fix: correct CLI_DIR constant and requirements.json import

- Changed CLI_DIR from '_cli' to 'cli' to match expected path structure
- Moved requirements.json to project root (copied from SDK)
- Updated requirements.mts to import local requirements.json instead of SDK export
- SDK no longer exports requirements.json via package.json exports field

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: jdalton

.config/eslint.config.mjs

@@ -207,7 +207,7 @@ export default [
       'test/**/*.{cts,mts,ts}',
       'src/test/**/*.{cts,mts,ts}',
       'src/utils/test-mocks.mts',
-      'scripts/**/*.d.{cts,mts,ts}',
+      '**/*.d.{cts,mts,ts}',
     ],
     ...js.configs.recommended,
     ...importFlatConfigsForModule.typescript,

.config/rollup.sea.config.mjs

@@ -10,13 +10,15 @@ import { babel as babelPlugin } from '@rollup/plugin-babel'
 import commonjsPlugin from '@rollup/plugin-commonjs'
 import { nodeResolve } from '@rollup/plugin-node-resolve'
 import replacePlugin from '@rollup/plugin-replace'
-import maintainedNodeVersions from '@socketsecurity/registry/lib/constants/maintained-node-versions'
-import UnpluginOxc from 'unplugin-oxc/rollup'
 import semver from 'semver'
+import UnpluginOxc from 'unplugin-oxc/rollup'
+
+import maintainedNodeVersions from '@socketsecurity/registry/lib/constants/maintained-node-versions'
 
 const __dirname = path.dirname(url.fileURLToPath(import.meta.url))
 const rootDir = path.join(__dirname, '..')
-const isProduction = process.env.NODE_ENV === 'production' || process.env.MINIFY === '1'
+const isProduction =
+  process.env.NODE_ENV === 'production' || process.env.MINIFY === '1'
 
 // Get the major version of the current maintained Node.js version (22.x.x -> 22)
 const MIN_NODE_VERSION = semver.major(maintainedNodeVersions[2])

.config/vitest.config.mts

@@ -25,14 +25,14 @@ export default defineConfig({
       forks: {
         // Use single fork for coverage to reduce memory, parallel otherwise.
         singleFork: isCoverageEnabled,
-        maxForks: isCoverageEnabled ? 1 : undefined,
+        ...(isCoverageEnabled ? { maxForks: 1 } : {}),
         // Isolate tests to prevent memory leaks between test files.
         isolate: true,
       },
       threads: {
         // Use single thread for coverage to reduce memory, parallel otherwise.
         singleThread: isCoverageEnabled,
-        maxThreads: isCoverageEnabled ? 1 : undefined,
+        ...(isCoverageEnabled ? { maxThreads: 1 } : {}),
       },
     },
     testTimeout: 60_000,

bin/bootstrap.js

@@ -1,28 +1,37 @@
-#!/usr/bin/env node
 /**
  * @fileoverview Bootstrap loader for Socket CLI
  *
  * Checks if ~/.socket/_socket exists, delegates to it.
  * Otherwise downloads and installs Socket CLI there.
  */
 
+/* eslint-disable n/no-process-exit */
+// process.exit() is acceptable in CLI bootstrap scripts
+
 'use strict'
 
+const { spawnSync } = require('node:child_process')
 const { existsSync } = require('node:fs')
 const { homedir } = require('node:os')
 const { join } = require('node:path')
-const { spawnSync } = require('node:child_process')
 
 const SOCKET_CLI_DIR = join(homedir(), '.socket', '_socket')
 const CLI_ENTRY = join(SOCKET_CLI_DIR, 'index.js')
 
 // Check if CLI exists
 if (existsSync(CLI_ENTRY)) {
   // Delegate to ~/.socket/_socket
-  const result = spawnSync(process.execPath, [CLI_ENTRY, ...process.argv.slice(2)], {
-    stdio: 'inherit',
-    env: { ...process.env, PKG_EXECPATH: process.env.PKG_EXECPATH || 'PKG_INVOKE_NODEJS' }
-  })
+  const result = spawnSync(
+    process.execPath,
+    [CLI_ENTRY, ...process.argv.slice(2)],
+    {
+      stdio: 'inherit',
+      env: {
+        ...process.env,
+        PKG_EXECPATH: process.env.PKG_EXECPATH || 'PKG_INVOKE_NODEJS',
+      },
+    },
+  )
   process.exit(result.status || 0)
 } else {
   // Download and install

requirements.json

@@ -0,0 +1,232 @@
+{
+  "api": {
+    "batchPackageFetch": {
+      "quota": 100,
+      "permissions": ["packages:list"]
+    },
+    "batchPackageStream": {
+      "quota": 100,
+      "permissions": ["packages:list"]
+    },
+    "createDependenciesSnapshot": {
+      "quota": 100,
+      "permissions": ["report:write"]
+    },
+    "createOrgFullScan": {
+      "quota": 0,
+      "permissions": ["full-scans:create"]
+    },
+    "createOrgRepo": {
+      "quota": 0,
+      "permissions": ["repo:create"]
+    },
+    "createScanFromFilepaths": {
+      "quota": 100,
+      "permissions": ["report:write"]
+    },
+    "deleteOrgFullScan": {
+      "quota": 0,
+      "permissions": ["full-scans:delete"]
+    },
+    "deleteOrgRepo": {
+      "quota": 0,
+      "permissions": ["repo:delete"]
+    },
+    "getAuditLogEvents": {
+      "quota": 10,
+      "permissions": ["audit-log:list"]
+    },
+    "getEnabledEntitlements": {
+      "quota": 0,
+      "permissions": []
+    },
+    "getEntitlements": {
+      "quota": 0,
+      "permissions": []
+    },
+    "getIssuesByNpmPackage": {
+      "quota": 10,
+      "permissions": []
+    },
+    "getOrgAnalytics": {
+      "quota": 10,
+      "permissions": ["report:write"]
+    },
+    "getOrganizations": {
+      "quota": 0,
+      "permissions": []
+    },
+    "streamOrgFullScan": {
+      "quota": 0,
+      "permissions": ["full-scans:list"]
+    },
+    "streamPatchesFromScan": {
+      "quota": 0,
+      "permissions": ["patches:list"]
+    },
+    "getOrgFullScanBuffered": {
+      "quota": 0,
+      "permissions": ["full-scans:list"]
+    },
+    "getOrgFullScanList": {
+      "quota": 0,
+      "permissions": ["full-scans:list"]
+    },
+    "getOrgFullScanMetadata": {
+      "quota": 0,
+      "permissions": ["full-scans:list"]
+    },
+    "getOrgLicensePolicy": {
+      "quota": 0,
+      "permissions": ["settings:read"]
+    },
+    "getOrgRepo": {
+      "quota": 0,
+      "permissions": ["repo:list"]
+    },
+    "getOrgRepoList": {
+      "quota": 0,
+      "permissions": ["repo:list"]
+    },
+    "getOrgSecurityPolicy": {
+      "quota": 0,
+      "permissions": ["settings:read"]
+    },
+    "getQuota": {
+      "quota": 0,
+      "permissions": []
+    },
+    "getRepoAnalytics": {
+      "quota": 10,
+      "permissions": ["report:write"]
+    },
+    "getScan": {
+      "quota": 0,
+      "permissions": ["report:read"]
+    },
+    "getScanList": {
+      "quota": 0,
+      "permissions": ["report:read"]
+    },
+    "getSupportedScanFiles": {
+      "quota": 0,
+      "permissions": ["report:read"]
+    },
+    "getScoreByNpmPackage": {
+      "quota": 10,
+      "permissions": []
+    },
+    "postSettings": {
+      "quota": 0,
+      "permissions": []
+    },
+    "searchDependencies": {
+      "quota": 100,
+      "permissions": []
+    },
+    "updateOrgRepo": {
+      "quota": 0,
+      "permissions": ["repo:update"]
+    },
+    "uploadManifestFiles": {
+      "quota": 100,
+      "permissions": ["packages:upload"]
+    },
+    "viewPatch": {
+      "quota": 0,
+      "permissions": ["patches:view"]
+    },
+    "deleteReport": {
+      "quota": 0,
+      "permissions": ["report:delete"]
+    },
+    "exportCDX": {
+      "quota": 0,
+      "permissions": ["report:read"]
+    },
+    "exportSPDX": {
+      "quota": 0,
+      "permissions": ["report:read"]
+    },
+    "getAPITokens": {
+      "quota": 10,
+      "permissions": ["api-token:list"]
+    },
+    "postAPIToken": {
+      "quota": 10,
+      "permissions": ["api-token:create"]
+    },
+    "postAPITokenUpdate": {
+      "quota": 10,
+      "permissions": ["api-token:update"]
+    },
+    "postAPITokensRotate": {
+      "quota": 10,
+      "permissions": ["api-token:rotate"]
+    },
+    "postAPITokensRevoke": {
+      "quota": 10,
+      "permissions": ["api-token:revoke"]
+    },
+    "updateOrgSecurityPolicy": {
+      "quota": 0,
+      "permissions": ["settings:write"]
+    },
+    "updateOrgLicensePolicy": {
+      "quota": 0,
+      "permissions": ["settings:write"]
+    },
+    "getOrgTriage": {
+      "quota": 0,
+      "permissions": ["triage:alerts-list"]
+    },
+    "updateOrgAlertTriage": {
+      "quota": 0,
+      "permissions": ["triage:alerts-update"]
+    },
+    "getOrgRepoLabelList": {
+      "quota": 0,
+      "permissions": ["repo-label:list"]
+    },
+    "createOrgRepoLabel": {
+      "quota": 0,
+      "permissions": ["repo-label:create"]
+    },
+    "getOrgRepoLabel": {
+      "quota": 0,
+      "permissions": ["repo-label:list"]
+    },
+    "updateOrgRepoLabel": {
+      "quota": 0,
+      "permissions": ["repo-label:update"]
+    },
+    "deleteOrgRepoLabel": {
+      "quota": 0,
+      "permissions": ["repo-label:delete"]
+    },
+    "getDiffScanById": {
+      "quota": 0,
+      "permissions": ["diff-scans:list"]
+    },
+    "createOrgDiffScanFromIds": {
+      "quota": 0,
+      "permissions": ["diff-scans:create"]
+    },
+    "listOrgDiffScans": {
+      "quota": 0,
+      "permissions": ["diff-scans:list"]
+    },
+    "deleteOrgDiffScan": {
+      "quota": 0,
+      "permissions": ["diff-scans:delete"]
+    },
+    "getApi": {
+      "quota": 0,
+      "permissions": []
+    },
+    "sendApi": {
+      "quota": 0,
+      "permissions": []
+    }
+  }
+}

scripts/build-yao-pkg-node.mjs

@@ -153,7 +153,9 @@ async function main() {
   // Configure Node.js with optimizations
   console.log('⚙️  Configuring Node.js...')
   console.log('   KEEP: WASM support, SSL/crypto, JIT (required for WASM)')
-  console.log('   REMOVE: npm, corepack, inspector, amaro, sqlite, ICU, snapshot, code cache')
+  console.log(
+    '   REMOVE: npm, corepack, inspector, amaro, sqlite, ICU, snapshot, code cache',
+  )
   console.log()
 
   await exec(