Documentation

Alert Types Support

Which types of alerts are supported for which programming languages

Suggest Edits

✅ = Full support
⏳ = Coming soon (within next 3 months)

CategoryAlert TypeSeverityJavaScript and TypeScriptPythonGoJava and KotlinRuby
VulnerabilityCritical CVECritical
High CVEHigh
Medium CVEMedium
Low CVELow
Supply Chain RiskKnown MalwareCritical
Possible typosquat attackCritical
AI-detected potential malwareHigh
Git dependencyHigh
GitHub dependencyHigh
HTTP dependencyHigh
Obfuscated codeHigh
Protestware or potentially unwanted behaviorHigh
TelemetryHigh
Unstable ownershipHigh
AI-detected potential security riskMedium
Native codeMedium
Network accessMedium✅ New!✅ New!
Non-existent authorMedium
Potential vulnerabilityMedium
Shell accessMedium✅ New!✅ New!
Trivial PackageMedium
Uses evalMedium✅ New!✅ New!
AI-detected potential code anomalyLow
Environment variable accessLow✅ New!✅ New!
Filesystem accessLow✅ New!✅ New!
High entropy stringsLow
New authorLow
QualityUnpopular packageMedium❌ Maven lacks support
Minified codeLow
MaintenanceDeprecatedMedium✅ New!✅ New!❌ Maven lacks support❌ RubyGems lacks support
UnmaintainedLow✅ New!
LicenseExplicitly Unlicensed ItemHigh
License Policy ViolationHigh
Misc. License IssuesMedium
Ambiguous License ClassifierLow
Copyleft LicenseLow
License exceptionLow
No License FoundLow
Non-permissive LicenseLow
Unidentified LicenseLow
JS-only: Supply Chain RiskNPM ShrinkwrapHigh
Install scriptsMedium
Manifest confusionMedium
Debug accessLow
Dynamic requireLow
JS-only: QualityBad dependency semverMedium
Wildcard dependencyMedium

👍

Tell us the alerts you want us to support next!

At Socket, we're committed to expanding our detection capabilities across diverse programming languages and package managers. We're driven by the needs of our users and customers so if there's a specific alert you'd like us to support, we'd love to hear from you. Please reach out to us to discuss your specific requirements.

Updated about 1 month ago