Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
@aikidosec/safe-npm
Advanced tools
Package was removed
Sorry, it seems this package was removed from the registry
@aikidosec/safe-npm
The Aikido Safe Package Manager wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), and [pnpx](https://pnpm.io/cli/dlx)
Aikido Safe Package Manager
The Aikido Safe Package Manager wraps around the npm cli, npx, and yarn to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, or yarn from downloading or running the malware.
Installation
To install the Aikido Safe Package Manager, you can use the following command:
npm i -g @aikidosec/safe-npm
Now you should be able to use the aikido-npm, aikido-npx, or aikido-yarn command instead of npm, npx, or yarn. Example: aikido-npm install axios, aikido-yarn add lodash.
Aliases in shell
It is possible to create aliases in your shell startup script to make it easier to use the Aikido Safe Package Manager. This is useful if you want to use the Aikido Safe Package Manager as a drop-in replacement for npm, npx, or yarn. The aikido-npm, aikido-npx, and aikido-yarn commands will scan for malware and prompt you to exit if any is found. If not, they will run the original npm, npx, or yarn command.
Creating an alias
The add-aikido-aliases command will add the aliases for npm, npx, and yarn to your shell startup script.
To add aliases to your shell startup script, you can use the built-in command aikido-npm add-aikido-aliases:
# Example for bash
aikido-npm add-aikido-aliases ~/.bashrc
# Example for zsh
aikido-npm add-aikido-aliases ~/.zshrc
# Example for powershell
aikido-npm add-aikido-aliases $PROFILE
This will create the aliases. The following table shows the aliases that will be created in the shell startup script:
| Shell | Startup script | Npm Alias | Npx Alias | Yarn Alias |
|---|---|---|---|---|
| Bash | ~/.bashrc | alias npm='aikido-npm' | alias npx='aikido-npx' | alias yarn='aikido-yarn' |
| Zsh | ~/.zshrc | alias npm='aikido-npm' | alias npx='aikido-npx' | alias yarn='aikido-yarn' |
| Ash | ~/.profile, ~/.ashrc | alias npm='aikido-npm' | alias npx='aikido-npx' | alias yarn='aikido-yarn' |
| Fish | ~/.config/fish/config.fish | alias npm "aikido-npm" | alias npx "aikido-npx" | alias yarn "aikido-yarn" |
| Powershell | $PROFILE | Set-Alias -Name npm -Value aikido-npm | Set-Alias -Name npx -Value aikido-npx | Set-Alias -Name yarn -Value aikido-yarn |
After adding the alias, the shell needs to restart in order to load the alias.
Removing the alias
To remove the added aliases, you can use the built-in commands of aikido-npm:
aikido-npm remove-aikido-aliases file_name(eg~/.bashrc,~/.zshrc, etc.) This will remove the aliases if they are present in the file.
Configuration
The Aikido Safe Package Manager has a few configuration options that you can set. These options are stored in the config file located at ~/.aikido/config.json, or can be set using environment variables. The following options are available:
The config file is a JSON file with the following structure
{
"scanTimeout": 10000
}
Scan timeout
The scan timeout is the time in milliseconds that the Aikido Safe Package Manager will allow a scan to take before timing out. The default value is 10000 (10 seconds). You can set it in the config file at ~/.aikido/config.json or by setting the environment variable AIKIDO_SCAN_TIMEOUT_MS. The value must be a number greater than 0.
FAQs
The Aikido Safe Package Manager wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), and [pnpx](https://pnpm.io/cli/dlx)
The npm package @aikidosec/safe-npm receives a total of 0 weekly downloads. As such, @aikidosec/safe-npm popularity was classified as not popular.
We found that @aikidosec/safe-npm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 08 Jul 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025