Application performance is critical for productivity. We’ve all felt the drag when a UI takes longer than expected to respond, and your attention starts to drift. A snappy UI is the difference between staying in the flow and “better go get some coffee.
There’s often a tradeoff though – sometimes you want data to be as fresh as possible, even if it takes a little longer to process. This is the classic dilemma behind the CAP theorem in databases as well as the first of the two famous “hard things” in computer science (cache invalidation).
At Socket, a lot of what we do is scanning your dependency data – your package.json files, lockfiles, and SBOMs. And sometimes you want that data to be as fresh as possible: for example, when something like React2Shell or Shai-Hulud hits, and you’re trying to determine if you’re affected based on the latest research. However, a lot of the time, security teams don’t necessarily need the freshest answer – you’re dealing with the day-to-day of well-known vulnerabilities and code quality issues. In that case, it’s painful to wait for a fresh scan.
Furthermore, freshness is not always as important as immutability. Sometimes you want to share the URL of a scan with your team, and then be sure that your teammates will see the same thing when they click five days later. If the URL changes under you, providing fresh data every time you load it, then that’s not only slow but could also cause communication or reproducibility problems.
As Socket has expanded the depth and breadth of its scanning capabilities, we’ve focused on making sure the experience stays fast and predictable. In practice, that means optimizing for speed by default, while still making it easy to get fresh results when it matters most, such as during fast-moving incidents like Shai-Hulud.
How Immutable Scans Work#
In the Socket dashboard, we’ve now gone all-in on the concept of “immutable” scans. When you view a scan or diff scan page, you will see the same results no matter how many times you load the page. And once the scan is finished, the page will load much faster than before. Here’s how it works: