diff --git a/package-lock.json b/package-lock.json
index 23b42d53b..2778cc24c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "socket",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "socket",
-      "version": "1.0.1",
+      "version": "1.0.2",
       "license": "MIT",
       "bin": {
         "socket": "bin/cli.js",
@@ -27,6 +27,7 @@
         "@eslint/compat": "1.3.1",
         "@eslint/js": "9.29.0",
         "@npmcli/arborist": "9.1.2",
+        "@npmcli/config": "10.3.0",
         "@octokit/graphql": "9.0.1",
         "@octokit/openapi-types": "25.1.0",
         "@octokit/request-error": "7.0.0",
@@ -56,6 +57,7 @@
         "@types/mock-fs": "4.13.4",
         "@types/node": "24.0.4",
         "@types/npmcli__arborist": "6.3.1",
+        "@types/npmcli__config": "6.0.3",
         "@types/proc-log": "3.0.4",
         "@types/semver": "7.7.0",
         "@types/which": "3.0.4",
@@ -2443,6 +2445,26 @@
       "dev": true,
       "license": "ISC"
     },
+    "node_modules/@npmcli/config": {
+      "version": "10.3.0",
+      "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-10.3.0.tgz",
+      "integrity": "sha512-52n09DvIdZq3Hd2Uc8OngwEU9PS4MJ439H6TGd10vpPL5Yp9BTw11sbrjxrJsSIz/msxkOPig0UQDjBjsPGr5A==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "@npmcli/map-workspaces": "^4.0.1",
+        "@npmcli/package-json": "^6.0.1",
+        "ci-info": "^4.0.0",
+        "ini": "^5.0.0",
+        "nopt": "^8.1.0",
+        "proc-log": "^5.0.0",
+        "semver": "^7.3.5",
+        "walk-up-path": "^4.0.0"
+      },
+      "engines": {
+        "node": "^20.17.0 || >=22.9.0"
+      }
+    },
     "node_modules/@npmcli/fs": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-4.0.0.tgz",
@@ -4558,6 +4580,17 @@
         "@types/pacote": "*"
       }
     },
+    "node_modules/@types/npmcli__config": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/@types/npmcli__config/-/npmcli__config-6.0.3.tgz",
+      "integrity": "sha512-JasDNjgkmtYWGJxMmhmfc8gRrRgcONd4DRaUTD/jWGhwIJSkUMSGHPatTVfUmD7QopQh93TzDH14FZL5tB2tEA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*",
+        "@types/semver": "*"
+      }
+    },
     "node_modules/@types/npmcli__package-json": {
       "version": "4.0.4",
       "resolved": "https://registry.npmjs.org/@types/npmcli__package-json/-/npmcli__package-json-4.0.4.tgz",
diff --git a/package.json b/package.json
index 94048dd61..3d99ea6d7 100644
--- a/package.json
+++ b/package.json
@@ -90,6 +90,7 @@
     "@eslint/compat": "1.3.1",
     "@eslint/js": "9.29.0",
     "@npmcli/arborist": "9.1.2",
+    "@npmcli/config": "10.3.0",
     "@octokit/graphql": "9.0.1",
     "@octokit/openapi-types": "25.1.0",
     "@octokit/request-error": "7.0.0",
@@ -119,6 +120,7 @@
     "@types/mock-fs": "4.13.4",
     "@types/node": "24.0.4",
     "@types/npmcli__arborist": "6.3.1",
+    "@types/npmcli__config": "6.0.3",
     "@types/proc-log": "3.0.4",
     "@types/semver": "7.7.0",
     "@types/which": "3.0.4",
diff --git a/src/commands/fix/npm-fix.mts b/src/commands/fix/npm-fix.mts
index 91cec5688..def39d72c 100644
--- a/src/commands/fix/npm-fix.mts
+++ b/src/commands/fix/npm-fix.mts
@@ -1,9 +1,21 @@
+import { realpathSync } from 'node:fs'
+import path from 'node:path'
+
+import NpmConfig from '@npmcli/config'
+import {
+  definitions as npmConfigDefinitions,
+  flatten as npmConfigFlatten,
+  shorthands as npmConfigShorthands,
+  // @ts-ignore
+} from '@npmcli/config/lib/definitions'
+
 import { debugFn, isDebug } from '@socketsecurity/registry/lib/debug'
 
 import { agentFix } from './agent-fix.mts'
 import { getCiEnv, getOpenPrsForEnvironment } from './fix-env-helpers.mts'
 import { getActualTree } from './get-actual-tree.mts'
 import { getAlertsMapOptions } from './shared.mts'
+import constants from '../../constants.mts'
 import {
   Arborist,
   SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,
@@ -57,9 +69,27 @@ export async function npmFix(
         getAlertsMapOptions({ limit: Math.max(limit, openPrs.length) }),
       )
     } else {
+      const npmPath = path.resolve(
+        realpathSync(pkgEnvDetails.agentExecPath),
+        '../..',
+      )
+      const config = new NpmConfig({
+        argv: [],
+        cwd: process.cwd(),
+        definitions: npmConfigDefinitions,
+        // Lazily access constants.execPath.
+        execPath: constants.execPath,
+        env: process.env,
+        flatten: npmConfigFlatten,
+        npmPath,
+        platform: process.platform,
+        shorthands: npmConfigShorthands,
+      })
+      await config.load()
       const arb = new Arborist({
         path: pkgEnvDetails.pkgPath,
         ...SAFE_ARBORIST_REIFY_OPTIONS_OVERRIDES,
+        config,
       })
       actualTree = await arb.reify()
       // Calling arb.reify() creates the arb.diff object, nulls-out arb.idealTree,