Product
Introducing Socket Dependency Overview
Socket Dependency Overview helps developers understand the risk of dependency changes by leaving an in-depth comment on any pull request that adds, updates, or removes dependencies.
By Bret Comnes
- Exciting release!Introducing "safe npm". Learn more →
Improved Support for npm and Yarn in Socket
Socket is proud to announce improved support for npm and Yarn, including full support for npm versions 6, 7, 8, and 9 and full support for Yarn versions 1, 2, and 3.
Feross Aboukhadijeh
February 2, 2023
Open source software plays a critical role in the development of modern applications. However, with the increasing popularity of open source, security has become a major concern for developers. How do you know you can trust your open source packages? To help developers stay secure, Socket provides a powerful tool for managing open source software. With Socket, developers can find, audit, and manage their open source dependencies with ease, reducing the risk of security vulnerabilities in their code.
To help address this challenge for more users in the JavaScript community, Socket is proud to announce improved support for npm and Yarn.
Improved npm Support
Socket now offers full support for npm versions 6, 7, 8, and 9, including lockfile versions 1, 2, and 3, workspaces, package overrides, file: dependencies, shrinkwrap dependencies, and bundled dependencies. This gives developers greater flexibility and control over their npm dependencies, making it easier to manage their open source software securely.
Yarn is officially supported
In addition to improved npm support, Socket now fully supports Yarn versions 1, 2, and 3. This includes support for the yarn lockfile format, workspaces, selective dependency resolutions (package overrides), file: dependencies, shrinkwrap dependencies, and bundled dependencies. With this improved support, developers can take advantage of the benefits of Yarn while ensuring their dependencies are managed securely!
Coming soon: Official pnpm Support
Socket is also planning to fully support pnpm in the near future. This will allow developers to take advantage of pnpm's unique features, including its ability to store package files in a shared cache, reducing disk usage and speeding up installations. Vote for pnpm support on the Socket Roadmap to be notified when it's ready.
UPDATE: We shipped pnpm support. See the full announcement post.
Try Out Socket Today
With its improved support for npm and Yarn, Socket provides developers with a powerful tool for managing open source software securely. Whether you're a seasoned developer or just starting out, Socket is the perfect tool for anyone looking to reduce the risk of security vulnerabilities in their code.
So why not give Socket a try today? With its GitHub integration, Socket for GitHub makes it easy to start using Socket in your projects. You'll love how much time and effort you'll save, and you'll appreciate the peace of mind that comes from knowing your open source software is managed securely.
Product
Introducing "safe npm", a Socket npm Wrapper
Socket is proud to introduce an exciting new tool—“safe npm”—that protects developers whenever they use npm install.
Company News
Socket Joins Forces with Ecosystems to Strengthen Open Source Security
Socket partners with Ecosystems to build and maintain secure, resilient, and sustainable open source ecosystems.