Socket CLI

CLI tool for Socket.dev

Usage

npm install -g socket
socket --help

Commands

• socket npm [args...] and socket npx [args...] - Wraps npm and npx to integrate Socket.dev and preempt installation of alerted packages using the builtin resolution of npm to precisely determine package installations

• socket optimize - Optimize dependencies with @socketregistry overrides (👀 our blog post)

  • --pin - Pin overrides to their latest version
  • --prod - Add overrides for only production dependencies

• socket cdxgen [command] - Call out to cdxgen. See their documentation for commands.

Aliases

All aliases support the flags and arguments of the commands they alias.

• socket ci - alias for socket scan create --report which creates a report for the current directory and quits with an exit code if the result is unhealthy

Flags

Output flags

• --json - Outputs result as JSON which can be piped into jq and other tools
• --markdown - Outputs result as Markdown which can be copied into issues, pull requests, or chats

Other flags

• --dry-run - Run a command without uploading anything
• --debug - Output additional debug
• --help - Prints help documentation
• --max-old-space-size - Set Node's V8 --max-old-space-size option
• --max-semi-space-size - Set Node's V8 --max-semi-space-size option
• --version - Prints the Socket CLI version

Configuration files

Socket CLI reads and uses data from a socket.yml file in the folder you run it in. It supports the version 2 of the socket.yml file format and makes use of the projectIgnorePaths to excludes files when creating a report.

Environment variables

• SOCKET_CLI_API_TOKEN - Set the Socket API token
• SOCKET_CLI_CONFIG - A JSON stringified Socket configuration object
• SOCKET_CLI_GIT_USER_EMAIL - The git config user.email used by Socket CLI
  Defaults: github-actions[bot]@users.noreply.github.com
  
• SOCKET_CLI_GIT_USER_NAME - The git config user.name used by Socket CLI
  Defaults: github-actions[bot]
  
• SOCKET_CLI_GITHUB_TOKEN - A classic or fine-grained GitHub personal access token with the "repo" scope or read/write permissions set for "Contents" and "Pull Request"
  Aliases: GITHUB_TOKEN
  
• SOCKET_CLI_NO_API_TOKEN - Make the default API token undefined
• SOCKET_CLI_NPM_PATH - The absolute location of the npm directory
• SOCKET_CLI_ORG_SLUG - Specify the Socket organization slug
  
  
• SOCKET_CLI_ACCEPT_RISKS - Accept risks of a Socket wrapped npm/npx run
• SOCKET_CLI_VIEW_ALL_RISKS - View all risks of a Socket wrapped npm/npx run

Contributing

Setup

To run locally execute the following commands:

npm install
npm run build
npm exec socket

Environment variables for development

• SOCKET_CLI_API_BASE_URL - Change the base URL for all API-calls
  Defaults: The "apiBaseUrl" value of socket/settings local app data if present, else https://api.socket.dev/v0/
  
• SOCKET_CLI_API_PROXY - Set the proxy all requests are routed through, e.g. if set to
  http://127.0.0.1:9090, then all request are passed through that proxy
  Aliases: HTTPS_PROXY, https_proxy, HTTP_PROXY, and http_proxy
  
• SOCKET_CLI_DEBUG - Enable debug logging in Socket CLI
• DEBUG - Enable debug logging based on the debug package

See also

• Announcement blog post
• Socket API Reference - The API used by Socket CLI
• Socket GitHub App - The plug-and-play GitHub App
• @socketsecurity/sdk - The SDK used by Socket CLI