milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #185 from AikidoSec/safe-chain-binaries

Browse source 
Safe-chain: create standalone binaries
This commit is contained in:
Sander Declerck 2025-12-03 13:27:45 +01:00 committed by GitHub
commit 3595e87cd6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
35 changed files with 3398 additions and 453 deletions
Download patch file Download diff file Expand all files Collapse all files

56
.github/workflows/build-and-release.yml vendored
View file

@ -7,10 +7,28 @@ on:
permissions: permissions:
id-token: write id-token: write
contents: read contents: write
jobs: jobs:
set-version:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.get_version.outputs.tag }}
steps:
- name: Set version number
id: get_version
run: |
version="${{ github.ref_name }}"
echo "tag=$version" >> $GITHUB_OUTPUT
create-binaries:
needs: set-version
uses: ./.github/workflows/create-artifact.yml
with:
version: ${{ needs.set-version.outputs.version }}
build: build:
needs: [set-version, create-binaries]
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -30,14 +48,8 @@ jobs:
npm i -g @aikidosec/safe-chain npm i -g @aikidosec/safe-chain
safe-chain setup-ci safe-chain setup-ci
- name: Set version number
id: get_version
run: |
version="${{ github.ref_name }}"
echo "tag=$version" >> $GITHUB_OUTPUT
- name: Set the version in safe-chain package - name: Set the version in safe-chain package
run: npm --no-git-tag-version version ${{ steps.get_version.outputs.tag }} --workspace=packages/safe-chain run: npm --no-git-tag-version version ${{ needs.set-version.outputs.version }} --workspace=packages/safe-chain
- name: Install dependencies - name: Install dependencies
run: npm ci run: npm ci
@ -55,3 +67,31 @@ jobs:
run: | run: |
echo "Publishing version ${{ steps.get_version.outputs.tag }} to NPM" echo "Publishing version ${{ steps.get_version.outputs.tag }} to NPM"
npm publish --workspace=packages/safe-chain --access public --provenance npm publish --workspace=packages/safe-chain --access public --provenance
- name: Download all binary artifacts
uses: actions/download-artifact@v4
with:
path: binaries/
pattern: safe-chain-*
merge-multiple: false
- name: Rename binaries to include platform and architecture
run: |
mv binaries/safe-chain-macos-x64/safe-chain binaries/safe-chain-macos-x64/safe-chain-macos-x64
mv binaries/safe-chain-macos-arm64/safe-chain binaries/safe-chain-macos-arm64/safe-chain-macos-arm64
mv binaries/safe-chain-linux-x64/safe-chain binaries/safe-chain-linux-x64/safe-chain-linux-x64
mv binaries/safe-chain-linux-arm64/safe-chain binaries/safe-chain-linux-arm64/safe-chain-linux-arm64
mv binaries/safe-chain-win-x64/safe-chain.exe binaries/safe-chain-win-x64/safe-chain-win-x64.exe
mv binaries/safe-chain-win-arm64/safe-chain.exe binaries/safe-chain-win-arm64/safe-chain-win-arm64.exe
- name: Upload binaries to existing GitHub Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload ${{ needs.set-version.outputs.version }} \
binaries/safe-chain-macos-x64/* \
binaries/safe-chain-macos-arm64/* \
binaries/safe-chain-linux-x64/* \
binaries/safe-chain-linux-arm64/* \
binaries/safe-chain-win-x64/* \
binaries/safe-chain-win-arm64/*

82
.github/workflows/create-artifact.yml vendored Normal file
View file

@ -0,0 +1,82 @@
name: Create binaries
on:
pull_request:
workflow_call:
inputs:
version:
description: 'Version to set in package.json'
required: false
type: string
jobs:
create-binaries:
name: Create binary for ${{ matrix.os }}-${{ matrix.arch }}
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
include:
- os: macos
arch: x64
runner: macos-15-intel
target: node20-macos-x64
extension: ""
- os: macos
arch: arm64
runner: macos-latest
target: node20-macos-arm64
extension: ""
- os: linux
arch: x64
runner: ubuntu-latest
target: node20-linux-x64
extension: ""
- os: linux
arch: arm64
runner: ubuntu-24.04-arm
target: node20-linux-arm64
extension: ""
- os: win
arch: x64
runner: windows-latest
target: node20-win-x64
extension: ".exe"
- os: win
arch: arm64
runner: windows-11-arm
target: node20-win-arm64
extension: ".exe"
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: "20.x"
- name: Setup safe-chain
run: |
npm i -g @aikidosec/safe-chain
safe-chain setup-ci
- name: Set the version in safe-chain package
if: inputs.version != ''
run: npm --no-git-tag-version version ${{ inputs.version }} --workspace=packages/safe-chain
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Create binary
run: |
node build.js ${{ matrix.target }}
- name: Upload binary artifact
uses: actions/upload-artifact@v4
with:
name: safe-chain-${{ matrix.os }}-${{ matrix.arch }}
path: dist/*

4
.gitignore vendored
View file

@ -144,3 +144,7 @@ vite.config.ts.timestamp-*
Claude.md Claude.md
.claude .claude
.reference .reference
# Build files
build/
dist/

100
README.md
View file

@ -27,29 +27,45 @@ Aikido Safe Chain works on Node.js version 16 and above and supports the followi
## Installation ## Installation
Installing the Aikido Safe Chain is easy. You just need 3 simple steps: Installing the Aikido Safe Chain is easy with our one-line installer.
1. **Install the Aikido Safe Chain package globally** using npm: > ⚠️ **Already installed via npm?** See the [migration guide](docs/npm-to-binary-migration.md) to switch to the binary version.
```shell
npm install -g @aikidosec/safe-chain
```
2. **Setup the shell integration** by running:
```shell ### Unix/Linux/macOS
safe-chain setup
```
To enable Python (pip/pip3/uv) support (beta), use the `--include-python` flag: **Default installation (JavaScript packages only):**
```shell ```shell
safe-chain setup --include-python curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh
``` ```
3. **❗Restart your terminal** to start using the Aikido Safe Chain. **Include Python support (pip/pip3/uv):**
```shell
curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --include-python
```
### Windows (PowerShell)
**Default installation (JavaScript packages only):**
```powershell
iex (iwr "https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1" -UseBasicParsing)
```
**Include Python support (pip/pip3/uv):**
```powershell
iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -includepython"
```
### Verify the installation
1. **❗Restart your terminal** to start using the Aikido Safe Chain.
- This step is crucial as it ensures that the shell aliases for npm, npx, yarn, pnpm, pnpx, bun, bunx, and pip/pip3 are loaded correctly. If you do not restart your terminal, the aliases will not be available. - This step is crucial as it ensures that the shell aliases for npm, npx, yarn, pnpm, pnpx, bun, bunx, and pip/pip3 are loaded correctly. If you do not restart your terminal, the aliases will not be available.
4. **Verify the installation** by running one of the following commands: 2. **Verify the installation** by running one of the following commands:
For JavaScript/Node.js: For JavaScript/Node.js:
@ -57,7 +73,7 @@ Installing the Aikido Safe Chain is easy. You just need 3 simple steps:
npm install safe-chain-test npm install safe-chain-test
``` ```
For Python (beta): For Python (if you enabled Python support):
```shell ```shell
pip3 install safe-chain-pi-test pip3 install safe-chain-pi-test
@ -168,21 +184,37 @@ You can protect your CI/CD pipelines from malicious packages by integrating Aiki
For optimal protection in CI/CD environments, we recommend using **npm >= 10.4.0** as it provides full dependency tree scanning. Other package managers currently offer limited scanning of install command arguments only. For optimal protection in CI/CD environments, we recommend using **npm >= 10.4.0** as it provides full dependency tree scanning. Other package managers currently offer limited scanning of install command arguments only.
## Setup ## Installation for CI/CD
To use Aikido Safe Chain in CI/CD environments, run the following command after installing the package: Use the `--ci` flag to automatically configure Aikido Safe Chain for CI/CD environments. This sets up executable shims in the PATH instead of shell aliases.
### Unix/Linux/macOS (GitHub Actions, Azure Pipelines, etc.)
**JavaScript only:**
```shell ```shell
safe-chain setup-ci curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci
``` ```
To enable Python (pip/pip3/uv) support (beta) in CI/CD, use the `--include-python` flag: **With Python support:**
```shell ```shell
safe-chain setup-ci --include-python curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python
``` ```
This automatically configures your CI environment to use Aikido Safe Chain for all package manager commands. ### Windows (Azure Pipelines, etc.)
**JavaScript only:**
```powershell
iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -ci"
```
**With Python support:**
```powershell
iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -ci -includepython"
```
## Supported Platforms ## Supported Platforms
@ -198,16 +230,15 @@ This automatically configures your CI environment to use Aikido Safe Chain for a
node-version: "22" node-version: "22"
cache: "npm" cache: "npm"
- name: Setup safe-chain - name: Install safe-chain
run: | run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python
npm i -g @aikidosec/safe-chain
safe-chain setup-ci
- name: Install dependencies - name: Install dependencies
run: | run: npm ci
npm ci
``` ```
> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv) support.
## Azure DevOps Example ## Azure DevOps Example
```yaml ```yaml
@ -216,14 +247,13 @@ This automatically configures your CI environment to use Aikido Safe Chain for a
versionSpec: "22.x" versionSpec: "22.x"
displayName: "Install Node.js" displayName: "Install Node.js"
- script: | - script: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python
npm i -g @aikidosec/safe-chain displayName: "Install safe-chain"
safe-chain setup-ci
displayName: "Install safe chain"
- script: | - script: npm ci
npm ci displayName: "Install dependencies"
displayName: "npm install and build"
``` ```
> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv) support.
After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection. After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.

125
build.js Normal file
View file

@ -0,0 +1,125 @@
import { build } from "esbuild";
import { mkdir, cp, rm, readFile, writeFile } from "node:fs/promises";
import { spawn } from "node:child_process";
import { resolve } from "node:path";
const target = process.argv[2];
if (!target) {
// eslint-disable-next-line no-console
console.error("Usage: node build.js <target>");
// eslint-disable-next-line no-console
console.error("Example: node build.js node22-macos-arm64");
process.exit(1);
}
(async function main() {
await clearOutputFolder();
// Esbuild creates a single safe-chain.cjs with all dependencies included
await bundleSafeChain();
// Copy assets that need to be included in the binary
// - All shell scripts that are used to setup safe-chain
// - Certifi because it contains static root certs for Python
// - Package.json for its metadata (package name, version, ...)
await copyShellScripts();
await copyCertifi();
await copyAndModifyPackageJson();
// Creates a single binary with safe-chain.cjs and the copied assets
await buildSafeChainBinary(target);
})();
async function clearOutputFolder() {
await rm("./build", { recursive: true, force: true });
await mkdir("./build");
}
async function bundleSafeChain() {
await build({
entryPoints: ["./packages/safe-chain/bin/safe-chain.js"],
bundle: true,
platform: "node",
target: "node24",
outfile: "./build/bin/safe-chain.cjs",
external: ["certifi"],
});
let bundledContent = await readFile("./build/bin/safe-chain.cjs", "utf-8");
await writeFile("./build/bin/safe-chain.cjs", bundledContent);
}
async function copyShellScripts() {
await mkdir("./build/bin/startup-scripts", { recursive: true });
await cp(
"./packages/safe-chain/src/shell-integration/startup-scripts/",
"./build/bin/startup-scripts",
{ recursive: true }
);
await mkdir("./build/bin/path-wrappers", { recursive: true });
await cp(
"./packages/safe-chain/src/shell-integration/path-wrappers/",
"./build/bin/path-wrappers",
{ recursive: true }
);
}
async function copyCertifi() {
await mkdir("./build/node_modules/certifi", { recursive: true });
await cp("./node_modules/certifi/", "./build/node_modules/certifi", {
recursive: true,
});
}
async function copyAndModifyPackageJson() {
const packageJsonContent = await readFile(
"./packages/safe-chain/package.json",
"utf-8"
);
const packageJson = JSON.parse(packageJsonContent);
delete packageJson.main;
delete packageJson.scripts;
delete packageJson.exports;
delete packageJson.dependencies;
delete packageJson.devDependencies;
packageJson.bin = {
"safe-chain": "bin/safe-chain.cjs",
};
packageJson.type = "commonjs";
packageJson.pkg = {
outputPath: "dist",
assets: [
"node_modules/certifi/**/*",
"bin/startup-scripts/**/*",
"bin/path-wrappers/**/*",
],
};
await writeFile("./build/package.json", JSON.stringify(packageJson, null, 2));
return packageJson;
}
function buildSafeChainBinary(target) {
return new Promise((promiseResolve, reject) => {
// Use .cmd on Windows, resolve to absolute path for cross-platform compatibility
const pkgBin = process.platform === "win32"
? resolve("node_modules/.bin/pkg.cmd")
: resolve("node_modules/.bin/pkg");
const pkg = spawn(pkgBin, ["./build/package.json", "-t", target], {
stdio: "inherit",
shell: true,
});
pkg.on("close", (code) => {
if (code !== 0) {
reject(new Error(`pkg process exited with code ${code}`));
} else {
promiseResolve();
}
});
});
}

89
docs/npm-to-binary-migration.md Normal file
View file

@ -0,0 +1,89 @@
# Migrating from npm global tool to binary installation
If you previously installed safe-chain as an npm global package, you need to migrate to the binary installation.
Depending on the version manager you're using, the uninstall process differs:
### Standard npm (no version manager)
1. **Clean up shell aliases:**
```bash
safe-chain teardown
```
2. **Restart your terminal**
3. **Uninstall the npm package:**
```bash
npm uninstall -g @aikidosec/safe-chain
```
4. **Install the binary version** (see [Installation](../README.md#installation))
### nvm (Node Version Manager)
**Important:** nvm installs global packages separately for each Node version, so safe-chain must be uninstalled from each version where it was installed.
1. **Clean up shell aliases:**
```bash
safe-chain teardown
```
2. **Restart your terminal**
3. **Uninstall from all Node versions:**
**Option A** - Automated script (recommended):
```bash
for version in $(nvm list | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+'); do nvm use $version && npm uninstall -g @aikidosec/safe-chain; done
```
**Option B** - Manual per version:
```bash
nvm use <version>
npm uninstall -g @aikidosec/safe-chain
```
Repeat for each Node version where safe-chain was installed.
4. **Install the binary version** (see [Installation](../README.md#installation))
### Volta
1. **Clean up shell aliases:**
```bash
safe-chain teardown
```
2. **Restart your terminal**
3. **Uninstall the Volta package:**
```bash
volta uninstall @aikidosec/safe-chain
```
4. **Install the binary version** (see [Installation](../README.md#installation))
## Troubleshooting
### Shell aliases still present after migration
1. Run `safe-chain teardown` (if the binary is installed)
2. Manually remove any safe-chain entries from your shell config files:
- Bash: `~/.bashrc`
- Zsh: `~/.zshrc`
- Fish: `~/.config/fish/config.fish`
- PowerShell: `$PROFILE`
3. Restart your terminal
4. Re-run the install script
### "command not found: safe-chain" after migration
The binary installation directory (`~/.safe-chain/bin`) may not be in your PATH. Restart your terminal. If the problem persists: re-run the installation of safe-chain.

213
install-scripts/install-safe-chain.ps1 Normal file
View file

@ -0,0 +1,213 @@
# Downloads and installs safe-chain for Windows
#
# Usage with "iex (iwr {url} -UseBasicParsing)" --> See README.md
param(
[switch]$ci,
[switch]$includepython
)
$Version = $env:SAFE_CHAIN_VERSION # Will be fetched from latest release if not set
$InstallDir = Join-Path $env:USERPROFILE ".safe-chain\bin"
$RepoUrl = "https://github.com/AikidoSec/safe-chain"
# Ensure TLS 1.2 is enabled for downloads
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Helper functions
function Write-Info {
param([string]$Message)
Write-Host "[INFO] $Message" -ForegroundColor Green
}
function Write-Warn {
param([string]$Message)
Write-Host "[WARN] $Message" -ForegroundColor Yellow
}
function Write-Error-Custom {
param([string]$Message)
Write-Host "[ERROR] $Message" -ForegroundColor Red
exit 1
}
# Fetch latest release version tag from GitHub
function Get-LatestVersion {
try {
$response = Invoke-RestMethod -Uri "https://api.github.com/repos/AikidoSec/safe-chain/releases/latest" -UseBasicParsing
$latestVersion = $response.tag_name
if ([string]::IsNullOrWhiteSpace($latestVersion)) {
Write-Error-Custom "Failed to fetch latest version from GitHub API. Please set SAFE_CHAIN_VERSION environment variable."
}
return $latestVersion
}
catch {
Write-Error-Custom "Failed to fetch latest version from GitHub API: $($_.Exception.Message). Please set SAFE_CHAIN_VERSION environment variable."
}
}
# Detect architecture
function Get-Architecture {
$arch = $env:PROCESSOR_ARCHITECTURE
switch ($arch) {
"AMD64" { return "x64" }
"ARM64" { return "arm64" }
default { Write-Error-Custom "Unsupported architecture: $arch" }
}
}
# Check and uninstall npm global package if present
function Remove-NpmInstallation {
# Check if npm is available
if (-not (Get-Command npm -ErrorAction SilentlyContinue)) {
return
}
# Check if safe-chain is installed as an npm global package
npm list -g @aikidosec/safe-chain 2>&1 | Out-Null
if ($LASTEXITCODE -eq 0) {
Write-Info "Detected npm global installation of @aikidosec/safe-chain"
Write-Info "Uninstalling npm version before installing binary version..."
npm uninstall -g @aikidosec/safe-chain 2>&1 | Out-Null
if ($LASTEXITCODE -eq 0) {
Write-Info "Successfully uninstalled npm version"
}
else {
Write-Warn "Failed to uninstall npm version automatically"
Write-Warn "Please run: npm uninstall -g @aikidosec/safe-chain"
}
}
}
# Check and uninstall Volta-managed package if present
function Remove-VoltaInstallation {
# Check if Volta is available
if (-not (Get-Command volta -ErrorAction SilentlyContinue)) {
return
}
# Volta manages global packages in its own directory
# Check if safe-chain is installed via Volta
volta list safe-chain 2>&1 | Out-Null
if ($LASTEXITCODE -eq 0) {
Write-Info "Detected Volta installation of @aikidosec/safe-chain"
Write-Info "Uninstalling Volta version before installing binary version..."
volta uninstall @aikidosec/safe-chain 2>&1 | Out-Null
if ($LASTEXITCODE -eq 0) {
Write-Info "Successfully uninstalled Volta version"
}
else {
Write-Warn "Failed to uninstall Volta version automatically"
Write-Warn "Please run: volta uninstall @aikidosec/safe-chain"
}
}
}
# Main installation
function Install-SafeChain {
# Fetch latest version if VERSION is not set
if ([string]::IsNullOrWhiteSpace($script:Version)) {
Write-Info "Fetching latest release version..."
$script:Version = Get-LatestVersion
}
# Build installation message
$installMsg = "Installing safe-chain $Version"
if ($includepython) {
$installMsg += " with python"
}
if ($ci) {
$installMsg += " in ci"
}
Write-Info $installMsg
# Check for existing safe-chain installation through npm or volta
Remove-NpmInstallation
Remove-VoltaInstallation
# Detect platform
$arch = Get-Architecture
$binaryName = "safe-chain-win-$arch.exe"
Write-Info "Detected architecture: $arch"
# Create installation directory
if (-not (Test-Path $InstallDir)) {
Write-Info "Creating installation directory: $InstallDir"
try {
New-Item -ItemType Directory -Path $InstallDir -Force | Out-Null
}
catch {
Write-Error-Custom "Failed to create directory $InstallDir : $_"
}
}
# Download binary
$downloadUrl = "$RepoUrl/releases/download/$Version/$binaryName"
$tempFile = Join-Path $InstallDir $binaryName
Write-Info "Downloading from: $downloadUrl"
try {
# Download with progress suppressed for cleaner output
$ProgressPreference = 'SilentlyContinue'
Invoke-WebRequest -Uri $downloadUrl -OutFile $tempFile -UseBasicParsing
$ProgressPreference = 'Continue'
}
catch {
Write-Error-Custom "Failed to download from $downloadUrl : $_"
}
# Rename to final location
$finalFile = Join-Path $InstallDir "safe-chain.exe"
try {
Move-Item -Path $tempFile -Destination $finalFile -Force
}
catch {
Write-Error-Custom "Failed to move binary to $finalFile : $_"
}
Write-Info "Binary installed to: $finalFile"
# Build setup command based on parameters
$setupCmd = if ($ci) { "setup-ci" } else { "setup" }
$setupArgs = @()
if ($includepython) {
$setupArgs += "--include-python"
}
# Execute safe-chain setup
Write-Info "Running safe-chain $setupCmd $(if ($setupArgs) { $setupArgs -join ' ' })..."
try {
$env:Path = "$env:Path;$InstallDir"
if ($setupArgs) {
& $finalFile $setupCmd $setupArgs
}
else {
& $finalFile $setupCmd
}
if ($LASTEXITCODE -ne 0) {
Write-Warn "safe-chain was installed but setup encountered issues."
Write-Warn "You can run 'safe-chain $setupCmd $(if ($setupArgs) { $setupArgs -join ' ' })' manually later."
}
}
catch {
Write-Warn "safe-chain was installed but setup encountered issues: $_"
Write-Warn "You can run 'safe-chain $setupCmd $(if ($setupArgs) { $setupArgs -join ' ' })' manually later."
}
}
# Run installation
try {
Install-SafeChain
}
catch {
Write-Error-Custom "Installation failed: $_"
}

224
install-scripts/install-safe-chain.sh Executable file
View file

@ -0,0 +1,224 @@
#!/bin/sh
# Downloads and installs safe-chain, depending on the operating system and architecture
#
# Usage with "curl -fsSL {url} | sh" --> See README.md
set -e # Exit on error
# Configuration
VERSION="${SAFE_CHAIN_VERSION:-}" # Will be fetched from latest release if not set
INSTALL_DIR="${HOME}/.safe-chain/bin"
REPO_URL="https://github.com/AikidoSec/safe-chain"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Helper functions
info() {
printf "${GREEN}[INFO]${NC} %s\n" "$1"
}
warn() {
printf "${YELLOW}[WARN]${NC} %s\n" "$1"
}
error() {
printf "${RED}[ERROR]${NC} %s\n" "$1" >&2
exit 1
}
# Detect OS
detect_os() {
case "$(uname -s)" in
Linux*) echo "linux" ;;
Darwin*) echo "macos" ;;
*) error "Unsupported operating system: $(uname -s)" ;;
esac
}
# Detect architecture
detect_arch() {
case "$(uname -m)" in
x86_64|amd64) echo "x64" ;;
aarch64|arm64) echo "arm64" ;;
*) error "Unsupported architecture: $(uname -m)" ;;
esac
}
# Check if command exists
command_exists() {
command -v "$1" >/dev/null 2>&1
}
# Fetch latest release version tag from GitHub
fetch_latest_version() {
# Try using GitHub API to get the latest release tag
if command_exists curl; then
latest_version=$(curl -fsSL "https://api.github.com/repos/AikidoSec/safe-chain/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
elif command_exists wget; then
latest_version=$(wget -qO- "https://api.github.com/repos/AikidoSec/safe-chain/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
else
error "Neither curl nor wget found. Please install one of them or set SAFE_CHAIN_VERSION environment variable."
fi
if [ -z "$latest_version" ]; then
error "Failed to fetch latest version from GitHub API. Please set SAFE_CHAIN_VERSION environment variable."
fi
echo "$latest_version"
}
# Download file
download() {
url="$1"
dest="$2"
if command_exists curl; then
curl -fsSL "$url" -o "$dest" || error "Failed to download from $url"
elif command_exists wget; then
wget -q "$url" -O "$dest" || error "Failed to download from $url"
else
error "Neither curl nor wget found. Please install one of them."
fi
}
# Check and uninstall npm global package if present
remove_npm_installation() {
if ! command_exists npm; then
return
fi
# Check if safe-chain is installed as an npm global package
if npm list -g @aikidosec/safe-chain >/dev/null 2>&1; then
info "Detected npm global installation of @aikidosec/safe-chain"
info "Uninstalling npm version before installing binary version..."
if npm uninstall -g @aikidosec/safe-chain >/dev/null 2>&1; then
info "Successfully uninstalled npm version"
else
warn "Failed to uninstall npm version automatically"
warn "Please run: npm uninstall -g @aikidosec/safe-chain"
fi
fi
}
# Check and uninstall Volta-managed package if present
remove_volta_installation() {
if ! command_exists volta; then
return
fi
# Volta manages global packages in its own directory
# Check if safe-chain is installed via Volta
if volta list safe-chain >/dev/null 2>&1; then
info "Detected Volta installation of @aikidosec/safe-chain"
info "Uninstalling Volta version before installing binary version..."
if volta uninstall @aikidosec/safe-chain >/dev/null 2>&1; then
info "Successfully uninstalled Volta version"
else
warn "Failed to uninstall Volta version automatically"
warn "Please run: volta uninstall @aikidosec/safe-chain"
fi
fi
}
# Parse command-line arguments
parse_arguments() {
for arg in "$@"; do
case "$arg" in
--ci)
USE_CI_SETUP=true
;;
--include-python)
INCLUDE_PYTHON=true
;;
*)
error "Unknown argument: $arg"
;;
esac
done
}
# Main installation
main() {
# Initialize argument flags
USE_CI_SETUP=false
INCLUDE_PYTHON=false
# Parse command-line arguments
parse_arguments "$@"
# Fetch latest version if VERSION is not set
if [ -z "$VERSION" ]; then
info "Fetching latest release version..."
VERSION=$(fetch_latest_version)
fi
# Build installation message
INSTALL_MSG="Installing safe-chain ${VERSION}"
if [ "$INCLUDE_PYTHON" = "true" ]; then
INSTALL_MSG="${INSTALL_MSG} with python"
fi
if [ "$USE_CI_SETUP" = "true" ]; then
INSTALL_MSG="${INSTALL_MSG} in ci"
fi
info "$INSTALL_MSG"
# Check for existing safe-chain installation through npm or volta
remove_npm_installation
remove_volta_installation
# Detect platform
OS=$(detect_os)
ARCH=$(detect_arch)
BINARY_NAME="safe-chain-${OS}-${ARCH}"
info "Detected platform: ${OS}-${ARCH}"
# Create installation directory
if [ ! -d "$INSTALL_DIR" ]; then
info "Creating installation directory: $INSTALL_DIR"
mkdir -p "$INSTALL_DIR" || error "Failed to create directory $INSTALL_DIR"
fi
# Download binary
DOWNLOAD_URL="${REPO_URL}/releases/download/${VERSION}/${BINARY_NAME}"
TEMP_FILE="${INSTALL_DIR}/${BINARY_NAME}"
info "Downloading from: $DOWNLOAD_URL"
download "$DOWNLOAD_URL" "$TEMP_FILE"
# Rename and make executable
FINAL_FILE="${INSTALL_DIR}/safe-chain"
mv "$TEMP_FILE" "$FINAL_FILE" || error "Failed to move binary to $FINAL_FILE"
chmod +x "$FINAL_FILE" || error "Failed to make binary executable"
info "Binary installed to: $FINAL_FILE"
# Build setup command based on arguments
SETUP_CMD="setup"
SETUP_ARGS=""
if [ "$USE_CI_SETUP" = "true" ]; then
SETUP_CMD="setup-ci"
fi
if [ "$INCLUDE_PYTHON" = "true" ]; then
SETUP_ARGS="--include-python"
fi
# Execute safe-chain setup
info "Running safe-chain $SETUP_CMD $SETUP_ARGS..."
if ! "$FINAL_FILE" $SETUP_CMD $SETUP_ARGS; then
warn "safe-chain was installed but setup encountered issues."
warn "You can run 'safe-chain $SETUP_CMD $SETUP_ARGS' manually later."
fi
}
main "$@"

1921
package-lock.json generated
View file

File diff suppressed because it is too large Load diff

4
package.json
View file

@ -19,6 +19,8 @@
"author": "Aikido Security", "author": "Aikido Security",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"devDependencies": { "devDependencies": {
"oxlint": "^1.22.0" "oxlint": "^1.22.0",
"esbuild": "^0.27.0",
"@yao-pkg/pkg": "6.10.1"
} }
} }

6
packages/safe-chain/bin/aikido-bun.js
View file

@ -7,6 +7,8 @@ import { setEcoSystem, ECOSYSTEM_JS } from "../src/config/settings.js";
setEcoSystem(ECOSYSTEM_JS); setEcoSystem(ECOSYSTEM_JS);
const packageManagerName = "bun"; const packageManagerName = "bun";
initializePackageManager(packageManagerName); initializePackageManager(packageManagerName);
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode); (async () => {
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode);
})();

6
packages/safe-chain/bin/aikido-bunx.js
View file

@ -7,6 +7,8 @@ import { setEcoSystem, ECOSYSTEM_JS } from "../src/config/settings.js";
setEcoSystem(ECOSYSTEM_JS); setEcoSystem(ECOSYSTEM_JS);
const packageManagerName = "bunx"; const packageManagerName = "bunx";
initializePackageManager(packageManagerName); initializePackageManager(packageManagerName);
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode); (async () => {
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode);
})();

6
packages/safe-chain/bin/aikido-npm.js
View file

@ -7,6 +7,8 @@ import { setEcoSystem, ECOSYSTEM_JS } from "../src/config/settings.js";
setEcoSystem(ECOSYSTEM_JS); setEcoSystem(ECOSYSTEM_JS);
const packageManagerName = "npm"; const packageManagerName = "npm";
initializePackageManager(packageManagerName); initializePackageManager(packageManagerName);
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode); (async () => {
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode);
})();

6
packages/safe-chain/bin/aikido-npx.js
View file

@ -7,6 +7,8 @@ import { setEcoSystem, ECOSYSTEM_JS } from "../src/config/settings.js";
setEcoSystem(ECOSYSTEM_JS); setEcoSystem(ECOSYSTEM_JS);
const packageManagerName = "npx"; const packageManagerName = "npx";
initializePackageManager(packageManagerName); initializePackageManager(packageManagerName);
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode); (async () => {
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode);
})();

8
packages/safe-chain/bin/aikido-pip.js
View file

@ -13,6 +13,8 @@ setCurrentPipInvocation(PIP_INVOCATIONS.PIP);
initializePackageManager(PIP_PACKAGE_MANAGER); initializePackageManager(PIP_PACKAGE_MANAGER);
// Pass through only user-supplied pip args (async () => {
var exitCode = await main(process.argv.slice(2)); // Pass through only user-supplied pip args
process.exit(exitCode); var exitCode = await main(process.argv.slice(2));
process.exit(exitCode);
})();

8
packages/safe-chain/bin/aikido-pip3.js
View file

@ -14,6 +14,8 @@ setCurrentPipInvocation(PIP_INVOCATIONS.PIP3);
// Create package manager // Create package manager
initializePackageManager(PIP_PACKAGE_MANAGER); initializePackageManager(PIP_PACKAGE_MANAGER);
// Pass through only user-supplied pip args (async () => {
var exitCode = await main(process.argv.slice(2)); // Pass through only user-supplied pip args
process.exit(exitCode); var exitCode = await main(process.argv.slice(2));
process.exit(exitCode);
})();

6
packages/safe-chain/bin/aikido-pnpm.js
View file

@ -7,6 +7,8 @@ import { setEcoSystem, ECOSYSTEM_JS } from "../src/config/settings.js";
setEcoSystem(ECOSYSTEM_JS); setEcoSystem(ECOSYSTEM_JS);
const packageManagerName = "pnpm"; const packageManagerName = "pnpm";
initializePackageManager(packageManagerName); initializePackageManager(packageManagerName);
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode); (async () => {
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode);
})();

6
packages/safe-chain/bin/aikido-pnpx.js
View file

@ -7,6 +7,8 @@ import { setEcoSystem, ECOSYSTEM_JS } from "../src/config/settings.js";
setEcoSystem(ECOSYSTEM_JS); setEcoSystem(ECOSYSTEM_JS);
const packageManagerName = "pnpx"; const packageManagerName = "pnpx";
initializePackageManager(packageManagerName); initializePackageManager(packageManagerName);
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode); (async () => {
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode);
})();

8
packages/safe-chain/bin/aikido-python.js
View file

@ -11,7 +11,8 @@ setEcoSystem(ECOSYSTEM_PY);
// Strip nodejs and wrapper script from args // Strip nodejs and wrapper script from args
let argv = process.argv.slice(2); let argv = process.argv.slice(2);
if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) { (async () => {
if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) {
setEcoSystem(ECOSYSTEM_PY); setEcoSystem(ECOSYSTEM_PY);
setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP); setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP);
initializePackageManager(PIP_PACKAGE_MANAGER); initializePackageManager(PIP_PACKAGE_MANAGER);
@ -21,8 +22,9 @@ if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) {
var exitCode = await main(argv); var exitCode = await main(argv);
process.exit(exitCode); process.exit(exitCode);
} else { } else {
// Forward to real python binary for non-pip flows // Forward to real python binary for non-pip flows
const { spawn } = await import('child_process'); const { spawn } = await import('child_process');
spawn('python', argv, { stdio: 'inherit' }); spawn('python', argv, { stdio: 'inherit' });
} }
})();

8
packages/safe-chain/bin/aikido-python3.js
View file

@ -11,7 +11,8 @@ setEcoSystem(ECOSYSTEM_PY);
// Strip nodejs and wrapper script from args // Strip nodejs and wrapper script from args
let argv = process.argv.slice(2); let argv = process.argv.slice(2);
if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) { (async () => {
if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) {
setEcoSystem(ECOSYSTEM_PY); setEcoSystem(ECOSYSTEM_PY);
setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP); setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP);
initializePackageManager(PIP_PACKAGE_MANAGER); initializePackageManager(PIP_PACKAGE_MANAGER);
@ -21,8 +22,9 @@ if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) {
var exitCode = await main(argv); var exitCode = await main(argv);
process.exit(exitCode); process.exit(exitCode);
} else { } else {
// Forward to real python3 binary for non-pip flows // Forward to real python3 binary for non-pip flows
const { spawn } = await import('child_process'); const { spawn } = await import('child_process');
spawn('python3', argv, { stdio: 'inherit' }); spawn('python3', argv, { stdio: 'inherit' });
} }
})();

8
packages/safe-chain/bin/aikido-uv.js
View file

@ -9,6 +9,8 @@ setEcoSystem(ECOSYSTEM_PY);
initializePackageManager("uv"); initializePackageManager("uv");
// Pass through only user-supplied uv args (async () => {
var exitCode = await main(process.argv.slice(2)); // Pass through only user-supplied uv args
process.exit(exitCode); var exitCode = await main(process.argv.slice(2));
process.exit(exitCode);
})();

6
packages/safe-chain/bin/aikido-yarn.js
View file

@ -7,6 +7,8 @@ import { setEcoSystem, ECOSYSTEM_JS } from "../src/config/settings.js";
setEcoSystem(ECOSYSTEM_JS); setEcoSystem(ECOSYSTEM_JS);
const packageManagerName = "yarn"; const packageManagerName = "yarn";
initializePackageManager(packageManagerName); initializePackageManager(packageManagerName);
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode); (async () => {
var exitCode = await main(process.argv.slice(2));
process.exit(exitCode);
})();

116
packages/safe-chain/bin/safe-chain.js
View file

@ -1,12 +1,37 @@
#!/usr/bin/env node #!/usr/bin/env node
import chalk from "chalk"; import chalk from "chalk";
import { createRequire } from "module";
import { ui } from "../src/environment/userInteraction.js"; import { ui } from "../src/environment/userInteraction.js";
import { setup } from "../src/shell-integration/setup.js"; import { setup } from "../src/shell-integration/setup.js";
import { teardown } from "../src/shell-integration/teardown.js"; import { teardown } from "../src/shell-integration/teardown.js";
import { setupCi } from "../src/shell-integration/setup-ci.js"; import { setupCi } from "../src/shell-integration/setup-ci.js";
import { initializeCliArguments } from "../src/config/cliArguments.js"; import { initializeCliArguments } from "../src/config/cliArguments.js";
import { setEcoSystem } from "../src/config/settings.js";
import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
import { main } from "../src/main.js";
import path from "path";
import { fileURLToPath } from "url";
import fs from "fs";
import { knownAikidoTools } from "../src/shell-integration/helpers.js";
import {
PIP_INVOCATIONS,
PIP_PACKAGE_MANAGER,
setCurrentPipInvocation,
} from "../src/packagemanager/pip/pipSettings.js";
/** @type {string} */
// This checks the current file's dirname in a way that's compatible with:
// - Modulejs (import.meta.url)
// - ES modules (__dirname)
// This is needed because safe-chain's npm package is built using ES modules,
// but building the binaries requires commonjs.
let dirname;
if (import.meta.url) {
const filename = fileURLToPath(import.meta.url);
dirname = path.dirname(filename);
} else {
dirname = __dirname;
}
if (process.argv.length < 3) { if (process.argv.length < 3) {
ui.writeError("No command provided. Please provide a command to execute."); ui.writeError("No command provided. Please provide a command to execute.");
@ -19,19 +44,35 @@ initializeCliArguments(process.argv);
const command = process.argv[2]; const command = process.argv[2];
if (command === "help" || command === "--help" || command === "-h") { const tool = knownAikidoTools.find((tool) => tool.tool === command);
if (tool && tool.internalPackageManagerName === PIP_PACKAGE_MANAGER) {
(async function () {
await executePip(tool);
})();
} else if (tool) {
const args = process.argv.slice(3);
setEcoSystem(tool.ecoSystem);
initializePackageManager(tool.internalPackageManagerName);
(async () => {
var exitCode = await main(args);
process.exit(exitCode);
})();
} else if (command === "help" || command === "--help" || command === "-h") {
writeHelp(); writeHelp();
process.exit(0); process.exit(0);
} } else if (command === "setup") {
if (command === "setup") {
setup(); setup();
} else if (command === "teardown") { } else if (command === "teardown") {
teardown(); teardown();
} else if (command === "setup-ci") { } else if (command === "setup-ci") {
setupCi(); setupCi();
} else if (command === "--version" || command === "-v" || command === "-v") { } else if (command === "--version" || command === "-v" || command === "-v") {
ui.writeInformation(`Current safe-chain version: ${getVersion()}`); (async () => {
ui.writeInformation(`Current safe-chain version: ${await getVersion()}`);
})();
} else { } else {
ui.writeError(`Unknown command: ${command}.`); ui.writeError(`Unknown command: ${command}.`);
ui.emptyLine(); ui.emptyLine();
@ -87,8 +128,63 @@ function writeHelp() {
ui.emptyLine(); ui.emptyLine();
} }
function getVersion() { async function getVersion() {
const require = createRequire(import.meta.url); const packageJsonPath = path.join(dirname, "..", "package.json");
const packageJson = require("../package.json");
return packageJson.version; const data = await fs.promises.readFile(packageJsonPath);
const json = JSON.parse(data.toString("utf8"));
if (json && json.version) {
return json.version;
}
return "0.0.0";
}
/**
* @param {import("../src/shell-integration/helpers.js").AikidoTool} tool
*/
async function executePip(tool) {
// Scanners for pip / pip3 / python / python3 use a slightly different approach:
// - They all use the same PIP_PACKAGE_MANAGER internally, but need some setup to be able to do so
// - It needs to set which tool to run (pip / pip3 / python / python3)
// - For python and python3, the -m pip/pip3 args are removed and later added again by the package manager
// - Python / python3 skips safe-chain if not being run with -m pip or -m pip3
let args = process.argv.slice(3);
setEcoSystem(tool.ecoSystem);
initializePackageManager(PIP_PACKAGE_MANAGER);
let shouldSkip = false;
if (tool.tool === "pip") {
setCurrentPipInvocation(PIP_INVOCATIONS.PIP);
} else if (tool.tool === "pip3") {
setCurrentPipInvocation(PIP_INVOCATIONS.PIP3);
} else if (tool.tool === "python") {
if (args[0] === "-m" && (args[1] === "pip" || args[1] === "pip3")) {
setCurrentPipInvocation(
args[1] === "pip3" ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP
);
args = args.slice(2);
} else {
shouldSkip = true;
}
} else if (tool.tool === "python3") {
if (args[0] === "-m" && (args[1] === "pip" || args[1] === "pip3")) {
setCurrentPipInvocation(
args[1] === "pip3" ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP
);
args = args.slice(2);
} else {
shouldSkip = true;
}
}
if (shouldSkip) {
const { spawn } = await import("child_process");
spawn(tool.tool, args, { stdio: "inherit" });
} else {
var exitCode = await main(args);
process.exit(exitCode);
}
} }

1
packages/safe-chain/package.json
View file

@ -52,6 +52,7 @@
"@types/node-forge": "^1.3.14", "@types/node-forge": "^1.3.14",
"@types/npm-registry-fetch": "^8.0.9", "@types/npm-registry-fetch": "^8.0.9",
"@types/semver": "^7.7.1", "@types/semver": "^7.7.1",
"esbuild": "^0.27.0",
"typescript": "^5.9.3" "typescript": "^5.9.3"
}, },
"main": "src/main.js", "main": "src/main.js",

85
packages/safe-chain/src/shell-integration/helpers.js
View file

@ -9,24 +9,85 @@ import { ECOSYSTEM_JS, ECOSYSTEM_PY } from "../config/settings.js";
* @property {string} tool * @property {string} tool
* @property {string} aikidoCommand * @property {string} aikidoCommand
* @property {string} ecoSystem * @property {string} ecoSystem
* @property {string} internalPackageManagerName
*/ */
/** /**
* @type {AikidoTool[]} * @type {AikidoTool[]}
*/ */
export const knownAikidoTools = [ export const knownAikidoTools = [
{ tool: "npm", aikidoCommand: "aikido-npm", ecoSystem: ECOSYSTEM_JS }, {
{ tool: "npx", aikidoCommand: "aikido-npx", ecoSystem: ECOSYSTEM_JS }, tool: "npm",
{ tool: "yarn", aikidoCommand: "aikido-yarn", ecoSystem: ECOSYSTEM_JS }, aikidoCommand: "aikido-npm",
{ tool: "pnpm", aikidoCommand: "aikido-pnpm", ecoSystem: ECOSYSTEM_JS }, ecoSystem: ECOSYSTEM_JS,
{ tool: "pnpx", aikidoCommand: "aikido-pnpx", ecoSystem: ECOSYSTEM_JS }, internalPackageManagerName: "npm",
{ tool: "bun", aikidoCommand: "aikido-bun", ecoSystem: ECOSYSTEM_JS }, },
{ tool: "bunx", aikidoCommand: "aikido-bunx", ecoSystem: ECOSYSTEM_JS }, {
{ tool: "uv", aikidoCommand: "aikido-uv", ecoSystem: ECOSYSTEM_PY }, tool: "npx",
{ tool: "pip", aikidoCommand: "aikido-pip", ecoSystem: ECOSYSTEM_PY }, aikidoCommand: "aikido-npx",
{ tool: "pip3", aikidoCommand: "aikido-pip3", ecoSystem: ECOSYSTEM_PY }, ecoSystem: ECOSYSTEM_JS,
{ tool: "python", aikidoCommand: "aikido-python", ecoSystem: ECOSYSTEM_PY }, internalPackageManagerName: "npx",
{ tool: "python3", aikidoCommand: "aikido-python3", ecoSystem: ECOSYSTEM_PY }, },
{
tool: "yarn",
aikidoCommand: "aikido-yarn",
ecoSystem: ECOSYSTEM_JS,
internalPackageManagerName: "yarn",
},
{
tool: "pnpm",
aikidoCommand: "aikido-pnpm",
ecoSystem: ECOSYSTEM_JS,
internalPackageManagerName: "pnpm",
},
{
tool: "pnpx",
aikidoCommand: "aikido-pnpx",
ecoSystem: ECOSYSTEM_JS,
internalPackageManagerName: "pnpx",
},
{
tool: "bun",
aikidoCommand: "aikido-bun",
ecoSystem: ECOSYSTEM_JS,
internalPackageManagerName: "bun",
},
{
tool: "bunx",
aikidoCommand: "aikido-bunx",
ecoSystem: ECOSYSTEM_JS,
internalPackageManagerName: "bunx",
},
{
tool: "uv",
aikidoCommand: "aikido-uv",
ecoSystem: ECOSYSTEM_PY,
internalPackageManagerName: "uv",
},
{
tool: "pip",
aikidoCommand: "aikido-pip",
ecoSystem: ECOSYSTEM_PY,
internalPackageManagerName: "pip",
},
{
tool: "pip3",
aikidoCommand: "aikido-pip3",
ecoSystem: ECOSYSTEM_PY,
internalPackageManagerName: "pip",
},
{
tool: "python",
aikidoCommand: "aikido-python",
ecoSystem: ECOSYSTEM_PY,
internalPackageManagerName: "pip",
},
{
tool: "python3",
aikidoCommand: "aikido-python3",
ecoSystem: ECOSYSTEM_PY,
internalPackageManagerName: "pip",
},
// When adding a new tool here, also update the documentation for the new tool in the README.md // When adding a new tool here, also update the documentation for the new tool in the README.md
]; ];

4
packages/safe-chain/src/shell-integration/path-wrappers/templates/unix-wrapper.template.sh
View file

@ -7,9 +7,9 @@ remove_shim_from_path() {
echo "$PATH" | sed "s|$HOME/.safe-chain/shims:||g" echo "$PATH" | sed "s|$HOME/.safe-chain/shims:||g"
} }
if command -v {{AIKIDO_COMMAND}} >/dev/null 2>&1; then if command -v safe-chain >/dev/null 2>&1; then
# Remove shim directory from PATH when calling {{AIKIDO_COMMAND}} to prevent infinite loops # Remove shim directory from PATH when calling {{AIKIDO_COMMAND}} to prevent infinite loops
PATH=$(remove_shim_from_path) exec {{AIKIDO_COMMAND}} "$@" PATH=$(remove_shim_from_path) exec safe-chain {{PACKAGE_MANAGER}} "$@"
else else
# Dynamically find original {{PACKAGE_MANAGER}} (excluding this shim directory) # Dynamically find original {{PACKAGE_MANAGER}} (excluding this shim directory)
original_cmd=$(PATH=$(remove_shim_from_path) command -v {{PACKAGE_MANAGER}}) original_cmd=$(PATH=$(remove_shim_from_path) command -v {{PACKAGE_MANAGER}})

4
packages/safe-chain/src/shell-integration/path-wrappers/templates/windows-wrapper.template.cmd
View file

@ -7,10 +7,10 @@ set "SHIM_DIR=%USERPROFILE%\.safe-chain\shims"
call set "CLEAN_PATH=%%PATH:%SHIM_DIR%;=%%" call set "CLEAN_PATH=%%PATH:%SHIM_DIR%;=%%"
REM Check if aikido command is available with clean PATH REM Check if aikido command is available with clean PATH
set "PATH=%CLEAN_PATH%" & where {{AIKIDO_COMMAND}} >nul 2>&1 set "PATH=%CLEAN_PATH%" & where safe-chain >nul 2>&1
if %errorlevel%==0 ( if %errorlevel%==0 (
REM Call aikido command with clean PATH REM Call aikido command with clean PATH
set "PATH=%CLEAN_PATH%" & {{AIKIDO_COMMAND}} %* set "PATH=%CLEAN_PATH%" & safe-chain {{PACKAGE_MANAGER}} %*
) else ( ) else (
REM Find the original command with clean PATH REM Find the original command with clean PATH
for /f "tokens=*" %%i in ('set "PATH=%CLEAN_PATH%" ^& where {{PACKAGE_MANAGER}} 2^>nul') do ( for /f "tokens=*" %%i in ('set "PATH=%CLEAN_PATH%" ^& where {{PACKAGE_MANAGER}} 2^>nul') do (

35
packages/safe-chain/src/shell-integration/setup-ci.js
View file

@ -8,6 +8,20 @@ import { fileURLToPath } from "url";
import { includePython } from "../config/cliArguments.js"; import { includePython } from "../config/cliArguments.js";
import { ECOSYSTEM_PY } from "../config/settings.js"; import { ECOSYSTEM_PY } from "../config/settings.js";
/** @type {string} */
// This checks the current file's dirname in a way that's compatible with:
// - Modulejs (import.meta.url)
// - ES modules (__dirname)
// This is needed because safe-chain's npm package is built using ES modules,
// but building the binaries requires commonjs.
let dirname;
if (import.meta.url) {
const filename = fileURLToPath(import.meta.url);
dirname = path.dirname(filename);
} else {
dirname = __dirname;
}
/** /**
* Loops over the detected shells and calls the setup function for each. * Loops over the detected shells and calls the setup function for each.
*/ */
@ -19,6 +33,7 @@ export async function setupCi() {
ui.emptyLine(); ui.emptyLine();
const shimsDir = path.join(os.homedir(), ".safe-chain", "shims"); const shimsDir = path.join(os.homedir(), ".safe-chain", "shims");
const binDir = path.join(os.homedir(), ".safe-chain", "bin");
// Create the shims directory if it doesn't exist // Create the shims directory if it doesn't exist
if (!fs.existsSync(shimsDir)) { if (!fs.existsSync(shimsDir)) {
fs.mkdirSync(shimsDir, { recursive: true }); fs.mkdirSync(shimsDir, { recursive: true });
@ -26,7 +41,7 @@ export async function setupCi() {
createShims(shimsDir); createShims(shimsDir);
ui.writeInformation(`Created shims in ${shimsDir}`); ui.writeInformation(`Created shims in ${shimsDir}`);
modifyPathForCi(shimsDir); modifyPathForCi(shimsDir, binDir);
ui.writeInformation(`Added shims directory to PATH for CI environments.`); ui.writeInformation(`Added shims directory to PATH for CI environments.`);
} }
@ -37,10 +52,8 @@ export async function setupCi() {
*/ */
function createUnixShims(shimsDir) { function createUnixShims(shimsDir) {
// Read the template file // Read the template file
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
const templatePath = path.resolve( const templatePath = path.resolve(
__dirname, dirname,
"path-wrappers", "path-wrappers",
"templates", "templates",
"unix-wrapper.template.sh" "unix-wrapper.template.sh"
@ -78,10 +91,8 @@ function createUnixShims(shimsDir) {
*/ */
function createWindowsShims(shimsDir) { function createWindowsShims(shimsDir) {
// Read the template file // Read the template file
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
const templatePath = path.resolve( const templatePath = path.resolve(
__dirname, dirname,
"path-wrappers", "path-wrappers",
"templates", "templates",
"windows-wrapper.template.cmd" "windows-wrapper.template.cmd"
@ -124,13 +135,18 @@ function createShims(shimsDir) {
/** /**
* @param {string} shimsDir * @param {string} shimsDir
* @param {string} binDir
* *
* @returns {void} * @returns {void}
*/ */
function modifyPathForCi(shimsDir) { function modifyPathForCi(shimsDir, binDir) {
if (process.env.GITHUB_PATH) { if (process.env.GITHUB_PATH) {
// In GitHub Actions, append the shims directory to GITHUB_PATH // In GitHub Actions, append the shims directory to GITHUB_PATH
fs.appendFileSync(process.env.GITHUB_PATH, shimsDir + os.EOL, "utf-8"); fs.appendFileSync(
process.env.GITHUB_PATH,
shimsDir + os.EOL + binDir + os.EOL,
"utf-8"
);
ui.writeInformation( ui.writeInformation(
`Added shims directory to GITHUB_PATH for GitHub Actions.` `Added shims directory to GITHUB_PATH for GitHub Actions.`
); );
@ -141,6 +157,7 @@ function modifyPathForCi(shimsDir) {
// ##vso[task.prependpath]/path/to/add // ##vso[task.prependpath]/path/to/add
// Logging this to stdout will cause the Azure Pipelines agent to pick it up // Logging this to stdout will cause the Azure Pipelines agent to pick it up
ui.writeInformation("##vso[task.prependpath]" + shimsDir); ui.writeInformation("##vso[task.prependpath]" + shimsDir);
ui.writeInformation("##vso[task.prependpath]" + binDir);
} }
} }

22
packages/safe-chain/src/shell-integration/setup.js
View file

@ -5,8 +5,22 @@ import { knownAikidoTools, getPackageManagerList } from "./helpers.js";
import fs from "fs"; import fs from "fs";
import os from "os"; import os from "os";
import path from "path"; import path from "path";
import { fileURLToPath } from "url";
import { includePython } from "../config/cliArguments.js"; import { includePython } from "../config/cliArguments.js";
import { fileURLToPath } from "url";
/** @type {string} */
// This checks the current file's dirname in a way that's compatible with:
// - Modulejs (import.meta.url)
// - ES modules (__dirname)
// This is needed because safe-chain's npm package is built using ES modules,
// but building the binaries requires commonjs.
let dirname;
if (import.meta.url) {
const filename = fileURLToPath(import.meta.url);
dirname = path.dirname(filename);
} else {
dirname = __dirname;
}
/** /**
* Loops over the detected shells and calls the setup function for each. * Loops over the detected shells and calls the setup function for each.
@ -103,10 +117,8 @@ function copyStartupFiles() {
} }
// Use absolute path for source // Use absolute path for source
const __filename = fileURLToPath(import.meta.url); const sourcePath = path.join(
const __dirname = path.dirname(__filename); dirname,
const sourcePath = path.resolve(
__dirname,
includePython() ? "startup-scripts/include-python" : "startup-scripts", includePython() ? "startup-scripts/include-python" : "startup-scripts",
file file
); );

136
packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-fish.fish
View file

@ -1,3 +1,67 @@
set -gx PATH $PATH $HOME/.safe-chain/bin
function npx
wrapSafeChainCommand "npx" $argv
end
function yarn
wrapSafeChainCommand "yarn" $argv
end
function pnpm
wrapSafeChainCommand "pnpm" $argv
end
function pnpx
wrapSafeChainCommand "pnpx" $argv
end
function bun
wrapSafeChainCommand "bun" $argv
end
function bunx
wrapSafeChainCommand "bunx" $argv
end
function npm
# If args is just -v or --version and nothing else, just run the `npm -v` command
# This is because nvm uses this to check the version of npm
set argc (count $argv)
if test $argc -eq 1
switch $argv[1]
case "-v" "--version"
command npm $argv
return
end
end
wrapSafeChainCommand "npm" $argv
end
function pip
wrapSafeChainCommand "pip" $argv
end
function pip3
wrapSafeChainCommand "pip3" $argv
end
function uv
wrapSafeChainCommand "uv" $argv
end
# `python -m pip`, `python -m pip3`.
function python
wrapSafeChainCommand "python" $argv
end
# `python3 -m pip`, `python3 -m pip3'.
function python3
wrapSafeChainCommand "python3" $argv
end
function printSafeChainWarning function printSafeChainWarning
set original_cmd $argv[1] set original_cmd $argv[1]
@ -17,76 +81,14 @@ end
function wrapSafeChainCommand function wrapSafeChainCommand
set original_cmd $argv[1] set original_cmd $argv[1]
set aikido_cmd $argv[2] set cmd_args $argv[2..-1]
set cmd_args $argv[3..-1]
if type -q $aikido_cmd if type -q safe-chain
# If the aikido command is available, just run it with the provided arguments # If the safe-chain command is available, just run it with the provided arguments
$aikido_cmd $cmd_args safe-chain $original_cmd $cmd_args
else else
# If the aikido command is not available, print a warning and run the original command # If the safe-chain command is not available, print a warning and run the original command
printSafeChainWarning $original_cmd printSafeChainWarning $original_cmd
command $original_cmd $cmd_args command $original_cmd $cmd_args
end end
end end
function npx
wrapSafeChainCommand "npx" "aikido-npx" $argv
end
function yarn
wrapSafeChainCommand "yarn" "aikido-yarn" $argv
end
function pnpm
wrapSafeChainCommand "pnpm" "aikido-pnpm" $argv
end
function pnpx
wrapSafeChainCommand "pnpx" "aikido-pnpx" $argv
end
function bun
wrapSafeChainCommand "bun" "aikido-bun" $argv
end
function bunx
wrapSafeChainCommand "bunx" "aikido-bunx" $argv
end
function npm
# If args is just -v or --version and nothing else, just run the `npm -v` command
# This is because nvm uses this to check the version of npm
set argc (count $argv)
if test $argc -eq 1
switch $argv[1]
case "-v" "--version"
command npm $argv
return
end
end
wrapSafeChainCommand "npm" "aikido-npm" $argv
end
function pip
wrapSafeChainCommand "pip" "aikido-pip" $argv
end
function pip3
wrapSafeChainCommand "pip3" "aikido-pip3" $argv
end
function uv
wrapSafeChainCommand "uv" "aikido-uv" $argv
end
# `python -m pip`, `python -m pip3`.
function python
wrapSafeChainCommand "python" "aikido-python" $argv
end
# `python3 -m pip`, `python3 -m pip3'.
function python3
wrapSafeChainCommand "python3" "aikido-python3" $argv
end

125
packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-posix.sh
View file

@ -1,3 +1,62 @@
export PATH="$PATH:$HOME/.safe-chain/bin"
function npx() {
wrapSafeChainCommand "npx" "$@"
}
function yarn() {
wrapSafeChainCommand "yarn" "$@"
}
function pnpm() {
wrapSafeChainCommand "pnpm" "$@"
}
function pnpx() {
wrapSafeChainCommand "pnpx" "$@"
}
function bun() {
wrapSafeChainCommand "bun" "$@"
}
function bunx() {
wrapSafeChainCommand "bunx" "$@"
}
function npm() {
if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
# If args is just -v or --version and nothing else, just run the npm version command
# This is because nvm uses this to check the version of npm
command npm "$@"
return
fi
wrapSafeChainCommand "npm" "$@"
}
function pip() {
wrapSafeChainCommand "pip" "$@"
}
function pip3() {
wrapSafeChainCommand "pip3" "$@"
}
function uv() {
wrapSafeChainCommand "uv" "$@"
}
# `python -m pip`, `python -m pip3`.
function python() {
wrapSafeChainCommand "python" "$@"
}
# `python3 -m pip`, `python3 -m pip3'.
function python3() {
wrapSafeChainCommand "python3" "$@"
}
function printSafeChainWarning() { function printSafeChainWarning() {
# \033[43;30m is used to set the background color to yellow and text color to black # \033[43;30m is used to set the background color to yellow and text color to black
@ -9,15 +68,10 @@ function printSafeChainWarning() {
function wrapSafeChainCommand() { function wrapSafeChainCommand() {
local original_cmd="$1" local original_cmd="$1"
local aikido_cmd="$2"
# Remove the first 2 arguments (original_cmd and aikido_cmd) from $@ if command -v safe-chain > /dev/null 2>&1; then
# so that "$@" now contains only the arguments passed to the original command
shift 2
if command -v "$aikido_cmd" > /dev/null 2>&1; then
# If the aikido command is available, just run it with the provided arguments # If the aikido command is available, just run it with the provided arguments
"$aikido_cmd" "$@" safe-chain "$@"
else else
# If the aikido command is not available, print a warning and run the original command # If the aikido command is not available, print a warning and run the original command
printSafeChainWarning "$original_cmd" printSafeChainWarning "$original_cmd"
@ -25,60 +79,3 @@ function wrapSafeChainCommand() {
command "$original_cmd" "$@" command "$original_cmd" "$@"
fi fi
} }
function npx() {
wrapSafeChainCommand "npx" "aikido-npx" "$@"
}
function yarn() {
wrapSafeChainCommand "yarn" "aikido-yarn" "$@"
}
function pnpm() {
wrapSafeChainCommand "pnpm" "aikido-pnpm" "$@"
}
function pnpx() {
wrapSafeChainCommand "pnpx" "aikido-pnpx" "$@"
}
function bun() {
wrapSafeChainCommand "bun" "aikido-bun" "$@"
}
function bunx() {
wrapSafeChainCommand "bunx" "aikido-bunx" "$@"
}
function npm() {
if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
# If args is just -v or --version and nothing else, just run the npm version command
# This is because nvm uses this to check the version of npm
command npm "$@"
return
fi
wrapSafeChainCommand "npm" "aikido-npm" "$@"
}
function pip() {
wrapSafeChainCommand "pip" "aikido-pip" "$@"
}
function pip3() {
wrapSafeChainCommand "pip3" "aikido-pip3" "$@"
}
function uv() {
wrapSafeChainCommand "uv" "aikido-uv" "$@"
}
# `python -m pip`, `python -m pip3`.
function python() {
wrapSafeChainCommand "python" "aikido-python" "$@"
}
# `python3 -m pip`, `python3 -m pip3'.
function python3() {
wrapSafeChainCommand "python3" "aikido-python3" "$@"
}

126
packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1
View file

@ -1,3 +1,66 @@
# Use cross-platform path separator (: on Unix, ; on Windows)
$pathSeparator = if ($IsWindows) { ';' } else { ':' }
$safeChainBin = Join-Path $HOME '.safe-chain' 'bin'
$env:PATH = "$env:PATH$pathSeparator$safeChainBin"
function npx {
Invoke-WrappedCommand "npx" $args
}
function yarn {
Invoke-WrappedCommand "yarn" $args
}
function pnpm {
Invoke-WrappedCommand "pnpm" $args
}
function pnpx {
Invoke-WrappedCommand "pnpx" $args
}
function bun {
Invoke-WrappedCommand "bun" $args
}
function bunx {
Invoke-WrappedCommand "bunx" $args
}
function npm {
# If args is just -v or --version and nothing else, just run the npm version command
# This is because nvm uses this to check the version of npm
if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
Invoke-RealCommand "npm" $args
return
}
Invoke-WrappedCommand "npm" $args
}
function pip {
Invoke-WrappedCommand "pip" $args
}
function pip3 {
Invoke-WrappedCommand "pip3" $args
}
function uv {
Invoke-WrappedCommand "uv" $args
}
# `python -m pip`, `python -m pip3`.
function python {
Invoke-WrappedCommand 'python' $args
}
# `python3 -m pip`, `python3 -m pip3'.
function python3 {
Invoke-WrappedCommand 'python3' $args
}
function Write-SafeChainWarning { function Write-SafeChainWarning {
param([string]$Command) param([string]$Command)
@ -39,73 +102,14 @@ function Invoke-RealCommand {
function Invoke-WrappedCommand { function Invoke-WrappedCommand {
param( param(
[string]$OriginalCmd, [string]$OriginalCmd,
[string]$AikidoCmd,
[string[]]$Arguments [string[]]$Arguments
) )
if (Test-CommandAvailable $AikidoCmd) { if (Test-CommandAvailable "safe-chain") {
& $AikidoCmd @Arguments & safe-chain $OriginalCmd @Arguments
} }
else { else {
Write-SafeChainWarning $OriginalCmd Write-SafeChainWarning $OriginalCmd
Invoke-RealCommand $OriginalCmd $Arguments Invoke-RealCommand $OriginalCmd $Arguments
} }
} }
function npx {
Invoke-WrappedCommand "npx" "aikido-npx" $args
}
function yarn {
Invoke-WrappedCommand "yarn" "aikido-yarn" $args
}
function pnpm {
Invoke-WrappedCommand "pnpm" "aikido-pnpm" $args
}
function pnpx {
Invoke-WrappedCommand "pnpx" "aikido-pnpx" $args
}
function bun {
Invoke-WrappedCommand "bun" "aikido-bun" $args
}
function bunx {
Invoke-WrappedCommand "bunx" "aikido-bunx" $args
}
function npm {
# If args is just -v or --version and nothing else, just run the npm version command
# This is because nvm uses this to check the version of npm
if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
Invoke-RealCommand "npm" $args
return
}
Invoke-WrappedCommand "npm" "aikido-npm" $args
}
function pip {
Invoke-WrappedCommand "pip" "aikido-pip" $args
}
function pip3 {
Invoke-WrappedCommand "pip3" "aikido-pip3" $args
}
function uv {
Invoke-WrappedCommand "uv" "aikido-uv" $args
}
# `python -m pip`, `python -m pip3`.
function python {
Invoke-WrappedCommand 'python' 'aikido-python' $args
}
# `python3 -m pip`, `python3 -m pip3'.
function python3 {
Invoke-WrappedCommand 'python3' 'aikido-python3' $args
}

91
packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish
View file

@ -1,3 +1,44 @@
set -gx PATH $PATH $HOME/.safe-chain/bin
function npx
wrapSafeChainCommand "npx" $argv
end
function yarn
wrapSafeChainCommand "yarn" $argv
end
function pnpm
wrapSafeChainCommand "pnpm" $argv
end
function pnpx
wrapSafeChainCommand "pnpx" $argv
end
function bun
wrapSafeChainCommand "bun" $argv
end
function bunx
wrapSafeChainCommand "bunx" $argv
end
function npm
# If args is just -v or --version and nothing else, just run the `npm -v` command
# This is because nvm uses this to check the version of npm
set argc (count $argv)
if test $argc -eq 1
switch $argv[1]
case "-v" "--version"
command npm $argv
return
end
end
wrapSafeChainCommand "npm" $argv
end
function printSafeChainWarning function printSafeChainWarning
set original_cmd $argv[1] set original_cmd $argv[1]
@ -17,54 +58,14 @@ end
function wrapSafeChainCommand function wrapSafeChainCommand
set original_cmd $argv[1] set original_cmd $argv[1]
set aikido_cmd $argv[2] set cmd_args $argv[2..-1]
set cmd_args $argv[3..-1]
if type -q $aikido_cmd if type -q safe-chain
# If the aikido command is available, just run it with the provided arguments # If the safe-chain command is available, just run it with the provided arguments
$aikido_cmd $cmd_args safe-chain $original_cmd $cmd_args
else else
# If the aikido command is not available, print a warning and run the original command # If the safe-chain command is not available, print a warning and run the original command
printSafeChainWarning $original_cmd printSafeChainWarning $original_cmd
command $original_cmd $cmd_args command $original_cmd $cmd_args
end end
end end
function npx
wrapSafeChainCommand "npx" "aikido-npx" $argv
end
function yarn
wrapSafeChainCommand "yarn" "aikido-yarn" $argv
end
function pnpm
wrapSafeChainCommand "pnpm" "aikido-pnpm" $argv
end
function pnpx
wrapSafeChainCommand "pnpx" "aikido-pnpx" $argv
end
function bun
wrapSafeChainCommand "bun" "aikido-bun" $argv
end
function bunx
wrapSafeChainCommand "bunx" "aikido-bunx" $argv
end
function npm
# If args is just -v or --version and nothing else, just run the `npm -v` command
# This is because nvm uses this to check the version of npm
set argc (count $argv)
if test $argc -eq 1
switch $argv[1]
case "-v" "--version"
command npm $argv
return
end
end
wrapSafeChainCommand "npm" "aikido-npm" $argv
end

80
packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
View file

@ -1,3 +1,39 @@
export PATH="$PATH:$HOME/.safe-chain/bin"
function npx() {
wrapSafeChainCommand "npx" "$@"
}
function yarn() {
wrapSafeChainCommand "yarn" "$@"
}
function pnpm() {
wrapSafeChainCommand "pnpm" "$@"
}
function pnpx() {
wrapSafeChainCommand "pnpx" "$@"
}
function bun() {
wrapSafeChainCommand "bun" "$@"
}
function bunx() {
wrapSafeChainCommand "bunx" "$@"
}
function npm() {
if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
# If args is just -v or --version and nothing else, just run the npm version command
# This is because nvm uses this to check the version of npm
command npm "$@"
return
fi
wrapSafeChainCommand "npm" "$@"
}
function printSafeChainWarning() { function printSafeChainWarning() {
# \033[43;30m is used to set the background color to yellow and text color to black # \033[43;30m is used to set the background color to yellow and text color to black
@ -9,15 +45,10 @@ function printSafeChainWarning() {
function wrapSafeChainCommand() { function wrapSafeChainCommand() {
local original_cmd="$1" local original_cmd="$1"
local aikido_cmd="$2"
# Remove the first 2 arguments (original_cmd and aikido_cmd) from $@ if command -v safe-chain > /dev/null 2>&1; then
# so that "$@" now contains only the arguments passed to the original command
shift 2
if command -v "$aikido_cmd" > /dev/null 2>&1; then
# If the aikido command is available, just run it with the provided arguments # If the aikido command is available, just run it with the provided arguments
"$aikido_cmd" "$@" safe-chain "$@"
else else
# If the aikido command is not available, print a warning and run the original command # If the aikido command is not available, print a warning and run the original command
printSafeChainWarning "$original_cmd" printSafeChainWarning "$original_cmd"
@ -25,38 +56,3 @@ function wrapSafeChainCommand() {
command "$original_cmd" "$@" command "$original_cmd" "$@"
fi fi
} }
function npx() {
wrapSafeChainCommand "npx" "aikido-npx" "$@"
}
function yarn() {
wrapSafeChainCommand "yarn" "aikido-yarn" "$@"
}
function pnpm() {
wrapSafeChainCommand "pnpm" "aikido-pnpm" "$@"
}
function pnpx() {
wrapSafeChainCommand "pnpx" "aikido-pnpx" "$@"
}
function bun() {
wrapSafeChainCommand "bun" "aikido-bun" "$@"
}
function bunx() {
wrapSafeChainCommand "bunx" "aikido-bunx" "$@"
}
function npm() {
if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
# If args is just -v or --version and nothing else, just run the npm version command
# This is because nvm uses this to check the version of npm
command npm "$@"
return
fi
wrapSafeChainCommand "npm" "aikido-npm" "$@"
}

80
packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1
View file

@ -1,3 +1,43 @@
# Use cross-platform path separator (: on Unix, ; on Windows)
$pathSeparator = if ($IsWindows) { ';' } else { ':' }
$safeChainBin = Join-Path $HOME '.safe-chain' 'bin'
$env:PATH = "$env:PATH$pathSeparator$safeChainBin"
function npx {
Invoke-WrappedCommand "npx" $args
}
function yarn {
Invoke-WrappedCommand "yarn" $args
}
function pnpm {
Invoke-WrappedCommand "pnpm" $args
}
function pnpx {
Invoke-WrappedCommand "pnpx" $args
}
function bun {
Invoke-WrappedCommand "bun" $args
}
function bunx {
Invoke-WrappedCommand "bunx" $args
}
function npm {
# If args is just -v or --version and nothing else, just run the npm version command
# This is because nvm uses this to check the version of npm
if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
Invoke-RealCommand "npm" $args
return
}
Invoke-WrappedCommand "npm" $args
}
function Write-SafeChainWarning { function Write-SafeChainWarning {
param([string]$Command) param([string]$Command)
@ -39,50 +79,14 @@ function Invoke-RealCommand {
function Invoke-WrappedCommand { function Invoke-WrappedCommand {
param( param(
[string]$OriginalCmd, [string]$OriginalCmd,
[string]$AikidoCmd,
[string[]]$Arguments [string[]]$Arguments
) )
if (Test-CommandAvailable $AikidoCmd) { if (Test-CommandAvailable "safe-chain") {
& $AikidoCmd @Arguments & safe-chain $OriginalCmd @Arguments
} }
else { else {
Write-SafeChainWarning $OriginalCmd Write-SafeChainWarning $OriginalCmd
Invoke-RealCommand $OriginalCmd $Arguments Invoke-RealCommand $OriginalCmd $Arguments
} }
} }
function npx {
Invoke-WrappedCommand "npx" "aikido-npx" $args
}
function yarn {
Invoke-WrappedCommand "yarn" "aikido-yarn" $args
}
function pnpm {
Invoke-WrappedCommand "pnpm" "aikido-pnpm" $args
}
function pnpx {
Invoke-WrappedCommand "pnpx" "aikido-pnpx" $args
}
function bun {
Invoke-WrappedCommand "bun" "aikido-bun" $args
}
function bunx {
Invoke-WrappedCommand "bunx" "aikido-bunx" $args
}
function npm {
# If args is just -v or --version and nothing else, just run the npm version command
# This is because nvm uses this to check the version of npm
if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
Invoke-RealCommand "npm" $args
return
}
Invoke-WrappedCommand "npm" "aikido-npm" $args
}