Getting Started

Quick Start

Install Sigil, scan your first package, and understand the verdict — all in under 60 seconds.

1. Install

Pick your preferred method. All three install the same CLI binary.

bash

# curl (recommended)
curl -sSL https://sigilsec.ai/install.sh | sh

# Homebrew
brew install nomarj/tap/sigil

# npm
npm install -g @nomarj/sigil

Requires macOS, Linux, or WSL. Windows native support coming soon.

2. Verify installation

bash

sigil --version
# sigil 0.1.0 (SIGIL by NOMARK)

3. Scan a package

Sigil quarantines the target into a temporary directory, runs all eight scan phases, and outputs a verdict. Nothing touches your working environment until you approve.

bash

# Scan an npm package
sigil scan npm:lodash

# Scan a git repo
sigil clone https://github.com/example/repo

# Scan a local directory
sigil scan ./my-project

4. Read the verdict

Sigil outputs a risk score and verdict for every scan. The verdict tells you exactly what patterns were detected and the associated risk level.

text

┌─────────────────────────────────────────┐
│  SIGIL SCAN COMPLETE                    │
│                                         │
│  Target:  npm:lodash@4.17.21            │
│  Score:   0                             │
│  Verdict: ● LOW RISK                    │
│                                         │
│  Phases:                                │
│    ✓ Install Hooks    — none found      │
│    ✓ Code Patterns    — none found      │
│    ✓ Network / Exfil  — none found      │
│    ✓ Credentials      — none found      │
│    ✓ Obfuscation      — none found      │
│    ✓ Provenance       — 1,200+ commits  │
│                                         │
│  Action: Auto-approved (score = 0)      │
└─────────────────────────────────────────┘

LOW RISKScore 0–9 — no known malicious patterns detected

MEDIUM RISKScore 10–24 — review carefully

HIGH RISKScore 25–49 — strong caution

5. Set up shell aliases

Make security the default. These aliases intercept your normal commands and route everything through Sigil's quarantine-first workflow.

bash

# Add to your .bashrc / .zshrc
eval "$(sigil shell-init)"

# Now these commands auto-quarantine and scan:
gclone https://github.com/example/repo
safepip install requests
safenpm install express

Zero friction

With shell aliases active, every git clone, pip install, and npm install is automatically quarantined and scanned. Nothing changes about your workflow except that malicious code can't run.

Next steps

CLI Reference — all commands, flags, and output formats
Configuration — custom policies, thresholds, and ignore rules
MCP Integration — let AI agents scan before they install

Previous← Overview NextCLI Reference →

Need help?

Ask a question in GitHub Discussions or check the troubleshooting guide.

Community Troubleshooting