Socket and I are solving the same problem, behavioral analysis of npm packages before install, but with different approaches.
Socket uses static analysis plus LLM based threat assessment. Dependency Guardian is fully deterministic: 26 regex and AST based detectors plus a correlator with 53 cross signal amplifiers. No LLM in the loop. Scans are reproducible, run in ~38ms, and avoid hallucination or prompt injection issues. The tradeoff is I may miss novel patterns an LLM could generalize to.
Socket had to introduce three alert tiers because of noise. I handle that at the detection layer by correlating signals like ci_secret_access plus network_exfil into higher confidence amplifiers, which lets me hard block PRs at 99.95% precision across 11,356 real packages.
Shai Hulud exploited Bun runtime APIs and legitimate GitHub API traffic to evade Node focused scanners. I built dedicated detectors for those gaps, normalize string escapes before matching, and track import aliases per file.
there is a free tier at 200 scans per month, an open source thin client, a self hosted option, and support for GitHub Actions or any CI via CLI. Socket validated the category and raised $65M. My bet is that a tighter deterministic engine with lower noise wins for teams that want a true CI gate, not just an advisory dashboard.
ComCat|6 days ago
Socket uses static analysis plus LLM based threat assessment. Dependency Guardian is fully deterministic: 26 regex and AST based detectors plus a correlator with 53 cross signal amplifiers. No LLM in the loop. Scans are reproducible, run in ~38ms, and avoid hallucination or prompt injection issues. The tradeoff is I may miss novel patterns an LLM could generalize to.
Socket had to introduce three alert tiers because of noise. I handle that at the detection layer by correlating signals like ci_secret_access plus network_exfil into higher confidence amplifiers, which lets me hard block PRs at 99.95% precision across 11,356 real packages.
Shai Hulud exploited Bun runtime APIs and legitimate GitHub API traffic to evade Node focused scanners. I built dedicated detectors for those gaps, normalize string escapes before matching, and track import aliases per file.
there is a free tier at 200 scans per month, an open source thin client, a self hosted option, and support for GitHub Actions or any CI via CLI. Socket validated the category and raised $65M. My bet is that a tighter deterministic engine with lower noise wins for teams that want a true CI gate, not just an advisory dashboard.