> For the complete documentation index, see [llms.txt](https://help.aikido.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.aikido.dev/autofix-and-remediation/aikido-libraries-overview.md). # Aikido Libraries Overview {% hint style="info" %} Aikido Libraries is currently in limited availability and is enabled per workspace by Aikido. If you don't see it in your account and would like access, reach out via the in-app chat. {% endhint %} Aikido Libraries continuously removes CVEs from the open-source packages your repositories already depend on, without forcing you to upgrade to a new major version. Once a repository is protected, Aikido replaces vulnerable versions with secured, drop-in replacements that keep the same package name and base version you are running today. The result is a repository whose dependency tree converges to zero open CVEs and stays there, while your application code remains untouched. ### How it differs from a standard dependency upgrade Aikido [AutoFix for open source dependencies](/autofix-and-remediation/scope/autofix-for-open-source-dependencies.md) proposes the minimum version bump needed to clear a CVE. That works well when a fixed upstream version exists and is safe to adopt, but it still requires you to take an upgrade, even if it is only a patch bump. Aikido Libraries takes a different approach. Instead of moving you to a new version, it pins your repository to Aikido-built variants of the exact versions you already use. Security patches are backported into those variants so the version string, public API, and behavior stay the same. #### Use Cases * Repositories that **pin transitive dependencies** and can't easily take upstream upgrades. * **Legacy services** where dependency upgrades carry a high regression risk. * Packages that aren't being **maintained** anymore. ### How it works 1. From **AutoFix > Aikido Libraries**, open the **Protected Repos** tab and click **Protect Repo** on the repository you want to protect. Aikido shows the credit cost in the confirmation modal before you commit. See [Protecting a Repository](/autofix-and-remediation/protecting-a-repository.md). 2. **Aikido patches your packages.** Once a repository is protected, Aikido inspects every CVE affecting the packages in that repository and produces secured variants of those packages. Each variant keeps your original version number with an `+aikido.N` revision suffix appended (`+aikido.1`, `+aikido.2`, ...), so a `1.4.2` install becomes `1.4.2+aikido.1` after pinning. 3. **Daily PRs keep you protected.** Aikido reuses the existing AutoFix daily PR mechanism to open a pull request that updates the manifest and lock files to point at the Aikido-pinned variants. New CVEs discovered later are rolled into subsequent daily PRs automatically. ### Pricing Aikido Libraries is sold as a 1-year subscription per protected repository, paid with [Aikido credits](/miscellaneous-info/wallet-and-credits.md). The credit cost is shown in the confirmation modal before you commit and renews annually until you cancel renewal. The full formula and worked examples are documented in [Protecting a Repository](/autofix-and-remediation/protecting-a-repository.md#pricing-and-credits). ### Relationship to AutoFix Aikido Libraries is a distinct product from AutoFix, but the two are designed to work together. Protected repositories continue to receive standard AutoFix output for anything outside the protected dependency set (SAST, IaC, containers, pentest findings). The library updates themselves are delivered through the same daily PR flow, so reviewers see them in the same place as other AutoFix PRs. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://help.aikido.dev/autofix-and-remediation/aikido-libraries-overview.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.