Socket Raises $60 Million at $1 Billion Valuation

Overview

Socket, the supply chain security company focused on protecting open source package ecosystems from malicious dependencies, has raised $60 million in a new funding round at a $1 billion valuation. The company plans to invest the capital in its firewall product, certified patch offering, protection browser extensions, new product lines, and team expansion.

The raise comes as software supply chain attacks continue to surge — with incidents like the Mini Shai-Hulud worm, the Axios npm compromise, and the TanStack supply chain attack dominating headlines in 2026 and underscoring the urgent demand for dedicated supply chain security tooling.

What Socket Does

Socket operates as a software supply chain firewall — sitting between developers and the open source packages they consume. Rather than waiting for a malicious package to be flagged by traditional signature-based tools, Socket analyzes package behavior at install time, flagging:

• New permissions or capabilities introduced in a version update
• Typosquatting attempts designed to mimic popular packages
• Obfuscated code and unusual dynamic execution patterns
• Network access additions not present in prior versions
• Shell command execution or filesystem writes introduced without explanation

The platform covers the npm, PyPI, Go, Maven, and other major package ecosystems.

Funding Use Cases

Per the announcement, Socket will direct the new capital toward:

Why This Round Matters

The timing of Socket's raise reflects the broader security market's recognition that supply chain security is no longer optional. Several converging trends are driving investment:

The Threat Landscape

2026 has seen some of the most sophisticated supply chain attacks on record:

• Mini Shai-Hulud worm self-propagated through npm maintainer account compromises, infecting TanStack, Mistral AI, and Guardrails AI packages
• Axios maintainer account was compromised via targeted social engineering, leading to malicious npm publishes
• Bitwarden CLI and SAP-related packages were compromised in the same campaign wave
• Checkmarx supply chain attacks compromised Jenkins AST plugin and KICS Docker images

Regulatory Pressure

The EU Cyber Resilience Act and emerging US executive guidance on software bill of materials (SBOM) requirements are forcing organizations to document and audit their dependency trees — creating demand for platforms that can continuously monitor and verify open source components.

Enterprise Adoption

Security teams are increasingly moving from advisory-based tools (vulnerability scanners that flag known-bad CVEs) to behavioral and supply chain-aware tooling that can catch novel attacks before they propagate into production systems.

Market Position

Socket competes and complements tools like:

• Snyk — vulnerability scanning with some supply chain awareness
• Endor Labs — dependency lifecycle management
• Chainguard — hardened base images and policy enforcement
• GitHub's Dependabot — automated dependency updates with security context

Socket's differentiation is its pre-install behavioral analysis — catching malicious packages at the moment of introduction rather than after the fact, which is particularly effective against zero-day supply chain attacks where no CVE exists yet.

Takeaways for Security Teams

1. Evaluate supply chain firewalling — reactive CVE scanning misses behavioral and novel attacks; pre-install analysis tools are a meaningful additional layer
2. Audit npm/PyPI consumption patterns — the breadth of the recent Mini Shai-Hulud campaign shows that even major maintained packages can be compromised
3. SBOMs are becoming compliance requirements — tooling that generates and monitors software bills of materials will be required in regulated environments
4. Private patches matter — certified patch workflows that audit changes before deployment reduce exposure from compromised upstream maintainers

References

• SecurityWeek: Socket Raises $60 Million at $1 Billion Valuation