Socket is quick and easy to install.

• Takes 2 minutes to install
• Very minimal permissions
  • Does not use write permissions
  • Never uploads your source code
• The easiest security product you’ve ever installed! ✨

Step 1

Install the Socket Security App from the GitHub Marketplace by visiting: github.com/apps/socket-security.

Step 2

Select the repositories you want to protect.

Step 3.

🥳

You’re done! There’s no step 3.

We told you this would be the easiest security product you ever installed!

What next?

You can always add or remove Socket from additional repositories by visiting the Socket Security app settings within GitHub.

When you install the GitHub app to your GitHub user account or organization, Socket will begin analyzing all pull requests for changes to the following dependency files:

• package.json
• package-lock.json
• yarn.lock

For each commit to the default branch with npm related dependency manifests, a project report will be generated, which lists all dependencies found in the project.

If a pull request contains a dependency change to npm or python dependency manifests that introduces any of the following issues, a comment will be created in the pull request that includes more details about the change.

• Potential Typo Squat
• Malware
• Install scripts
• Telemetry
• Troll Package
• Native code
• Bin script confusion
• Bin script shell injection
• Git dependency
• HTTP dependency
• Unresolved require