◐ Shell
clean mode source ↗

GitHub - SocketDev/socket-sdk-js: JavaScript SDK for the socket.dev API

@socketsecurity/sdk

Socket Badge CI Coverage

Follow @SocketSecurity Follow @socket.dev on Bluesky

JavaScript SDK for the Socket.dev API — package scoring, quota management, batch lookups, dependency analysis.

Why this repo exists

@socketsecurity/sdk is the canonical JavaScript/TypeScript client for the Socket.dev API. It exists so any Node app — your build pipeline, your registry tooling, your custom security gate — can call Socket's package-scoring and analysis endpoints without hand-rolling auth, retries, and response shapes. The SDK is consumed by Socket's own CLI, MCP server, and third-party integrations.

Install

pnpm add @socketsecurity/sdk

Usage

import { SocketSdk } from '@socketsecurity/sdk'

const client = new SocketSdk('your-api-key', {
  retries: 3, // Retry failed requests up to 3 times
  retryDelay: 1000, // Start with 1s delay, exponential backoff
  timeout: 30000, // 30 second timeout
})

// Check your quota
const quota = await client.getQuota()
if (quota.success) {
  console.log(`Available quota: ${quota.data.quota} units`)
}

// Analyze a package
const result = await client.getScoreByNpmPackage('express', '4.18.0')
if (result.success) {
  console.log(`Dependency Score: ${result.data.depscore}`)
}

// Batch analyze multiple packages
const batchResult = await client.batchPackageFetch({
  components: [
    { purl: 'pkg:npm/express@4.18.0' },
    { purl: 'pkg:npm/react@18.0.0' },
  ],
})

Development

Contributor commands 
pnpm install
pnpm run build
pnpm test
pnpm run check

Documentation map

Guide Description
API Reference Complete API method documentation
Quota Management Cost tiers (0/10/100) and utilities

License

MIT