Feature Requests

Supply chain risks are ineligible while in dark mode. Font is white on a bright yellow background.

To prevent the initial installation of a package with issues, it would be nice to allow some kind of hook (maybe preinstall ?) to be added to a project. When it is there and one tries to install a package that has major/minor/any issues it would either just prevent it from being installed, or maybe list some details and ask for a confirmation before going ahead. If it is a tool that you have to remember to use before running npm install x or yarn add x or ... the impact is likely not that high, but I guess it would also be better than nothing. Maybe it could become a feature of the CLI tool that you are working on? But maybe a small dependency free npm package that can be run with npx will be better to allow it to be run even without any local installation taking place beforehand...

Is there an audit capability in Socket to see across our GH org if there are any current malicious packages deployed within our environment?

Support the Go programming language and package manager.

We're introducing a powerful search function that lets you delve into your codebase – across your whole organization – to find any dependency whenever you need it.

Does Socket support pnpm yet? Specifically I am using @rushstack and would love some Socket security! More info about pnpm: https://pnpm.io/ From https://twitter.com/BryanMigliorisi/status/1537240724961640448

API keys should have user-configurable scopes such as: Create reports View reports Delete reports

Very much interested in this for python - in particular due to requirements.txt's weaknesses. Using both pip and poetry.

Socket should have a CLI so it can easily be used with other CI systems besides GitHub, or integrated into custom scripts.