Alert Types Support

Which types of alerts are supported for which programming languages

✅ = Full support
⏳ = Coming soon (within next 3 months)

CategoryAlert TypeJavaScript and TypeScriptPythonGoJava and KotlinRuby
VulnerabilityCritical CVE
High CVE
Medium CVE
Supply Chain RiskPossible typosquat attack
Environment variable access✅ New!✅ New!
Filesystem access✅ New!✅ New!
Git dependency
GitHub dependency
AI detected anomaly
AI detected potential malware
AI detected security risk
Native code
High entropy strings
HTTP dependency
Known Malware
Non-existent author
Network access✅ New!✅ New!
New author
Obfuscated code
Potential vulnerability
Shell access✅ New!✅ New!
Trivial Package
Protestware or potentially unwanted behavior
Unstable ownership
Uses eval✅ New!✅ New!
QualityMinified code
Unpopular package❌ Maven lacks support
MaintenanceDeprecated✅ New!❌ Maven lacks support❌ RubyGems lacks support
Unmaintained✅ New!
LicenseAmbiguous License Classifier
Copyleft License
Deprecated SPDX exception
Deprecated license
Explicitly Unlicensed Item
Nonpermissive License
No License Found
Non OSI license
Non-permissive License
Legal notice
Unidentified License
JS-only: Supply Chain RiskChronological version anomaly
Debug access
Dynamic require
Install scripts
Manifest confusion
NPM Shrinkwrap
JS-only: QualityBad dependency semver
Floating dependency


Tell us the alerts you want us to support next!

At Socket, we're committed to expanding our detection capabilities across diverse programming languages and package managers. We're driven by the needs of our users and customers so if there's a specific alert you'd like us to support, we'd love to hear from you. Please reach out to us to discuss your specific requirements.