Socket Alerts Types Support

Filter Ecosystems:

npmPyPiGo PackagesMaven CentralRubyGemsNuGetCratesHugging FaceGithub ActionsOpenVSXChromeAI SkillsSwiftConan CenterJuliaPubHexCocoaPods

Vulnerability(4 alerts)

Alert Type	Severity	npm4 supported	PyPi4 supported	Go Packages4 supported	Maven Central4 supported	RubyGems4 supported	NuGet4 supported	Crates4 supported	Hugging Face4 supported	Github Actions0 supported	Swift4 supported	Conan Center4 supported	Julia4 supported	Pub4 supported	Hex4 supported	CocoaPods4 supported
Critical CVE	Critical	✅	✅	✅	✅	✅	✅	✅	✅	⏳	✅	✅	✅	✅	✅	✅
High CVE	High	✅	✅	✅	✅	✅	✅	✅	✅	⏳	✅	✅	✅	✅	✅	✅
Medium CVE	Medium	✅	✅	✅	✅	✅	✅	✅	✅	⏳	✅	✅	✅	✅	✅	✅
Low CVE	Low	✅	✅	✅	✅	✅	✅	✅	✅	⏳	✅	✅	✅	✅	✅	✅

Supply Chain Risk(65 alerts)

General(27 alerts)

Alert Type	Severity	npm27 supported	PyPi19 supported	Go Packages16 supported	Maven Central17 supported	RubyGems16 supported	NuGet16 supported	Crates16 supported	Hugging Face14 supported	Github Actions19 supported	OpenVSX17 supported	Chrome5 supported
Possible typosquat attack	Critical	✅	✅	⏳	✅	⏳	✅	✅	✅	✅	⏳	❌
Known Malware	Critical	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌
Unstable ownership	High	✅	❌	❌	❌	❌	❌	❌	❌	⏳	⏳	❌
Git dependency	High	✅	❌	❌	❌	❌	❌	❌	❌	❌	⏳	❌
GitHub dependency	High	✅	❌	❌	❌	❌	❌	❌	❌	❌	⏳	❌
AI-detected potential malware	High	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
HTTP dependency	High	✅	❌	❌	❌	❌	❌	❌	❌	❌	⏳	❌
Obfuscated code	High	✅	✅	❌	❌	❌	❌	❌	❌	✅	✅	❌
Suspicious Stars on GitHub	High	✅	✅	❌	❌	❌	❌	❌	❌	❌	❌	❌
Telemetry	High	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
Protestware/unwanted behavior	High	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
AI-detected possible typosquat	Medium	✅	✅	✅	✅	✅	✅	✅	✅	⏳	⏳	❌
AI-detected potential security risk	Medium	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
Network access	Medium	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌
Potential vulnerability	Medium	✅	✅	✅	✅	✅	✅	✅	❌	✅	✅	❌
Recently published	Medium	✅	✅	✅	✅	✅	✅	✅	❌	✅	✅	❌
Shell access	Medium	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌
Trivial Package	Medium	✅	❌	❌	❌	❌	❌	❌	❌	✅	❌	❌
Uses eval	Medium	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌
Native code	Medium	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌
Non-existent author	Medium	✅	❌	❌	❌	❌	❌	❌	❌	⏳	❌	❌
URL strings	Low	✅	✅	✅	✅	✅	❌	❌	❌	✅	✅	❌
Environment variable access	Low	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌
Filesystem access	Low	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	❌
AI-detected potential code anomaly	Low	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
High entropy strings	Low	✅	❌	❌	❌	❌	❌	❌	❌	✅	✅	❌
New author	Low	✅	❌	❌	❌	❌	❌	❌	❌	❌	⏳	❌

Ecosystem-Specific(38 alerts)

npm(5 alerts)	Severity
NPM Shrinkwrap	High
Install scripts	Medium
Manifest confusion	Medium
Debug access	Low
Dynamic require	Low

Github Actions(7 alerts)	Severity
GitHub context variable flows to dangerous sink	Critical
Input argument flows to dangerous sink	High
Environment variable flows to dangerous sink	High
GitHub context variable exported as environment variable	Medium
GitHub context variable passed back as output	Medium
Input argument exported as environment variable	Low
Input argument passed back as output	Low

OpenVSX(9 alerts)	Severity
Proposed APIs Enabled	High
Debugger contribution	Medium
Extension dependency	Medium
Broad activation events	Medium
Extension pack	Medium
Webview contribution	Low
Workspace file pattern activation	Low
Untrusted workspaces support	Low
Virtual workspaces support	Low

Chrome(4 alerts)	Severity
Content Script	Low
Host Permission	Low
Permission	Low
Wildcard Host Permission	Low

AI Skills(12 alerts)	Severity
Command injection	High
Data exfiltration	High
Hardcoded secrets	High
Prompt injection	High
Tool chaining attack	High
Code obfuscation	Medium
Resource abuse	Medium
Supply chain risk	Medium
Tool abuse	Medium
Transitive trust abuse	Medium
Autonomy abuse	Low
Discovery abuse	Low

Quality(4 alerts)

Alert Type	Severity	npm4 supported	PyPi1 supported	Go Packages0 supported	RubyGems1 supported	NuGet1 supported	Crates1 supported	Hugging Face1 supported	Github Actions1 supported	OpenVSX0 supported
Unpopular package	Medium	✅	✅	⏳	✅	✅	✅	✅	❌	⏳
Minified code	Low	✅	❌	❌	❌	❌	❌	❌	✅	⏳
Bad dependency semver	Medium	✅	❌	❌	❌	❌	❌	❌	❌	❌
Wildcard dependency	Medium	✅	❌	❌	❌	❌	❌	❌	❌	❌

Maintenance(3 alerts)

Alert Type	Severity	npm2 supported	PyPi2 supported	Go Packages1 supported	Maven Central1 supported	RubyGems1 supported	Github Actions0 supported	OpenVSX1 supported
Deprecated	Medium	✅	✅	✅	❌	❌	⏳	✅
Unmaintained	Low	✅	✅	⏳	✅	✅	⏳	⏳
Socket optimized override available	High	❌	❌	❌	❌	❌	❌	❌

License(9 alerts)

Alert Type	Severity	npm9 supported	PyPi9 supported	Go Packages9 supported	Maven Central9 supported	RubyGems9 supported	NuGet9 supported	Crates9 supported	Hugging Face9 supported	Github Actions9 supported
Explicitly Unlicensed Item	High	✅	✅	✅	✅	✅	✅	✅	✅	✅
License Policy Violation	High	✅	✅	✅	✅	✅	✅	✅	✅	✅
Misc. License Issues	Medium	✅	✅	✅	✅	✅	✅	✅	✅	✅
Ambiguous License Classifier	Low	✅	✅	✅	✅	✅	✅	✅	✅	✅
Copyleft License	Low	✅	✅	✅	✅	✅	✅	✅	✅	✅
License exception	Low	✅	✅	✅	✅	✅	✅	✅	✅	✅
No License Found	Low	✅	✅	✅	✅	✅	✅	✅	✅	✅
Non-permissive License	Low	✅	✅	✅	✅	✅	✅	✅	✅	✅
Unidentified License	Low	✅	✅	✅	✅	✅	✅	✅	✅	✅