Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/SocketDev/socket-cli-js

The Socket CLI tool
https://github.com/SocketDev/socket-cli-js

cli security

Last synced: about 2 months ago
JSON representation

The Socket CLI tool

Host: GitHub
URL: https://github.com/SocketDev/socket-cli-js
Owner: SocketDev
License: mit
Created: 2022-10-20T11:06:04.000Z (almost 2 years ago)
Default Branch: master
Last Pushed: 2024-07-30T19:20:59.000Z (about 2 months ago)
Last Synced: 2024-07-31T17:34:37.053Z (about 2 months ago)
Topics: cli, security
Language: JavaScript
Homepage: https://socket.dev/npm/package/@socketsecurity/cli
Size: 2.23 MB
Stars: 94
Watchers: 10
Forks: 11
Open Issues: 17
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Socket CLI

[![Socket Badge](https://socket.dev/api/badge/npm/package/@socketsecurity/cli)](https://socket.dev/npm/package/@socketsecurity/cli)
[![npm version](https://img.shields.io/npm/v/@socketsecurity/cli.svg?style=flat)](https://www.npmjs.com/package/@socketsecurity/cli)
[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](https://github.com/SocketDev/eslint-config)
[![Follow @SocketSecurity](https://img.shields.io/twitter/follow/SocketSecurity?style=social)](https://twitter.com/SocketSecurity)

CLI tool for [Socket.dev](https://socket.dev/)

## Usage

```bash
npm install -g @socketsecurity/cli
```

```bash
socket --help
socket info [email protected]
socket report create package.json --view
socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
socket wrapper --enable
```

## Commands

* `socket info ` - looks up issues for a package

* `socket report create ` - creates a report on [socket.dev](https://socket.dev/)

Uploads the specified `package.json` and lock files for JavaScript, Python, and Go dependency manifests.
If any folder is specified, the ones found in there recursively are uploaded.

Supports globbing such as `**/package.json`, `**/requirements.txt`, `**/pyproject.toml`, and `**/go.mod`.

Ignores any file specified in your project's `.gitignore`, the `projectIgnorePaths` in your project's [`socket.yml`](https://docs.socket.dev/docs/socket-yml) and on top of that has a sensible set of [default ignores](https://www.npmjs.com/package/ignore-by-default)

* `socket report view ` - looks up issues and scores from a report

* `socket wrapper --enable` and `socket wrapper --disable` - Enables and disables the Socket 'safe-npm' wrapper.

* `socket raw-npm` and `socket raw-npx` - Temporarily disables the Socket 'safe-npm' wrapper.

## Aliases

All aliases supports flags and arguments of the commands they alias.

* `socket ci` - alias for `socket report create --view --strict` which creates a report and quits with an exit code if the result is unhealthy. Use like eg. `socket ci .` for a report for the current folder

## Flags

### Command specific flags

* `--view` - when set on `socket report create` the command will immediately do a `socket report view` style view of the created report, waiting for the server to complete it

### Output flags

* `--json` - outputs result as json which you can then pipe into [`jq`](https://stedolan.github.io/jq/) and other tools
* `--markdown` - outputs result as markdown which you can then copy into an issue, PR or even chat

## Strictness flags

* `--all` - by default only `high` and `critical` issues are included, by setting this flag all issues will be included
* `--strict` - when set, exits with an error code if report result is deemed unhealthy

### Other flags

* `--dry-run` - like all CLI tools that perform an action should have, we have a dry run flag. Eg. `socket report create` supports running the command without actually uploading anything
* `--debug` - outputs additional debug output. Great for debugging, geeks and us who develop. Hopefully you will never _need_ it, but it can still be fun, right?
* `--help` - prints the help for the current command. All CLI tools should have this flag
* `--version` - prints the version of the tool. All CLI tools should have this flag

## Configuration files

The CLI reads and uses data from a [`socket.yml` file](https://docs.socket.dev/docs/socket-yml) in the folder you run it in. It supports the version 2 of the `socket.yml` file format and makes use of the `projectIgnorePaths` to excludes files when creating a report.

## Environment variables

* `SOCKET_SECURITY_API_KEY` - if set, this will be used as the API-key

## Contributing

### Environment variables for development

* `SOCKET_SECURITY_API_BASE_URL` - if set, this will be the base for all API-calls. Defaults to `https://api.socket.dev/v0/`
* `SOCKET_SECURITY_API_PROXY` - if set to something like [`http://127.0.0.1:9090`](https://docs.proxyman.io/troubleshooting/couldnt-see-any-requests-from-3rd-party-network-libraries), then all request will be proxied through that proxy

## Similar projects

* [`@socketsecurity/sdk`](https://github.com/SocketDev/socket-sdk-js) - the SDK used in this CLI

## See also

* [Announcement blog post](https://socket.dev/blog/announcing-socket-cli-preview)
* [Socket API Reference](https://docs.socket.dev/reference) - the API used in this CLI
* [Socket GitHub App](https://github.com/apps/socket-security) - the plug-and-play GitHub App