
Overview
Socket.dev detects malicious and risky open source packages before they enter your codebase. The Pwnbook integration pulls supply chain alerts from Socket so your team can review and act on package-level risks in context.Prerequisites
- A Socket.dev account
- A Socket API key
- Admin or Owner access in Pwnbook
Setup
Get your Socket API key
- Log in to socket.dev.
- Go to Settings → API Keys.
- Create a new key and copy it.
What’s available
| View | Description |
|---|---|
| Alerts | Active supply chain alerts by severity (critical, high, medium, low) |
| Package detail | Alert type, affected package version, and recommendation |
| Repository scope | Filter alerts by connected repository |