Merge pull request #185 from AikidoSec/safe-chain-binaries

Safe-chain: create standalone binaries

README.md

@@ -27,29 +27,45 @@ Aikido Safe Chain works on Node.js version 16 and above and supports the followi
 
 ## Installation
 
-Installing the Aikido Safe Chain is easy. You just need 3 simple steps:
+Installing the Aikido Safe Chain is easy with our one-line installer.
 
-1. **Install the Aikido Safe Chain package globally** using npm:
-   ```shell
-   npm install -g @aikidosec/safe-chain
-   ```
-2. **Setup the shell integration** by running:
+> ⚠️ **Already installed via npm?** See the [migration guide](docs/npm-to-binary-migration.md) to switch to the binary version.
 
-   ```shell
-   safe-chain setup
-   ```
+### Unix/Linux/macOS
 
-   To enable Python (pip/pip3/uv) support (beta), use the `--include-python` flag:
+**Default installation (JavaScript packages only):**
 
-   ```shell
-   safe-chain setup --include-python
-   ```
+```shell
+curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh
+```
 
-3. **❗Restart your terminal** to start using the Aikido Safe Chain.
+**Include Python support (pip/pip3/uv):**
+
+```shell
+curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --include-python
+```
+
+### Windows (PowerShell)
+
+**Default installation (JavaScript packages only):**
+
+```powershell
+iex (iwr "https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1" -UseBasicParsing)
+```
+
+**Include Python support (pip/pip3/uv):**
+
+```powershell
+iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -includepython"
+```
+
+### Verify the installation
+
+1. **❗Restart your terminal** to start using the Aikido Safe Chain.
 
    - This step is crucial as it ensures that the shell aliases for npm, npx, yarn, pnpm, pnpx, bun, bunx, and pip/pip3 are loaded correctly. If you do not restart your terminal, the aliases will not be available.
 
-4. **Verify the installation** by running one of the following commands:
+2. **Verify the installation** by running one of the following commands:
 
    For JavaScript/Node.js:
 
@@ -57,7 +73,7 @@ Installing the Aikido Safe Chain is easy. You just need 3 simple steps:
    npm install safe-chain-test
    ```
 
-   For Python (beta):
+   For Python (if you enabled Python support):
 
    ```shell
    pip3 install safe-chain-pi-test
@@ -168,21 +184,37 @@ You can protect your CI/CD pipelines from malicious packages by integrating Aiki
 
 For optimal protection in CI/CD environments, we recommend using **npm >= 10.4.0** as it provides full dependency tree scanning. Other package managers currently offer limited scanning of install command arguments only.
 
-## Setup
+## Installation for CI/CD
 
-To use Aikido Safe Chain in CI/CD environments, run the following command after installing the package:
+Use the `--ci` flag to automatically configure Aikido Safe Chain for CI/CD environments. This sets up executable shims in the PATH instead of shell aliases.
+
+### Unix/Linux/macOS (GitHub Actions, Azure Pipelines, etc.)
+
+**JavaScript only:**
 
 ```shell
-safe-chain setup-ci
+curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci
 ```
 
-To enable Python (pip/pip3/uv) support (beta) in CI/CD, use the `--include-python` flag:
+**With Python support:**
 
 ```shell
-safe-chain setup-ci --include-python
+curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python
 ```
 
-This automatically configures your CI environment to use Aikido Safe Chain for all package manager commands.
+### Windows (Azure Pipelines, etc.)
+
+**JavaScript only:**
+
+```powershell
+iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -ci"
+```
+
+**With Python support:**
+
+```powershell
+iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -ci -includepython"
+```
 
 ## Supported Platforms
 
@@ -198,16 +230,15 @@ This automatically configures your CI environment to use Aikido Safe Chain for a
     node-version: "22"
     cache: "npm"
 
-- name: Setup safe-chain
-  run: |
-    npm i -g @aikidosec/safe-chain
-    safe-chain setup-ci
+- name: Install safe-chain
+  run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python
 
 - name: Install dependencies
-  run: |
-    npm ci
+  run: npm ci
 ```
 
+> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv) support.
+
 ## Azure DevOps Example
 
 ```yaml
@@ -216,14 +247,13 @@ This automatically configures your CI environment to use Aikido Safe Chain for a
     versionSpec: "22.x"
   displayName: "Install Node.js"
 
-- script: |
-    npm i -g @aikidosec/safe-chain
-    safe-chain setup-ci
-  displayName: "Install safe chain"
+- script: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python
+  displayName: "Install safe-chain"
 
-- script: |
-    npm ci
-  displayName: "npm install and build"
+- script: npm ci
+  displayName: "Install dependencies"
 ```
 
+> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv) support.
+
 After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.