We started Socket with a simple but audacious goal: to safeguard the open source ecosystem for everyone. Today, that dream is a bit brighter—literally! Our logo is lighting up Times Square! Every great company is a conspiracy to change the world. Thank you to our many co-conspirators — our early customers, founding employees, investors, mentors, and the open source and security communities — we wouldn't be here without your support. We're just getting started.
Socket
Computer and Network Security
Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS.
About us
Socket is a cybersecurity platform that protects companies from software supply chain attacks. Companies use Socket to protect their software applications and critical services from malware and security threats originating in open source code.
- Website
-
https://socket.dev
External link for Socket
- Industry
- Computer and Network Security
- Company size
- 51-200 employees
- Headquarters
- San Francisco
- Type
- Privately Held
- Founded
- 2020
- Specialties
- Software, Security, Software supply chain, Open source software, Application Security, Cybersecurity, and Software Composition Analysis (SCA)
Locations
-
Primary
Get directions
San Francisco, US
Employees at Socket
Updates
-
🔐 npm Adopts OIDC for Trusted Publishing: npm joins PyPI, RubyGems, and Crates.io in enhancing security by enabling secure package publishing directly from CI/CD workflows, eliminating long-lived tokens. Read more → https://lnkd.in/eb3YbqbZ #NodeJS #JavaScript
-
-
Socket reposted this
🚨 RubyGems & PyPI under attack: 🔸 60 fake RubyGems stole social media logins (275K+ downloads) 🔸 PyPI fakes hijacked crypto staking wallets Both hide credential-stealing code in legit-looking packages. Details → https://lnkd.in/gbcR-BTy
-
-
🚨 60 malicious Ruby gems. 275K+ downloads. Socket researchers have uncovered a long-running, targeted credential theft campaign posing as automation tools for Instagram, TikTok, Telegram & more. Full research: https://lnkd.in/ef5EZB9X #ruby #rubyonrails
-
-
Security researcher Jerry Gamblin launched the CNA Scorecard at BSidesLV to bring awareness to how incomplete most #CVE records really are. We interviewed him about missing patch links, broken CPE workflows, and what CNAs need to fix. "Instead of making it harder to become a CNA, the focus should be on requiring a higher standard for CVE records themselves. Broad participation in the program is a good thing, but the value of each CVE is dependent on its data quality.” → https://lnkd.in/eZvWd39t #BSidesLV
-
-
Socket reposted this
🚨 11 malicious Go packages just found — infecting both Windows and Linux. They silently download payloads, hijack shells, and can steal browser data. Worse: they look legit, preying on confused devs importing from GitHub. Details devs need to see ↓ https://lnkd.in/gcXWxshR
-
-
🚨 Socket researchers found two malicious npm packages targeting WhatsApp API devs. Masquerading as socket libs, they use a phone number–based kill switch to delete project directories. Over 1,100 downloads in a month. Full analysis ➝ https://lnkd.in/e38NQc3G #JavaScript
-
🚨 Socket researchers just uncovered 11 malicious Go packages using obfuscated loaders to fetch and run remote payloads. 8 are typosquats. Details → https://lnkd.in/eXXePFwp #Golang
-
TC39 just advanced 11 #JavaScript proposals, including Math.sumPrecise, base64/hex for Uint8Array, iterator chaining, and more. 2 proposals reached Stage 4 and are heading into the spec. Read the breakdown: https://lnkd.in/eUH_vW-F
-
🚨 Critical RCE in @nestjs/devtools-integration: A broken sandbox + CSRF lets any website trigger code execution on your dev machine if the dev server is running. Full disclosure: https://lnkd.in/eF9JNVJf