Does this run locally on my computer?

The CLI itself runs locally, but it communicates with our public API, for example by uploading your dependency manifest files to Socket for analysis.

• Socket is designed to work without the need to analyze, upload, or share your source code.
• The only data we collect from your repository is the package.json file and associated lockfiles such as package-lock.json and yarn.lock, which we call the dependency snapshot. Same for other ecosystems we support, like python and Ruby.
• We use the dependency snapshot to determine the list of packages used by your repository, perform our open source risk analysis, and produce a report.

Can I look at reports locally on the computer?

Yes! If you have a Scan ID you can use socket scan view or socket scan report to view details on them. You can export them raw with the --json flag or get nice shareable output with the --markdown flag.

Why does my scan not show up in the dashboard?

Most likely you need to set the --pending-head flag. Without that option new scans will not show up.

When I run a report locally, the execution is immediate but the report does not load in the UI. Is there a background job running that I am waiting for before the report is ready?

Yes, when using socket report create (without the --report option) the report ID is created and returned to you right away. The report is actually generated lazily when you go to view it.