Socket's Bun Security Scanner

Official Socket Security scanner for Bun's package installation process. Protects your projects from malicious packages, typosquatting, and other supply chain attacks.

Features

• 🛡️ Real-time security scanning during package installation
• 🔍 Detects malware, typosquatting, and supply chain attacks
• ⚡ Optimized batching for fast scans
• 🔐 Supports both authenticated (Socket org) and free modes
• 🎯 Native integration with Bun's security provider API

Installation

bun add -d @socketsecurity/bun-security-scanner

Configuration

Add to your bunfig.toml:

[install.security]
scanner = "@socketsecurity/bun-security-scanner"

Authentication (Optional)

For enhanced scanning with your Socket organization settings, set the SOCKET_API_KEY environment variable:

export SOCKET_API_KEY="xyz"

bun install

Note: required scope packages

The scanner will automatically read your token from:

1. SOCKET_API_KEY environment variable
2. Socket CLI settings file (if available)

Without a token, the scanner runs in free mode using Socket's public API.

Support

• Socket Documentation
• Bun Security Scanner API
• Report Issues