Skip to content

SocketDev/socket-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3,128 Commits
.claude/skills/bump-coana
.claude/skills/bump-coana
 
 
.config
.config
 
 
.github/workflows
.github/workflows
 
 
.husky
.husky
 
 
.vscode
.vscode
 
 
bin
bin
 
 
patches
patches
 
 
scripts
scripts
 
 
shadow-bin
shadow-bin
 
 
src
src
 
 
test
test
 
 
.editorconfig
.editorconfig
 
 
.env.dist
.env.dist
 
 
.env.external
.env.external
 
 
.env.precommit
.env.precommit
 
 
.env.test
.env.test
 
 
.env.testu
.env.testu
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.oxlintignore
.oxlintignore
 
 
.oxlintrc.json
.oxlintrc.json
 
 
.pnpmrc
.pnpmrc
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CLAUDE.md
CLAUDE.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
biome.json
biome.json
 
 
eslint.config.js
eslint.config.js
 
 
knip.json
knip.json
 
 
logo-dark.png
logo-dark.png
 
 
logo-light.png
logo-light.png
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
requirements.json
requirements.json
 
 
sd
sd
 
 
socket.yml
socket.yml
 
 
taze.config.mts
taze.config.mts
 
 
translations.json
translations.json
 
 
tsconfig.dts.json
tsconfig.dts.json
 
 
tsconfig.json
tsconfig.json
 
 
vitest.config.mts
vitest.config.mts
 
 
vitest.e2e.config.mts
vitest.e2e.config.mts
 
 

Repository files navigation

Socket CLI

Socket Badge Follow @SocketSecurity

CLI for Socket.dev security analysis

Usage

npm install -g socket
socket --help

Commands

  • socket npm [args...] and socket npx [args...] - Wraps npm/npx with Socket security scanning

  • socket fix - Fix CVEs in dependencies

  • socket optimize - Optimize dependencies with @socketregistry overrides

  • socket cdxgen [command] - Run cdxgen for SBOM generation

  • socket patch <command> - Apply, manage, and rollback Socket security patches for vulnerable dependencies

Patch subcommands

Command Description
socket patch scan Scan installed packages for available security patches
socket patch get <uuid> --org <slug> Download a patch by UUID and store it locally
socket patch apply Apply downloaded patches to node_modules
socket patch rollback [purl|uuid] Rollback patches and restore original files
socket patch list [--json] List all patches in the local manifest
socket patch remove <purl|uuid> Remove a patch from the manifest (rolls back by default)
socket patch setup [--yes] Add socket patch apply to postinstall scripts
socket patch repair Download missing blobs and clean up unused blobs

Quick start:

# Scan for available patches, download, and apply.
socket patch scan
socket patch apply

# Or download a specific patch by UUID.
socket patch get <uuid> --org <org-slug>
socket patch apply

# Add to postinstall so patches reapply on npm install.
socket patch setup --yes

Free patches work without authentication. For paid patches, set SOCKET_CLI_API_TOKEN and SOCKET_CLI_ORG_SLUG.

Aliases

All aliases support the flags and arguments of the commands they alias.

  • socket ci - Alias for socket scan create --report (creates report and exits with error if unhealthy)

Flags

Output flags

  • --json - Output as JSON
  • --markdown - Output as Markdown

Other flags

  • --dry-run - Run without uploading
  • --debug - Show debug output
  • --help - Show help
  • --max-old-space-size - Set Node.js memory limit
  • --max-semi-space-size - Set Node.js heap size
  • --version - Show version

Configuration files

Socket CLI reads socket.yml configuration files. Supports version 2 format with projectIgnorePaths for excluding files from reports.

Environment variables

  • SOCKET_CLI_API_TOKEN - Socket API token
  • SOCKET_CLI_CONFIG - JSON configuration object
  • SOCKET_CLI_GITHUB_API_URL - GitHub API base URL
  • SOCKET_CLI_GIT_USER_EMAIL - Git user email (default: github-actions[bot]@users.noreply.github.com)
  • SOCKET_CLI_GIT_USER_NAME - Git user name (default: github-actions[bot])
  • SOCKET_CLI_GITHUB_TOKEN - GitHub token with repo access (alias: GITHUB_TOKEN)
  • SOCKET_CLI_NO_API_TOKEN - Disable default API token
  • SOCKET_CLI_NPM_PATH - Path to npm directory
  • SOCKET_CLI_ORG_SLUG - Socket organization slug
  • SOCKET_CLI_ACCEPT_RISKS - Accept npm/npx risks
  • SOCKET_CLI_VIEW_ALL_RISKS - Show all npm/npx risks

Contributing

Run locally:

npm install
npm run build
npm exec socket

Development environment variables

  • SOCKET_CLI_API_BASE_URL - API base URL (default: https://api.socket.dev/v0/)
  • SOCKET_CLI_API_PROXY - Proxy for API requests (aliases: HTTPS_PROXY, https_proxy, HTTP_PROXY, http_proxy)
  • SOCKET_CLI_API_TIMEOUT - API request timeout in milliseconds
  • SOCKET_CLI_DEBUG - Enable debug logging
  • DEBUG - Enable debug package logging

See also


Socket Logo

About

The Socket CLI

socket.dev/npm/package/socket

Topics

cli security

Resources

Readme

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

250 stars

Watchers

15 watching

Forks

42 forks
Report repository

Releases 74

v0.14.67 Latest
Mar 25, 2025
+ 73 releases

Packages

 
 
 

Contributors

Languages