npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@socketsecurity/cli

v1.1.73

Published

CLI for Socket.dev

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

socket-botsocket-botferossfeross

Keywords

Readme

Socket CLI

Socket Badge Follow @SocketSecurity

CLI for Socket.dev security analysis

Usage

npm install -g socket
socket --help

Commands

  • socket npm [args...] and socket npx [args...] - Wraps npm/npx with Socket security scanning

  • socket fix - Fix CVEs in dependencies

  • socket optimize - Optimize dependencies with @socketregistry overrides

  • socket cdxgen [command] - Run cdxgen for SBOM generation

  • socket patch <command> - Apply, manage, and rollback Socket security patches for vulnerable dependencies

Patch subcommands

| Command | Description | |---------|-------------| | socket patch scan | Scan installed packages for available security patches | | socket patch get <uuid> --org <slug> | Download a patch by UUID and store it locally | | socket patch apply | Apply downloaded patches to node_modules | | socket patch rollback [purl\|uuid] | Rollback patches and restore original files | | socket patch list [--json] | List all patches in the local manifest | | socket patch remove <purl\|uuid> | Remove a patch from the manifest (rolls back by default) | | socket patch setup [--yes] | Add socket patch apply to postinstall scripts | | socket patch repair | Download missing blobs and clean up unused blobs |

Quick start:

# Scan for available patches, download, and apply.
socket patch scan
socket patch apply

# Or download a specific patch by UUID.
socket patch get <uuid> --org <org-slug>
socket patch apply

# Add to postinstall so patches reapply on npm install.
socket patch setup --yes

Free patches work without authentication. For paid patches, set SOCKET_CLI_API_TOKEN and SOCKET_CLI_ORG_SLUG.

Aliases

All aliases support the flags and arguments of the commands they alias.

  • socket ci - Alias for socket scan create --report (creates report and exits with error if unhealthy)

Flags

Output flags

  • --json - Output as JSON
  • --markdown - Output as Markdown

Other flags

  • --dry-run - Run without uploading
  • --debug - Show debug output
  • --help - Show help
  • --max-old-space-size - Set Node.js memory limit
  • --max-semi-space-size - Set Node.js heap size
  • --version - Show version

Configuration files

Socket CLI reads socket.yml configuration files. Supports version 2 format with projectIgnorePaths for excluding files from reports.

Environment variables

  • SOCKET_CLI_API_TOKEN - Socket API token
  • SOCKET_CLI_CONFIG - JSON configuration object
  • SOCKET_CLI_GITHUB_API_URL - GitHub API base URL
  • SOCKET_CLI_GIT_USER_EMAIL - Git user email (default: github-actions[bot]@users.noreply.github.com)
  • SOCKET_CLI_GIT_USER_NAME - Git user name (default: github-actions[bot])
  • SOCKET_CLI_GITHUB_TOKEN - GitHub token with repo access (alias: GITHUB_TOKEN)
  • SOCKET_CLI_NO_API_TOKEN - Disable default API token
  • SOCKET_CLI_NPM_PATH - Path to npm directory
  • SOCKET_CLI_ORG_SLUG - Socket organization slug
  • SOCKET_CLI_ACCEPT_RISKS - Accept npm/npx risks
  • SOCKET_CLI_VIEW_ALL_RISKS - Show all npm/npx risks

Contributing

Run locally:

npm install
npm run build
npm exec socket

Development environment variables

  • SOCKET_CLI_API_BASE_URL - API base URL (default: https://api.socket.dev/v0/)
  • SOCKET_CLI_API_PROXY - Proxy for API requests (aliases: HTTPS_PROXY, https_proxy, HTTP_PROXY, http_proxy)
  • SOCKET_CLI_API_TIMEOUT - API request timeout in milliseconds
  • SOCKET_CLI_DEBUG - Enable debug logging
  • DEBUG - Enable debug package logging

See also