Aikido Safe Chain - Prevent Malware Installs

Protect your projects from hidden threats like malicious code and malware by integrating Aikido into your workflow. As you install node packages, Aikido scans for risks such as obfuscated code, data theft attempts, sneaky install scripts, and crypto miners, all without interrupting your command. Picture it as a safety net wrapped around npm and other package managers, ensuring safer operations.

Why It Matters:

Threats Covered: Aikido blocks access to potentially harmful packages by identifying suspicious activities like data exfiltration or unwanted scripts during setup.
Peace of Mind: Get instant protection without complex changes, helping you catch issues early and keep your dependencies clean.

Installation

Installing the Aikido Safe Chain is easy, just follow these steps:

Install the Aikido Safe Chain package globally using npm

npm install -g @aikidosec/safe-chain

Setup the shell integration by running following command

safe-chain setup

If the command above fails with command not found use npm list -g safe-chain to find the correct path, and run again with /path/to/lib/safe-chain setup

❗Restart your terminal to start using the Aikido Safe Chain

This step is crucial as it ensures that the shell aliases for npm, npx, yarn, pnpm and pnpx are loaded correctly. If you do not restart your terminal, the aliases will not be available.

Verify the installation by running following command

npm install safe-chain-test

The output should show that Aikido Safe Chain is blocking the installation of this package as it is flagged as malware.

When running npm, npx, yarn, pnpm or pnpx commands, the Aikido Safe Chain will automatically check for malware in the packages you are trying to install. If any malware is detected, it will prompt you to exit the command.

For more detailed instructions and configuration options, visit our documentation @aikidosec/safe-chain

Last updated 26 days ago

Was this helpful?