Stop risky package
installs before
they run.
SafeInstall wraps npm, pnpm, and bun: install policy runs first, then the real tool. Open source, MIT licensed. No account required.
Global install
One-off / CI
Node >=20 · Open source · MIT license
Package install is now an attack surface.
Supply-chain attacks through npm and similar registries are increasing. The way developers install packages has changed. The tooling has not kept up.
Package installs are an attack surface.
Lifecycle scripts run arbitrary code at install time. A single malicious dependency can exfiltrate tokens, modify files, or establish persistence — before your app even starts.
AI coding makes this worse.
When an AI assistant suggests a package, most developers install it immediately. There is no pause for research, no audit, no second opinion. The speed that makes AI coding powerful also removes the friction that used to catch bad packages.
Scanners alert after the fact.
npm audit and most security tools tell you about known vulnerabilities in packages you already installed. They do nothing about install-time script execution. They do not prevent the package from running during install.
The fix is not more dashboards.
Developers need a guardrail that blocks many risky installs before they run—policy first, then the package manager. Not only a report after the fact.
Four protections. On by default.
SafeInstall evaluates policy before your package manager runs. Optional safeinstall.config.json tightens or relaxes rules per project.
Fresh registry releases
By default, registry versions newer than 72 hours are blocked (configurable via minimumReleaseAgeHours). That window is where many supply-chain publishes get noticed late.
Lifecycle scripts
Packages with preinstall, install, or postinstall scripts are blocked unless you allow those scripts per package in allowedScripts. SafeInstall still forwards --ignore-scripts to the package manager by default so installs stay non-blind.
Non-registry sources
Git, tarball, and direct URL installs are blocked unless that source type is in allowedSources. Registry, workspace, file, and directory sources are allowed by default.
Trust downgrades
Two cases: a registry dependency moves to git/url/tarball, or a new registry version introduces lifecycle scripts where the installed version had none (compared using local node_modules when present).
Evaluate first. Execute second.
No registry proxy. No middleware on downloads. Policy runs locally, then the underlying tool runs as usual.
You run SafeInstall
Prefix your package manager command with safeinstall.
SafeInstall evaluates
For registry packages it uses public npm registry metadata (publish time, scripts). Project installs for pnpm/npm use the lockfile so versions match what the repo will install.
Block or allow
Policy violations exit with code 2 and print Blocked: … lines. Clean runs print Allowed: policy checks passed. then invoke the manager.
Package manager runs
On allow, your exact command runs. SafeInstall appends defaults like --ignore-scripts per packageManagerDefaults unless you change them.
Scanners report. SafeInstall runs first.
npm audit and similar tools report on known issues in dependencies you already installed. SafeInstall evaluates policy before the package manager: it can refuse installs that violate age, script, or source rules, and it forwards --ignore-scripts by default unless you change defaults — see docs for behavior.
| — | Scanners (npm audit, Snyk…) | SafeInstall |
|---|---|---|
| When it runs | After install | Before install |
| What it checks | Known CVEs in installed packages | Install policy: age, scripts, source |
| Output | Vulnerability report | Allow or block, with Blocked: … lines |
| Lifecycle scripts | Does not block install | Blocks if unallowed; default forwards --ignore-scripts to PM |
| Fresh release window | No | Yes (default 72h minimum age) |
| Registry metadata | Varies | Uses npm registry API when evaluating registry packages |
| Requires security expertise | To act on results: yes | Readable block reasons |
Use both. They solve different problems. SafeInstall is pre-install; scanners are post-install.
Vibe coding is fast.
Blind installs are the cost.
SafeInstall is the gate.
AI assistants suggest packages in seconds. They don't check publish dates. They don't read install scripts. They don't verify the source. You type “yes” and move on.
SafeInstall adds one layer between suggestion and execution: policy. Release age, lifecycle scripts, source type, trust signals — checked before the package manager runs. You keep the speed. You lose the blind spot.
If you vibe code, this is the safety net your workflow is missing.
Works with every AI tool that suggests or runs installs
Typical vibe coding workflow
Same commands — SafeInstall in front.
Also supported: safeinstall init, safeinstall --json …, and project installs that resolve direct deps from lockfiles (pnpm / npm).
Built for developers who ship fast.
A CLI guardrail, not a platform. Scope is intentional: pre-install policy only.
Your machine, your responsibility.
- —AI-assisted workflows mean more installs and less package review
- —No security team to catch risky publishes for you
- —One global install — policy runs locally, no account needed
- —Use safeinstall check on direct dependencies before you ship
Move fast. Don't run installs blind.
- —Small teams ship quickly; one bad install can hit everyone
- —Commit safeinstall.config.json so policy matches across machines
- —Exit code 2 on block is CI-friendly when you wrap installs in pipelines
- —pnpm and npm project installs honor lockfiles — fewer surprise versions
Your AI writes the install command. You control the gate.
- —Using Cursor, Copilot, Cline, Claude Code, or Windsurf
- —AI suggestions skip the usual review instincts — SafeInstall does not
- —Same prefix (safeinstall) for npm, pnpm, and bun
- —JSON mode (--json) fits automation around agents and scripts
Free forever. Open source.
Install in 10 seconds.
Install the CLI globally or try it with npx. No account, no sign-up, no registry auth. Read the docs · View source
Node >=20 · MIT license