Skip to main content
Aikido Safe Chain wraps your package managers with a lightweight local proxy that checks every package download against real-time threat intelligence. If malware is detected — or if a package was published too recently to be trusted — Safe Chain stops the installation before any malicious code reaches your machine. No account required. No build data shared. Free to use.

Install Safe Chain

Get up and running in under a minute with a single install command

How it works

Learn how the proxy intercepts package downloads and detects threats

Configure

Tune logging, package age thresholds, and custom registries

Use in CI/CD

Protect GitHub Actions, GitLab, CircleCI, Jenkins, and more

Supported package managers

Safe Chain protects all major JavaScript and Python package managers:

JavaScript / Node.js

npm, npx, yarn, pnpm, pnpx, bun, bunx

Python

pip, pip3, uv, poetry, pipx, python, python3

Key features

Real-time malware detection

Packages are checked against Aikido Intel threat intelligence before they reach your machine

Minimum package age

Newly published packages (under 48 hours old by default) are blocked during the highest-risk window

Shell integration

Works transparently with bash, zsh, fish, PowerShell, and PowerShell Core — no changes to your workflow

Private registry support

Scan packages from custom or private npm and PyPI registries

Quick install

1

Run the installer

Unix/Linux/macOS:
curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh
Windows (PowerShell):
iex (iwr "https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.ps1" -UseBasicParsing)
2

Restart your terminal

Shell aliases are loaded from your startup file. A terminal restart is required for them to take effect.
3

Verify the installation

npm safe-chain-verify
You should see: OK: Safe-chain works!
Looking to protect a CI/CD pipeline? See the CI/CD overview for drop-in examples for GitHub Actions, GitLab, CircleCI, Jenkins, Bitbucket, and Azure Pipelines.

Build docs developers (and LLMs) love

Get started for freeTalk to us