Big news!Introducing Socket AI - ChatGPT-Powered Threat Analysis.Learn more →

Docs
Pricing

Issue detection

We automatically detect package issues for you.

Integrations

We integrate with all the tools you use. Try it.

Blog

Keep up to date with all the news.

Love

See why developers love Socket.

Docs Pricing

Signing is Just the Start

Socket provides an introspective on code signing in relation to the supply chain incident from SolarWinds.

Posts

Changelog

Subscribe to the Socket Blog

The Socket blog now offers both full content Atom and JSON feeds which let you subscribe to all future Socket blog posts.

By Bret Comnes

Changelog

Project Health Reports now run on the default branch

The Socket GitHub app now runs Project Health Reports on the default branch instead of in pull requests.

By Bret Comnes

Application Security

npm Registry Code Signing

Socket explains the newly released npm provenance provided by GitHub.

By Bradley Meck Farias

Company News

Socket at BSidesSF and RSA Conference 2023

Socket is back at BSidesSF and RSA! Stop by to meet the team and hang out.

By Feross Aboukhadijeh

Product

Socket npm Wrapper Feedback Update

We share some feedback and directions on Socket's npm wrapper.

By Bradley Meck Farias

Product

Announcing Socket Project Health Reports

Socket introduces an overall project health report for viewing relevant data to entire projects at a glance.

By Feross Aboukhadijeh

Product

Introducing Socket AI – ChatGPT-Powered Threat Analysis

Socket is using ChatGPT to examine every npm and PyPI package for security issues.

By Mikola Lysenko

Research

Spam-tastic! npm Registry Swamped by Bizarre John Wick Frenzy

The npm public registry is drowning in a tsunami of spam and phishing, and it's all thanks to everyone's favorite gun-toting antihero, John Wick.

By Bradley Meck Farias

Product

Introducing Socket Dependency Overview

Socket Dependency Overview helps developers understand the risk of dependency changes by leaving an in-depth comment on any pull request that adds, updates, or removes dependencies.

By Bret Comnes

Product

Introducing "safe npm", a Socket npm Wrapper

Socket is proud to introduce an exciting new tool—“safe npm”—that protects developers whenever they use npm install.

By Bradley Meck Farias

Company News

Socket Joins Forces with Ecosystems to Strengthen Open Source Security

Socket partners with Ecosystems to build and maintain secure, resilient, and sustainable open source ecosystems.

By Feross Aboukhadijeh

Product

Introducing pnpm support in Socket

Socket now supports the pnpm package manager!

By Mikola Lysenko

Product

Introducing Python Support

We're excited to announce that Socket now supports the Python programming language.

By Feross Aboukhadijeh

Company News

Announcing SOC 2 Type 2 Compliance: Ensuring the Highest Standards of Security

Socket is thrilled to announce that we have achieved a sparkling clean SOC 2 Type 2 attestation report.

By Feross Aboukhadijeh

Research

Programmer Introspective

Let's make JS RegExps Streamy

Proposing a more usable RegExp for JS in light of async I/O and streaming.

By Bradley Meck Farias

Company News

Nominating Bradley Meck Farias for OpenSSF Governing Board

Socket is nominating Bradley Meck Farias as a representative to the OpenSSF Governing Board.

By Feross Aboukhadijeh

Product

socket.yml v2 now available

We have a new configuration file format and library for working with it!

By Bret Comnes, Pelle Wessman

Product

Improved Support for npm and Yarn in Socket

Socket is proud to announce improved support for npm and Yarn, including full support for npm versions 6, 7, 8, and 9 and full support for Yarn versions 1, 2, and 3.

By Feross Aboukhadijeh

Product

Engineering

Socket VSCode Extension

Introducing a VS Code editor integration for Socket Security.

By Bradley Meck Farias

Product

Introducing Organization Dashboards

Socket has introduced a new dashboard functionality to aid in self service and auditing in one centralized location.

By Bret Comnes

Research

Engineering

Using GPT at Work

We have been using GPT at Socket to help triage the npm package firehose for a couple months now. Here is what it is like after actual experience.

By Mikola Lysenko

Engineering

Programmer Introspective

Goals for Modern Online File Explorers

File explorers are great tools for programmers when they can let code be understood, but what does it take to ship a file explorer and what does it mean to help programmers by providing one.

By Bradley Meck Farias

Research

Updating a package every day would take 30 years to catch binky's version

A package published an anomalous 11460 versions in 4 months, Socket Security had to figure out if it was something to be concerned about.

By Bradley Meck Farias

Product

GitHub App Permission Update (Jan 2023)

Socket for GitHub requires a new GitHub permission. Here are the details.

By Bret Comnes

Company News

Announcing SOC 2 Type 1 Compliance

Socket has successfully completed the SOC 2 Type I audit by meeting rigorous security and confidentiality standards.

By Feross Aboukhadijeh

Company News

Why Socket Joined the Open Source Security Foundation

Socket is joining the Open Source Security Foundation (OpenSSF), the cross-industry organization working on the most important open source security initiatives.

By Feross Aboukhadijeh

Product

Announcing: Socket CLI Preview

We're excited to preview a brand new way to use Socket, a CLI tool! This will be especially useful to those of you not using GitHub or those who want more control over how you interact with Socket..

By Pelle Wessman

Product

Customize your GitHub Issue Alerts

Socket for GitHub has added the option to customize which issue alerts your pull request receives.

By Bret Comnes

Research

These Chinese devs are storing 1000s of eBooks on GitHub and npm

Circumventing Chinese censorship: Plethora of eBooks pervade these GitHub and npm repositories containing contents of banned websites like 'The Economist'

By Ax Sharma