Socket · Capability
Socket Packages Purl
Socket packages purl business capability. Self-contained Naftiko capability covering one Socket business surface.
Socket Packages Purl is a Naftiko capability published by Socket, one of 21 capabilities the APIs.io network indexes for this provider. It bundles 2 operations across the POST method.
The capability includes 2 state-changing operations. Lead operation: Get Packages by PURL. Can be deployed as a REST endpoint, MCP tool, or Agent Skill via Naftiko.
Tagged areas include Socket, Supply Chain Security, Packages, and Purl.
What You Can Do
POST
Post purl
— Get Packages by PURL
/v1/purl
POST
Post orgs org slug purl
— Get Packages by PURL (Org Scoped)
/v1/orgs/{org_slug}/purl
MCP Tools
socket-post-purl
Get Packages by PURL
socket-post-orgs-org-slug-purl
Get Packages by PURL (Org Scoped)
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Socket Packages Purl
description: Socket packages purl business capability. Self-contained Naftiko capability covering one Socket business surface.
tags:
- Socket
- Supply Chain Security
- Packages
- Purl
created: '2026-05-25'
modified: '2026-05-25'
binds:
- namespace: env
keys:
SOCKET_API_KEY: SOCKET_API_KEY
capability:
consumes:
- type: http
namespace: packages-purl
baseUri: https://api.socket.dev/v0
description: Socket packages purl business capability. Self-contained, no shared references.
resources:
- name: purl
path: /purl
operations:
- name: post-purl
method: POST
description: Get Packages by PURL
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: alerts
in: query
type: boolean
description: Include alert metadata.
required: false
- name: actions
in: query
type: array
description: Include only alerts with comma separated actions defined by security policy.
required: false
- name: compact
in: query
type: boolean
description: 'Compact metadata. When enabled, excludes metadata fields like author, scores, size, dependencies, and manifest files. Always includes: id, type, name, version, release, namespace,
subpath, alerts, and'
required: false
- name: fixable
in: query
type: boolean
description: Include only fixable alerts.
required: false
- name: licenseattrib
in: query
type: boolean
description: Include license attribution data, including license text and author information. Maps attribution/license text to a list of data objects to which that attribution info applies.
required: false
- name: licensedetails
in: query
type: boolean
description: Include detailed license information, including location and match strength, for each license datum.
required: false
- name: purlErrors
in: query
type: boolean
description: Return errors found with handling PURLs as error objects in the stream.
required: false
- name: poll
in: query
type: boolean
description: When true, wait up to timeoutSec for pending analysis to complete before returning. When false (default), return the current known state immediately, including synthesized pendingScan
and notFound ale
required: false
- name: cachedResultsOnly
in: query
type: boolean
description: 'Legacy fallback for older clients. Only used when poll is omitted: cachedResultsOnly=true behaves like poll=false, while cachedResultsOnly=false preserves the older blocking behavior.'
required: false
- name: summary
in: query
type: boolean
description: Include a summary object at the end of the stream with counts of malformed, resolved, and not found PURLs.
required: false
- name: timeoutSec
in: query
type: integer
description: Maximum time in seconds to wait for package resolution and, when poll=true, pending analysis. Inputs that have not completed processing when the timeout is reached return pendingScan
alerts when alert
required: false
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: orgs-org-slug-purl
path: /orgs/{org_slug}/purl
operations:
- name: post-orgs-org-slug-purl
method: POST
description: Get Packages by PURL (Org Scoped)
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: org_slug
in: path
type: string
description: The slug of the organization
required: true
- name: labels
in: query
type: array
description: Repository label slugs to apply policies. Only one label is supported currently; the parameter is an array to allow future support for multiple labels.
required: false
- name: alerts
in: query
type: boolean
description: Include alert metadata.
required: false
- name: actions
in: query
type: array
description: Include only alerts with comma separated actions defined by security policy.
required: false
- name: compact
in: query
type: boolean
description: 'Compact metadata. When enabled, excludes metadata fields like author, scores, size, dependencies, and manifest files. Always includes: id, type, name, version, release, namespace,
subpath, alerts, and'
required: false
- name: fixable
in: query
type: boolean
description: Include only fixable alerts.
required: false
- name: licenseattrib
in: query
type: boolean
description: Include license attribution data, including license text and author information. Maps attribution/license text to a list of data objects to which that attribution info applies.
required: false
- name: licensedetails
in: query
type: boolean
description: Include detailed license information, including location and match strength, for each license datum.
required: false
- name: purlErrors
in: query
type: boolean
description: Return errors found with handling PURLs as error objects in the stream.
required: false
- name: poll
in: query
type: boolean
description: When true, wait up to timeoutSec for pending analysis to complete before returning. When false (default), return the current known state immediately, including synthesized pendingScan
and notFound ale
required: false
- name: cachedResultsOnly
in: query
type: boolean
description: 'Legacy fallback for older clients. Only used when poll is omitted: cachedResultsOnly=true behaves like poll=false, while cachedResultsOnly=false preserves the older blocking behavior.'
required: false
- name: summary
in: query
type: boolean
description: Include a summary object at the end of the stream with counts of malformed, resolved, and not found PURLs.
required: false
- name: timeoutSec
in: query
type: integer
description: Maximum time in seconds to wait for package resolution and, when poll=true, pending analysis. Inputs that have not completed processing when the timeout is reached return pendingScan
alerts when alert
required: false
- name: body
in: body
type: object
description: Request body (JSON).
required: true
authentication:
type: basic
username: '{{env.SOCKET_API_KEY}}'
password: ''
description: Socket authenticates via HTTP Basic with the API key as the username and empty password.
exposes:
- type: rest
namespace: packages-purl-rest
port: 8080
description: REST adapter for Socket packages purl.
resources:
- path: /v1/purl
name: purl
description: REST surface for purl.
operations:
- method: POST
name: post-purl
description: Get Packages by PURL
call: packages-purl.post-purl
with:
alerts: rest.query.alerts
actions: rest.query.actions
compact: rest.query.compact
fixable: rest.query.fixable
licenseattrib: rest.query.licenseattrib
licensedetails: rest.query.licensedetails
purlErrors: rest.query.purlErrors
poll: rest.query.poll
cachedResultsOnly: rest.query.cachedResultsOnly
summary: rest.query.summary
timeoutSec: rest.query.timeoutSec
body: rest.body.body
outputParameters:
- type: object
mapping: $.
- path: /v1/orgs/{org_slug}/purl
name: orgs-org-slug-purl
description: REST surface for orgs-org-slug-purl.
operations:
- method: POST
name: post-orgs-org-slug-purl
description: Get Packages by PURL (Org Scoped)
call: packages-purl.post-orgs-org-slug-purl
with:
org_slug: rest.path.org_slug
labels: rest.query.labels
alerts: rest.query.alerts
actions: rest.query.actions
compact: rest.query.compact
fixable: rest.query.fixable
licenseattrib: rest.query.licenseattrib
licensedetails: rest.query.licensedetails
purlErrors: rest.query.purlErrors
poll: rest.query.poll
cachedResultsOnly: rest.query.cachedResultsOnly
summary: rest.query.summary
timeoutSec: rest.query.timeoutSec
body: rest.body.body
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: packages-purl-mcp
port: 9090
transport: http
description: MCP adapter for Socket packages purl.
tools:
- name: socket-post-purl
description: Get Packages by PURL
hints:
readOnly: false
destructive: false
idempotent: false
call: packages-purl.post-purl
with:
alerts: tools.alerts
actions: tools.actions
compact: tools.compact
fixable: tools.fixable
licenseattrib: tools.licenseattrib
licensedetails: tools.licensedetails
purlErrors: tools.purlErrors
poll: tools.poll
cachedResultsOnly: tools.cachedResultsOnly
summary: tools.summary
timeoutSec: tools.timeoutSec
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: socket-post-orgs-org-slug-purl
description: Get Packages by PURL (Org Scoped)
hints:
readOnly: false
destructive: false
idempotent: false
call: packages-purl.post-orgs-org-slug-purl
with:
org_slug: tools.org_slug
labels: tools.labels
alerts: tools.alerts
actions: tools.actions
compact: tools.compact
fixable: tools.fixable
licenseattrib: tools.licenseattrib
licensedetails: tools.licensedetails
purlErrors: tools.purlErrors
poll: tools.poll
cachedResultsOnly: tools.cachedResultsOnly
summary: tools.summary
timeoutSec: tools.timeoutSec
body: tools.body
outputParameters:
- type: object
mapping: $.