milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 20:20:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
867 commits 61 branches 106 tags 3.3 MiB
Commit graph

107 commits

Author SHA1 Message Date
Reinier Criel
f0a3ae51db Only use mitm for pip packages 2025-11-05 08:34:40 -08:00
Reinier Criel
2b6b9b6737 Cleanup comments 2025-11-04 06:59:45 -08:00
Reinier Criel
d789491561 Merge branch 'main' into feature/pypi 2025-11-04 06:54:00 -08:00
Sander Declerck
497401e8e0
Remove yarn version check 2025-11-04 13:18:36 +01:00
Reinier Criel
f7e08bbea8 Fix more documentation issues 2025-11-03 10:44:12 -08:00
Reinier Criel
2accf954ca Fix more documentation issues 2025-11-03 10:20:05 -08:00
Reinier Criel
dadb1a3fba Adapt runPipCommand.js documentation 2025-11-03 09:55:39 -08:00
Reinier Criel
181470d764 Clean up 2025-11-03 09:49:06 -08:00
Reinier Criel
e65b857667 Adapt comments to align with other package managers 2025-11-03 09:47:16 -08:00
Reinier Criel
a2fb94d0f0 Fix type check issues 2025-11-03 07:13:36 -08:00
Reinier Criel
27ca2153b0 Fix warnings 2025-11-03 06:51:14 -08:00
Reinier Criel
548d416996 Merge remote-tracking branch 'origin/main' into feature/pypi 2025-11-03 06:49:53 -08:00
Sander Declerck
14c4c4997e
Remove @ts-expect-error suppressions 2025-11-03 13:57:29 +01:00
Hans Ott
ad9551ca6d Improve types and remove async 2025-11-03 11:26:10 +01:00
Hans Ott
86a2b8c2a7 Fix lint 2025-11-01 13:44:48 +01:00
Hans Ott
484cbcd960 Use @typedef {Object} X 
When you write @typedef {Object} ScanResult, you’re telling both JSDoc and TypeScript’s parser that this typedef represents an object type, not just an abstract name. This is important because it makes tools like IDEs, linters, and TypeScript’s JSDoc inference more reliable. It avoids ambiguity, especially in cases where the typedef might later be confused with something like a primitive, union, or function type. The official TypeScript documentation and the JSDoc spec both show this form as the canonical one for object shapes.
 2025-11-01 13:28:11 +01:00
Hans Ott
c88b1a624f Type check safe-chain package 2025-11-01 13:06:06 +01:00
Reinier Criel
c2a9cc2733 Move pipCaBundle to central location 2025-10-31 07:51:26 -07:00
Reinier Criel
d691c614ac Cleanup 2025-10-30 20:19:16 -07:00
Reinier Criel
f38a12c6d5 Combine certificates 2025-10-30 16:00:32 -07:00
Reinier Criel
1755fe829c Make test a little safer 2025-10-30 12:52:10 -07:00
Reinier Criel
8b7784ecc0 Omly pass --cert when using known registry 2025-10-30 12:36:32 -07:00
Reinier Criel
86ce7ac45e Remove unused var 2025-10-28 15:44:36 -07:00
Reinier Criel
a17e14c988 Ensure that --cert parameters do not get overriden 2025-10-28 15:02:59 -07:00
Reinier Criel
70dc89c3e8 Simplify setting certificates 2025-10-28 13:56:27 -07:00
Reinier Criel
b886bb1cfe Call safeSpawn iso safeSpawnPy 2025-10-28 13:38:31 -07:00
Reinier Criel
190607de92 Adapt per review 2025-10-27 09:23:47 -07:00
Reinier Criel
38d3b46939 Some more cleanup 2025-10-25 14:03:19 -07:00
Reinier Criel
9914c0ccb3 Some fixes 2025-10-24 13:47:22 -07:00
Reinier Criel
6b2db6dace Fix ranges issue 2025-10-24 13:14:57 -07:00
Reinier Criel
059cba06bc Implement e2e tests 2025-10-23 11:41:13 -07:00
Reinier Criel
1fdb15a392 Fix some border cases 2025-10-23 09:14:05 -07:00
Reinier Criel
1b82aeb6b0 Adapt the structure to parse the initial pip commands 2025-10-22 15:28:27 -07:00
Reinier Criel
982da4aa77 more cleanup 2025-10-22 15:16:53 -07:00
Reinier Criel
f086aeb2be Skeleton 2025-10-22 06:59:32 -07:00
Reinier Criel
d0f2edec0a Skeleton 2025-10-21 15:25:12 -07:00
Sander Declerck
b935f8d4f4
Merge pull request #105 from AikidoSec/kill-dry-run 
Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead
 2025-10-15 12:04:26 +02:00
Sander Declerck
3e8ce13db5
Move generated abbrevs to a separate file 2025-10-15 11:51:56 +02:00
Sander Declerck
ea92ea0731
Remove abbrev package 2025-10-10 16:19:38 +02:00
Sander Declerck
8aebb1b96b
Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead 2025-10-10 16:18:43 +02:00
Sander Declerck
ad7e94dac4
Add unit tests for yarn environment variables 2025-10-09 15:35:43 +02:00
Sander Declerck
d5620b2d12
Don't set YARN_HTTPS_CA_FILE_PATH, it ignores all system CAs 2025-10-09 14:58:06 +02:00
Sander Declerck
43dcba8802
Wrap bun with safe-chain to block downloads of packages with malware 2025-10-08 15:12:06 +02:00
Sander Declerck
ea383a18de
Insert proxy settings for npx as well 2025-10-06 16:23:56 +02:00
Sander Declerck
67304751bd
Handle process exit better + some PR cleanup 2025-10-01 08:53:56 +02:00
Sander Declerck
e2afcb16e3
Implement a proxy blocking tarball requests for packages containing malware. 2025-09-30 13:52:21 +02:00
Sander Declerck
83141d375a
Escape args before running spawn 2025-09-24 14:29:49 +02:00
Sander Declerck
534aeee457
Use execSync instead of spawnSync for pnpm. 2025-09-23 14:32:20 +02:00
Sander Declerck
e557887da9
Merge branch 'main' into pnpm-broken-in-powershell 2025-09-23 14:16:38 +02:00
Sander Declerck
644b51795a
Add logs to diagnose broken pnpm 2025-09-22 15:15:41 +02:00