Jump to Content
Socket
DocumentationAPI Reference
Log InSocket
Documentation
Log In
DocumentationAPI Reference

Introduction

  • Getting started
  • FAQ

SOCKET ALERTS

  • Reachability Analysis
    • Module Reachability
    • Dependency Function-Level Reachability
    • Full Application Function-level Reachability
    • Static Reachability Analysis
    • Phantom Dependencies
  • Ecosystem Support
    • Scala setup instructions
    • Kotlin setup instructions
    • Gradle setup instructions (for Java, Kotlin, and Scala)
    • Anaconda setup instructions
  • Alert Types
    • Alert Types Support
    • Alert Categories
    • Vulnerability
      • Critical CVE
      • High CVE
      • Medium CVE
      • Low CVE
    • Supply Chain Risk
      • Known malware
      • Possible typosquat attack
      • AI-detected potential malware
      • Git dependency
      • GitHub dependency
      • HTTP dependency
      • Obfuscated code
      • Protestware or potentially unwanted behavior
      • Telemetry
      • Unstable ownership
      • AI-detected potential security risk
      • Native code
      • Network access
      • Non-existent author
      • Potential vulnerability
      • Shell access
      • Trivial Package
      • Uses eval
      • AI-detected potential code anomaly
      • Environment variable access
      • Filesystem access
      • High entropy strings
      • New author
      • JS-only: NPM Shrinkwrap
      • JS-only: Install scripts
      • JS-only: Manifest confusion
      • JS-only: Debug access
      • JS-only: Dynamic require
    • Quality
      • Unpopular package
      • Minified code
      • JS-only: Bad dependency semver
      • JS-only: Wildcard dependency
    • Maintenance
      • Deprecated
      • Unmaintained
    • License
      • Explicitly Unlicensed Item
      • Misc. License Issues
      • Ambiguous License Classifier
      • Copyleft License
      • License Exception
      • No License Found
      • Non-permissive License
      • Unidentified License
  • Alert Actions
  • Alert Actions and Triage Functionality
  • Package Scores
  • Manifest File Detection in Socket

SOCKET DASHBOARD

  • Organization Alerts
  • Dependency Search
  • Repositories
  • Reports
  • Security Policy (Default Enabled Alerts)
    • Customizable Security Policies
  • License Policy
  • Threat Feed
  • Package Search
  • Users
  • Settings
    • API Tokens
    • Audit Log
  • Integrations
    • Slack
    • Vanta
    • SSO (Single Sign-On)

Integrations

  • SSO (Single Sign-On)
  • Slack alerts
  • Vanta integration

Socket for GitHub

  • Guide to Socket for GitHub
  • Install the App
  • Ignoring pull request alerts
  • socket.yml
  • What to do when you receive an alert
  • GitHub App Permissions
  • Enable branch protection
  • Understanding "Act on Your Behalf" Permission

CI/CD INTEGRATIONS

  • Socket for GitHub Actions
  • Socket for Gitlab Pipeline
  • Socket for Bitbucket Pipeline
  • Socket for Jenkins Jobs
  • Socket for Azure DevOps (ADO Classic)
  • Socket for Azure DevOps (Yaml)

Socket CLI

  • Guide to Socket CLI
  • Socket CLI Commands
    • socket npm & socket npx
    • socket analytics
    • socket audit-log
    • socket ci
    • socket cdxgen
    • socket dependencies
    • socket login
    • socket logout
    • socket manifest
    • socket organization
    • socket optimize
    • socket package
    • socket raw-npm
    • socket raw-npx
    • socket repos
    • socket scan
    • socket threat-feed
    • socket wrapper
  • Socket CLI FAQ
  • safe-npm FAQ
  • Supported Node.js Versions

Socket for VS Code

  • Guide to Socket for VS Code

SOCKET REST API

  • Socket REST API
  • Socket JavaScript SDK
  • Socket Python SDK

Socket Chrome Extension

  • Guide to Socket Chrome Extension
  • Extension Permissions
  • Deploying via Google Workspace

Next steps

  • Join the community
  • Contact support

Advanced

  • Sample Malware Packages
  • Known issues
  • Incremental Rollout
  • Tool Configuration Files

Supported Node.js Versions

Suggest Edits

Supported Environments

Socket CLI is designed for use with LTS versions of Node.js.
If you're using a different version of Node.js, we recommend upgrading for the best experience with Socket CLI.

If you need assistance or have questions about the CLI, please reach out to our support team.
If scheduling a meeting is needed, please pick from our calendar.

Updated 7 months ago