# Safety - The AI Development Security Platform > Markdown mirror of DialtoneApp's public top-site detail page for `safetycli.com`. URL: https://dialtoneapp.com/top-sites/safetycli.com/index.md Canonical HTML: https://dialtoneapp.com/top-sites/safetycli.com ## Summary - Domain: `safetycli.com` - Website: https://safetycli.com - Description: ai readable | score 16 | purchase read only - Label: ai_readable - Payment surface: Not available - Purchase boundary: read_only - Control boundary: unknown - Rank: 654977 ## robots ~~~text User-agent: Googlebot Allow: / User-agent: Bingbot Allow: / User-agent: Twitterbot Allow: / User-agent: facebookexternalhit Allow: / User-agent: * Allow: / Sitemap: https://fkwwwvpxhlwtemyrhypg.supabase.co/functions/v1/dynamic-sitemap Sitemap: https://d3ilvqkzeq062y.cloudfront.net/sitemap.xml ~~~ ## llms ~~~text # Safety > Safety is the AI development security platform. It gives security teams real-time visibility and governance over every AI tool, package, MCP server, and IDE extension across their developer fleet. Founded in Vancouver, Safety takes a prevention-first approach to software supply chain security, detecting 4x more vulnerabilities than public databases through its proprietary vulnerability database powered by AI analysis and a dedicated cybersecurity research team. Safety's products protect developers and organizations from malicious and vulnerable open-source packages across Python, JavaScript, and Java ecosystems. The platform covers the full development lifecycle — from local workstations through CI/CD to production — and is trusted by Fortune 500 companies, AI research labs, and government agencies. Key capabilities: - Software Supply Chain Firewall that blocks malicious, vulnerable, and non-compliant packages before installation - Safety MCP Server providing real-time package intelligence to AI coding assistants (Cursor, Windsurf, Claude Code, Copilot, VS Code) - Safety CLI for dependency vulnerability scanning across development environments, CI/CD, and production - Proprietary Vulnerability Database with AI-powered detection and human-verified advisories - Centralized governance platform with policy management, compliance reporting, and reachability analysis - SafetyHax cybersecurity research team publishing original threat research on supply chain attacks ## Products - [Safety - The AI Development Security Platform](https://www.getsafety.com/): Homepage and product overview - [Safety Firewall - Software Supply Chain Firewall](https://www.getsafety.com/firewall): Prevention-first firewall that blocks malicious, vulnerable, and non-compliant packages before they enter your system - [Safety CLI - Open Source Vulnerability Scanner](https://www.getsafety.com/cli): Python, Java, and JavaScript dependency vulnerability scanner for dev machines, CI/CD, and production - [Safety MCP - AI Coding Assistant Security](https://www.getsafety.com/mcp): MCP server integration providing real-time package intelligence to Cursor, Windsurf, Claude Code, Copilot, and VS Code - [Safety Platform - Vulnerability Management & Governance](https://www.getsafety.com/platform): Centralized visibility, policy control, and compliance across your software supply chain - [Safety Vulnerability Database](https://www.getsafety.com/vulnerability-database): Proprietary database detecting 4x more vulnerabilities than public sources, with reachability, exploitability, and package health data - [Safety Package & Vulnerability Lookup](https://www.getsafety.com/packages/pypi/): Search individual packages for known vulnerabilities and security advisories ## Resources - [Documentation Hub](https://docs.safetycli.com): Full product documentation for Safety CLI, Firewall, Platform, and MCP - [Safety CLI on GitHub](https://github.com/pyupio/safety): Open-source Safety CLI repository with quickstart guides and GitHub Action - [Safety CLI on PyPI](https://pypi.org/project/safety/): Install Safety CLI via pip - [Pricing & Plans](https://www.getsafety.com/pricing): Transparent pricing for teams of all sizes, from free tier to enterprise ## Company - [About Safety](https://www.getsafety.com/about): Company mission, team, and approach to prevention-first supply chain security - [Careers](https://www.getsafety.com/careers): Open positions at Safety, a remote-first team based in Vancouver - [Terms of Service](https://www.getsafety.com/legal/terms): Legal terms and conditions - [Privacy Policy](https://www.getsafety.com/legal/privacy): Privacy policy ## Glossary - [EDR Limitations for Developers](https://www.getsafety.com/glossary/edr-limitations-developers): Why traditional EDR tools fall short for developer workstation security - [AI Coding Assistant Security Risks](https://www.getsafety.com/glossary/ai-coding-assistant-security-risks): Security risks from AI coding tools recommending outdated and vulnerable packages - [MCP Server Security Risks](https://www.getsafety.com/glossary/mcp-server-security-risks): Security risks associated with Model Context Protocol servers - [IDE Extension Security](https://www.getsafety.com/glossary/ide-extension-security): Risks and governance for IDE extensions and plugins - [npm & PyPI Package Security](https://www.getsafety.com/glossary/npm-pypi-package-security): Security considerations for npm and PyPI package ecosystems ## Research & Blog - [Research & Blog Index](https://www.getsafety.com/blog): All research posts and blog articles - [Security Research Library](https://www.getsafety.com/research): In-depth technical analysis on supply chain threats, vulnerability patterns, and attack vectors - [36 Malicious npm Packages Using Postinstall Hooks](https://www.getsafety.com/blog-posts/36-malicious-npm-packages-postinstall-hook): Campaign analysis of npm packages exploiting postinstall hooks - [Axios Takeover Compromise](https://www.getsafety.com/blog-posts/axios-takeover-compromise): Analysis of the axios package compromise - [LiteLLM PyPI Compromised](https://www.getsafety.com/blog-posts/litellm-pypi-compromised): Analysis of the LiteLLM package compromise on PyPI - [TeamPCP Strikes Again: Telnyx](https://www.getsafety.com/blog-posts/teampcp-strikes-again-telnyx): Threat actor campaign targeting Telnyx - [React Native GlassWorm](https://www.getsafety.com/blog-posts/react-native-glassworm): GlassWorm malware campaign targeting React Native ecosystem - [Malicious Packages Hiding on PyPI](https://www.getsafety.com/blog-posts/malicious-packages-hide-pypi): How malicious packages evade detection on PyPI - [TikTok Tutorials Compromise Clients](https://www.getsafety.com/blog-posts/tiktok-tutorials-compromise-clients): Social engineering attack vector through tutorial content - [MagicWolf Campaign](https://www.getsafety.com/blog-posts/magicwolf): Analysis of the MagicWolf threat campaign - [Malicious Claude Code Package](https://www.getsafety.com/blog-posts/malicious-claude-code-package): Malicious npm package impersonating Claude Code to steal Anthropic credentials - [Shai-Hulud npm Supply Chain Attack](https://www.getsafety.com/blog-posts/shai-hulud-npm-attack): One of the most dangerous npm breaches affecting CrowdStrike and hundreds of packages - [Open Source Supply Chain Threats: February 2026](https://www.getsafety.com/blog-posts/open-source-supply-chain-threats-february-2026-in-review): Monthly threat landscape review - [Open Source Supply Chain Threats: January 2026](https://www.getsafety.com/blog-posts/open-source-supply-chain-threats-january-2026): Monthly threat landscape review - [Open Source Supply Chain Threats: December 2025](https://www.getsafety.com/blog-posts/open-source-supply-chain-threats-december-2025): Monthly threat landscape review - [Agentic Endpoint Security](https://www.getsafety.com/blog-posts/agentic-endpoint-security): The case for agentic approaches to endpoint security in the AI era - [Why Your Employee Workstation Is the New Target](https://www.getsafety.com/blog-posts/why-your-employee-workstation-is-the-new-target-for-software-supply-chain-attacks): How developer workstations have become the primary attack surface for supply chain attacks ## Optional - [GrokWrapper Malware Analysis](https://www.getsafety.com/blog-posts/grokwrapper): Malicious PyPI package masquerading as xAI Grok API wrapper - [ExtraZip Malware Campaign](https://www.getsafety.com/blog-posts/extrazip-malware-campaign): Analysis of the ExtraZip malware campaign - [Telegram Bot Malware](https://www.getsafety.com/blog-posts/telegrem-bot-malware): Malware distributed through Telegram bot packages - [Malicious Hash Validation Packages](https://www.getsafety.com/blog-posts/malicious-hash-validation-packages): Packages disguised as hash validation utilities - [Shai-Hulud 3.0](https://www.getsafety.com/blog-posts/shai-hulud-3-0): Third wave of the Shai-Hulud npm supply chain attack - [Scopper Python RAT](https://www.getsafety.com/blog-posts/scopper-python-rat): Python remote access trojan analysis - [Polymarket Targeted by Malicious Packages](https://www.getsafety.com/blog-posts/polymarket-targeted-by-malicious-packages): Supply chain attack targeting Polymarket users - [OWASP Top 10 2025](https://www.getsafety.com/blog-posts/owasp-top-10-2025): Analysis of the OWASP Top 10 for 2025 - [npm Malware Uses Cloaking](https://www.getsafety.com/blog-posts/npm-malware-uses-cloaking): Russian cloaking techniques used in npm malware - [Two Types of Software Risk](https://www.getsafety.com/blog-posts/two-types-of-software-risk): Understanding vulnerability risk vs. malicious package risk - [AI Agent Skills: How We Got Acquainted](https://www.getsafety.com/blog-posts/ai-agent-skills-the-story-of-how-we-got-acquainted): Exploring AI agent capabilities in the security context - [JavaScript RAT Targets Banks](https://www.getsafety.com/blog-posts/javascript-rat-targets-banks): JavaScript remote access trojan targeting financial institutions - [Analyzing the nx AI Prompt](https://www.getsafety.com/blog-posts/analyzing-nx-ai-prompt): Analysis of AI prompt injection in the nx package attack - [nx npm Attack](https://www.getsafety.com/blog-posts/nx-npm-attack): Supply chain attack targeting the popular nx build tool - [Ultralytics YOLO Supply Chain Attack](https://www.getsafety.com/blog-posts/ultralytics-attack-supply-chain): Compromise of the popular Python AI/computer vision library - [CryptoAITools Supply Chain Attack](https://www.getsafety.com/blog-posts/cryptoaitools-supply-chain-attack): Malicious packages targeting cryptocurrency and AI developers - [Intro to Software Supply Chain Security](https://www.getsafety.com/blog-posts/intro-to-software-supply-chain): Foundational guide to understanding software supply chain security - [Python Security Best Practices](https://www.getsafety.com/blog-posts/python-security-best-practices-for-developers): Security best practices guide for Python developers - [Bill C-8: Canada Cybersecurity Strategy](https://www.getsafety.com/blog-posts/bill-c-8-canada-cybersecurity-strategy): Analysis of Canadian cybersecurity legislation - [EU-Canada Security and Defence Partnership](https://www.getsafety.com/blog-posts/eu-canada-security-and-defence-partnership): Implications of EU-Canada security cooperation - [Building an Effective Engineering Career Framework](https://www.getsafety.com/blog-posts/building-an-effective-engineering-career-framework): How Safety built its engineering career ladder - [How We Built a Thriving Co-op Program](https://www.getsafety.com/blog-posts/how-we-built-a-thriving-co-op-program): Safety's approach to co-op student hiring and development ~~~ ## llms-full Not found.