Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

socket

Package Overview
Dependencies
Maintainers
0
Versions
18
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

socket

CLI tool for Socket.dev

  • 0.14.14
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
820
decreased by-38.25%
Maintainers
0
Weekly downloads
 
Created
Source

Socket CLI

Socket Badge Follow @SocketSecurity

CLI tool for Socket.dev

Usage

npm install -g socket
socket --help
socket info webtorrent@1.9.1
socket report create package.json --view
socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
socket wrapper --enable

Commands

  • socket info <package@version> - Look up issues for a package.

  • socket optimize - Optimize dependencies with @socketregistry overrides

    • --pin - Pin overrides to their latest version
  • socket raw-npm and socket raw-npx - Temporarily disable the Socket 'safe-npm' wrapper.

  • socket report create <path(s)-to-folder-or-file> - creates a report on socket.dev

    Upload the specified package.json and lock files for JavaScript, Python, and Go dependency manifests. If any folder is specified, the ones found in there recursively are uploaded.

    Supports globbing such as **/package.json, **/requirements.txt, **/pyproject.toml, and **/go.mod.

    Ignores any file specified in your project's .gitignore, the projectIgnorePaths in your project's socket.yml and on top of that has a sensible set of default ignores

  • socket report view <report-id> - Look up issues and scores from a report.

  • socket wrapper --enable and socket wrapper --disable - Enable and disable the Socket 'safe-npm' wrapper.

Aliases

All aliases support the flags and arguments of the commands they alias.

  • socket ci - alias for socket report create --view --strict which creates a report and quits with an exit code if the result is unhealthy. Use like eg. socket ci . for a report for the current folder

Flags

Command specific flags

  • --view - when set on socket report create the command will immediately do a socket report view style view of the created report, waiting for the server to complete it

Output flags

  • --json - outputs result as json which you can then pipe into jq and other tools
  • --markdown - outputs result as markdown which you can then copy into an issue, PR or even chat

Strictness flags

  • --all - by default only high and critical issues are included, by setting this flag all issues will be included
  • --strict - when set, exits with an error code if report result is deemed unhealthy

Other flags

  • --dry-run - like all CLI tools that perform an action should have, we have a dry run flag. Eg. socket report create supports running the command without actually uploading anything
  • --debug - outputs additional debug output. Great for debugging, geeks and us who develop. Hopefully you will never need it, but it can still be fun, right?
  • --help - prints the help for the current command. All CLI tools should have this flag
  • --version - prints the version of the tool. All CLI tools should have this flag

Configuration files

The CLI reads and uses data from a socket.yml file in the folder you run it in. It supports the version 2 of the socket.yml file format and makes use of the projectIgnorePaths to excludes files when creating a report.

Environment variables

  • SOCKET_SECURITY_API_KEY - if set, this will be used as the API-key

Contributing

Environment variables for development

  • SOCKET_SECURITY_API_BASE_URL - if set, this will be the base for all API-calls. Defaults to https://api.socket.dev/v0/
  • SOCKET_SECURITY_API_PROXY - if set to something like http://127.0.0.1:9090, then all request will be proxied through that proxy

Similar projects

See also

FAQs

Package last updated on 29 Oct 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc