Enable Malware scanning
Protect your projects from malicious npm packages. Aikido can automatically scan packages during npm install
for threats like obfuscated code, data exfiltration, unwanted install-time scripts, and crypto miners by safely wrapping your npm
command.
You can easily enable this protection using an Aikido IDE plugin or by setting it up manually.
IDE (Recommended)
VSCode
Install the Aikido VSCode plugin and authenticate against the Aikido platform
Open VSCode settings and look for Aikido plugin configuration or use search for `Enable Safe Package Manager`
Choose your shell and click ok to wrap
npm
across all projects
It might be needed to reload your shell. To validate the wrapper was installed correctly you can run
npm
command and should get output similar to below.
> npm ✔ 11:34:48 Aikido Safe Package Manager Welcome to Aikido package scanner! The Aikido package scanner wraps npm and scans packages before installation. Executing npm command... --- npm <command> Usage: npm install install all the dependencies in your project npm install <foo> add the <foo> dependency to your project npm test run this project's tests npm run <foo> run the script named <foo> npm <command> -h quick help on <command> npm -l display usage info for all commands npm help <term> search for help on <term> npm help npm more involved overview ....
Manual install
For more information about the manual install, check out @aikidosec/safe-package-manager-internals