Documentation

Alert Types Support

Which types of alerts are supported for which programming languages

Suggest Edits

✅ = Full support
⏳ = Coming soon (within next 3 months)

CategoryAlert TypeSeverityJavaScript and TypeScriptPythonGoJava and KotlinRuby
48 alerts31 alerts26 alerts27 alerts28 alerts
VulnerabilityCritical CVECritical
High CVEHigh
Medium CVEMedium
Low CVELow
Supply Chain RiskKnown MalwareCritical
Possible typosquat attackCritical
Suspicious Stars on GitHubHigh
AI-detected potential malwareHigh
Git dependencyHigh
GitHub dependencyHigh
HTTP dependencyHigh
Obfuscated codeHigh
Protestware or potentially unwanted behaviorHigh
TelemetryHigh
Unstable ownershipHigh
AI-detected potential security riskMedium
Native codeMedium
Network accessMedium
Non-existent authorMedium
Potential vulnerabilityMedium
Shell accessMedium
Trivial PackageMedium
Uses evalMedium
AI-detected potential code anomalyLow
Environment variable accessLow
Filesystem accessLow
High entropy stringsLow
New authorLow
QualityUnpopular packageMedium❌ Maven lacks support
Minified codeLow
MaintenanceDeprecatedMedium❌ Maven lacks support❌ RubyGems lacks support
UnmaintainedLow
LicenseExplicitly Unlicensed ItemHigh
License Policy ViolationHigh
Misc. License IssuesMedium
Ambiguous License ClassifierLow
Copyleft LicenseLow
License exceptionLow
No License FoundLow
Non-permissive LicenseLow
Unidentified LicenseLow
JS-only: Supply Chain RiskNPM ShrinkwrapHigh
Install scriptsMedium
Manifest confusionMedium
Debug accessLow
Dynamic requireLow
JS-only: QualityBad dependency semverMedium
Wildcard dependencyMedium

👍

Tell us the alerts you want us to support next!

At Socket, we're committed to expanding our detection capabilities across diverse programming languages and package managers. We're driven by the needs of our users and customers so if there's a specific alert you'd like us to support, we'd love to hear from you. Please reach out to us to discuss your specific requirements.

Updated about 2 months ago