milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #259 from AikidoSec/configure-custom-npm-registries

Browse source 
Allow to configure custom/private npm registries
This commit is contained in:
Sander Declerck 2025-12-19 10:42:51 +01:00 committed by GitHub
commit 120e12fd34
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 584 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

24
README.md
View file

@ -184,6 +184,30 @@ You can set the minimum package age through multiple sources (in order of priori
}
```
## Custom NPM Registries
Configure Safe Chain to scan packages from custom or private npm registries.
### Configuration Options
You can set custom registries through environment variable or config file. Both sources are merged together.
1. **Environment Variable** (comma-separated):
```shell
export SAFE_CHAIN_NPM_CUSTOM_REGISTRIES="npm.company.com,registry.internal.net"
```
2. **Config File** (`~/.aikido/config.json`):
```json
{
"npm": {
"customRegistries": ["npm.company.com", "registry.internal.net"]
}
}
```
# Usage in CI/CD
You can protect your CI/CD pipelines from malicious packages by integrating Aikido Safe Chain into your build process. This ensures that any packages installed during your automated builds are checked for malware before installation.