@socketsecurity/sdk
Advanced tools
SDK for the Socket API client, generated by api.
npm install @socketsecurity/sdk
import { SocketSdk } from '@socketsecurity/sdk'
const client = new SocketSdk('yourApiKeyHere')
const res = await client.getQuota()
if (res.success) {
// Will output { quota: 123 } if the quota you have left is 123
console.log(res.data)
}
const { SocketSdk } = require('@socketsecurity/sdk')
getIssuesByNPMPackage(packageName, version)
packageName: A string representing the name of the npm package you want the issues forversion: A string representing the version of the npm package to return the issues forgetScoreByNPMPackage(packageName, version)
packageName: A string representing the name of the npm package you want the score forversion: A string representing the version of the npm package to return the score forcreateReportFromFilepaths(filePaths, pathsRelativeTo=., [issueRules])
filePaths: An array of absolute or relative string paths to package.json and any corresponding package-lock.json filespathsRelativeTo: A string path that the absolute paths filePaths are relative to. This to calculate where in your project the package.json/package-lock.json files livesissueRules: An object that follows the format of the socket.yml issue rules. Keys being issue names, values being a boolean that activates or deactivates it. Is applied on top of default config and organization config.getReportList()getReportSupportedFiles()getReport(id)
id: A string representing the id of a created reportgetQuota()getOrganizations()postSettings(selectors)
selectors: An array of settings selectors, e.g. [{ organization: 'id' }]getOrgSecurityPolicy(orgSlug)
orgSlug: the slug of the organizationcreateUserAgentFromPkgJson(pkgJson)
pkgJson: The content of the package.json you want to create a User-Agent string forThe SocketSdk constructor accepts an options object as its second argument and there a userAgent key with a string value can be specified. If specified then that user agent will be prepended to the SDK user agent. See this example:
const client = new SocketSdk('yourApiKeyHere', {
userAgent: 'example/1.2.3 (http://example.com/)'
})
Which results in the HTTP User-Agent header:
User-Agent: example/1.2.3 (http://example.com/) socketsecurity-sdk/0.5.2 (https://github.com/SocketDev/socket-sdk-js)
To easily create a user agent for your code you can use the additional export createUserAgentFromPkgJson() like this, assuming pkgJson contains your parsed package.json:
const client = new SocketSdk('yourApiKeyHere', {
userAgent: createUserAgentFromPkgJson(pkgJson)
})
Specifying a custom user agent is good practice when shipping a piece of code that others can use to make requests. Eg. our CLI uses this option to identify requests coming from it + mentioning which version of it that is used.
FAQs
SDK for the Socket API client
We found that @socketsecurity/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket's Rubygems ecosystem support is moving from beta to GA, featuring enhanced security scanning to detect supply chain threats beyond traditional CVEs in your Ruby dependencies.
Research
The Socket Research Team investigates a malicious npm package that appears to be an Advcash integration but triggers a reverse shell during payment success, targeting servers handling transactions.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.