Socket
Block zero-day supply chain attacks before they reach your code

Socket is a supply chain security platform that scans open source packages across major registries (npm, PyPI, RubyGems, etc.) for malicious behavior, vulnerabilities, and suspicious activity before they reach production code. It integrates with GitHub, VS Code, and CI/CD pipelines to provide real-time alerts and blocking of malicious dependencies. Customers include Vercel, Replit, and Brave, and it protects prominent open source projects like Next.js, Storybook, and MetaMask.
Socket scans every package and dependency update across major registries for malicious behavior and blocks harmful packages before they are installed or merged into code.
Software engineering teams and security leaders using open source dependencies
Background.
- Status
- launched
- Business model
- freemium
- Company
- Socket, Inc.
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.