Security patches that don't force upgrades
Aikido backports CVE fixes to the exact version pinned in your lockfile. Same package, version string & APIs. No rewriting code, just merge a PR.






You found a CVE but solving it requires a major version upgrade
.avif)
Aikido patches the CVE on the version you are already running

Fix in place
Aikido produces a patched version of the exact package in your lockfile. Same APIs but without the vulnerability. No breaking changes and no code rewrites for your devs.

Shipped as a merge-ready PR
Patched versions are available through AutoFix PRs that are easy to review.

Continuously protects your repos.
Turn on protection once. Aikido ships a daily PR pinning every package to its patched variant, including newly discovered CVEs.
“Aikido let our engineers get back to what they do best building advanced defense systems without getting bogged down in CVE cleanup. It's helped us win projects, build trust, and stay ahead of schedule.”
Sam StentonHead of DevOps & Platform, SiXworks


Protect your repo’s with Aikido Libraries in three easy steps
.avif)
.avif)
Patch your CVEs in 5 min
Aikido creates CVE-free container images at an unprecedented pace,
enabling you to fix vulnerabilities for all projects without risking any breakage.


FAQs about Aikido Libraries
Standard AutoFix suggests the smallest version bump that fixes the CVE. You still upgrade.
Aikido Libraries does not upgrade you. It backports the security fix into the exact version you already use.
The version string stays the same. The public API stays the same. Behavior should stay the same.
You can use both. Protected repos still get standard AutoFix for issues that are not in the pinned dependency set.
Aikido creates secured variants of the exact versions in your lockfile.
It adds a +aikido.N suffix.
Example: starlette 0.27.0 becomes starlette 0.27.0+aikido.1.
The package name stays the same. The base version stays the same. Only the suffix is new.
For npm, we use a hyphen instead of a plus sign. Example: 2.5.0-aikido.1.
Aikido Libraries supports npm, PyPI, Maven, Go, NuGet, and Composer.
Coverage depends on the ecosystem.
The Library Catalog shows which packages and versions are available for your lockfile.
It works for both.
It is most useful when upgrades are risky.
That includes legacy services and unmaintained dependencies.
It also includes pinned transitive dependencies you do not control.
For fast-moving repos, a normal AutoFix upgrade can be the quickest option.
Use Aikido Libraries when the upgrade is the problem.
Aikido Libraries is a one-year subscription per protected repo.
You pay with Aikido credits.
We show the credit cost before you confirm.
The subscription renews each year until you cancel.
Full details are in the docs.
Aikido patches new vulnerabilities and includes them in daily AutoFix PRs.
You do not need to re-protect the repo.
Protection is continuous.
If we do not have a patched variant yet, we will produce one and ship it in a future PR.
.avif)