refactor: migrate to pnpm monorepo structure

Create 14 packages with clear separation of concerns:
- @socketsecurity/cli: Full JavaScript CLI implementation
- socket: Thin wrapper that downloads CLI on demand
- 8 platform binary packages (@socketbin/cli-*)
- 2 private build tool packages

Move all CLI source code to packages/cli/ while preserving
git history through renames. Configure pnpm workspace and
add documentation for monorepo structure.

BREAKING CHANGE: Repository structure changed to monorepo

Author: jdalton

MONOREPO.md

@@ -0,0 +1,71 @@
+# Socket CLI Monorepo Guide
+
+This document explains the monorepo structure and how the different packages relate to each other.
+
+## Package Overview
+
+### Three Release Builds
+
+Socket CLI releases three distinct npm packages:
+
+1. **`@socketsecurity/cli`** - Full JavaScript CLI implementation
+2. **`@socketsecurity/cli-with-sentry`** - Full JavaScript CLI with Sentry telemetry
+3. **`socket`** - Thin wrapper that downloads `@socketsecurity/cli` on demand
+
+### Platform Binary Packages (8 total)
+
+Optional platform-specific native binaries:
+
+- `@socketbin/cli-darwin-arm64` - macOS Apple Silicon
+- `@socketbin/cli-darwin-x64` - macOS Intel
+- `@socketbin/cli-linux-arm64` - Linux ARM64 (glibc)
+- `@socketbin/cli-linux-x64` - Linux x64 (glibc)
+- `@socketbin/cli-alpine-arm64` - Alpine Linux ARM64 (musl)
+- `@socketbin/cli-alpine-x64` - Alpine Linux x64 (musl)
+- `@socketbin/cli-win32-arm64` - Windows ARM64
+- `@socketbin/cli-win32-x64` - Windows x64
+
+### Private Build Tools (2 total)
+
+- `@socketbin/custom-node` - Builds custom Node.js from source with Socket patches
+- `@socketbin/sea` - Builds Socket CLI as native Node.js SEA binaries (fallback)
+
+## Directory Structure
+
+```
+socket-cli/
+├── packages/
+│   ├── cli/                                    # @socketsecurity/cli
+│   │   ├── src/                                # CLI source code
+│   │   ├── bin/                                # CLI entry points
+│   │   ├── test/                               # Tests
+│   │   ├── data/                               # Static data
+│   │   └── package.json
+│   │
+│   ├── socket/                                 # socket (thin wrapper)
+│   │   ├── bin/
+│   │   │   ├── socket.js                       # Entry point
+│   │   │   └── bootstrap.js                    # Bootstrap logic
+│   │   └── package.json
+│   │
+│   ├── socketbin-custom-node-from-source/      # Custom Node.js builder
+│   │   ├── build/
+│   │   │   ├── patches/                        # Socket security patches
+│   │   │   └── additions/                      # Additional C++ code
+│   │   ├── scripts/
+│   │   │   └── build.mjs                       # Build script
+│   │   └── package.json
+│   │
+│   ├── socketbin-native-node-sea/              # SEA builder
+│   │   ├── scripts/
+│   │   │   ├── build.mjs                       # SEA build script
+│   │   │   └── publish.mjs                     # Publish script
+│   │   └── package.json
+│   │
+│   └── socketbin-cli-{platform}-{arch}/        # 8 platform packages
+│       ├── bin/
+│       │   └── socket (or socket.exe)          # Native binary
+│       └── package.json
+│
+├── pnpm-workspace.yaml                         # pnpm workspace config
+└── package.json                                # Root workspace

package.json

@@ -1,76 +1,4 @@
 {
-  "name": "socket",
-  "version": "1.1.25",
-  "private": true,
-  "description": "CLI for Socket.dev",
-  "homepage": "https://github.com/SocketDev/socket-cli",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/SocketDev/socket-cli.git"
-  },
-  "author": {
-    "name": "Socket Inc",
-    "email": "eng@socket.dev",
-    "url": "https://socket.dev"
-  },
-  "bin": {
-    "socket": "bin/cli.js",
-    "socket-npm": "bin/npm-cli.js",
-    "socket-npx": "bin/npx-cli.js",
-    "socket-pnpm": "bin/pnpm-cli.js",
-    "socket-yarn": "bin/yarn-cli.js"
-  },
-  "exports": {
-    "./bin/cli.js": "./dist/cli.js",
-    "./bin/npm-cli.js": "./dist/npm-cli.js",
-    "./bin/npx-cli.js": "./dist/npx-cli.js",
-    "./bin/pnpm-cli.js": "./dist/pnpm-cli.js",
-    "./bin/yarn-cli.js": "./dist/yarn-cli.js",
-    "./package.json": "./package.json",
-    "./data/alert-translations.json": "./data/alert-translations.json",
-    "./data/command-api-requirements.json": "./data/command-api-requirements.json"
-  },
-  "scripts": {
-    "build": "node --import=./scripts/load.mjs scripts/build.mjs --src-only",
-    "build:sea:internal:bootstrap": "rollup -c .config/rollup.cli-sea.config.mjs",
-    "build:js": "node scripts/extract-yoga-wasm.mjs && node .config/esbuild.cli.build.mjs",
-    "build:watch": "node scripts/extract-yoga-wasm.mjs && node .config/esbuild.cli.build.mjs --watch",
-    "dev": "pnpm run build:watch",
-    "publish:sea": "node --import=./scripts/load.mjs scripts/publish-sea.mjs",
-    "check": "node --import=./scripts/load.mjs scripts/check.mjs",
-    "check-ci": "pnpm run check",
-    "claude": "node scripts/claude.mjs",
-    "lint": "node --import=./scripts/load.mjs scripts/lint.mjs",
-    "lint-ci": "pnpm run lint",
-    "type": "tsc --noEmit",
-    "type-ci": "pnpm run type",
-    "cover": "node --import=./scripts/load.mjs scripts/cover.mjs",
-    "clean": "run-p -c --aggregate-output clean:*",
-    "clean:cache": "del-cli '**/.cache'",
-    "clean:dist": "del-cli 'dist'",
-    "clean:node_modules": "del-cli '**/node_modules'",
-    "fix": "node --import=./scripts/load.mjs scripts/fix.mjs",
-    "lint-staged": "dotenvx -q run -f .env.local -- lint-staged",
-    "precommit": "dotenvx -q run -f .env.local -- lint-staged",
-    "prepare": "dotenvx -q run -f .env.local -- husky",
-    "bs": "dotenvx -q run -f .env.local -- pnpm run build --src-only; pnpm exec socket --",
-    "s": "dotenvx -q run -f .env.local -- pnpm exec socket --",
-    "e2e-tests": "dotenvx -q run -f .env.test -- vitest run --config vitest.e2e.config.mts",
-    "test": "run-s check test:*",
-    "test:prepare": "dotenvx -q run -f .env.test -- pnpm build && del-cli 'test/**/node_modules'",
-    "test:unit": "dotenvx -q run -f .env.test -- vitest run",
-    "test:unit:update": "dotenvx -q run -f .env.test -- vitest run --update",
-    "test:unit:coverage": "dotenvx -q run -f .env.test -- vitest run --coverage",
-    "test:validate": "node --import=./scripts/load.mjs scripts/validate-tests.mjs",
-    "test:wrapper": "node --import=./scripts/load.mjs scripts/test-wrapper.mjs",
-    "test-ci": "run-s test:*",
-    "test-pre-commit": "dotenvx -q run -f .env.precommit -- pnpm test",
-    "update": "node --import=./scripts/load.mjs scripts/update.mjs",
-    "wasm": "node scripts/wasm.mjs",
-    "wasm:build": "node scripts/wasm.mjs --build",
-    "wasm:download": "node scripts/wasm.mjs --download"
-  },
   "devDependencies": {
     "@babel/core": "7.28.4",
     "@babel/parser": "^7.28.4",
@@ -186,20 +114,12 @@
     "node": ">=18",
     "pnpm": ">=10.16.0"
   },
-  "files": [
-    "bin/**",
-    "data/**",
-    "dist/**",
-    "shadow-bin/**",
-    "CHANGELOG.md",
-    "logo-dark.png",
-    "logo-light.png"
-  ],
   "lint-staged": {
     "*.{cjs,cts,js,json,md,mjs,mts,ts}": [
       "biome check --write --unsafe --no-errors-on-unmatched --files-ignore-unknown=true --colors=off"
     ]
   },
+  "name": "socket-cli-monorepo",
   "pnpm": {
     "overrides": {
       "@octokit/graphql": "9.0.1",
@@ -255,6 +175,18 @@
       "yoga-layout": "patches/yoga-layout.patch"
     }
   },
+  "private": true,
+  "scripts": {
+    "build": "pnpm --filter \"./packages/**\" run build",
+    "build:cli": "pnpm --filter @socketsecurity/cli run build",
+    "build:socket": "pnpm --filter socket run build",
+    "check": "pnpm --filter @socketsecurity/cli run check",
+    "clean": "pnpm --filter \"./packages/**\" run clean",
+    "lint": "pnpm --filter @socketsecurity/cli run lint",
+    "prepare": "dotenvx -q run -f .env.local -- husky",
+    "test": "pnpm --filter @socketsecurity/cli run test",
+    "type": "pnpm --filter @socketsecurity/cli run type"
+  },
   "typeCoverage": {
     "cache": true,
     "atLeast": 95,
@@ -266,9 +198,5 @@
     "ignore-files": "test/*",
     "strict": true
   },
-  "dependencies": {
-    "ajv-dist": "8.17.1",
-    "compromise": "^14.14.4",
-    "onnxruntime-web": "^1.23.0"
-  }
+  "version": "1.1.25"
 }

packages/cli/README.md

@@ -0,0 +1,40 @@
+# @socketsecurity/cli
+
+Full Socket CLI implementation for supply chain security analysis.
+
+## Installation
+
+```bash
+npm install -g @socketsecurity/cli
+```
+
+Or use via the thin `socket` wrapper:
+
+```bash
+npm install -g socket
+```
+
+## Usage
+
+```bash
+socket --help
+socket scan
+socket npm install express
+socket optimize
+```
+
+## Features
+
+- **Security Scanning**: Analyze npm packages for supply chain risks
+- **CI/CD Integration**: Block risky dependencies in your pipeline
+- **Package Optimization**: Apply Socket registry overrides for safer alternatives
+- **Organization Management**: Manage Socket.dev organizations and repositories
+- **Wrapper Commands**: Secure alternatives to `npm`, `npx`, `pnpm`, `yarn`
+
+## Documentation
+
+Visit [https://docs.socket.dev/](https://docs.socket.dev/) for full documentation.
+
+## License
+
+MIT