Skip to content

feat: add Socket.dev report URL to depscore output#158

Closed
Alexandros Kapravelos (kapravel) wants to merge 1 commit into
mainfrom
feat/socket-report-url
Closed

feat: add Socket.dev report URL to depscore output#158
Alexandros Kapravelos (kapravel) wants to merge 1 commit into
mainfrom
feat/socket-report-url

Conversation

@kapravel
Copy link
Copy Markdown
Collaborator

@kapravel Alexandros Kapravelos (kapravel) commented Mar 16, 2026

Add links to the full Socket.dev report page for each package when a score is returned. Users can click through for deeper analysis when scores raise concerns.

Why?

  • Gives users a direct path to detailed Socket.dev analysis when scores warrant review
  • Report URL is only shown when a score is found (omitted for "No score found" packages)

Public Changelog

Depscore tool now includes a link to the Socket.dev report page for each package with a score, enabling deeper analysis when scores raise concerns.

Checklist

  • Is PR safe to revert (yes/no)?: yes

Validation

  • TypeScript type check passed
  • Lint passed
  • Unit tests passed (50/52; 2 integration tests require SOCKET_API_KEY, run in CI with secrets)
  • buildSocketReportUrl unit tests added for all supported ecosystems

Made with Cursor

@kapravel
feat: add Socket.dev report URL to depscore output
93d6455 
Include a link to the full Socket.dev report page for each package when
a score is returned. Users can click through for deeper analysis when
scores raise concerns. Report URL is omitted when package is not found.

Made-with: Cursor
John-David Dalton (jdalton) added a commit that referenced this pull request Jun 1, 2026
@jdalton @kapravel
feat(depscore): append Socket.dev report URL to score output
e79018a 
Picks up #158. Adds lib/socket-url.ts (buildSocketReportUrl maps an
artifact to its /<ecosystem>/package/<path> route, honoring per-ecosystem
namespace conventions) and threads it into formatScoreLine so each scored
package gets a clickable Report: line. Re-targeted from the PR's original
index.ts hunks (formatting now lives in lib/depscore-tool.ts) and tested
as test/socket-url.test.ts under vitest. README sample response updated.

Co-authored-by: kapravel <kapravel@users.noreply.github.com>
@jdalton
Copy link
Copy Markdown
Collaborator

John-David Dalton (jdalton) commented Jun 1, 2026

Landed in main as e79018a (feat(depscore): append Socket.dev report URL to score output), with you credited as co-author. lib/socket-url.ts carried over cleanly; the integration was re-targeted from the old index.ts into lib/depscore-tool.ts's formatScoreLine (where score formatting moved during the lib/ refactor), and the test was ported to vitest. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kapravel @jdalton