Add uvx support

Add uvx as a supported package manager so that `uvx` commands are routed through safe-chain's MITM proxy for malware detection, just like `uv`. Previously, `uvx` bypassed all safe-chain protections. The uvx package manager reuses the existing uv command runner since uvx is functionally equivalent to `uv tool run`. Fixes #268 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-26 12:10:49 +00:00 · 2026-03-17 17:12:42 -04:00 · 2026-03-17 17:12:42 -04:00 · 14c8abffea
commit 14c8abffea
parent 83f9f378f6
12 changed files with 82 additions and 9 deletions
--- a/packages/safe-chain/src/packagemanager/uvx/createUvxPackageManager.js
+++ b/packages/safe-chain/src/packagemanager/uvx/createUvxPackageManager.js
@ -0,0 +1,18 @@
+import { runUv } from "../uv/runUvCommand.js";
+
+/**
+ * @returns {import("../currentPackageManager.js").PackageManager}
+ */
+export function createUvxPackageManager() {
+  return {
+    /**
+     * @param {string[]} args
+     */
+    runCommand: (args) => {
+      return runUv("uvx", args);
+    },
+    // For uvx, rely solely on MITM
+    isSupportedCommand: () => false,
+    getDependencyUpdatesForCommand: () => [],
+  };
+}