-
Notifications
You must be signed in to change notification settings - Fork 0
Wrapper Mode
Socket Firewall's wrapper mode provides the simplest way to run package manager commands through the security proxy. In this mode, the CLI automatically handles proxy setup, certificate generation, environment configuration, and cleanup - requiring minimal configuration from the user.
There is not currently a formal installation mechanism. Simply download the latest sfw binaries from the releases page, rename to sfw or sfw.exe, set as executable (on Linux/Mac), and place it somewhere in your PATH.
Note: Our application binaries are not currently signed. On MacOS, you may need to configure the OS to allow execution of sfw. You can accomplish like so:
xattr -dr com.apple.quarantine ./path/to/sfwOnce the sfw binaries are signed, this step will no longer be necessary.
Run any package manager command through the proxy:
# Basic usage
sfw npm install lodash
sfw pip install requestsThe CLI automatically:
- Starts the proxy server
- Generates or uses existing CA certificates
- Sets appropriate environment variables for package managers
- Runs the specified command with proxy configuration
- Shuts down the proxy when the command completes
The only required configuration is your Socket API token, which can be set in one of two ways:
# Required scopes: packages, entitlements:list
export SOCKET_API_KEY=sktsec_your_api_key_here_api
sfw npm install lodashCreate a .sfw.config file in your project directory or home directory:
# Required scopes: packages, entitlements:list
SOCKET_API_KEY=sktsec_your_api_key_here_apiPer-Repository Configuration: Using configuration files allows you to set different API tokens for different repositories, enabling you to use different Socket organizations with distinct security policies on a per-project basis.
For detailed information about all configuration options (including telemetry, custom registries, and more), see the Configuration documentation.