Product
We're happy to announce that Socket now supports the pnpm package manager!
Developers can now take advantage of the benefits of pnpm while ensuring their dependencies are managed securely with Socket.
Developers choose pnpm because of it's ability to store package files in a shared cache which reduces disk usage and speeds up installations.
This release of Socket includes support for pnpm lockfiles (pnpm-lock.yaml), pnpm workspaces, package overrides/resolutions, file: dependencies, shrinkwrap dependencies, and bundled dependencies.
If you already have Socket for GitHub installed, then there's nothing you need to do to get pnpm support—Socket will automatically start analyzing your pnpm dependencies. Just ensure that your pnpm-lock.yaml is checked into your GitHub repository, and you're good to go!
If you want to try out Socket with pnpm support, you can install the GitHub App in less than 2 minutes.
If you have any questions or feedback, please don't hesitate to reach out to our dedicated support and engineering team. If you would like to chat with someone on our team, you should schedule a demo with a technical expert.
We're here to help you keep your apps secure, no matter what language or package manager you're using. Stay tuned for more ecosystem support soon, and vote for the language or package manager you would like to see next!
Happy hacking!
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Research
Security News
Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.
Security News
The Node.js TSC opted not to endorse a feature bounty program, citing concerns about incentives, governance, and project neutrality.
Research
Security News
A look at the top trends in how threat actors are weaponizing open source packages to deliver malware and persist across the software supply chain.
