Skip to main content
Features Enable Malware scanning

Enable Malware scanning

Protect your projects from malicious npm packages. Aikido can automatically scan packages during npm install for threats like obfuscated code, data exfiltration, unwanted install-time scripts, and crypto miners by safely wrapping your npm command.

You can easily enable this protection using an Aikido IDE plugin or by setting it up manually.

IDE (Recommended)

VSCode

  1. Install the Aikido VSCode plugin and authenticate against the Aikido platform

  2. Open VSCode settings and look for Aikido plugin configuration or use search for `Enable Safe Package Manager`

  1. Choose your shell and click ok to wrap npm across all projects

  1. It might be needed to reload your shell. To validate the wrapper was installed correctly you can run npm command and should get output similar to below.

> npm                                                                                                                                                                                                                                             ✔  11:34:48 

Aikido Safe Package Manager
Welcome to Aikido package scanner!
The Aikido package scanner wraps npm and scans packages before installation.


Executing npm command...

---
npm <command>

Usage:

npm install        install all the dependencies in your project
npm install <foo>  add the <foo> dependency to your project
npm test           run this project's tests
npm run <foo>      run the script named <foo>
npm <command> -h   quick help on <command>
npm -l             display usage info for all commands
npm help <term>    search for help on <term>
npm help npm       more involved overview
....

Manual install

For more information about the manual install, check out @aikidosec/safe-package-manager-internals