milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Some adaptations"

Browse source
This commit is contained in:
Reinier Criel 2025-11-10 11:17:56 -08:00
parent ca5c1e8869
commit e455828339
4 changed files with 10 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -56,6 +56,8 @@ You can check the installed version by running:
safe-chain --version
```
> **Note:** When using pip or pip3, Safe Chain may need to install a CA certificate in your OS trust store to enable secure MITM protection. This operation requires root (administrator) permissions. You may be prompted for your password when running pip commands for the first time.
## How it works
The Aikido Safe Chain works by running a lightweight proxy server that intercepts package downloads from the npm registry and PyPI. When you run npm, npx, yarn, pnpm, pnpx, bun, bunx, `pip`, or `pip3` commands, all package downloads are routed through this local proxy, which verifies packages in real-time against **[Aikido Intel - Open Sources Threat Intelligence](https://intel.aikido.dev/?tab=malware)**. If malware is detected in any package (including deep dependencies), the proxy blocks the download before the malicious code reaches your machine.