Summary

The bun security scanner cannot read authentication credentials saved by socket login, causing it to silently fall back to free mode even when valid credentials exist.

Root Cause

The scanner reads credentials from a hardcoded path assuming a flat file:

~/.local/share/socket/settings

(src/index.ts L14-L39 constructs path.join(dataHome, 'socket', 'settings') and calls Bun.file() on it)

However, the Socket CLI (v2) writes credentials to a directory structure:

~/.local/share/socket/settings/config.json

Since settings is a directory, Bun.file(defaultSettingsPath).exists() returns false and the scanner falls through to unauthenticated mode with no error, only the generic warning:

⚠ Socket Security Scanner free mode. Set SOCKET_API_KEY to use your Socket org settings.

Steps to Reproduce

1. socket login (authenticate successfully)
2. Confirm credentials exist: cat ~/.local/share/socket/settings/config.json (base64-encoded JSON with apiToken)
3. Run bun install with the scanner configured in bunfig.toml
4. Observe "free mode" warning despite valid credentials

Expected Behavior

The scanner should read the token from ~/.local/share/socket/settings/config.json when the CLI has written credentials there.

Suggested Fix

In src/index.ts, after the current file check fails, fall back to checking the directory layout:

const defaultSettingsPath = path.join(dataHome, 'socket', 'settings')
let file = Bun.file(defaultSettingsPath)

if (!await file.exists()) {
  file = Bun.file(path.join(defaultSettingsPath, 'config.json'))
}

if (await file.exists()) {
  // ... existing base64 decode logic
}

Workaround

Set the env var explicitly:

export SOCKET_API_KEY="<token from ~/.local/share/socket/settings/config.json>"

Environment

• OS: Ubuntu 24.04 (Linux x64)
• Bun: 1.3+
• Socket CLI: v2 (installed via bun install -g @socketsecurity/cli)
• Scanner: @socketsecurity/bun-security-scanner@1.1.2