Socket CLI

Secure your software supply chain from the command line

Socket CLI transparently protects developers from malware, typosquats and supply chain attacks. Scan projects, score packages, check policy, apply fixes, and protect installs directly from your terminal.

$ socket --help
CLI for Socket.dev
Usage
$ socket <command>
$ socket scan create --json
$ socket package score npm lodash --markdown
Main commands
socket loginSetup Socket CLI with an API token and defaults with an API token and defaults
socket scan createCreate a new Socket scan and report
socket npm/lodash@4.17.21Request the Socket score of a package
socket fixFix CVEs in dependencies
socket optimizeOptimize dependencies with @socketregistry overrides
socket cdxgenRun cdxgen for SBOM generation
socket ciAlias for "socket scan create --report"
Socket API
analyticsLook up analytics data
audit-logLook up the audit log for an organization
organizationManage Socket organization account details
packageLook up published package details
repositoryManage registered repositories
scanManage Socket scans
threat-feedView the threat-feed
Local tools
manifestGenerate a dependency manifest for certain ecosystems
npmnpm wrapper functionality
npxnpx wrapper functionality
raw-npmRun npm without the Socket wrapper
raw-npxRun npx without the Socket wrapper
Built for Developers

Manage Socket from the command line

$ socket scan create
$ socket package score
$ socket threat-feed
$ socket fix
$ socket ci
CLI Workflows

Automate security across developer workflows

Use Socket CLI to scan projects, check pull requests against security and license policy, access the threat feed, apply security fixes, optimize dependencies, and protect installs in real time.

$ npm i reacts
reacts@0.0.0 contains risks:
- Package name is similar to other popular packages and may not be the package you want.
Accept risks of installing this package (y/N)?
Why use Socket CLI

Complete security of your projects in the command line

  • Create security scans

    Run Socket scans from the terminal to review dependency risk, package issues, and project-level security findings.

  • Secure your PR workflow

    Check whether a pull request passes your organization’s security and license policy before it merges.

  • Lookup package risks

    Inspect package scores and supply chain signals across supported ecosystems from the command line.

Get Started

Cut through the noise and focus on real threats.

Get actionable alerts for the supply chain risks that matter. Socket highlights risky dependencies directly within the developer workflow.