CLI for Socket.dev security analysis
npm install -g socket
socket --help
socket npm [args...] and socket npx [args...] - Wraps npm/npx with Socket security scanning
socket fix - Fix CVEs in dependencies
socket optimize - Optimize dependencies with @socketregistry overrides
socket cdxgen [command] - Run cdxgen for SBOM generation
All aliases support the flags and arguments of the commands they alias.
socket ci - Alias for socket scan create --report (creates report and exits with error if unhealthy)--json - Output as JSON--markdown - Output as Markdown--dry-run - Run without uploading--debug - Show debug output--help - Show help--max-old-space-size - Set Node.js memory limit--max-semi-space-size - Set Node.js heap size--version - Show versionSocket CLI reads socket.yml configuration files.
Supports version 2 format with projectIgnorePaths for excluding files from reports.
SOCKET_CLI_API_TOKEN - Socket API tokenSOCKET_CLI_CONFIG - JSON configuration objectSOCKET_CLI_GITHUB_API_URL - GitHub API base URLSOCKET_CLI_GIT_USER_EMAIL - Git user email (default: github-actions[bot]@users.noreply.github.com)SOCKET_CLI_GIT_USER_NAME - Git user name (default: github-actions[bot])SOCKET_CLI_GITHUB_TOKEN - GitHub token with repo access (alias: GITHUB_TOKEN)SOCKET_CLI_NO_API_TOKEN - Disable default API tokenSOCKET_CLI_NPM_PATH - Path to npm directorySOCKET_CLI_ORG_SLUG - Socket organization slugSOCKET_CLI_ACCEPT_RISKS - Accept npm/npx risksSOCKET_CLI_VIEW_ALL_RISKS - Show all npm/npx risksRun locally:
npm install
npm run build
npm exec socket
SOCKET_CLI_API_BASE_URL - API base URL (default: https://api.socket.dev/v0/)SOCKET_CLI_API_PROXY - Proxy for API requests (aliases: HTTPS_PROXY, https_proxy, HTTP_PROXY, http_proxy)SOCKET_CLI_API_TIMEOUT - API request timeout in millisecondsSOCKET_CLI_DEBUG - Enable debug loggingDEBUG - Enable debug package logging
FAQs
CLI for Socket.dev
The npm package socket receives a total of 6,515 weekly downloads. As such, socket popularity was classified as popular.
We found that socket demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Product
Socket Firewall Free is now bundled into Docker Hardened Images, adding build-time and dependency-install supply chain protection on top of hardened base images for Node.js, Python, and Rust.
Security News
Season’s greetings from Socket, and here’s to a calm end of year: clean dependencies, boring pipelines, no surprises.
Research
/Security News
Impostor NuGet package Tracer.Fody.NLog typosquats Tracer.Fody and its author, using homoglyph tricks, and exfiltrates Stratis wallet JSON/passwords to a Russian IP address.