Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@socketsecurity/cli
Advanced tools
Socket CLI
CLI for Socket.dev security analysis
Usage
npm install -g socket
socket --help
Commands
-
socket npm [args...]andsocket npx [args...]- Wraps npm/npx with Socket security scanning -
socket fix- Fix CVEs in dependencies -
socket optimize- Optimize dependencies with@socketregistryoverrides -
socket cdxgen [command]- Run cdxgen for SBOM generation
Aliases
All aliases support the flags and arguments of the commands they alias.
socket ci- Alias forsocket scan create --report(creates report and exits with error if unhealthy)
Flags
Output flags
--json- Output as JSON--markdown- Output as Markdown
Other flags
--dry-run- Run without uploading--debug- Show debug output--help- Show help--max-old-space-size- Set Node.js memory limit--max-semi-space-size- Set Node.js heap size--version- Show version
Configuration files
Socket CLI reads socket.yml configuration files.
Supports version 2 format with projectIgnorePaths for excluding files from reports.
Environment variables
SOCKET_CLI_API_TOKEN- Socket API tokenSOCKET_CLI_CONFIG- JSON configuration objectSOCKET_CLI_GITHUB_API_URL- GitHub API base URLSOCKET_CLI_GIT_USER_EMAIL- Git user email (default:github-actions[bot]@users.noreply.github.com)SOCKET_CLI_GIT_USER_NAME- Git user name (default:github-actions[bot])SOCKET_CLI_GITHUB_TOKEN- GitHub token with repo access (alias:GITHUB_TOKEN)SOCKET_CLI_NO_API_TOKEN- Disable default API tokenSOCKET_CLI_NPM_PATH- Path to npm directorySOCKET_CLI_ORG_SLUG- Socket organization slugSOCKET_CLI_ACCEPT_RISKS- Accept npm/npx risksSOCKET_CLI_VIEW_ALL_RISKS- Show all npm/npx risks
Contributing
Run locally:
npm install
npm run build
npm exec socket
Development environment variables
SOCKET_CLI_API_BASE_URL- API base URL (default:https://api.socket.dev/v0/)SOCKET_CLI_API_PROXY- Proxy for API requests (aliases:HTTPS_PROXY,https_proxy,HTTP_PROXY,http_proxy)SOCKET_CLI_API_TIMEOUT- API request timeout in millisecondsSOCKET_CLI_DEBUG- Enable debug loggingDEBUG- Enabledebugpackage logging
See also
FAQs
CLI for Socket.dev
The npm package @socketsecurity/cli receives a total of 11,930 weekly downloads. As such, @socketsecurity/cli popularity was classified as popular.
We found that @socketsecurity/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 17 Dec 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025