@socketsecurity/cli
Advanced tools
CLI tool for Socket.dev
npm install -g socket
socket --help
socket npm [args...] and socket npx [args...] - Wraps npm and npx to
integrate Socket.dev and preempt installation of alerted packages using the
builtin resolution of npm to precisely determine package installations
socket optimize - Optimize dependencies with
@socketregistry overrides
(👀 our blog post)
--pin - Pin overrides to their latest version--prod - Add overrides for only production dependenciessocket cdxgen [command] - Call out to
cdxgen. See
their documentation
for commands.
All aliases support the flags and arguments of the commands they alias.
socket ci - alias for socket scan create --report which creates a report for the current directory and quits with an exit code if the result is unhealthy--json - Outputs result as JSON which can be piped into jq and other tools--markdown - Outputs result as Markdown which can be copied into issues, pull requests, or chats--dry-run - Run a command without uploading anything--debug - Output additional debug--help - Prints help documentation--max-old-space-size - Set Node's V8 --max-old-space-size option--max-semi-space-size - Set Node's V8 --max-semi-space-size option--version - Prints the Socket CLI versionSocket CLI reads and uses data from a
socket.yml file in the folder you
run it in. It supports the version 2 of the socket.yml file format and makes
use of the projectIgnorePaths to excludes files when creating a report.
SOCKET_CLI_API_TOKEN - Set the Socket API tokenSOCKET_CLI_CONFIG - A JSON stringified Socket configuration objectSOCKET_CLI_GITHUB_API_URL - Change the base URL for GitHub REST API callsSOCKET_CLI_GIT_USER_EMAIL - The git config user.email used by Socket CLIgithub-actions[bot]@users.noreply.github.comSOCKET_CLI_GIT_USER_NAME - The git config user.name used by Socket CLIgithub-actions[bot]SOCKET_CLI_GITHUB_TOKEN - A classic or fine-grained GitHub personal access token with the "repo" scope or read/write permissions set for "Contents" and "Pull Request"GITHUB_TOKENSOCKET_CLI_NO_API_TOKEN - Make the default API token undefinedSOCKET_CLI_NPM_PATH - The absolute location of the npm directorySOCKET_CLI_ORG_SLUG - Specify the Socket organization slugSOCKET_CLI_ACCEPT_RISKS - Accept risks of a Socket wrapped npm/npx runSOCKET_CLI_VIEW_ALL_RISKS - View all risks of a Socket wrapped npm/npx runTo run locally execute the following commands:
npm install
npm run build
npm exec socket
SOCKET_CLI_API_BASE_URL - Change the base URL for Socket API callshttps://api.socket.dev/v0/SOCKET_CLI_API_PROXY - Set the proxy all requests are routed through, e.g. if set tohttp://127.0.0.1:9090, then all request are passed through that proxyHTTPS_PROXY, https_proxy, HTTP_PROXY, and http_proxySOCKET_CLI_DEBUG - Enable debug logging in Socket CLIDEBUG - Enable debug logging based on the debug package@socketsecurity/sdk - The SDK used by Socket CLIFAQs
CLI for Socket.dev
The npm package @socketsecurity/cli receives a total of 10,578 weekly downloads. As such, @socketsecurity/cli popularity was classified as popular.
We found that @socketsecurity/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.