Product Hunt logo dark
  • Launches
    Coming soon
    Upcoming launches to watch
    Launch archive
    Most-loved launches by the community
    Launch Guide
    Checklists and pro tips for launching
  • Products
  • News
    Newsletter
    The best of Product Hunt, every day
    Stories
    Tech news, interviews, and tips from makers
    Changelog
    New Product Hunt features and releases
  • Forums
    Forums
    Ask questions, find support, and connect
    Streaks
    The most active community members
    Events
    Meet others online and in-person
  • Advertise
Subscribe
Sign in
Subscribe
Sign in
Socket

Socket

Secure your JavaScript supply chain

5.0•15 reviews•

44 followers

Secure your JavaScript supply chain

5.0•15 reviews•

44 followers

Visit website
Depend on Socket to protect your app from malicious dependencies lurking in your open source supply chain. Block 60+ red flags in open source code, including malware, typo-squatting, hidden code, misleading packages, and more.
  • Overview
  • Launches2
  • Reviews15
  • Alternatives
  • Team
  • Awards
  • More
Company Info
socket.devGitHub
Socket Info
Launched in 2022View 2 launches
Forum
p/socket-2
Awards
Socket was ranked #5 of the day for March 1st, 2022
View all
  • Blog
  • •
  • Newsletter
  • •
  • Questions
  • •
  • Forums
  • •
  • Product Categories
  • •
  • Apps
  • •
  • About
  • •
  • FAQ
  • •
  • Terms
  • •
  • Privacy and Cookies
  • •
  • X.com
  • •
  • Facebook
  • •
  • Instagram
  • •
  • LinkedIn
  • •
  • YouTube
  • •
  • Advertise
© 2025 Product Hunt
SocialLinkedInX

Similar Products

Sandworm
Sandworm
Keep Your JavaScript Code Secure and Compliant with Sandworm
4.0(2 reviews)
Compliance softwareSecurity software
Reshift Security
Reshift Security
Find vulnerabilities in your JavaScript code for free
Code Climate
Actionable metrics for engineering leaders.
AdGuard Pro
AdGuard Pro
Blocks ads and protects your personal data on any OS/device.
4.8(53 reviews)
Ad blockers
Shieldfy
Smart code security for developers 👩🏼‍💻👨🏿‍💻👨‍🚀
View more
This is the 2nd launch from Socket. View more

Socket for GitHub 1.0

Secure your JavaScript supply chain – block malware packages
Detect and block software supply chain attacks Unlike a traditional vulnerability scanner, Socket can actually detect an active supply chain attack and help you to block it. Socket detects over 60 issues in open source code, for comprehensive protection.
Socket for GitHub 1.0 gallery image
Free
Launch tags:
Developer Tools•Tech•Security
Launch Team
Feross AboukhadijehMikola LysenkoJohn Hiesey

What do you think? …

Feross Aboukhadijeh
Feross Aboukhadijeh
Socket for Python

Socket for Python

Maker
Today we're excited to announce the 1.0 release of Socket for GitHub – we're finally out of beta! We're shipping a big update to Socket for GitHub to help developers protect their apps from software supply chain attacks. Today, thousands of organizations rely on Socket to prevent bad packages from infiltrating their software supply chain. For those not familiar, here's a quick review of how Socket for GitHub works: Socket watches for changes to “package manifest” files such as package.json, package-lock.json, and yarn.lock. Whenever a new dependency is added in a pull request, Socket analyzes the package's behavior and leaves a comment if it is a security risk. == What's new in 1.0 == The most common feedback we've received from users is that they'd like Socket to detect more issues beyond the typosquat detection that we launched with. We're happy to share that in 1.0, we're upgrading Socket for GitHub to detect 5 additional supply chain security issues. If you've already installed Socket, you will automatically get these improvements – no need to take any action. Starting with today's release, Socket will automatically monitor GitHub pull requests for these software supply chain risks: - 📜 Install scripts - 📞 Telemetry - 🫣 Native code - ☠️ Known Malware - 🧌 Troll packages We selected these package issues – out of the 70+ issues that Socket supports – to bring to Socket for GitHub because we believe they're high-signal and high-confidence, with few false positives. We are always working on improving and extending our analysis to improve coverage and increase reliability. We will continue to add more detections in future releases. Next up on our list is detecting network access, filesystem access, shell access, environment variable access, obfuscated code, and more. We'll release these in Socket for GitHub soon. We are so grateful to the users, customers, and advisors who have supported us so far.
Report
3yr ago
BitMidi
BitMidi
@feross Love it!
Report
3yr ago
FreeTheFeross
FreeTheFeross
❤️
Report
3yr ago
Wormhole
Wormhole
Wormhole depends on Socket to detect and block malicious dependencies from our open source software supply chain. Socket is a security tool built by the Wormhole team to solve one of the hardest problems in security. The standard approach in industry is to scan for known vulnerabilities (CVEs). But this doesn't proactively catch malware or backdoors in dependencies. It can take months for a CVE to be discovered and reported. In fact, a recent paper found that malware is available on package managers for over 200 days before it's caught. We needed something that could detect and block a bad package before it's been discovered by the open source community, and definitely before it makes it into our codebase. In order to protect Wormhole users, we audit every open source package we use to detect and block dozens of package issues. Most supply chain attacks follow a similar pattern (stealing environment variables, sending data to the network, etc.) so we built a tool that could catch all of the recent NPM supply chain attacks. The tool analyzes the actual behavior of the package instead of relying on stale data in a CVE database. On March 1, 2022 we announced the public launch of Socket to help defend the open source ecosystem. Socket provides the most comprehensive open source risk analysis on the market, and we're releasing it for free for the open source community.
Report
3yr ago
Appwrite
Appwrite — The open-source Vercel alternative
The open-source Vercel alternative
Promoted

Socket Launches

Socket for GitHub 1.0
Socket for GitHub 1.0 Secure your JavaScript supply chain – block malware packages

Launched on June 21st, 2022

Do you use Socket?

5.0
Based on 15 reviews
Review Socket?

Socket is highly praised for automating and enhancing supply chain security in the NPM ecosystem. Users appreciate its ability to identify and block over 60 red flags in open source code, such as malware and misleading packages. The tool is noted for its balance in alerting users to potential issues without being intrusive. Organizations like StandardJS and Wormhole benefit from its deployment, highlighting its effectiveness in protecting against supply chain attacks. Overall, Socket is valued for its simplicity, ease of deployment, and insightful approach to security.

Elliot HuffmanRicky de LaveagaIt Just Works ™
+12
Summarized with AI
Pros
Cons
Reviews
Helpful

You might also like

Sandworm
Sandworm
Keep Your JavaScript Code Secure and Compliant with Sandworm
Reshift Security
Reshift Security
Find vulnerabilities in your JavaScript code for free
Code Climate
Actionable metrics for engineering leaders.
AdGuard Pro
AdGuard Pro
Blocks ads and protects your personal data on any OS/device.
Shieldfy
Smart code security for developers 👩🏼‍💻👨🏿‍💻👨‍🚀
Devknox
Devknox
Detect and resolve security issues as you write code.
View more
Pros
supply chain security (9)
dependency behavior analysis (2)
easy deployment (2)
GitHub integration (2)
NPM ecosystem support (2)
FreeTheFeross
FreeTheFeross
•2 reviews
Impressed at @SocketSecurity launch. Their tool keeps your app safe even in the worst case scenario of an active supply chain attack in an NPM package.
Report
3yr ago
HifiWifi
HifiWifi
•1 review
This is the security and analysis tool I've needed for ages. Glad someone finally built it.
Report
3yr ago
BitMidi
BitMidi
•3 reviews
Socket helps keep our software secure! Love it.
Report
3yr ago