fix(fix): make --ecosystems case-insensitive

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [1.1.93](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.93) - 2026-05-08
+
+### Changed
+- `socket fix --ecosystems` now accepts values case-insensitively (e.g. `NPM`, `npm`, and `Npm` are all valid), matching the existing behavior of `--package-managers`.
+
 ## [1.1.92](https://github.com/SocketDev/socket-cli/releases/tag/v1.1.92) - 2026-05-05
 
 ### Changed

package.json

@@ -1,6 +1,6 @@
 {
   "name": "socket",
-  "version": "1.1.92",
+  "version": "1.1.93",
   "description": "CLI for Socket.dev",
   "homepage": "https://github.com/SocketDev/socket-cli",
   "license": "MIT AND OFL-1.1",

src/commands/fix/cmd-fix.integration.test.mts

@@ -168,7 +168,7 @@ describe('socket fix', async () => {
                                 See GitHub documentation (https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-auto-merge-for-pull-requests-in-your-repository) for managing auto-merge for pull requests in your repository.
             --debug             Enable debug logging in the Coana-based Socket Fix CLI invocation.
             --disable-external-tool-checks  Disable external tool checks during fix analysis.
-            --ecosystems        Limit fix analysis to specific ecosystems. Can be provided as comma separated values or as multiple flags. Defaults to all ecosystems.
+            --ecosystems        Limit fix analysis to specific ecosystems. Accepts space- or comma-separated values and is case-insensitive. Defaults to all ecosystems.
             --exclude           Exclude workspaces matching these glob patterns. Can be provided as comma separated values or as multiple flags
             --fix-version       Override the version of @coana-tech/cli used for fix analysis. Default: <coana-version>.
             --id                Provide a list of vulnerability identifiers to compute fixes for:
@@ -1109,6 +1109,23 @@ describe('socket fix', async () => {
       },
     )
 
+    cmdit(
+      [
+        'fix',
+        FLAG_DRY_RUN,
+        '--ecosystems',
+        'NPM,PyPI',
+        FLAG_CONFIG,
+        '{"apiToken":"fakeToken"}',
+      ],
+      'should accept --ecosystems case-insensitively',
+      async cmd => {
+        const { code, stdout } = await spawnSocketCli(binCliPath, cmd)
+        expect(stdout).toMatchInlineSnapshot(`"[DryRun]: Not saving"`)
+        expect(code, 'should exit with code 0').toBe(0)
+      },
+    )
+
     cmdit(
       [
         'fix',

src/commands/fix/cmd-fix.mts

@@ -168,7 +168,7 @@ Available styles:
     type: 'string',
     default: [],
     description:
-      'Limit fix analysis to specific ecosystems. Can be provided as comma separated values or as multiple flags. Defaults to all ecosystems.',
+      'Limit fix analysis to specific ecosystems. Accepts space- or comma-separated values and is case-insensitive. Defaults to all ecosystems.',
     isMultiple: true,
   },
   packageManagers: {
@@ -367,7 +367,11 @@ async function run(
   const outputKind = getOutputKind(json, markdown)
 
   // Process comma-separated values for ecosystems flag.
-  const ecosystemsRaw = cmdFlagValueToArray(ecosystems)
+  // ALL_ECOSYSTEMS is lowercase, so normalize input for a case-insensitive
+  // match (mirrors --package-managers behavior).
+  const ecosystemsRaw = cmdFlagValueToArray(ecosystems).map(s =>
+    s.toLowerCase(),
+  )
 
   // Validate ecosystem values early, before dry-run check.
   const validatedEcosystems: PURL_Type[] = []