ValueError: 'other' is not a valid SocketCategory when parsing stream_diff response

[compscidr]

Summary

socketdev.fullscans.stream_diff crashes with ValueError: 'other' is not a valid SocketCategory when the API returns an alert whose category is "other". The SocketCategory enum in the SDK does not include "other", so SocketAlert.from_dict blows up during deserialization.

Stack trace

Observed via socketsecurity==2.2.79 (which pulls socketdev==3.0.32) running in CI:

2026-04-23 19:14:07,719: Error getting diff report: 'other' is not a valid SocketCategory
  File ".../socketsecurity/core/__init__.py", line 876, in get_added_and_removed_packages
    self.sdk.fullscans.stream_diff
  File ".../socketdev/fullscans/__init__.py", line 873, in stream_diff
    return StreamDiffResponse.from_dict({"success": True, "status": 200, "data": result})
  File ".../socketdev/fullscans/__init__.py", line 640, in from_dict
    data=FullScanDiffReport.from_dict(data_value) if data_value else None,
  File ".../socketdev/fullscans/__init__.py", line 616, in from_dict
    artifacts=DiffArtifacts.from_dict(data["artifacts"]),
  File ".../socketdev/fullscans/__init__.py", line 556, in from_dict
    added=[DiffArtifact.from_dict(a) for a in data["added"]],
  File ".../socketdev/fullscans/__init__.py", line 517, in from_dict
    alerts=[SocketAlert.from_dict(alert) for alert in data.get("alerts", [])],
  File ".../socketdev/fullscans/__init__.py", line 450, in from_dict
    category=SocketCategory(data["category"]),
  File ".../enum.py", line 751, in __call__
    return cls.__new__(cls, value)
  File ".../enum.py", line 1170, in __new__
    raise ve_exc
ValueError: 'other' is not a valid SocketCategory

Root cause

SocketCategory at current main HEAD (verified via gh api repos/SocketDev/socket-sdk-python/contents/socketdev/fullscans/__init__.py) defines only:

class SocketCategory(str, Enum):
    SUPPLY_CHAIN_RISK = "supplyChainRisk"
    QUALITY = "quality"
    MAINTENANCE = "maintenance"
    VULNERABILITY = "vulnerability"
    LICENSE = "license"
    MISCELLANEOUS = "miscellaneous"

The Socket.dev API is now returning "other" as an alert category, which breaks any consumer of the SDK on any PR whose diff happens to include a package with such an alert.

Impact

Every PR in our repo that bumps certain Android Compose dependencies (e.g. androidx.compose:compose-bom to 2026.04.01, androidx.compose.ui:ui-tooling to 1.11.0) now fails its socketsecurity CI step with this error, and the job skips downstream gates — effectively a hard block on those PRs. Other PRs pass because their diffs don't include whichever package carries the "other"-category alert. Reruns fail deterministically with the same ValueError.

Suggested fix

Either:

1. Lenient deserialization — fall back to MISCELLANEOUS (or a new UNKNOWN) when the API emits a category the SDK doesn't recognize. This future-proofs against any new category Socket.dev adds server-side before the SDK catches up.

   try:
       category = SocketCategory(data["category"])
   except ValueError:
       category = SocketCategory.MISCELLANEOUS  # or UNKNOWN

2. Add OTHER = "other" to the enum — works for this specific case but leaves the SDK brittle to the next server-side category addition.

Option 1 is what we'd ask for — the current behavior makes the SDK a synchronization liability between Socket.dev's server changes and SDK releases.

Environment

• socketsecurity==2.2.79
• socketdev==3.0.32 (transitively; also latest on PyPI)
• Python 3.12.13, Ubuntu 24.04 GitHub Actions runner

Happy to send a PR for the lenient-deserialization fix if that's the preferred approach.