
Product
Engineering
Socket VSCode Extension
Introducing a VS Code editor integration for Socket Security.
AI detected malware
Bidirectional unicode control characters
Bin script confusion
Bin script shell injection
Chronological version anomaly
Debug access
Dynamic require
Empty package
Environment variable access
Filesystem access
29 more issues →
Bad dependency semver
Bad semver
Bad text encoding
CommonJS depending on ESModule
Extraneous dependency
File dependency
Invalid package.json
Minified code
Missing dependency
Missing package tarball
8 more issues →
Deprecated
No bug tracker
No contributors or author data
Unmaintained
Critical CVE
CVE
Mild CVE
Deprecated license
Deprecated SPDX exception
Legal notice
License change
License exception
Missing license
Mixed license
Modified license
Modified license exception
Non OSI license
3 more issues →
Depend on Socket to prevent malicious open source dependencies from infiltrating your app.
Install the Socket GitHub App in less than 5 minutes and get protected today.
Block 60+ issues in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more.
Reduce work by surfacing actionable security information directly in GitHub. Empower developers to make better decisions.
Jan 06, 2022
Maintainer intentionally adds malware
Rogue maintainer sabotages his own open source package with 100M downloads/month, notably breaking Amazon's AWS SDK.
Nov 15, 2021
npm discovers a platform vulnerability allowing unauthorized publishing of any package
Attackers could publish new versions of any npm package without authorization for multiple years.
Oct 22, 2021
Hijacked package adds cryptominers and password-stealing malware
Multiple packages with 30M downloads/month are hijacked and publish malicious versions directly into the software supply chain.
Nov 26, 2018
Package hijacked adding organization specific backdoors
Obfuscated malware added to a dependency which targeted a single company, went undetected for over a week, and made it into their production build.
Product
Engineering
Introducing a VS Code editor integration for Socket Security.
Product
Socket has introduced a new dashboard functionality to aid in self service and auditing in one centralized location.
Research
Engineering
We have been using GPT at Socket to help triage the npm package firehose for a couple months now. Here is what it is like after actual experience.