milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Document to configure loglevel through env variables.

Browse source
This commit is contained in:
Sander Declerck 2026-01-12 11:01:54 +01:00
parent 3573ef2bc5
commit 20994c1834
No known key found for this signature in database
2 changed files with 35 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

23
README.md
View file

@ -152,24 +152,37 @@ iex (iwr "https://github.com/AikidoSec/safe-chain/releases/latest/download/unins
## Logging
You can control the output from Aikido Safe Chain using the `--safe-chain-logging` flag:
You can control the output from Aikido Safe Chain using the `--safe-chain-logging` flag or the `SAFE_CHAIN_LOGGING` environment variable.
### Configuration Options
You can set the logging level through multiple sources (in order of priority):
1. **CLI Argument** (highest priority):
- `--safe-chain-logging=silent` - Suppresses all Aikido Safe Chain output except when malware is blocked. The package manager output is written to stdout as normal, and Safe Chain only writes a short message if it has blocked malware and causes the process to exit.
Example usage:
```shell
npm install express --safe-chain-logging=silent
```
- `--safe-chain-logging=verbose` - Enables detailed diagnostic output from Aikido Safe Chain. Useful for troubleshooting issues or understanding what Safe Chain is doing behind the scenes.
Example usage:
```shell
npm install express --safe-chain-logging=verbose
```
2. **Environment Variable**:
```shell
export SAFE_CHAIN_LOGGING=verbose
npm install express
```
Valid values: `silent`, `normal`, `verbose`
This is useful for setting a default logging level for all package manager commands in your terminal session or CI/CD environment.
## Minimum Package Age
You can configure how long packages must exist before Safe Chain allows their installation. By default, packages must be at least 24 hours old before they can be installed through npm-based package managers.

13
docs/troubleshooting.md
View file

@ -48,12 +48,16 @@ These test packages are flagged as malware and should be blocked by Safe Chain.
### Logging Options
Use logging flags to get more information:
Use logging flags or environment variables to get more information:
```bash
# Verbose mode - detailed diagnostic output for troubleshooting
npm install express --safe-chain-logging=verbose
# Or set it globally for all commands in your session
export SAFE_CHAIN_LOGGING=verbose
npm install express
# Silent mode - suppress all output except malware blocking
npm install express --safe-chain-logging=silent
```
@ -277,11 +281,16 @@ rm -rf ~/.safe-chain
### Enable Verbose Logging
Get detailed diagnostic output:
Get detailed diagnostic output using a CLI flag or environment variable:
```bash
# Using CLI flag
npm install express --safe-chain-logging=verbose
pip install requests --safe-chain-logging=verbose
# Using environment variable (applies to all commands)
export SAFE_CHAIN_LOGGING=verbose
npm install express
```
### Report Issues