Aikido Malware Scanning
Protect your projects from hidden threats like malicious code by integrating Aikido into your workflow. As you install npm packages, Aikido scans for risks such as obfuscated code, data theft attempts, sneaky install scripts, and crypto miners—all without interrupting your command. Picture it as a safety net wrapped around npm install, ensuring safer operations.
Why It Matters:
Threats Covered: Aikido blocks access to potentially harmful packages by identifying suspicious activities like data exfiltration or unwanted scripts during setup.
Peace of Mind: Get instant protection without complex changes, helping you catch issues early and keep your dependencies clean.
You can easily enable this protection using an Aikido IDE plugin or by setting it up manually.
IDE (Recommended)
VSCode
Install the Aikido VSCode plugin and authenticate against the Aikido platform
Open VSCode settings and look for Aikido plugin configuration or use search for `Enable Safe Package Manager`
Choose your shell and click ok to wrap
npmacross all projects
It might be needed to reload your shell. To validate the wrapper was installed correctly you can run
npmcommand and should get output similar to below.
> npm ✔ 11:34:48 Aikido Safe Package Manager Welcome to Aikido package scanner! The Aikido package scanner wraps npm and scans packages before installation. Executing npm command... --- npm <command> Usage: npm install install all the dependencies in your project npm install <foo> add the <foo> dependency to your project npm test run this project's tests npm run <foo> run the script named <foo> npm <command> -h quick help on <command> npm -l display usage info for all commands npm help <term> search for help on <term> npm help npm more involved overview ....
Manual install
For more information about the manual install, check out @aikidosec/safe-package-manager-internals