
Product
Announcing Self-Service Payment Plans
Socket is happy to enable developers to customize their own feature plan choices with the announcement of self-service payment plans.
Subscribe to get notified when we publish new security blog posts.
At Socket, our journey began with a clear and pressing mission: Make Open Source Safer. We've always believed in the power of open source, but it was frustrating to see how dependency security tools failed to address the real threats faced by developers. Their methods were imprecise, noisy, and reactive, often leaving developers in the lurch.
We set out to change that.
Our customers, including Figma, Vercel, and one of Canada's largest telecoms, have shown us that the need for a proactive and precise tool is real. They love Socket for its ability to provide visibility, defense-in-depth, and proactive supply chain protection for their JavaScript and Python dependencies. What sets us apart is our commitment to helping developers and security teams ship faster and spend less time on security busywork.
Today, we're excited to announce the launch of Dependency Search, a new feature that gives you visibility into your open source dependencies. With Dependency Search, you can query across your entire codebase to find out if you're using a specific dependency.
Here's how it works:
Dependency Search offers:
Simply put, it's a tool designed to empower developers with the insights they need, when they need them.
Ever read a news piece about a compromised dependency and felt a shiver run down your spine? With Dependency Search, you can quickly check if you're using that specific package version across every repo in your organization. Confirm in moments that you haven't been affected, and sleep a little easier at night.
If you've ever been contacted privately about a potential vulnerability, you'll know the challenge: traditional SCA tools, which rely on publicly disclosed vulnerabilities (CVEs), can't detect whether you're using a dependency with those undisclosed risks. With Dependency Search, you gain the power to proactively spot packages that harbor privately-reported vulnerabilities. Rather than resorting to crafting your own solution or, even riskier, waiting for a public CVE disclosure, Dependency Search equips you with the immediate insights you need.
The White House's directive on SBOMs emphasized their importance in software transparency. Sadly, few companies even collect SBOMs, let alone utilize them productively. Socket's Dependency Search isn't just about collecting these SBOMs but also providing actionable insights, thereby truly operationalizing them for your benefit.
The launch of Dependency Search is just one of our recent announcements. This week, we also announced our $20M Series A funding, Go support, and a new Socket Chrome extension! We're committed to continuous innovation to make open source safer for everyone.
To experience the power of Dependency Search and other Socket features, install Socket for GitHub today. We're excited to see how you'll use these tools to improve your open source security.
Product
Socket is happy to enable developers to customize their own feature plan choices with the announcement of self-service payment plans.
Socket Security Scan
Socket AI detected a malicious package on PyPI that had an abnormally high potential impact and the Socket security researchers investigated finding malicious behavior.
Programmer Introspective
package.json contains a local aliasing mechanism for import paths called "imports" it satisfies many use cases without tooling specific solutions like tsconfig.json