Core utilities for Socket.dev tools: file system, processes, HTTP, env detection, logging, spinners, and more. Tree-shakeable, TypeScript-first, cross-platform.
@socketsecurity/lib is the shared utility layer for every Socket.dev tool (the CLI, SDK, registry, MCP server, build infrastructure). It exists so we ship one battle-tested implementation of "spawn a child", "fetch JSON with retries", "delete a path safely on Windows + POSIX", etc. — rather than ten subtly different ones across the fleet. Every export is reachable via a subpath import, so tree-shaking keeps your bundle lean.
pnpm add @socketsecurity/libimport { Spinner } from '@socketsecurity/lib/spinner'
import { readJson } from '@socketsecurity/lib/fs'
const spinner = Spinner({ text: 'Loading…' })
spinner.start()
const pkg = await readJson('./package.json')
spinner.successAndStop(`Loaded ${pkg.name}@${pkg.version}`)Every export lives under a subpath — pick what you need:
import { spawn } from '@socketsecurity/lib/spawn'
import { httpJson } from '@socketsecurity/lib/http-request'
import { safeDelete } from '@socketsecurity/lib/fs'Start with the API Index — every subpath export with a one-line description.
Contributor commands
pnpm install # install
pnpm build # build
pnpm test # run tests
pnpm run cover # tests with coverage
pnpm dev # watch mode
pnpm run lint # check style
pnpm run fix # auto-fix formattingSee CLAUDE.md for contributor guidelines.
- Getting Started – install + first examples
- Visual Effects – spinners, loggers, themes
- File System – files, globs, paths, safe deletion
- HTTP Utilities – requests, downloads, retries
- Process Utilities – spawn, IPC, locks
- Package Management – npm/pnpm/yarn detection
- Environment – CI/platform detection, env getters
- Constants – Node versions, npm URLs, platform values
- Examples – real-world patterns
- Troubleshooting – common issues
MIT