Rename --dont-apply-fixes to --no-apply-fixes

src/commands/fix/cmd-fix.mts

@@ -52,12 +52,14 @@ const generalFlags: MeowFlags = {
       'https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository',
     )} for managing auto-merge for pull requests in your repository.`,
   },
-  dontApplyFixes: {
+  applyFixes: {
     aliases: ['onlyCompute'],
     type: 'boolean',
-    default: false,
+    default: true,
     description:
       'Compute fixes only, do not apply them. Logs what upgrades would be applied. If combined with --output-file, the output file will contain the upgrades that would be applied.',
+    // Hidden to allow custom documenting of the negated `--no-apply-fixes` variant.
+    hidden: true,
   },
   id: {
     type: 'string',
@@ -182,7 +184,14 @@ async function run(
       ${getFlagApiRequirementsOutput(`${parentName}:${CMD_NAME}`)}
 
     Options
-      ${getFlagListOutput(config.flags)}
+      ${getFlagListOutput({
+        ...config.flags,
+        // Explicitly document the negated --no-apply-fixes variant.
+        noApplyFixes: {
+          ...config.flags['applyFixes'],
+          hidden: false,
+        } as MeowFlag,
+      })}
 
     Environment Variables (for CI/PR mode)
       CI                          Set to enable CI mode
@@ -208,8 +217,8 @@ async function run(
   )
 
   const {
+    applyFixes,
     autopilot,
-    dontApplyFixes,
     glob,
     json,
     limit,
@@ -223,7 +232,7 @@ async function run(
     unknownFlags = [],
   } = cli.flags as {
     autopilot: boolean
-    dontApplyFixes: boolean
+    applyFixes: boolean
     glob: string
     limit: number
     json: boolean
@@ -292,7 +301,7 @@ async function run(
 
   await handleFix({
     autopilot,
-    dontApplyFixes,
+    applyFixes,
     cwd,
     ghsas,
     glob,

src/commands/fix/cmd-fix.test.mts

@@ -172,7 +172,6 @@ describe('socket fix', async () => {
           Options
             --autopilot         Enable auto-merge for pull requests that Socket opens.
                                 See GitHub documentation (https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository) for managing auto-merge for pull requests in your repository.
-            --dont-apply-fixes  Compute fixes only, do not apply them. Logs what upgrades would be applied. If combined with --output-file, the output file will contain the upgrades that would be applied.
             --id                Provide a list of vulnerability identifiers to compute fixes for:
                                     - GHSA IDs (https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids) (e.g., GHSA-xxxx-xxxx-xxxx)
                                     - CVE IDs (https://cve.mitre.org/cve/identifiers/) (e.g., CVE-2025-1234) - automatically converted to GHSA
@@ -181,6 +180,7 @@ describe('socket fix', async () => {
             --json              Output as JSON
             --limit             The number of fixes to attempt at a time (default 10)
             --markdown          Output as Markdown
+            --no-apply-fixes    Compute fixes only, do not apply them. Logs what upgrades would be applied. If combined with --output-file, the output file will contain the upgrades that would be applied.
             --output-file       Path to store upgrades as a JSON file at this path.
             --range-style       Define how dependency version ranges are updated in package.json (default 'preserve').
                                 Available styles:

src/commands/fix/coana-fix.mts

@@ -43,9 +43,9 @@ export async function coanaFix(
   fixConfig: FixConfig,
 ): Promise<CResult<{ fixed: boolean }>> {
   const {
+    applyFixes,
     autopilot,
     cwd,
-    dontApplyFixes,
     ghsas,
     glob,
     limit,
@@ -106,7 +106,7 @@ export async function coanaFix(
 
   if (!shouldOpenPrs) {
     // Inform user about local mode when fixes will be applied.
-    if (!dontApplyFixes && ghsas.length) {
+    if (applyFixes && ghsas.length) {
       const envCheck = checkCiEnvVars()
       if (envCheck.present.length) {
         // Some CI vars are set but not all - show what's missing.
@@ -143,7 +143,7 @@ export async function coanaFix(
           ? ['--range-style', fixConfig.rangeStyle]
           : []),
         ...(glob ? ['--glob', glob] : []),
-        ...(dontApplyFixes ? [FLAG_DRY_RUN] : []),
+        ...(!applyFixes ? [FLAG_DRY_RUN] : []),
         ...(outputFile ? ['--output-file', outputFile] : []),
         ...fixConfig.unknownFlags,
       ],

src/commands/fix/handle-fix.mts

@@ -16,7 +16,7 @@ const CVE_FORMAT_REGEXP = /^CVE-\d{4}-\d{4,}$/
 
 export type HandleFixConfig = Remap<
   FixConfig & {
-    dontApplyFixes: boolean
+    applyFixes: boolean
     ghsas: string[]
     glob: string
     orgSlug: string
@@ -98,9 +98,9 @@ export async function convertIdsToGhsas(ids: string[]): Promise<string[]> {
 }
 
 export async function handleFix({
+  applyFixes,
   autopilot,
   cwd,
-  dontApplyFixes,
   ghsas,
   glob,
   limit,
@@ -121,7 +121,7 @@ export async function handleFix({
     glob,
     limit,
     minSatisfying,
-    dontApplyFixes,
+    applyFixes,
     outputFile,
     outputKind,
     prCheck,
@@ -132,7 +132,7 @@ export async function handleFix({
   await outputFixResult(
     await coanaFix({
       autopilot,
-      dontApplyFixes,
+      applyFixes,
       cwd,
       // Convert mixed CVE/GHSA/PURL inputs to GHSA IDs only
       ghsas: await convertIdsToGhsas(ghsas),

src/commands/fix/types.mts

@@ -3,7 +3,7 @@ import type { Spinner } from '@socketsecurity/registry/lib/spinner'
 
 export type FixConfig = {
   autopilot: boolean
-  dontApplyFixes: boolean
+  applyFixes: boolean
   cwd: string
   ghsas: string[]
   glob: string