Big update!Introducing GitHub Bot Commands. Learn more
Socket
BlogLoveLog in
Book a demo

Announcing the Socket Web Extension beta

Socket is now offering a free browser extension to verify the security and quality of packages on NPM.

Announcing the Socket Web Extension beta

Arjun Barrett

August 18, 2022


At Socket, we've been working hard to make it easier than ever to focus on your code without worrying about the security of your open-source dependencies. Today, we're excited to announce the public beta of the Socket web extension for NPM, which adds Socket metrics to the NPM package and search pages.

Socket analyzes potential vulnerabilities and unwanted behavior throughout your entire dependency tree. With the Socket extension, you can verify that the NPM package you're about to install is secure and trustworthy.

Extension tour

Let's say we were looking for an NPM package for creating peer-to-peer connections.

p2p has a pretty low Socket score (as we can see from the tiny bar next to the "S"). That means p2p could potentially be dangerous to the security of our open-source supply chain. gun and bitcore-lib have better scores, but they don't seem to be made for general-purpose P2P, so let's just check out p2p for now.

It seems that although the p2p package is of decent quality, it's not very actively maintained and has many potential vulnerabilities. We can investigate the issues further by clicking on the issues in Socket's issue panel, but we'll instead head back to the search page to explore potential alternatives.

A few results down, we find a package based on WebRTC that's actually made for P2P data exchange in web browsers. And it has a good Socket score!

We open the NPM package page and see more detailed metrics about the impact simple-peer could have on our security. We see that it's a pretty popular package, since all the original NPM metrics are still visible.

Since simple-peer seems to be a secure, popular package that matches what we're looking for, we can install it with confidence!

Installation

If you're on Chrome, Edge, Brave, or another Chromium-based browser, you can install the extension from its page on the Chrome Web Store.

The Firefox version of the extension is available on Firefox Add-Ons.

Safari is not yet officially supported, but we're working on it!

Future plans

In the near-term, we're hoping to add support for Safari. We also plan to make the extension repository open source once we've finalized Socket's public API. For now, feel free to install our extension to speed up your open-source package review process. Let us know if you find any bugs!

If you like our extension, why not ensure the security of your entire project as it grows and matures? Install Socket's GitHub app and get protected today!


Back to all posts
Socket

Product

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc