,
     truncate: '_'
   });
-  const BoxWidget = /*@__PURE__*/require$7('../external/blessed/lib/widgets/box.js');
+  const BoxWidget = /*@__PURE__*/require$6('../external/blessed/lib/widgets/box.js');
   const tipsBox = new BoxWidget({
     bottom: detailsBoxHeight,
     // sits just above the details box
@@ -1636,7 +1635,7 @@ async function performReachabilityAnalysis(options) {
   }
 
   // Run Coana with the manifests tar hash.
-  const coanaResult = await utils.spawnCoana(coanaArgs, orgSlug, {
+  const coanaResult = await utils.spawnCoanaDlx(coanaArgs, orgSlug, {
     cwd,
     env: coanaEnv,
     spinner,
@@ -3441,8 +3440,11 @@ async function coanaFix(fixConfig) {
     autopilot,
     cwd,
     ghsas,
+    glob,
     limit,
+    onlyCompute,
     orgSlug,
+    outputFile,
     spinner
   } = fixConfig;
   const fixEnv = await getFixEnv();
@@ -3494,7 +3496,7 @@ async function coanaFix(fixConfig) {
         }
       };
     }
-    const fixCResult = await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ...(isAll ? ['all'] : ghsas), ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...(onlyCompute ? ['--dry-run'] : []), ...(outputFile ? ['--output-file', outputFile] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner,
       stdio: 'inherit'
@@ -3531,7 +3533,7 @@ async function coanaFix(fixConfig) {
   const shouldSpawnCoana = adjustedLimit > 0;
   let ids;
   if (shouldSpawnCoana && isAll) {
-    const foundCResult = await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const foundCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner
     });
@@ -3573,7 +3575,7 @@ async function coanaFix(fixConfig) {
 
     // Apply fix for single GHSA ID.
     // eslint-disable-next-line no-await-in-loop
-    const fixCResult = await utils.spawnCoana(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
+    const fixCResult = await utils.spawnCoanaDlx(['compute-fixes-and-upgrade-purls', cwd, '--manifests-tar-hash', tarHash, '--apply-fixes-to', ghsaId, ...(fixConfig.rangeStyle ? ['--range-style', fixConfig.rangeStyle] : []), ...(glob ? ['--glob', glob] : []), ...fixConfig.unknownFlags], fixConfig.orgSlug, {
       cwd,
       spinner,
       stdio: 'inherit'
@@ -3767,9 +3769,12 @@ async function handleFix({
   autopilot,
   cwd,
   ghsas,
+  glob,
   limit,
   minSatisfying,
+  onlyCompute,
   orgSlug,
+  outputFile,
   outputKind,
   prCheck,
   rangeStyle,
@@ -3781,11 +3786,14 @@ async function handleFix({
     cwd,
     // Convert mixed CVE/GHSA/PURL inputs to GHSA IDs only
     ghsas: await convertIdsToGhsas(ghsas),
+    glob,
     limit,
     orgSlug,
     rangeStyle,
     spinner,
-    unknownFlags
+    unknownFlags,
+    onlyCompute,
+    outputFile
   }), outputKind);
 }
 
@@ -3828,6 +3836,16 @@ Available styles:
   * pin - Use the exact version (e.g. 1.2.3)
   * preserve - Retain the existing version range style as-is
       `.trim()
+  },
+  onlyCompute: {
+    type: 'boolean',
+    default: false,
+    description: 'Compute fixes only, do not apply them. Logs what upgrades would be applied. If combined with --output-file, the output file will contain the upgrades that would be applied.'
+  },
+  outputFile: {
+    type: 'string',
+    default: '',
+    description: 'Path to store upgrades as a JSON file at this path.'
   }
 };
 const hiddenFlags = {
@@ -3839,6 +3857,12 @@ const hiddenFlags = {
     ...generalFlags$2['id'],
     hidden: true
   },
+  glob: {
+    type: 'string',
+    default: '',
+    description: 'Glob pattern to pass to coana for filtering files',
+    hidden: true
+  },
   maxSatisfying: {
     type: 'boolean',
     default: true,
@@ -3903,7 +3927,7 @@ async function run$K(argv, importMeta, {
 
     Examples
       $ ${command}
-      $ ${command} ./proj/tree --auto-merge
+      $ ${command} ./path/to/project --range-style pin
     `
   };
   const cli = utils.meowOrExit({
@@ -3915,10 +3939,13 @@ async function run$K(argv, importMeta, {
   });
   const {
     autopilot,
+    glob,
     json,
     limit,
     markdown,
     maxSatisfying,
+    onlyCompute,
+    outputFile,
     prCheck,
     rangeStyle,
     // We patched in this feature with `npx custompatch meow` at
@@ -3948,7 +3975,7 @@ async function run$K(argv, importMeta, {
   const orgSlugCResult = await utils.getDefaultOrgSlug();
   if (!orgSlugCResult.ok) {
     process.exitCode = orgSlugCResult.code ?? 1;
-    logger.logger.fail('Unable to resolve a Socket account organization.\nEnsure a Socket API token is specified for the organization using the SOCKET_CLI_API_TOKEN environment variable.');
+    logger.logger.fail(`${constants.ERROR_UNABLE_RESOLVE_ORG}.\nEnsure a Socket API token is specified for the organization using the SOCKET_CLI_API_TOKEN environment variable.`);
     return;
   }
   const orgSlug = orgSlugCResult.data;
@@ -3964,6 +3991,7 @@ async function run$K(argv, importMeta, {
     autopilot,
     cwd,
     ghsas,
+    glob,
     limit,
     minSatisfying,
     prCheck,
@@ -3971,7 +3999,9 @@ async function run$K(argv, importMeta, {
     outputKind,
     rangeStyle,
     spinner,
-    unknownFlags
+    unknownFlags,
+    onlyCompute,
+    outputFile
   });
 }
 
@@ -4230,15 +4260,15 @@ async function run$I(argv, importMeta, {
 }
 
 function applyLogin(apiToken, enforcedOrgs, apiBaseUrl, apiProxy) {
-  utils.updateConfigValue('enforcedOrgs', enforcedOrgs);
-  utils.updateConfigValue('apiToken', apiToken);
-  utils.updateConfigValue('apiBaseUrl', apiBaseUrl);
-  utils.updateConfigValue('apiProxy', apiProxy);
+  utils.updateConfigValue(constants.CONFIG_KEY_ENFORCED_ORGS, enforcedOrgs);
+  utils.updateConfigValue(constants.CONFIG_KEY_API_TOKEN, apiToken);
+  utils.updateConfigValue(constants.CONFIG_KEY_API_BASE_URL, apiBaseUrl);
+  utils.updateConfigValue(constants.CONFIG_KEY_API_PROXY, apiProxy);
 }
 
 async function attemptLogin(apiBaseUrl, apiProxy) {
-  apiBaseUrl ??= utils.getConfigValueOrUndef('apiBaseUrl') ?? undefined;
-  apiProxy ??= utils.getConfigValueOrUndef('apiProxy') ?? undefined;
+  apiBaseUrl ??= utils.getConfigValueOrUndef(constants.CONFIG_KEY_API_BASE_URL) ?? undefined;
+  apiProxy ??= utils.getConfigValueOrUndef(constants.CONFIG_KEY_API_PROXY) ?? undefined;
   const apiTokenInput = await prompts.password({
     message: `Enter your ${vendor.terminalLinkExports('Socket.dev API token', 'https://docs.socket.dev/docs/api-keys')} (leave blank to use a limited public token)`
   });
@@ -4352,8 +4382,8 @@ async function attemptLogin(apiBaseUrl, apiProxy) {
       logger.logger.fail('Failed to install tab completion script. Try `socket install completion` later.');
     }
   }
-  utils.updateConfigValue('defaultOrg', orgSlugs[0]);
-  const previousPersistedToken = utils.getConfigValueOrUndef('apiToken');
+  utils.updateConfigValue(constants.CONFIG_KEY_DEFAULT_ORG, orgSlugs[0]);
+  const previousPersistedToken = utils.getConfigValueOrUndef(constants.CONFIG_KEY_API_TOKEN);
   try {
     applyLogin(apiToken, enforcedOrgs, apiBaseUrl, apiProxy);
     logger.logger.success(`API credentials ${previousPersistedToken === apiToken ? 'refreshed' : previousPersistedToken ? 'updated' : 'set'}`);
@@ -4434,10 +4464,10 @@ async function run$H(argv, importMeta, {
 }
 
 function applyLogout() {
-  utils.updateConfigValue('apiToken', null);
-  utils.updateConfigValue('apiBaseUrl', null);
-  utils.updateConfigValue('apiProxy', null);
-  utils.updateConfigValue('enforcedOrgs', null);
+  utils.updateConfigValue(constants.CONFIG_KEY_API_TOKEN, null);
+  utils.updateConfigValue(constants.CONFIG_KEY_API_BASE_URL, null);
+  utils.updateConfigValue(constants.CONFIG_KEY_API_PROXY, null);
+  utils.updateConfigValue(constants.CONFIG_KEY_ENFORCED_ORGS, null);
 }
 
 function attemptLogout() {
@@ -4492,11 +4522,9 @@ async function run$G(argv, importMeta, {
   attemptLogout();
 }
 
-const require$6 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 const {
   PACKAGE_LOCK_JSON,
   PNPM_LOCK_YAML,
-  YARN,
   YARN_LOCK
 } = constants.default;
 const nodejsPlatformTypes = new Set(['javascript', 'js', 'nodejs', constants.NPM, constants.PNPM, 'ts', 'tsx', 'typescript']);
@@ -4558,30 +4586,20 @@ async function runCdxgen(argvObj) {
   const yarnLockPath = pnpmLockPath || npmLockPath ? undefined : await utils.findUp(YARN_LOCK, {
     onlyFiles: true
   });
+  const agent = pnpmLockPath ? constants.PNPM : yarnLockPath && utils.isYarnBerry() ? constants.YARN : constants.NPM;
   let cleanupPackageLock = false;
-  if (argvMutable['type'] !== YARN && nodejsPlatformTypes.has(argvMutable['type']) && yarnLockPath) {
+  if (argvMutable['type'] !== constants.YARN && nodejsPlatformTypes.has(argvMutable['type']) && yarnLockPath) {
     if (npmLockPath) {
       argvMutable['type'] = constants.NPM;
     } else {
       // Use synp to create a package-lock.json from the yarn.lock,
       // based on the node_modules folder, for a more accurate SBOM.
       try {
-        const useYarnBerry = utils.isYarnBerry();
-        let args;
-        let synpPromise;
-        if (pnpmLockPath) {
-          args = ['dlx', `synp@${constants.default.ENV.INLINED_SOCKET_CLI_SYNP_VERSION}`, '--source-file', `./${YARN_LOCK}`];
-          const shadowPnpmBin = /*@__PURE__*/require$6(constants.default.shadowPnpmBinPath);
-          synpPromise = (await shadowPnpmBin(args, shadowOpts)).spawnPromise;
-        } else if (useYarnBerry) {
-          args = ['dlx', `synp@${constants.default.ENV.INLINED_SOCKET_CLI_SYNP_VERSION}`, '--source-file', `./${YARN_LOCK}`];
-          const shadowYarnBin = /*@__PURE__*/require$6(constants.default.shadowYarnBinPath);
-          synpPromise = (await shadowYarnBin(args, shadowOpts)).spawnPromise;
-        } else {
-          args = ['exec', '--yes', `synp@${constants.default.ENV.INLINED_SOCKET_CLI_SYNP_VERSION}`, '--source-file', `./${YARN_LOCK}`];
-          synpPromise = (await shadowNpmBin('npm', args, shadowOpts)).spawnPromise;
-        }
-        await synpPromise;
+        const synpResult = await utils.spawnSynpDlx(['--source-file', `./${YARN_LOCK}`], {
+          ...shadowOpts,
+          agent
+        });
+        await synpResult.spawnPromise;
         argvMutable['type'] = constants.NPM;
         cleanupPackageLock = true;
       } catch {}
@@ -4589,16 +4607,10 @@ async function runCdxgen(argvObj) {
   }
 
   // Use appropriate package manager for cdxgen
-  let shadowResult;
-  if (pnpmLockPath) {
-    const shadowPnpmBin = /*@__PURE__*/require$6(constants.default.shadowPnpmBinPath);
-    shadowResult = await shadowPnpmBin(['dlx', '--silent', `@cyclonedx/cdxgen@${constants.default.ENV.INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION}`, ...argvToArray(argvMutable)], shadowOpts);
-  } else if (yarnLockPath && utils.isYarnBerry()) {
-    const shadowYarnBin = /*@__PURE__*/require$6(constants.default.shadowYarnBinPath);
-    shadowResult = await shadowYarnBin(['dlx', '--quiet', `@cyclonedx/cdxgen@${constants.default.ENV.INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION}`, ...argvToArray(argvMutable)], shadowOpts);
-  } else {
-    shadowResult = await shadowNpmBin('npm', ['exec', '--silent', '--yes', `@cyclonedx/cdxgen@${constants.default.ENV.INLINED_SOCKET_CLI_CYCLONEDX_CDXGEN_VERSION}`, '--', ...argvToArray(argvMutable)], shadowOpts);
-  }
+  const shadowResult = await utils.spawnCdxgenDlx(argvToArray(argvMutable), {
+    ...shadowOpts,
+    agent
+  });
   shadowResult.spawnPromise.process.on('exit', () => {
     if (cleanupPackageLock) {
       try {
@@ -6214,7 +6226,7 @@ async function run$x(argv, importMeta, context) {
   const argsToForward = utils.filterFlags(argv, {
     ...flags.commonFlags,
     ...flags.outputFlags
-  }, ['--json']);
+  }, [constants.FLAG_JSON]);
   const {
     spawnPromise
   } = await shadowBin(constants.NPM, argsToForward, {
@@ -7282,7 +7294,7 @@ async function run$u(argv, importMeta, {
 
     Examples
       $ ${command}
-      $ ${command} ./proj/tree --pin
+      $ ${command} ./path/to/project --pin
   `
   };
   const cli = utils.meowOrExit({
@@ -9194,7 +9206,7 @@ async function run$m(argv, importMeta, {
     Examples
       $ ${command}
       $ ${command} --package lodash
-      $ ${command} ./proj/tree --package lodash,react
+      $ ${command} ./path/to/project --package lodash,react
     `
   };
   const cli = utils.meowOrExit({
@@ -14640,5 +14652,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=daab38d0-ec51-45c9-a27a-928a16433b42
+//# debugId=934b325d-4c21-4b37-9c71-c80f38f54d52
 //# sourceMappingURL=cli.js.map