Product
Engineering
Socket VSCode Extension
Introducing a VS Code editor integration for Socket Security.
- Big update!Introducing GitHub Bot Commands. Learn more →
Posts
Product
Introducing Organization Dashboards
Socket has introduced a new dashboard functionality to aid in self service and auditing in one centralized location.
By Bret Comnes
Research
Engineering
Using GPT at Work
We have been using GPT at Socket to help triage the npm package firehose for a couple months now. Here is what it is like after actual experience.
Engineering
Programmer Introspective
Goals for Modern Online File Explorers
File explorers are great tools for programmers when they can let code be understood, but what does it take to ship a file explorer and what does it mean to help programmers by providing one.
Research
Updating a package every day would take 30 years to catch binky's version
A package published an anomalous 11460 versions in 4 months, Socket Security had to figure out if it was something to be concerned about.
Product
GitHub App Permission Update (Jan 2023)
Socket for GitHub requires a new GitHub permission. Here are the details.
By Bret Comnes
Company News
Announcing SOC 2 Compliance: Ensuring the Highest Standards of Security
Socket has successfully completed the SOC 2 Type I audit by meeting rigorous security and confidentiality standards.
Company News
Why Socket Joined the Open Source Security Foundation
Socket is joining the Open Source Security Foundation (OpenSSF), the cross-industry organization working on the most important open source security initiatives.
Product
Announcing: Socket CLI Preview
We're excited to preview a brand new way to use Socket, a CLI tool! This will be especially useful to those of you not using GitHub or those who want more control over how you interact with Socket..
Product
Customize your GitHub Issue Alerts
Socket for GitHub has added the option to customize which issue alerts your pull request receives.
By Bret Comnes
Research
These Chinese devs are storing 1000s of eBooks on GitHub and npm
Circumventing Chinese censorship: Plethora of eBooks pervade these GitHub and npm repositories containing contents of banned websites like 'The Economist'
By Ax Sharma
Product
5 New Critical Issue Alerts
We added 5 new issues to our GitHub pull request alerts.
By Bret Comnes
Research
What’s in your npm stat counter? A love doll store—we hope not!
npm package ‘state-counter’ mimics StatCounter but instead pops open a very NSFW website.
By Ax Sharma
Research
npm bin script confusion: Abusing ‘bin’ to hijack ‘node’ command
Yet another attack vector that allows malicious packages to pwn you.
Product
Github App Improvements
Finer-grained check runs, new config options, and improved reliability.
By Bret Comnes
Company News
Announcing Socket for GitHub 1.0
Today we're shipping a big update to Socket for GitHub to help developers protect their apps from software supply chain attacks.
Company News
$4.6M Series Seed to defend open source from supply chain attacks
Redefining open source security through proactive supply chain risk management
Application Security
What's Really Going On Inside Your node_modules Folder?
Examples of recent supply chain attacks and concrete steps you can take to protect your team from this emerging threat.
Application Security
Why Vulnerability Scanning Isn't Enough To Protect Your App
Confidence is good but overconfidence always sinks the ship.