What's new at Socket?

Resolved an issue where the alert table was incorrectly displaying "Ignored" alerts on initial load, despite the default filter being set to exclude them. The table now properly respects the default filters for "Action = Block, Warn, Monitor."

Inspecting items in the Alert Table, Dependency Table, and Threat Feed Table now opens a modal instead of a sidebar, offering a clearer and more spacious view of detailed information.

Key updates include:

• Reorganized Content: Alert modals now display details in a more intuitive order:
  1. Alert details
  2. Artifact details
  3. Installation details
     Previously nested elements now have clear headers for improved readability.
• Enhanced Triage Notes: Triage notes have been revamped with an autosave feature and a “sticky note” look and feel, making them stand out as supplementary information.

This new design resolves layout constraints, improves usability, and eliminates scrolling issues common with sidebars.

We’ve introduced a new capability to extract dependencies directly from project files using tree-sitter. This enhancement enables faster and more accurate parsing of dependencies, setting the stage for identifying unused dependencies in your project. Stay tuned as we refine this feature to help you keep your projects lean and efficient!

Alerts and license information now include links to specific locations within the relevant file using the #T URL fragment. This improvement makes it easier to pinpoint and address issues directly in your code. This functionality is supported for npm, Python, Go, Maven, and Ruby projects.

We’ve updated the layout of alert rows to improve readability. The artifact name is now left-aligned and placed next to the alert title, making descriptions like "This package" more intuitive. Additionally, the alert category is right-aligned for easier scanning across multiple rows. These changes help you quickly understand and prioritize alerts.

You can now view the Dependency Tree directly from the sidebar in the Dependencies tab, just like in the Alerts tab. This enhancement provides quick and convenient access to transitive dependency information right where you need it.

Resolved an issue where updated dependencies were not correctly identified in SBOM diffs due to a mismatch in PURL string normalization. Updated dependencies now appear accurately in your reports, ensuring consistent and reliable insights.

Dependency visualization now dynamically updates to reflect the current "Action" filter in the Alert table. Dependencies that don’t match the selected action are shown as suppressed (light gray), providing a clearer and more accurate view of your project’s dependencies.

Before (note Action filter is "Warn")

After

The search and filtering functionality on the reports page now works seamlessly across all reports, not just those visible on the current pagination page. This improvement ensures accurate results no matter how many reports are in your dashboard.

We resolved a typo in the alert type assignment that was preventing the display of the availability of package overrides. As a result, alerts for packages where a Socket Optimize Override is available are now displaying correctly. This ensures clearer visibility of actionable recommendations to improve your dependencies.

We’ve made a subtle but meaningful upgrade to the "Group By" button in the modernized alerts table.

What’s Changed:

• Before: The "Group By" button always displayed as "Group By," even after selecting a grouping option.
• After: The button now dynamically updates to reflect your selected grouping option, such as "Group by Severity" or "Group by Category."

This small yet impactful change significantly improves the user experience by making the interface more intuitive. You’ll always know exactly how your alerts are being grouped at a glance—no extra clicks required.

Example in Action:

If you select "Severity" as the grouping option, the button updates to display:
➡️ "Group by Severity"

This enhancement is all about making navigation smoother and your workflow more seamless. It’s part of our ongoing commitment to optimizing every detail for our users.

We're always working to make our platform more powerful and user-friendly. That's why we're excited to announce a new feature for our threat-feed API endpoint: the ability to sort by created_at.

With this update, you can now easily query and organize threat intelligence by the exact order of when it was created. Whether you're looking to analyze the latest threats or dive into historical data, this enhancement ensures you get the information you need

Key Benefits:

• Faster Analysis: Quickly identify the latest threats with time-based sorting.
• Simplified Workflow: Streamline your data analysis by structuring queries more effectively.
• Enhanced Visibility: Focus on the most recent or oldest data as per your needs.

For more information and implementation details, check out the API docs for the Threat Feed endpoint.

We’ve resolved several bugs affecting the full-scan diff endpoint, including issues with reversed before and after IDs and incorrect diffing against only one side.

The fix includes proper ordering of database queries and improves the accuracy and reliability of the diff functionality.

Check out the documentation for more information and implementation details for using the full scans diff endpoint.

We now use uv.lock files as the single source of truth for dependency resolution in Python projects whenever available. This approach is faster, more reliable, and streamlines the analysis process.

This update further improves support for Python projects using uv.lock files, ensuring more accurate and efficient dependency management.

We’ve added a new is_human_reviewed query parameter to the Threat Feed API.

When is_human_reviewed=true, the API will only return threats where needsHumanReview is false, providing a filtered view of threats that don’t require further human validation. If this parameter is omitted or set to false, the API will return all threats.

This update offers greater flexibility for managing and analyzing threat data based on review status.

By expanding support for uv.lock files, we’re making it easier to track dependencies and resolve issues for Python projects that adopt this format.

We're making some major improvements to our typosquatting detection capabilities. As part of that effort, we are introducing a new "AI-detected possible typosquat" alert that distinguishes AI-flagged typosquat threats from those which have undergone human review, similar to our existing AI-detected alerts for other threat types.

Typosquatting continues to be a serious attack vector, and we are evolving our detection capabilities to identify these threats faster and more reliably. This update aims to improve the clarity and accuracy of our threat detection system.

We’ve added a new ParsePipfileLock task to support dependency resolution from pipfile.lock files in Python projects using Pipenv. This parser extracts dependencies, extras, development dependencies, and environment markers, integrating directly with our Python package analysis pipeline.

This update was driven by user requests and enhances our ability to analyze and manage dependencies for Python projects leveraging Pipenv.

The PDF export feature for the organization alerts view now includes repositories and branches for each alert. This update provides more detailed insights into the source of your alerts, making it easier to track and address issues effectively.

Now you can triage organization alerts from the API! We’ve introduced alert triage API endpoints for organizations, enabling you to list and update alert triage directly from the API. These new routes make it easier to build integrations and automations around alert management, streamlining workflows and enhancing flexibility.

Check out the documentation for the Triage endpoint for implementation details.

Socket now generates "Known Malware" alerts for npm security holding packages—placeholders for packages removed from the registry due to security concerns. While these current versions are empty, this update clarifies that the original packages were likely malicious, addressing a common perception issue and improving transparency in threat detection.

We’ve enhanced the threat feed endpoint with new query parameters—name, version, and ecosystem—to give you more precise control over your results when using the API. These filters make it easier to pinpoint specific threats, aligning with the type filter functionality in findThreat.

This update to alert management gives you a better view of your SBOMs by filtering according to your security policy. It allows you to distinguish dependencies by acceptance according to your security policy.

• New "Per Security Policy" Filter: Alerts are now flagged as either flagged by your Security Policy or ignored. This filter is enabled by default, keeping your attention on actionable issues while hiding noise. Need to dive into ignored alerts? Simply toggle the filter.
• Improved Dependency Visualization: Dependencies with no problematic alerts (either zero alerts or all ignored per policy) are now treated as "good" and rendered as neutral white rectangles. This enhancement makes it easier to visualize your SBOM at a glance, highlighting areas that truly need attention.

These updates reduce distractions by moving ignored or inherited alerts out of sight for most workflows. Your security policy defines what matters—our new filter reflects fine tunes the visualizations to better reflect your priorities.

You asked, we listened: the alert sidebar now includes the ability to add notes directly while triaging alerts. This first iteration lets you document context, decisions, or next steps for each alert—keeping your workflow organized and your team on the same page. Stay tuned for more enhancements to this feature in future updates!

When searching packages on Socket.dev, you can now see the number of weekly downloads displayed alongside each package in the search results on the packages search page. This feature, currently available for the npm ecosystem, provides additional context to help you evaluate package popularity and relevance at a glance.

This update was implemented in response to user feedback—keep the great ideas coming!

We’ve given the Dashboard Reports page a much-needed visual and functional facelift to make it more intuitive, visually appealing, and on-brand. Here’s what’s new:

• Search reports by repository name, branch name, or commit message.
• Filter reports by creation date (e.g., the past X days).
• Improved table UI with cleaner visuals and more on-brand design.
• Smarter actions UI for managing reports efficiently.

This update is part of a broader initiative to improve the Socket dashboard and make it easier to manage your reports.

Filter dropdowns in the alert table now feature dynamically updating counters. As you add, remove, or update filters, these counters recalculate in real time to show the number of alerts that match your current filtering criteria.

This improvement ensures a more intuitive filtering experience, allowing you to see how each filter progressively narrows down results, helping you focus on what matters most.

This update fixes two regressions related to Maven packages:

• Fixed: Regression where Maven packages were not showing package scores. The logic changed around filtering based on purl and it didn't account for multiple artifacts (e.g., ext + classifier combos). This has been fixed by reverting to the old behavior that precomputes an exact key.
• Fixed: Regression where Maven packages would be missing if they had more than one artifact.

These fixes improve Maven package handling to be more consistent across variations in the number of artifacts.

We're improving consistency in our UI to make it easier for users to connect and interpret information across different pages.

What’s New: We've replaced alert severity badges ([C], [H], etc.) with intuitive symbols (e.g., triangle, diamond) across all UIs for a more unified experience.

• Where It Applies:
  • Organization alerts page stats
  • Alert table headers and rows
  • Alert sidebar

This update aligns the alert severity indicators with those already used elsewhere, ensuring consistency and reducing cognitive load when navigating the Socket dashboard.

We've deprecated outdated report API endpoints in favor of the newer Full Scans endpoints, which offer improved functionality and better support.

Deprecated Endpoints:

• Delete Reports: /v0/report/delete/{id}
• List Reports: /v0/report/list
• Upload Reports: /v0/report/upload
• View Reports: /v0/report/view/{id}

Transitioning to the updated endpoints ensures you're using the latest and greatest tools from Socket in your workflows. Check out the Full Scans API documentation for more details on the new endpoints.

This update adds a license policy settings endpoint for our customers who want to change these settings from the API. It allows organizations to view and edit the license policy.

https://api.socket.dev/v0/orgs/{org_slug}/settings/license-policy

Check out the license policy API docs for implementation details.

Capability alerts now display the specific files associated with the potential risks, such as file system access or dynamic code execution.

By linking alerts to their exact file locations, we’re addressing a key customer request—making it easier to investigate and act on capability alerts. This update makes it easier to pinpoint the exact parts of the code responsible for generating capability alerts, enabling faster and more targeted investigations.

We're excited to announce that the latest version of our Web Extension includes full support for Go, showing threats and security metrics for Go packages as you visit websites.

Here's what's new:

• Added support for https://pkg.go.dev and external links to modules
• Added support for got get|install commands
• Added support for Go PURLs (e.g. pkg:golang/google.golang.org/genproto)

If you're not yet using the Socket Web Extension, install it on Chrome or Firefox to get real-time threat detection on any website (i.e. GitHub, npm, PyPI, Maven Central, pkg.go.dev, Stack Overflow) or configure it for specific sites.

We're making some UI/UX improvements to the experience of filtering data tables in the Socket dashboard that will enhance usability, ensure consistency across dashboard components, and provide a cleaner, more intuitive interface for users.

This update includes:

• Boolean Filter Improvements
  • Replaced the non-functional search input with a static label for filters that only offer boolean options (True/False), ensuring better usability.
• Filter Icon Addition
  • Added a filter icon to the left side of horizontal selection lists to enhance visual consistency with the existing "Filters" button.

These changes improve navigation and reduce visual clutter, laying the groundwork for future UI/UX enhancements. Stay tuned for more updates that will make Socket data tables easier to filter and navigate.

We’re excited to introduce the latest enhancements to Socket Optimize. Our new --pin option allows you to lock override versions effortlessly, ensuring consistent and reliable dependency management. With the --prod flag, you can now target production dependencies exclusively, streamlining your deployment process.

We've significantly improved workspace support for seamless multi-package handling, implemented more intuitive and helpful error messages to make troubleshooting a breeze, and upgraded all packages to fully support Node.js 18 and above.

New options:

—pin: pin override versions

—prod: overrides for prod deps only

Improved:

• better workspaces support

• helpful error messages

• all packages support Node 18+

We’re excited to unveil a significant performance improvement in Socket’s organization alerts and recently viewed reports! With this update, organization alerts are now cached on the client side for 15 minutes. This enhancement dramatically reduces server load and speeds up report page refreshes, ensuring that recently viewed reports and organization alerts load instantly.

Whether you're managing multiple tabs or navigating through extensive data, enjoy a smoother and more responsive user experience with our optimized caching solution. This update adds a ServiceWorker cache for alerts endpoints.

The package for the Socket CLI is has officially been renamed to socket. Formerly available at @socketsecurity/cli, the CLI has moved to its new, more memorable namespace on npm: https://www.npmjs.com/package/socket

This change simplifies how you install our CLI tool but does not impact any of the commands. We will soon be deprecating the old package.

Some of our customers have requested the ability to set access security policy settings via the API. This update delivers API endpoints for org security policies:

• What’s New: GET and POST routes at /orgs/{org_slug}/settings/security-policy, mirroring the functionality of our website UI.

This works the same as it does for the website UI. Explore the API documentation for implementation details.

We have enhanced the "Native Code" alert to support multiple ecosystems beyond npm. Previously limited to detecting binding.gyp files for native add-ons in npm packages, the alert now scans for prebuilt binaries and ecosystem-specific files across various programming languages.

This update adds support for Yarn's "resolutions" field, which allows you to override the resolutions of specific dependencies. The field is frequently used to instruct Yarn to use a specific package version in cases where you want to enforce all your packages to use a single version of a dependency, or backport a fix.

For more information on the specifics of our Yarn support, check out the updated documentation.

This update to our Full Scans API gives users more data from various repository integrations and significantly improves repository management in the dashboard. It offers a more complete picture of how your organization is interacting with Socket and makes it easier to perform certain actions within the dashboard UI:

• API: Full Scans API now supports API, GitHub, GitLab, BitBucket and Azure metadata fields when viewed in the Socket dashboard.
• Repositories created by the GitHub app can now be deleted from the Organization Dashboard.
• Improved naming rules around Repositories and branch names associated with full scans.
• Full scan committer count is included in the dashboard overview metrics.
• Support for more Organization overview metrics for organizations without a GitHub integration.
• API: Full scans created by the API no longer require a branch name.

Check out the Full Scans API docs for more information on interacting with our API.

Organization "members" can now view the security policy page of their organization in a read-only format. This update ensures that all full members (users with "contributor" level access are excluded) of an organization can stay informed about the configured alert actions without compromising the integrity of the policy through unauthorized edits. As before, only organization administrators and owners can change the configured default security policy and alert actions.

We made some major improvements to our web extension based on user feedback. The UI has been polished to provide a more intuitive and user-friendly experience, making it easier to navigate security metrics while browsing the web.

This update includes the following bug fixes and enhancements:

• Filtered invalid package names in order to reduce unnecessary API calls
• Improved style robustness and reduce risks of it being overloaded by CSS resets
• Added reset button to popup to reset stats
• Handled Gem PURL enhancements
• Fixed a regression where SPA and links to package weren't handled correctly (e.g. https://www.npmjs.com/package/express clicking on Dependents tab doesn't scan packages listed but it should)
• Refactored into multiple files as the main file was starting to get too big and to prepare for more features
• Fixed popover position on https://rubygems.org/search?query=rails

Check out the Socket Web Extension docs for more details on its capabilities and permissions. We also have a guide for organizations that are interested in deploying the the extension via Google Workspace.

We're pleased to add support for Jenkins Jobs to our CI/D integrations. This new feature allows you to incorporate Socket’s powerful security and automation capabilities directly into your Jenkins workflows, ensuring that your builds are not only efficient but also secure from potential threats.

With Socket for Jenkins Jobs, developers and DevOps teams can now automate security checks, monitor build processes, and enforce compliance standards effortlessly. Whether you're running complex deployments or managing multiple projects, this integration simplifies your workflow.

To get started and learn more about setting up Jenkins Jobs with Socket, visit our official documentation.

• Added support for from_time for the report.list() function which supports a unix timestamp in seconds
• Added support to specify the timeout for Socket API Calls in timeout for socketdev
• Updated the README.rst to include fixed examples for the initialization. Now properly reads socket = socketdev(token="REPLACE_ME")
• Updated the sbom API to include the new function sbom.create_packages_dict() to be used with other Socket tools
• Updated import statements to use socket_sdk_python in preparation for publishing to pypi
• Added a build script for publishing to pypi
• Added pyproject.toml for publishing to pypi which is replacing setup.cfg
• Pushed version 1.0.9

Socket Python SDK can be found at:

• https://pypi.org/project/socket-sdk-python/
• https://github.com/SocketDev/socket-sdk-python

This update adds a command to get the Socket threat feed in the CLI:

socket threat-feed

The following flags are available:

• --perPage
• --page
• --direction
• --filter

The output can also be returned as a JSON object with the --json flag.

• The GitHub app now generates full-scan resources for all scans triggered by push events.
• Dependency scans run by the GitHub app are now accessible through the full_scans API endpoint.
• The API returns a paginated list of all full scans for an organization, excluding SBOM artifacts.

This update enhances integration with the GitHub app by providing complete scan data through the full_scans API.

Check out the documentation for details on how to retrieve a paginated list of full scans using the full_scans API endpoint, including parameters, responses, and examples for integration.

We’re excited to announce that Ruby support is now available in Experimental! This release brings fully functional core alerts and Ruby gem security scanning for your Ruby projects

We're still working through some bugs with package pages in this initial release but should have those resolved soon.

Socket is introducing dashboard analytics, a feature that has frequently been requested by our users. It shows graphs for analytics at both the organization and repository levels, including the following:

• Total number of critical and high alerts found in the main branches across the repositories
• Total number of critical and high alerts that have been merged to the default branches on a given day
• Total number of alerts prevented from being merged to the default branches
• Top 5 alert types across the organization

Data is ingested once per day and filters are available to display the data ingested in the last 7, 30 and 90 days. The data can also be exported as CSV or JSON.

Check out the announcement on the blog for more details.

• Fix for slow times when finding files in large mono repos with greater than 100k files
• Fix for too long errors for some dependency overviews
• Fix for making determinations on if the CLI should run based on files changed in the commit info

Python CLI can be found at:

• https://pypi.org/project/socketsecurity/
• https://github.com/SocketDev/socket-python-cli

We updated our API to support the use of a from query filter for the audit-log endpoint in the format of a unix epoc in seconds. It enables support for customer integrations that allow the Audit log to run on an interval and only get the latest updates.

By using this query filter, customers can efficiently retrieve only the most recent audit log entries, saving time and resources.

Socket is launching a new "Suspicious Stars on GitHub" alert today, based on research that uncovers a growing trend of bad actors paying for stars in order to artificially inflate the popularity of their repositories on GitHub.

Over the past five years, we have detected more than 3.7 million fake GitHub stars. Repos leveraging these stars have been linked with scams, fraud, and malware. Socket now flags packages that are associated with these repositories.

Suspicious Stars on GitHub is a high-severity alert under the supply chain category, due to its potential for malicious activity. This alert gives users more visibility into the legitimacy of a software package’s star count, and flags those that may have been artificially inflated stars from bots, crowdsourcing, or other means.

Check out the alert documentation and read the announcement post for a detailed analysis of the research that surfaced 3.7 million fake GitHub stars.

• Added support for the web event for Gitlab
• Changed the behavior for Gitlab to not error out on unknown event types

Python CLI can be found at:

• https://pypi.org/project/socketsecurity/
• https://github.com/SocketDev/socket-python-cli

Socket is introducing three new customizable default security policies that should simplify configuration for many of our customers. They are based on extensive customer feedback and research and are aimed at reducing alert noise and managing false positives more effectively. We're also enabling several new alert types that were previously disabled.

New default security policies

• Low Noise (traditional SCA)
• Default (ideal for most customers
• Higher Noise (for more engaged teams.)

These policies are based on recent enhancements to our alert system:

• Block (formerly "Error"): Fails the Socket CI/CD check, blocking Pull Requests (PRs) or Merge Requests (MRs) until resolved.
• Warn: Highlights issues in PRs/MRs without blocking them, allowing for context-specific decisions.
• Monitor: Displays alerts in the Socket Dashboard for evaluation without cluttering the development workflow.
• Ignore: Filters out irrelevant alerts entirely.
  

Timeline for Enabling the New Security Policies

Transition Period (August 14 - August 28, 2024): Review changes and lock in your preferences.

New Policies Take Effect (From August 28, 2024): Unless you've locked in specific settings, your policy will automatically update to the new default policy on this date. You will also gain the ability to switch between the three new policy options and continue fine-tuning your settings.

Check out the blog announcement for more details on the timeline, along with a detailed breakdown of how specific alerts are handled in the new policies.

We are disabling the "mixed-license" alert, as our "license allow list" feature will soon be available to use instead.

The larger and more developed packages frequently found in a project's dependencies are almost certainly going to have what is technically mixed licensing (the terms of more than one license apply) so the alert can potentially be noisy for some users. However, users taking advantage of our license allow list feature do not need to be notified of mixed licensing if it doesn't violate their specified license policy.

Our License Enforcement feature is still in pre-release but customers who want early access can reach out to support@socket.dev.

The Socket web extension has been completely revamped. This update improves security and expands support to PyPI, Go, and Maven ecosystems, with more to come!

The new version protects against malicious packages and commands from any website (GitHub, StackOverflow, blogs, docs, etc.), which can be configured in the settings. Socket's real-time threat detection can be displayed on any website you choose to enable.

The updated extension also displays metrics on how many threats Socket has detected. All of these new features come packaged in a reduced size with lower memory usage and faster execution. (1500x smaller, only ~0.02MB)

• Announcement: https://socket.dev/blog/new-socket-web-extension-take-socket-with-you
• Docs and new permissions: https://docs.socket.dev/docs/socket-chrome-extension-permissions-documentation
• Chrome Web Store: https://chromewebstore.google.com/detail/socket-security/jbcobpbfgkhmjfpjjepkcocalmpkiaop
• Firefox Add-ons: https://addons.mozilla.org/en-US/firefox/addon/socket-security

Socket now supports exporting your organization's dependencies as a PDF, using a new button in the dashboard.

Once license information is included, a PDF export of one's org dependencies is a great permanent record for book-keeping purposes. As of-now, it also makes it easy to share a document of ones org dependencies.

We've added the ability to export various views from your organization's dashboard pages as PDF files. Specifically:

• Dependency Overview: You can now save a PDF with a comprehensive, shareable overview of all your organization's dependencies (including package names, versions, types, and overall scores)
• Alert Table Export: Save the current view of the alert table, reflecting the applied filters and ordering. Note: The export is available for views with up to 2,500 alerts.
• Last but not least, you can save a PDF of your organization's overview statistics, repositories, and a sample of the threat feed.

To use: Look for new button with PDF icon on your organization's dashboard pages.

• Added additional debug logging
• Simplified the find_files functionality to improve performance
• Fixed logic for ignoring alerts, diff logic of alerts, and consolidation of alerts in comments
• Added full scan ID to the output results

Python CLI can be found at:

• https://pypi.org/project/socketsecurity/
• https://github.com/SocketDev/socket-python-cli

• Fixed an issue with security comments not being consolidated to their main package purl
• Fixed an issue with dependency overview comments not being consolidated to their main package purl
• Fixed logic for diffing new alerts from current latest full scan for the default branch
• Fixed ignore comment logic for correctly removing alerts based on the ignore comment
• Added support to thumbsup processed ignore comments

Python CLI can be found at:

• https://pypi.org/project/socketsecurity/
• https://github.com/SocketDev/socket-python-cli

This resolves an issue where no comments end up on a PR if a commit is pushed and completes its action before a PR is created.

• Added support for the pull_request event on Github.
• This event type will now run on the `opened` state to handle if a commit had been pushed, and the action completed, before a PR completes.

Python CLI can be found at:

• https://pypi.org/project/socketsecurity/
• https://github.com/SocketDev/socket-python-cli

We’re excited to announce that Maven support is now available in Public Beta! This means that it is feature complete, stable, and rolled out to all users.

With this update, Socket will automatically scan any project that includes a Maven manifest, providing comprehensive vulnerability data and dependency analyses. Whether you're managing Java applications or other Maven-based projects, you can now stay ahead of potential threats with Socket's real-time security alerts.

• Adds support for Security Policy Modes Block & Warn
  Note: The Python CLI does not currently support individually triaged alerts
• Comments have been updated to have a new column in Github and Gitlab Comments with the new version to indicate Block/Warn
• The console output will include the CI Status of Block/Warn as well
• New option --ignore-commit-files to look for all manifest files whether or not there is one in the last commit detected
• Updated docker containers of socketdev/cli:1.0.0 and socketdev/cli:latest have been pushed

Example Console Output

Example PR Comment Output:

For those using the Socket full-scan API, we now include a from and repo fields for the v0/report/list endpoint that filters the results based on a unix timestamp.

Here are the new fields with specific notes on how to use them:

• Added a from querystring filter to the GET /report/list endpoint. The field accepts a unix timestamp in seconds and filters the report list from that date.
• Added a repo querystring filter to the GET /report/list endpoint. The field filters the results by a repo slug.
• Added a from querystring filter to the GET /orgs/{org_slug}/full-scans endpoint. The field accepts a unix timestamp in seconds and filters the report list from that date.
• Added a repo querystring filter to the GET /orgs/{org_slug}/full-scans endpoint. The field filters the results by a repo slug.

Yarn's dependency resolution algorithm varies from yarn versions and scenario. Without a node_modules folder as a source of truth we opted for implementing an alternative module resolution algorithm for yarn. We start by mapping the package.json dependencies to those found in the yarn lock file, then traverse the lock file dependencies to generate an npm v1 lockfile which we use as the reference to resolve modules.

The Socket API now supports a new licenseattrib option for the /v0/purl endpoint which includes license attribution data, including license text and author information in the endpoint response.

This update fixes an accidental quadratic loop in the GitHub file ingest. It enables GitHub app reports to run to completion, even when we are unable to ingest the full set of manifest files from GitHub. This helps larger repositories from timing out. Reports under these circumstances previously aborted.

Socket now supports the Unmaintained alert for Maven packages. This alert applies to packages that have not been updated in more than 5 years and may be unmaintained.

This update adds a badge with the estimated count of packages with the respective alert to the alerts/[alertType]/packages pages. We already expose this information indirectly via the pagination component at the bottom but this gives offers a quick glimpse into the frequency of our various alert types. It gives a sense of how common a given alert is, which can be helpful when configuring one's security policy.

Socket now supports the Deprecated alert for PyPI packages. It detects packages that have officially been yanked where developers have marked a package as deprecated by specifying the yanked attribute in the release metadata. This indicates that the release should not be used, but it doesn't delete it from the index. This approach helps inform users that they should avoid using a particular version of a package while maintaining historical records.

There's a new API endpoint to export a CycloneDX SBOM from a SocketSBOM report id or full scan id:

curl --request GET \
     --url https://api.socket.dev/v0/orgs/{org_slug}/export/cdx/{id} \
     --user '<api_key>_api:' \
     --header 'accept: application/json'

Check out the Export CycloneDX SBOM docs for more information on how to use this endpoint.

This update makes each dependency's name a clickable link on the dependencies tables.

Socket now supports deleting repositories in the dashboard. The new delete button is available to admins and owners:

• The delete button only works on repos created with the API on the repositories resource.
• GitHub repos you can delete by de-activating the permissions on the gitHub app.
• This also fixes the 404 state on the repos list page.
• This also fixes 404s when viewing a report thats associated with a deleted repo.
• It also allows deleted repositories to share the slug of a recreated repository with the same slug.

Search for any dependency that is being used in your organization

This update implements a command to get an organization's audit log.

Demo:

Implements commands to view, list, create, update, and delete an organization's repositories

This update implements the full scans feature of the API in the CLI with the command socket scan.

Options:

• list
  • <org slug>. e.g. socket scan list FakeOrg
• stream
  • <org slug> <full scan ID>. e.g. socket scan stream FakeOrg 1234-oooo-5678-aaaa or
  • <org slug> <full scan ID> <path to output file. e.g. socket scan stream FakeOrg 1234-oooo-5678-aaaa ./output.txt
• create
  • <org slug>. e.g. socket scan create FakeOrg <flags>
• delete
  • <org slug> <full scan ID>. e.g. socket scan del FakeOrg 1234-oooo-5678-aaaa
• metadata
  • <org slug> <full scan ID>. e.g. socket scan metadata FakeOrg 1234-oooo-5678-aaaa

• adds human-readable label for alert triage action
• ensures event type shows up in audit log select box

Socket for GitHub now allows users to filter alerts by alert triage

Implements an audit log endpoint that matches Socket's dashboard features

This adds two api endpoints /license-details and /license-attrib for getting an artifact's license information and license attribution information respectively.

It also updates the license panel to only take a purl argument, with the data and attribution being fetched from the API.