From c4a33ca1512bc8b68e34e51458656754bdd4271d Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 2 Dec 2025 10:30:59 +0100 Subject: [PATCH] Update readme.md --- README.md | 96 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 60 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 47f0894..de5be05 100644 --- a/README.md +++ b/README.md @@ -24,29 +24,43 @@ Aikido Safe Chain works on Node.js version 16 and above and supports the followi ## Installation -Installing the Aikido Safe Chain is easy. You just need 3 simple steps: +Installing the Aikido Safe Chain is easy with our one-line installer: -1. **Install the Aikido Safe Chain package globally** using npm: - ```shell - npm install -g @aikidosec/safe-chain - ``` -2. **Setup the shell integration** by running: +### Unix/Linux/macOS - ```shell - safe-chain setup - ``` +**Default installation (JavaScript packages only):** - To enable Python (pip/pip3/uv) support (beta), use the `--include-python` flag: +```shell +curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh +``` - ```shell - safe-chain setup --include-python - ``` +**Include Python support (pip/pip3/uv):** -3. **❗Restart your terminal** to start using the Aikido Safe Chain. +```shell +curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --include-python +``` + +### Windows (PowerShell) + +**Default installation (JavaScript packages only):** + +```powershell +iex (iwr "https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1" -UseBasicParsing) +``` + +**Include Python support (pip/pip3/uv):** + +```powershell +iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -includepython" +``` + +### Verify the installation + +1. **❗Restart your terminal** to start using the Aikido Safe Chain. - This step is crucial as it ensures that the shell aliases for npm, npx, yarn, pnpm, pnpx, bun, bunx, and pip/pip3 are loaded correctly. If you do not restart your terminal, the aliases will not be available. -4. **Verify the installation** by running one of the following commands: +2. **Verify the installation** by running one of the following commands: For JavaScript/Node.js: @@ -54,7 +68,7 @@ Installing the Aikido Safe Chain is easy. You just need 3 simple steps: npm install safe-chain-test ``` - For Python (beta): + For Python (if you enabled Python support): ```shell pip3 install safe-chain-pi-test @@ -165,21 +179,33 @@ You can protect your CI/CD pipelines from malicious packages by integrating Aiki For optimal protection in CI/CD environments, we recommend using **npm >= 10.4.0** as it provides full dependency tree scanning. Other package managers currently offer limited scanning of install command arguments only. -## Setup +## Installation for CI/CD -To use Aikido Safe Chain in CI/CD environments, run the following command after installing the package: +Use the `--ci` flag to automatically configure Aikido Safe Chain for CI/CD environments. This sets up executable shims in the PATH instead of shell aliases. +### Unix/Linux/macOS (GitHub Actions, Azure Pipelines, etc.) + +**JavaScript only:** ```shell -safe-chain setup-ci +curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci ``` -To enable Python (pip/pip3/uv) support (beta) in CI/CD, use the `--include-python` flag: - +**With Python support:** ```shell -safe-chain setup-ci --include-python +curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python ``` -This automatically configures your CI environment to use Aikido Safe Chain for all package manager commands. +### Windows (Azure Pipelines, etc.) + +**JavaScript only:** +```powershell +iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -ci" +``` + +**With Python support:** +```powershell +iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -ci -includepython" +``` ## Supported Platforms @@ -195,16 +221,15 @@ This automatically configures your CI environment to use Aikido Safe Chain for a node-version: "22" cache: "npm" -- name: Setup safe-chain - run: | - npm i -g @aikidosec/safe-chain - safe-chain setup-ci +- name: Install safe-chain + run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python - name: Install dependencies - run: | - npm ci + run: npm ci ``` +> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv) support. + ## Azure DevOps Example ```yaml @@ -213,14 +238,13 @@ This automatically configures your CI environment to use Aikido Safe Chain for a versionSpec: "22.x" displayName: "Install Node.js" -- script: | - npm i -g @aikidosec/safe-chain - safe-chain setup-ci - displayName: "Install safe chain" +- script: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python + displayName: "Install safe-chain" -- script: | - npm ci - displayName: "npm install and build" +- script: npm ci + displayName: "Install dependencies" ``` +> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv) support. + After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.