
Product
Engineering
Socket VSCode Extension
Introducing a VS Code editor integration for Socket Security.
Product
Engineering
Introducing a VS Code editor integration for Socket Security.
Product
Socket has introduced a new dashboard functionality to aid in self service and auditing in one centralized location.
Research
Engineering
We have been using GPT at Socket to help triage the npm package firehose for a couple months now. Here is what it is like after actual experience.
Engineering
Programmer Introspective
File explorers are great tools for programmers when they can let code be understood, but what does it take to ship a file explorer and what does it mean to help programmers by providing one.
Research
A package published an anomalous 11460 versions in 4 months, Socket Security had to figure out if it was something to be concerned about.
Product
Socket for GitHub requires a new GitHub permission. Here are the details.
Company News
Socket has successfully completed the SOC 2 Type I audit by meeting rigorous security and confidentiality standards.
Company News
Socket is joining the Open Source Security Foundation (OpenSSF), the cross-industry organization working on the most important open source security initiatives.
Product
We're excited to preview a brand new way to use Socket, a CLI tool! This will be especially useful to those of you not using GitHub or those who want more control over how you interact with Socket..
Product
Socket for GitHub has added the option to customize which issue alerts your pull request receives.
Research
Circumventing Chinese censorship: Plethora of eBooks pervade these GitHub and npm repositories containing contents of banned websites like 'The Economist'
Product
We added 5 new issues to our GitHub pull request alerts.
Research
npm package ‘state-counter’ mimics StatCounter but instead pops open a very NSFW website.
Research
Yet another attack vector that allows malicious packages to pwn you.
Product
Finer-grained check runs, new config options, and improved reliability.
Company News
Today we're shipping a big update to Socket for GitHub to help developers protect their apps from software supply chain attacks.
Company News
Redefining open source security through proactive supply chain risk management
Application Security
Examples of recent supply chain attacks and concrete steps you can take to protect your team from this emerging threat.
Application Security
Confidence is good but overconfidence always sinks the ship.