Socket

socket.dev

Block zero-day supply chain attacks before they reach your code

Visit
Socket screenshot
/ About /

Socket is a supply chain security platform that scans open source packages across major registries (npm, PyPI, RubyGems, etc.) for malicious behavior, vulnerabilities, and suspicious activity before they reach production code. It integrates with GitHub, VS Code, and CI/CD pipelines to provide real-time alerts and blocking of malicious dependencies. Customers include Vercel, Replit, and Brave, and it protects prominent open source projects like Next.js, Storybook, and MetaMask.

/ How it works /

Socket scans every package and dependency update across major registries for malicious behavior and blocks harmful packages before they are installed or merged into code.

/ Who it's for /

Software engineering teams and security leaders using open source dependencies

/ More info /

Background.

Status
launched
Business model
freemium
Company
Socket, Inc.
/ Discovered patterns /

Similar projects.

Coming soonSpektrail’s read on Security

Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.

Coming soon

Have a take on this space?

Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.