milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add e2e tests for blocking malware on npm, pnpm and yarn

Browse source
This commit is contained in:
Sander Declerck 2025-09-16 12:40:45 +02:00
parent f313887d99
commit 58b15caba3
No known key found for this signature in database
3 changed files with 216 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
test/e2e/npm.e2e.spec.js
View file

@ -77,4 +77,22 @@ describe("E2E: npm coverage", () => {
`Output did not include expected text. Output was:\n${result.output}`
);
});
it("safe-chain blocks npm exec from executing malicious packages", async () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("npm exec safe-chain-test");
assert.ok(
result.output.includes("Malicious changes detected:"),
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("- safe-chain-test"),
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(
result.output.includes("Exiting without installing malicious packages."),
`Output did not include expected text. Output was:\n${result.output}`
);
});
});