Getting started

Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for your open source dependencies.

The Socket team are all prolific open source maintainers (our open source packages collectively have 1 billion+ downloads per month). Socket customers include Vercel, Replit, and Brave. Socket is also used by prominent open source projects such as Next.js, Storybook, and Metamask.

We provide a couple of different ways in which this protection can be applied:

Socket for GitHub

The easiest and most powerful approach we have is Socket for GitHub. You simply install it to your repositories and it will start running checks on PRs right away and provide feedback to you.

Socket CLI

You can of course be able to interact with us through the Socket CLI. This is especially useful for those of you who are not using GitHub or those of you who want more control over how you interact with Socket than what our GitHub App give.

Socket for VS Code

For those who prefer working within their code editor, we've got you covered with the Socket VS Code Extension. This handy tool brings the power of Socket right into your workspace. It allows you to scan your projects directly from VS Code, providing real-time feedback and recommendations. It's like having a vigilant security guard, always on duty within your coding environment, helping you to spot and fix vulnerabilities before they become a problem.


Our Socket REST API enables you to make use of our feature set in a more customized approach that you yourself (or some very smart friend of yours or in the community) tailor for your very own needs. As easy? Nope. Taste just as good? Yep, or even better if you add that secret spice of yours to it.

Socket JavaScript SDK

The Socket JavaScript SDK is a powerful tool that simplifies the use of our REST API in your scripts. It comes with types included, making your coding process smoother and more efficient. This SDK allows you to harness the full potential of Socket's features in a more tailored way, giving you the flexibility to customize as per your specific needs. It's like having a Swiss Army knife for your application security, ready to be wielded in the unique way that suits you best.