Product
Introducing GitHub Actions Scanning Support
Detect malware, unsafe data flows, and license issues in GitHub Actions with Socket’s new workflow scanning support.
By Rakesh Chatrath, Greg Tystahl -  Oct 23, 2025
🚀 DAY 4 OF LAUNCH WEEK: Introducing GitHub Actions Scanning Support.Learn more →
@sonatype/js-sona-types
Advanced tools
@sonatype/js-sona-types
Useful libraries for talking to Sonatype services, using javascript
JS SONA TYPES
Hi, hello! This library is mostly for consumption by Sonatype projects that need a common way to talk to OSS Index, Nexus IQ, and etc...
Goals
js-sona-types is just a library, meant to be used by our JavaScript/TypeScript projects so that we can share some common code around communicating with OSS Index, Nexus IQ Server, etc...
Since we also include examples, there are a few living breathing sub projects that show how to use it.
This project started in Developer Experience and was primarily focused on getting the following projects to share common communication code:
vscode-iq-pluginauditjsnexus-iq-chrome-extension
Surface area
There are lots of things we do that are similar in each project. However creating a common library for browser, node, etc... in JS can be complicated. The goal realistically is to limit the surface area of this project to areas we can easily rip out of the projects, and have be beneficial for all projects.
Development
To get started you'll need node, yarn, and that's about it!
Building
yarnyarn build
Examples
In the /examples dir, there is a README that has examples of how to test that the project is working for both node, and React. Go browse there for more information!
You can see if the examples are working by running in the root of this project:
yarn run ci
Alternatively you can look at test.sh to see the "magic" we are running to locally link the library in case you want to run only one project.
Releasing
We use semantic-release to generate releases
from commits to the main branch.
For example, to perform a "patch" release, add a commit to main with a comment like:
fix: Adds supercow flag, implements (#xyz)
To avoid performing a release after a commit to the main branch, be sure your commit message includes [skip ci] .
Need Help?
Internal folks, reach out to the Developer Experience team. Filing an issue here is good too!
External folks, file an issue here!
FAQs
Useful libraries for talking to Sonatype services, using javascript
The npm package @sonatype/js-sona-types receives a total of 1,455 weekly downloads. As such, @sonatype/js-sona-types popularity was classified as popular.
We found that @sonatype/js-sona-types demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 15 May 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Webhook Events for Pull Request Scans
Add real-time Socket webhook events to your workflows to automatically receive pull request scan results and security alerts in real time.
By Jeppe Hasseriis -  Oct 22, 2025
Research
Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys
The Socket Threat Research Team uncovered malicious NuGet packages typosquatting the popular Nethereum project to steal wallet keys.
By Kirill Boychenko -  Oct 22, 2025