airgap, a new open-source tool, hides sensitive files from AI agents and blocks malicious npm packages from stealing secrets during installation.

What happened: airgap is a Linux wrapper (macOS support in progress) that runs AI agents and package managers inside isolated namespaces, redacting secrets from files like .env, SSH keys, and npm tokens while still letting programs read and edit them. When npm tries to access unexpected files during install, users are prompted to allow or deny the access.

Why it matters: Malicious npm packages—including the Shai-Hulud worm that spread through npm in late 2025—steal credentials at install time by reading .env files, SSH keys, and cloud credentials, then republish backdoored versions of other packages. AI agents can also inadvertently send secrets to model providers when they read project and home directories. airgap prevents both attack paths by making secrets invisible to untrusted code.

What to watch: The tool is available to install from crates.io and currently supports AI agents (claude, opencode) with redaction-only mode and npm with interactive file gates. Users can add shell aliases (alias npm="airgap npm") to run tools transparently under airgap without manual invocation each time.