Socket CLI FAQ
Does this run locally on my computer?
The CLI itself runs locally, but it works by uploading your dependency manifest files to Socket for analysis.
- Socket is designed to work without the need to analyze, upload, or share your source code.
- The only data we collect from your repository is the
package.json
file and associated lockfiles such aspackage-lock.json
andyarn.lock
, which we call the dependency snapshot. - We use the dependency snapshot to determine the list of packages used by your repository, perform our open source risk analysis, and produce a report.
If so, why is a Github account required for this to function?
The GitHub account requirement is just a limitation of our account system at the moment. Basically, all reports that you generate need to be tied to a Socket organization and, at the moment, the only way to create a Socket organization is by installing our GitHub integration into a GitHub organization.
We plan to lift this limitation in the future. You can track this roadmap item in our public feedback tracker here.
Can I look at reports locally on the computer?
At the moment the only way to view reports locally is to view them as JSON. You can run socket report view REPORT_ID --json
to access a report.
Alternatively, to create and view a report in a single command, you can use socket report create . REPORT_ID --view --json
. This command has the advantage that it will wait until the report is finished generating before it outputs the JSON and exits the command.
When I run a report locally, the execution is immediate but the report does not load in the UI. Is there a background job running that I am waiting for before the report is ready?
Yes, when using socket report create
(without the --view
option) the report ID is created and returned to you right away. The report is actually generated lazily when you go to view it.
Updated 6 months ago