Feature Requests

https://rye.astral.sh

Support the C and C++ programming languages and the Conan, vcpkg, and Hunter package managers.

Similar to the Socket "safe npm" ( https://socket.dev/blog/introducing-safe-npm ) feature, Socket should support the same functionality for Python package managers.

Produce a score for each maintainer based on their trust in the ecosystem. Consider using something similar to PageRank. Then, use the Maintainer Score as a factor in the Supply Chain Risk score.

Do y’all have anything on the roadmap (or does it already exist!?) for scanning GH actions? Lots of these are JS packages anyway, but just not published to npm. And I’m not too keen on reading through dist/ folders manually. Would love support for this!

Bun ( https://bun.sh/ ) is new JS toolkit that especially includes a package manager that has its own lockfile format: bun.lockb https://bun.sh/docs/install/lockfile

Just had a friend share http://socket.dev with me and it looks awesome. We've been struggling to figure out a way to balance encouraging devs to move quickly and use open source vs. the security risks. Was about to install your package onto our GH, but noticed it requested read access to all code. I'm reaching out because I'd assume it's not for malicious reasons :) Any reason why the app needs read access to all the code in the repo rather than just the package/yarn files?

Similar to the Socket "safe npm" ( https://socket.dev/blog/introducing-safe-npm ) feature, Socket should support the same functionality for the yarn package manager.

The report shows average supply chain risk, quality, maintenance, etc. How have these changed over time? Execs like to see how these numbers have changed/improved over time.

When installing Docker binary images, I wonder if there are reproducible builds and how I should know who I should trust. This would be something Socket.dev could address.