Documentation

Ecosystem Support

Languages ecosystems, programming languages, package managers, and features that Socket supports.

Suggest Edits

Ecosystem Maturity Levels

Socket language ecosystems are classified into three maturity levels:

  • Generally Available (GA)
  • Beta
  • Experimental

The differences are as follows:

FeatureGABetaExperimental
AvailabilityAvailable for all Socket users.Available for all Socket users.Enterprise plan users can contact us to get access.
Alert TypesSupports 25+ alert types (including Supply Chain Risk, CVE, Quality, Maintenance, and License types).Supports 20+ alert types (including Supply Chain Risk, CVE, Quality, Maintenance, and License types).Supports 15+ alert types (including Supply Chain Risk, CVE, Quality, Maintenance, and License types).
SupportPremium support from the Socket team. Any reported issues are resolved promptly.Support from the Socket team. Any reported issues are resolved promptly, but after GA ecosystems.Reported issues are tracked and prioritized with best effort.

Ecosystem Support

EcosytemPackage managerMaturity levelNext-gen SCASocket scoresReachability analysisAutofix PRs
JavaScript and TypeScriptnpm, yarn, pnpmGA
Pythonuv, pip, Poetry, AnacondaGA⏳ Planned
GoGo ModulesGA⏳ Planned
JavaMaven, GradleGA⏳ Planned
RubyBundlerGA⏳ Planned
.NET (C#, F#, Visual Basic) NugetBeta⏳ Planned
Scala sbt, Maven, GradleExperimental⏳ Planned
Kotlin Maven, GradleExperimental⏳ Planned
Rustcargo🚧 In Progress (Q2)
Objective-CCocoaPodsPlanned (Q3)
PHPComposerPlanned (Q3)
SwiftSwift Package ManagerPlanned (Q4)
Elixir and ErlanghexPlanned

👍

Vote for the languages you want us to support next!

At Socket, we're committed to expanding our ecosystem support to support diverse programming languages and package managers. We're driven by the needs of our users so if there's a language you'd like us to support, we encourage you to vote for it. Your votes directly influence our prioritization. If you're considering becoming an enterprise customer, we'd love to hear from you –  we can prioritize language support based on your needs. Please reach out to us to discuss your specific requirements.

AI model Scanning Support

Socket scans the contents of AI model files, including those used by popular LLMs, to scan for the full suite of Socket Alerts .

Package ManagerSupport LevelNotes
PyPI Pickle files✅ SupportedSocket scans all pickle files within PyPI packages
Hugging Face⏳ Planned

JavaScript and TypeScript

Socket officially supports npm, yarn, and pnpm.

Package ManagerSupport LevelNotes
npmSupportednpm versions 6 - 11 (latest)
YarnSupportedyarn versions 1 - 3
pnpmSupportedpnpm versions 5 - 10 (latest)

npm

Socket supports npm (versions 6, 7, 8, and 9).

FeatureSupport LevelNotes
npm lockfile (package-lock.json)✅ SupportedSocket supports lockfile versions 1, 2, and 3
npm workspaces✅ Supported
Package overrides✅ Supported
file: dependencies✅ Supported
shrinkwrap dependencies✅ Supported
bundled dependencies✅ Supported

Yarn

Socket fully supports Yarn (versions versions 1, 2, and 3).

FeatureSupport LevelNotes
Yarn lockfile (yarn.lock)✅ Supported
Yarn workspaces✅ Supported
Selective dependency resolutions (Package overrides)✅ Supported
file: dependencies✅ Supported
shrinkwrap dependencies✅ Supported
bundled dependencies✅ Supported
Yarn protocols🚧 Partial support
Yarn plugins and Plug'n'Play⏳ Planned

pnpm

Socket fully supports pnpm (versions 5, 6, and 7).

FeatureSupport LevelNotes
pnpm lockfile (pnpm-lock.yaml)✅ Supported
pnpm workspaces✅ Supported
Package overrides/resolutions (Package overrides)✅ Supported
file: dependencies✅ Supported
shrinkwrap dependencies✅ Supported
bundled dependencies✅ Supported
pnpm protocols🚧 Partial support
pnpm patch⏳ Planned

Python

Socket supports Python (uv, pip, Poetry, and Anaconda).

Package ManagerSupport LevelNotes
uvSupporteduv versions 0.x (latest)
pipSupportedpip versions 20 - 25 (latest)
PoetrySupportedPoetry versions 1 - 2
Anaconda (conda)🚧 Partial supportAnaconda versions 22-25 (latest)

uv

uv is the preferred Python package manager for Socket. This is because uv generates truly deterministic lockfiles through universal resolution. This approach ensures that dependencies are locked consistently across all platforms and environments.

FeatureSupport LevelNotes
uv.lock✅ Supported
pyproject.toml ( PEP517 PEP518 PEP621 PEP660 )✅ Supported
Optional dependencies✅ Supported
Python environments✅ Supported

pip

pip dependency resolution is non-deterministic. This is a fundamental limitation of the pip package manager. For best accuracy, Socket recommends using uv if possible.

FeatureSupport LevelNotes
Pipfile and Pipfile.lock✅ Supported
setup.py✅ Supported
requirements files ( requirements.txt )✅ Supported
pyproject.toml ( PEP517 PEP518 PEP621 PEP660 )✅ Supported
pip extras✅ Supported

Poetry

For best accuracy, Socket recommends using uv if possible.

FeatureSupport LevelNotes
pyproject.toml#tool.poetry✅ Supported
poetry.lock✅ SupportedOptional dependencies and extras are not supported for poetry.lock. This is because the lockfile does not lock your optional dependencies. For best accuracy, Socket recommends using uv if possible.
pyproject.toml ( PEP517 PEP518 PEP621 PEP660 )✅ Supported

Anaconda

FeatureSupport LevelNotes
requirements files ( requirements.txt )✅ SupportedAnaconda scanning is supported via requirements.txt. See detailed Anaconda setup instructions. Your Technical Account Manager can help you with this process.
Anaconda Cloud⏳ PlannedSocket scans artifacts published to PyPI, with Anaconda Cloud support planned on Socket’s roadmap. Socket supports the PyPI registry and therefore we can report risks for any Anaconda package which is also published to PyPI.

Go

Socket supports Go. Contact us to get access.

Package ManagementSupport LevelNotes
Go Modules (go.mod and go.sum)✅ Supported

Java

Socket supports Java.

Package ManagementSupport LevelNotes
pom.xml✅ Supported
Super POM✅ Supported
Maven support✅ SupportedMaven Central
Gradle support✅ SupportedGradle is fully supported. Use the open source CycloneDX Gradle plugin to generate and commit an SBOM which Socket will scan. Your Technical Account Manager can help you with this process.
Dependency scopes⏳ Planned

Ruby

Socket supports Ruby.

Package ManagementSupport LevelNotes
Gemfile.lock✅ SupportedLockfiles are fully supported - for the best accuracy ensure Gemfile.lock is committed to source control.
Gemfile / *.gemspec⚠️ Partial SupportUse the open source CycloneDX Ruby gem plugin to generate and commit an SBOM which Socket will scan. Your Technical Account Manager can help you with this process.

.NET (C#, F#, Visual Basic)

Socket supports .NET (C#, F#, Visual Basic).

Package ManagementSupport LevelNotes
NuGet (*.*proj, packages.lock.json, *.nuspec, and packages.config)✅ SupportedLockfiles are fully supported and provide the best accuracy - ensure all packages.lock.json files are committed to source control.

Other MSBuild / Nuget manifests are fully supported but SBOM accuracy depends on the complexity of the projects' configuration.

Scala

Socket supports Scala. See detailed Scala setup instructions.

Package ManagementSupport LevelNotes
build.sbt✅ SupportedSee detailed Scala setup instructions .Your Technical Account Manager can help you with this process.
Gradle support✅ SupportedGradle is fully supported. See detailed Gradle setup instructions (for Java, Kotlin, and Scala). Your Technical Account Manager can help you with this process.
Maven support✅ SupportedMaven Central

Kotlin

Socket supports Kotlin. See detailed Kotlin setup instructions.

Package ManagementSupport LevelNotes
Gradle support (build.gradle.kts)✅ SupportedGradle is fully supported. See detailed Gradle setup instructions (for Java, Kotlin, and Scala) . Your Technical Account Manager can help you with this process.
Maven support✅ SupportedMaven Central

Rust

Rust is in development. Contact us to get access.

📘

Something missing?

Please add a feature request and we will do our best to make your wish come true!

Updated 5 days ago

What’s Next