Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in
Back
Security News

vlt Launches Real-Time Dependency Analysis Powered by Socket

vlt adds real-time security selectors powered by Socket, enabling developers to query and analyze package risks directly in their dependency graph.

vlt Launches Real-Time Dependency Analysis Powered by Socket

Sarah Gooding

April 17, 2025

vlt, a fast, modern JavaScript package manager and registry, has launched a new feature that brings real-time security analysis to the dependency graph, powered by Socket.

Known for its high-performance CLI, serverless registry, and tools like reproduce (which verifies package integrity from source), vlt is continuing to push the boundaries of security-aware package management. This latest update introduces a powerful set of Dependency Selector Syntax (DSS) selectors that let developers query their dependency graph for specific risk patterns — with metadata sourced directly from Socket.

Real-Time Security Queries in the CLI and GUI#

The new security selectors allow vlt users to instantly spot risks like unmaintained packages, dangerous patterns (eval, filesystem access), known malware, or problematic licenses — all from a single query:

vlt query :malware
vlt query :license(restricted)
vlt query :eval

The selectors support advanced, composable queries, enabling nuanced searches like 'all postinstall packages that access the network' or 'unmaintained transitive dependencies of react'.

This is made possible by a deep integration with Socket’s metadata engine, which continuously analyzes packages for risk indicators across the JavaScript ecosystem. Socket provides the enriched metadata that vlt deeply integrates into its graph model, enabling complex, security-aware analysis across the entire dependency tree.

The selectors work in both the terminal and vlt’s GUI, giving developers rich insight into their dependencies at a glance and laying the groundwork for future policy enforcement features like blocking builds based on risk.

Supporting a More Secure Ecosystem#

We’re thrilled to support vlt’s vision for a queryable, introspectable, and eventually policy-driven package manager. vlt's new Socket integration brings security insights earlier into the development workflow, and makes risk analysis feel natural and fast. We’re excited to see what the community builds on top of this foundation.

Read vlt’s announcement →

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Install GitHub AppBook a Demo

Related posts

Back to all posts
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases

Research

/

Security News

Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases

Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.

By Lauren Valencia, Kirill Boychenko  -  Sep 17, 2025