Improved Support for npm and Yarn in Socket

Open source software plays a critical role in the development of modern applications. However, with the increasing popularity of open source, security has become a major concern for developers. How do you know you can trust your open source packages? To help developers stay secure, Socket provides a powerful tool for managing open source software. With Socket, developers can find, audit, and manage their open source dependencies with ease, reducing the risk of security vulnerabilities in their code.

To help address this challenge for more users in the JavaScript community, Socket is proud to announce improved support for npm and Yarn.

Improved npm Support#

Socket now offers full support for npm versions 6, 7, 8, and 9, including lockfile versions 1, 2, and 3, workspaces, package overrides, file: dependencies, shrinkwrap dependencies, and bundled dependencies. This gives developers greater flexibility and control over their npm dependencies, making it easier to manage their open source software securely.

Yarn is officially supported#

In addition to improved npm support, Socket now fully supports Yarn versions 1, 2, and 3. This includes support for the yarn lockfile format, workspaces, selective dependency resolutions (package overrides), file: dependencies, shrinkwrap dependencies, and bundled dependencies. With this improved support, developers can take advantage of the benefits of Yarn while ensuring their dependencies are managed securely!

Coming soon: Official pnpm Support#

Socket is also planning to fully support pnpm in the near future. This will allow developers to take advantage of pnpm's unique features, including its ability to store package files in a shared cache, reducing disk usage and speeding up installations. Vote for pnpm support on the Socket Roadmap to be notified when it's ready.

UPDATE: We shipped pnpm support. See the full announcement post.

Try Out Socket Today#

With its improved support for npm and Yarn, Socket provides developers with a powerful tool for managing open source software securely. Whether you're a seasoned developer or just starting out, Socket is the perfect tool for anyone looking to reduce the risk of security vulnerabilities in their code.

So why not give Socket a try today? With its GitHub integration, Socket for GitHub makes it easy to start using Socket in your projects. You'll love how much time and effort you'll save, and you'll appreciate the peace of mind that comes from knowing your open source software is managed securely.