milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add command to get the safe-chain version

Browse source
This commit is contained in:
Sander Declerck 2025-10-10 15:34:33 +02:00
parent dc4352bffb
commit 4fc33d2387
No known key found for this signature in database
2 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -40,6 +40,11 @@ Installing the Aikido Safe Chain is easy. You just need 3 simple steps:
When running `npm`, `npx`, `yarn`, `pnpm`, `pnpx`, `bun`, or `bunx` commands, the Aikido Safe Chain will automatically check for malware in the packages you are trying to install. If any malware is detected, it will prompt you to exit the command. When running `npm`, `npx`, `yarn`, `pnpm`, `pnpx`, `bun`, or `bunx` commands, the Aikido Safe Chain will automatically check for malware in the packages you are trying to install. If any malware is detected, it will prompt you to exit the command.
You can check the installed version by running:
```shell
safe-chain --version
```
## How it works ## How it works
The Aikido Safe Chain works by running a lightweight proxy server that intercepts package downloads from the npm registry. When you run npm, npx, yarn, pnpm, pnpx, bun, or bunx commands, all package downloads are routed through this local proxy, which verifies packages in real-time against **[Aikido Intel - Open Sources Threat Intelligence](https://intel.aikido.dev/?tab=malware)**. If malware is detected in any package (including deep dependencies), the proxy blocks the download before the malicious code reaches your machine. The Aikido Safe Chain works by running a lightweight proxy server that intercepts package downloads from the npm registry. When you run npm, npx, yarn, pnpm, pnpx, bun, or bunx commands, all package downloads are routed through this local proxy, which verifies packages in real-time against **[Aikido Intel - Open Sources Threat Intelligence](https://intel.aikido.dev/?tab=malware)**. If malware is detected in any package (including deep dependencies), the proxy blocks the download before the malicious code reaches your machine.

20
packages/safe-chain/bin/safe-chain.js
View file

@ -1,6 +1,7 @@
#!/usr/bin/env node #!/usr/bin/env node
import chalk from "chalk"; import chalk from "chalk";
import { createRequire } from "module";
import { ui } from "../src/environment/userInteraction.js"; import { ui } from "../src/environment/userInteraction.js";
import { setup } from "../src/shell-integration/setup.js"; import { setup } from "../src/shell-integration/setup.js";
import { teardown } from "../src/shell-integration/teardown.js"; import { teardown } from "../src/shell-integration/teardown.js";
@ -26,6 +27,8 @@ if (command === "setup") {
teardown(); teardown();
} else if (command === "setup-ci") { } else if (command === "setup-ci") {
setupCi(); setupCi();
} else if (command === "--version" || command === "-v" || command === "-v") {
ui.writeInformation(`Current safe-chain version: ${getVersion()}`);
} else { } else {
ui.writeError(`Unknown command: ${command}.`); ui.writeError(`Unknown command: ${command}.`);
ui.emptyLine(); ui.emptyLine();
@ -43,13 +46,15 @@ function writeHelp() {
ui.writeInformation( ui.writeInformation(
`Available commands: ${chalk.cyan("setup")}, ${chalk.cyan( `Available commands: ${chalk.cyan("setup")}, ${chalk.cyan(
"teardown" "teardown"
)}, ${chalk.cyan("help")}` )}, ${chalk.cyan("setup-ci")}, ${chalk.cyan("help")}, ${chalk.cyan(
"--version"
)}`
); );
ui.emptyLine(); ui.emptyLine();
ui.writeInformation( ui.writeInformation(
`- ${chalk.cyan( `- ${chalk.cyan(
"safe-chain setup" "safe-chain setup"
)}: This will setup your shell to wrap safe-chain around npm, npx, yarn, pnpm and pnpx.` )}: This will setup your shell to wrap safe-chain around npm, npx, yarn, pnpm, pnpx, bun and bunx.`
); );
ui.writeInformation( ui.writeInformation(
`- ${chalk.cyan( `- ${chalk.cyan(
@ -61,5 +66,16 @@ function writeHelp() {
"safe-chain setup-ci" "safe-chain setup-ci"
)}: This will setup safe-chain for CI environments by creating shims and modifying the PATH.` )}: This will setup safe-chain for CI environments by creating shims and modifying the PATH.`
); );
ui.writeInformation(
`- ${chalk.cyan(
"safe-chain --version"
)} (or ${chalk.cyan("-v")}): Display the current version of safe-chain.`
);
ui.emptyLine(); ui.emptyLine();
} }
function getVersion() {
const require = createRequire(import.meta.url);
const packageJson = require("../package.json");
return packageJson.version;
}