Jump to Content
Documentation
API Reference
v0
Log In
Documentation
Log In
Moon (Dark Mode)
Sun (Light Mode)
v0
Documentation
API Reference
Search
Introduction
Getting started
FAQ
SOCKET ALERTS
Reachability Analysis
Dependency Reachability
Precomputed Reachability
Full Application Reachability
Static Reachability Analysis
Phantom Dependencies
Ecosystem Support
Scala setup instructions
Kotlin setup instructions
Gradle setup instructions (for Java, Kotlin, and Scala)
Anaconda setup instructions
Alert Types
Alert Types Support
Alert Categories
Vulnerability
Critical CVE
High CVE
Medium CVE
Low CVE
Supply Chain Risk
Known malware
Possible typosquat attack
AI-detected potential malware
Git dependency
GitHub dependency
HTTP dependency
Obfuscated code
Protestware or potentially unwanted behavior
Telemetry
Unstable ownership
AI-detected potential security risk
Native code
Network access
Non-existent author
Potential vulnerability
Shell access
Trivial Package
Uses eval
AI-detected potential code anomaly
Environment variable access
Filesystem access
High entropy strings
New author
JS-only: NPM Shrinkwrap
JS-only: Install scripts
JS-only: Manifest confusion
JS-only: Debug access
JS-only: Dynamic require
Quality
Unpopular package
Minified code
JS-only: Bad dependency semver
JS-only: Wildcard dependency
Maintenance
Deprecated
Unmaintained
License
Explicitly Unlicensed Item
Misc. License Issues
Ambiguous License Classifier
Copyleft License
License Exception
No License Found
Non-permissive License
Unidentified License
Alert Actions
Alert Purpose Definitions
Alert Actions and Triage Functionality
Package Scores
Manifest File Detection in Socket
SOCKET DASHBOARD
Organization Alerts
Dependency Search
Repositories
Scans
Security Policy (Default Enabled Alerts)
Customizable Security Policies
License Policy
Threat Feed
Package Search
Users
Settings
API Tokens
Audit Log
Integrations
Slack
Vanta
SSO (Single Sign-On)
Integrations
SSO (Single Sign-On)
Slack alerts
Vanta integration
Socket for GitHub
Guide to Socket for GitHub
Install the App
Ignoring pull request alerts
socket.yml
What to do when you receive an alert
GitHub App Permissions
Enable branch protection
Understanding "Act on Your Behalf" Permission
CI/CD INTEGRATIONS
Socket for GitHub Actions
Socket for Gitlab Pipeline
Socket for Bitbucket Pipeline
Socket for Jenkins Jobs
Socket for Azure DevOps (ADO Classic)
Socket for Azure DevOps (Yaml)
Create Socket API Key for CI/CD
Socket CLI
Guide to Socket CLI
v1 Migration guide
Socket CLI Commands
socket analytics
socket audit-log
socket ci
socket login
socket logout
socket manifest
socket manifest cdxgen
socket npm & socket npx
socket organization
socket optimize
socket package
socket raw-npm
socket raw-npx
socket repository
socket scan
socket threat-feed
socket wrapper
Socket CLI FAQ
safe-npm FAQ
Supported Node.js Versions
socket.json
SOCKET MCP
Guide to Socket MCP
Remote Socket MCP
Local Socket MCP
Socket MCP for Claude Desktop
Socket for VS Code
Guide to Socket for VS Code
SOCKET REST API
Socket REST API
Socket JavaScript SDK
Socket Python SDK
Socket Chrome Extension
Guide to Socket Chrome Extension
Extension Permissions
Deploying via Google Workspace
Next steps
Join the community
Contact support
Advanced
Sample Malware Packages
Known issues
Incremental Rollout
Tool Configuration Files
Suggest
