Installation

Most security tools need a 20-minute setup. Python environments, Docker images, system libraries, config files. Firmis needs one command.

No Python. No Docker. No WASM. No native binaries. If Node.js 20+ is on your machine, you’re already ready.

Zero install (recommended)

Terminal

npx firmis scan .

No global install. No version pinning. Always runs the latest release, pulled fresh from npm on demand.

Global install

If you want firmis available everywhere without the npx prefix:

npm

npm install -g firmis-scanner

yarn

yarn global add firmis-scanner

pnpm

pnpm add -g firmis-scanner

Then run:

Terminal

firmis scan .

Project dependency

Pin a version and share it with your team. Consistent results across every machine and every CI run.

Terminal

npm install --save-dev firmis-scanner

package.json

{
  "scripts": {
    "security": "firmis scan .",
    "security:ci": "firmis ci --fail-on high --format sarif"
  }
}

Verify it works

Check the version first:

Terminal

firmis --version

Expected: firmis-scanner v1.3.0 or later.

Then run a real scan to confirm everything is working:

Terminal

npx firmis scan .

You should see a platform detection line and a rule count of 209. If the scanner exits with findings, those are real — not test artifacts.

Requirements

Requirement	Version
Node.js	>= 20.0.0
npm	>= 9.0.0 (ships with Node 20)
OS	macOS, Linux, Windows
Network	Not required (fully offline)
Disk space	~15 MB (including all 209 rules)

Tip

Zero native dependencies. No build step, no system libraries, no architecture-specific binaries. Firmis runs on any platform that supports Node.js 20+. That includes M1/M2 Macs, ARM Linux, and Windows — no extra setup on any of them.