We’re excited to announce that our Threat Feed is now available in the dashboard for Socket users. The feed displays known malware packages we detected, giving users better visibility into the types of threats Socket is blocking.
Unlike many traditional vulnerability scanning tools, Socket’s AI-powered threat detection analyzes the code of every open source package that is published to the public registries. It does this in real-time, making it the fastest tool available for identifying zero-day software supply chain threats. Our analysis often catches them within seconds of publication, thwarting attacks before they have the chance to happen.
The Threat Feed displays a sampling of malware detected across the npm and PyPI ecosystems. It includes only the threats that were flagged and confirmed as known malware by a human reviewer.
It’s important to note that if you have enabled “AI Detected Security Risk” in your Security Policy settings in the dashboard, we also block those packages that AI has determined may contain potential security issues or vulnerabilities. Once a human has confirmed it is truly malware, then we change the alert to be “Known Malware,” and it will also show up in the new Threat Feed. The fastest protection comes with this AI-detected Security Risk setting, albeit with a few false positives. (If you only want to see human-reviewed known malware, then the other option is a better fit.)
By default, the new Threat Feed shows all the latest malware threats but the full feed is only available on our Team and Enterprise plans. Free users are limited to seeing the 30 most recent threats.
Clicking on a threat displays a description with more information and a link to the package page. (The artifact column only pertains to the PyPI packages, as NPM only has one artifact per version.)
Some packages have multiple threats, as seen in the GIF above. Scrolling down and clicking on the location will take you to the file where the threat was detected.
For a more granular overview of alerts on Socket-protected repositories, check out the Organization Alerts, which shows the alert type, category, severity, dependencies type (direct or transitive), and manifest files (i.e. npm/PyPI workspaces).
We will be making more improvements to the new Threat Feed in the coming days. If you have feedback or suggestions for features Socket should support in future iterations, please get in touch and let us know.