Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

SocketDev/socket-cli

Open more actions menu
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3,170 Commits
3,170 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Socket CLI

Socket Badge Follow @SocketSecurity

CLI for Socket.dev security analysis

Usage

npm install -g socket
socket --help

Commands

  • socket npm [args...] and socket npx [args...] - Wraps npm/npx with Socket security scanning

  • socket fix - Fix CVEs in dependencies

  • socket optimize - Optimize dependencies with @socketregistry overrides

  • socket cdxgen [command] - Run cdxgen for SBOM generation

  • socket patch <command> - Apply, manage, and rollback Socket security patches for vulnerable dependencies

Patch subcommands

Command Description
socket patch scan Scan installed packages for available security patches
socket patch get <uuid> --org <slug> Download a patch by UUID and store it locally
socket patch apply Apply downloaded patches to node_modules
socket patch rollback [purl|uuid] Rollback patches and restore original files
socket patch list [--json] List all patches in the local manifest
socket patch remove <purl|uuid> Remove a patch from the manifest (rolls back by default)
socket patch setup [--yes] Add socket patch apply to postinstall scripts
socket patch repair Download missing blobs and clean up unused blobs

Quick start:

# Scan for available patches, download, and apply.
socket patch scan
socket patch apply

# Or download a specific patch by UUID.
socket patch get <uuid> --org <org-slug>
socket patch apply

# Add to postinstall so patches reapply on npm install.
socket patch setup --yes

Free patches work without authentication. For paid patches, set SOCKET_CLI_API_TOKEN and SOCKET_CLI_ORG_SLUG.

Aliases

All aliases support the flags and arguments of the commands they alias.

  • socket ci - Alias for socket scan create --report (creates report and exits with error if unhealthy)

Flags

Output flags

  • --json - Output as JSON
  • --markdown - Output as Markdown

Other flags

  • --dry-run - Run without uploading
  • --debug - Show debug output
  • --help - Show help
  • --max-old-space-size - Set Node.js memory limit
  • --max-semi-space-size - Set Node.js heap size
  • --version - Show version

Configuration files

Socket CLI reads socket.yml configuration files. Supports version 2 format with projectIgnorePaths for excluding files from reports.

Environment variables

  • SOCKET_CLI_API_TOKEN - Socket API token
  • SOCKET_CLI_CONFIG - JSON configuration object
  • SOCKET_CLI_GITHUB_API_URL - GitHub API base URL
  • SOCKET_CLI_GIT_USER_EMAIL - Git user email (default: github-actions[bot]@users.noreply.github.com)
  • SOCKET_CLI_GIT_USER_NAME - Git user name (default: github-actions[bot])
  • SOCKET_CLI_GITHUB_TOKEN - GitHub token with repo access (alias: GITHUB_TOKEN)
  • SOCKET_CLI_NO_API_TOKEN - Disable default API token
  • SOCKET_CLI_NPM_PATH - Path to npm directory
  • SOCKET_CLI_ORG_SLUG - Socket organization slug
  • SOCKET_CLI_ACCEPT_RISKS - Accept npm/npx risks
  • SOCKET_CLI_VIEW_ALL_RISKS - Show all npm/npx risks

Contributing

Run locally:

npm install
npm run build
npm exec socket

Development environment variables

  • SOCKET_CLI_API_BASE_URL - API base URL (default: https://api.socket.dev/v0/)
  • SOCKET_CLI_API_PROXY - Proxy for API requests (aliases: HTTPS_PROXY, https_proxy, HTTP_PROXY, http_proxy)
  • SOCKET_CLI_API_TIMEOUT - API request timeout in milliseconds
  • SOCKET_CLI_DEBUG - Enable debug logging
  • DEBUG - Enable debug package logging

See also


Socket Logo

About

Command-line interface for socket.dev security analysis

Topics

Resources

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Contributors

Morty Proxy This is a proxified and sanitized view of the page, visit original site.