Ecosystem Support
Languages ecosystems, programming languages, package managers, and features that Socket supports.
Ecosystem Maturity Levels
Socket language ecosystems are classified into three maturity levels:
- Generally Available (GA)
- Beta
- Experimental
The differences are as follows:
| Feature | GA | Beta | Experimental |
|---|---|---|---|
| Availability | Available for all Socket users. | Available for all Socket users. | Enterprise plan users can contact us to get access. |
| Alert Types | Supports 25+ alert types (including Supply Chain Risk, CVE, Quality, Maintenance, and License types). | Supports 20+ alert types (including Supply Chain Risk, CVE, Quality, Maintenance, and License types). | Supports 15+ alert types (including Supply Chain Risk, CVE, Quality, Maintenance, and License types). |
| Support | Premium support from the Socket team. Any reported issues are resolved promptly. | Support from the Socket team. Any reported issues are resolved promptly, but after GA ecosystems. | Reported issues are tracked and prioritized with best effort. |
Ecosystem Support
| Ecosytem | Package manager | Maturity level | Next-gen SCA | Socket scores | Reachability analysis | Autofix PRs |
|---|---|---|---|---|---|---|
| JavaScript and TypeScript | npm, yarn, pnpm | GA | ✅ | ✅ | ✅ | ✅ |
| Python | uv, pip, Poetry, Anaconda | GA | ✅ | ✅ | ✅ | ⏳ Planned |
| Go | Go Modules | GA | ✅ | ✅ | ✅ | ⏳ Planned |
| Java | Maven, Gradle | GA | ✅ | ✅ | ✅ | ⏳ Planned |
| Ruby | Bundler | GA | ✅ | ✅ | ✅ | ⏳ Planned |
| .NET (C#, F#, Visual Basic) | Nuget | Beta | ✅ | ✅ | ⏳ | ⏳ Planned |
| Scala | sbt, Maven, Gradle | Experimental | ✅ | ✅ | ✅ | ⏳ Planned |
| Kotlin | Maven, Gradle | Experimental | ✅ | ✅ | ✅ | ⏳ Planned |
| Rust | cargo | 🚧 In Progress (Q2) | ||||
| Objective-C | CocoaPods | ⏳ Planned (Q3) | ||||
| PHP | Composer | ⏳ Planned (Q3) | ||||
| Swift | Swift Package Manager | ⏳ Planned (Q4) | ||||
| Elixir and Erlang | hex | ⏳ Planned |
Vote for the languages you want us to support next!
At Socket, we're committed to expanding our ecosystem support to support diverse programming languages and package managers. We're driven by the needs of our users so if there's a language you'd like us to support, we encourage you to vote for it. Your votes directly influence our prioritization. If you're considering becoming an enterprise customer, we'd love to hear from you – we can prioritize language support based on your needs. Please reach out to us to discuss your specific requirements.
AI model Scanning Support
Socket scans the contents of AI model files, including those used by popular LLMs, to scan for the full suite of Socket Alerts .
| Package Manager | Support Level | Notes |
|---|---|---|
| PyPI Pickle files | ✅ Supported | Socket scans all pickle files within PyPI packages |
| Hugging Face | ⏳ Planned |
JavaScript and TypeScript
Socket officially supports npm, yarn, and pnpm.
npm
Socket supports npm (versions 6, 7, 8, and 9).
| Feature | Support Level | Notes |
|---|---|---|
npm lockfile (package-lock.json) | ✅ Supported | Socket supports lockfile versions 1, 2, and 3 |
| npm workspaces | ✅ Supported | |
| Package overrides | ✅ Supported | |
file: dependencies | ✅ Supported | |
| shrinkwrap dependencies | ✅ Supported | |
| bundled dependencies | ✅ Supported |
Yarn
Socket fully supports Yarn (versions versions 1, 2, and 3).
| Feature | Support Level | Notes |
|---|---|---|
Yarn lockfile (yarn.lock) | ✅ Supported | |
| Yarn workspaces | ✅ Supported | |
| Selective dependency resolutions (Package overrides) | ✅ Supported | |
file: dependencies | ✅ Supported | |
| shrinkwrap dependencies | ✅ Supported | |
| bundled dependencies | ✅ Supported | |
| Yarn protocols | 🚧 Partial support | |
| Yarn plugins and Plug'n'Play | ⏳ Planned |
pnpm
Socket fully supports pnpm (versions 5, 6, and 7).
| Feature | Support Level | Notes |
|---|---|---|
pnpm lockfile (pnpm-lock.yaml) | ✅ Supported | |
| pnpm workspaces | ✅ Supported | |
| Package overrides/resolutions (Package overrides) | ✅ Supported | |
file: dependencies | ✅ Supported | |
| shrinkwrap dependencies | ✅ Supported | |
| bundled dependencies | ✅ Supported | |
| pnpm protocols | 🚧 Partial support | |
| pnpm patch | ⏳ Planned |
Python
Socket supports Python (uv, pip, Poetry, and Anaconda).
| Package Manager | Support Level | Notes |
|---|---|---|
| uv | ✅ Supported | uv versions 0.x (latest) |
| pip | ✅ Supported | pip versions 20 - 25 (latest) |
| Poetry | ✅ Supported | Poetry versions 1 - 2 |
| PDM | ✅ Supported | TODO |
Anaconda (conda) | 🚧 Partial support | Anaconda versions 22-25 (latest) |
uv
uv is the preferred Python package manager for Socket. This is because uv generates truly deterministic lockfiles through universal resolution. This approach ensures that dependencies are locked consistently across all platforms and environments.
| Feature | Support Level | Notes |
|---|---|---|
uv.lock | ✅ Supported | |
pyproject.toml ( PEP517 PEP518 PEP621 PEP660 ) | ✅ Supported | |
pylock.toml | ⏳ Planned (Q2) | |
| Optional dependencies | ✅ Supported | |
| Python environments | ✅ Supported |
pip
pip dependency resolution is non-deterministic. This is a fundamental limitation of the pip package manager. For best accuracy, Socket recommends using uv if possible.
| Feature | Support Level | Notes |
|---|---|---|
Pipfile and Pipfile.lock | ✅ Supported | |
setup.py | ✅ Supported | |
requirements files ( requirements.txt ) | ✅ Supported | |
pyproject.toml ( PEP517 PEP518 PEP621 PEP660 ) | ✅ Supported | |
pylock.toml | ⏳ Planned (Q2) | |
| pip extras | ✅ Supported |
Poetry
For best accuracy, Socket recommends using uv if possible.
| Feature | Support Level | Notes |
|---|---|---|
pyproject.toml#tool.poetry | ✅ Supported | |
poetry.lock | ✅ Supported | Optional dependencies and extras are not supported for poetry.lock. This is because the lockfile does not lock your optional dependencies. For best accuracy, Socket recommends using uv if possible. |
pylock.toml | ⏳ Planned (Q2) | |
pyproject.toml ( PEP517 PEP518 PEP621 PEP660 ) | ✅ Supported |
PDM
TODO
Anaconda
| Feature | Support Level | Notes |
|---|---|---|
requirements files ( requirements.txt ) | ✅ Supported | Anaconda scanning is supported via requirements.txt. See detailed Anaconda setup instructions. Your Technical Account Manager can help you with this process. |
| Anaconda Cloud | ⏳ Planned | Socket scans artifacts published to PyPI, with Anaconda Cloud support planned on Socket’s roadmap. Socket supports the PyPI registry and therefore we can report risks for any Anaconda package which is also published to PyPI. |
Go
Socket supports Go. Contact us to get access.
| Package Management | Support Level | Notes |
|---|---|---|
Go Modules (go.mod and go.sum) | ✅ Supported |
Java
Socket supports Java.
| Package Management | Support Level | Notes |
|---|---|---|
pom.xml | ✅ Supported | |
| Super POM | ✅ Supported | |
| Maven support | ✅ Supported | Maven Central |
| Gradle support | ✅ Supported | Gradle is fully supported. Use the open source CycloneDX Gradle plugin to generate and commit an SBOM which Socket will scan. Your Technical Account Manager can help you with this process. |
| Dependency scopes | ⏳ Planned |
Ruby
Socket supports Ruby.
| Package Management | Support Level | Notes |
|---|---|---|
Gemfile.lock | ✅ Supported | Lockfiles are fully supported - for the best accuracy ensure Gemfile.lock is committed to source control. |
Gemfile / *.gemspec | ⚠️ Partial Support | Use the open source CycloneDX Ruby gem plugin to generate and commit an SBOM which Socket will scan. Your Technical Account Manager can help you with this process. |
.NET (C#, F#, Visual Basic)
Socket supports .NET (C#, F#, Visual Basic).
| Package Management | Support Level | Notes |
|---|---|---|
NuGet (*.*proj, packages.lock.json, *.nuspec, and packages.config) | ✅ Supported | Lockfiles are fully supported and provide the best accuracy - ensure all packages.lock.json files are committed to source control.Other MSBuild / Nuget manifests are fully supported but SBOM accuracy depends on the complexity of the projects' configuration. |
Scala
Socket supports Scala. See detailed Scala setup instructions.
| Package Management | Support Level | Notes |
|---|---|---|
| build.sbt | ✅ Supported | See detailed Scala setup instructions .Your Technical Account Manager can help you with this process. |
| Gradle support | ✅ Supported | Gradle is fully supported. See detailed Gradle setup instructions (for Java, Kotlin, and Scala). Your Technical Account Manager can help you with this process. |
| Maven support | ✅ Supported | Maven Central |
Kotlin
Socket supports Kotlin. See detailed Kotlin setup instructions.
| Package Management | Support Level | Notes |
|---|---|---|
Gradle support (build.gradle.kts) | ✅ Supported | Gradle is fully supported. See detailed Gradle setup instructions (for Java, Kotlin, and Scala) . Your Technical Account Manager can help you with this process. |
| Maven support | ✅ Supported | Maven Central |
Rust
Rust is in development. Contact us to get access.
Something missing?
Please add a feature request and we will do our best to make your wish come true!
Updated 4 days ago