Socket CLI v0.9.0 Now Available

We just released v0.9.0 of the Socket CLI with some improvements to the socket info command so you can get useful information about an npm package, right in the terminal.

View a package's scores#

In this release, we display the package's scores whenever you run the socket info command so you can easily get an idea of the security status of an npm package.

We use a similar rating and color coding system as on the Socket website to indicate the score health. Green represents a healthy metric with low risk, orange is medium, and red is a poor metric with potential high risk.

For example, this is what the output looks like for TypeScript version 5.3.2.

View a package's issues#

If an npm package has security issues, the socket info command will now display a list of these issues, with a link to get more information for each issue.

If you want to learn more about other issues, check out the comprehensive list of issues Socket detects.

Use dist tags#

If you do not know the exact version of a package, you can now use its dist tags. For example, you can run the command socket info typescript@dev to get the scores and issues for the dev release of the TypeScript package.

Also, if you'd like to get information about the latest version of a package, you can use the latest dist tag or only use the package name, without specifying a version, for example, socket info typescript.

What's next#

We're regularly making improvements to the Socket CLI, working towards a version 1.0 release. If you'd like to learn more about all the commands and features available, please check out our docs!