{"id":18808,"library":"socket","title":"Socket CLI","description":"CLI tool for Socket.dev security analysis of npm dependencies. Current stable version is 1.1.86, with a history of active releases (multiple releases in 2025). Provides commands for scanning, fixing CVEs, optimizing dependencies, and managing security patches. Key differentiators: wraps npm/npx for real-time security scanning, supports SBOM generation via cdxgen, offers automated CVE fixing and dependency optimization via @socketregistry overrides. ESM-only, requires Node.js >=18.20.8 and pnpm >=10.33.0.","status":"active","version":"1.1.86","language":"javascript","source_language":"en","source_url":"https://github.com/SocketDev/socket-cli","tags":["javascript","typescript"],"install":[{"cmd":"npm install socket","lang":"bash","label":"npm"},{"cmd":"yarn add socket","lang":"bash","label":"yarn"},{"cmd":"pnpm add socket","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"Package is ESM-only; CommonJS require() fails with ERR_REQUIRE_ESM.","wrong":"const socket = require('socket')","symbol":"default","correct":"import socket from 'socket'"},{"note":"The run function is the programmatic entry point. Typed as Function.","wrong":null,"symbol":"run","correct":"import { run } from 'socket'"},{"note":"TypeScript types are bundled. Use import type for types if not bundling.","wrong":null,"symbol":"types","correct":"import type { Config } from 'socket'"}],"quickstart":{"code":"import { run } from 'socket';\n\nconst argv = ['npm', 'install', 'express'];\nconst config = {\n  apiToken: process.env.SOCKET_CLI_API_TOKEN ?? '',\n  orgSlug: process.env.SOCKET_CLI_ORG_SLUG ?? '',\n  dryRun: true,\n  debug: false,\n};\n\ntry {\n  await run(argv, config);\n} catch (err) {\n  console.error('Socket scan failed:', err);\n  process.exit(1);\n}","lang":"typescript","description":"Demonstrates programmatic usage of socket CLI with environment variable configuration and dry-run mode."},"warnings":[{"fix":"Use import or dynamic import() instead of require().","message":"Package is ESM-only. Using require() throws ERR_REQUIRE_ESM.","severity":"gotcha","affected_versions":">=0.14.39"},{"fix":"Upgrade Node.js to >=18.20.8 or use an older version of socket CLI.","message":"Node.js <18.20.8 is not supported. Starting from version 0.14.40, socket CLI requires Node >=18.20.8.","severity":"breaking","affected_versions":">=0.14.40"},{"fix":"Use --dry-run to preview changes before actually running commands.","message":"The 'socket npm' and 'socket npx' commands may interfere with your existing npm/npx workflows if not configured correctly.","severity":"gotcha","affected_versions":">=0.14.0"},{"fix":"Check release notes for replacement tools or migration guides.","message":"The 'socket optimize' command relies on @socketregistry overrides which may be deprecated in future versions.","severity":"deprecated","affected_versions":"<0.15.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Update to socket@0.14.39 or later which replaces 'tiny-colors' with 'yoctocolors-cjs'.","cause":"Regression in Node 22+ where ESM packages moved to dependencies field incorrectly.","error":"Error: Cannot find module 'tiny-colors'"},{"fix":"Change to import('socket') or use dynamic import.","cause":"The socket package is ESM-only. Calling require('socket') fails.","error":"Error [ERR_REQUIRE_ESM]: require() of ES Module /path/to/socket/index.js not supported."},{"fix":"Upgrade Node to >=18.20.8 or downgrade socket to v0.14.65.","cause":"Node 18 does not support URL.parse; regression in socket v0.14.67.","error":"TypeError: URL.parse is not a function"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}