Skeleton

package-lock.json

@@ -1724,6 +1724,7 @@
         "aikido-bunx": "bin/aikido-bunx.js",
         "aikido-npm": "bin/aikido-npm.js",
         "aikido-npx": "bin/aikido-npx.js",
+        "aikido-pip": "bin/aikido-pip.js",
         "aikido-pnpm": "bin/aikido-pnpm.js",
         "aikido-pnpx": "bin/aikido-pnpx.js",
         "aikido-yarn": "bin/aikido-yarn.js",

packages/safe-chain/bin/aikido-pip.js

@@ -2,8 +2,33 @@
 
 import { main } from "../src/main.js";
 import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
-const packageManagerName = "pip";
+
+// Defaults
+let packageManagerName = "pip";
+let targetVersionMajor;
+
+// Copy argv so we can mutate while parsing
+const argv = process.argv.slice(2);
+
+for (let i = 0; i < argv.length; i++) {
+	const a = argv[i];
+
+  // --target-version-major
+	if (a === "--target-version-major" && i + 1 < argv.length) {
+    console.log("Setting targetVersionMajor from CLI arg:", argv[i + 1]);
+		targetVersionMajor = argv[i + 1];
+		argv.splice(i, 2);
+		i -= 1;
+		continue;
+	}
+}
+
+// If the user explicitly called python3, prefer pip3
+if (targetVersionMajor && String(targetVersionMajor).trim() === "3") {
+  packageManagerName = "pip3";
+}
+
 initializePackageManager(packageManagerName);
-var exitCode = await main(process.argv.slice(2));
+var exitCode = await main(argv);
 
 process.exit(exitCode);

packages/safe-chain/src/main.js

@@ -12,6 +12,7 @@ export async function main(args) {
   await proxy.startServer();
 
   try {
+    console.log(chalk.blueBright.bold("main.js: Scanning for malicious packages..."));
     // This parses all the --safe-chain arguments and removes them from the args array
     args = initializeCliArguments(args);
 

packages/safe-chain/src/packagemanager/currentPackageManager.js

@@ -9,11 +9,14 @@ import {
   createPnpxPackageManager,
 } from "./pnpm/createPackageManager.js";
 import { createYarnPackageManager } from "./yarn/createPackageManager.js";
+import { createPipPackageManager } from "./pip/createPipPackageManager.js";
 
 const state = {
   packageManagerName: null,
 };
 
+const PIP_COMMANDS = new Set(["pip", "pip3"]);
+
 export function initializePackageManager(packageManagerName) {
   if (packageManagerName === "npm") {
     state.packageManagerName = createNpmPackageManager();
@@ -29,6 +32,8 @@ export function initializePackageManager(packageManagerName) {
     state.packageManagerName = createBunPackageManager();
   } else if (packageManagerName === "bunx") {
     state.packageManagerName = createBunxPackageManager();
+  } else if (PIP_COMMANDS.has(packageManagerName)) {
+    state.packageManagerName = createPipPackageManager(packageManagerName);
   } else {
     throw new Error("Unsupported package manager: " + packageManagerName);
   }

packages/safe-chain/src/packagemanager/pip/createPipPackageManager.js

@@ -2,9 +2,14 @@ import { ui } from "../../environment/userInteraction.js";
 import { safeSpawn } from "../../utils/safeSpawn.js";
 import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
 
-export function createPipPackageManager() {
+/**
+ * Creates a package manager interface for Python's pip package installer
+ * 
+ * @param {string} [command="pip"] - The pip command to use (e.g., "pip", "pip3") defaults to "pip"
+ */
+export function createPipPackageManager(command = "pip") {
   return {
-    runCommand: (args) => runPipCommand("pip3", args),
+    runCommand: (args) => runPipCommand(command, args),
 
     // For pip, set proxy server
     isSupportedCommand: () => false,

packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh

@@ -51,13 +51,14 @@ function bunx() {
 }
 
 function pip() {
-  wrapSafeChainCommand "pip" "aikido-pip" "$@"
+  wrapSafeChainCommand "pip" "aikido-pip" --target-version-major "2" "$@"
 }
 
 function pip3() {
-  wrapSafeChainCommand "pip3" "aikido-pip" "$@"
+  wrapSafeChainCommand "pip3" "aikido-pip" --target-version-major "3" "$@"
 }
 
+
 function npm() {
   if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
     # If args is just -v or --version and nothing else, just run the npm version command