Product

Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!

We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.

We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.

We're excited to announce that Socket now supports the Java programming language.

We're introducing a new Analytics feature in the Socket dashboard so you can view changes in your organization's and repositories' alerts over time.

Can you spot malicious malicious packages on the web at a glance? Socket can. Check out our updated Web Extension!

Socket introduces three new customizable default security policies for users to choose from: Low Noise (traditional SCA), Default, and Higher Noise.

Check out what's new at Socket with our Product Changelog. It tracks all public-facing updates, improvements, and fixes so you can take full advantage of our features.

Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.

Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.

We're introducing dependency visualization for reports - get a quick impression of the state of your dependencies without getting lost in the details.

Socket AI now enables 'AI detected potential malware' alerts by default, ensuring users benefit from AI-powered state-of-the-art malware detection without needing to opt-in.

In an effort to give back to the software creators whose contributions benefit the global developer community, open source projects can now get a free upgrade to our Team plan.

Socket is adding a new dashboard Threat Feed that gives users more visibility into malware detected and blocked across npm and PyPI ecosystems.

Socket is deprecating Project Report v0 in favor of the new, faster Project Report v1.

The latest update of Socket for GitHub features a new web-based diff report viewer, enhanced support for PyPI and Golang, faster scan times, and a new syntax for specifying package ignores.

Get a comprehensive, organization-wide view of security risks across all repositories in your organization – even if you have hundreds of thousands of dependencies across thousands of repositories.

Socket's new Audit Log feature allows administrators to monitor important account changes and the history of all events in Socket.

Learn how to integrate Socket into your Bitbucket pipeline for added security, reducing your dependency supply chain risk!

We just released v0.9.0 of the Socket CLI with some improvements to the socket info command so you can get useful information about an npm package, right in the terminal.

A short walkthrough of how to integrate Socket into the Gitlab CI/CD process

Get more information about the most popular JavaScript packages with Socket's new AI-generated package summaries.

Our new and improved Project Health Reports are now generally available.

Socket is happy to enable developers to customize their own feature plan choices with the announcement of self-service payment plans.

Get visibility and control over your open source dependencies, across your whole organization

We're excited to announce that Socket now supports the Go programming language.

Socket is now offering a free browser extension to verify the security and quality of packages on NPM.

The Socket Security extension for VSCode now supports Python.

You can now send Socket Pull Request Notifications to Slack!

The Socket GitHub app now runs Project Health Reports on the default branch instead of in pull requests.

We share some feedback and directions on Socket's npm wrapper.

Socket introduces an overall project health report for viewing relevant data to entire projects at a glance.

Socket is using ChatGPT to examine every npm and PyPI package for security issues.

Socket Dependency Overview helps developers understand the risk of dependency changes by leaving an in-depth comment on any pull request that adds, updates, or removes dependencies.

Socket is proud to introduce an exciting new tool—“safe npm”—that protects developers whenever they use npm install.

Socket now supports the pnpm package manager! Check it out and stay away from vulnerable and malicious packages.

We're excited to announce that Socket now supports the Python programming language.

We have a new configuration file format and library for working with it!

Socket is proud to announce improved support for npm and Yarn, including full support for npm versions 6, 7, 8, and 9 and full support for Yarn versions 1, 2, and 3.

Introducing a VS Code editor integration for Socket Security.

Socket has introduced a new dashboard functionality to aid in self service and auditing in one centralized location.

Socket for GitHub requires a new GitHub permission. Here are the details.

We're excited to preview a brand new way to use Socket, a CLI tool! This will be especially useful to those of you not using GitHub or those who want more control over how you interact with Socket..

Socket for GitHub has added the option to customize which issue alerts your pull request receives.

We added 5 new issues to our GitHub pull request alerts.

Dismiss Socket pull request alerts using bot commands.

Finer-grained check runs, new config options, and improved reliability.