npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@socketsecurity/cli

v0.9.3

Published

CLI tool for Socket.dev

Downloads

1,513

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jhieseyjhieseysocket-botsocket-botbradleymeckbradleymeckalxhotelalxhotelferossfeross

Keywords

Readme

Socket CLI

Socket Badge npm version js-standard-style Follow @SocketSecurity

CLI tool for Socket.dev

Usage

npm install -g @socketsecurity/cli
socket --help
socket info [email protected]
socket report create package.json --view
socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
socket wrapper --enable

Commands

  • socket info <package@version> - looks up issues for a package

  • socket report create <path(s)-to-folder-or-file> - creates a report on socket.dev

    Uploads the specified package.json and lock files for JavaScript, Python, and Go dependency manifests. If any folder is specified, the ones found in there recursively are uploaded.

    Supports globbing such as **/package.json, **/requirements.txt, **/pyproject.toml, and **/go.mod.

    Ignores any file specified in your project's .gitignore, the projectIgnorePaths in your project's socket.yml and on top of that has a sensible set of default ignores

  • socket report view <report-id> - looks up issues and scores from a report

  • socket wrapper --enable and socket wrapper --disable - Enables and disables the Socket 'safe-npm' wrapper.

  • socket raw-npm and socket raw-npx - Temporarily disables the Socket 'safe-npm' wrapper.

Aliases

All aliases supports flags and arguments of the commands they alias.

  • socket ci - alias for socket report create --view --strict which creates a report and quits with an exit code if the result is unhealthy. Use like eg. socket ci . for a report for the current folder

Flags

Command specific flags

  • --view - when set on socket report create the command will immediately do a socket report view style view of the created report, waiting for the server to complete it

Output flags

  • --json - outputs result as json which you can then pipe into jq and other tools
  • --markdown - outputs result as markdown which you can then copy into an issue, PR or even chat

Strictness flags

  • --all - by default only high and critical issues are included, by setting this flag all issues will be included
  • --strict - when set, exits with an error code if report result is deemed unhealthy

Other flags

  • --dry-run - like all CLI tools that perform an action should have, we have a dry run flag. Eg. socket report create supports running the command without actually uploading anything
  • --debug - outputs additional debug output. Great for debugging, geeks and us who develop. Hopefully you will never need it, but it can still be fun, right?
  • --help - prints the help for the current command. All CLI tools should have this flag
  • --version - prints the version of the tool. All CLI tools should have this flag

Configuration files

The CLI reads and uses data from a socket.yml file in the folder you run it in. It supports the version 2 of the socket.yml file format and makes use of the projectIgnorePaths to excludes files when creating a report.

Environment variables

  • SOCKET_SECURITY_API_KEY - if set, this will be used as the API-key

Contributing

Environment variables for development

  • SOCKET_SECURITY_API_BASE_URL - if set, this will be the base for all API-calls. Defaults to https://api.socket.dev/v0/
  • SOCKET_SECURITY_API_PROXY - if set to something like http://127.0.0.1:9090, then all request will be proxied through that proxy

Similar projects

See also