Socket Security
AppProtect your app from malicious open source dependencies
By SocketDev
7,070 installs
Tags
(2)Verified
#
Select a tab navigation
Prevent malicious open source dependencies from infiltrating your apps.
Socket dramatically improves your open source security posture by detecting and blocking the attacks you don't expect – malware, install scripts, hidden code, typo-squatting, and more – which aren't caught by traditional vulnerability scanners.
- Block malware – Block emerging malware threats
- Block typo-squatting – Block malicious packages that differ in name by only a few characters
- Detect hidden code – Detect obfuscated, minified, or hidden code
- Detect privileged API usage – Report when a dependency update introduces new risky API usage – filesystem, network, child_process, eval()
- Detect suspicious updates – Sudden inclusion of privileged APIs in patch or minor releases
Socket currently supports 70 detections in 5 categories: supply chain risk, quality, maintenance, known vulnerabilities, and license problems.
Analyze an entire project to find supply chain risks with Project Health Reports
Socket welcome page
Supported languages
(4)Plans and #
Socket Free for personal and organization accounts
$0- Analyze your project to find supply chain risks
- Detect 70+ red flags in open source code, including malware, typo-squatting, and more
- Prevent compromised packages from infiltrating your supply chain
- Warn developers using risky dependencies and educate them + encourage good behavior
Socket Security is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation