AikidoSec-safe-chain

mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00

Author	SHA1	Message	Date
Hans Ott	7e72ae7d3d	On Unix/macOS, pass args to `spawn` to avoid escaping issues	2025-10-23 09:46:15 +02:00
Reinier Criel	1b82aeb6b0	Adapt the structure to parse the initial pip commands	2025-10-22 15:28:27 -07:00
Reinier Criel	982da4aa77	more cleanup	2025-10-22 15:16:53 -07:00
Reinier Criel	fbb7e0f95f	Add tests	2025-10-22 14:51:44 -07:00
Reinier Criel	1f707c1e13	Add cert	2025-10-22 09:43:40 -07:00
Reinier Criel	246071363a	Merge branch 'main' into feature/pypi	2025-10-22 07:15:17 -07:00
Reinier Criel	8b9ffc28ed	Some cleanup	2025-10-22 07:04:35 -07:00
Reinier Criel	f086aeb2be	Skeleton	2025-10-22 06:59:32 -07:00
Sander Declerck	2e1ee0dfa4	Merge pull request #119 from AikidoSec/proxy-unit-tests Add tests for the proxy	2025-10-22 15:47:16 +02:00
Sander Declerck	f4cdf91fc9	Add tests for the proxy	2025-10-22 15:41:33 +02:00
Reinier Criel	d0f2edec0a	Skeleton	2025-10-21 15:25:12 -07:00
Sander Declerck	1ded3899b0	Commit new tests	2025-10-21 14:56:46 +02:00
Sander Declerck	da865f855d	Fix crash when a package does not contain a version (retracted packages)	2025-10-21 14:29:17 +02:00
Sander Declerck	b935f8d4f4	Merge pull request #105 from AikidoSec/kill-dry-run Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead	2025-10-15 12:04:26 +02:00
bitterpanda	e123c0e019	Merge pull request #106 from AikidoSec/remove-abbrev-package Remove abbrev package	2025-10-15 12:03:07 +02:00
Sander Declerck	05354ba2f0	Add some more comments on why http / https is handled in different code paths	2025-10-15 11:56:03 +02:00
Sander Declerck	3e8ce13db5	Move generated abbrevs to a separate file	2025-10-15 11:51:56 +02:00
Sander Declerck	37ef3e187b	Further cleanup	2025-10-15 09:25:24 +02:00
Sander Declerck	fce7550609	Cleanup debugging code from test again	2025-10-15 09:21:23 +02:00
Sander Declerck	ee82134c19	Proxyres on close and end	2025-10-14 14:54:58 +02:00
Sander Declerck	a2d05b0cf0	More logs	2025-10-14 14:18:33 +02:00
Sander Declerck	2968960b41	Cleanup registryProxy, increase timeout on DockerTestContainer	2025-10-14 13:22:58 +02:00
Sander Declerck	8ed2330a3c	Allow the safe-chain to act as a regular http proxy too (besides the CONNECT tunneling implementation)	2025-10-13 15:49:42 +02:00
Sander Declerck	ea92ea0731	Remove abbrev package	2025-10-10 16:19:38 +02:00
Sander Declerck	8aebb1b96b	Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead	2025-10-10 16:18:43 +02:00
Sander Declerck	4fc33d2387	Add command to get the safe-chain version	2025-10-10 15:34:33 +02:00
Sander Declerck	dc4352bffb	Merge pull request #99 from AikidoSec/remove-sync Remove `safeSpawnSync` (unused)	2025-10-10 15:04:39 +02:00
Hans Ott	2fa14b82f3	Simplify tests	2025-10-10 14:57:28 +02:00
Sander Declerck	831621323b	Merge pull request #101 from AikidoSec/oxlint Use oxlint instead of eslint	2025-10-10 14:54:54 +02:00
Sander Declerck	a377fd6caa	Listen to error events on sockets	2025-10-10 13:55:39 +02:00
Hans Ott	5518846e96	Update packages/safe-chain/package.json Co-authored-by: Timo Kössler <info@timokoessler.de>	2025-10-10 11:45:34 +02:00
Hans Ott	41ab4b1edb	Use oxlint instead of eslint - Less dev dependencies - Much faster - More helpful output - More sane defaults - Easier config	2025-10-09 18:03:45 +02:00
Hans Ott	459f3a5b14	Remove unused import	2025-10-09 17:35:29 +02:00
Hans Ott	0afea0eed6	Remove `safeSpawnSync` (unused)	2025-10-09 16:44:55 +02:00
Sander Declerck	ad7e94dac4	Add unit tests for yarn environment variables	2025-10-09 15:35:43 +02:00
Sander Declerck	d5620b2d12	Don't set YARN_HTTPS_CA_FILE_PATH, it ignores all system CAs	2025-10-09 14:58:06 +02:00
Sander Declerck	219a189993	Check if a socket is writable before writing to it	2025-10-08 19:32:25 +02:00
Sander Declerck	41e88d422e	Add mention of bun everywhere	2025-10-08 16:42:59 +02:00
Sander Declerck	b08b4e2d4e	Wrap bun with safe-chain to block downloads of packages with malware	2025-10-08 16:42:59 +02:00
Sander Declerck	361b56a715	Merge pull request #85 from AikidoSec/powerrshell-line-explosion-fix Fix line explosion on Windows PowerShell	2025-10-08 15:49:10 +02:00
Sander Declerck	16c76de0f3	Add comment on how safe-chain works with the system proxy.	2025-10-08 11:38:21 +02:00
Sander Declerck	8950d528d5	Fix tests to match new behavior	2025-10-08 10:56:31 +02:00
Sander Declerck	240123372a	Handle PR Comments	2025-10-08 10:49:04 +02:00
Sander Declerck	486a4b8f68	Escape special chars in shell scripts	2025-10-06 16:25:12 +02:00
Sander Declerck	ea383a18de	Insert proxy settings for npx as well	2025-10-06 16:23:56 +02:00
Sander Declerck	3ef4ed8bad	Update main.js code flow so proxy always gets stopped + add comment on why exit status is handled in bin/aikido-(tool).js	2025-10-06 13:47:38 +02:00
Sander Declerck	ccaa7934ee	Improve cli output.	2025-10-03 16:21:55 +02:00
Sander Declerck	cc4d20e380	Fix line explosion on Windows PowerShell	2025-10-02 15:15:04 +02:00
Sander Declerck	53bfb14fea	Only load the malware database once	2025-10-02 09:20:59 +02:00
Sander Declerck	a6980d5108	Add upstream proxy support	2025-10-02 09:06:35 +02:00

1 2 3 4

195 commits