Skip to content

SocketDev/socket-sdk-js

BranchesTags

Repository files navigation

@socketsecurity/sdk

Socket Badge CI

Follow @SocketSecurity Follow @socket.dev on Bluesky

JavaScript SDK for Socket.dev API - Security analysis, vulnerability scanning, and compliance monitoring for software supply chains.

Installation

pnpm add @socketsecurity/sdk

Note: Version 2.0+ is ESM-only. For CommonJS support, use version 1.x.

Quick Start

import { SocketSdk } from '@socketsecurity/sdk'

const client = new SocketSdk('your-api-key', {
  retries: 3,        // Retry failed requests up to 3 times
  retryDelay: 1000,  // Start with 1s delay, exponential backoff
  timeout: 30000,    // 30 second timeout
})

// Check your quota
const quota = await client.getQuota()
if (quota.success) {
  console.log(`Available quota: ${quota.data.quota} units`)
}

// Analyze a package
const result = await client.getScoreByNpmPackage('express', '4.18.0')
if (result.success) {
  console.log(`Security Score: ${result.data.score}/100`)
}

// Batch analyze multiple packages
const batchResult = await client.batchPackageFetch({
  components: [
    { purl: 'pkg:npm/[email protected]' },
    { purl: 'pkg:npm/[email protected]' }
  ]
})

→ Configuration

API Methods

Package Analysis

Quick security checks: batchPackageFetch()batchPackageStream()getIssuesByNpmPackage()getScoreByNpmPackage()

→ Documentation

Scanning & Analysis

Project scanning: createDependenciesSnapshot()createOrgFullScan()createScanFromFilepaths()getScan()getScanList()getSupportedScanFiles()

→ Documentation

Organization Management

Organizations and repositories: getOrganizations()createOrgRepo()getOrgRepo()getOrgRepoList()updateOrgRepo()deleteOrgRepo()

→ Documentation

Policy & Settings

Security configuration: getOrgSecurityPolicy()updateOrgSecurityPolicy()getOrgLicensePolicy()updateOrgLicensePolicy()postSettings()

→ Documentation

Full Scan Management

Deep analysis: getOrgFullScanList()getOrgFullScanMetadata()getOrgFullScanBuffered()streamOrgFullScan()deleteOrgFullScan()

→ Documentation

Diff Scans

Scan comparison: createOrgDiffScanFromIds()getDiffScanById()listOrgDiffScans()deleteOrgDiffScan()

→ Documentation

Patches & Vulnerabilities

Security fixes: streamPatchesFromScan()viewPatch()

→ Documentation

Alert & Triage

Alert management: getOrgTriage()updateOrgAlertTriage()

→ Documentation

Export & Integration

SBOM export: exportCDX()exportSPDX()searchDependencies()uploadManifestFiles()

→ Documentation

Repository Labels

Categorization: createOrgRepoLabel()getOrgRepoLabel()getOrgRepoLabelList()updateOrgRepoLabel()deleteOrgRepoLabel()

→ Documentation

Analytics & Monitoring

Usage metrics: getQuota()getOrgAnalytics()getRepoAnalytics()getAuditLogEvents()

→ Documentation

Authentication & Access

API tokens: getAPITokens()postAPIToken()postAPITokensRotate()postAPITokensRevoke()postAPITokenUpdate()

→ Documentation

Entitlements

Feature access: getEnabledEntitlements()getEntitlements()

→ Documentation

Quota Utilities

Cost helpers: getQuotaCost()getRequiredPermissions()calculateTotalQuotaCost()hasQuotaForMethods()getMethodsByQuotaCost()getMethodsByPermissions()getQuotaUsageSummary()getAllMethodRequirements()

→ Documentation

Advanced Query Methods

Raw API access: getApi()sendApi()

→ Documentation

→ API Reference

→ Examples

→ Quota Management - Cost tiers: 0 (free), 10 (standard), 100 (batch/uploads)

→ Testing Utilities - Mock factories, fixtures, type guards

See Also

License

MIT

About

Socket SDK for JavaScript / TypeScript

socket.dev/npm/package/@socketsecurity/sdk

Topics

javascript api security socket typescript sdk

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

41 stars

Watchers

17 watching

Forks

12 forks
Report repository

Releases 31

v1.4.5 Latest
Jan 8, 2025
+ 30 releases

Packages

No packages published

Contributors 15

Languages