Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/SocketDev/socket-cli

The Socket CLI
https://github.com/SocketDev/socket-cli

cli security

Last synced: 14 days ago
JSON representation

The Socket CLI

Host: GitHub
URL: https://github.com/SocketDev/socket-cli
Owner: SocketDev
License: mit
Created: 2022-10-20T11:06:04.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2024-10-28T20:11:32.000Z (16 days ago)
Last Synced: 2024-10-28T20:24:23.804Z (16 days ago)
Topics: cli, security
Language: TypeScript
Homepage: https://socket.dev/npm/package/socket
Size: 2.75 MB
Stars: 107
Watchers: 10
Forks: 13
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Socket CLI

[![Socket Badge](https://socket.dev/api/badge/npm/package/socket)](https://socket.dev/npm/package/socket)
[![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)

> CLI tool for [Socket.dev](https://socket.dev/)

## Usage

```bash
npm install -g socket
```

```bash
socket --help
socket info [email protected]
socket report create package.json --view
socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
socket wrapper --enable
```

## Commands

- `socket info ` - Look up issues for a package.

- `socket optimize` - Optimize dependencies with
[`@socketregistry`](https://github.com/SocketDev/socket-registry) overrides

- `--pin` - Pin overrides to their latest version

- `socket raw-npm` and `socket raw-npx` - Temporarily disable the Socket
'safe-npm' wrapper.

- `socket report create ` - creates a report on
[socket.dev](https://socket.dev/)

Upload the specified `package.json` and lock files for JavaScript, Python, and
Go dependency manifests. If any folder is specified, the ones found in there
recursively are uploaded.

Supports globbing such as `**/package.json`, `**/requirements.txt`,
`**/pyproject.toml`, and `**/go.mod`.

Ignores any file specified in your project's `.gitignore`, the
`projectIgnorePaths` in your project's
[`socket.yml`](https://docs.socket.dev/docs/socket-yml) and on top of that has
a sensible set of
[default ignores](https://socket.dev/npm/package/ignore-by-default)

- `socket report view ` - Look up issues and scores from a report.

- `socket wrapper --enable` and `socket wrapper --disable` - Enable and disable
the Socket 'safe-npm' wrapper.

## Aliases

All aliases support the flags and arguments of the commands they alias.

- `socket ci` - alias for `socket report create --view --strict` which creates a
report and quits with an exit code if the result is unhealthy. Use like eg.
`socket ci .` for a report for the current folder

## Flags

### Command specific flags

- `--view` - when set on `socket report create` the command will immediately do
a `socket report view` style view of the created report, waiting for the
server to complete it

### Output flags

- `--json` - outputs result as json which you can then pipe into
[`jq`](https://stedolan.github.io/jq/) and other tools
- `--markdown` - outputs result as markdown which you can then copy into an
issue, PR or even chat

## Strictness flags

- `--all` - by default only `high` and `critical` issues are included, by
setting this flag all issues will be included
- `--strict` - when set, exits with an error code if report result is deemed
unhealthy

### Other flags

- `--dry-run` - like all CLI tools that perform an action should have, we have a
dry run flag. Eg. `socket report create` supports running the command without
actually uploading anything
- `--debug` - outputs additional debug output. Great for debugging, geeks and us
who develop. Hopefully you will never _need_ it, but it can still be fun,
right?
- `--help` - prints the help for the current command. All CLI tools should have
this flag
- `--version` - prints the version of the tool. All CLI tools should have this
flag

## Configuration files

The CLI reads and uses data from a
[`socket.yml` file](https://docs.socket.dev/docs/socket-yml) in the folder you
run it in. It supports the version 2 of the `socket.yml` file format and makes
use of the `projectIgnorePaths` to excludes files when creating a report.

## Environment variables

- `SOCKET_SECURITY_API_KEY` - if set, this will be used as the API-key

## Contributing

### Environment variables for development

- `SOCKET_SECURITY_API_BASE_URL` - if set, this will be the base for all
API-calls. Defaults to `https://api.socket.dev/v0/`
- `SOCKET_SECURITY_API_PROXY` - if set to something like
[`http://127.0.0.1:9090`](https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries),
then all request will be proxied through that proxy

## Similar projects

- [`@socketsecurity/sdk`](https://github.com/SocketDev/socket-sdk-js) - the SDK
used in this CLI

## See also

- [Announcement blog post](https://socket.dev/blog/announcing-socket-cli-preview)
- [Socket API Reference](https://docs.socket.dev/reference) - the API used in
this CLI
- [Socket GitHub App](https://github.com/apps/socket-security) - the
plug-and-play GitHub App