We just released v0.9.0 of the Socket CLI with some improvements to the socket info
command so you can get useful information about an npm package, right in the terminal.
View a package's scores#
In this release, we display the package's scores whenever you run the socket info
command so you can easily get an idea of the security status of an npm package.
We use a similar rating and color coding system as on the Socket website to indicate the score health. Green represents a healthy metric with low risk, orange is medium, and red is a poor metric with potential high risk.
For example, this is what the output looks like for TypeScript version 5.3.2.
View a package's issues#
If an npm package has security issues, the socket info
command will now display a list of these issues, with a link to get more information for each issue.
If you want to learn more about other issues, check out the comprehensive list of issues Socket detects.
If you do not know the exact version of a package, you can now use its dist tags. For example, you can run the command socket info typescript@dev
to get the scores and issues for the dev
release of the TypeScript package.
Also, if you'd like to get information about the latest version of a package, you can use the latest
dist tag or only use the package name, without specifying a version, for example, socket info typescript
.
What's next#
We're regularly making improvements to the Socket CLI, working towards a version 1.0 release. If you'd like to learn more about all the commands and features available, please check out our docs!