Congrats to Feross Aboukhadijeh and the Socket team on the progress and capital raise to accelerate growth. Defending open source from supply chain attacks is key for the future of enterprise software and technological innovation!
Secure your software supply chain from the command line
Socket CLI transparently protects developers from malware, typosquats and supply chain attacks. Scan projects, score packages, check policy, apply fixes, and protect installs directly from your terminal.
$ socket --help
CLI for Socket.dev
Usage
$ socket <command>
$ socket scan create --json
$ socket package score npm lodash --markdown
Main commands
socket loginSetup Socket CLI with an API token and defaults with an API token and defaults
socket scan createCreate a new Socket scan and report
socket npm/lodash@4.17.21Request the Socket score of a package
socket fixFix CVEs in dependencies
socket optimizeOptimize dependencies with @socketregistry overrides
socket cdxgenRun cdxgen for SBOM generation
socket ciAlias for "socket scan create --report"
Socket API
analyticsLook up analytics data
audit-logLook up the audit log for an organization
organizationManage Socket organization account details
packageLook up published package details
repositoryManage registered repositories
scanManage Socket scans
threat-feedView the threat-feed
Local tools
manifestGenerate a dependency manifest for certain ecosystems
npmnpm wrapper functionality
npxnpx wrapper functionality
raw-npmRun npm without the Socket wrapper
raw-npxRun npx without the Socket wrapper

$ npm i reacts
reacts@0.0.0 contains risks:
- Package name is similar to other popular packages and may not be the package you want.
Accept risks of installing this package (y/N)?
Complete security of your projects in the command line
Create security scans
Run Socket scans from the terminal to review dependency risk, package issues, and project-level security findings.
Secure your PR workflow
Check whether a pull request passes your organization’s security and license policy before it merges.
Lookup package risks
Inspect package scores and supply chain signals across supported ecosystems from the command line.

