milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 20:20:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Some more cleanup

Browse source
This commit is contained in:
Reinier Criel 2026-04-13 11:10:16 -07:00
parent d064d46668
commit 031c9683b1
23 changed files with 55 additions and 864 deletions
Download patch file Download diff file Expand all files Collapse all files

42
test/e2e/npm-ci.e2e.spec.js
View file

@ -103,46 +103,4 @@ describe("E2E: npm coverage using PATH", () => {
);
});
describe("with SAFE_CHAIN_DIR (custom install directory)", () => {
const CUSTOM_DIR = "/usr/local/.safe-chain";
let customContainer;
beforeEach(async () => {
customContainer = new DockerTestContainer();
await customContainer.start();
const setupShell = await customContainer.openShell("zsh");
await setupShell.runCommand(`export SAFE_CHAIN_DIR=${CUSTOM_DIR}`);
await setupShell.runCommand("safe-chain setup-ci");
// Persist SAFE_CHAIN_DIR and the custom shims dir in .zshrc so new shells
// inherit both (shims need SAFE_CHAIN_DIR to strip themselves from PATH)
await setupShell.runCommand(
`echo 'export SAFE_CHAIN_DIR=${CUSTOM_DIR}' >> ~/.zshrc`
);
await setupShell.runCommand(
`echo 'export PATH="${CUSTOM_DIR}/shims:$PATH"' >> ~/.zshrc`
);
});
afterEach(async () => {
if (customContainer) {
await customContainer.stop();
customContainer = null;
}
});
it("blocks malicious npm packages when shims are in a custom directory", async () => {
const shell = await customContainer.openShell("zsh");
const result = await shell.runCommand("npm i safe-chain-test");
assert.ok(
result.output.includes("Malicious changes detected:"),
`Expected malicious package to be blocked. Output:\n${result.output}`
);
assert.ok(
result.output.includes("Exiting without installing malicious packages."),
`Expected malicious package to be blocked. Output:\n${result.output}`
);
});
});
});