Skip to content

dringrayson/bun-security-scanner

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
bun.lock
bun.lock
 
 
bunfig.toml
bunfig.toml
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Socket's Bun Security Scanner

Official Socket Security scanner for Bun's package installation process. Protects your projects from malicious packages, typosquatting, and other supply chain attacks.

Features

  • 🛡️ Real-time security scanning during package installation
  • 🔍 Detects malware, typosquatting, and supply chain attacks
  • ⚡ Optimized batching for fast scans
  • 🔐 Supports both authenticated (Socket org) and free modes
  • 🎯 Native integration with Bun's security provider API

Installation

bun add -d @socketsecurity/bun-security-scanner

Configuration

Add to your bunfig.toml:

[install.security]
scanner = "@socketsecurity/bun-security-scanner"

Authentication (Optional)

For enhanced scanning with your Socket organization settings, set the SOCKET_API_KEY environment variable:

export SOCKET_API_KEY="xyz"

bun install

Note: required scope packages

The scanner will automatically read your token from:

  1. SOCKET_API_KEY environment variable
  2. Socket CLI settings file (if available)

Without a token, the scanner runs in free mode using Socket's public API.

Support

About

security scanner for bun

socket.dev

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

 
 
 

Contributors

Languages

  • TypeScript 100.0%