Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

Product

Announcing the Socket Web Extension

Socket is now offering a free browser extension to verify the security and quality of packages on NPM.

Announcing the Socket Web Extension

Arjun Barrett

July 31, 2023


At Socket, we've been working hard to make it easier than ever to focus on your code without worrying about the security of your open-source dependencies. Today, we're excited to announce the public beta of the Socket browser extension which helps you pick better packages by adding Socket package metrics to the NPM package and search pages. The extension is available for Chrome, Firefox, and any Chromium-based browser such as Edge and Brave.

Socket analyzes potential vulnerabilities and unwanted behavior throughout your entire dependency tree. With the Socket extension, you can verify that the NPM package you're about to install is secure and trustworthy.

Extension tour#

Let's say we were looking for an NPM package for creating peer-to-peer connections.

p2p has a pretty low Socket score (as we can see from the tiny bar next to the "S"). That means p2p could potentially be dangerous to the security of our open-source supply chain. gun and bitcore-lib have better scores, but they don't seem to be made for general-purpose P2P, so let's just check out p2p for now.

It seems that although the p2p package is of decent quality, it's not very actively maintained and has many potential vulnerabilities. We can investigate the issues further by clicking on the issues in Socket's issue panel, but we'll instead head back to the search page to explore potential alternatives.

A few results down, we find a package based on WebRTC that's actually made for P2P data exchange in web browsers. And it has a good Socket score!

We open the NPM package page and see more detailed metrics about the impact simple-peer could have on our security. We see that it's a pretty popular package, since all the original NPM metrics are still visible.

Since simple-peer seems to be a secure, popular package that matches what we're looking for, we can install it with confidence!

Watch a quick video walkthrough!#

Installation#

If you're on Chrome, Edge, Brave, or another Chromium-based browser, you can install the extension from its page on the Chrome Web Store.

The Firefox version of the extension is available on Firefox Add-Ons.

Safari is not yet officially supported, but we're working on it!

Future plans#

In the near-term, we're hoping to add support for Safari. We also plan to eventually add support for other package repositories like PyPI. For now, feel free to install our extension to speed up your open-source package review process. Let us know if you find any bugs!

If you like our extension, why not ensure the security of your entire project as it grows and matures? Install Socket's GitHub app and get protected today!

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Install GitHub AppBook a demo

Related posts

Back to all posts
SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc