v2.1.2

Socket wrap was treating any non-zero exit from socket npm as a supply chain risk-block, even when the failure was actually an npm error like ERESOLVE, a peer-dependency conflict, or a network problem. Users would see "Socket detected supply chain risks" plus advice to retry with --force or SOCKET_CLI_ACCEPT_RISKS=1 — neither of which would have fixed the real underlying npm issue.

Socket wrap now inspects the subprocess output for Socket's own risk markers ("new risk", "socket found", "exiting due to risks") to distinguish a real risk-block from a generic npm failure. When the subprocess fails without Socket markers, the thrown error is tagged with reason: 'npm-failed' and the message says "npm install failed. See the error output above." instead of the misleading Socket text.

The outdated and install commands branch on err.reason: npm failures get an honest "Fix the npm error above and retry" message and skip the inapplicable Socket bypass instructions. Risk-blocks still produce the existing flagged-package trace and retry advice.

Also removed "warning" and "alert" from the risk-marker regex since those words appear in unrelated npm output and caused false positives, and applied the same exit-code-vs-output discrimination to socket audit so audit subprocess failures don't get mislabeled either.

Verified end-to-end against the original ERESOLVE scenario in omega-manager: the npm error is printed in full followed by the honest "npm install failed" verdict.