Merge branch 'main' into setup-check-if-dir-exists

2026-05-26 12:10:49 +00:00 · 2025-09-18 10:27:00 +02:00 · 2025-09-18 10:27:00 +02:00 · 91473838d2
commit 91473838d2
parent f793bb8467 f7589160af
8 changed files with 68 additions and 62 deletions
--- a/packages/safe-chain/package.json
+++ b/packages/safe-chain/package.json
@ -28,12 +28,12 @@
  "license": "AGPL-3.0-or-later",
  "description": "The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), and [pnpx](https://pnpm.io/cli/dlx) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm, or pnpx from downloading or running the malware.",
  "dependencies": {
-    "abbrev": "^3.0.1",
-    "chalk": "^5.4.1",
-    "make-fetch-happen": "^14.0.3",
-    "npm-registry-fetch": "^18.0.2",
-    "ora": "^8.2.0",
-    "semver": "^7.7.2"
+    "abbrev": "3.0.1",
+    "chalk": "5.4.1",
+    "make-fetch-happen": "14.0.3",
+    "npm-registry-fetch": "18.0.2",
+    "ora": "8.2.0",
+    "semver": "7.7.2"
  },
  "main": "src/main.js",
  "bugs": {
--- a/packages/safe-chain/src/shell-integration/helpers.js
+++ b/packages/safe-chain/src/shell-integration/helpers.js
@ -23,15 +23,17 @@ export function doesExecutableExistOnSystem(executableName) {
  }
 }

-export function removeLinesMatchingPattern(filePath, pattern) {
+export function removeLinesMatchingPattern(filePath, pattern, eol) {
  if (!fs.existsSync(filePath)) {
    return;
  }

+  eol = eol || os.EOL;
+
  const fileContent = fs.readFileSync(filePath, "utf-8");
-  const lines = fileContent.split(/[\r\n\u2028\u2029]+/);
+  const lines = fileContent.split(/[\r\n\u2028\u2029]/);
  const updatedLines = lines.filter((line) => !shouldRemoveLine(line, pattern));
-  fs.writeFileSync(filePath, updatedLines.join(os.EOL), "utf-8");
+  fs.writeFileSync(filePath, updatedLines.join(eol), "utf-8");
 }

 const maxLineLength = 100;
@ -63,11 +65,13 @@ function shouldRemoveLine(line, pattern) {
  return true;
 }

-export function addLineToFile(filePath, line) {
+export function addLineToFile(filePath, line, eol) {
  createFileIfNotExists(filePath);

+  eol = eol || os.EOL;
+
  const fileContent = fs.readFileSync(filePath, "utf-8");
-  const updatedContent = fileContent + os.EOL + line + os.EOL;
+  const updatedContent = fileContent + eol + line + eol;
  fs.writeFileSync(filePath, updatedContent, "utf-8");
 }

--- a/packages/safe-chain/src/shell-integration/supported-shells/bash.js
+++ b/packages/safe-chain/src/shell-integration/supported-shells/bash.js
@ -9,6 +9,7 @@ import * as os from "os";
 const shellName = "Bash";
 const executableName = "bash";
 const startupFileCommand = "echo ~/.bashrc";
+const eol = "\n"; // When bash runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.

 function isInstalled() {
  return doesExecutableExistOnSystem(executableName);
@ -19,13 +20,18 @@ function teardown(tools) {

  for (const { tool } of tools) {
    // Remove any existing alias for the tool
-    removeLinesMatchingPattern(startupFile, new RegExp(`^alias\\s+${tool}=`));
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^alias\\s+${tool}=`),
+      eol
+    );
  }

  // Removes the line that sources the safe-chain bash initialization script (~/.aikido/scripts/init-posix.sh)
  removeLinesMatchingPattern(
    startupFile,
-    /^source\s+~\/\.safe-chain\/scripts\/init-posix\.sh/
+    /^source\s+~\/\.safe-chain\/scripts\/init-posix\.sh/,
+    eol
  );

  return true;
@ -36,7 +42,8 @@ function setup() {

  addLineToFile(
    startupFile,
-    `source ~/.safe-chain/scripts/init-posix.sh # Safe-chain bash initialization script`
+    `source ~/.safe-chain/scripts/init-posix.sh # Safe-chain bash initialization script`,
+    eol
  );

  return true;
--- a/packages/safe-chain/src/shell-integration/supported-shells/fish.js
+++ b/packages/safe-chain/src/shell-integration/supported-shells/fish.js
@ -8,6 +8,7 @@ import { execSync } from "child_process";
 const shellName = "Fish";
 const executableName = "fish";
 const startupFileCommand = "echo ~/.config/fish/config.fish";
+const eol = "\n"; // When fish runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.

 function isInstalled() {
  return doesExecutableExistOnSystem(executableName);
@ -20,14 +21,16 @@ function teardown(tools) {
    // Remove any existing alias for the tool
    removeLinesMatchingPattern(
      startupFile,
-      new RegExp(`^alias\\s+${tool}\\s+`)
+      new RegExp(`^alias\\s+${tool}\\s+`),
+      eol
    );
  }

  // Removes the line that sources the safe-chain fish initialization script (~/.safe-chain/scripts/init-fish.fish)
  removeLinesMatchingPattern(
    startupFile,
-    /^source\s+~\/\.safe-chain\/scripts\/init-fish\.fish/
+    /^source\s+~\/\.safe-chain\/scripts\/init-fish\.fish/,
+    eol
  );

  return true;
@ -38,7 +41,8 @@ function setup() {

  addLineToFile(
    startupFile,
-    `source ~/.safe-chain/scripts/init-fish.fish # Safe-chain Fish initialization script`
+    `source ~/.safe-chain/scripts/init-fish.fish # Safe-chain Fish initialization script`,
+    eol
  );

  return true;
--- a/packages/safe-chain/src/shell-integration/supported-shells/zsh.js
+++ b/packages/safe-chain/src/shell-integration/supported-shells/zsh.js
@ -8,6 +8,7 @@ import { execSync } from "child_process";
 const shellName = "Zsh";
 const executableName = "zsh";
 const startupFileCommand = "echo ${ZDOTDIR:-$HOME}/.zshrc";
+const eol = "\n"; // When zsh runs on Windows (e.g., Git Bash or WSL), it expects LF line endings.

 function isInstalled() {
  return doesExecutableExistOnSystem(executableName);
@ -18,13 +19,18 @@ function teardown(tools) {

  for (const { tool } of tools) {
    // Remove any existing alias for the tool
-    removeLinesMatchingPattern(startupFile, new RegExp(`^alias\\s+${tool}=`));
+    removeLinesMatchingPattern(
+      startupFile,
+      new RegExp(`^alias\\s+${tool}=`),
+      eol
+    );
  }

  // Removes the line that sources the safe-chain zsh initialization script (~/.aikido/scripts/init-posix.sh)
  removeLinesMatchingPattern(
    startupFile,
-    /^source\s+~\/\.safe-chain\/scripts\/init-posix\.sh/
+    /^source\s+~\/\.safe-chain\/scripts\/init-posix\.sh/,
+    eol
  );

  return true;
@ -35,7 +41,8 @@ function setup() {

  addLineToFile(
    startupFile,
-    `source ~/.safe-chain/scripts/init-posix.sh # Safe-chain Zsh initialization script`
+    `source ~/.safe-chain/scripts/init-posix.sh # Safe-chain Zsh initialization script`,
+    eol
  );

  return true;
--- a/packages/safe-chain/src/shell-integration/supported-shells/zsh.spec.js
+++ b/packages/safe-chain/src/shell-integration/supported-shells/zsh.spec.js
@ -222,5 +222,24 @@ describe("Zsh shell integration", () => {
      );
      assert.ok(content.includes("alias ls="));
    });
+
+    it("should respect empty lines and comments", () => {
+      const initialContent = [
+        "#!/bin/zsh",
+        "",
+        "# Some comment",
+        "",
+        "",
+        "",
+        "# Another comment",
+      ].join("\n");
+
+      fs.writeFileSync(mockStartupFile, initialContent, "utf-8");
+
+      zsh.teardown(knownAikidoTools);
+
+      const content = fs.readFileSync(mockStartupFile, "utf-8");
+      assert.strictEqual(content, initialContent);
+    });
  });
 });