Install in one line.
The installer downloads the right binary for your platform, verifies it against published checksums, and puts alertavuln (alias av) on your PATH.
Quick install
$ curl -fsSL https://get.alertavuln.com/cli/install.sh | sh
> irm https://get.alertavuln.com/cli/install.ps1 | iex
Prefer to read first? The scripts are plain text - inspect install.sh or install.ps1 before running them. Both take --version vX.Y.Z / -Version to pin a release, and --with-mcp-router / -WithMcpRouter to add the MCP router binary.
Direct downloads
Loading the current release…
version.json from the release store…Every release directory is immutable - once published, the binaries and their checksums for a version never change.
Verify before you trust
Each release ships a SHA256SUMS file covering every binary. To verify a manual download (replace vX.Y.Z with the version you're installing):
Linux
$ curl -fsSLO https://downloads.alertavuln.com/vX.Y.Z/alertavuln-linux-amd64
$ curl -fsSLO https://downloads.alertavuln.com/vX.Y.Z/SHA256SUMS
$ sha256sum --check --ignore-missing SHA256SUMS
macOS
$ curl -fsSLO https://downloads.alertavuln.com/vX.Y.Z/alertavuln-darwin-arm64
$ curl -fsSLO https://downloads.alertavuln.com/vX.Y.Z/SHA256SUMS
$ shasum -a 256 --check --ignore-missing SHA256SUMS
Windows
> irm https://downloads.alertavuln.com/vX.Y.Z/alertavuln-windows-amd64.exe -OutFile alertavuln-windows-amd64.exe
> irm https://downloads.alertavuln.com/vX.Y.Z/SHA256SUMS -OutFile SHA256SUMS
> Get-FileHash .\alertavuln-windows-amd64.exe -Algorithm SHA256
# compare the hash with the matching line:
> Select-String alertavuln-windows-amd64.exe SHA256SUMS
If the checksums don't match, don't run the binary. The install scripts do this verification automatically and refuse to install on any mismatch.
Once installed: av login to authenticate, then av check npm vite 6.0.0 to vet your first package. Full guides live in the documentation.