Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
By Sarah Gooding - Jan 09, 2026
@socketsecurity/cli
Advanced tools
Socket CLI
CLI for Socket.dev security analysis
Usage
npm install -g socket
socket --help
Commands
-
socket npm [args...]andsocket npx [args...]- Wraps npm/npx with Socket security scanning -
socket fix- Fix CVEs in dependencies -
socket optimize- Optimize dependencies with@socketregistryoverrides -
socket cdxgen [command]- Run cdxgen for SBOM generation
Aliases
All aliases support the flags and arguments of the commands they alias.
socket ci- Alias forsocket scan create --report(creates report and exits with error if unhealthy)
Flags
Output flags
--json- Output as JSON--markdown- Output as Markdown
Other flags
--dry-run- Run without uploading--debug- Show debug output--help- Show help--max-old-space-size- Set Node.js memory limit--max-semi-space-size- Set Node.js heap size--version- Show version
Configuration files
Socket CLI reads socket.yml configuration files.
Supports version 2 format with projectIgnorePaths for excluding files from reports.
Environment variables
SOCKET_CLI_API_TOKEN- Socket API tokenSOCKET_CLI_CONFIG- JSON configuration objectSOCKET_CLI_GITHUB_API_URL- GitHub API base URLSOCKET_CLI_GIT_USER_EMAIL- Git user email (default:github-actions[bot]@users.noreply.github.com)SOCKET_CLI_GIT_USER_NAME- Git user name (default:github-actions[bot])SOCKET_CLI_GITHUB_TOKEN- GitHub token with repo access (alias:GITHUB_TOKEN)SOCKET_CLI_NO_API_TOKEN- Disable default API tokenSOCKET_CLI_NPM_PATH- Path to npm directorySOCKET_CLI_ORG_SLUG- Socket organization slugSOCKET_CLI_ACCEPT_RISKS- Accept npm/npx risksSOCKET_CLI_VIEW_ALL_RISKS- Show all npm/npx risks
Contributing
Run locally:
npm install
npm run build
npm exec socket
Development environment variables
SOCKET_CLI_API_BASE_URL- API base URL (default:https://api.socket.dev/v0/)SOCKET_CLI_API_PROXY- Proxy for API requests (aliases:HTTPS_PROXY,https_proxy,HTTP_PROXY,http_proxy)SOCKET_CLI_API_TIMEOUT- API request timeout in millisecondsSOCKET_CLI_DEBUG- Enable debug loggingDEBUG- Enabledebugpackage logging
See also
FAQs
CLI for Socket.dev
The npm package @socketsecurity/cli receives a total of 12,740 weekly downloads. As such, @socketsecurity/cli popularity was classified as popular.
We found that @socketsecurity/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 09 Jan 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
By Sarah Gooding - Jan 08, 2026
Security News
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
By Sarah Gooding - Jan 08, 2026