Socket.dev

AI-Powered Open Source

Supply chain security for open-source dependencies. Detects malicious packages, typosquats, and compromised maintainers before they reach your project.

About

Socket.dev provides proactive supply chain security by analyzing npm, PyPI, and Go packages for malicious behavior. Unlike traditional vulnerability scanners that only check known CVEs, Socket detects suspicious package behaviors like network access, filesystem operations, and obfuscated code. It integrates directly into GitHub pull requests to flag risky dependency changes before they're merged.

Categories

Supply Chain

Chains

Install

npm install -g socket

Related Tools

Snyk

Pairs with Socket.dev

npm audit

Pairs with Socket.dev

Quick Info

Pricing
freemium
Open Source
Yes
Last Updated
2026-04-01

Links

Website GitHub Documentation