What's new at Socket?

Socket now supports parsing Gradle Version Catalog files (libs.versions.toml) during SBOM generation. This improves dependency detection for Gradle projects that rely on version catalogs instead of lockfiles, which are not enabled by default in most setups.

When no lockfile is present, Socket will use the version catalog as a fallback to identify dependencies and resolve them transitively. This significantly improves SBOM coverage for projects that previously produced incomplete or empty results.

This change does not affect projects with existing lockfiles, which remain the highest priority for dependency resolution.

Fixed an issue where the sidebar toggle shortcut could trigger even when modifier keys like Ctrl, Alt, or ⌘ were pressed.

Bare shortcuts now only activate when no modifier keys are held, allowing standard browser and system shortcuts to behave as expected.

Replaced “Safe” with “Undetected” in the supply chain attack campaigns UI to more accurately reflect when no impact has been detected.

The previous label could imply guaranteed safety, while the updated language clarifies that no matches were found without making assumptions about true exposure.

AI-detected potential malware alerts now warn by default across all security policies. With the continued rise in software supply chain attacks, these alerts provide early warning for packages that exhibit suspicious or malicious behavior before manual confirmation by Socket’s threat intel team. We're updating our default security policies to ensure more users are seeing these alerts.

As part of a phased rollout, all policies (low noise, default, and high noise) are now set to “warn," as of Friday, April 3.

New Defaults for AI-Detected Potential Malware alerts:

Next Friday, April 10, the high noise policy will be updated to “block” for AI-detected potential malware, while low noise and default policies will continue to warn.

Upcoming Defaults for AI-Detected Potential Malware alerts:

This phased approach is designed to balance protection and noise while giving teams time to adjust based on their risk tolerance.

Organizations that want maximum protection can set this alert to “block” today, proactively stopping suspicious packages earlier, with the tradeoff of potentially higher noise.

Those that prefer to only surface manually confirmed malware findings can revert this change by setting the "AI-detected potential malware" alert to "monitor" or "ignore" in their security policy.

Updated the UI to better distinguish between valid scores and cases where score data is missing or unavailable.

Error states are now displayed differently to avoid confusion and improve clarity when score information cannot be provided.

Supply chain attack campaign descriptions now support Markdown formatting across both public and dashboard views.

This includes support for bold text, links, lists, and code blocks, improving readability and making it easier to present structured threat details.

You can now sync a single GitHub app installation independently from its installation settings page in Dashboard → Integrations → GitHub.

We’ve also clarified the behavior of the global sync button. The “Sync all GitHub installations” action now explicitly indicates that it syncs every installation linked to your organization, helping avoid confusion when managing multiple workspaces.

This update makes it easier to refresh only the installations that need it, without triggering unnecessary syncs across your entire organization.

Fixed an issue where repositories that had never been fully scanned were not picked up when re-linking the GitHub app or clicking "Sync GitHub". Affected organizations can now trigger a full scan of all repos using the "Sync GitHub" button in dashboard settings → integrations → GitHub.

Streaming full-scan data and alerts now includes a {"_type": "scores", ...} event.

You can also view the components of full-scan scores by using ?include_score_details.

The public supply chain attack campaign pages have been updated for better usability on mobile devices.

These improvements enhance layout, readability, and visual clarity across screen sizes.