diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml index f9ca4da..7423778 100644 --- a/.github/workflows/build-and-release.yml +++ b/.github/workflows/build-and-release.yml @@ -44,9 +44,7 @@ jobs: NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} - name: Setup safe-chain - run: | - npm i -g @aikidosec/safe-chain - safe-chain setup-ci + run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci - name: Set the version in safe-chain package run: npm --no-git-tag-version version ${{ needs.set-version.outputs.version }} --workspace=packages/safe-chain @@ -77,21 +75,35 @@ jobs: - name: Rename binaries to include platform and architecture run: | - mv binaries/safe-chain-macos-x64/safe-chain binaries/safe-chain-macos-x64/safe-chain-macos-x64 - mv binaries/safe-chain-macos-arm64/safe-chain binaries/safe-chain-macos-arm64/safe-chain-macos-arm64 - mv binaries/safe-chain-linux-x64/safe-chain binaries/safe-chain-linux-x64/safe-chain-linux-x64 - mv binaries/safe-chain-linux-arm64/safe-chain binaries/safe-chain-linux-arm64/safe-chain-linux-arm64 - mv binaries/safe-chain-win-x64/safe-chain.exe binaries/safe-chain-win-x64/safe-chain-win-x64.exe - mv binaries/safe-chain-win-arm64/safe-chain.exe binaries/safe-chain-win-arm64/safe-chain-win-arm64.exe + mkdir release-artifacts + mv binaries/safe-chain-macos-x64/safe-chain release-artifacts/safe-chain-macos-x64 + mv binaries/safe-chain-macos-arm64/safe-chain release-artifacts/safe-chain-macos-arm64 + mv binaries/safe-chain-linux-x64/safe-chain release-artifacts/safe-chain-linux-x64 + mv binaries/safe-chain-linux-arm64/safe-chain release-artifacts/safe-chain-linux-arm64 + mv binaries/safe-chain-win-x64/safe-chain.exe release-artifacts/safe-chain-win-x64.exe + mv binaries/safe-chain-win-arm64/safe-chain.exe release-artifacts/safe-chain-win-arm64.exe + + - name: Move install scripts and hard-code version + env: + VERSION: ${{ needs.set-version.outputs.version }} + run: | + sed "s/\$(fetch_latest_version)/${VERSION}/" install-scripts/install-safe-chain.sh > release-artifacts/install-safe-chain.sh + sed "s/\$Version = Get-LatestVersion/\$Version = \"${VERSION}\"/" install-scripts/install-safe-chain.ps1 > release-artifacts/install-safe-chain.ps1 + cp install-scripts/uninstall-safe-chain.sh release-artifacts/uninstall-safe-chain.sh + cp install-scripts/uninstall-safe-chain.ps1 release-artifacts/uninstall-safe-chain.ps1 - name: Upload binaries to existing GitHub Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh release upload ${{ needs.set-version.outputs.version }} \ - binaries/safe-chain-macos-x64/* \ - binaries/safe-chain-macos-arm64/* \ - binaries/safe-chain-linux-x64/* \ - binaries/safe-chain-linux-arm64/* \ - binaries/safe-chain-win-x64/* \ - binaries/safe-chain-win-arm64/* + release-artifacts/safe-chain-macos-x64 \ + release-artifacts/safe-chain-macos-arm64 \ + release-artifacts/safe-chain-linux-x64 \ + release-artifacts/safe-chain-linux-arm64 \ + release-artifacts/safe-chain-win-x64.exe \ + release-artifacts/safe-chain-win-arm64.exe \ + release-artifacts/install-safe-chain.sh \ + release-artifacts/install-safe-chain.ps1 \ + release-artifacts/uninstall-safe-chain.sh \ + release-artifacts/uninstall-safe-chain.ps1 diff --git a/.github/workflows/create-artifact.yml b/.github/workflows/create-artifact.yml index ad43a9d..d57bce9 100644 --- a/.github/workflows/create-artifact.yml +++ b/.github/workflows/create-artifact.yml @@ -5,7 +5,7 @@ on: workflow_call: inputs: version: - description: 'Version to set in package.json' + description: "Version to set in package.json" required: false type: string @@ -59,18 +59,22 @@ jobs: with: node-version: "20.x" - - name: Setup safe-chain - run: | - npm i -g @aikidosec/safe-chain - safe-chain setup-ci + - name: Setup safe-chain (Mac/Linux) + if: runner.os != 'Windows' + run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci - - name: Set the version in safe-chain package - if: inputs.version != '' - run: npm --no-git-tag-version version ${{ inputs.version }} --workspace=packages/safe-chain + - name: Setup safe-chain (Windows) + if: runner.os == 'Windows' + shell: pwsh + run: iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -ci" - name: Install dependencies run: npm ci --ignore-scripts + - name: Set the version in safe-chain package + if: inputs.version != '' + run: npm --no-git-tag-version version ${{ inputs.version }} --workspace=packages/safe-chain --ignore-scripts + - name: Create binary run: | node build.js ${{ matrix.target }} diff --git a/.github/workflows/test-on-pr.yml b/.github/workflows/test-on-pr.yml index f754931..8811944 100644 --- a/.github/workflows/test-on-pr.yml +++ b/.github/workflows/test-on-pr.yml @@ -110,9 +110,7 @@ jobs: node-version: "lts/*" - name: Setup safe-chain - run: | - npm i -g @aikidosec/safe-chain@1.0.24 - safe-chain setup-ci + run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci - name: Install dependencies (root) run: npm ci diff --git a/README.md b/README.md index 28b94cf..6b424f1 100644 --- a/README.md +++ b/README.md @@ -19,10 +19,10 @@ Aikido Safe Chain supports the following package managers: - 📦 **pnpx** - 📦 **bun** - 📦 **bunx** -- 📦 **pip** (beta) -- 📦 **pip3** (beta) -- 📦 **uv** (beta) -- 📦 **poetry** (beta) +- 📦 **pip** +- 📦 **pip3** +- 📦 **uv** +- 📦 **poetry** # Usage @@ -34,32 +34,32 @@ Installing the Aikido Safe Chain is easy with our one-line installer. ### Unix/Linux/macOS -**Default installation (JavaScript packages only):** - ```shell -curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -``` - -**Include Python support (pip/pip3/uv):** - -```shell -curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --include-python +curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh ``` ### Windows (PowerShell) -**Default installation (JavaScript packages only):** - ```powershell -iex (iwr "https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1" -UseBasicParsing) +iex (iwr "https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.ps1" -UseBasicParsing) ``` -**Include Python support (pip/pip3/uv):** +### Pinning to a specific version -```powershell -iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -includepython" +To install a specific version instead of the latest, replace `latest` with the version number in the URL (available from version 1.3.2 onwards): + +**Unix/Linux/macOS:** +```shell +curl -fsSL https://github.com/AikidoSec/safe-chain/releases/download/x.x.x/install-safe-chain.sh | sh ``` +**Windows (PowerShell):** +```powershell +iex (iwr "https://github.com/AikidoSec/safe-chain/releases/download/x.x.x/install-safe-chain.ps1" -UseBasicParsing) +``` + +You can find all available versions on the [releases page](https://github.com/AikidoSec/safe-chain/releases). + ### Verify the installation 1. **❗Restart your terminal** to start using the Aikido Safe Chain. @@ -74,7 +74,7 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst npm install safe-chain-test ``` - For Python (if you enabled Python support): + For Python: ```shell pip3 install safe-chain-pi-test @@ -121,13 +121,13 @@ To uninstall the Aikido Safe Chain, use our one-line uninstaller: ### Unix/Linux/macOS ```shell -curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/uninstall-safe-chain.sh | sh +curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/uninstall-safe-chain.sh | sh ``` ### Windows (PowerShell) ```powershell -iex (iwr "https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/uninstall-safe-chain.ps1" -UseBasicParsing) +iex (iwr "https://github.com/AikidoSec/safe-chain/releases/latest/download/uninstall-safe-chain.ps1" -UseBasicParsing) ``` **❗Restart your terminal** after uninstalling to ensure all aliases are removed. @@ -193,30 +193,14 @@ Use the `--ci` flag to automatically configure Aikido Safe Chain for CI/CD envir ### Unix/Linux/macOS (GitHub Actions, Azure Pipelines, etc.) -**JavaScript only:** - ```shell -curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci -``` - -**With Python support:** - -```shell -curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python +curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci ``` ### Windows (Azure Pipelines, etc.) -**JavaScript only:** - ```powershell -iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -ci" -``` - -**With Python support:** - -```powershell -iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.ps1' -UseBasicParsing) } -ci -includepython" +iex "& { $(iwr 'https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.ps1' -UseBasicParsing) } -ci" ``` ## Supported Platforms @@ -234,14 +218,12 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst cache: "npm" - name: Install safe-chain - run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python + run: curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci - name: Install dependencies run: npm ci ``` -> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv/poetry) support. - ## Azure DevOps Example ```yaml @@ -250,13 +232,11 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst versionSpec: "22.x" displayName: "Install Node.js" -- script: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci --include-python +- script: curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci displayName: "Install safe-chain" - script: npm ci displayName: "Install dependencies" ``` -> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv/poetry) support. - After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection. diff --git a/install-scripts/install-safe-chain.ps1 b/install-scripts/install-safe-chain.ps1 index 081d232..51d15ba 100644 --- a/install-scripts/install-safe-chain.ps1 +++ b/install-scripts/install-safe-chain.ps1 @@ -31,6 +31,46 @@ function Write-Error-Custom { exit 1 } +# Get currently installed version of safe-chain +function Get-InstalledVersion { + # Check if safe-chain command exists + if (-not (Get-Command safe-chain -ErrorAction SilentlyContinue)) { + return $null + } + + try { + # Execute safe-chain -v and capture output + $output = & safe-chain -v 2>&1 + + # Extract version from "Current safe-chain version: X.Y.Z" output + if ($output -match "Current safe-chain version:\s*(.+)") { + return $matches[1].Trim() + } + + return $null + } + catch { + return $null + } +} + +# Check if the requested version is already installed +function Test-VersionInstalled { + param([string]$RequestedVersion) + + $installedVersion = Get-InstalledVersion + + if ([string]::IsNullOrWhiteSpace($installedVersion)) { + return $false + } + + # Strip leading 'v' from versions if present for comparison + $requestedClean = $RequestedVersion -replace '^v', '' + $installedClean = $installedVersion -replace '^v', '' + + return $requestedClean -eq $installedClean +} + # Fetch latest release version tag from GitHub function Get-LatestVersion { try { @@ -115,14 +155,20 @@ function Install-SafeChain { $Version = Get-LatestVersion } + # Check if the requested version is already installed + if (Test-VersionInstalled -RequestedVersion $Version) { + Write-Info "safe-chain $Version is already installed" + return + } + # Build installation message $installMsg = "Installing safe-chain $Version" - if ($includepython) { - $installMsg += " with python" - } if ($ci) { $installMsg += " in ci" } + if ($includepython) { + Write-Warn "-includepython is deprecated and ignored. Python ecosystem is now included by default." + } Write-Info $installMsg @@ -181,9 +227,6 @@ function Install-SafeChain { # Build setup command based on parameters $setupCmd = if ($ci) { "setup-ci" } else { "setup" } $setupArgs = @() - if ($includepython) { - $setupArgs += "--include-python" - } # Execute safe-chain setup Write-Info "Running safe-chain $setupCmd $(if ($setupArgs) { $setupArgs -join ' ' })..." diff --git a/install-scripts/install-safe-chain.sh b/install-scripts/install-safe-chain.sh index 2afb583..94a9b55 100755 --- a/install-scripts/install-safe-chain.sh +++ b/install-scripts/install-safe-chain.sh @@ -54,6 +54,38 @@ command_exists() { command -v "$1" >/dev/null 2>&1 } +# Get currently installed version of safe-chain +get_installed_version() { + if ! command_exists safe-chain; then + echo "" + return + fi + + # Extract version from "Current safe-chain version: X.Y.Z" output + installed_version=$(safe-chain -v 2>/dev/null | grep "Current safe-chain version:" | sed -E 's/.*: (.*)/\1/') + echo "$installed_version" +} + +# Check if the requested version is already installed +is_version_installed() { + requested_version="$1" + installed_version=$(get_installed_version) + + if [ -z "$installed_version" ]; then + return 1 # Not installed + fi + + # Strip leading 'v' from versions if present for comparison + requested_clean=$(echo "$requested_version" | sed 's/^v//') + installed_clean=$(echo "$installed_version" | sed 's/^v//') + + if [ "$requested_clean" = "$installed_clean" ]; then + return 0 # Same version installed + else + return 1 # Different version installed + fi +} + # Fetch latest release version tag from GitHub fetch_latest_version() { # Try using GitHub API to get the latest release tag @@ -135,7 +167,7 @@ parse_arguments() { USE_CI_SETUP=true ;; --include-python) - INCLUDE_PYTHON=true + warn "--include-python is deprecated and ignored. Python ecosystem is now included by default." ;; *) error "Unknown argument: $arg" @@ -148,7 +180,6 @@ parse_arguments() { main() { # Initialize argument flags USE_CI_SETUP=false - INCLUDE_PYTHON=false # Parse command-line arguments parse_arguments "$@" @@ -159,11 +190,14 @@ main() { VERSION=$(fetch_latest_version) fi + # Check if the requested version is already installed + if is_version_installed "$VERSION"; then + info "safe-chain ${VERSION} is already installed" + exit 0 + fi + # Build installation message INSTALL_MSG="Installing safe-chain ${VERSION}" - if [ "$INCLUDE_PYTHON" = "true" ]; then - INSTALL_MSG="${INSTALL_MSG} with python" - fi if [ "$USE_CI_SETUP" = "true" ]; then INSTALL_MSG="${INSTALL_MSG} in ci" fi @@ -209,10 +243,6 @@ main() { SETUP_CMD="setup-ci" fi - if [ "$INCLUDE_PYTHON" = "true" ]; then - SETUP_ARGS="--include-python" - fi - # Execute safe-chain setup info "Running safe-chain $SETUP_CMD $SETUP_ARGS..." if ! "$FINAL_FILE" $SETUP_CMD $SETUP_ARGS; then diff --git a/packages/safe-chain/bin/safe-chain.js b/packages/safe-chain/bin/safe-chain.js index 802005b..aed77f0 100755 --- a/packages/safe-chain/bin/safe-chain.js +++ b/packages/safe-chain/bin/safe-chain.js @@ -95,11 +95,6 @@ function writeHelp() { "safe-chain setup" )}: This will setup your shell to wrap safe-chain around npm, npx, yarn, pnpm, pnpx, bun, bunx, pip and pip3.` ); - ui.writeInformation( - ` ${chalk.yellow( - "--include-python" - )}: Experimental: include Python package managers (pip, pip3) in the setup.` - ); ui.writeInformation( `- ${chalk.cyan( "safe-chain teardown" @@ -110,11 +105,6 @@ function writeHelp() { "safe-chain setup-ci" )}: This will setup safe-chain for CI environments by creating shims and modifying the PATH.` ); - ui.writeInformation( - ` ${chalk.yellow( - "--include-python" - )}: Experimental: include Python package managers (pip, pip3) in the setup.` - ); ui.writeInformation( `- ${chalk.cyan("safe-chain --version")} (or ${chalk.cyan( "-v" diff --git a/packages/safe-chain/src/config/cliArguments.js b/packages/safe-chain/src/config/cliArguments.js index ddcd8b9..25013fb 100644 --- a/packages/safe-chain/src/config/cliArguments.js +++ b/packages/safe-chain/src/config/cliArguments.js @@ -1,11 +1,12 @@ +import { ui } from "../environment/userInteraction.js"; + /** - * @type {{loggingLevel: string | undefined, skipMinimumPackageAge: boolean | undefined, minimumPackageAgeHours: string | undefined, includePython: boolean}} + * @type {{loggingLevel: string | undefined, skipMinimumPackageAge: boolean | undefined, minimumPackageAgeHours: string | undefined}} */ const state = { loggingLevel: undefined, skipMinimumPackageAge: undefined, minimumPackageAgeHours: undefined, - includePython: false, }; const SAFE_CHAIN_ARG_PREFIX = "--safe-chain-"; @@ -34,8 +35,7 @@ export function initializeCliArguments(args) { setLoggingLevel(safeChainArgs); setSkipMinimumPackageAge(safeChainArgs); setMinimumPackageAgeHours(safeChainArgs); - setIncludePython(args); - + checkDeprecatedPythonFlag(args); return remainingArgs; } @@ -109,20 +109,6 @@ export function getMinimumPackageAgeHours() { return state.minimumPackageAgeHours; } -/** - * @param {string[]} args - */ -function setIncludePython(args) { - // This flag doesn't have the --safe-chain- prefix because - // it is only used for the safe-chain command itself and - // not when wrapped around package manager commands. - state.includePython = hasFlagArg(args, "--include-python"); -} - -export function includePython() { - return state.includePython; -} - /** * @param {string[]} args * @param {string} flagName @@ -136,3 +122,17 @@ function hasFlagArg(args, flagName) { } return false; } + +/** + * Emits a deprecation warning for legacy --include-python flag + * + * @param {string[]} args + * @returns {void} + */ +export function checkDeprecatedPythonFlag(args) { + if (hasFlagArg(args, "--include-python")) { + ui.writeWarning( + "--include-python is deprecated and ignored. Python tooling is included by default." + ); + } +} diff --git a/packages/safe-chain/src/config/cliArguments.spec.js b/packages/safe-chain/src/config/cliArguments.spec.js index bbd5121..8b505be 100644 --- a/packages/safe-chain/src/config/cliArguments.spec.js +++ b/packages/safe-chain/src/config/cliArguments.spec.js @@ -6,6 +6,7 @@ import { getSkipMinimumPackageAge, getMinimumPackageAgeHours, } from "./cliArguments.js"; +import { ui } from "../environment/userInteraction.js"; describe("initializeCliArguments", () => { it("should return all args when no safe-chain args are present", () => { @@ -271,4 +272,40 @@ describe("initializeCliArguments", () => { assert.strictEqual(getMinimumPackageAgeHours(), "-24"); }); + + it("should warn on deprecated --include-python for setup", () => { + const warnings = []; + const originalWriteWarning = ui.writeWarning; + ui.writeWarning = (msg, ..._rest) => { + warnings.push(String(msg)); + }; + try { + const argv = ["node", "safe-chain", "setup", "--include-python"]; + initializeCliArguments(argv); + assert.ok( + warnings.some((m) => m.includes("--include-python is deprecated")), + "Expected a deprecation warning for --include-python in setup" + ); + } finally { + ui.writeWarning = originalWriteWarning; + } + }); + + it("should warn on deprecated --include-python for setup-ci", () => { + const warnings = []; + const originalWriteWarning = ui.writeWarning; + ui.writeWarning = (msg, ..._rest) => { + warnings.push(String(msg)); + }; + try { + const argv = ["node", "safe-chain", "setup-ci", "--include-python"]; + initializeCliArguments(argv); + assert.ok( + warnings.some((m) => m.includes("--include-python is deprecated")), + "Expected a deprecation warning for --include-python in setup-ci" + ); + } finally { + ui.writeWarning = originalWriteWarning; + } + }); }); diff --git a/packages/safe-chain/src/config/configFile.spec.js b/packages/safe-chain/src/config/configFile.spec.js index 17a7577..7da7e8d 100644 --- a/packages/safe-chain/src/config/configFile.spec.js +++ b/packages/safe-chain/src/config/configFile.spec.js @@ -1,32 +1,24 @@ import { describe, it, beforeEach, afterEach, mock } from "node:test"; import assert from "node:assert"; -describe("getScanTimeout", () => { +let configFileContent = undefined; +mock.module("fs", { + namedExports: { + existsSync: () => configFileContent !== undefined, + readFileSync: () => configFileContent, + writeFileSync: (content) => (configFileContent = content), + mkdirSync: () => {}, + }, +}); + +describe("getScanTimeout", async () => { let originalEnv; - let fsMock; - let getScanTimeout; + + const { getScanTimeout } = await import("./configFile.js"); beforeEach(async () => { // Save original environment originalEnv = process.env.AIKIDO_SCAN_TIMEOUT_MS; - - // Mock fs module - fsMock = { - existsSync: mock.fn(() => false), - readFileSync: mock.fn(() => "{}"), - writeFileSync: mock.fn(), - mkdirSync: mock.fn(), - }; - - mock.module("fs", { - namedExports: fsMock, - }); - - // Re-import the module to get the mocked version - const configFileModule = await import( - `./configFile.js?update=${Date.now()}` - ); - getScanTimeout = configFileModule.getScanTimeout; }); afterEach(() => { @@ -37,14 +29,12 @@ describe("getScanTimeout", () => { delete process.env.AIKIDO_SCAN_TIMEOUT_MS; } - // Reset all mocks - mock.restoreAll(); + configFileContent = undefined; }); it("should return default timeout of 10000ms when no config or env var is set", () => { delete process.env.AIKIDO_SCAN_TIMEOUT_MS; - // Mock: config file doesn't exist - fsMock.existsSync.mock.mockImplementation(() => false); + configFileContent = undefined; const timeout = getScanTimeout(); @@ -53,11 +43,7 @@ describe("getScanTimeout", () => { it("should return timeout from config file when set", () => { delete process.env.AIKIDO_SCAN_TIMEOUT_MS; - // Mock: config file exists with scanTimeout: 5000 - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ scanTimeout: 5000 }) - ); + configFileContent = JSON.stringify({ scanTimeout: 5000 }); const timeout = getScanTimeout(); @@ -66,11 +52,7 @@ describe("getScanTimeout", () => { it("should prioritize environment variable over config file", () => { process.env.AIKIDO_SCAN_TIMEOUT_MS = "20000"; - // Mock: config file exists with scanTimeout: 5000 - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ scanTimeout: 5000 }) - ); + configFileContent = JSON.stringify({ scanTimeout: 5000 }); const timeout = getScanTimeout(); @@ -79,11 +61,7 @@ describe("getScanTimeout", () => { it("should handle invalid environment variable and fall back to config", () => { process.env.AIKIDO_SCAN_TIMEOUT_MS = "invalid"; - // Mock: config file exists with scanTimeout: 7000 - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ scanTimeout: 7000 }) - ); + configFileContent = JSON.stringify({ scanTimeout: 7000 }); const timeout = getScanTimeout(); @@ -91,8 +69,7 @@ describe("getScanTimeout", () => { }); it("should ignore zero and negative values and fall back to default", () => { - // Mock: config file doesn't exist - fsMock.existsSync.mock.mockImplementation(() => false); + configFileContent = undefined; process.env.AIKIDO_SCAN_TIMEOUT_MS = "0"; @@ -107,11 +84,7 @@ describe("getScanTimeout", () => { it("should ignore textual non-numeric values in environment variable and fall back to config", () => { process.env.AIKIDO_SCAN_TIMEOUT_MS = "fast"; - // Mock: config file exists with scanTimeout: 8000 - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ scanTimeout: 8000 }) - ); + configFileContent = JSON.stringify({ scanTimeout: 8000 }); const timeout = getScanTimeout(); @@ -120,11 +93,7 @@ describe("getScanTimeout", () => { it("should ignore textual non-numeric values in config file and fall back to default", () => { delete process.env.AIKIDO_SCAN_TIMEOUT_MS; - // Mock: config file exists with scanTimeout: "slow" - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ scanTimeout: "slow" }) - ); + configFileContent = JSON.stringify({ scanTimeout: "slow" }); const timeout = getScanTimeout(); @@ -133,11 +102,7 @@ describe("getScanTimeout", () => { it("should ignore textual non-numeric values in both env and config, fall back to default", () => { process.env.AIKIDO_SCAN_TIMEOUT_MS = "quick"; - // Mock: config file exists with scanTimeout: "medium" - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ scanTimeout: "medium" }) - ); + configFileContent = JSON.stringify({ scanTimeout: "medium" }); const timeout = getScanTimeout(); @@ -146,11 +111,7 @@ describe("getScanTimeout", () => { it("should ignore mixed alphanumeric strings in environment variable", () => { process.env.AIKIDO_SCAN_TIMEOUT_MS = "5000ms"; - // Mock: config file exists with scanTimeout: 6000 - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ scanTimeout: 6000 }) - ); + configFileContent = JSON.stringify({ scanTimeout: 6000 }); const timeout = getScanTimeout(); @@ -159,11 +120,7 @@ describe("getScanTimeout", () => { it("should ignore mixed alphanumeric strings in config file", () => { delete process.env.AIKIDO_SCAN_TIMEOUT_MS; - // Mock: config file exists with scanTimeout: "3000ms" - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ scanTimeout: "3000ms" }) - ); + configFileContent = JSON.stringify({ scanTimeout: "3000ms" }); const timeout = getScanTimeout(); @@ -171,37 +128,15 @@ describe("getScanTimeout", () => { }); }); -describe("getMinimumPackageAgeHours", () => { - let fsMock; - let getMinimumPackageAgeHours; - - beforeEach(async () => { - // Mock fs module - fsMock = { - existsSync: mock.fn(() => false), - readFileSync: mock.fn(() => "{}"), - writeFileSync: mock.fn(), - mkdirSync: mock.fn(), - }; - - mock.module("fs", { - namedExports: fsMock, - }); - - // Re-import the module to get the mocked version - const configFileModule = await import( - `./configFile.js?update=${Date.now()}` - ); - getMinimumPackageAgeHours = configFileModule.getMinimumPackageAgeHours; - }); +describe("getMinimumPackageAgeHours", async () => { + const { getMinimumPackageAgeHours } = await import("./configFile.js"); afterEach(() => { - // Reset all mocks - mock.restoreAll(); + configFileContent = undefined; }); it("should return null when config file doesn't exist", () => { - fsMock.existsSync.mock.mockImplementation(() => false); + configFileContent = undefined; const hours = getMinimumPackageAgeHours(); @@ -209,10 +144,7 @@ describe("getMinimumPackageAgeHours", () => { }); it("should return null when config file exists but minimumPackageAgeHours is not set", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ scanTimeout: 5000 }) - ); + configFileContent = JSON.stringify({ scanTimeout: 5000 }); const hours = getMinimumPackageAgeHours(); @@ -220,10 +152,7 @@ describe("getMinimumPackageAgeHours", () => { }); it("should return value from config file when set to valid number", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ minimumPackageAgeHours: 48 }) - ); + configFileContent = JSON.stringify({ minimumPackageAgeHours: 48 }); const hours = getMinimumPackageAgeHours(); @@ -231,10 +160,7 @@ describe("getMinimumPackageAgeHours", () => { }); it("should handle string numbers in config file", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ minimumPackageAgeHours: "72" }) - ); + configFileContent = JSON.stringify({ minimumPackageAgeHours: "72" }); const hours = getMinimumPackageAgeHours(); @@ -242,10 +168,7 @@ describe("getMinimumPackageAgeHours", () => { }); it("should handle decimal values", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ minimumPackageAgeHours: 1.5 }) - ); + configFileContent = JSON.stringify({ minimumPackageAgeHours: 1.5 }); const hours = getMinimumPackageAgeHours(); @@ -253,21 +176,15 @@ describe("getMinimumPackageAgeHours", () => { }); it("should return null for non-numeric strings", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ minimumPackageAgeHours: "invalid" }) - ); + configFileContent = JSON.stringify({ minimumPackageAgeHours: "invalid" }); const hours = getMinimumPackageAgeHours(); assert.strictEqual(hours, undefined); }); - it("should return null for values with units suffix", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ minimumPackageAgeHours: "48h" }) - ); + it("should return undefined for values with units suffix", () => { + configFileContent = JSON.stringify({ minimumPackageAgeHours: "48h" }); const hours = getMinimumPackageAgeHours(); @@ -275,8 +192,7 @@ describe("getMinimumPackageAgeHours", () => { }); it("should handle malformed JSON and return null", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => "{ invalid json"); + configFileContent = "{ invalid json"; const hours = getMinimumPackageAgeHours(); @@ -284,10 +200,7 @@ describe("getMinimumPackageAgeHours", () => { }); it("should return 0 when minimumPackageAgeHours is set to 0", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ minimumPackageAgeHours: 0 }) - ); + configFileContent = JSON.stringify({ minimumPackageAgeHours: 0 }); const hours = getMinimumPackageAgeHours(); @@ -295,10 +208,7 @@ describe("getMinimumPackageAgeHours", () => { }); it("should return 0 when minimumPackageAgeHours is set to string '0'", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ minimumPackageAgeHours: "0" }) - ); + configFileContent = JSON.stringify({ minimumPackageAgeHours: "0" }); const hours = getMinimumPackageAgeHours(); @@ -306,10 +216,7 @@ describe("getMinimumPackageAgeHours", () => { }); it("should handle negative numeric values", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ minimumPackageAgeHours: -24 }) - ); + configFileContent = JSON.stringify({ minimumPackageAgeHours: -24 }); const hours = getMinimumPackageAgeHours(); @@ -317,86 +224,10 @@ describe("getMinimumPackageAgeHours", () => { }); it("should handle negative string values", () => { - fsMock.existsSync.mock.mockImplementation(() => true); - fsMock.readFileSync.mock.mockImplementation(() => - JSON.stringify({ minimumPackageAgeHours: "-48" }) - ); + configFileContent = JSON.stringify({ minimumPackageAgeHours: "-48" }); const hours = getMinimumPackageAgeHours(); assert.strictEqual(hours, -48); }); }); - -describe("environmentVariables - getMinimumPackageAgeHours", () => { - let originalEnv; - let getMinimumPackageAgeHours; - - beforeEach(async () => { - // Save original environment - originalEnv = process.env.SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS; - - // Re-import the module to get fresh version - const envModule = await import( - `./environmentVariables.js?update=${Date.now()}` - ); - getMinimumPackageAgeHours = envModule.getMinimumPackageAgeHours; - }); - - afterEach(() => { - // Restore original environment - if (originalEnv !== undefined) { - process.env.SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS = originalEnv; - } else { - delete process.env.SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS; - } - }); - - it("should return undefined when environment variable is not set", () => { - delete process.env.SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS; - - const hours = getMinimumPackageAgeHours(); - - assert.strictEqual(hours, undefined); - }); - - it("should return value when environment variable is set to a number", () => { - process.env.SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS = "48"; - - const hours = getMinimumPackageAgeHours(); - - assert.strictEqual(hours, "48"); - }); - - it("should return '0' when environment variable is set to '0'", () => { - process.env.SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS = "0"; - - const hours = getMinimumPackageAgeHours(); - - assert.strictEqual(hours, "0"); - }); - - it("should return value when set to decimal", () => { - process.env.SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS = "1.5"; - - const hours = getMinimumPackageAgeHours(); - - assert.strictEqual(hours, "1.5"); - }); - - it("should return value even if non-numeric (validation happens in settings.js)", () => { - process.env.SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS = "invalid"; - - const hours = getMinimumPackageAgeHours(); - - assert.strictEqual(hours, "invalid"); - }); - - it("should return negative values (validation happens in settings.js)", () => { - process.env.SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS = "-24"; - - const hours = getMinimumPackageAgeHours(); - - assert.strictEqual(hours, "-24"); - }); -}); diff --git a/packages/safe-chain/src/shell-integration/setup-ci.js b/packages/safe-chain/src/shell-integration/setup-ci.js index b0a8c83..14510f9 100644 --- a/packages/safe-chain/src/shell-integration/setup-ci.js +++ b/packages/safe-chain/src/shell-integration/setup-ci.js @@ -5,8 +5,6 @@ import fs from "fs"; import os from "os"; import path from "path"; import { fileURLToPath } from "url"; -import { includePython } from "../config/cliArguments.js"; -import { ECOSYSTEM_PY } from "../config/settings.js"; /** @type {string} */ // This checks the current file's dirname in a way that's compatible with: @@ -162,9 +160,5 @@ function modifyPathForCi(shimsDir, binDir) { } function getToolsToSetup() { - if (includePython()) { - return knownAikidoTools; - } else { - return knownAikidoTools.filter((tool) => tool.ecoSystem !== ECOSYSTEM_PY); - } + return knownAikidoTools; } diff --git a/packages/safe-chain/src/shell-integration/setup.js b/packages/safe-chain/src/shell-integration/setup.js index 065de75..7e64c0b 100644 --- a/packages/safe-chain/src/shell-integration/setup.js +++ b/packages/safe-chain/src/shell-integration/setup.js @@ -4,7 +4,6 @@ import { detectShells } from "./shellDetection.js"; import { knownAikidoTools, getPackageManagerList, getScriptsDir } from "./helpers.js"; import fs from "fs"; import path from "path"; -import { includePython } from "../config/cliArguments.js"; import { fileURLToPath } from "url"; /** @type {string} */ @@ -118,7 +117,7 @@ function copyStartupFiles() { // Use absolute path for source const sourcePath = path.join( dirname, - includePython() ? "startup-scripts/include-python" : "startup-scripts", + "startup-scripts", file ); fs.copyFileSync(sourcePath, targetPath); diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-fish.fish b/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-fish.fish deleted file mode 100644 index 386144c..0000000 --- a/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-fish.fish +++ /dev/null @@ -1,98 +0,0 @@ -set -gx PATH $PATH $HOME/.safe-chain/bin - -function npx - wrapSafeChainCommand "npx" $argv -end - -function yarn - wrapSafeChainCommand "yarn" $argv -end - -function pnpm - wrapSafeChainCommand "pnpm" $argv -end - -function pnpx - wrapSafeChainCommand "pnpx" $argv -end - -function bun - wrapSafeChainCommand "bun" $argv -end - -function bunx - wrapSafeChainCommand "bunx" $argv -end - -function npm - # If args is just -v or --version and nothing else, just run the `npm -v` command - # This is because nvm uses this to check the version of npm - set argc (count $argv) - if test $argc -eq 1 - switch $argv[1] - case "-v" "--version" - command npm $argv - return - end - end - - wrapSafeChainCommand "npm" $argv -end - - -function pip - wrapSafeChainCommand "pip" $argv -end - -function pip3 - wrapSafeChainCommand "pip3" $argv -end - -function uv - wrapSafeChainCommand "uv" $argv -end - -function poetry - wrapSafeChainCommand "poetry" $argv -end - -# `python -m pip`, `python -m pip3`. -function python - wrapSafeChainCommand "python" $argv -end - -# `python3 -m pip`, `python3 -m pip3'. -function python3 - wrapSafeChainCommand "python3" $argv -end - -function printSafeChainWarning - set original_cmd $argv[1] - - # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:" - set_color -b yellow black - printf "Warning:" - set_color normal - printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd - - # Cyan text for the install command - printf "Install safe-chain by using " - set_color cyan - printf "npm install -g @aikidosec/safe-chain" - set_color normal - printf ".\n" -end - -function wrapSafeChainCommand - set original_cmd $argv[1] - set cmd_args $argv[2..-1] - - if type -q safe-chain - # If the safe-chain command is available, just run it with the provided arguments - safe-chain $original_cmd $cmd_args - else - # If the safe-chain command is not available, print a warning and run the original command - printSafeChainWarning $original_cmd - command $original_cmd $cmd_args - end -end diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-posix.sh b/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-posix.sh deleted file mode 100644 index c71c741..0000000 --- a/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-posix.sh +++ /dev/null @@ -1,85 +0,0 @@ -export PATH="$PATH:$HOME/.safe-chain/bin" - -function npx() { - wrapSafeChainCommand "npx" "$@" -} - -function yarn() { - wrapSafeChainCommand "yarn" "$@" -} - -function pnpm() { - wrapSafeChainCommand "pnpm" "$@" -} - -function pnpx() { - wrapSafeChainCommand "pnpx" "$@" -} - -function bun() { - wrapSafeChainCommand "bun" "$@" -} - -function bunx() { - wrapSafeChainCommand "bunx" "$@" -} - -function npm() { - if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then - # If args is just -v or --version and nothing else, just run the npm version command - # This is because nvm uses this to check the version of npm - command npm "$@" - return - fi - - wrapSafeChainCommand "npm" "$@" -} - - -function pip() { - wrapSafeChainCommand "pip" "$@" -} - -function pip3() { - wrapSafeChainCommand "pip3" "$@" -} - -function uv() { - wrapSafeChainCommand "uv" "$@" -} - -function poetry() { - wrapSafeChainCommand "poetry" "$@" -} - -# `python -m pip`, `python -m pip3`. -function python() { - wrapSafeChainCommand "python" "$@" -} - -# `python3 -m pip`, `python3 -m pip3'. -function python3() { - wrapSafeChainCommand "python3" "$@" -} - -function printSafeChainWarning() { - # \033[43;30m is used to set the background color to yellow and text color to black - # \033[0m is used to reset the text formatting - printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1" - # \033[36m is used to set the text color to cyan - printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n" -} - -function wrapSafeChainCommand() { - local original_cmd="$1" - - if command -v safe-chain > /dev/null 2>&1; then - # If the aikido command is available, just run it with the provided arguments - safe-chain "$@" - else - # If the aikido command is not available, print a warning and run the original command - printSafeChainWarning "$original_cmd" - - command "$original_cmd" "$@" - fi -} diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1 b/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1 deleted file mode 100644 index 168556a..0000000 --- a/packages/safe-chain/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1 +++ /dev/null @@ -1,119 +0,0 @@ -# Use cross-platform path separator (: on Unix, ; on Windows) -$pathSeparator = if ($IsWindows) { ';' } else { ':' } -$safeChainBin = Join-Path (Join-Path $HOME '.safe-chain') 'bin' -$env:PATH = "$env:PATH$pathSeparator$safeChainBin" - -function npx { - Invoke-WrappedCommand "npx" $args -} - -function yarn { - Invoke-WrappedCommand "yarn" $args -} - -function pnpm { - Invoke-WrappedCommand "pnpm" $args -} - -function pnpx { - Invoke-WrappedCommand "pnpx" $args -} - -function bun { - Invoke-WrappedCommand "bun" $args -} - -function bunx { - Invoke-WrappedCommand "bunx" $args -} - -function npm { - # If args is just -v or --version and nothing else, just run the npm version command - # This is because nvm uses this to check the version of npm - if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) { - Invoke-RealCommand "npm" $args - return - } - - Invoke-WrappedCommand "npm" $args -} - -function pip { - Invoke-WrappedCommand "pip" $args -} - -function pip3 { - Invoke-WrappedCommand "pip3" $args -} - -function uv { - Invoke-WrappedCommand "uv" $args -} - -function poetry { - Invoke-WrappedCommand "poetry" $args -} - -# `python -m pip`, `python -m pip3`. -function python { - Invoke-WrappedCommand 'python' $args -} - -# `python3 -m pip`, `python3 -m pip3'. -function python3 { - Invoke-WrappedCommand 'python3' $args -} - - -function Write-SafeChainWarning { - param([string]$Command) - - # PowerShell equivalent of ANSI color codes: yellow background, black text for "Warning:" - Write-Host "Warning:" -BackgroundColor Yellow -ForegroundColor Black -NoNewline - Write-Host " safe-chain is not available to protect you from installing malware. $Command will run without it." - - # Cyan text for the install command - Write-Host "Install safe-chain by using " -NoNewline - Write-Host "npm install -g @aikidosec/safe-chain" -ForegroundColor Cyan -NoNewline - Write-Host "." -} - -function Test-CommandAvailable { - param([string]$Command) - - try { - Get-Command $Command -ErrorAction Stop | Out-Null - return $true - } - catch { - return $false - } -} - -function Invoke-RealCommand { - param( - [string]$Command, - [string[]]$Arguments - ) - - # Find the real executable to avoid calling our wrapped functions - $realCommand = Get-Command -Name $Command -CommandType Application | Select-Object -First 1 - if ($realCommand) { - & $realCommand.Source @Arguments - } -} - -function Invoke-WrappedCommand { - param( - [string]$OriginalCmd, - [string[]]$Arguments - ) - - if (Test-CommandAvailable "safe-chain") { - & safe-chain $OriginalCmd @Arguments - } - else { - Write-SafeChainWarning $OriginalCmd - Invoke-RealCommand $OriginalCmd $Arguments - } -} diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish b/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish index b18ff96..386144c 100644 --- a/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish +++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish @@ -39,6 +39,33 @@ function npm wrapSafeChainCommand "npm" $argv end + +function pip + wrapSafeChainCommand "pip" $argv +end + +function pip3 + wrapSafeChainCommand "pip3" $argv +end + +function uv + wrapSafeChainCommand "uv" $argv +end + +function poetry + wrapSafeChainCommand "poetry" $argv +end + +# `python -m pip`, `python -m pip3`. +function python + wrapSafeChainCommand "python" $argv +end + +# `python3 -m pip`, `python3 -m pip3'. +function python3 + wrapSafeChainCommand "python3" $argv +end + function printSafeChainWarning set original_cmd $argv[1] diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh b/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh index 5c32143..c71c741 100644 --- a/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh +++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh @@ -35,6 +35,33 @@ function npm() { wrapSafeChainCommand "npm" "$@" } + +function pip() { + wrapSafeChainCommand "pip" "$@" +} + +function pip3() { + wrapSafeChainCommand "pip3" "$@" +} + +function uv() { + wrapSafeChainCommand "uv" "$@" +} + +function poetry() { + wrapSafeChainCommand "poetry" "$@" +} + +# `python -m pip`, `python -m pip3`. +function python() { + wrapSafeChainCommand "python" "$@" +} + +# `python3 -m pip`, `python3 -m pip3'. +function python3() { + wrapSafeChainCommand "python3" "$@" +} + function printSafeChainWarning() { # \033[43;30m is used to set the background color to yellow and text color to black # \033[0m is used to reset the text formatting diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1 b/packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1 index 78228a0..c3d21c4 100644 --- a/packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1 +++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1 @@ -1,5 +1,7 @@ # Use cross-platform path separator (: on Unix, ; on Windows) -$pathSeparator = if ($IsWindows) { ';' } else { ':' } +# $IsWindows is only available in PowerShell Core 6.0+. If it doesn't exist, assume Windows PowerShell +$isWindowsPlatform = if (Test-Path variable:IsWindows) { $IsWindows } else { $true } +$pathSeparator = if ($isWindowsPlatform) { ';' } else { ':' } $safeChainBin = Join-Path (Join-Path $HOME '.safe-chain') 'bin' $env:PATH = "$env:PATH$pathSeparator$safeChainBin" @@ -38,6 +40,33 @@ function npm { Invoke-WrappedCommand "npm" $args } +function pip { + Invoke-WrappedCommand "pip" $args +} + +function pip3 { + Invoke-WrappedCommand "pip3" $args +} + +function uv { + Invoke-WrappedCommand "uv" $args +} + +function poetry { + Invoke-WrappedCommand "poetry" $args +} + +# `python -m pip`, `python -m pip3`. +function python { + Invoke-WrappedCommand 'python' $args +} + +# `python3 -m pip`, `python3 -m pip3'. +function python3 { + Invoke-WrappedCommand 'python3' $args +} + + function Write-SafeChainWarning { param([string]$Command) diff --git a/test/e2e/certbundle.e2e.spec.js b/test/e2e/certbundle.e2e.spec.js index caf4102..4b4ad84 100644 --- a/test/e2e/certbundle.e2e.spec.js +++ b/test/e2e/certbundle.e2e.spec.js @@ -231,7 +231,7 @@ describe("E2E: NODE_EXTRA_CA_CERTS merging", () => { it(`pip install works without NODE_EXTRA_CA_CERTS set`, async () => { const shell = await container.openShell("zsh"); - await shell.runCommand("safe-chain setup --include-python"); + await shell.runCommand("safe-chain setup"); await shell.runCommand("unset NODE_EXTRA_CA_CERTS"); const result = await shell.runCommand( @@ -247,7 +247,7 @@ describe("E2E: NODE_EXTRA_CA_CERTS merging", () => { it(`pip install works with valid NODE_EXTRA_CA_CERTS set`, async () => { const shell = await container.openShell("zsh"); - await shell.runCommand("safe-chain setup --include-python"); + await shell.runCommand("safe-chain setup"); // Create a temporary valid certificate await shell.runCommand("cp /etc/ssl/certs/ca-certificates.crt /tmp/pip-valid-certs.pem"); @@ -265,7 +265,7 @@ describe("E2E: NODE_EXTRA_CA_CERTS merging", () => { it(`pip install handles non-existent NODE_EXTRA_CA_CERTS gracefully`, async () => { const shell = await container.openShell("zsh"); - await shell.runCommand("safe-chain setup --include-python"); + await shell.runCommand("safe-chain setup"); const result = await shell.runCommand( 'export NODE_EXTRA_CA_CERTS="/tmp/nonexistent-pip-certs.pem" && pip3 install --break-system-packages requests' @@ -281,7 +281,7 @@ describe("E2E: NODE_EXTRA_CA_CERTS merging", () => { it(`pip install handles invalid NODE_EXTRA_CA_CERTS gracefully`, async () => { const shell = await container.openShell("zsh"); - await shell.runCommand("safe-chain setup --include-python"); + await shell.runCommand("safe-chain setup"); // Create invalid cert await shell.runCommand( diff --git a/test/e2e/include-python-deprecation.e2e.spec.js b/test/e2e/include-python-deprecation.e2e.spec.js new file mode 100644 index 0000000..a7019b7 --- /dev/null +++ b/test/e2e/include-python-deprecation.e2e.spec.js @@ -0,0 +1,45 @@ +import { describe, it, before, beforeEach, afterEach } from "node:test"; +import { DockerTestContainer } from "./DockerTestContainer.js"; +import assert from "node:assert"; + +describe("E2E: deprecated --include-python handling", () => { + let container; + + before(async () => { + DockerTestContainer.buildImage(); + }); + + beforeEach(async () => { + container = new DockerTestContainer(); + await container.start(); + }); + + afterEach(async () => { + if (container) { + await container.stop(); + container = null; + } + }); + + for (let shell of ["bash", "zsh"]) { + it(`safe-chain setup warns and continues for ${shell}`, async () => { + const sh = await container.openShell(shell); + const result = await sh.runCommand("safe-chain setup --include-python"); + + assert.ok( + result.output.toLowerCase().includes("deprecated and ignored"), + `Expected warning about deprecated --include-python. Output was:\n${result.output}` + ); + }); + + it(`safe-chain setup-ci warns and continues for ${shell}`, async () => { + const sh = await container.openShell(shell); + const result = await sh.runCommand("safe-chain setup-ci --include-python"); + + assert.ok( + result.output.toLowerCase().includes("deprecated and ignored"), + `Expected warning about deprecated --include-python. Output was:\n${result.output}` + ); + }); + } +}); diff --git a/test/e2e/pip-ci.e2e.spec.js b/test/e2e/pip-ci.e2e.spec.js index 85a4a46..49db6ce 100644 --- a/test/e2e/pip-ci.e2e.spec.js +++ b/test/e2e/pip-ci.e2e.spec.js @@ -86,7 +86,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { // Setup safe-chain CI shims const installationShell = await container.openShell(shell); await installationShell.runCommand( - "safe-chain setup-ci --include-python" + "safe-chain setup-ci" ); // Add $HOME/.safe-chain/shims to PATH for subsequent shells @@ -115,7 +115,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { it(`setup-ci routes python -m pip through safe-chain for ${shell}`, async () => { const installationShell = await container.openShell(shell); await installationShell.runCommand( - "safe-chain setup-ci --include-python" + "safe-chain setup-ci" ); await installationShell.runCommand( "echo 'export PATH=\"$HOME/.safe-chain/shims:$PATH\"' >> ~/.zshrc" @@ -138,7 +138,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { it(`setup-ci routes python3 -m pip through safe-chain for ${shell}`, async () => { const installationShell = await container.openShell(shell); await installationShell.runCommand( - "safe-chain setup-ci --include-python" + "safe-chain setup-ci" ); await installationShell.runCommand( "echo 'export PATH=\"$HOME/.safe-chain/shims:$PATH\"' >> ~/.zshrc" @@ -161,7 +161,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { it(`setup-ci routes pip through safe-chain for ${shell}`, async () => { const installationShell = await container.openShell(shell); await installationShell.runCommand( - "safe-chain setup-ci --include-python" + "safe-chain setup-ci" ); await installationShell.runCommand( "echo 'export PATH=\"$HOME/.safe-chain/shims:$PATH\"' >> ~/.zshrc" @@ -184,7 +184,7 @@ describe("E2E: safe-chain setup-ci command for pip/pip3", () => { it(`setup-ci routes pip3 through safe-chain for ${shell}`, async () => { const installationShell = await container.openShell(shell); await installationShell.runCommand( - "safe-chain setup-ci --include-python" + "safe-chain setup-ci" ); await installationShell.runCommand( "echo 'export PATH=\"$HOME/.safe-chain/shims:$PATH\"' >> ~/.zshrc" diff --git a/test/e2e/pip.e2e.spec.js b/test/e2e/pip.e2e.spec.js index e02d1b3..b06978f 100644 --- a/test/e2e/pip.e2e.spec.js +++ b/test/e2e/pip.e2e.spec.js @@ -15,7 +15,7 @@ describe("E2E: pip coverage", () => { await container.start(); const installationShell = await container.openShell("zsh"); - await installationShell.runCommand("safe-chain setup --include-python"); + await installationShell.runCommand("safe-chain setup"); // Clear pip cache before each test to ensure fresh downloads through proxy await installationShell.runCommand("pip3 cache purge"); diff --git a/test/e2e/poetry.e2e.spec.js b/test/e2e/poetry.e2e.spec.js index 3d19783..58b74fd 100644 --- a/test/e2e/poetry.e2e.spec.js +++ b/test/e2e/poetry.e2e.spec.js @@ -15,7 +15,7 @@ describe("E2E: poetry coverage", () => { await container.start(); const installationShell = await container.openShell("zsh"); - await installationShell.runCommand("safe-chain setup --include-python"); + await installationShell.runCommand("safe-chain setup"); // Clear poetry cache await installationShell.runCommand("command poetry cache clear pypi --all -n"); diff --git a/test/e2e/teardown-dirs.e2e.spec.js b/test/e2e/teardown-dirs.e2e.spec.js index 0ed8bf6..853c503 100644 --- a/test/e2e/teardown-dirs.e2e.spec.js +++ b/test/e2e/teardown-dirs.e2e.spec.js @@ -57,20 +57,18 @@ describe("E2E: safe-chain teardown command", () => { assert.ok(checkScriptsGone.output.includes("missing"), "Scripts directory should be removed after teardown"); }); - it("safe-chain teardown removes shims directory created by setup-ci --include-python", async () => { + it("safe-chain teardown removes shims directory created by setup-ci", async () => { const shell = await container.openShell("bash"); - // Run setup-ci with --include-python - await shell.runCommand("safe-chain setup-ci --include-python"); - + // Run setup-ci + await shell.runCommand("safe-chain setup-ci"); // Verify shims directory exists const checkShimsExist = await shell.runCommand("test -d ~/.safe-chain/shims && echo 'exists' || echo 'missing'"); - assert.ok(checkShimsExist.output.includes("exists"), "Shims directory should exist after setup-ci --include-python"); + assert.ok(checkShimsExist.output.includes("exists"), "Shims directory should exist after setup-ci"); // Verify Python shims were created const checkPythonShims = await shell.runCommand("test -f ~/.safe-chain/shims/pip && echo 'exists' || echo 'missing'"); - assert.ok(checkPythonShims.output.includes("exists"), "Python shims should exist after setup-ci --include-python"); - + assert.ok(checkPythonShims.output.includes("exists"), "Python shims should exist after setup-ci"); // Run teardown await shell.runCommand("safe-chain teardown"); @@ -79,15 +77,14 @@ describe("E2E: safe-chain teardown command", () => { assert.ok(checkShimsGone.output.includes("missing"), "Shims directory should be removed after teardown"); }); - it("safe-chain teardown removes scripts directory created by setup --include-python", async () => { + it("safe-chain teardown removes scripts directory created by setup", async () => { const shell = await container.openShell("bash"); - // Run setup with --include-python - await shell.runCommand("safe-chain setup --include-python"); - + // Run setup + await shell.runCommand("safe-chain setup"); // Verify scripts directory exists const checkScriptsExist = await shell.runCommand("test -d ~/.safe-chain/scripts && echo 'exists' || echo 'missing'"); - assert.ok(checkScriptsExist.output.includes("exists"), "Scripts directory should exist after setup --include-python"); + assert.ok(checkScriptsExist.output.includes("exists"), "Scripts directory should exist after setup"); // Run teardown await shell.runCommand("safe-chain teardown"); diff --git a/test/e2e/uv.e2e.spec.js b/test/e2e/uv.e2e.spec.js index 7e9daac..9d5f3b9 100644 --- a/test/e2e/uv.e2e.spec.js +++ b/test/e2e/uv.e2e.spec.js @@ -15,7 +15,7 @@ describe("E2E: uv coverage", () => { await container.start(); const installationShell = await container.openShell("zsh"); - await installationShell.runCommand("safe-chain setup --include-python"); + await installationShell.runCommand("safe-chain setup"); // Clear uv cache await installationShell.runCommand("uv cache clean");