Security Policy
Socket by default will only show alerts that are likely not noise.
If an organization wishes to change what issues are shown by default or cause checks to fail can use the dashboard. It is not recommended to disable the default issues socket enables.
These are the default set of Enabled Alerts:
- Potential Typo Squat
- Install scripts
- Telemetry
- Protestware/Troll package
- Known Malware
- Native code
- Bin script shell injection
- Git dependency
- HTTP dependency
- Invalid package.json
- Unresolved require
For granular per-repository settings, use socket.yml.
Updated about 1 month ago