Socket.dev (Dependency Security)

Socket.dev (Dependency Security) MCP Connector for Claude

A+

Protect your software supply chain by scanning dependencies, checking package security scores, and monitoring threat feeds directly from your AI agent.

10 tools Official Updated Jun 28, 2026 Official Vinkius Partner

Connect Socket.dev to your AI agent to proactively defend against supply chain attacks. This MCP server allows you to analyze open-source packages, scan manifest files, and monitor for malicious dependencies without leaving your development environment.

What you can do

  • Package Analysis — Get deep security scores and identify issues for specific packages using PURLs (e.g., npm, PyPI, Go).
  • Dependency Scanning — Upload manifest files like package.json or requirements.txt to create comprehensive security scans.
  • Report Management — List and retrieve detailed security reports, including policy compliance and alert data.
  • Threat Intelligence — Access a real-time feed of malicious packages detected by Socket's analysis engine.
  • Organization Oversight — Manage scans across different organizations and monitor your API usage quotas.

How it works

  1. Subscribe to this server
  2. Enter your Socket.dev API Token
  3. Start auditing your dependencies directly from Claude, Cursor, or any MCP-compatible client

Stop guessing if a package is safe. Let your AI agent use Socket's industry-leading telemetry to catch typosquatting, backdoors, and telemetry before they enter your codebase.

Who is this for?

  • Security Engineers — Automate the review of new dependencies and monitor organizational security posture.
  • Developers — Check package safety scores instantly before running npm install or pip install.
  • DevOps Teams — Integrate dependency scanning into the conversation to quickly triage security reports.
supply-chain-securitydependency-scanningopen-source-securitymalware-detectiondevsecopspackage-analysis

10 tools expose this connector's capabilities to your AI agent.

create_scan

Provide manifest files data (e.g., package.json, requirements.txt). Create a new scan by uploading manifest files

delete_scan

Delete a scan

get_package_issues

g., pkg:npm/babel). Get issues/alerts for a specific package

get_package_score

g., pkg:npm/babel). Get the security score for a specific package

get_quota

Check remaining API quota

get_report

Get detailed report data

get_scan

Get scan metadata and status

get_threat_feed

Access the real-time threat feed

list_organizations

List organizations the token has access to

list_reports

List reports

See how to talk to your AI agent using Socket.dev (Dependency Security).

Check the security score for the npm package 'axios'.

I've checked the security score for `pkg:npm/axios`. It currently has a high security score of 98/100, with no critical issues detected in the latest version.

List all security reports for my organization.

I've retrieved the reports. You have 3 recent scans available. Would you like me to get the details for the most recent report (ID: rep_12345)?

Show me the real-time threat feed from Socket.

Fetching the threat feed... I found several recently flagged malicious packages, including 'discord-selfbot-v14' which was flagged for containing malware. Be cautious if these appear in your dependencies.

You can use the `get_package_score` tool by providing the Package URL (PURL), such as `pkg:npm/lodash`. The agent will return a security score and risk assessment.

Related Connectors