milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Create verifyNoMaliciousPackages function in proxy

Browse source
This commit is contained in:
Sander Declerck 2025-09-30 15:11:00 +02:00
parent 6c08c6adce
commit 3b145a4695
No known key found for this signature in database
2 changed files with 28 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

22
packages/safe-chain/src/main.js
View file

@ -5,7 +5,6 @@ import { ui } from "./environment/userInteraction.js";
import { getPackageManager } from "./packagemanager/currentPackageManager.js";
import { initializeCliArguments } from "./config/cliArguments.js";
import { createSafeChainProxy } from "./registryProxy/registryProxy.js";
import chalk from "chalk";
export async function main(args) {
const proxy = createSafeChainProxy();
@ -26,26 +25,7 @@ export async function main(args) {
var result = await getPackageManager().runCommand(args);
await proxy.stopServer();
const blockedRequests = proxy.getBlockedRequests();
if (blockedRequests.length > 0) {
ui.emptyLine();
ui.writeInformation(
`Safe-chain: ${chalk.bold(
`blocked ${blockedRequests.length} malicious package downloads`
)}:`
);
for (const req of blockedRequests) {
ui.writeInformation(` - ${req.packageName}@${req.version} (${req.url})`);
}
ui.emptyLine();
ui.writeError("Exiting without installing malicious packages.");
ui.emptyLine();
process.exit(1);
}
proxy.verifyNoMaliciousPackages();
process.exit(result.status);
}