CLI tool for Socket.dev
npm install -g socket
socket --help-
socket npm [args...]andsocket npx [args...]- Wrapsnpmandnpxto integrate Socket and preempt installation of alerted packages using the builtin resolution ofnpmto precisely determine package installations. -
socket optimize- Optimize dependencies with@socketregistryoverrides! (👀 our blog post)--pin- Pin overrides to their latest version.--prod- Add overrides for only production dependencies.
-
socket cdxgen [command]- Call out to cdxgen. See their documentation for commands.
All aliases support the flags and arguments of the commands they alias.
socket ci- alias forsocket report create --view --strictwhich creates a report and quits with an exit code if the result is unhealthy. Use like eg.socket ci .for a report for the current folder
--view- when set onsocket report createthe command will immediately do asocket report viewstyle view of the created report, waiting for the server to complete it
--json- outputs result as json which you can then pipe intojqand other tools--markdown- outputs result as markdown which you can then copy into an issue, PR or even chat
--all- by default onlyhighandcriticalissues are included, by setting this flag all issues will be included--strict- when set, exits with an error code if report result is deemed unhealthy
--dry-run- like all CLI tools that perform an action should have, we have a dry run flag. Eg.socket report createsupports running the command without actually uploading anything--debug- outputs additional debug output. Great for debugging, geeks and us who develop. Hopefully you will never need it, but it can still be fun, right?--help- prints the help for the current command. All CLI tools should have this flag--version- prints the version of the tool. All CLI tools should have this flag
The CLI reads and uses data from a
socket.yml file in the folder you
run it in. It supports the version 2 of the socket.yml file format and makes
use of the projectIgnorePaths to excludes files when creating a report.
SOCKET_SECURITY_API_TOKEN- if set, this will be used as the API-key
To run dev locally you can run these steps
npm install
npm run build:dist
npm exec socket
That should invoke it from local sources. If you make changes you run
build:dist again.
SOCKET_SECURITY_API_BASE_URL- if set, this will be the base for all API-calls. Defaults tohttps://api.socket.dev/v0/SOCKET_SECURITY_API_PROXY- if set to something likehttp://127.0.0.1:9090, then all request will be proxied through that proxy
@socketsecurity/sdk- the SDK used in this CLI
- Announcement blog post
- Socket API Reference - the API used in this CLI
- Socket GitHub App - the plug-and-play GitHub App