Socket for JavaScript
Secure Your JavaScript Projects
Install our free GitHub app to protect your JavaScript dependencies from vulnerable and malicious code. Detect and block malware, mining software, open source license violations, code quality issues, and 70+ indicators of supply chain attacks. Socket is a full-featured enterprise-ready SCA tool that can be seamlessly dropped intro your workflow with just two clicks.
Socket supports JavaScript, TypeScript, npm, pnpm and yarn
And all your favorite tools
Find and compare scores for packages
Quickly evaluate the security and health of any open source package.
Safe NPM: Secure the command your team uses every day
Socket's "safe npm" CLI tool transparently wraps the npm command and protects developers from malware, typosquats, install scripts, protestware, telemetry, and more.
Try Safe NPM
Socket Web Extension
Detect Malicious JavaScript Packages on the Web
Get real-time security insights on any website or configure for specific sites, i.e. GitHub, npm, Stack Overflow, and more, with the Socket Web Extension
Socket VSCode Extension
Identify dangerous dependencies at the earliest point in time directly in VS Code
Socket JavaScript SDK
Install the Socket JavaScript SDK
The Socket JavaScript SDK is a powerful tool that simplifies the use of our REST API in your scripts. It comes with types included, making your coding process smoother and more efficient. Harness the full potential of Sockets's features in a more tailored way, giving you the flexibility to customize as per your specific needs.
We help security teams work more efficiently
Cut through the noise and focus on real threats.
Get actionable alerts for the supply chain risks that matter. Socket highlights risky dependencies directly within the developer workflow.