diff --git a/.gitignore b/.gitignore index 7c44b34..920883f 100644 --- a/.gitignore +++ b/.gitignore @@ -148,3 +148,6 @@ Claude.md # Build files build/ dist/ + +# Jetbrains IDEs +.idea/** diff --git a/README.md b/README.md index 4b001e4..6cbb445 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Aikido Safe Chain](./docs/banner.svg) +![Aikido Safe Chain](https://raw.githubusercontent.com/AikidoSec/safe-chain/main/docs/banner.svg) # Aikido Safe Chain @@ -10,7 +10,7 @@ - ✅ **Blocks packages newer than 24 hours** without breaking your build - ✅ **Tokenless, free, no build data shared** -Aikido Safe Chain works on Node.js version 16 and above and supports the following package managers: +Aikido Safe Chain supports the following package managers: - 📦 **npm** - 📦 **npx** @@ -29,7 +29,7 @@ Aikido Safe Chain works on Node.js version 16 and above and supports the followi Installing the Aikido Safe Chain is easy with our one-line installer. -> ⚠️ **Already installed via npm?** See the [migration guide](docs/npm-to-binary-migration.md) to switch to the binary version. +> ⚠️ **Already installed via npm?** See the [migration guide](https://github.com/AikidoSec/safe-chain/blob/main/docs/npm-to-binary-migration.md) to switch to the binary version. ### Unix/Linux/macOS @@ -111,7 +111,7 @@ The Aikido Safe Chain integrates with your shell to provide a seamless experienc - ✅ **PowerShell** - ✅ **PowerShell Core** -More information about the shell integration can be found in the [shell integration documentation](docs/shell-integration.md). +More information about the shell integration can be found in the [shell integration documentation](https://github.com/AikidoSec/safe-chain/blob/main/docs/shell-integration.md). ## Uninstallation @@ -182,8 +182,6 @@ You can set the minimum package age through multiple sources (in order of priori You can protect your CI/CD pipelines from malicious packages by integrating Aikido Safe Chain into your build process. This ensures that any packages installed during your automated builds are checked for malware before installation. -For optimal protection in CI/CD environments, we recommend using **npm >= 10.4.0** as it provides full dependency tree scanning. Other package managers currently offer limited scanning of install command arguments only. - ## Installation for CI/CD Use the `--ci` flag to automatically configure Aikido Safe Chain for CI/CD environments. This sets up executable shims in the PATH instead of shell aliases. diff --git a/build.js b/build.js index 870d9f8..2531fb6 100644 --- a/build.js +++ b/build.js @@ -13,10 +13,14 @@ if (!target) { } (async function main() { + const startBuildTime = performance.now(); + await clearOutputFolder(); + console.log("- Cleared output folder ✅") // Esbuild creates a single safe-chain.cjs with all dependencies included await bundleSafeChain(); + console.log("- Bundled safe-chain into safe-chain.cjs (es-build) ✅") // Copy assets that need to be included in the binary // - All shell scripts that are used to setup safe-chain @@ -25,9 +29,15 @@ if (!target) { await copyShellScripts(); await copyCertifi(); await copyAndModifyPackageJson(); + console.log("- Copied auxiliary resources (shell, package.json,...) ✅") // Creates a single binary with safe-chain.cjs and the copied assets await buildSafeChainBinary(target); + console.log(`- Built safe-chain binary for ${target} (pkg) ✅`) + + + const endBuildTime = performance.now(); + console.log(`🏁 Finished build in ${((endBuildTime - startBuildTime)/1000).toFixed(2)}s`); })(); async function clearOutputFolder() { diff --git a/docs/npm-to-binary-migration.md b/docs/npm-to-binary-migration.md index c0b8f9a..c29a044 100644 --- a/docs/npm-to-binary-migration.md +++ b/docs/npm-to-binary-migration.md @@ -20,7 +20,7 @@ Depending on the version manager you're using, the uninstall process differs: npm uninstall -g @aikidosec/safe-chain ``` -4. **Install the binary version** (see [Installation](../README.md#installation)) +4. **Install the binary version** (see [Installation](https://github.com/AikidoSec/safe-chain/blob/main/README.md#installation)) ### nvm (Node Version Manager) @@ -51,7 +51,7 @@ Depending on the version manager you're using, the uninstall process differs: Repeat for each Node version where safe-chain was installed. -4. **Install the binary version** (see [Installation](../README.md#installation)) +4. **Install the binary version** (see [Installation](https://github.com/AikidoSec/safe-chain/blob/main/README.md#installation)) ### Volta @@ -69,7 +69,7 @@ Depending on the version manager you're using, the uninstall process differs: volta uninstall @aikidosec/safe-chain ``` -4. **Install the binary version** (see [Installation](../README.md#installation)) +4. **Install the binary version** (see [Installation](https://github.com/AikidoSec/safe-chain/blob/main/README.md#installation)) ## Troubleshooting diff --git a/install-scripts/install-safe-chain.ps1 b/install-scripts/install-safe-chain.ps1 index c7a6df5..081d232 100644 --- a/install-scripts/install-safe-chain.ps1 +++ b/install-scripts/install-safe-chain.ps1 @@ -110,9 +110,9 @@ function Remove-VoltaInstallation { # Main installation function Install-SafeChain { # Fetch latest version if VERSION is not set - if ([string]::IsNullOrWhiteSpace($script:Version)) { + if ([string]::IsNullOrWhiteSpace($Version)) { Write-Info "Fetching latest release version..." - $script:Version = Get-LatestVersion + $Version = Get-LatestVersion } # Build installation message @@ -166,6 +166,10 @@ function Install-SafeChain { # Rename to final location $finalFile = Join-Path $InstallDir "safe-chain.exe" try { + # Remove existing file if present (Move-Item -Force doesn't overwrite) + if (Test-Path $finalFile) { + Remove-Item -Path $finalFile -Force + } Move-Item -Path $tempFile -Destination $finalFile -Force } catch {