Application
Socket Security
Prevent malicious open source dependencies from infiltrating your apps.
Socket dramatically improves your open source security posture by detecting and blocking the attacks you don't expect – malware, install scripts, hidden code, typo-squatting, and more – which aren't caught by traditional vulnerability scanners.
- Block malware – Block emerging malware threats
- Block typo-squatting – Block malicious packages that differ in name by only a few characters
- Detect hidden code – Detect obfuscated, minified, or hidden code
- Detect privileged API usage – Report when a dependency update introduces new risky API usage – filesystem, network, child_process, eval()
- Detect suspicious updates – Sudden inclusion of privileged APIs in patch or minor releases
Socket currently supports 70 detections in 5 categories: supply chain risk, quality, maintenance, known vulnerabilities, and license problems.
Analyze an entire project to find supply chain risks with Project Health Reports
Socket welcome page
Pricing and setup
Socket Security
Free
Socket Free for personal and organization accounts
- Analyze your project to find supply chain risks
- Detect 70+ red flags in open source code, including malware, typo-squatting, and more
- Prevent compromised packages from infiltrating your supply chain
- Warn developers using risky dependencies and educate them + encourage good behavior
Socket Security is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.