APIAikido login

Aikido Malware Scanning

Protect your projects from hidden threats like malicious code by integrating Aikido into your workflow. As you install npm packages, Aikido scans for risks such as obfuscated code, data theft attempts, sneaky install scripts, and crypto miners—all without interrupting your command. Picture it as a safety net wrapped around npm install, ensuring safer operations.

Why It Matters:

  • Threats Covered: Aikido blocks access to potentially harmful packages by identifying suspicious activities like data exfiltration or unwanted scripts during setup.

  • Peace of Mind: Get instant protection without complex changes, helping you catch issues early and keep your dependencies clean.

You can easily enable this protection using an Aikido IDE plugin or by setting it up manually.

IDE (Recommended)

VSCode

  1. Install the Aikido VSCode plugin and authenticate against the Aikido platform

  2. Open VSCode settings and look for Aikido plugin configuration or use search for **Enable Safe Package Manager**

Aikido extension settings in a code editor, showing security and configuration options.

  1. Choose your shell and click ok to wrap npm across all projects

Prompt asking which shell (Bash or Zsh) to add an alias for aikido-npm.

  1. It might be needed to reload your shell. To validate the wrapper was installed correctly you can run npm command and should get output similar to below.

> npm                                                                                                                                                                                                                                             ✔  11:34:48 

Aikido Safe Package Manager
Welcome to Aikido package scanner!
The Aikido package scanner wraps npm and scans packages before installation.


Executing npm command...

---
npm <command>

Usage:

npm install        install all the dependencies in your project
npm install <foo>  add the <foo> dependency to your project
npm test           run this project's tests
npm run <foo>      run the script named <foo>
npm <command> -h   quick help on <command>
npm -l             display usage info for all commands
npm help <term>    search for help on <term>
npm help npm       more involved overview
....

Manual install

For more information about the manual install, check out @aikidosec/safe-package-manager-internals

Last updated

Was this helpful?