Bret Comnes
January 9, 2023
If you use Socket for GitHub and you're a GitHub organization admin, you will receive a permissions update email from Socket today.
We are preparing to launch a new dashboard feature on the Socket website and we need one new permission, "Members", which gives us access to the list of members in the organization. This helps ensure GitHub app installations are accurately represented in the dashboard, and to also ease the onboarding flow of organization members into the Socket dashboard if they don't have a Socket account.
Additionally, we took this as an opportunity to remove some permissions we no longer rely on, specifically the "Single file" permission. The Socket app continues to only read package manifest files (e.g. package.json) and never sends source code to our servers.
When you get a moment, please review the new permissions and click accept on the permission request!
If you have any questions about this change, please reach out to us at support@socket.dev and we'll be happy to help!
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
