milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add minimum package age check for pypi

Browse source
This commit is contained in:
Reinier Criel 2026-03-28 10:15:13 -07:00
parent 2c8a1b4972
commit fd6fb456b4
22 changed files with 516 additions and 273 deletions
Download patch file Download diff file Expand all files Collapse all files

13
packages/safe-chain/src/config/configFile.js
View file

@ -129,18 +129,21 @@ export function getPipCustomRegistries() {
}
/**
* Gets the minimum package age exclusions from the config file
* Gets the minimum package age exclusions from the config file for the current ecosystem
* @returns {string[]}
*/
export function getNpmMinimumPackageAgeExclusions() {
export function getMinimumPackageAgeExclusions() {
const config = readConfigFile();
const ecosystem = getEcoSystem();
const registryConfig = ecosystem === "py" ? config.pip : config.npm;
if (!config || !config.npm) {
if (!config || !registryConfig) {
return [];
}
const npmConfig = /** @type {SafeChainRegistryConfiguration} */ (config.npm);
const exclusions = npmConfig.minimumPackageAgeExclusions;
const typedRegistryConfig =
/** @type {SafeChainRegistryConfiguration} */ (registryConfig);
const exclusions = typedRegistryConfig.minimumPackageAgeExclusions;
if (!Array.isArray(exclusions)) {
return [];