Socket
socket.devBlock zero-day supply chain attacks before they reach your code
Securitysupply-chain-securityopen-sourcedependency-scanningmalware-detectionnpmdeveloper-securitydevtools
About
Socket is a supply chain security platform that scans open source packages across major registries (npm, PyPI, RubyGems, etc.) for malicious behavior, vulnerabilities, and suspicious activity before they reach production code. It integrates with GitHub, VS Code, and CI/CD pipelines to provide real-time alerts and blocking of malicious dependencies. Customers include Vercel, Replit, and Brave, and it protects prominent open source projects like Next.js, Storybook, and MetaMask.
Problem
Malicious or compromised open source packages can introduce zero-day supply chain attacks into production code without developers noticing.
For
Software engineering teams and security leaders using open source dependencies
How it works
Socket scans every package and dependency update across major registries for malicious behavior and blocks harmful packages before they are installed or merged into code.
Business model
freemium
Status
launched
Company
Socket, Inc.