Skip to content

SocketDev/bun-security-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
bun.lock
bun.lock
 
 
bunfig.toml
bunfig.toml
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Socket's Bun Security Scanner

Official Socket Security scanner for Bun's package installation process. Protects your projects from malicious packages, typosquatting, and other supply chain attacks.

Features

  • 🛡️ Real-time security scanning during package installation
  • 🔍 Detects malware, typosquatting, and supply chain attacks
  • ⚡ Optimized batching for fast scans
  • 🔐 Supports both authenticated (Socket org) and free modes
  • 🎯 Native integration with Bun's security provider API

Installation

bun add -d @socketsecurity/bun-security-scanner

Configuration

Add to your bunfig.toml:

[install.security]
scanner = "@socketsecurity/bun-security-scanner"

Authentication (Optional)

For enhanced scanning with your Socket organization settings, set the SOCKET_API_KEY environment variable:

export SOCKET_API_KEY="xyz"

bun install

Note: required scope pacakges

The scanner will automatically read your token from:

  1. SOCKET_API_KEY environment variable
  2. Socket CLI settings file (if available)

Without a token, the scanner runs in free mode using Socket's public API.

Support

About

security scanner for bun

socket.dev

Resources

Readme

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

9 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases 1

v1.1.1 Latest
Oct 20, 2025

Contributors 3

  •  
  •  
  •  

Languages