Skip to content

api-evangelist/socket-dev

BranchesTags

Repository files navigation

Socket (socket-dev)

Socket is a developer-first supply-chain security platform that protects applications from malicious dependencies, vulnerable packages, license risk, and software-supply-chain attacks across npm, PyPI, Go, Maven, Cargo, NuGet, RubyGems, and other open-source ecosystems. Socket ships a hosted API, CLI, MCP server, Firewall package-installer proxy (sfw), GitHub App, IDE extensions, SDKs, and reusable integrations for Jira, Slack, GitHub, GitLab, Bitbucket, Azure DevOps, and Microsoft Teams. The Socket API exposes 70+ alert categories — malware, typo- squats, install scripts, telemetry, native code, crypto wallets, suspicious network activity, license issues — plus full-scan reports with SBOM export (CycloneDX, SPDX, OpenVEX), diff scans for pull requests, a triage workflow, webhooks, and a real-time threat feed of newly discovered malicious packages.

APIs.json: https://raw.githubusercontent.com/api-evangelist/socket-dev/refs/heads/main/apis.yml

Scope

  • Access: 3rd-Party

Tags

  • Supply Chain Security
  • Open Source Security
  • Software Composition Analysis
  • SCA
  • Malware Detection
  • Dependency Scanning
  • SBOM
  • npm
  • PyPI
  • Go
  • Maven
  • Cargo
  • NuGet
  • RubyGems
  • Developer Security

Timestamps

  • Created: 2026-05-25
  • Modified: 2026-05-25

APIs

Socket Packages API

Look up risk scores, alerts, capabilities, license, and supply-chain metadata for any open-source package by Package URL (purl). Supports npm, PyPI, Go, Maven, Cargo, NuGet, RubyGems, and other ecosystems. The /purl endpoint accepts a list of package URLs and returns Socket's enriched package facts including capability use, telemetry, alert categories, and depscore.

Tags

  • Packages
  • Supply Chain Security
  • Risk Scoring
  • PURL

Properties

Socket Full Scans API

Create, list, fetch, rescan, archive, and export full-scan reports for an organization's repos. Upload manifest files (package.json, requirements.txt, go.mod, pom.xml, Cargo.toml, etc.) and Socket returns a full dependency graph with alerts. Exports include CDX (CycloneDX), SPDX, OpenVEX, CSV, PDF, and GFM diff formats.

Tags

  • Full Scans
  • Supply Chain Security
  • SBOM
  • CycloneDX
  • SPDX
  • OpenVEX

Properties

Socket Diff Scans API

Compute and inspect diff scans between two full scans — the engine that powers Socket's pull-request comments. Identifies added, removed, and modified dependencies with their security implications. Returns added/removed alerts in JSON or GFM markdown. Diff scans can be created from full-scan IDs or from a target repo branch.

Tags

  • Diff Scans
  • Supply Chain Security
  • Pull Request
  • Change Detection

Properties

Socket Alerts API

Query current and historical security alerts for an organization across all scans, repos, and packages. Supports trend analysis, filtering by alert type and severity, and full-scan attribution. Backed by Socket's catalog of 70+ alert categories covering malware, typosquats, install scripts, telemetry, native code, crypto wallets, and other supply-chain risks.

Tags

  • Alerts
  • Supply Chain Security
  • Historical Analytics

Properties

Socket Triage API

Triage workflow for alerts — list and update the disposition (ignore, acknowledge, escalate, allow) of any alert in an organization. Comments and decision history are recorded for audit. Triage is the human-in-the-loop counterpart to Socket's automated security gates.

Tags

  • Triage
  • Alerts
  • Workflow
  • Governance

Properties

Socket Repos API

Manage the repositories Socket is monitoring inside an organization, plus repo labels for policy targeting. CRUD repos, attach/detach labels, and configure per-label settings that override organization-level security and license policies.

Tags

  • Repositories
  • Labels
  • Organization

Properties

Socket Organization Settings API

Configure Socket at the organization level — security policy (which alerts block/warn/ignore), license policy (allowed/denied SPDX identifiers), telemetry collection toggles, Socket Basics SAST/Secrets/Container scanning configuration, and integration event hooks for GitHub/GitLab/Bitbucket apps.

Tags

  • Organization Settings
  • Security Policy
  • License Policy
  • Telemetry

Properties

Socket Webhooks API

Register, list, update, and delete webhooks that fire when scans complete, alerts trigger, triage decisions are made, or threat-feed entries match an organization's packages. Useful for connecting Socket to Slack, Jira, PagerDuty, or custom internal automation.

Tags

  • Webhooks
  • Events
  • Notifications

Properties

Socket Threat Feed API

Real-time feed of newly discovered malicious or suspicious packages across npm, PyPI, Go, RubyGems, and other ecosystems. Filter by ecosystem, alert type, and time window. Powers Socket's malware research dashboards and the public-disclosure firehose.

Tags

  • Threat Feed
  • Malware
  • Real-Time Intelligence

Properties

Socket Fixes API

List available fixes — version bumps, patches, and overrides — for vulnerable or risky dependencies in an organization's scanned projects. Powers Socket's auto-fix pull-request generation.

Tags

  • Fixes
  • Remediation
  • Patches

Properties

Socket Dependencies API

Search and reverse-look-up dependencies across all of an organization's scanned repos. Find every project consuming a specific package and version, plus historical dependency-count trends used by Socket's analytics dashboards.

Tags

  • Dependencies
  • Search
  • Reverse Lookup

Properties

Socket API Tokens API

Provision, rotate, and revoke API tokens for an organization, inspect the caller's quota, and list the organizations the calling token has access to. Token-scoped permission grants are configured at creation and on update.

Tags

  • API Tokens
  • Authentication
  • Administration
  • Quota

Properties

Socket Audit Log API

Append-only audit log of every administrative event in a Socket organization — policy changes, member changes, token actions, triage decisions, and integration changes. Use for compliance evidence and incident review.

Tags

  • Audit Log
  • Compliance
  • Governance

Properties

Socket Organization Snapshots API

Retrieve historical organization-level snapshots — point-in-time aggregations of dependencies, alerts, and risk metrics across all monitored repos. Used to populate trend dashboards and compliance posture reports.

Tags

  • Snapshots
  • Historical Analytics
  • Reporting

Properties

Socket Metadata API

Reference metadata for the Socket platform — the live machine-readable OpenAPI spec, the catalog of alert types and their severities, the catalog of license metadata used by license-policy, and the list of file types Socket can detect and scan.

Tags

  • Metadata
  • Reference Data
  • OpenAPI

Properties

Common Properties

Maintainers

FN: API Evangelist Email: info@apievangelist.com

About

Socket — supply chain security for npm/PyPI/Go and other open source ecosystems

Topics

go npm rubygems maven nuget pypi cargo sca software-composition-analysis malware-detection sbom dependency-scanning open-source-security supply-chain-security developer-security

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors