Socket is quick and easy to install.

• Takes 2 minutes to install
• Very minimal permissions
  • Does not use write permissions
  • Never uploads your source code
• The easiest security product you’ve ever installed! ✨

Step 1

Install the Socket Security App from the GitHub Marketplace by visiting: github.com/apps/socket-security.

Step 2

Select the repositories you want to protect.

Step 3.

🥳

You’re done! There’s no step 3.

We told you this would be the easiest security product you ever installed!

What next?

You can always add or remove Socket from additional repositories by visiting the Socket Security app settings within GitHub.

When you install the GitHub app to your GitHub user account or organization, Socket will begin analyzing all pull requests for changes to the following dependency files:

• package.json
• package-lock.json
• yarn.lock

For each head commit in a pull request containing npm related dependency files, a project report will be generated, which lists all dependencies found in the project.

If the pull request contains a dependency change that introduces any of the following issues, a comment will be created in the pull request that includes more details about the change.

• Potential Typo Squat
• Malware
• Install scripts
• Telemetry
• Troll Package
• Native code
• Bin script confusion
• Bin script shell injection