Socket
@socket.dev
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS.
https://socket.dev
https://socket.dev
🦀 New on crates.io: RustSec advisories now appear on crate pages, alongside updates to Trusted Publishing support and CI trigger restrictions.
Details → socket.dev/blog/crates-... #rustlang
Details → socket.dev/blog/crates-... #rustlang
January 28, 2026 at 3:27 AM
🦀 New on crates.io: RustSec advisories now appear on crate pages, alongside updates to Trusted Publishing support and CI trigger restrictions.
Details → socket.dev/blog/crates-... #rustlang
Details → socket.dev/blog/crates-... #rustlang
🚀 Launch Week Day 4: We’re introducing a new Alert Details page! A more spacious way to explore alerts and understand their impact across your codebase.
January 22, 2026 at 6:31 PM
🚀 Launch Week Day 4: We’re introducing a new Alert Details page! A more spacious way to explore alerts and understand their impact across your codebase.
The new Threat Intel page tracks active attack campaigns and shows whether your repositories and packages are affected, with campaign context built directly into package pages.
socket.dev/blog/introdu...
socket.dev/blog/introdu...
January 21, 2026 at 9:40 PM
The new Threat Intel page tracks active attack campaigns and shows whether your repositories and packages are affected, with campaign context built directly into package pages.
socket.dev/blog/introdu...
socket.dev/blog/introdu...
🚀 Socket Launch Week Day 3: We’re launching supply chain attack campaign tracking in the Socket dashboard!
January 21, 2026 at 9:40 PM
🚀 Socket Launch Week Day 3: We’re launching supply chain attack campaign tracking in the Socket dashboard!
Custom tabs let you preserve a set of filters, see when a view has changed, and keep alert triage consistent across the org.
More details here: socket.dev/blog/introdu...
More details here: socket.dev/blog/introdu...
January 20, 2026 at 5:28 PM
Custom tabs let you preserve a set of filters, see when a view has changed, and keep alert triage consistent across the org.
More details here: socket.dev/blog/introdu...
More details here: socket.dev/blog/introdu...
🚀 Socket Launch Week Day 2: Today we're introducing custom tabs for org alerts!
You can now save and share named alert views, making it easier to return to the same filters across your team.
You can now save and share named alert views, making it easier to return to the same filters across your team.
January 20, 2026 at 5:28 PM
🚀 Socket Launch Week Day 2: Today we're introducing custom tabs for org alerts!
You can now save and share named alert views, making it easier to return to the same filters across your team.
You can now save and share named alert views, making it easier to return to the same filters across your team.
🤖⚔️ Battle of the Bots:
Dependabot opens a PR. Socket flags it as malicious.
Socket CEO @feross.bsky.social discusses dependency risk and update timing, on @softwaredaily.bsky.social.
Full episode → socket.dev/blog/softwar...
Dependabot opens a PR. Socket flags it as malicious.
Socket CEO @feross.bsky.social discusses dependency risk and update timing, on @softwaredaily.bsky.social.
Full episode → socket.dev/blog/softwar...
January 6, 2026 at 10:23 PM
🤖⚔️ Battle of the Bots:
Dependabot opens a PR. Socket flags it as malicious.
Socket CEO @feross.bsky.social discusses dependency risk and update timing, on @softwaredaily.bsky.social.
Full episode → socket.dev/blog/softwar...
Dependabot opens a PR. Socket flags it as malicious.
Socket CEO @feross.bsky.social discusses dependency risk and update timing, on @softwaredaily.bsky.social.
Full episode → socket.dev/blog/softwar...
🎙️ In this episode of @softwaredaily.bsky.social, Socket CEO @feross.bsky.social discusses #OSS maintainer burnout.
“I put this code online as a gift to the world. I didn’t promise it would never have a defect.”
Full episode → socket.dev/blog/softwar... #OpenSource
“I put this code online as a gift to the world. I didn’t promise it would never have a defect.”
Full episode → socket.dev/blog/softwar... #OpenSource
January 6, 2026 at 6:02 PM
🎙️ In this episode of @softwaredaily.bsky.social, Socket CEO @feross.bsky.social discusses #OSS maintainer burnout.
“I put this code online as a gift to the world. I didn’t promise it would never have a defect.”
Full episode → socket.dev/blog/softwar... #OpenSource
“I put this code online as a gift to the world. I didn’t promise it would never have a defect.”
Full episode → socket.dev/blog/softwar... #OpenSource
🎙️ In this episode of Engineering with AI, Socket CTO @ahmadnassri.com explains why so many AI workflows feel awkward today, and what happens when we try to bolt AI agents onto human-first developer tools.
Catch the full episode →
socket.dev/blog/enginee...
Catch the full episode →
socket.dev/blog/enginee...
January 5, 2026 at 1:36 PM
🎙️ In this episode of Engineering with AI, Socket CTO @ahmadnassri.com explains why so many AI workflows feel awkward today, and what happens when we try to bolt AI agents onto human-first developer tools.
Catch the full episode →
socket.dev/blog/enginee...
Catch the full episode →
socket.dev/blog/enginee...
Add this episode to your podcast listening queue during the holidays. 🎧
Socket CTO @ahmadnassri.com talks through practical AI coding workflows, where AI actually helps teams today, and why the biggest shifts are being driven by economics.
socket.dev/blog/enginee...
Socket CTO @ahmadnassri.com talks through practical AI coding workflows, where AI actually helps teams today, and why the biggest shifts are being driven by economics.
socket.dev/blog/enginee...
December 24, 2025 at 5:59 AM
Add this episode to your podcast listening queue during the holidays. 🎧
Socket CTO @ahmadnassri.com talks through practical AI coding workflows, where AI actually helps teams today, and why the biggest shifts are being driven by economics.
socket.dev/blog/enginee...
Socket CTO @ahmadnassri.com talks through practical AI coding workflows, where AI actually helps teams today, and why the biggest shifts are being driven by economics.
socket.dev/blog/enginee...
🥷 In this @softwaredaily.bsky.social episode, @feross.bsky.social talks about the dark side of Chrome extensions getting bought and sold to unknown buyers, a super common supply chain risk most users never see.
Check out the full episode → socket.dev/blog/softwar...
Check out the full episode → socket.dev/blog/softwar...
December 15, 2025 at 9:37 PM
🥷 In this @softwaredaily.bsky.social episode, @feross.bsky.social talks about the dark side of Chrome extensions getting bought and sold to unknown buyers, a super common supply chain risk most users never see.
Check out the full episode → socket.dev/blog/softwar...
Check out the full episode → socket.dev/blog/softwar...
🔮 The Myth of Magical Code from the Sky: Modern apps run on mountains of open source code that almost no one is actually reviewing.
In this @softwaredaily.bsky.social episode, @feross.bsky.social joins @joshuakgoldberg.com to talk about why that’s so risky.
Check it out→ socket.dev/blog/softwar...
In this @softwaredaily.bsky.social episode, @feross.bsky.social joins @joshuakgoldberg.com to talk about why that’s so risky.
Check it out→ socket.dev/blog/softwar...
December 12, 2025 at 2:18 AM
🔮 The Myth of Magical Code from the Sky: Modern apps run on mountains of open source code that almost no one is actually reviewing.
In this @softwaredaily.bsky.social episode, @feross.bsky.social joins @joshuakgoldberg.com to talk about why that’s so risky.
Check it out→ socket.dev/blog/softwar...
In this @softwaredaily.bsky.social episode, @feross.bsky.social joins @joshuakgoldberg.com to talk about why that’s so risky.
Check it out→ socket.dev/blog/softwar...
#Rust may soon be adding a built-in Security tab on crates.io to show RustSec advisories (vulns + “unsound APIs”) directly on crate pages.
The RFC is in its Final Comment Period →
socket.dev/blog/rust-rf...
#rustlang cc:
@rustaceans.bsky.social @thisweekinrust.bsky.social
The RFC is in its Final Comment Period →
socket.dev/blog/rust-rf...
#rustlang cc:
@rustaceans.bsky.social @thisweekinrust.bsky.social
December 9, 2025 at 5:32 PM
#Rust may soon be adding a built-in Security tab on crates.io to show RustSec advisories (vulns + “unsound APIs”) directly on crate pages.
The RFC is in its Final Comment Period →
socket.dev/blog/rust-rf...
#rustlang cc:
@rustaceans.bsky.social @thisweekinrust.bsky.social
The RFC is in its Final Comment Period →
socket.dev/blog/rust-rf...
#rustlang cc:
@rustaceans.bsky.social @thisweekinrust.bsky.social
A reality for anyone scaling a team:
"What got you from zero to one is not what's going get you from one to 10. So you have to constantly evolve the way you run your business." -
@feross.bsky.social on the Vlad Kachur Show
🧨 Full Interview: socket.dev/blog/scaling...
"What got you from zero to one is not what's going get you from one to 10. So you have to constantly evolve the way you run your business." -
@feross.bsky.social on the Vlad Kachur Show
🧨 Full Interview: socket.dev/blog/scaling...
December 2, 2025 at 8:30 PM
A reality for anyone scaling a team:
"What got you from zero to one is not what's going get you from one to 10. So you have to constantly evolve the way you run your business." -
@feross.bsky.social on the Vlad Kachur Show
🧨 Full Interview: socket.dev/blog/scaling...
"What got you from zero to one is not what's going get you from one to 10. So you have to constantly evolve the way you run your business." -
@feross.bsky.social on the Vlad Kachur Show
🧨 Full Interview: socket.dev/blog/scaling...
🎙️ Why great products don't always win: Socket CEO @feross.bsky.social breaks down a hard truth for technical founders in this conversation with Vlad Kachur on scaling a security company.
Check out the full interview → socket.dev/blog/scaling... #appsec #infosec
Check out the full interview → socket.dev/blog/scaling... #appsec #infosec
December 2, 2025 at 4:25 PM
🎙️ Why great products don't always win: Socket CEO @feross.bsky.social breaks down a hard truth for technical founders in this conversation with Vlad Kachur on scaling a security company.
Check out the full interview → socket.dev/blog/scaling... #appsec #infosec
Check out the full interview → socket.dev/blog/scaling... #appsec #infosec
With alert-change webhooks, you can automatically:
• Create Jira tickets when new issues appear
• Post alert updates to Slack
• Trigger CI workflows the moment risk changes
• Stay ahead of newly discovered threats without refreshing dashboards
⚡ Read the announcement: socket.dev/blog/introdu...
• Create Jira tickets when new issues appear
• Post alert updates to Slack
• Trigger CI workflows the moment risk changes
• Stay ahead of newly discovered threats without refreshing dashboards
⚡ Read the announcement: socket.dev/blog/introdu...
November 21, 2025 at 6:00 PM
With alert-change webhooks, you can automatically:
• Create Jira tickets when new issues appear
• Post alert updates to Slack
• Trigger CI workflows the moment risk changes
• Stay ahead of newly discovered threats without refreshing dashboards
⚡ Read the announcement: socket.dev/blog/introdu...
• Create Jira tickets when new issues appear
• Post alert updates to Slack
• Trigger CI workflows the moment risk changes
• Stay ahead of newly discovered threats without refreshing dashboards
⚡ Read the announcement: socket.dev/blog/introdu...
🚀 Launch Week Day 5!
Today we’re introducing Webhook Events for Alert Changes → real-time notifications for every Socket alert that gets created, updated, or cleared across your repos.
This is a game-changer for monitoring your software supply chain.
Today we’re introducing Webhook Events for Alert Changes → real-time notifications for every Socket alert that gets created, updated, or cleared across your repos.
This is a game-changer for monitoring your software supply chain.
November 21, 2025 at 6:00 PM
🚀 Launch Week Day 5!
Today we’re introducing Webhook Events for Alert Changes → real-time notifications for every Socket alert that gets created, updated, or cleared across your repos.
This is a game-changer for monitoring your software supply chain.
Today we’re introducing Webhook Events for Alert Changes → real-time notifications for every Socket alert that gets created, updated, or cleared across your repos.
This is a game-changer for monitoring your software supply chain.
Today we're bringing Socket's threat detection to the OpenVSX ecosystem. We scan for malicious behaviors, risky capabilities, obfuscated code, suspicious network requests, and hidden backdoors before they reach your environment.
socket.dev/blog/introdu...
socket.dev/blog/introdu...
November 20, 2025 at 5:16 PM
Today we're bringing Socket's threat detection to the OpenVSX ecosystem. We scan for malicious behaviors, risky capabilities, obfuscated code, suspicious network requests, and hidden backdoors before they reach your environment.
socket.dev/blog/introdu...
socket.dev/blog/introdu...
🚀 Launch Week Day 4: Socket now scans OpenVSX extensions!
Your IDE extensions have root access to everything: your code, credentials, production secrets. Attackers know you install them without a second thought.
Your IDE extensions have root access to everything: your code, credentials, production secrets. Attackers know you install them without a second thought.
November 20, 2025 at 5:16 PM
🚀 Launch Week Day 4: Socket now scans OpenVSX extensions!
Your IDE extensions have root access to everything: your code, credentials, production secrets. Attackers know you install them without a second thought.
Your IDE extensions have root access to everything: your code, credentials, production secrets. Attackers know you install them without a second thought.
When the ecosystem introduces new tooling that pushes #JavaScript forward, we want to support that work so teams can adopt these tools without hesitation.
Socket now auto-detects bun.lock and vlt-lock.json files: zero config needed!
✨ Try it today: socket.dev/blog/announc...
Socket now auto-detects bun.lock and vlt-lock.json files: zero config needed!
✨ Try it today: socket.dev/blog/announc...
November 19, 2025 at 5:31 PM
When the ecosystem introduces new tooling that pushes #JavaScript forward, we want to support that work so teams can adopt these tools without hesitation.
Socket now auto-detects bun.lock and vlt-lock.json files: zero config needed!
✨ Try it today: socket.dev/blog/announc...
Socket now auto-detects bun.lock and vlt-lock.json files: zero config needed!
✨ Try it today: socket.dev/blog/announc...
Patches live locally in your repo, apply during builds, and require zero workflow changes. No registry proxies. No new infra. Patches belong to you - there's no lock-in.
Pair Certified Patches with Socket Reachability and you get a clear path to zero exploitable CVEs instantly.
Pair Certified Patches with Socket Reachability and you get a clear path to zero exploitable CVEs instantly.
November 18, 2025 at 7:39 PM
Patches live locally in your repo, apply during builds, and require zero workflow changes. No registry proxies. No new infra. Patches belong to you - there's no lock-in.
Pair Certified Patches with Socket Reachability and you get a clear path to zero exploitable CVEs instantly.
Pair Certified Patches with Socket Reachability and you get a clear path to zero exploitable CVEs instantly.
🚀 Day 2 of Socket Launch Week:
Today we’re introducing a major shift in how developers fix vulnerabilities: Socket Certified Patches.
One-click, safe-by-design remediation for vulnerable dependencies.
Today we’re introducing a major shift in how developers fix vulnerabilities: Socket Certified Patches.
One-click, safe-by-design remediation for vulnerable dependencies.
November 18, 2025 at 7:39 PM
🚀 Day 2 of Socket Launch Week:
Today we’re introducing a major shift in how developers fix vulnerabilities: Socket Certified Patches.
One-click, safe-by-design remediation for vulnerable dependencies.
Today we’re introducing a major shift in how developers fix vulnerabilities: Socket Certified Patches.
One-click, safe-by-design remediation for vulnerable dependencies.
Our #Ruby reachability analysis uses function-level call graphs to identify which vulnerable functions your application can actually reach, enabling precise vulnerability triage.
Read the full announcement → socket.dev/blog/reachab...
Read the full announcement → socket.dev/blog/reachab...
November 17, 2025 at 4:57 PM
Our #Ruby reachability analysis uses function-level call graphs to identify which vulnerable functions your application can actually reach, enabling precise vulnerability triage.
Read the full announcement → socket.dev/blog/reachab...
Read the full announcement → socket.dev/blog/reachab...
🚀 We’re kicking off another Socket Launch Week today!
Day 1 is a big one: Reachability for #Ruby is now in beta.
Ruby teams can finally see which vulnerabilities are actually exploitable in their apps, cutting through endless CVE noise.
Day 1 is a big one: Reachability for #Ruby is now in beta.
Ruby teams can finally see which vulnerabilities are actually exploitable in their apps, cutting through endless CVE noise.
November 17, 2025 at 4:57 PM
🚀 We’re kicking off another Socket Launch Week today!
Day 1 is a big one: Reachability for #Ruby is now in beta.
Ruby teams can finally see which vulnerabilities are actually exploitable in their apps, cutting through endless CVE noise.
Day 1 is a big one: Reachability for #Ruby is now in beta.
Ruby teams can finally see which vulnerabilities are actually exploitable in their apps, cutting through endless CVE noise.