CLI Tools
Arcis ships with three command-line tools that scan your codebase and dependencies for security issues. All are offline, CI-friendly, and ship as a single static binary.
The CLI is its own package. Install via npm install -g @arcis/cli. The binary works regardless of whether your app is Node, Python, or Go. The threat database, audit rules, and attack payload catalog are all embedded. (Before v1.5.0 the CLI shipped inside the Python SDK; that's no longer the case. pip install arcis now ships the runtime middleware only.)
Discovery
Don't remember the flags? Every command supports --list to print exactly what it will check, before you run it.
# Top-level catalog: scan, audit, sca with examples
arcis
arcis --list
# Per-command coverage
arcis scan --list # all 17 attack categories + payloads
arcis audit --list # all 24 detection rules, grouped by language
arcis sca --list # full bundled threat database
# Stay current
arcis update # check PyPI for a newer release
arcis update --apply # check, then run pip install --upgrade arcis
arcis update --check # CI mode: exit 1 if outdatedEach command also streams live progress to stderr (per-route status for scan, a progress bar for audit, current manifest for sca) and ends with a per-severity summary block.
Interactive Console (v1.6)
Running arcis with no args in a TTY drops into a full-screen interactive console. A persistent welcome banner sits at the top with the version, working directory, available adapters, and quick-start commands. Type any of audit ., sca ., scan <url>, or a slash command. Output streams into the scrollback in real time, and the prompt stays pinned at the bottom.
# Drop into the REPL
$ arcis
# Inside the console
audit . # run the static analyzer; findings stream into the scrollback
sca . # match dependencies against the embedded threat DB
scan http://... # probe a live endpoint
# Slash commands
/help # show the welcome banner again
/clear # wipe the scrollback
/cwd ~/projects # change working directory without leaving
/export session.md # save the current session as markdown
/exit # Ctrl-D also works| Key | Effect |
|---|---|
F2 / Shift-F2 | Jump to the next / previous finding (any line starting with CRITICAL / HIGH / MEDIUM / LOW) |
PgUp / PgDn | Scroll the scrollback by a page |
Up / Down | Walk through command history (persisted at ~/.arcis/history, 200 entries) |
Ctrl-C | Cancel the running command (does not exit the console) |
Esc | Clear current input and snap back to the tail |
ANSI color from subprocesses is preserved. Auto-launch is gated on stdout+stdin being TTYs, CI unset, and ARCIS_NO_REPL unset. Any other shape (pipes, redirects, CI runners, scripts) falls through to the static welcome screen so scripts never hang.
Installation
The CLI ships as a single static native-Rust binary distributed via npm:
npm install -g @arcis/cli
# Verify
arcis --versionNo Python required. The npm package bundles five platform binaries: Linux x86_64, Linux ARM64, macOS x86_64, macOS ARM64 (Apple Silicon), and Windows x86_64. Cold start is ~30-60ms (vs ~700ms for the legacy Python CLI). The threat database is embedded; the binary runs fully offline by default.
On WSL, bin/arcis detects a Windows-mounted invocation and prints a friendly error pointing at the Linux binary instead, so you do not get a cryptic spawn ENOENT when invoking the wrong slice.
arcis sca: Supply Chain Attack Scanner
Detects compromised packages from known supply chain attacks. Scans your project's lockfiles, node_modules, and Python environments for malicious versions and backdoor artifacts.
Usage
# Scan current directory against the embedded threat DB (offline)
arcis sca
# Scan a specific path
arcis sca /path/to/project
# Layer live OSV advisories on top of the embedded DB (24h cached)
arcis sca . --osv
arcis sca . --no-cache # bypass the OSV cache
# Also check globally installed packages and .pth backdoors
arcis sca . --system
# Machine-readable / GitHub-compatible output
arcis sca . --json
arcis sca . --sarif
# Inventory only: generate a CycloneDX SBOM
arcis sca . --sbom
# List every threat in the embedded DB with source advisory links
arcis sca --list-threatsWhat it checks
package-lock.json(v1 and v3),yarn.lock,pnpm-lock.yamlnode_modules/on diskrequirements.txt,Pipfile.lock,poetry.lock- Currently installed pip packages (
--system) - Python
site-packagesfor suspicious.pthbackdoor files (--system) - Transitive dependency graphs (npm v1/v3 + yarn + pnpm) with full path-to-root reporting
Threat database
100 curated supply chain advisories ship embedded in the binary. 59 npm, 41 PyPI. 47 critical, 46 high, 7 medium. Maintained at Gagancm/arcis. Last refresh shipped in the binary: 2026-05-07.
Sample of notable advisories in the embedded DB:
| Package | Ecosystem | Attack class | Reference |
|---|---|---|---|
axios | npm | Trojanized plain-crypto-js dependency deploys a RAT via postinstall | 2026 advisory |
litellm | PyPI | Credential harvester + persistent .pth backdoor that survives pip uninstall | 2026 advisory |
colourama | PyPI | Typosquat of colorama, exfiltrates wallet keys | CVE-2018-1000877 |
event-stream | npm | Trojanized flatmap-stream dependency targeting bitcoin wallets | CVE-2018-1000620 |
ua-parser-js | npm | Maintainer credentials stolen; trojanized versions deployed cryptominers | CVE-2021-3962 |
peacenotwar | npm | Protestware sabotage of node-ipc | CVE-2022-23812 |
@solana/web3.js | npm | Wallet-connect hijack via maintainer compromise | 2024 advisory |
torch / torchtriton | PyPI | PyPI typosquat shipping a credential exfiltrator that survived the index | CVE-2024-31580 / CVE-2022-45907 |
faker | npm | Maintainer self-sabotage shipped empty/protestware versions | CVE-2022-42003 |
rc | npm | Maintainer-credential compromise shipped trojanized versions | CVE-2021-43138 |
Run arcis sca --list-threats to dump the full 100-entry list with severities, versions, and source advisory URLs.
Live OSV layer (--osv)
With --osv, the scanner also queries the OSV API for each package in your lockfiles and merges its advisories on top of the embedded DB. Responses are cached at ~/.arcis/osv-cache.json with a 24h TTL. --no-cache bypasses the cache when you want a fresh pull. This is the only flag that makes a network call. Everything else runs fully offline.
Exit codes
- 0. no compromised packages found
- 1. compromised package detected (CI-friendly)
- 2. invalid arguments or unreadable manifest
Offline by default. The 100-entry threat database is bundled with the binary. Every embedded detection is auditable in packages/arcis-rust/crates/arcis-data/data/threat-db.json with a source advisory link. Use --osv to layer live OSV.dev advisories on top.
Did it actually scan? Green output starts with Scanned N manifest(s): .... If you see no supported manifests found instead, run from your project root (the directory containing package-lock.json, yarn.lock, requirements.txt, etc.) or pass --system to scan installed packages.
arcis audit: Static Analysis
Scans your source code for dangerous patterns: unsafe functions, weak crypto, user-controlled paths, unsafe deserializers.
Usage
# Audit a project
arcis audit /path/to/project
# Filter by language
arcis audit /path/to/project --language python
# Filter by severity
arcis audit /path/to/project --severity high
# Output as JSON for CI
arcis audit /path/to/project --format jsonSupported languages
- Python
- JavaScript
- TypeScript
Detection rules (24 total)
| Rule | What it flags |
|---|---|
EVAL | eval(), exec(), Function() |
UNSAFE-DESERIALIZE | pickle.loads(), yaml.load() without SafeLoader |
INNERHTML | .innerHTML, document.write(), bypassSecurityTrust*() |
SQL-CONCAT | String concatenation in SQL queries |
ORM-RAW | Raw queries with user input |
FS-USER-PATH | File system operations with user-controlled paths |
FETCH-USER-URL | HTTP fetch with user-controlled URLs (SSRF) |
WEAK-CRYPTO | MD5, SHA1 for security purposes |
HARDCODED-SECRET | Potential secrets in source |
JWT-NO-ALGO | JWT verification without algorithm check |
Did it actually scan? Green output starts with Scanned N file(s) [N python, N typescript] against 14 rule(s). If you see no scannable files found instead, point at a directory containing .py/.js/.ts files. Use --language python to narrow scope when a project mixes languages.
arcis scan: Vulnerability Scanner
Sends live attack payloads to your running application and reports which ones get through.
Usage
# Scan a specific endpoint (the bare URL form scans POST / and
# will 404 on most apps. pass --route for real endpoints)
arcis scan http://localhost:8000 --route POST:/api/login --field username --field password
# Scan multiple endpoints at once
arcis scan http://localhost:8000 \
--route POST:/api/users \
--route GET:/search \
--field q --field email
# Only run XSS and SQL payloads
arcis scan http://localhost:8000 --route POST:/echo --field q --categories xss sql
# Try every payload variant per category (slower, more thorough)
arcis scan http://localhost:8000 --route POST:/echo --field q --thoroughOnly scan your own applications. Running arcis scan against systems you don't own is illegal in most jurisdictions.
Got "404 not found" on every route? The default route is POST /, which most apps don't expose. Always pass --route METHOD:/path for endpoints that actually exist in your app.
How to read the output
With Arcis middleware running with block: true, every payload should come back as 403. that's the success signal. Each row in the report shows the category, payload, status, and whether Arcis blocked or sanitized it.
Using in CI/CD
Arcis CLI tools return exit code 1 on findings, making them easy to add to CI pipelines.
# .github/workflows/security.yml
- name: Check for compromised dependencies
run: arcis sca .
- name: Static security audit
run: arcis audit . --severity high