### Install Socket SDK Source: https://github.com/socketdev/socket-sdk-js/blob/main/README.md Installs the Socket SDK package using npm. ```bash npm install @socketsecurity/sdk ``` -------------------------------- ### Initialize Socket SDK and Get Quota (ESM/TypeScript) Source: https://github.com/socketdev/socket-sdk-js/blob/main/README.md Demonstrates how to initialize the Socket SDK with an API key and retrieve quota information. It shows how to handle the response, checking for success and accessing the data. ```javascript import { SocketSdk } from '@socketsecurity/sdk' const client = new SocketSdk('yourApiKeyHere') const res = await client.getQuota() if (res.success) { // Will output { quota: 123 } if the quota you have left is 123 console.log(res.data) } ``` -------------------------------- ### Initialize Socket SDK (CommonJS) Source: https://github.com/socketdev/socket-sdk-js/blob/main/README.md Shows how to import the SocketSdk class in a CommonJS environment. ```javascript const { SocketSdk } = require('@socketsecurity/sdk') ``` -------------------------------- ### Update package.json and Create GitHub Release Source: https://github.com/socketdev/socket-sdk-js/blob/main/CONTRIBUTING.md This snippet describes the manual steps required to prepare for a new package version release. It involves updating the version number in the package.json file and then creating a new release on GitHub, which triggers the automated publishing process. ```bash ## Update version in package.json # Example: Update to version 1.2.3 npm version 1.2.3 ## Create a GitHub Release # Navigate to your GitHub repository's 'Releases' section and create a new release. # Tag the release with the version number (e.g., v1.2.3). # Write release notes describing the changes in this version. ``` ```javascript // Ensure package.json has the correct version // { // "name": "socket-sdk-js", // "version": "1.2.3", // "description": "...", // "main": "index.js", // ... // } ``` -------------------------------- ### SocketSdk Report Methods Source: https://github.com/socketdev/socket-sdk-js/blob/main/README.md Provides methods for generating and managing security reports. `createReportFromFilepaths` creates a report from specified package files, `getReportList` lists available reports, `getReportSupportedFiles` lists supported file types for reports, and `getReport` retrieves a specific report by its ID. ```APIDOC createReportFromFilepaths(filePaths, pathsRelativeTo=., [issueRules]) - filePaths: An `array` of absolute or relative `string` paths to `package.json` and any corresponding `package-lock.json` files - pathsRelativeTo: A `string` path that the absolute paths `filePaths` are relative to. This to calculate where in your project the `package.json`/`package-lock.json` files lives - issueRules: An object that follows the format of the [`socket.yml`](https://docs.socket.dev/docs/socket-yml) issue rules. Keys being issue names, values being a boolean that activates or deactivates it. Is applied on top of default config and organization config. getReportList() getReportSupportedFiles() getReport(id) - id: A `string` representing the id of a created report ``` -------------------------------- ### Advanced: Specifying Custom User Agent Source: https://github.com/socketdev/socket-sdk-js/blob/main/README.md Explains how to specify a custom user agent string when initializing the `SocketSdk`. This allows for better identification of requests originating from custom applications or tools using the SDK. It shows how to prepend a custom agent to the default SDK agent. ```javascript const client = new SocketSdk('yourApiKeyHere', { userAgent: 'example/1.2.3 (http://example.com/)' }) // Results in the HTTP User-Agent header: // User-Agent: example/1.2.3 (http://example.com/) socketsecurity-sdk/0.5.2 (https://github.com/SocketDev/socket-sdk-js) // Alternatively, use createUserAgentFromPkgJson: // const client = new SocketSdk('yourApiKeyHere', { // userAgent: createUserAgentFromPkgJson(pkgJson) // }) ``` -------------------------------- ### SocketSdk Package Methods Source: https://github.com/socketdev/socket-sdk-js/blob/main/README.md Details methods for retrieving security information about npm packages. `getIssuesByNPMPackage` fetches issues for a given package and version, while `getScoreByNPMPackage` retrieves its security score. ```APIDOC getIssuesByNPMPackage(packageName, version) - packageName: A `string` representing the name of the npm package you want the issues for - version: A `string` representing the version of the npm package to return the issues for getScoreByNPMPackage(packageName, version) - packageName: A `string` representing the name of the npm package you want the score for - version: A `string` representing the version of the npm package to return the score for ``` -------------------------------- ### SocketSdk Utility and Organization Methods Source: https://github.com/socketdev/socket-sdk-js/blob/main/README.md Includes utility methods for checking API quota, retrieving organization details, and managing settings. `getQuota` checks remaining API quota, `getOrganizations` lists accessible organizations, `postSettings` updates user settings, and `getOrgSecurityPolicy` retrieves an organization's security policy. ```APIDOC getQuota() getOrganizations() postSettings(selectors) - selectors: An array of settings selectors, e.g. `[{ organization: 'id' }]` getOrgSecurityPolicy(orgSlug) - orgSlug: the slug of the organization ``` -------------------------------- ### SocketSdk Additional Export: createUserAgentFromPkgJson Source: https://github.com/socketdev/socket-sdk-js/blob/main/README.md Provides a utility function to create a User-Agent string from a `package.json` file's content, useful for identifying SDK usage in API requests. ```javascript createUserAgentFromPkgJson(pkgJson) - pkgJson: The content of the `package.json` you want to create a `User-Agent` string for ``` -------------------------------- ### Automated Publishing via GitHub Actions Source: https://github.com/socketdev/socket-sdk-js/blob/main/CONTRIBUTING.md This section explains how the `.github/workflows/provenance.yml` GitHub Actions workflow automatically publishes the package to npm once a release is created on GitHub. It highlights the use of npm-provided provenance. ```yaml # .github/workflows/provenance.yml name: Node.js Package on: release: types: [published] jobs: publish: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 with: node-version: '20' registry-url: 'https://registry.npmjs.org' - run: npm ci - run: npm publish --provenance env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.