Skip to content

socket package shallow command does not output npm namespaces #971

New issue
New issue
Open
Open
socket package shallow command does not output npm namespaces#971
@jikuja

Description

@jikuja
jikuja
opened on Dec 14, 2025

Example:

socket package shallow npm @axe-core/react       
   _____         _       _        /---------------
  |   __|___ ___| |_ ___| |_      | CLI: v1.1.46
  |__   | . |  _| '_| -_|  _|     | token: ****** (config), org: **** (config)
  |_____|___|___|_,_|___|_|.dev   | Command: `socket package shallow`, cwd: ~/work/xxxxxxx

ℹ Requesting shallow score data for 1 package urls (purl): pkg:npm/@axe-core/react
✔ Received Socket API response (after requesting looking up package).

Shallow Package Score

Please note: The listed scores are ONLY for the package itself. It does NOT
             reflect the scores of any dependencies, transitive or otherwise.


Package: pkg:npm/react@4.11.0

- Supply Chain Risk:   99
- Maintenance:        95
- Quality:           100
- Vulnerabilities:   100
- License:            70
- Alerts (0/0/2):     [low] copyleftLicense and [low] nonpermissiveLicense

Informative print includes correct purl but output does not. The root cause:

socket-cli/packages/cli/src/commands/package/output-purls-shallow-score.mts

Line 81 in 9cc003b

const purl = `pkg:${artifact.ecosystem}/${artifact.name}${artifact.version ? `@${artifact.version}` : ''}`

socket package score command seems to be working fine because it is using data directly and on markdown generation data.purl is used as package name.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions