Skip to content

Update malware-safe-chain workflow to use curl installation #1635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ryota-murakami merged 2 commits into from
Dec 10, 2025
+8 −43
Merged

Update malware-safe-chain workflow to use curl installation #1635

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c0e7f7c
chore(ci): update malware-safe-chain workflow to use curl installation
ryota-murakami Dec 9, 2025
d88b642
Update pnpm version to 10 in workflow
ryota-murakami Dec 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 8 additions & 43 deletions .github/workflows/malware-safe-chain.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,4 @@
# Aikido Safe Chain - Malware Detection for Package Installation
#
# This workflow integrates Aikido Safe Chain to protect against malicious packages
# during dependency installation in CI/CD pipelines.
#
# What is Aikido Safe Chain?
# Aikido Safe Chain is a free security tool that prevents developers from installing
# malware through package managers (npm, pnpm, yarn, npx, pnpx). It wraps around
# package manager commands and verifies packages against Aikido Intel - Open Sources
# Threat Intelligence before installation. When malware is detected, it blocks the
# installation and alerts the user.
#
# Key features:
# - Free to use, no tokens required
# - Works with Node.js 18+
# - Supports npm, pnpm, yarn, npx, and pnpx
# - Currently offers limited scanning for pnpm (scans install command arguments)
# - Full dependency tree scanning support coming soon for pnpm
#
# GitHub Repository: https://github.com/AikidoSec/safe-chain
# Documentation: https://github.com/AikidoSec/safe-chain#usage-in-cicd

name: Safe Chain Security Check
name: Malware Safe Chain

on:
pull_request: ~
Expand All @@ -29,34 +7,21 @@ on:
- main

jobs:
safe-chain-check:
malware-safe-chain:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3

- uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 10

- name: Setup Node.js
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'pnpm'

- name: Install Aikido Safe Chain
run: |
npm install -g @aikidosec/safe-chain
safe-chain setup-ci
shell: bash

- name: Install dependencies with malware protection
run: pnpm install
shell: bash
- name: Install safe-chain
run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci

- name: Verify installation
run: |
echo "✅ All dependencies installed successfully with Aikido Safe Chain protection"
echo "📦 No malicious packages detected"
- name: Install dependencies with Safe Chain protection
run: pnpm install --frozen-lockfile