milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update screenshot in README

Browse source
This commit is contained in:
Sander Declerck 2025-09-22 18:40:19 +02:00
parent 5006bc6194
commit 28d5cb1741
No known key found for this signature in database
2 changed files with 45 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

50
README.md
View file

@ -4,7 +4,7 @@ The Aikido Safe Chain **prevents developers from installing malware** on their w
The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), and [pnpx](https://pnpm.io/cli/dlx) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm or pnpx from downloading or running the malware. The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), and [pnpx](https://pnpm.io/cli/dlx) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm or pnpx from downloading or running the malware.
![demo](https://aikido-production-staticfiles-public.s3.eu-west-1.amazonaws.com/safe-pkg.gif) ![demo](./docs/safe-package-manager-demo.png)
Aikido Safe Chain works on Node.js version 18 and above and supports the following package managers: Aikido Safe Chain works on Node.js version 18 and above and supports the following package managers:
@ -57,6 +57,50 @@ The Aikido Safe Chain integrates with your shell to provide a seamless experienc
More information about the shell integration can be found in the [shell integration documentation](docs/shell-integration.md). More information about the shell integration can be found in the [shell integration documentation](docs/shell-integration.md).
## Usage in CI/CD
[Learn more about Safe Chain CI/CD integration in the Aikido docs.](https://help.aikido.dev/code-scanning/aikido-malware-scanning/malware-scanning-with-safe-chain-in-ci-cd-environments)
## Usage in Docker
To use the Aikido Safe Chain in a Docker container, you can follow these steps:
1. **Install the Aikido Safe Chain package** in your Dockerfile:
```dockerfile
RUN npm install -g @aikidosec/safe-chain
```
2. **Setup the shell integration** by running:
```dockerfile
RUN safe-chain setup-ci
```
3. **Add the shims directory to your PATH** to ensure the aliases are available in your Docker container:
```dockerfile
ENV PATH="~/.safe-chain/shims:${PATH}"
```
4. **Verify the installation** by running:
```dockerfile
RUN npm install safe-chain-test
```
Example Dockerfile:
```dockerfile
FROM node:24
RUN npm install -g @aikidosec/safe-chain
RUN safe-chain setup-ci
ENV PATH="~/.safe-chain/shims:${PATH}"
WORKDIR /app
RUN npm init -y
RUN npm install safe-chain-test
```
## Uninstallation ## Uninstallation
To uninstall the Aikido Safe Chain, you can run the following command: To uninstall the Aikido Safe Chain, you can run the following command:
@ -85,7 +129,3 @@ Example usage:
```shell ```shell
npm install suspicious-package --safe-chain-malware-action=prompt npm install suspicious-package --safe-chain-malware-action=prompt
``` ```
# Usage in CI/CD
[Learn more about Safe Chain CI/CD integration in the Aikido docs.](https://help.aikido.dev/code-scanning/aikido-malware-scanning/malware-scanning-with-safe-chain-in-ci-cd-environments)

BIN
docs/safe-package-manager-demo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 18 KiB