Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding - Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
Socket CLI
CLI for Socket.dev security analysis
Usage
npm install -g socket
socket --help
Commands
-
socket npm [args...]andsocket npx [args...]- Wraps npm/npx with Socket security scanning -
socket fix- Fix CVEs in dependencies -
socket optimize- Optimize dependencies with@socketregistryoverrides -
socket cdxgen [command]- Run cdxgen for SBOM generation
Aliases
All aliases support the flags and arguments of the commands they alias.
socket ci- Alias forsocket scan create --report(creates report and exits with error if unhealthy)
Flags
Output flags
--json- Output as JSON--markdown- Output as Markdown
Other flags
--dry-run- Run without uploading--debug- Show debug output--help- Show help--max-old-space-size- Set Node.js memory limit--max-semi-space-size- Set Node.js heap size--version- Show version
Configuration files
Socket CLI reads socket.yml configuration files.
Supports version 2 format with projectIgnorePaths for excluding files from reports.
Environment variables
SOCKET_CLI_API_TOKEN- Socket API tokenSOCKET_CLI_CONFIG- JSON configuration objectSOCKET_CLI_GITHUB_API_URL- GitHub API base URLSOCKET_CLI_GIT_USER_EMAIL- Git user email (default:github-actions[bot]@users.noreply.github.com)SOCKET_CLI_GIT_USER_NAME- Git user name (default:github-actions[bot])SOCKET_CLI_GITHUB_TOKEN- GitHub token with repo access (alias:GITHUB_TOKEN)SOCKET_CLI_NO_API_TOKEN- Disable default API tokenSOCKET_CLI_NPM_PATH- Path to npm directorySOCKET_CLI_ORG_SLUG- Socket organization slugSOCKET_CLI_ACCEPT_RISKS- Accept npm/npx risksSOCKET_CLI_VIEW_ALL_RISKS- Show all npm/npx risks
Contributing
Run locally:
npm install
npm run build
npm exec socket
Development environment variables
SOCKET_CLI_API_BASE_URL- API base URL (default:https://api.socket.dev/v0/)SOCKET_CLI_API_PROXY- Proxy for API requests (aliases:HTTPS_PROXY,https_proxy,HTTP_PROXY,http_proxy)SOCKET_CLI_API_TIMEOUT- API request timeout in millisecondsSOCKET_CLI_DEBUG- Enable debug loggingDEBUG- Enabledebugpackage logging
See also
FAQs
CLI for Socket.dev
The npm package socket receives a total of 8,145 weekly downloads. As such, socket popularity was classified as popular.
We found that socket demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 12 Dec 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding - Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding - Dec 11, 2025