milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow to exclude packages from the minimum package age

Browse source
This commit is contained in:
Sander Declerck 2026-01-14 17:41:23 +01:00
parent 5898fc851a
commit 6815b62019
No known key found for this signature in database
9 changed files with 387 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

22
packages/safe-chain/src/config/configFile.js
View file

@ -16,6 +16,7 @@ import { getEcoSystem } from "./settings.js";
* @typedef {Object} SafeChainRegistryConfiguration
* We cannot trust the input and should add the necessary validations.
* @property {unknown | string[]} customRegistries
* @property {unknown | string[]} minimumPackageAgeExclusions
*/
/**
@ -127,6 +128,27 @@ export function getPipCustomRegistries() {
return customRegistries.filter((item) => typeof item === "string");
}
/**
* Gets the minimum package age exclusions from the config file
* @returns {string[]}
*/
export function getNpmMinimumPackageAgeExclusions() {
const config = readConfigFile();
if (!config || !config.npm) {
return [];
}
const npmConfig = /** @type {SafeChainRegistryConfiguration} */ (config.npm);
const exclusions = npmConfig.minimumPackageAgeExclusions;
if (!Array.isArray(exclusions)) {
return [];
}
return exclusions.filter((item) => typeof item === "string");
}
/**
* @param {import("../api/aikido.js").MalwarePackage[]} data
* @param {string | number} version