Safe Pkgs FAQs

Question 1

What is Safe Pkgs?

Accepted Answer

Safe Pkgs is a security tool designed to perform critical safety checks on software packages before they are installed for AI agents. It provides clear allow/deny decisions, comprehensive risk scoring, and detailed audit logs to secure your AI development workflow.

Question 2

What kind of output does Safe Pkgs provide?

Accepted Answer

It provides machine-readable JSON output that includes an 'allow' boolean, a 'risk' level, an array of 'reasons' for the decision, and 'metadata' providing contextual information about the package.

Question 3

How does Safe Pkgs determine package risk?

Accepted Answer

Safe Pkgs assigns a comprehensive risk score (low, medium, high, critical) to packages. This decision includes human-readable findings ('reasons') and detailed package context metadata such as latest version, publish date, and weekly downloads.

Question 4

How can Safe Pkgs be integrated into existing development workflows?

Accepted Answer

Safe Pkgs offers both a command-line interface (CLI) for local audits and a Rust-based MCP (Multi-Client Protocol) server. This allows for seamless integration into various development environments, editors, and potentially CI/CD pipelines for automated checks.

Question 5

Which package registries does Safe Pkgs support?

Accepted Answer

Currently, Safe Pkgs supports `npm` (for Node.js packages) and `cargo` (for Rust crates.io packages). Support for PyPI and other registries is planned for future development.

Safe Pkgs

Safe Pkgs

About

Key Features

Use Cases

About

Key Features

Use Cases