Merge pull request #262 from AikidoSec/safe-chain-verify-command

Add command to verify safe-chain is intercepting the package managers commands

README.md

@@ -71,7 +71,20 @@ You can find all available versions on the [releases page](https://github.com/Ai
 
    - This step is crucial as it ensures that the shell aliases for npm, npx, yarn, pnpm, pnpx, bun, bunx, pip, pip3, poetry, uv and pipx are loaded correctly. If you do not restart your terminal, the aliases will not be available.
 
-2. **Verify the installation** by running one of the following commands:
+2. **Verify the installation** by running the verification command:
+
+   ```shell
+   npm safe-chain-verify
+   pnpm safe-chain-verify
+   pip safe-chain-verify
+   uv safe-chain-verify
+
+   # Any other supported package manager: {packagemanager} safe-chain-verify
+   ```
+
+   - The output should display "OK: Safe-chain works!" confirming that Aikido Safe Chain is properly installed and running.
+
+3. **(Optional) Test malware blocking** by attempting to install a test package:
 
    For JavaScript/Node.js:
 

packages/safe-chain/bin/safe-chain.js

@@ -3,7 +3,10 @@
 import chalk from "chalk";
 import { ui } from "../src/environment/userInteraction.js";
 import { setup } from "../src/shell-integration/setup.js";
-import { teardown, teardownDirectories } from "../src/shell-integration/teardown.js";
+import {
+  teardown,
+  teardownDirectories,
+} from "../src/shell-integration/teardown.js";
 import { setupCi } from "../src/shell-integration/setup-ci.js";
 import { initializeCliArguments } from "../src/config/cliArguments.js";
 import { setEcoSystem } from "../src/config/settings.js";
@@ -45,7 +48,7 @@ if (tool) {
   const args = process.argv.slice(3);
 
   setEcoSystem(tool.ecoSystem);
-  
+
   // Provide tool context to PM (pip uses this; others ignore)
   const toolContext = { tool: tool.tool, args };
   initializePackageManager(tool.internalPackageManagerName, toolContext);

packages/safe-chain/src/main.js

@@ -13,6 +13,10 @@ import { getAuditStats } from "./scanning/audit/index.js";
  * @returns {Promise<number>}
  */
 export async function main(args) {
+  if (isSafeChainVerify(args)) {
+    return 0;
+  }
+
   process.on("SIGINT", handleProcessTermination);
   process.on("SIGTERM", handleProcessTermination);
 
@@ -104,3 +108,12 @@ export async function main(args) {
 function handleProcessTermination() {
   ui.writeBufferedLogsAndStopBuffering();
 }
+
+/** @param {string[]} args  */
+function isSafeChainVerify(args) {
+  const safeChainCheckCommand = "safe-chain-verify";
+  if (args.length > 0 && args[0] === safeChainCheckCommand) {
+    ui.writeInformation("OK: Safe-chain works!");
+    return true;
+  }
+}