Introducing Manifest Alerts
Socket introduces Manifest Alerts to detect missing lockfiles and supply chain risks.
Summary
Socket has launched Manifest Alerts, a new feature designed to identify supply chain risks stemming from missing lockfiles in project manifests. This addresses the complexities of dependency resolution, as seen in the Axios npm compromise, where the impact was wider than initially apparent due to unpinned dependency trees. Manifest Alerts highlight projects where dependency installs are not reproducible, offering guidance for generating lockfiles across various package managers.
Full text
ProductIntroducing Reachability for PHPReachability analysis for PHP is now available in experimental, helping teams identify which vulnerabilities are actually exploitable. By Benjamin Barslev - Apr 24, 2026