Aikido
Start for Free
No CC required
Blog
/
Product & Company Updates

Introducing Aikido Expansion Packs: Safer defaults inside the IDE

Trusha SharmaTrusha Sharma
|
#IDE Security
Published on:
February 10, 2026
Last updated on:
February 10, 2026

Developers work in a few core loops: writing code, committing changes, installing dependencies, and increasingly working alongside AI in the editor.

Aikido Expansion Packs are built around those moments.

They let you add focused security capabilities to Aikido that run locally, inside your IDE, and fit naturally into how developers already work. Each pack addresses a specific part of the workflow and does not require new tools, new pipelines, or new processes.

You enable the packs that make sense for your team and leave the rest off. Everything runs on your machine, and nothing runs unless you turn it on.

How to use

Expansion Packs are managed directly from within the Aikido IDE extension.Open the Aikido sidebar and navigate to Expansion Packs to enable or disable the packs you want to use. The exact navigation depends on your IDE, but the underlying flow is consistent across supported editors.IDE-specific steps for VS Code, IntelliJ, and other supported IDEs are covered in the docs → https://help.aikido.dev/ide-plugins/features/aikido-expansion-packs#how-to-use

Aikido Secrets Pre-Commit Hook

The Aikido Secrets pre-commit Git hook checks staged code for secrets, passwords, and API keys before a commit is created. If something sensitive is detected, the commit is blocked locally, before anything reaches your repository.

Because it runs at commit time, feedback is immediate and tied directly to the code being committed. Developers can allow known values inline when needed or temporarily bypass the hook for edge cases. Toggling the Secrets Pre-Commit Hook off from Expansion Packs will uninstall the hook globally for all repositories on the machine. No additional configuration is required.

Read more on Aikido Secrets Pre-Commit Hook

Aikido Safe Chain

Aikido Safe Chain protects your environment from malicious packages at install time.

When you install packages, Safe Chain checks the package and its nested dependencies for known malicious patterns and suspicious behavior. This includes obfuscated code, unsafe install scripts, data exfiltration attempts, and crypto miners. These checks run automatically during installation and do not require changes to your commands or project configuration.

Safe Chain adds a safety layer around common package managers such as npm, npx, yarn, pnpm, and pnpx.

Handling newly published packages

Newly published package versions carry higher risk. To reduce exposure to unvetted releases, Safe Chain enforces a 24-hour safety window.

If a package version was published less than 24 hours ago, Safe Chain blocks that version. Instead of failing the install, it automatically installs the latest version older than 24 hours. This ensures installs continue normally and builds do not break due to the malware check.

Full doc here → https://help.aikido.dev/code-scanning/aikido-malware-scanning

Aikido MCP

Aikido MCP exposes Aikido’s existing security checks to AI-assisted coding workflows.

When enabled, AI tools can run Aikido’s local SAST and secrets checks on code as it is generated or modified, instead of waiting for review or CI. This helps surface vulnerabilities and hardcoded secrets earlier, while the code is still being written.

MCP provides three checks:

  • aikido_full_scan for combined SAST and secrets
  • aikido_sast_scan for SAST only
  • aikido_secrets_scan for secrets only

When using Aikido via the IDE, MCP is enabled through Expansion Packs. Turning on the MCP toggle installs and configures everything automatically for that IDE. An optional checkbox also manages the Aikido MCP rule. Manual setup is only needed for advanced use cases or when running MCP outside the IDE.

Read more on Aikido MCP

Extending security without expanding complexity

Expansion Packs are not meant to replace existing security workflows or add another layer of tooling. They are designed to place security controls at the points where risk actually appears, without changing how developers work.

Teams can enable the packs that match their risk profile today and ignore the rest. Everything runs locally, remains developer controlled, and integrates into existing workflows rather than creating new ones.

Getting started

If you are already using the Aikido IDE extension, Expansion Packs are available now. Open your IDE, enable the packs that make sense for your team, and continue building. You can turn packs on or off as needed, making it easy to start small and expand coverage over time.

Get started with Expansion Packs → https://help.aikido.dev/ide-plugins/features/aikido-expansion-packs

Written by
Trusha Sharma

Marketer

Subscribe for threat news.

Share:

https://www.aikido.dev/blog/introducing-aikido-expansion-packs

Secure your software now

Start for Free
No CC required
Start for Free
No CC required
Jump to:
Text Link

Get secure now

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start Scanning
No CC required
Book a demo
No credit card required | Scan results in 32secs.