Skip to main content

safe-chain binary

The safe-chain binary is the main CLI for managing Safe Chain’s shell integration and checking the installed version.

safe-chain setup

Installs shell integration for all supported shells detected on your system. 
safe-chain setup
This command:
  • Copies startup scripts to ~/.safe-chain/scripts/
  • Detects all supported shells (Bash, Zsh, Fish, PowerShell, PowerShell Core)
  • Adds Safe Chain wrapper functions for npm, npx, yarn, pnpm, pnpx, bun, bunx, pip, pip3, uv, poetry, and pipx to each shell’s startup file
  • Adds interceptors so python -m pip[...] and python3 -m pip[...] route through Safe Chain
Restart your terminal after running safe-chain setup for the changes to take effect.

safe-chain teardown

Removes Safe Chain shell integration from all detected shells. 
safe-chain teardown
This command:
  • Detects all supported shells on your system
  • Removes the Safe Chain scripts from each shell’s startup file, restoring the original commands
Restart your terminal after running safe-chain teardown to restore the original commands.

safe-chain setup-ci

Installs Safe Chain for CI/CD environments by creating executable shims in ~/.safe-chain/shims and adding that directory to PATH. Use this instead of safe-chain setup in any non-interactive CI shell. 
safe-chain setup-ci
For most pipelines, this is called automatically by the install script when you pass the --ci flag: 
curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci

safe-chain --version

Prints the currently installed version of Safe Chain. The -v short form is also accepted. 
safe-chain --version
safe-chain -v

safe-chain help

Prints a summary of available commands. --help and -h are also accepted. 
safe-chain help
safe-chain --help

Package manager wrappers

Safe Chain provides aikido-* wrapper binaries for each supported package manager. These are the underlying executables that the shell integration aliases route through — you can also invoke them directly.
BinaryWraps
aikido-npmnpm
aikido-npxnpx
aikido-yarnyarn
aikido-pnpmpnpm
aikido-pnpxpnpx
aikido-bunbun
aikido-bunxbunx
aikido-pippip
aikido-pip3pip3
aikido-uvuv
aikido-poetrypoetry
aikido-pipxpipx
aikido-pythonpython
aikido-python3python3
Each wrapper accepts exactly the same arguments as its underlying package manager, plus any Safe Chain flags.

safe-chain-verify subcommand

Pass safe-chain-verify as the first argument to any wrapped package manager to confirm that Safe Chain is active and working correctly. 
npm safe-chain-verify
pnpm safe-chain-verify
pip safe-chain-verify
uv safe-chain-verify
Expected output: OK: Safe-chain works!

Safe Chain flags

These flags can be appended to any package manager command. They are stripped from the arguments before the underlying package manager is invoked.
--safe-chain-logging
string
Controls the verbosity of Safe Chain’s output.Values:
  • silent — suppresses all Safe Chain output except malware-blocked notifications
  • normal — standard output (default)
  • verbose — detailed diagnostic output, useful for troubleshooting
npm install express --safe-chain-logging=verbose
npm install express --safe-chain-logging=silent
--safe-chain-minimum-package-age-hours
integer
Sets the minimum age (in hours) a package must have before Safe Chain allows its installation. Must be an integer of 0 or greater.Default: 48
npm install lodash --safe-chain-minimum-package-age-hours=24
npm install lodash --safe-chain-minimum-package-age-hours=0
--safe-chain-skip-minimum-package-age
boolean flag
Boolean flag that skips the minimum package age check entirely for the current invocation. No value is required.
npm install mypackage --safe-chain-skip-minimum-package-age

Priority order

When the same setting is specified in multiple places, the order of precedence is:
  1. CLI flags (highest priority)
  2. Environment variables
  3. Config file (~/.safe-chain/config.json)

Build docs developers (and LLMs) love

Get started for freeTalk to us