The last few months have made something clear. Attackers are not guessing anymore. They are watching how developers install dependencies and they are using timing itself as an attack vector. Fresh versions are where attackers strike first and they strike fast.
So we upgraded Safe Chain to close that window.
Safe Chain now enforces a minimum package age, holding any version published in the last 24 hours so it can be analysed properly before install. Fresh releases are the easiest place for attackers to hide, so this window gives security tools enough time to analyse them. If a version is too new and not yet verified, Safe Chain automatically falls back to an older clean version. It does not break builds. Safe Chain is free, open source and runs locally.
This change makes Safe Chain the safe default for developers.
Why attackers focus on fresh versions
Across incidents in 2025, attackers consistently used newly published versions as their first point of infection. This pattern shows up across malware campaigns, and fresh releases work for attackers because:
- new versions blend into normal maintenance and developers trust them
- CI systems pull the latest version immediately
- registries, sandboxes and security teams need time to analyse new code
- transitive dependency chains spread the malicious version quickly
These behaviours were visible in real incidents this year including the Shai Hulud waves in September and November, the React Native Aria compromise, the XRP backdoor event, the rand-user-agent RAT and multiple maintainer-token hijacks that all started with a new release.
In every major incident we flagged this year, the malicious versions appeared as newly published releases before anyone had time to review or flag them.
Why we introduced a minimum package age
Fresh versions became the biggest blind spot in the npm ecosystem. Attackers repeatedly exploited that timing gap because it works. Our threat pipeline sees the same pattern every week: a new malicious version is published, CI pipelines or developer machines pull it instantly, and exfiltration begins long before the wider community notices anything suspicious.
Introducing a minimum 24-hour age gives defenders the time needed to classify and verify releases. During that period Safe Chain checks whether:
- the version is known to Aikido Intel
- it has passed malware scanning
- it is linked to an active threat pattern or incident
.png)
If verification is incomplete, Safe Chain suppresses the version temporarily and falls back to the last safe one. This already prevented installs of active Shai Hulud malware including compromised packages such as toonfetch, which remained live on npm at the time of testing.
.gif)
Safe Chain is the safe default for devs
Developers should not have to track malware campaigns or manually review every dependency update. Tooling should handle that automatically.
Safe Chain now gives you a stronger baseline while staying out of your way:
- blocks malicious packages before install
- suppresses versions less than 24 hours old until verified
- falls back to the last clean version automatically
- works with npm cli, npx, yarn, pnpm, pnpx, Bun, bunx and pip
- free, open source, no tokens or configuration
Safe Chain is powered by Aikido Intel, our threat pipeline that identifies around 200 malicious packages per day before they appear in public vulnerability databases. Other tools detect malware after install. Safe Chain stops it before it reaches your machine.
This is how package ecosystems should work by default. Safe Chain brings that model directly into the developer workflow.
Install Safe Chain Today
Installing the Aikido Safe Chain is easy. You just need 3 simple steps:
Install the Aikido Safe Chain package globally using npm:
npm install -g @aikidosec/safe-chain
Setup the shell integration by running:
safe-chain setup
❗Restart your terminal to start using the Aikido Safe Chain.
- This step is crucial as it ensures that the shell aliases for npm, npx, and yarn are loaded correctly. If you do not restart your terminal, the aliases will not be available.
Verify the installation by running:
npm install safe-chain-test
- The output should show that Aikido Safe Chain is blocking the installation of this package as it is flagged as malware. (Installing this package does not have any risks)
.avif)
