Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/SocketDev/socket-cli-js
The Socket CLI tool
https://github.com/SocketDev/socket-cli-js
cli security
Last synced: about 2 months ago
JSON representation
The Socket CLI tool
- Host: GitHub
- URL: https://github.com/SocketDev/socket-cli-js
- Owner: SocketDev
- License: mit
- Created: 2022-10-20T11:06:04.000Z (almost 2 years ago)
- Default Branch: master
- Last Pushed: 2024-07-30T19:20:59.000Z (about 2 months ago)
- Last Synced: 2024-07-31T17:34:37.053Z (about 2 months ago)
- Topics: cli, security
- Language: JavaScript
- Homepage: https://socket.dev/npm/package/@socketsecurity/cli
- Size: 2.23 MB
- Stars: 94
- Watchers: 10
- Forks: 11
- Open Issues: 17
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Socket CLI
[![Socket Badge](https://socket.dev/api/badge/npm/package/@socketsecurity/cli)](https://socket.dev/npm/package/@socketsecurity/cli)
[![npm version](https://img.shields.io/npm/v/@socketsecurity/cli.svg?style=flat)](https://www.npmjs.com/package/@socketsecurity/cli)
[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](https://github.com/SocketDev/eslint-config)
[![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)CLI tool for [Socket.dev](https://socket.dev/)
## Usage
```bash
npm install -g @socketsecurity/cli
``````bash
socket --help
socket info [email protected]
socket report create package.json --view
socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
socket wrapper --enable
```## Commands
* `socket info ` - looks up issues for a package
* `socket report create ` - creates a report on [socket.dev](https://socket.dev/)
Uploads the specified `package.json` and lock files for JavaScript, Python, and Go dependency manifests.
If any folder is specified, the ones found in there recursively are uploaded.Supports globbing such as `**/package.json`, `**/requirements.txt`, `**/pyproject.toml`, and `**/go.mod`.
Ignores any file specified in your project's `.gitignore`, the `projectIgnorePaths` in your project's [`socket.yml`](https://docs.socket.dev/docs/socket-yml) and on top of that has a sensible set of [default ignores](https://www.npmjs.com/package/ignore-by-default)
* `socket report view ` - looks up issues and scores from a report
* `socket wrapper --enable` and `socket wrapper --disable` - Enables and disables the Socket 'safe-npm' wrapper.
* `socket raw-npm` and `socket raw-npx` - Temporarily disables the Socket 'safe-npm' wrapper.
## Aliases
All aliases supports flags and arguments of the commands they alias.
* `socket ci` - alias for `socket report create --view --strict` which creates a report and quits with an exit code if the result is unhealthy. Use like eg. `socket ci .` for a report for the current folder
## Flags
### Command specific flags
* `--view` - when set on `socket report create` the command will immediately do a `socket report view` style view of the created report, waiting for the server to complete it
### Output flags
* `--json` - outputs result as json which you can then pipe into [`jq`](https://stedolan.github.io/jq/) and other tools
* `--markdown` - outputs result as markdown which you can then copy into an issue, PR or even chat## Strictness flags
* `--all` - by default only `high` and `critical` issues are included, by setting this flag all issues will be included
* `--strict` - when set, exits with an error code if report result is deemed unhealthy### Other flags
* `--dry-run` - like all CLI tools that perform an action should have, we have a dry run flag. Eg. `socket report create` supports running the command without actually uploading anything
* `--debug` - outputs additional debug output. Great for debugging, geeks and us who develop. Hopefully you will never _need_ it, but it can still be fun, right?
* `--help` - prints the help for the current command. All CLI tools should have this flag
* `--version` - prints the version of the tool. All CLI tools should have this flag## Configuration files
The CLI reads and uses data from a [`socket.yml` file](https://docs.socket.dev/docs/socket-yml) in the folder you run it in. It supports the version 2 of the `socket.yml` file format and makes use of the `projectIgnorePaths` to excludes files when creating a report.
## Environment variables
* `SOCKET_SECURITY_API_KEY` - if set, this will be used as the API-key
## Contributing
### Environment variables for development
* `SOCKET_SECURITY_API_BASE_URL` - if set, this will be the base for all API-calls. Defaults to `https://api.socket.dev/v0/`
* `SOCKET_SECURITY_API_PROXY` - if set to something like [`http://127.0.0.1:9090`](https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries), then all request will be proxied through that proxy## Similar projects
* [`@socketsecurity/sdk`](https://github.com/SocketDev/socket-sdk-js) - the SDK used in this CLI
## See also
* [Announcement blog post](https://socket.dev/blog/announcing-socket-cli-preview)
* [Socket API Reference](https://docs.socket.dev/reference) - the API used in this CLI
* [Socket GitHub App](https://github.com/apps/socket-security) - the plug-and-play GitHub App