Fix incorrect token usage in /v0/purl requests

When getAlertsMapFromPurls is called without an explicit apiToken option,
it was defaulting to getPublicApiToken() which always returns the public
token as a fallback. This caused /v0/purl API requests to use the public
token even when SOCKET_CLI_API_TOKEN was set in the environment.

The fix removes the default value and lets setupSdk handle token
resolution through getDefaultApiToken(), which properly respects
SOCKET_CLI_API_TOKEN and other token sources.

Author: jdalton

src/utils/alerts-map.mts

@@ -27,7 +27,7 @@ import { isNonEmptyString } from '@socketsecurity/registry/lib/strings'
 import { findSocketYmlSync } from './config.mts'
 import { toFilterConfig } from './filter-config.mts'
 import { extractPurlsFromPnpmLockfile } from './pnpm.mts'
-import { getPublicApiToken, setupSdk } from './sdk.mts'
+import { setupSdk } from './sdk.mts'
 import { addArtifactToAlertsMap } from './socket-package-alert.mts'
 
 import type { CompactSocketArtifact } from './alert/artifact.mts'
@@ -91,7 +91,7 @@ export async function getAlertsMapFromPurls(
     opts.filter.fixable = true
   }
 
-  const { apiToken = getPublicApiToken(), spinner } = opts
+  const { apiToken, spinner } = opts
 
   const getText = () => `Looking up data for ${remaining} packages`