Safe Chain - Troubleshooting

This guide helps you diagnose and resolve common issues with Aikido Safe Chain.

Verification & Diagnostics

Check Installation

# Check version
safe-chain --version

Verify Shell Integration

Run the verification command for your package manager:

npm safe-chain-verify
pnpm safe-chain-verify
pip safe-chain-verify
uv safe-chain-verify

# Any other supported package manager: {packagemanager} safe-chain-verify

Expected output: OK: Safe-chain works!

Test Malware Blocking

Verify that malware detection is working:

npm install safe-chain-test

These test packages are flagged as malware and should be blocked by Safe Chain.

If the test package installs successfully instead of being blocked, see Malware Not Being Blocked below.

Logging Options

Use logging flags or environment variables to get more information:

# Verbose mode - detailed diagnostic output for troubleshooting
npm install express --safe-chain-logging=verbose

# Or set it globally for all commands in your session
export SAFE_CHAIN_LOGGING=verbose
npm install express

# Silent mode - suppress all output except malware blocking
npm install express --safe-chain-logging=silent

Common Issues

Malware Not Being Blocked

Symptom: Test malware packages (like safe-chain-test) install successfully when they should be blocked

Most Common Cause: The package is cached in your package manager's local store

Safe-chain blocks malicious packages by intercepting network requests to package registries using its proxy.

When a package is already cached locally, the package manager skips downloading it from the registry, which bypasses the proxy.

Resolution Steps

Clear your package manager's cache

# For npm
npm cache clean --force

# For pnpm
pnpm store prune

# For yarn (classic)
yarn cache clean

# For yarn (berry/v2+)
yarn cache clean --all

# For bun
bun pm cache rm

Cache clearing is safe but will remove all cached packages. Subsequent installations will need to re-download packages. In CI/CD environments or monorepos, this may affect build times.

Clean local installation artifacts:

# Remove node_modules if you want a completely fresh install
rm -rf node_modules

Re-test malware blocking:

npm install safe-chain-test    # Should be blocked

Shell Aliases Not Working After Installation

Symptom: Running npm shows regular npm instead of safe-chain wrapped version

First step: Restart your terminal (most common fix)

Verify it's working:

type npm

Should show: npm is a function

If still not working:

Check that your startup file sources safe-chain scripts from ~/.safe-chain/scripts/:

Bash: ~/.bashrc
Zsh: ~/.zshrc
Fish: ~/.config/fish/config.fish
PowerShell: $PROFILE

"Command Not Found: safe-chain"

Symptom: Binary not found in PATH

First step: Restart your terminal

Check PATH:

echo $PATH

Should include ~/.safe-chain/bin

If persists: Re-run the installation script

PowerShell Execution Policy Blocks Scripts (Windows)

Symptom: When opening PowerShell, you see an error like:

. : File C:\Users\<username>\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 cannot be loaded because
running scripts is disabled on this system.
CategoryInfo          : SecurityError: (:) [], PSSecurityException
FullyQualifiedErrorId : UnauthorizedAccess

Cause: Windows PowerShell's default execution policy (Restricted) blocks all script execution, including safe-chain's initialization script that's sourced from your PowerShell profile.

Resolution

Set the execution policy to allow local scripts

Open PowerShell as Administrator and run:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

This allows:

Local scripts (like safe-chain's) to run without signing
Downloaded scripts to run only if signed by a trusted publisher

Restart PowerShell and verify the error is resolved.

RemoteSigned is Microsoft's recommended execution policy for client computers. It provides a good balance between security and usability.

Shell Aliases Persist After Uninstallation

Symptom: safe-chain commands still active after running uninstall script

Steps

Run safe-chain teardown (if binary still exists)
Restart your terminal
If still present, manually edit shell config files:
- Bash: ~/.bashrc
- Zsh: ~/.zshrc
- Fish: ~/.config/fish/config.fish
- PowerShell: $PROFILE
Remove lines that source scripts from ~/.safe-chain/scripts/
Restart terminal again

Manual Verification Steps

Check Installation Status

# Check installation location (helps identify if installed via npm or as standalone binary)
which safe-chain

# Verify binary exists
ls ~/.safe-chain/bin/safe-chain

# Check version
safe-chain --version

# Test shell integration
type npm
type pip

Expected which output:

Standalone binary (correct): ~/.safe-chain/bin/safe-chain or /Users/<username>/.safe-chain/bin/safe-chain
npm global (outdated): path containing node_modules or nvm version paths

If which shows an npm installation, see Check for Conflicting Installations.

Check Shell Integration

# Which shell you're using
echo $SHELL

# Check if startup file sources safe-chain
# For Bash:
grep safe-chain ~/.bashrc

# For Zsh:
grep safe-chain ~/.zshrc

# For Fish:
grep safe-chain ~/.config/fish/config.fish

# Verify scripts exist
ls ~/.safe-chain/scripts/

Check for Conflicting Installations

Note: The install/uninstall scripts automatically detect and remove conflicting installations, but you can manually check:

# Check npm global
npm list -g @aikidosec/safe-chain

# Check Volta
volta list safe-chain

# Check nvm (all versions)
for version in $(nvm list | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+'); do
  nvm exec "$version" npm list -g @aikidosec/safe-chain 2>/dev/null && echo "Found in $version"
done

Manual Cleanup

Note: The install and uninstall scripts automatically handle these cleanup steps. Use these manual commands only if automatic cleanup fails.

Remove npm Global Installation

npm uninstall -g @aikidosec/safe-chain

Remove Volta Installation

volta uninstall @aikidosec/safe-chain

Remove nvm Installations (All Versions)

# Automated approach
for version in $(nvm list | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+'); do
  nvm exec "$version" npm uninstall -g @aikidosec/safe-chain
done

# Or manual per version
nvm use <version>
npm uninstall -g @aikidosec/safe-chain

Clean Shell Configuration Files

Manually remove safe-chain entries from:

Bash: ~/.bashrc
Zsh: ~/.zshrc
Fish: ~/.config/fish/config.fish
PowerShell: $PROFILE

Look for and remove:

Lines sourcing from ~/.safe-chain/scripts/
Any safe-chain related function definitions

Remove Installation Directory

rm -rf ~/.safe-chain

Report Issues

If you encounter problems:

Visit GitHub Issues
Include:
- Operating system and version
- Shell type and version
- safe-chain --version output
- Output from verification commands
- Verbose logs of the failing command (add the --safe-chain-logging=verbose argument)

Last updated 4 days ago

Was this helpful?

hashtagVerification & Diagnostics

hashtagLogging Options

hashtagCommon Issues

hashtagMalware Not Being Blocked

hashtagClear your package manager's cache

hashtagClean local installation artifacts:

hashtagRe-test malware blocking:

hashtagShell Aliases Not Working After Installation

hashtag"Command Not Found: safe-chain"

hashtagPowerShell Execution Policy Blocks Scripts (Windows)

hashtagSet the execution policy to allow local scripts

hashtagRestart PowerShell and verify the error is resolved.

hashtagShell Aliases Persist After Uninstallation

hashtagManual Verification Steps

hashtagCheck Installation Status

hashtagCheck Shell Integration

hashtagCheck for Conflicting Installations

hashtagManual Cleanup

hashtagRemove npm Global Installation

hashtagRemove Volta Installation

hashtagRemove nvm Installations (All Versions)

hashtagClean Shell Configuration Files

hashtagRemove Installation Directory

hashtagReport Issues

Verification & Diagnostics

Logging Options

Common Issues

Malware Not Being Blocked

Clear your package manager's cache

Clean local installation artifacts:

Re-test malware blocking:

Shell Aliases Not Working After Installation

"Command Not Found: safe-chain"

PowerShell Execution Policy Blocks Scripts (Windows)

Set the execution policy to allow local scripts

Restart PowerShell and verify the error is resolved.

Shell Aliases Persist After Uninstallation

Manual Verification Steps

Check Installation Status

Check Shell Integration

Check for Conflicting Installations

Manual Cleanup

Remove npm Global Installation

Remove Volta Installation

Remove nvm Installations (All Versions)

Clean Shell Configuration Files

Remove Installation Directory

Report Issues