@socketsecurity/cli
v0.9.3
Published
CLI tool for Socket.dev
Downloads
1,513
Keywords
Readme
Socket CLI
CLI tool for Socket.dev
Usage
npm install -g @socketsecurity/cli
socket --help
socket info [email protected]
socket report create package.json --view
socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
socket wrapper --enable
Commands
socket info <package@version>
- looks up issues for a packagesocket report create <path(s)-to-folder-or-file>
- creates a report on socket.devUploads the specified
package.json
and lock files for JavaScript, Python, and Go dependency manifests. If any folder is specified, the ones found in there recursively are uploaded.Supports globbing such as
**/package.json
,**/requirements.txt
,**/pyproject.toml
, and**/go.mod
.Ignores any file specified in your project's
.gitignore
, theprojectIgnorePaths
in your project'ssocket.yml
and on top of that has a sensible set of default ignoressocket report view <report-id>
- looks up issues and scores from a reportsocket wrapper --enable
andsocket wrapper --disable
- Enables and disables the Socket 'safe-npm' wrapper.socket raw-npm
andsocket raw-npx
- Temporarily disables the Socket 'safe-npm' wrapper.
Aliases
All aliases supports flags and arguments of the commands they alias.
socket ci
- alias forsocket report create --view --strict
which creates a report and quits with an exit code if the result is unhealthy. Use like eg.socket ci .
for a report for the current folder
Flags
Command specific flags
--view
- when set onsocket report create
the command will immediately do asocket report view
style view of the created report, waiting for the server to complete it
Output flags
--json
- outputs result as json which you can then pipe intojq
and other tools--markdown
- outputs result as markdown which you can then copy into an issue, PR or even chat
Strictness flags
--all
- by default onlyhigh
andcritical
issues are included, by setting this flag all issues will be included--strict
- when set, exits with an error code if report result is deemed unhealthy
Other flags
--dry-run
- like all CLI tools that perform an action should have, we have a dry run flag. Eg.socket report create
supports running the command without actually uploading anything--debug
- outputs additional debug output. Great for debugging, geeks and us who develop. Hopefully you will never need it, but it can still be fun, right?--help
- prints the help for the current command. All CLI tools should have this flag--version
- prints the version of the tool. All CLI tools should have this flag
Configuration files
The CLI reads and uses data from a socket.yml
file in the folder you run it in. It supports the version 2 of the socket.yml
file format and makes use of the projectIgnorePaths
to excludes files when creating a report.
Environment variables
SOCKET_SECURITY_API_KEY
- if set, this will be used as the API-key
Contributing
Environment variables for development
SOCKET_SECURITY_API_BASE_URL
- if set, this will be the base for all API-calls. Defaults tohttps://api.socket.dev/v0/
SOCKET_SECURITY_API_PROXY
- if set to something likehttp://127.0.0.1:9090
, then all request will be proxied through that proxy
Similar projects
@socketsecurity/sdk
- the SDK used in this CLI
See also
- Announcement blog post
- Socket API Reference - the API used in this CLI
- Socket GitHub App - the plug-and-play GitHub App