milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #284 from AikidoSec/troubleshooting-packagemanager-cache

Browse source 
Add a section about troubleshooting when the package is already in the cache
This commit is contained in:
Sander Declerck 2026-01-09 09:28:39 +01:00 committed by GitHub
commit 6d2d943e18
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 49 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

50
docs/troubleshooting.md
View file

@ -44,6 +44,8 @@ pip3 install safe-chain-pi-test
These test packages are flagged as malware and should be blocked by Safe Chain.
**If the test package installs successfully instead of being blocked**, see [Malware Not Being Blocked](#malware-not-being-blocked) below.
### Logging Options
Use logging flags to get more information:
@ -58,6 +60,52 @@ npm install express --safe-chain-logging=silent
## Common Issues
### Malware Not Being Blocked
**Symptom:** Test malware packages (like `safe-chain-test`) install successfully when they should be blocked
**Most Common Cause:** The package is cached in your package manager's local store
Safe-chain blocks malicious packages by intercepting network requests to package registries using its proxy.
When a package is already cached locally, the package manager skips downloading it from the registry, which bypasses the proxy.
**Resolution Steps:**
1. **Clear your package manager's cache:**
```bash
# For npm
npm cache clean --force
# For pnpm
pnpm store prune
# For yarn (classic)
yarn cache clean
# For yarn (berry/v2+)
yarn cache clean --all
# For bun
bun pm cache rm
```
> **⚠️ Warning:** Cache clearing is safe but will remove all cached packages. Subsequent installations will need to re-download packages. In CI/CD environments or monorepos, this may affect build times.
2. **Clean local installation artifacts:**
```bash
# Remove node_modules if you want a completely fresh install
rm -rf node_modules
```
3. **Re-test malware blocking:**
```bash
npm install safe-chain-test # Should be blocked
```
### Shell Aliases Not Working After Installation
**Symptom:** Running `npm` shows regular npm instead of safe-chain wrapped version
@ -246,4 +294,4 @@ If you encounter problems:
- Shell type and version
- `safe-chain --version` output
- Output from verification commands
- Verbose logs of the failing command
- Verbose logs of the failing command (add the `--safe-chain-logging=verbose` argument)