Skip to main content

Takumi Guard: Package Installation Log Search

· 2 min read
Deividas Turskis
Deividas Turskis
Software Engineer @ GMO Flatt Security Inc.

Takumi Guard now provides searchable package installation logs for your organization. Track every npm and PyPI package download that passes through the Guard registry proxy.

Installation log search UI

Overview

Package installation logs give you a searchable audit trail of all package downloads across your organization. Each log entry records the timestamp, package name and version, ecosystem (npm / PyPI), the principal who initiated the download, and whether it was allowed or blocked.

This enables faster incident response when a package is flagged as malicious — you can immediately identify which pipelines installed it and when.

Getting Started

Navigate to Guard > Logs in the Shisho Cloud console.

Paid Feature

This feature requires an active Takumi subscription with Guard enabled. See Pricing & Billing for details.

Key Capabilities

Search by package name

Search for a package name to see when and by whom it was installed across your organization. You can also filter by version. This is useful for identifying the blast radius when a vulnerability is reported in a specific package.

Ecosystem switching

Switch between npm and PyPI to search the ecosystem relevant to your organization's package managers.

Date range filtering

Filter by preset ranges (24 hours, 7 days, 14 days) or specify a custom range. The searchable window is currently 14 days, and we plan to extend this as much as possible going forward.

Principal and status visibility

Each log entry shows the principal who initiated the download (org user token identifier, anonymous token, etc.) and whether the download was allowed or blocked by the blocklist. Blocked downloads are also recorded, so you can verify that the blocklist is functioning as expected.

Future Vision

We are working on making search criteria more flexible so you can filter logs from a wider variety of perspectives.

We are also exploring real-time log streaming for customers using SIEM and other enterprise security solutions. If you have requirements or use cases, please reach out to your account manager.