Description
The CLI crashes with ValueError: 'other' is not a valid SocketCategory when scanning a PR that includes a package whose diff report contains an alert with category: "other". The SocketCategory enum in socketdev/fullscans/__init__.py does not include "other" as a valid value, causing deserialization to fail.
Environment
socketsecurity version: 2.2.85- Python version:
3.12.13
- OS:
ubuntu-latest (GitHub Actions runner)
- Trigger:
pull_request event
Workflow config
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Socket CLI
run: pip install socketsecurity==2.2.85
- name: Run Socket Security Scan
env:
SOCKET_SECURITY_API_KEY: ${{ secrets.SOCKET_SECURITY_API_KEY }}
GH_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PR_NUMBER=${{ github.event.pull_request.number }}
socketcli \
--target-path $GITHUB_WORKSPACE \
--scm github \
--pr-number $PR_NUMBERSteps to reproduce
- Add
browserlist (Socket's own sample malware package) to a package.json
- Open a PR
- Run
socketcli via GitHub Actions
The Socket API returns a diff report containing an alert with "category": "other", which the SocketCategory enum cannot deserialize.
Error output
2026-04-24 01:29:57,223: Error getting diff report: 'other' is not a valid SocketCategory
Traceback (most recent call last):
File ".../socketsecurity/core/__init__.py", line 939, in get_added_and_removed_packages
self.sdk.fullscans.stream_diff
File ".../socketdev/fullscans/__init__.py", line 873, in stream_diff
return StreamDiffResponse.from_dict({"success": True, "status": 200, "data": result})
File ".../socketdev/fullscans/__init__.py", line 640, in from_dict
data=FullScanDiffReport.from_dict(data_value) if data_value else None,
File ".../socketdev/fullscans/__init__.py", line 616, in from_dict
artifacts=DiffArtifacts.from_dict(data["artifacts"]),
File ".../socketdev/fullscans/__init__.py", line 556, in from_dict
added=[DiffArtifact.from_dict(a) for a in data["added"]],
File ".../socketdev/fullscans/__init__.py", line 517, in from_dict
alerts=[SocketAlert.from_dict(alert) for alert in data.get("alerts", [])],
File ".../socketdev/fullscans/__init__.py", line 450, in from_dict
category=SocketCategory(data["category"]),
File ".../enum.py", line 751, in __call__
return cls.__new__(cls, value)
ValueError: 'other' is not a valid SocketCategory
Expected behavior
The CLI handles unknown category values gracefully (e.g. falls back to a default, skips the alert, or logs a warning) rather than crashing the entire scan.
Impact
Any PR containing a package that Socket categorizes as "other" causes the scan to crash with exit code 3, blocking CI entirely. This is particularly problematic since the crash prevents Socket from reporting on the very packages it should be flagging.
Description
The CLI crashes with
ValueError: 'other' is not a valid SocketCategorywhen scanning a PR that includes a package whose diff report contains an alert withcategory: "other". TheSocketCategoryenum insocketdev/fullscans/__init__.pydoes not include"other"as a valid value, causing deserialization to fail.Environment
socketsecurityversion:2.2.853.12.13ubuntu-latest(GitHub Actions runner)pull_requesteventWorkflow config
Steps to reproduce
browserlist(Socket's own sample malware package) to apackage.jsonsocketclivia GitHub ActionsThe Socket API returns a diff report containing an alert with
"category": "other", which theSocketCategoryenum cannot deserialize.Error output
Expected behavior
The CLI handles unknown
categoryvalues gracefully (e.g. falls back to a default, skips the alert, or logs a warning) rather than crashing the entire scan.Impact
Any PR containing a package that Socket categorizes as
"other"causes the scan to crash with exit code 3, blocking CI entirely. This is particularly problematic since the crash prevents Socket from reporting on the very packages it should be flagging.