About
GitHub has verified that the publisher controls the domain and meets other requirements.
Category
Supported languages
JavaScript, CoffeeScript, TypeScript, and WebAssembly
From the developer
Prevent malicious open source dependencies from infiltrating your apps.
Socket dramatically improves your open source security posture by detecting and blocking the attacks you don't expect – malware, install scripts, hidden code, typo-squatting, and more – which aren't caught by traditional vulnerability scanners.
- Block malware – Block emerging malware threats
- Block typo-squatting – Block malicious packages that differ in name by only a few characters
- Detect hidden code – Detect obfuscated, minified, or hidden code
- Detect privileged API usage – Report when a dependency update introduces new risky API usage – filesystem, network, child_process, eval()
- Detect suspicious updates – Sudden inclusion of privileged APIs in patch or minor releases
Socket currently supports 70 detections in 5 categories: supply chain risk, quality, maintenance, known vulnerabilities, and license problems.
Analyze an entire project to find supply chain risks with Project Health Reports
Socket welcome page
Pricing and setup
Socket Free for personal and organization accounts
Free
Socket Free for personal and organization accounts
- Analyze your project to find supply chain risks
- Detect 70+ red flags in open source code, including malware, typo-squatting, and more
- Prevent compromised packages from infiltrating your supply chain
- Warn developers using risky dependencies and educate them + encourage good behavior
Socket Security is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation