Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@socketsecurity/sdk

Package Overview
Dependencies
Maintainers
2
Versions
175
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@socketsecurity/sdk

SDK for the Socket API client

latest
Source
npmnpm
Version
3.1.3
Version published
Weekly downloads
2.6K
-43.13%
Maintainers
2
Weekly downloads
 
Created
Source

@socketsecurity/sdk

Socket Badge CI

Follow @SocketSecurity Follow @socket.dev on Bluesky

JavaScript SDK for Socket.dev API - Security analysis, vulnerability scanning, and compliance monitoring for software supply chains.

Table of Contents

At a Glance

FeatureDescription
Package AnalysisQuick security checks for npm packages
Full ScansDeep analysis with SBOM support
Batch OperationsAnalyze multiple packages efficiently
Policy ManagementConfigure security & license rules
Quota UtilitiesCost calculation & planning helpers
TypeScriptFull type safety with auto-generated types

Requirements: Node.js 18+ ·ESM only (v2.0+)

Installation

pnpm add @socketsecurity/sdk

Note: Version 2.0+ is ESM-only. For CommonJS support, use version 1.x.

Quick Start

import { SocketSdk } from '@socketsecurity/sdk'

const client = new SocketSdk('your-api-key', {
  retries: 3,        // Retry failed requests up to 3 times
  retryDelay: 1000,  // Start with 1s delay, exponential backoff
  timeout: 30000,    // 30 second timeout
})

// Check your quota
const quota = await client.getQuota()
if (quota.success) {
  console.log(`Available quota: ${quota.data.quota} units`)
}

// Analyze a package
const result = await client.getScoreByNpmPackage('express', '4.18.0')
if (result.success) {
  console.log(`Security Score: ${result.data.score}/100`)
}

// Batch analyze multiple packages
const batchResult = await client.batchPackageFetch({
  components: [
    { purl: 'pkg:npm/express@4.18.0' },
    { purl: 'pkg:npm/react@18.0.0' }
  ]
})

→ Configuration

API Methods

Package Analysis

Quick security checks: batchPackageFetch() ·batchPackageStream() ·getIssuesByNpmPackage() ·getScoreByNpmPackage()

→ Documentation

Scanning & Analysis

Project scanning: createDependenciesSnapshot() ·createOrgFullScan() ·createScanFromFilepaths() ·getScan() ·getScanList() ·getSupportedScanFiles()

→ Documentation

Organization Management

Organizations and repositories: getOrganizations() ·createOrgRepo() ·getOrgRepo() ·getOrgRepoList() ·updateOrgRepo() ·deleteOrgRepo()

→ Documentation

Policy & Settings

Security configuration: getOrgSecurityPolicy() ·updateOrgSecurityPolicy() ·getOrgLicensePolicy() ·updateOrgLicensePolicy() ·postSettings()

→ Documentation

Full Scan Management

Deep analysis: getOrgFullScanList() ·getOrgFullScanMetadata() ·getOrgFullScanBuffered() ·streamOrgFullScan() ·deleteOrgFullScan()

→ Documentation

Diff Scans

Scan comparison: createOrgDiffScanFromIds() ·getDiffScanById() ·listOrgDiffScans() ·deleteOrgDiffScan()

→ Documentation

Patches & Vulnerabilities

Security fixes: streamPatchesFromScan() ·viewPatch()

→ Documentation

Alert & Triage

Alert management: getOrgTriage() ·updateOrgAlertTriage()

→ Documentation

Export & Integration

SBOM export: exportCDX() ·exportSPDX() ·searchDependencies() ·uploadManifestFiles()

→ Documentation

Repository Labels

Categorization: createOrgRepoLabel() ·getOrgRepoLabel() ·getOrgRepoLabelList() ·updateOrgRepoLabel() ·deleteOrgRepoLabel()

→ Documentation

Analytics & Monitoring

Usage metrics: getQuota() ·getOrgAnalytics() ·getRepoAnalytics() ·getAuditLogEvents()

→ Documentation

Authentication & Access

API tokens: getAPITokens() ·postAPIToken() ·postAPITokensRotate() ·postAPITokensRevoke() ·postAPITokenUpdate()

→ Documentation

Entitlements

Feature access: getEnabledEntitlements() ·getEntitlements()

→ Documentation

Quota Utilities

Cost helpers: getQuotaCost() ·getRequiredPermissions() ·calculateTotalQuotaCost() ·hasQuotaForMethods() ·getMethodsByQuotaCost() ·getMethodsByPermissions() ·getQuotaUsageSummary() ·getAllMethodRequirements()

→ Documentation

Advanced Query Methods

Raw API access: getApi() ·sendApi()

→ Documentation

Documentation

GuideDescription
API ReferenceComplete API method documentation
Usage ExamplesReal-world patterns and code samples
Getting StartedDevelopment setup and workflow
Quota ManagementCost tiers (0/10/100) and utilities
Testing GuideTest helpers, fixtures, and patterns
Method ReferenceQuick method selection guide

Examples

See usage-examples.md for complete examples including:

  • Package security analysis
  • Batch operations
  • Full scans with SBOM
  • Policy management
  • Quota planning

Related Projects

ProjectDescription
Socket.dev APIOfficial REST API documentation
Socket CLICommand-line interface
Socket GitHub AppAutomated GitHub integration

License

MIT

FAQs

Package last updated on 04 Nov 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Research

/

Security News

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.

By Kush Pandya  -  Nov 06, 2025