diff --git a/README.md b/README.md index 6cbb445..09cf48d 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,25 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst 2. **Verify the installation** by running one of the following commands: + **Quick verification** (recommended): + + For JavaScript/Node.js package managers: + + ```shell + npm safe-chain-verify + ``` + + For Python package managers (if you enabled Python support): + + ```shell + pip3 safe-chain-verify + ``` + + - This command quickly confirms that Safe Chain is intercepting package manager commands. You should see the output: `Safe-chain: Ok` + - You can use this with any supported package manager: `npx safe-chain-verify`, `yarn safe-chain-verify`, `pnpm safe-chain-verify`, `bun safe-chain-verify`, etc. + + **Full verification with malware test**: + For JavaScript/Node.js: ```shell diff --git a/docs/shell-integration.md b/docs/shell-integration.md index e7afbe5..750d30e 100644 --- a/docs/shell-integration.md +++ b/docs/shell-integration.md @@ -85,7 +85,28 @@ This means the shell functions are working but the Aikido commands aren't instal To verify the integration is working, follow these steps: -1. **Check if startup scripts were sourced in your shell startup file:** +1. **Quick verification using the built-in test command (recommended):** + + After restarting your terminal, run the verification command: + + ```bash + npm safe-chain-verify + ``` + + You should see the output: `Safe-chain: Ok` + + This confirms that Safe Chain is successfully intercepting package manager commands. You can use this command with any supported package manager: + + - `npm safe-chain-verify` + - `yarn safe-chain-verify` + - `pnpm safe-chain-verify` + - `bun safe-chain-verify` + - `pip safe-chain-verify` (if Python support is enabled) + - `pip3 safe-chain-verify` (if Python support is enabled) + + If you don't see this output, Safe Chain is not intercepting commands correctly - proceed to the steps below. + +2. **Check if startup scripts were sourced in your shell startup file:** - **For Bash**: Open `~/.bashrc` in your text editor - **For Zsh**: Open `~/.zshrc` in your text editor @@ -94,16 +115,16 @@ To verify the integration is working, follow these steps: Look for lines that source the Safe Chain startup scripts from `~/.safe-chain/scripts/` -2. **Test that shell functions are active in your terminal:** +3. **Test that shell functions are active in your terminal:** After restarting your terminal, run these commands: - `npm --version` - Should show output from the Aikido-wrapped version - `type npm` - Should show that `npm` is a function -3. **If you need to remove the integration manually:** +4. **If you need to remove the integration manually:** - Edit the same startup file from step 1 and delete any lines that source Safe Chain scripts from `~/.safe-chain/scripts/`. + Edit the same startup file from step 2 and delete any lines that source Safe Chain scripts from `~/.safe-chain/scripts/`. ## Manual Setup diff --git a/packages/safe-chain/src/main.js b/packages/safe-chain/src/main.js index ad57dcf..9565e2e 100644 --- a/packages/safe-chain/src/main.js +++ b/packages/safe-chain/src/main.js @@ -38,6 +38,9 @@ export async function main(args) { // This parses all the --safe-chain arguments and removes them from the args array args = initializeCliArguments(args); + // Handle verification command to test if safe-chain is intercepting package manager commands + // Users can run: npm safe-chain-verify, yarn safe-chain-verify, pip safe-chain-verify, etc. + // This confirms the shell integration is working correctly without performing any package operations if (args[0] === "safe-chain-verify") { ui.writeInformation("Safe-chain: Ok"); return 0;