Introduction to Socket CLI
In the current preview release of the Socket CLI we have shipped a first set of the commands. More are to come as we are developing towards a
socket report create– creates a Project Health Report on Socket.dev for your project. Uploads your
package-lock.jsonetc and creates a report out of them.
socket ci– like
socket report createbut waits for the report to complete and exits with an error code if report is showing that the project is unhealthy. Useful to automate Socket checks in eg. your Continuous Integration runs
socket info [email protected]– enables looking up supply chain risks and other package "issues" that Socket has detected for given version of a package.Gives you a short summary, but also eg. supports outputting the raw JSON response from our API, for your
jqpleasures or similar
What's in a Project Health Report?
A Socket Project Health Report contains a full listing of all package issues present in the project, as well as individual health scores for each package and average scores for the whole project.
There's a lot of incredible information about your packages in here:
How does the CLI work?
socket is a multi-command CLI tool.
socket command does nothing more than giving you some help information, the rest of the magic is in the individual commands.
Our current two commands,
info, will likely get accompanied by more in the future. On top of that,
report in itself is also multi-command and will for sure get more sub-commands going forward.
All commands describe themselves if you ask them using
--help and the commands support mostly the same flags:
--json- outputs result as json which you can then pipe into
jqand other tools
--markdown- outputs result as markdown which you can then copy into an issue, PR or even chat
--all- by default only
criticalissues are included, by setting this flag all issues will be included
--strict- when set, exits with an error code if report result is deemed unhealthy
--dry-run- like all CLI tools that perform an action should have, we have a dry run flag. Eg.
socket report createsupports running the command without actually uploading anything
--debug- outputs additional debug output. Great for debugging, geeks and us who develop. Hopefully you will never need it, but it can still be fun, right?
--help- prints the help for the current command. All CLI tools should have this flag
--version- prints the version of the tool. All CLI tools should have this flag
How can I get my hands on this?
Install it like this:
npm install -g @socketsecurity/cli
Then run it using commands like:
socket --help socket info [email protected] socket report create . socket report create package.json
And if you don't like to be asked for an API key all of the time (lets say you're in a CI environment), then put it in a
SOCKET_SECURITY_API_KEY environment variable.
If you want to add the environment variable for a local project but not globally, then use a tool like
Updated about 1 month ago