milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 20:20:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
292 commits 61 branches 106 tags 3.3 MiB
Commit graph

114 commits

Author SHA1 Message Date
Hans Ott
0cfce2d436 Revert "Example of mistake" 
This reverts commit b489fe822c.
 2025-11-02 15:29:36 +01:00
Hans Ott
b489fe822c Example of mistake 2025-11-02 15:29:23 +01:00
Hans Ott
e164eb8b95 Reduce diff 2025-11-01 13:47:13 +01:00
Hans Ott
86a2b8c2a7 Fix lint 2025-11-01 13:44:48 +01:00
Hans Ott
484cbcd960 Use @typedef {Object} X 
When you write @typedef {Object} ScanResult, you’re telling both JSDoc and TypeScript’s parser that this typedef represents an object type, not just an abstract name. This is important because it makes tools like IDEs, linters, and TypeScript’s JSDoc inference more reliable. It avoids ambiguity, especially in cases where the typedef might later be confused with something like a primitive, union, or function type. The official TypeScript documentation and the JSDoc spec both show this form as the canonical one for object shapes.
 2025-11-01 13:28:11 +01:00
Hans Ott
29dd63d1eb Reduce diff 2025-11-01 13:26:15 +01:00
Hans Ott
4f14859351 Fix check 2025-11-01 13:24:57 +01:00
Hans Ott
6f962a9299 Use Node.js 18 types 2025-11-01 13:09:08 +01:00
Hans Ott
c88b1a624f Type check safe-chain package 2025-11-01 13:06:06 +01:00
Sander Declerck
3721ca9113
Fix linter issues 2025-10-31 13:56:35 +01:00
Sander Declerck
78fd93b72a
End clientsocket without 502 in case of proxySocket error 2025-10-31 11:41:39 +01:00
Sander Declerck
4dc14397ad
Use correct event name in comment (error) 2025-10-31 11:40:01 +01:00
Sander Declerck
df5c424a42
Add missing import (ui) in mitmRequestHandler.js 2025-10-31 11:38:39 +01:00
Sander Declerck
bae43d0dcd
MITM handler: Close the response on server error 2025-10-31 11:38:16 +01:00
Sander Declerck
efb0044419
Add global exception handlers 2025-10-31 10:26:56 +01:00
Sander Declerck
65c9ca62de
Subscribe to more error events to prevent the process from crashing 2025-10-31 09:39:16 +01:00
Sander Declerck
ab3319a310
Remove --safe-chain-malware-action flag 2025-10-27 11:51:19 +01:00
Sander Declerck
95d9cefcc9
Merge pull request #123 from AikidoSec/logging-silent-mode 
Introduce silent mode to disable logging
 2025-10-27 11:29:26 +01:00
Sander Declerck
23c8a2e324
Merge pull request #91 from AikidoSec/escape-special-chars-in-shell 
Escape special chars in shell scripts
 2025-10-27 11:29:09 +01:00
Sander Declerck
0029a7e1c1
Add extra comments for regex clarification 2025-10-27 10:49:26 +01:00
Sander Declerck
f5f3b91b40
Test if command is safe to execute 2025-10-24 17:36:51 +02:00
Sander Declerck
0f164d055f
Fix mocking in tests 2025-10-23 17:48:26 +02:00
Sander Declerck
9a78cafbfd
Introduce silent mode to disable logging 2025-10-23 17:45:03 +02:00
Sander Declerck
7a55be49f4
Fix linting error 2025-10-23 13:29:14 +02:00
Sander Declerck
08c1328b52
Cleanup code, add some tests 2025-10-23 13:23:08 +02:00
Sander Declerck
c74c23b0ff
Fix unit tests 2025-10-23 10:52:03 +02:00
Sander Declerck
8447d3cac5
Merge branch 'main' into escape-special-chars-in-shell 2025-10-23 09:52:38 +02:00
Hans Ott
7e72ae7d3d
On Unix/macOS, pass args to spawn to avoid escaping issues 2025-10-23 09:46:15 +02:00
Sander Declerck
2e1ee0dfa4
Merge pull request #119 from AikidoSec/proxy-unit-tests 
Add tests for the proxy
 2025-10-22 15:47:16 +02:00
Sander Declerck
f4cdf91fc9
Add tests for the proxy 2025-10-22 15:41:33 +02:00
Sander Declerck
1ded3899b0
Commit new tests 2025-10-21 14:56:46 +02:00
Sander Declerck
da865f855d
Fix crash when a package does not contain a version (retracted packages) 2025-10-21 14:29:17 +02:00
Sander Declerck
b935f8d4f4
Merge pull request #105 from AikidoSec/kill-dry-run 
Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead
 2025-10-15 12:04:26 +02:00
bitterpanda
e123c0e019
Merge pull request #106 from AikidoSec/remove-abbrev-package 
Remove abbrev package
 2025-10-15 12:03:07 +02:00
Sander Declerck
05354ba2f0
Add some more comments on why http / https is handled in different code paths 2025-10-15 11:56:03 +02:00
Sander Declerck
3e8ce13db5
Move generated abbrevs to a separate file 2025-10-15 11:51:56 +02:00
Sander Declerck
37ef3e187b
Further cleanup 2025-10-15 09:25:24 +02:00
Sander Declerck
fce7550609
Cleanup debugging code from test again 2025-10-15 09:21:23 +02:00
Sander Declerck
ee82134c19
Proxyres on close and end 2025-10-14 14:54:58 +02:00
Sander Declerck
a2d05b0cf0
More logs 2025-10-14 14:18:33 +02:00
Sander Declerck
2968960b41
Cleanup registryProxy, increase timeout on DockerTestContainer 2025-10-14 13:22:58 +02:00
Sander Declerck
8ed2330a3c
Allow the safe-chain to act as a regular http proxy too (besides the CONNECT tunneling implementation) 2025-10-13 15:49:42 +02:00
Sander Declerck
ea92ea0731
Remove abbrev package 2025-10-10 16:19:38 +02:00
Sander Declerck
8aebb1b96b
Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead 2025-10-10 16:18:43 +02:00
Sander Declerck
4fc33d2387
Add command to get the safe-chain version 2025-10-10 15:34:33 +02:00
Sander Declerck
dc4352bffb
Merge pull request #99 from AikidoSec/remove-sync 
Remove `safeSpawnSync` (unused)
 2025-10-10 15:04:39 +02:00
Hans Ott
2fa14b82f3 Simplify tests 2025-10-10 14:57:28 +02:00
Sander Declerck
831621323b
Merge pull request #101 from AikidoSec/oxlint 
Use oxlint instead of eslint
 2025-10-10 14:54:54 +02:00
Sander Declerck
a377fd6caa
Listen to error events on sockets 2025-10-10 13:55:39 +02:00
Hans Ott
5518846e96
Update packages/safe-chain/package.json 
Co-authored-by: Timo Kössler <info@timokoessler.de>
 2025-10-10 11:45:34 +02:00