
Changelog
Subscribe to the Socket Blog
The Socket blog now offers both full content Atom and JSON feeds which let you subscribe to all future Socket blog posts.
Changelog
The Socket blog now offers both full content Atom and JSON feeds which let you subscribe to all future Socket blog posts.
Changelog
The Socket GitHub app now runs Project Health Reports on the default branch instead of in pull requests.
Application Security
Socket explains the newly released npm provenance provided by GitHub.
Company News
Socket is back at BSidesSF and RSA! Stop by to meet the team and hang out.
Product
We share some feedback and directions on Socket's npm wrapper.
Product
Socket introduces an overall project health report for viewing relevant data to entire projects at a glance.
Product
Socket is using ChatGPT to examine every npm and PyPI package for security issues.
Research
The npm public registry is drowning in a tsunami of spam and phishing, and it's all thanks to everyone's favorite gun-toting antihero, John Wick.
Product
Socket Dependency Overview helps developers understand the risk of dependency changes by leaving an in-depth comment on any pull request that adds, updates, or removes dependencies.
Product
Socket is proud to introduce an exciting new tool—“safe npm”—that protects developers whenever they use npm install.
Company News
Socket partners with Ecosystems to build and maintain secure, resilient, and sustainable open source ecosystems.
Product
We're excited to announce that Socket now supports the Python programming language.
Company News
Socket is thrilled to announce that we have achieved a sparkling clean SOC 2 Type 2 attestation report.
Research
Programmer Introspective
Proposing a more usable RegExp for JS in light of async I/O and streaming.
Company News
Socket is nominating Bradley Meck Farias as a representative to the OpenSSF Governing Board.
Product
We have a new configuration file format and library for working with it!
Product
Socket is proud to announce improved support for npm and Yarn, including full support for npm versions 6, 7, 8, and 9 and full support for Yarn versions 1, 2, and 3.
Product
Engineering
Introducing a VS Code editor integration for Socket Security.
Product
Socket has introduced a new dashboard functionality to aid in self service and auditing in one centralized location.
Research
Engineering
We have been using GPT at Socket to help triage the npm package firehose for a couple months now. Here is what it is like after actual experience.
Engineering
Programmer Introspective
File explorers are great tools for programmers when they can let code be understood, but what does it take to ship a file explorer and what does it mean to help programmers by providing one.
Research
A package published an anomalous 11460 versions in 4 months, Socket Security had to figure out if it was something to be concerned about.
Product
Socket for GitHub requires a new GitHub permission. Here are the details.
Company News
Socket has successfully completed the SOC 2 Type I audit by meeting rigorous security and confidentiality standards.
Company News
Socket is joining the Open Source Security Foundation (OpenSSF), the cross-industry organization working on the most important open source security initiatives.
Product
We're excited to preview a brand new way to use Socket, a CLI tool! This will be especially useful to those of you not using GitHub or those who want more control over how you interact with Socket..
Product
Socket for GitHub has added the option to customize which issue alerts your pull request receives.
Research
Circumventing Chinese censorship: Plethora of eBooks pervade these GitHub and npm repositories containing contents of banned websites like 'The Economist'
Product
We added 5 new issues to our GitHub pull request alerts.
Research
npm package ‘state-counter’ mimics StatCounter but instead pops open a very NSFW website.
Research
Yet another attack vector that allows malicious packages to pwn you.
Product
Finer-grained check runs, new config options, and improved reliability.
Company News
Today we're shipping a big update to Socket for GitHub to help developers protect their apps from software supply chain attacks.
Company News
Redefining open source security through proactive supply chain risk management
Application Security
Examples of recent supply chain attacks and concrete steps you can take to protect your team from this emerging threat.
Application Security
Confidence is good but overconfidence always sinks the ship.