Every Raiku package carries aDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/SGizek/Raiku/llms.txt
Use this file to discover all available pages before exploring further.
build_command that executes on your machine during installation. Because Raiku is a community-driven repository, that command could come from any contributor. Safe mode is Raiku’s primary interactive defence: before running any build command, Raiku shows you the exact command and waits for you to approve it. For packages you have already reviewed and trust, the persistent trust system lets you record that decision locally so you are not prompted again. This page explains how both mechanisms work, when to use each one, and the important boundaries they share.
How Safe Mode Works
Safe mode is enabled by default (safe_mode = true). When safe mode is active and a package is not already trusted, Raiku pauses the installation process, prints the full build_command from the package’s raiku.toml, and waits for your explicit confirmation:
Review the command
Read the displayed command carefully. Verify it matches what you would expect for the package’s language and build system (e.g.,
pip install -e . for Python, cargo build --release for Rust).Per-Install Bypass: --trust
To skip the confirmation prompt for a single install without adding the package to your persistent trust list, pass the --trust flag:
--trust when you want a one-off approval for a package you’ve reviewed but don’t install frequently enough to warrant adding it to your permanent trust list.
Disabling Safe Mode Globally
Safe mode can be turned off globally with:Persistent Trust System
Rather than using--trust on every install, you can record a trust decision permanently for packages you have reviewed. Trusted packages skip the confirmation prompt automatically on all future installs on that machine.
Commands
raiku trust add
Mark a package as trusted. Optionally record your reason for the audit trail.
raiku trust remove
Revoke trust for a specific package. The next install will prompt for confirmation again.
raiku trust list
Display all currently trusted packages, along with the timestamp and reason recorded when trust was granted.
raiku trust clear
Revoke trust for all packages at once. Add
--yes to skip the confirmation prompt.Storage
Trust records are stored at~/.raiku/trusted.json on your local machine. This file is per-machine and is never uploaded, synced, or shared. Trust decisions made on one machine do not transfer to another.
The trusted.json Format
Each entry in trusted.json is keyed by the lowercase package name and records the package name, the Unix timestamp when trust was granted, and the optional reason:
raiku trust commands to keep the format consistent.
--trust Flag vs. raiku trust add: When to Use Each
- Use --trust (per-install)
- Use raiku trust add (persistent)
The
--trust flag is the right choice when:- You are installing a package for the first time and have reviewed the
build_commandin the terminal. - You install the package infrequently and don’t want to add it to your permanent trust list.
- You are running a one-off build in a temporary or ephemeral environment.
The auto_trust Configuration Key
Raiku has an auto_trust configuration key that, if set to true, would automatically trust every package without user interaction. It defaults to false and is strongly discouraged:
auto_trust = false (the default), trust is always the result of an explicit, deliberate user action — either --trust on a specific install or raiku trust add for a package you’ve reviewed. Trust is never granted silently.
Important: Forbidden Patterns Are Always Checked
The forbidden pattern blocklist includes destructive filesystem operations (rm -rf, rmdir /s, del /f), disk operations (dd if=, mkfs, format ), fork bombs (:(){:|:&};:), unencrypted network fetches (wget http, curl http://), privilege escalation (sudo rm, chmod 777), raw device writes (> /dev/sd), SQL injection (DROP TABLE), and Python code injection (__import__, exec(, eval(, os.system, subprocess.call, subprocess.Popen). Any match immediately aborts installation, regardless of trust state.