Merge pull request #262 from AikidoSec/safe-chain-verify-command

Add command to verify safe-chain is intercepting the package managers commands
2026-05-26 12:10:49 +00:00 · 2026-01-05 09:10:05 +01:00 · 2026-01-05 09:10:05 +01:00 · 74c57cd86a
commit 74c57cd86a
parent acb4aa1a13 b571aad6a0
3 changed files with 32 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -71,7 +71,20 @@ You can find all available versions on the [releases page](https://github.com/Ai

   - This step is crucial as it ensures that the shell aliases for npm, npx, yarn, pnpm, pnpx, bun, bunx, pip, pip3, poetry, uv and pipx are loaded correctly. If you do not restart your terminal, the aliases will not be available.

-2. **Verify the installation** by running one of the following commands:
+2. **Verify the installation** by running the verification command:
+
+   ```shell
+   npm safe-chain-verify
+   pnpm safe-chain-verify
+   pip safe-chain-verify
+   uv safe-chain-verify
+
+   # Any other supported package manager: {packagemanager} safe-chain-verify
+   ```
+
+   - The output should display "OK: Safe-chain works!" confirming that Aikido Safe Chain is properly installed and running.
+
+3. **(Optional) Test malware blocking** by attempting to install a test package:

   For JavaScript/Node.js:

--- a/packages/safe-chain/bin/safe-chain.js
+++ b/packages/safe-chain/bin/safe-chain.js
@ -3,7 +3,10 @@
 import chalk from "chalk";
 import { ui } from "../src/environment/userInteraction.js";
 import { setup } from "../src/shell-integration/setup.js";
-import { teardown, teardownDirectories } from "../src/shell-integration/teardown.js";
+import {
+  teardown,
+  teardownDirectories,
+} from "../src/shell-integration/teardown.js";
 import { setupCi } from "../src/shell-integration/setup-ci.js";
 import { initializeCliArguments } from "../src/config/cliArguments.js";
 import { setEcoSystem } from "../src/config/settings.js";
--- a/packages/safe-chain/src/main.js
+++ b/packages/safe-chain/src/main.js
@ -13,6 +13,10 @@ import { getAuditStats } from "./scanning/audit/index.js";
 * @returns {Promise<number>}
 */
 export async function main(args) {
+  if (isSafeChainVerify(args)) {
+    return 0;
+  }
+
  process.on("SIGINT", handleProcessTermination);
  process.on("SIGTERM", handleProcessTermination);

@ -104,3 +108,12 @@ export async function main(args) {
 function handleProcessTermination() {
  ui.writeBufferedLogsAndStopBuffering();
 }
+
+/** @param {string[]} args  */
+function isSafeChainVerify(args) {
+  const safeChainCheckCommand = "safe-chain-verify";
+  if (args.length > 0 && args[0] === safeChainCheckCommand) {
+    ui.writeInformation("OK: Safe-chain works!");
+    return true;
+  }
+}