Product
Reachability for Ruby Now in Beta
Reachability analysis for Ruby is now in beta, helping teams identify which vulnerabilities are truly exploitable in their applications.
By Oskar Haarklou VeileborgΒ - Β Nov 17, 2025
π DAY 1 OF LAUNCH WEEK: Reachability for Ruby Now in Beta.Learn more β
@socketsecurity/sdk
Advanced tools
@socketsecurity/sdk
Official SDK for Socket.dev - Programmatic access to security analysis, vulnerability scanning, and compliance monitoring for your software supply chain.
Installation
pnpm add @socketsecurity/sdk
Quick Start
import { SocketSdk } from '@socketsecurity/sdk'
const client = new SocketSdk('your-api-key', {
retries: 3, // Retry failed requests up to 3 times
retryDelay: 1000, // Start with 1s delay, exponential backoff
timeout: 30000, // 30 second timeout
})
// Check your quota
const quota = await client.getQuota()
if (quota.success) {
console.log(`Available quota: ${quota.data.quota} units`)
}
// Analyze a package
const result = await client.getScoreByNpmPackage('express', '4.18.0')
if (result.success) {
console.log(`Security Score: ${result.data.score}/100`)
}
// Batch analyze multiple packages
const batchResult = await client.batchPackageFetch({
components: [
{ purl: 'pkg:npm/express@4.18.0' },
{ purl: 'pkg:npm/react@18.0.0' }
]
})
API Methods
Package Analysis - Quick security checks
batchPackageFetch() β’ batchPackageStream() β’ getIssuesByNpmPackage() β’ getScoreByNpmPackage()
Scanning & Analysis - Project scanning
createDependenciesSnapshot() β’ createOrgFullScan() β’ createScanFromFilepaths() β’ getScan() β’ getScanList() β’ getSupportedScanFiles()
Organization Management - Orgs and repos
getOrganizations() β’ createOrgRepo() β’ getOrgRepo() β’ getOrgRepoList() β’ updateOrgRepo() β’ deleteOrgRepo()
Policy & Settings - Security configuration
getOrgSecurityPolicy() β’ updateOrgSecurityPolicy() β’ getOrgLicensePolicy() β’ updateOrgLicensePolicy() β’ postSettings()
Full Scan Management - Deep analysis
getOrgFullScanList() β’ getOrgFullScanMetadata() β’ getOrgFullScanBuffered() β’ streamOrgFullScan() β’ deleteOrgFullScan()
Diff Scans - Compare scans
createOrgDiffScanFromIds() β’ getDiffScanById() β’ listOrgDiffScans() β’ deleteOrgDiffScan()
Patches & Vulnerabilities - Security fixes
streamPatchesFromScan() β’ viewPatch()
Export & Integration - SBOM export
exportCDX() β’ exportSPDX() β’ searchDependencies() β’ uploadManifestFiles()
Repository Labels - Categorization
createOrgRepoLabel() β’ getOrgRepoLabel() β’ getOrgRepoLabelList() β’ updateOrgRepoLabel() β’ deleteOrgRepoLabel()
Analytics & Monitoring - Usage metrics
getQuota() β’ getOrgAnalytics() β’ getRepoAnalytics() β’ getAuditLogEvents()
Authentication & Access - API tokens
getAPITokens() β’ postAPIToken() β’ postAPITokensRotate() β’ postAPITokensRevoke() β’ postAPITokenUpdate()
Quota Utilities - Cost helpers
getQuotaCost() β’ getRequiredPermissions() β’ calculateTotalQuotaCost() β’ hasQuotaForMethods() β’ getMethodsByQuotaCost() β’ getMethodsByPermissions() β’ getQuotaUsageSummary() β’ getAllMethodRequirements()
β Quota Management - Cost tiers: 0 units (free), 10 units (standard), 100 units (batch/uploads)
β Testing Utilities - Mock factories, fixtures, and type guards for SDK testing
See Also
- Socket.dev API Reference - Official API documentation
- Socket CLI - Command-line interface
- Socket GitHub App - GitHub integration
License
MIT
1.11.1 - 2025-10-06
Added
- Performance optimizations with memoization for
normalizeBaseUrland quota utility functions - Performance tracking to HTTP client functions
- Comprehensive error handling tests for SDK methods across organization, scanning, and batch APIs
- Reusable assertion helpers for SDK tests
Changed
- Improved test coverage and reliability with additional test cases
- Streamlined documentation (README, TESTING.md, QUOTA.md, EXAMPLES.md) for better clarity and discoverability
FAQs
SDK for the Socket API client
The npm package @socketsecurity/sdk receives a total of 609 weekly downloads. As such, @socketsecurity/sdk popularity was classified as not popular.
We found that @socketsecurity/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 2 open source maintainers collaborating on the project.
Package last updated on 06 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects
Malicious npm packages use Adspect cloaking and fake CAPTCHAs to fingerprint visitors and redirect victims to crypto-themed scam sites.
By Olivia BrownΒ - Β Nov 17, 2025
Security News
Another Round of TEA Protocol Spam Floods npm, But Itβs Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Hereβs whatβs actually happening.
By Philipp BurckhardtΒ - Β Nov 14, 2025