Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More

Product

socket.yml v2 now available

We have a new configuration file format and library for working with it!

socket.yml v2 now available

Bret Comnes

Pelle Wessman

February 7, 2023


We are happy to announce version 2 of the socket.yml configuration file format. The new format is available for immediate use; don't worry, existing version 1 configuration files will continue to work seamlessly.

If you create a new configuration file, you are encouraged to use version 2; if you have a version 1 configuration file, you are encouraged to migrate it over to version 2 next time you are modifying it or want to access settings not available in version 1.

In addition to the launch of socket.yml version 2, the settings you specify in socket.yml seamlessly overlay the organization settings we also launched recently.

Captain hindsight strikes again!#

When we launched version 1 of socket.yml, the GitHub app was the only consumer of the settings contained within. As we began to roll out our CLI, we realized we wanted to offer a unified way to specify common settings in both the GitHub app and the CLI and any future integrations we might launch. While reconciling the needs of both integrations, we realized we wanted to make some changes to how settings were named and organized, and we ended up with socket.yml version 2.

Not another config migration#

Everyone hates configuration migration busywork, the Socket team included, so we made sure you don't need to do it. Thats why we implemented version 2 to seamlessly work along side version 1. If you have a version 1 socket.yml in place now, you don't need to touch it. It will continue to work.

If in the future you want to add a new setting only available in socket.yml version 2, you will have to migrate to the new version. Luckily, it's very simple to do that, and we have a simple migration guide to help you do that step by step.

A new config version brings a library#

We've also published a library that manages the loading, parsing and validation of version 1 and version 2 socket.yml files. If that sounds useful to something you are trying to do with socket, its available as a package (@socketsecurity/config) and is open source on github.

It's built using JSONSchema and Ajv (one of the best schema based validation systems around) and is fully typed with compilation free typescript-in-js. It will automatically migrate configuration to the latest version during programmatic access. Pretty cool if you as me!

We hope you can try out this feature, and let us know how it works for you!

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Related posts

Back to all posts