Skip to main content

Requirements

  • Python 3.10 or later
  • pip or pipx
Drako’s core scanner has no framework dependencies. Optional extras add support for specific agent frameworks and TypeScript/JavaScript scanning.

Basic installation

pip install drako

Verify the installation

drako --version
You should see output like drako, version 2.4.0.

Optional extras

Install extras to enable framework-specific rules and integrations.
ExtraInstall commandWhat it adds
crewaipip install drako[crewai]CrewAI integration and FW-001–FW-003 rules
langgraphpip install drako[langgraph]LangGraph integration and FW-004–FW-005 rules
autogenpip install drako[autogen]AutoGen integration and FW-006–FW-007 rules
proxypip install drako[proxy]Out-of-process proxy mode (FastAPI + uvicorn)
typescriptpip install drako[typescript]TypeScript/JS scanning via tree-sitter (17 additional rules)
allpip install drako[all]All framework integrations (CrewAI, LangGraph, AutoGen)
pip install drako[crewai]
The all extra installs CrewAI, LangGraph, and AutoGen integrations. Install drako[typescript] separately if you also need TypeScript/JavaScript scanning.

Pre-commit hook

To scan your project automatically before every commit, add Drako to your .pre-commit-config.yaml: 
- repo: https://github.com/angelnicolasc/drako
  hooks:
    - id: drako-scan
Then install the hook: 
pre-commit install
The hook runs drako scan . on every commit and blocks the commit if any findings at or above the configured severity are detected.
For CI/CD integration — including the GitHub Action, SARIF upload, and PR inline comments — see CI/CD integrations.

Build docs developers (and LLMs) love

Get started for freeTalk to us