Skip to content
Socket Security

Socket Security

Protect your app from malicious open source dependencies

by SocketDev6,507 installs

About

GitHub has verified that the publisher controls the domain and meets other requirements.

Supported languages

JavaScript, CoffeeScript, TypeScript, and WebAssembly

Prevent malicious open source dependencies from infiltrating your apps.

Socket dramatically improves your open source security posture by detecting and blocking the attacks you don't expect – malware, install scripts, hidden code, typo-squatting, and more – which aren't caught by traditional vulnerability scanners.

  • Block malware – Block emerging malware threats
  • Block typo-squatting – Block malicious packages that differ in name by only a few characters
  • Detect hidden code – Detect obfuscated, minified, or hidden code
  • Detect privileged API usage – Report when a dependency update introduces new risky API usage – filesystem, network, child_process, eval()
  • Detect suspicious updates – Sudden inclusion of privileged APIs in patch or minor releases

Socket currently supports 70 detections in 5 categories: supply chain risk, quality, maintenance, known vulnerabilities, and license problems.

Analyze an entire project to find supply chain risks with Project Health Reports

Pricing and setup

Socket Free for personal and organization accounts

$0

Free

Socket Free for personal and organization accounts

  • Analyze your project to find supply chain risks
  • Detect 70+ red flags in open source code, including malware, typo-squatting, and more
  • Prevent compromised packages from infiltrating your supply chain
  • Warn developers using risky dependencies and educate them + encourage good behavior

Next: Confirm your installation location

Socket Security is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation