Skip to main content

Takumi Guard: Admin Deployment Now Provisions Packagist

· 3 min read
Yoshiaki Matsutomo
Yoshiaki Matsutomo
Software Engineer @ GMO Flatt Security Inc.

Takumi Guard admin deployment now configures Packagist — the PHP/Composer ecosystem — on every target machine, alongside npm, PyPI, RubyGems, and Go modules.

Overview

Admin deployment lets administrators roll Takumi Guard out across their fleet without any per-developer steps: the setup script is distributed through your management tool (Jamf, Intune, Ansible, and so on) and silently configures every supported package manager on each device. That list covered npm, PyPI, RubyGems, and Go modules; Packagist now joins it as the fifth ecosystem, so PHP projects get the same protection as the rest, with nothing for individual developers to do.

On each device the setup script registers Takumi Guard as a Composer repository and disables the public Packagist (packagist.org), so composer install and composer update resolve through Takumi Guard and known-malicious packages are blocked before they are fetched. It configures Composer via the official composer config command when composer is on PATH, and writes the config files directly otherwise — so protection still lands in MDM contexts where the CLI is not reachable.

Getting Started

Setup script v0.10.0 is available from:

Steps (if you already have a Bot and API key, skip to step 3):

  1. Create a Bot in the Shisho Cloud console (Settings > Bots) and assign the "Takumi Guard Token Issuer" role
  2. Generate an API key for the Bot
  3. Download the setup script v0.10.0 from the URL above
  4. Wrap the script with your management tool (Jamf, Intune, Ansible, etc.) and deploy

All of npm, PyPI, RubyGems, Go modules, and Packagist are configured by default; pass packagist as the scope argument to target it alone. For detailed instructions and the latest wrapper examples, see the Admin Deployment guide.

Developers configuring Composer on their own machine or in CI can follow the Packagist quickstart instead.

If you already use admin deployment

The sample wrapper script we provide may have been revised. Update both the wrapper and the setup script to the latest versions as needed.

Paid Feature

This feature requires an active Takumi subscription with Guard enabled. See Pricing & Billing for details.

Getting Started with Your Organization

To use Guard's organization features (admin deployment, installation log search, etc.), you need a Takumi subscription with Guard enabled.

  1. Go to https://cloud.shisho.dev/hello/takumi and sign in
  2. Register your organization and subscribe to Takumi
  3. Navigate to Guard > Settings from the sidebar
  4. Click "Enable" to activate Guard

Guard settings page

Once Guard is enabled, follow the Admin Deployment guide to begin setup.