惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
博客园 - 三生石上(FineUI控件)
S
Securelist
U
Unit 42
The Cloudflare Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Simon Willison's Weblog
Simon Willison's Weblog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
B
Blog
T
Tenable Blog
The Hacker News
The Hacker News
The Register - Security
The Register - Security
IT之家
IT之家
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
P
Privacy & Cybersecurity Law Blog
博客园_首页
T
Tailwind CSS Blog
人人都是产品经理
人人都是产品经理
C
Cybersecurity and Infrastructure Security Agency CISA
Know Your Adversary
Know Your Adversary
NISL@THU
NISL@THU
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
T
Tor Project blog
C
CERT Recently Published Vulnerability Notes
Apple Machine Learning Research
Apple Machine Learning Research
Stack Overflow Blog
Stack Overflow Blog
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
V
Vulnerabilities – Threatpost
A
Arctic Wolf
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
V2EX
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
Scott Helme
Scott Helme
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
V
Visual Studio Blog
月光博客
月光博客
爱范儿
爱范儿
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
美团技术团队
G
GRAHAM CLULEY
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
H
Heimdal Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Socket

Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Mu... Next.js moves to scheduled security releases - Socket 11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windo... Compromised npm Packages in the AsyncAPI Namespace Deliver M... jscrambler npm Package Compromised in Supply Chain Attack - ... Fake Braintree NuGet Package Skims Credit Cards and Harvests... Compromised Injective SDK npm Package Exfiltrates Wallet Key... npm v12 Ships With Install Scripts Off by Default, Begins De... Malicious Go Module Exposes GitHub Malware Lure Network Span... pnpm 11.10 Hardens Registry Authentication to Block Token Re... Coordinated npm and PyPI Campaign Typosquats Popular Secure ... Node.js Considers Public Workflow for Security Reports Amid ... PolinRider: North Korea-Linked Supply Chain Campaign Expands... Risky Biz Podcast: AI Agents Are Raising the Stakes for Soft... Chrome and Firefox Extensions Posing as Free VPNs Add Clipbo... Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages - S... Rolldown Pulls Rust React Compiler Integration After Binary ... Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and Git... Frontier AI Is Now Critical Infrastructure - Socket The Code You Didn't Write Is Still Yours to Defend - Socket GitHub Actions Checkout Now Blocks Risky pull_request_target... Introducing Repository Access Permissions and Custom Roles -... Socket MCP Adds Org Alerts, Threat Feed Review, and Package ... Socket Firewall Now Blocks Malicious VS Code and Open VSX Ex... 140+ Mastra npm Packages Compromised in Coordinated Supply C... npm Package Uses Prompt Injection and Token Flooding to Disr... Introducing Manifest Alerts - Socket GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ... Socket for Linear Is Now Available - Socket US Government Forces Anthropic to Pull Claude Fable Days After Launch 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic Andrew Becherer Joins Socket as Chief Information Security Officer Socket Partners with Replit to Block Malicious Packages in AI-Powered Development npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems pnpm 11.5 Adds Support for Recognizing npm Staged Publishes pnpm 11.5 Adds Support for Recognizing npm Staged Publishes Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Famous Chollima Targets PHP Developers Through Compromised Packagist Package Famous Chollima Targets PHP Developers Through Compromised Packagist Package Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io Laravel Lang Compromised with RCE Backdoor Across 700+ Versions Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects AI Has Taken Over Open Source npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit Socket raises $60M Series C at $1B valuation led by Thrive Capital to secure AI-driven software development Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor Active Supply Chain Attack Compromises @antv Packages on npm Popular node-ipc npm Package Infected with Credential Stealer TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks Packagist Urges Immediate Composer Update After GitHub Actions Token Leak GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack fsnotify Maintainer Dispute Sparks Supply Chain Concerns Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer pnpm 11 Adds Supply Chain Protection Defaults for Minimum Release Age and Exotic Subdependencies PyPI Fixes High-Severity Access Control Issues Found in Security Audit Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack lightning PyPI Package Compromised in Supply Chain Attack Malicious npm Package Brand-Squats TanStack to Exfiltrate Environment Variables SAP CAP npm Packages Hit by Supply Chain Attack Socket Has Acquired Secure Annex 73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations Introducing Reachability for PHP Introducing Data Exports Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions Introducing Organization Notifications in Socket Socket for Jira Is Now Available Socket Named Top Sales Organization by RepVue NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets Socket Selected for OpenAI's Cybersecurity Grant Program Feross on the 10 Minutes or Less Podcast: Nobody Reads the Code 108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure Node.js Drops Bug Bounty Rewards After Funding Dries Up The Hidden Blast Radius of the Axios Compromise
Introducing Reports: An Extensible Reporting Framework for Socket Data
André Staltz · 2026-04-22 · via Socket

Sidebar CTA Background

Secure your dependencies with us

Socket proactively blocks malicious open source packages in your code.

Install

Today, we’re introducing Reports, a new page in the Socket dashboard for chart-based views of vulnerabilities, dependencies, and usage. At launch, Reports includes five built-in charts across three categories, with support for organization-wide and repository-level views. It replaces the previous Analytics page with a more structured reporting experience in the dashboard.

Built as an extensible reporting framework, the new page gives teams a more consistent way to work with and share Socket data across reviews, presentations, and recurring reporting workflows.

A Dedicated Reporting Surface in the Dashboard#

Security and engineering teams often need to communicate what they are seeing in Socket outside the product itself. That might mean preparing internal reviews, stakeholder updates, customer presentations, recurring readouts, or planning decks. Until now, turning that data into something reusable usually meant rebuilding charts by hand or stitching together one-off screenshots from different parts of the dashboard.

The new page makes that work easier to do directly in the dashboard.

Rather than scattering one-off visualizations across the product, Reports brings chart-based reporting into one dedicated page. Teams can start with an organization-wide view for broad visibility, then narrow to a specific repository when they need more targeted analysis.

At launch, Reports is organized into three categories:

  • Vulnerabilities
  • Dependencies
  • Usage

Within those categories, Reports currently includes five built-in charts:

  • Top 25 CWEs
  • Top 10 OWASP categories
  • License distribution
  • Score distribution
  • Firewall events

Vulnerability Reporting Aligned With Familiar Frameworks#

The first set of reports focuses on vulnerability data through security frameworks teams already use to understand risk.

The Top 25 CWEs chart shows how often each category appears in the selected organization and, if applicable, a specific repository. This gives teams a direct view into which weakness categories appear most often across the selected scope, while keeping the results grounded in a framework that security teams already recognize.

The Top 10 OWASP report provides a similar view across OWASP categories, making it easier to see which classes of application security issues are showing up most frequently.

Both reports support alternate sort orders, which makes them useful in different contexts. Teams can sort by occurrences or OWASP rank, depending on whether they want to see the most frequent categories first or view them in the framework’s default order.

Dependency Reporting for Inventory and Package Health#

Reports also includes two dependency-focused charts designed to help teams understand what is in their dependency graph and how healthy those packages are overall.

The Licenses report shows the distribution of licenses across your dependencies. It gives teams a quick way to see which licenses are most prevalent across an organization or repository, while still making room for the long tail.

The Score Distribution report shows the distribution of dependencies by their overall Socket score, or another selected score category. Scores are grouped into buckets, which makes it easier to see whether packages are clustering in healthier ranges or drifting toward categories that suggest more risk.

This view is especially useful because it shows how risk is distributed across a dependency set instead of collapsing package health into a single summary number. Teams can quickly tell whether the overall picture reflects a strong baseline, a concentration of medium-risk packages, or a long tail that deserves closer review.

The score distribution view also supports multiple score categories, including overall score and more specific dimensions such as vulnerabilities, supply chain risk, maintenance, and quality. That gives teams a more flexible way to move from a broad view of package health to a more specific understanding of what is driving risk.

Usage Reporting for Operational Visibility#

Reports also introduces a usage-focused chart for operational visibility.

The Events report shows the number of Firewall events per day over time, broken out by event type. That gives teams a straightforward way to understand activity patterns and see how Socket usage is showing up across the selected scope.

Presented as a time series chart with event-type filtering, it is useful both inside the dashboard and in the materials teams create from it. Like the other charts in Reports, it is meant to support analysis and communication, not just in-product viewing.

Built for Export, Reuse, and Extensibility#

Every chart in Reports can be exported as a PNG for reuse in slides, docs, presentations, and recurring reporting workflows. The reports are designed as durable outputs, not just dashboard widgets. They reduce manual chart-building for reviews and presentations and give teams a faster way to turn Socket data into shareable reporting artifacts.

Reports is also built as an extensible reporting framework inside the dashboard. Each chart follows the same structure for scoping, controls, explanatory context, source labeling, and export, creating a consistent foundation for expanding chart-based reporting over time without introducing a different interaction model for every new view.

Available Now in the Socket Dashboard#

The new Reports page is available now in the Socket dashboard.

We are rapidly expanding the reporting framework with additional charts and views over time, with new charts guided by customer feedback. If there’s a chart you’d like to see, contact Socket support or use the feedback button in the top-right corner of the Reports page.

Try Reports in the Socket dashboard today to explore chart-based views of vulnerabilities, dependencies, and usage, and export the charts you need for reviews, presentations, and internal reporting.