CLI for Socket.dev security analysis

Install via curl:

curl -fsSL https://raw.githubusercontent.com/SocketDev/socket-cli/main/install.sh | bash

Or install via package manager:

pnpm install -g socket
socket --help

• socket npm [args...] / socket npx [args...] - Wrap npm/npx with security scanning
• socket pnpm [args...] / socket yarn [args...] - Wrap pnpm/yarn with security scanning
• socket pip [args...] - Wrap pip with security scanning
• socket scan - Create and manage security scans
• socket package <name> - Analyze package security scores
• socket fix - Fix CVEs in dependencies
• socket optimize - Optimize dependencies with @socketregistry overrides
• socket cdxgen [command] - Run cdxgen for SBOM generation

• socket organization (alias: org) - Manage organization settings
• socket repository (alias: repo) - Manage repositories
• socket dependencies (alias: deps) - View organization dependencies
• socket audit-log (alias: audit) - View audit logs
• socket analytics - View organization analytics
• socket threat-feed (alias: feed) - View threat intelligence

• socket login - Authenticate with Socket.dev
• socket logout - Remove authentication
• socket whoami - Show authenticated user
• socket config - Manage CLI configuration

All aliases support the flags and arguments of the commands they alias.

• socket ci - Alias for socket scan create --report (creates report and exits with error if unhealthy)
• socket org - Alias for socket organization
• socket repo - Alias for socket repository
• socket pkg - Alias for socket package
• socket deps - Alias for socket dependencies
• socket audit - Alias for socket audit-log
• socket feed - Alias for socket threat-feed

• --json - Output as JSON
• --markdown - Output as Markdown

• --dry-run - Run without uploading
• --debug - Show debug output
• --help - Show help
• --max-old-space-size - Set Node.js memory limit
• --max-semi-space-size - Set Node.js heap size
• --version - Show version

Socket CLI reads socket.yml configuration files. Supports version 2 format with projectIgnorePaths for excluding files from reports.

• SOCKET_CLI_API_TOKEN - Socket API token
• SOCKET_CLI_CONFIG - JSON configuration object
• SOCKET_CLI_GITHUB_API_URL - GitHub API base URL
• SOCKET_CLI_GIT_USER_EMAIL - Git user email (default: 94589996+socket-bot@users.noreply.github.com)
• SOCKET_CLI_GIT_USER_NAME - Git user name (default: Socket Bot)
• SOCKET_CLI_GITHUB_TOKEN - GitHub token with repo access (alias: GITHUB_TOKEN)
• SOCKET_CLI_NO_API_TOKEN - Disable default API token
• SOCKET_CLI_NPM_PATH - Path to npm directory
• SOCKET_CLI_ORG_SLUG - Socket organization slug
• SOCKET_CLI_ACCEPT_RISKS - Accept npm/npx risks
• SOCKET_CLI_VIEW_ALL_RISKS - Show all npm/npx risks

See Getting Started for setup instructions.

git clone https://github.com/SocketDev/socket-cli.git
cd socket-cli
pnpm install
pnpm run build
pnpm test

For local dependency linking, see Development Linking.

pnpm run build                    # Smart build
pnpm run build --force            # Force rebuild

Debug logging:

SOCKET_CLI_DEBUG=1 socket <command>    # Enable debug output
DEBUG=network socket <command>         # Specific category

• Socket API Reference
• Socket GitHub App
• @socketsecurity/sdk