milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into feat/pdm-support

Browse source
This commit is contained in:
Chris Ingram 2026-05-15 08:46:06 +01:00 committed by GitHub
commit bf2d37d114
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 113 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

10
test/e2e/bun.e2e.spec.js
View file

@ -46,8 +46,9 @@ describe("E2E: bun coverage", () => {
var result = await shell.runCommand("bun install");
assert.ok(
result.output.includes("blocked") && result.output.includes("malicious package downloads"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(
@ -65,8 +66,9 @@ describe("E2E: bun coverage", () => {
const result = await shell.runCommand("bunx safe-chain-test");
assert.ok(
result.output.includes("blocked") && result.output.includes("malicious package downloads"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(

5
test/e2e/npm.e2e.spec.js
View file

@ -70,8 +70,9 @@ describe("E2E: npm coverage", () => {
var result = await shell.runCommand("npm install");
assert.ok(
result.output.includes("blocked 1 malicious package downloads"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(

5
test/e2e/pip.e2e.spec.js
View file

@ -131,8 +131,9 @@ describe("E2E: pip coverage", () => {
"pip3 install --break-system-packages numpy==2.4.4 --safe-chain-logging=verbose"
);
assert.ok(
result.output.includes("blocked 1 malicious package downloads:"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads:/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(

5
test/e2e/pnpm.e2e.spec.js
View file

@ -70,8 +70,9 @@ describe("E2E: pnpm coverage", () => {
var result = await shell.runCommand("pnpm install");
assert.ok(
result.output.includes("blocked 1 malicious package downloads"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(

2
test/e2e/rush.e2e.spec.js
View file

@ -109,7 +109,7 @@ describe("E2E: rush coverage", () => {
assert.match(
result.output,
/blocked \d+ malicious package downloads/,
/blocked [1-9]\d* malicious package downloads/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(

2
test/e2e/rushx.e2e.spec.js
View file

@ -57,7 +57,7 @@ describe("E2E: rushx coverage", () => {
assert.match(
result.output,
/blocked \d+ malicious package downloads/,
/blocked [1-9]\d* malicious package downloads/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(

5
test/e2e/safe-chain-cli-python.e2e.spec.js
View file

@ -100,8 +100,9 @@ describe("E2E: safe-chain CLI python/pip support", () => {
"safe-chain pip3 install --break-system-packages numpy==2.4.4"
);
assert.ok(
result.output.includes("blocked 1 malicious package downloads"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads/,
`Should have blocked malware. Output was:\n${result.output}`
);
});

20
test/e2e/uv.e2e.spec.js
View file

@ -129,8 +129,9 @@ describe("E2E: uv coverage", () => {
"uv pip install --system --break-system-packages numpy==2.4.4"
);
assert.ok(
result.output.includes("blocked 1 malicious package downloads:"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads:/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(
@ -416,8 +417,9 @@ describe("E2E: uv coverage", () => {
"cd test-project-malware && uv add numpy==2.4.4"
);
assert.ok(
result.output.includes("blocked 1 malicious package downloads:"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads:/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(
@ -447,8 +449,9 @@ describe("E2E: uv coverage", () => {
const shell = await container.openShell("zsh");
const result = await shell.runCommand("uv tool install numpy==2.4.4");
assert.ok(
result.output.includes("blocked 1 malicious package downloads:"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads:/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(
@ -485,8 +488,9 @@ describe("E2E: uv coverage", () => {
"uv run --with numpy==2.4.4 test_script2.py"
);
assert.ok(
result.output.includes("blocked 1 malicious package downloads:"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads:/,
`Output did not include expected text. Output was:\n${result.output}`
);
});

5
test/e2e/yarn.e2e.spec.js
View file

@ -70,8 +70,9 @@ describe("E2E: yarn coverage", () => {
var result = await shell.runCommand("yarn");
assert.ok(
result.output.includes("blocked 1 malicious package downloads"),
assert.match(
result.output,
/blocked [1-9]\d* malicious package downloads/,
`Output did not include expected text. Output was:\n${result.output}`
);
assert.ok(