SocketDev · jdalton · Apr 2, 2026 · Mar 31, 2026 · Mar 31, 2026 · Apr 1, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.78](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.78) - 2026-04-01
+
+### Fixed
+- `socket scan create`, `socket scan reach`, and `socket fix` now respect `projectIgnorePaths` from `socket.yml` when collecting files
+
 ## [1.1.77](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.77) - 2026-04-01
 
 ### Fixed

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.77",
+  "version": "1.1.78",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",

diff --git a/src/commands/fix/coana-fix.mts b/src/commands/fix/coana-fix.mts
@@ -44,6 +44,7 @@
   fetchGhsaDetails,
   setGitRemoteGithubRepoUrl,
 } from '../../utils/github.mts'
+import { findSocketYmlSync } from '../../utils/config.mts'
 import { getPackageFilesForScan } from '../../utils/path-resolve.mts'
 import { setupSdk } from '../../utils/sdk.mts'
 import { fetchSupportedScanFileNames } from '../scan/fetch-supported-scan-file-names.mts'
@@ -157,7 +158,15 @@
   }
 
   const supportedFiles = supportedFilesCResult.data
+
+  // Load socket.yml to respect projectIgnorePaths when collecting files.
+  const socketYmlResult = findSocketYmlSync(cwd)
+  const socketConfig = socketYmlResult.ok
+    ? socketYmlResult.data?.parsed
+    : undefined
+
   const scanFilepaths = await getPackageFilesForScan(['.'], supportedFiles, {
+    config: socketConfig,
     cwd,
   })
   // Exclude any .socket.facts.json files that happen to be in the scan

diff --git a/src/commands/scan/cmd-scan-create.mts b/src/commands/scan/cmd-scan-create.mts
@@ -173,7 +173,6 @@ async function run(
       ...generalFlags,
       ...reachabilityFlags,
     },
-    // TODO: Your project's "socket.yml" file's "projectIgnorePaths".
     help: command => `
     Usage
       $ ${command} [options] [TARGET...]

diff --git a/src/commands/scan/handle-create-new-scan.mts b/src/commands/scan/handle-create-new-scan.mts
@@ -14,6 +14,7 @@ import { outputCreateNewScan } from './output-create-new-scan.mts'
 import { performReachabilityAnalysis } from './perform-reachability-analysis.mts'
 import constants from '../../constants.mts'
 import { checkCommandInput } from '../../utils/check-input.mts'
+import { findSocketYmlSync } from '../../utils/config.mts'
 import { getPackageFilesForScan } from '../../utils/path-resolve.mts'
 import { readOrDefaultSocketJson } from '../../utils/socket-json.mts'
 import { socketDocsLink } from '../../utils/terminal-link.mts'
@@ -164,7 +165,15 @@ export async function handleCreateNewScan({
   spinner.start('Searching for local files to include in scan...')
 
   const supportedFiles = supportedFilesCResult.data
+
+  // Load socket.yml to respect projectIgnorePaths when collecting files.
+  const socketYmlResult = findSocketYmlSync(cwd)
+  const socketConfig = socketYmlResult.ok
+    ? socketYmlResult.data?.parsed
+    : undefined
+
   const packagePaths = await getPackageFilesForScan(targets, supportedFiles, {
+    config: socketConfig,
     cwd,
   })
 

diff --git a/src/commands/scan/handle-scan-reach.mts b/src/commands/scan/handle-scan-reach.mts
@@ -6,6 +6,7 @@ import { outputScanReach } from './output-scan-reach.mts'
 import { performReachabilityAnalysis } from './perform-reachability-analysis.mts'
 import constants from '../../constants.mts'
 import { checkCommandInput } from '../../utils/check-input.mts'
+import { findSocketYmlSync } from '../../utils/config.mts'
 import { getPackageFilesForScan } from '../../utils/path-resolve.mts'
 
 import type { ReachabilityOptions } from './perform-reachability-analysis.mts'
@@ -47,7 +48,15 @@ export async function handleScanReach({
   )
 
   const supportedFiles = supportedFilesCResult.data
+
+  // Load socket.yml to respect projectIgnorePaths when collecting files.
+  const socketYmlResult = findSocketYmlSync(cwd)
+  const socketConfig = socketYmlResult.ok
+    ? socketYmlResult.data?.parsed
+    : undefined
+
   const packagePaths = await getPackageFilesForScan(targets, supportedFiles, {
+    config: socketConfig,
     cwd,
   })