@socketsecurity/sdk

@socketsecurity/sdk

JavaScript SDK for Socket.dev API - Security analysis, vulnerability scanning, and compliance monitoring for software supply chains.

Installation

pnpm add @socketsecurity/sdk

Note: Version 2.0+ is ESM-only. For CommonJS support, use version 1.x.

Quick Start

import { SocketSdk } from '@socketsecurity/sdk'

const client = new SocketSdk('your-api-key', {
  retries: 3,        // Retry failed requests up to 3 times
  retryDelay: 1000,  // Start with 1s delay, exponential backoff
  timeout: 30000,    // 30 second timeout
})

// Check your quota
const quota = await client.getQuota()
if (quota.success) {
  console.log(`Available quota: ${quota.data.quota} units`)
}

// Analyze a package
const result = await client.getScoreByNpmPackage('express', '4.18.0')
if (result.success) {
  console.log(`Security Score: ${result.data.score}/100`)
}

// Batch analyze multiple packages
const batchResult = await client.batchPackageFetch({
  components: [
    { purl: 'pkg:npm/express@4.18.0' },
    { purl: 'pkg:npm/react@18.0.0' }
  ]
})

→ Configuration

API Methods

Package Analysis

Quick security checks: batchPackageFetch() • batchPackageStream() • getIssuesByNpmPackage() • getScoreByNpmPackage()

→ Documentation

Scanning & Analysis

Project scanning: createDependenciesSnapshot() • createOrgFullScan() • createScanFromFilepaths() • getScan() • getScanList() • getSupportedScanFiles()

→ Documentation

Organization Management

Organizations and repositories: getOrganizations() • createOrgRepo() • getOrgRepo() • getOrgRepoList() • updateOrgRepo() • deleteOrgRepo()

→ Documentation

Policy & Settings

Security configuration: getOrgSecurityPolicy() • updateOrgSecurityPolicy() • getOrgLicensePolicy() • updateOrgLicensePolicy() • postSettings()

→ Documentation

Full Scan Management

Deep analysis: getOrgFullScanList() • getOrgFullScanMetadata() • getOrgFullScanBuffered() • streamOrgFullScan() • deleteOrgFullScan()

→ Documentation

Diff Scans

Scan comparison: createOrgDiffScanFromIds() • getDiffScanById() • listOrgDiffScans() • deleteOrgDiffScan()

→ Documentation

Patches & Vulnerabilities

Security fixes: streamPatchesFromScan() • viewPatch()

→ Documentation

Alert & Triage

Alert management: getOrgTriage() • updateOrgAlertTriage()

→ Documentation

Export & Integration

SBOM export: exportCDX() • exportSPDX() • searchDependencies() • uploadManifestFiles()

→ Documentation

Repository Labels

Categorization: createOrgRepoLabel() • getOrgRepoLabel() • getOrgRepoLabelList() • updateOrgRepoLabel() • deleteOrgRepoLabel()

→ Documentation

Analytics & Monitoring

Usage metrics: getQuota() • getOrgAnalytics() • getRepoAnalytics() • getAuditLogEvents()

→ Documentation

Authentication & Access

API tokens: getAPITokens() • postAPIToken() • postAPITokensRotate() • postAPITokensRevoke() • postAPITokenUpdate()

→ Documentation

Entitlements

Feature access: getEnabledEntitlements() • getEntitlements()

→ Documentation

Quota Utilities

Cost helpers: getQuotaCost() • getRequiredPermissions() • calculateTotalQuotaCost() • hasQuotaForMethods() • getMethodsByQuotaCost() • getMethodsByPermissions() • getQuotaUsageSummary() • getAllMethodRequirements()

→ Documentation

Advanced Query Methods

Raw API access: getApi() • sendApi()

→ Documentation

→ API Reference

→ Examples

→ Quota Management - Cost tiers: 0 (free), 10 (standard), 100 (batch/uploads)

→ Testing Utilities - Mock factories, fixtures, type guards

See Also

• Socket.dev API Reference - Official API documentation
• Socket CLI - Command-line interface
• Socket GitHub App - GitHub integration

License

MIT