socket 1.1.8 → 1.1.11

package/CHANGELOG.md

@@ -4,7 +4,15 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
-## [1.1.8](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.8) - 2025-09-04
+## [1.1.9](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.9) - 2025-09-11
+
+### Added
+- Enhanced `socket fix --id` to accept CVE IDs and PURLs in addition to GHSA IDs
+
+### Fixed
+- Correct SOCKET_CLI_API_TIMEOUT environment variable lookup
+
+## [1.1.8](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.8) - 2025-09-11
 
 ### Changed
 - Made insufficient permissions errors more helpful

package/README.md

@@ -111,8 +111,8 @@ npm exec socket
 <br/>
 <div align="center">
   <picture>
-    <source media="(prefers-color-scheme: dark)" srcset="logo-white.png">
-    <source media="(prefers-color-scheme: light)" srcset="logo-black.png">
-    <img width="324" height="108" alt="Socket Logo" src="logo-black.png">
+    <source media="(prefers-color-scheme: dark)" srcset="logo-dark.png">
+    <source media="(prefers-color-scheme: light)" srcset="logo-light.png">
+    <img width="324" height="108" alt="Socket Logo" src="logo-light.png">
   </picture>
 </div>

package/dist/cli.js

@@ -7,7 +7,7 @@ var require$$9 = require('../external/@socketsecurity/registry/lib/debug');
 var logger = require('../external/@socketsecurity/registry/lib/logger');
 var utils = require('./utils.js');
 var fs = require('node:fs/promises');
-var Module = require('node:module');
+var require$$5 = require('node:module');
 var constants = require('./constants.js');
 var flags = require('./flags.js');
 var path = require('node:path');
@@ -68,7 +68,7 @@ async function fetchRepoAnalyticsData(repo, time, options) {
 
 // Note: Widgets does not seem to actually work as code :'(
 
-const require$5 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
+const require$5 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 const METRICS = ['total_critical_alerts', 'total_high_alerts', 'total_medium_alerts', 'total_low_alerts', 'total_critical_added', 'total_medium_added', 'total_low_added', 'total_high_added', 'total_critical_prevented', 'total_high_prevented', 'total_medium_prevented', 'total_low_prevented'];
 
 // Note: This maps `new Date(date).getMonth()` to English three letters
@@ -500,7 +500,7 @@ async function fetchAuditLog(config, options) {
   });
 }
 
-const require$4 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
+const require$4 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 async function outputAuditLog(result, {
   logType,
   orgSlug,
@@ -3263,7 +3263,7 @@ async function openSocketFixPr(owner, repo, branch, ghsaIds, options) {
     }
     require$$9.debugFn('error', message);
   }
-  return null;
+  return undefined;
 }
 async function getSocketFixPrs(owner, repo, options) {
   return (await getSocketFixPrsWithContext(owner, repo, options)).map(d => d.match);
@@ -3388,7 +3388,7 @@ function ciRepoInfo() {
   const ownerSlashRepo = GITHUB_REPOSITORY;
   const slashIndex = ownerSlashRepo.indexOf('/');
   if (slashIndex === -1) {
-    return null;
+    return undefined;
   }
   return {
     owner: ownerSlashRepo.slice(0, slashIndex),
@@ -3411,7 +3411,7 @@ async function getFixEnv() {
     const envVars = [...(constants.default.ENV.CI ? [] : ['process.env.CI']), ...(gitEmail ? [] : ['process.env.SOCKET_CLI_GIT_USER_EMAIL']), ...(gitUser ? [] : ['process.env.SOCKET_CLI_GIT_USER_NAME']), ...(githubToken ? [] : ['process.env.GITHUB_TOKEN'])];
     require$$9.debugFn('notice', `miss: fixEnv.isCi is false, expected ${arrays.joinAnd(envVars)} to be set`);
   }
-  let repoInfo = null;
+  let repoInfo;
   if (isCi) {
     repoInfo = ciRepoInfo();
   }
@@ -3710,6 +3710,59 @@ async function outputFixResult(result, outputKind) {
   logger.logger.success('Finished!');
 }
 
+const GHSA_FORMAT_REGEXP = /^GHSA-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}$/;
+const CVE_FORMAT_REGEXP = /^CVE-\d{4}-\d{4,}$/;
+/**
+ * Converts mixed CVE/GHSA/PURL IDs to GHSA IDs only.
+ * Filters out invalid IDs and logs conversion results.
+ */
+async function convertIdsToGhsas(ids) {
+  const validGhsas = [];
+  const errors = [];
+  for (const id of ids) {
+    const trimmedId = id.trim();
+    if (trimmedId.startsWith('GHSA-')) {
+      // Already a GHSA ID, validate format
+      if (GHSA_FORMAT_REGEXP.test(trimmedId)) {
+        validGhsas.push(trimmedId);
+      } else {
+        errors.push(`Invalid GHSA format: ${trimmedId}`);
+      }
+    } else if (trimmedId.startsWith('CVE-')) {
+      // Convert CVE to GHSA
+      if (!CVE_FORMAT_REGEXP.test(trimmedId)) {
+        errors.push(`Invalid CVE format: ${trimmedId}`);
+        continue;
+      }
+
+      // eslint-disable-next-line no-await-in-loop
+      const conversionResult = await utils.convertCveToGhsa(trimmedId);
+      if (conversionResult.ok) {
+        validGhsas.push(conversionResult.data);
+        logger.logger.info(`Converted ${trimmedId} to ${conversionResult.data}`);
+      } else {
+        errors.push(`${trimmedId}: ${conversionResult.message}`);
+      }
+    } else if (trimmedId.startsWith('pkg:')) {
+      // Convert PURL to GHSAs
+      // eslint-disable-next-line no-await-in-loop
+      const conversionResult = await utils.convertPurlToGhsas(trimmedId);
+      if (conversionResult.ok && conversionResult.data.length) {
+        validGhsas.push(...conversionResult.data);
+        logger.logger.info(`Converted ${trimmedId} to ${conversionResult.data.length} GHSA(s): ${conversionResult.data.join(', ')}`);
+      } else {
+        errors.push(`${trimmedId}: ${conversionResult.message || 'No GHSAs found'}`);
+      }
+    } else {
+      // Neither CVE, GHSA, nor PURL, skip
+      errors.push(`Unsupported ID format (expected CVE, GHSA, or PURL): ${trimmedId}`);
+    }
+  }
+  if (errors.length) {
+    logger.logger.warn(`Skipped ${errors.length} invalid IDs:\n${errors.map(e => `  - ${e}`).join('\n')}`);
+  }
+  return validGhsas;
+}
 async function handleFix({
   autopilot,
   cwd,
@@ -3726,7 +3779,8 @@ async function handleFix({
   await outputFixResult(await coanaFix({
     autopilot,
     cwd,
-    ghsas,
+    // Convert mixed CVE/GHSA/PURL inputs to GHSA IDs only
+    ghsas: await convertIdsToGhsas(ghsas),
     limit,
     orgSlug,
     rangeStyle,
@@ -3753,7 +3807,11 @@ const generalFlags$2 = {
   id: {
     type: 'string',
     default: [],
-    description: `Provide a list of ${vendor.terminalLinkExports('GHSA IDs', 'https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids')} to compute fixes for, as either a comma separated value or as multiple flags`,
+    description: `Provide a list of vulnerability identifiers to compute fixes for:
+    - ${vendor.terminalLinkExports('GHSA IDs', 'https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids')} (e.g., GHSA-xxxx-xxxx-xxxx)
+    - ${vendor.terminalLinkExports('CVE IDs', 'https://cve.mitre.org/cve/identifiers/')} (e.g., CVE-${new Date().getFullYear()}-1234) - automatically converted to GHSA
+    - ${vendor.terminalLinkExports('PURLs', 'https://github.com/package-url/purl-spec')} (e.g., pkg:npm/package@1.0.0) - automatically converted to GHSA
+    Can be provided as comma separated values or as multiple flags`,
     isMultiple: true
   },
   limit: {
@@ -3767,14 +3825,8 @@ const generalFlags$2 = {
     description: `
 Define how dependency version ranges are updated in package.json (default 'preserve').
 Available styles:
-  * caret - Use ^ range for compatible updates (e.g. ^1.2.3)
-  * gt - Use > to allow any newer version (e.g. >1.2.3)
-  * gte - Use >= to allow any newer version (e.g. >=1.2.3)
-  * lt - Use < to allow only lower versions (e.g. <1.2.3)
-  * lte - Use <= to allow only lower versions (e.g. <=1.2.3)
   * pin - Use the exact version (e.g. 1.2.3)
   * preserve - Retain the existing version range style as-is
-  * tilde - Use ~ range for patch/minor updates (e.g. ~1.2.3)
       `.trim()
   }
 };
@@ -3875,23 +3927,6 @@ async function run$I(argv, importMeta, {
   } = cli.flags;
   const dryRun = !!cli.flags['dryRun'];
   const minSatisfying = cli.flags['minSatisfying'] || !maxSatisfying;
-  const rawPurls = utils.cmdFlagValueToArray(cli.flags['purl']);
-  const purls = [];
-  for (const purl of rawPurls) {
-    const version = utils.getPurlObject(purl, {
-      throws: false
-    })?.version;
-    if (version) {
-      purls.push(purl);
-    } else {
-      logger.logger.warn(`--purl ${purl} is missing a version and will be ignored.`);
-    }
-  }
-  if (rawPurls.length !== purls.length && !purls.length) {
-    process.exitCode = 1;
-    logger.logger.fail('No valid --purl values provided.');
-    return;
-  }
   const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     test: utils.RangeStyles.includes(rangeStyle),
@@ -3924,7 +3959,7 @@ async function run$I(argv, importMeta, {
   const {
     spinner
   } = constants.default;
-  const ghsas = arrays.arrayUnique([...utils.cmdFlagValueToArray(cli.flags['id']), ...utils.cmdFlagValueToArray(cli.flags['ghsa'])]);
+  const ghsas = arrays.arrayUnique([...utils.cmdFlagValueToArray(cli.flags['id']), ...utils.cmdFlagValueToArray(cli.flags['ghsa']), ...utils.cmdFlagValueToArray(cli.flags['purl'])]);
   await handleFix({
     autopilot,
     cwd,
@@ -4020,7 +4055,7 @@ async function setupTabCompletion(targetName) {
   };
 }
 function getTabCompletionScriptRaw() {
-  const sourceDir = path.dirname(require$$0.fileURLToPath(require('node:url').pathToFileURL(__filename).href));
+  const sourceDir = path.dirname(require$$0.fileURLToPath((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href))));
   const sourcePath = path.join(sourceDir, 'socket-completion.bash');
   if (!fs$1.existsSync(sourcePath)) {
     return {
@@ -4498,7 +4533,6 @@ function argvToArray(argvObj) {
   return result;
 }
 async function runCdxgen(argvObj) {
-  let cleanupPackageLock = false;
   const argvMutable = {
     __proto__: null,
     ...argvObj
@@ -4511,6 +4545,7 @@ async function runCdxgen(argvObj) {
     },
     stdio: 'inherit'
   };
+  let cleanupPackageLock = false;
   if (argvMutable['type'] !== YARN && nodejsPlatformTypes.has(argvMutable['type']) && fs$1.existsSync(`./${YARN_LOCK}`)) {
     if (fs$1.existsSync(`./${PACKAGE_LOCK_JSON}`)) {
       argvMutable['type'] = constants.NPM;
@@ -4752,9 +4787,13 @@ const cmdManifestCdxgen = {
   hidden: config$e.hidden,
   run: run$D
 };
-async function run$D(argv, importMeta, {
-  parentName
-}) {
+async function run$D(argv, importMeta, context) {
+  const {
+    parentName
+  } = {
+    __proto__: null,
+    ...context
+  };
   const cli = utils.meowOrExit({
     // Don't let meow take over --help.
     argv: argv.filter(a => !utils.isHelpFlag(a)),
@@ -4762,11 +4801,17 @@ async function run$D(argv, importMeta, {
     importMeta,
     parentName
   });
-  const dryRun = !!cli.flags['dryRun'];
+  const {
+    dryRun
+  } = cli.flags;
 
-  // TODO: Convert yargs to meow.
+  // Filter Socket flags from argv but keep --no-banner and --help for cdxgen
+  const argsToProcess = utils.filterFlags(argv, {
+    ...flags.commonFlags,
+    ...flags.outputFlags
+  }, ['--no-banner', '--help', '-h']);
   const yargv = {
-    ...vendor.yargsParser(argv, yargsConfig)
+    ...vendor.yargsParser(argsToProcess, yargsConfig)
   };
   const pathArgs = [];
   const unknowns = [];
@@ -6072,7 +6117,7 @@ async function run$w(argv, importMeta, {
   });
 }
 
-const require$3 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
+const require$3 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 const CMD_NAME$p = constants.NPM;
 const description$u = 'Run npm with the Socket wrapper';
 const hidden$o = false;
@@ -6081,9 +6126,13 @@ const cmdNpm = {
   hidden: hidden$o,
   run: run$v
 };
-async function run$v(argv, importMeta, {
-  parentName
-}) {
+async function run$v(argv, importMeta, context) {
+  const {
+    parentName
+  } = {
+    __proto__: null,
+    ...context
+  };
   const config = {
     commandName: CMD_NAME$p,
     description: description$u,
@@ -6121,9 +6170,15 @@ async function run$v(argv, importMeta, {
   }
   const shadowBin = /*@__PURE__*/require$3(constants.default.shadowNpmBinPath);
   process.exitCode = 1;
+
+  // Filter Socket flags from argv but keep --json for npm
+  const argsToForward = utils.filterFlags(argv, {
+    ...flags.commonFlags,
+    ...flags.outputFlags
+  }, ['--json']);
   const {
     spawnPromise
-  } = await shadowBin(constants.NPM, argv, {
+  } = await shadowBin(constants.NPM, argsToForward, {
     stdio: 'inherit'
   });
 
@@ -6139,7 +6194,7 @@ async function run$v(argv, importMeta, {
   await spawnPromise;
 }
 
-const require$2 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
+const require$2 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 const CMD_NAME$o = constants.NPX;
 const description$t = 'Run npx with the Socket wrapper';
 const hidden$n = false;
@@ -8407,12 +8462,12 @@ function getAlertString(alerts, options) {
 
   // We need to create the no-color string regardless because the actual string
   // contains a bunch of invisible ANSI chars which would screw up length checks.
-  const colorless = `- Alerts (${bad.length}/${mid.length.toString()}/${low.length}):`;
+  const colorless = `- Alerts (${bad.length}/${mid.length}/${low.length}):`;
   const padding = `  ${' '.repeat(Math.max(0, 20 - colorless.length))}`;
   if (colorize) {
-    return `- Alerts (${vendor.yoctocolorsCjsExports.red(bad.length.toString())}/${vendor.yoctocolorsCjsExports.yellow(mid.length.toString())}/${low.length}):` + padding + [bad.map(a => vendor.yoctocolorsCjsExports.red(`${vendor.yoctocolorsCjsExports.dim(`[${a.severity}] `)}${a.type}`)).join(', '), mid.map(a => vendor.yoctocolorsCjsExports.yellow(`${vendor.yoctocolorsCjsExports.dim(`[${a.severity}] `)}${a.type}`)).join(', '), low.map(a => `${vendor.yoctocolorsCjsExports.dim(`[${a.severity}] `)}${a.type}`).join(', ')].filter(Boolean).join(', ');
+    return `- Alerts (${vendor.yoctocolorsCjsExports.red(bad.length)}/${vendor.yoctocolorsCjsExports.yellow(mid.length)}/${low.length}):${padding}${arrays.joinAnd([...bad.map(a => vendor.yoctocolorsCjsExports.red(`${vendor.yoctocolorsCjsExports.dim(`[${a.severity}] `)}${a.type}`)), ...mid.map(a => vendor.yoctocolorsCjsExports.yellow(`${vendor.yoctocolorsCjsExports.dim(`[${a.severity}] `)}${a.type}`)), ...low.map(a => `${vendor.yoctocolorsCjsExports.dim(`[${a.severity}] `)}${a.type}`)])}`;
   }
-  return colorless + padding + [bad.map(a => `[${a.severity}] ${a.type}`).join(', '), mid.map(a => `[${a.severity}] ${a.type}`).join(', '), low.map(a => `[${a.severity}] ${a.type}`).join(', ')].filter(Boolean).join(', ');
+  return `${colorless}${padding}${arrays.joinAnd([...bad.map(a => `[${a.severity}] ${a.type}`), ...mid.map(a => `[${a.severity}] ${a.type}`), ...low.map(a => `[${a.severity}] ${a.type}`)])}`;
 }
 function preProcess(artifacts, requestedPurls) {
   // Dedupe results (for example, pypi will emit one package for each system release (win/mac/cpu) even if it's
@@ -8845,14 +8900,26 @@ async function applyNpmPatches(socketDir, patches, options) {
   }
   return result;
 }
+
+/**
+ * Compute SHA256 hash of file contents.
+ */
 async function computeSHA256(filepath) {
   try {
     const content = await fs$1.promises.readFile(filepath);
     const hash = require$$0$1.createHash('sha256');
     hash.update(content);
-    return hash.digest('hex');
-  } catch {}
-  return null;
+    return {
+      ok: true,
+      data: hash.digest('hex')
+    };
+  } catch (e) {
+    return {
+      ok: false,
+      message: 'Failed to compute file hash',
+      cause: `Unable to read file ${filepath}: ${e instanceof Error ? e.message : 'Unknown error'}`
+    };
+  }
 }
 async function findNodeModulesPaths(cwd) {
   const rootNmPath = await utils.findUp(constants.NODE_MODULES, {
@@ -8888,29 +8955,29 @@ async function processFilePatch(pkgPath, fileName, fileInfo, socketDir, options)
     }
     return false;
   }
-  const currentHash = await computeSHA256(filepath);
-  if (!currentHash) {
-    logger.logger.log(`Failed to compute hash for: ${fileName}`);
+  const currentHashResult = await computeSHA256(filepath);
+  if (!currentHashResult.ok) {
+    logger.logger.log(`Failed to compute hash for: ${fileName}: ${currentHashResult.cause || currentHashResult.message}`);
     if (wasSpinning) {
       spinner?.start();
     }
     return false;
   }
-  if (currentHash === fileInfo.afterHash) {
+  if (currentHashResult.data === fileInfo.afterHash) {
     logger.logger.success(`File already patched: ${fileName}`);
     logger.logger.group();
-    logger.logger.log(`Current hash: ${currentHash}`);
+    logger.logger.log(`Current hash: ${currentHashResult.data}`);
     logger.logger.groupEnd();
     if (wasSpinning) {
       spinner?.start();
     }
     return true;
   }
-  if (currentHash !== fileInfo.beforeHash) {
+  if (currentHashResult.data !== fileInfo.beforeHash) {
     logger.logger.fail(`File hash mismatch: ${fileName}`);
     logger.logger.group();
     logger.logger.log(`Expected: ${fileInfo.beforeHash}`);
-    logger.logger.log(`Current:  ${currentHash}`);
+    logger.logger.log(`Current:  ${currentHashResult.data}`);
     logger.logger.log(`Target:   ${fileInfo.afterHash}`);
     logger.logger.groupEnd();
     if (wasSpinning) {
@@ -8920,7 +8987,7 @@ async function processFilePatch(pkgPath, fileName, fileInfo, socketDir, options)
   }
   logger.logger.success(`File matches expected hash: ${fileName}`);
   logger.logger.group();
-  logger.logger.log(`Current hash: ${currentHash}`);
+  logger.logger.log(`Current hash: ${currentHashResult.data}`);
   logger.logger.log(`Ready to patch to: ${fileInfo.afterHash}`);
   logger.logger.group();
   if (dryRun) {
@@ -9118,13 +9185,11 @@ async function run$k(argv, importMeta, {
   cwd = path.resolve(process.cwd(), cwd);
   const dotSocketDirPath = path.join(cwd, constants.DOT_SOCKET);
   if (!fs$1.existsSync(dotSocketDirPath)) {
-    logger.logger.error(`Error: No ${constants.DOT_SOCKET} directory found in current directory`);
-    return;
+    throw new utils.InputError(`No ${constants.DOT_SOCKET} directory found in current directory`);
   }
   const manifestPath = path.join(dotSocketDirPath, constants.MANIFEST_JSON);
   if (!fs$1.existsSync(manifestPath)) {
-    logger.logger.error(`Error: No ${constants.MANIFEST_JSON} found in ${constants.DOT_SOCKET} directory`);
-    return;
+    throw new utils.InputError(`No ${constants.MANIFEST_JSON} found in ${constants.DOT_SOCKET} directory`);
   }
   const {
     spinner
@@ -9792,25 +9857,26 @@ async function run$f(argv, importMeta, {
       },
       org: {
         type: 'string',
+        default: '',
         description: 'Force override the organization slug, overrides the default org from config'
       },
       perPage: {
         type: 'number',
-        shortFlag: 'pp',
         default: 30,
-        description: 'Number of results per page'
+        description: 'Number of results per page',
+        shortFlag: 'pp'
       },
       page: {
         type: 'number',
-        shortFlag: 'p',
         default: 1,
-        description: 'Page number'
+        description: 'Page number',
+        shortFlag: 'p'
       },
       sort: {
         type: 'string',
-        shortFlag: 's',
         default: 'created_at',
-        description: 'Sorting option'
+        description: 'Sorting option',
+        shortFlag: 's'
       }
     },
     help: (command, config) => `
@@ -9837,16 +9903,19 @@ async function run$f(argv, importMeta, {
   const {
     all,
     direction = 'desc',
+    dryRun,
+    interactive,
     json,
     markdown,
-    org: orgFlag
+    org: orgFlag,
+    page,
+    perPage,
+    sort
   } = cli.flags;
-  const dryRun = !!cli.flags['dryRun'];
-  const interactive = !!cli.flags['interactive'];
   const hasApiToken = utils.hasDefaultApiToken();
   const {
     0: orgSlug
-  } = await utils.determineOrgSlug(String(orgFlag || ''), interactive, dryRun);
+  } = await utils.determineOrgSlug(orgFlag, interactive, dryRun);
   const outputKind = utils.getOutputKind(json, markdown);
   const wasValidInput = utils.checkCommandInput(outputKind, {
     nook: true,
@@ -9877,13 +9946,13 @@ async function run$f(argv, importMeta, {
     return;
   }
   await handleListRepos({
-    all: Boolean(all),
-    direction: direction === 'asc' ? 'asc' : 'desc',
+    all,
+    direction,
     orgSlug,
     outputKind,
-    page: Number(cli.flags['page']) || 1,
-    perPage: Number(cli.flags['perPage']) || 30,
-    sort: String(cli.flags['sort'] || 'created_at')
+    page,
+    perPage,
+    sort
   });
 }
 
@@ -11083,12 +11152,12 @@ async function run$a(argv, importMeta, {
   const SOCKET_SBOM_URL_PREFIX_LENGTH = SOCKET_SBOM_URL_PREFIX.length;
   const {
     depth,
+    dryRun,
     file,
     json,
     markdown,
     org: orgFlag
   } = cli.flags;
-  const dryRun = !!cli.flags['dryRun'];
   const interactive = !!cli.flags['interactive'];
   let [id1 = '', id2 = ''] = cli.input;
   // Support dropping in full socket urls to an sbom.
@@ -11131,12 +11200,12 @@ async function run$a(argv, importMeta, {
     return;
   }
   await handleDiffScan({
-    id1: String(id1 || ''),
-    id2: String(id2 || ''),
-    depth: Number(depth),
+    id1,
+    id2,
+    depth,
     orgSlug,
     outputKind,
-    file: String(file || '')
+    file
   });
 }
 
@@ -11151,7 +11220,7 @@ async function createScanFromGithub({
   repos
 }) {
   let targetRepos = repos.trim().split(',').map(r => r.trim()).filter(Boolean);
-  if (all || targetRepos.length === 0) {
+  if (all || !targetRepos.length) {
     // Fetch from Socket API
     const result = await fetchListAllRepos(orgSlug, {
       direction: 'asc',
@@ -11522,10 +11591,10 @@ async function streamDownloadWithFetch(localPath, downloadUrl) {
       ok: true,
       data: localPath
     };
-  } catch (error) {
+  } catch (e) {
     logger.logger.fail('An error was thrown while trying to download a manifest file... url:', downloadUrl);
     require$$9.debugDir('inspect', {
-      error
+      error: e
     });
 
     // If an error occurs and fileStream was created, attempt to clean up.
@@ -11539,10 +11608,10 @@ async function streamDownloadWithFetch(localPath, downloadUrl) {
       });
     }
     // Construct a more informative error message
-    let detailedError = `Error during download of ${downloadUrl}: ${error.message}`;
-    if (error.cause) {
+    let detailedError = `Error during download of ${downloadUrl}: ${e.message}`;
+    if (e.cause) {
       // Include cause if available (e.g., from network errors)
-      detailedError += `\nCause: ${error.cause}`;
+      detailedError += `\nCause: ${e.cause}`;
     }
     if (response && !response.ok) {
       // If error was due to bad HTTP status
@@ -13165,7 +13234,7 @@ async function fetchScan(orgSlug, scanId) {
         error: e,
         line
       });
-      return null;
+      return undefined;
     }
   });
   if (ok) {
@@ -13440,7 +13509,7 @@ async function fetchThreatFeed({
   return await utils.queryApiSafeJson(`orgs/${orgSlug}/threat-feed?${queryParams}`, 'the Threat Feed data');
 }
 
-const require$1 = Module.createRequire(require('node:url').pathToFileURL(__filename).href);
+const require$1 = require$$5.createRequire((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 async function outputThreatFeed(result, outputKind) {
   if (!result.ok) {
     process.exitCode = result.code ?? 1;
@@ -14317,7 +14386,7 @@ const rootAliases = {
   }
 };
 
-const __filename$1 = require$$0.fileURLToPath(require('node:url').pathToFileURL(__filename).href);
+const __filename$1 = require$$0.fileURLToPath((typeof document === 'undefined' ? require$$0.pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
 void (async () => {
   const registryUrl = vendor.registryUrl();
   await vendor.updater({
@@ -14395,5 +14464,5 @@ void (async () => {
     await utils.captureException(e);
   }
 })();
-//# debugId=ac9751e6-2458-4e89-9ffb-14171de230d0
+//# debugId=d42a0267-36a6-4b2d-a161-8a78c8038a13
 //# sourceMappingURL=cli.js.map