milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
257 commits 61 branches 106 tags 3.3 MiB
Commit graph

85 commits

Author SHA1 Message Date
Sander Declerck
2e1ee0dfa4
Merge pull request #119 from AikidoSec/proxy-unit-tests 
Add tests for the proxy
 2025-10-22 15:47:16 +02:00
Sander Declerck
f4cdf91fc9
Add tests for the proxy 2025-10-22 15:41:33 +02:00
Sander Declerck
1ded3899b0
Commit new tests 2025-10-21 14:56:46 +02:00
Sander Declerck
da865f855d
Fix crash when a package does not contain a version (retracted packages) 2025-10-21 14:29:17 +02:00
Sander Declerck
b935f8d4f4
Merge pull request #105 from AikidoSec/kill-dry-run 
Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead
 2025-10-15 12:04:26 +02:00
bitterpanda
e123c0e019
Merge pull request #106 from AikidoSec/remove-abbrev-package 
Remove abbrev package
 2025-10-15 12:03:07 +02:00
Sander Declerck
05354ba2f0
Add some more comments on why http / https is handled in different code paths 2025-10-15 11:56:03 +02:00
Sander Declerck
3e8ce13db5
Move generated abbrevs to a separate file 2025-10-15 11:51:56 +02:00
Sander Declerck
37ef3e187b
Further cleanup 2025-10-15 09:25:24 +02:00
Sander Declerck
fce7550609
Cleanup debugging code from test again 2025-10-15 09:21:23 +02:00
Sander Declerck
ee82134c19
Proxyres on close and end 2025-10-14 14:54:58 +02:00
Sander Declerck
a2d05b0cf0
More logs 2025-10-14 14:18:33 +02:00
Sander Declerck
2968960b41
Cleanup registryProxy, increase timeout on DockerTestContainer 2025-10-14 13:22:58 +02:00
Sander Declerck
8ed2330a3c
Allow the safe-chain to act as a regular http proxy too (besides the CONNECT tunneling implementation) 2025-10-13 15:49:42 +02:00
Sander Declerck
ea92ea0731
Remove abbrev package 2025-10-10 16:19:38 +02:00
Sander Declerck
8aebb1b96b
Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead 2025-10-10 16:18:43 +02:00
Sander Declerck
4fc33d2387
Add command to get the safe-chain version 2025-10-10 15:34:33 +02:00
Sander Declerck
dc4352bffb
Merge pull request #99 from AikidoSec/remove-sync 
Remove `safeSpawnSync` (unused)
 2025-10-10 15:04:39 +02:00
Hans Ott
2fa14b82f3 Simplify tests 2025-10-10 14:57:28 +02:00
Sander Declerck
831621323b
Merge pull request #101 from AikidoSec/oxlint 
Use oxlint instead of eslint
 2025-10-10 14:54:54 +02:00
Sander Declerck
a377fd6caa
Listen to error events on sockets 2025-10-10 13:55:39 +02:00
Hans Ott
5518846e96
Update packages/safe-chain/package.json 
Co-authored-by: Timo Kössler <info@timokoessler.de>
 2025-10-10 11:45:34 +02:00
Hans Ott
41ab4b1edb Use oxlint instead of eslint 
- Less dev dependencies
- Much faster
- More helpful output
- More sane defaults
- Easier config
 2025-10-09 18:03:45 +02:00
Hans Ott
459f3a5b14 Remove unused import 2025-10-09 17:35:29 +02:00
Hans Ott
0afea0eed6 Remove safeSpawnSync (unused) 2025-10-09 16:44:55 +02:00
Sander Declerck
ad7e94dac4
Add unit tests for yarn environment variables 2025-10-09 15:35:43 +02:00
Sander Declerck
d5620b2d12
Don't set YARN_HTTPS_CA_FILE_PATH, it ignores all system CAs 2025-10-09 14:58:06 +02:00
Sander Declerck
219a189993
Check if a socket is writable before writing to it 2025-10-08 19:32:25 +02:00
Sander Declerck
41e88d422e
Add mention of bun everywhere 2025-10-08 16:42:59 +02:00
Sander Declerck
b08b4e2d4e
Wrap bun with safe-chain to block downloads of packages with malware 2025-10-08 16:42:59 +02:00
Sander Declerck
361b56a715
Merge pull request #85 from AikidoSec/powerrshell-line-explosion-fix 
Fix line explosion on Windows PowerShell
 2025-10-08 15:49:10 +02:00
Sander Declerck
16c76de0f3
Add comment on how safe-chain works with the system proxy. 2025-10-08 11:38:21 +02:00
Sander Declerck
8950d528d5
Fix tests to match new behavior 2025-10-08 10:56:31 +02:00
Sander Declerck
240123372a
Handle PR Comments 2025-10-08 10:49:04 +02:00
Sander Declerck
ea383a18de
Insert proxy settings for npx as well 2025-10-06 16:23:56 +02:00
Sander Declerck
3ef4ed8bad
Update main.js code flow so proxy always gets stopped + add comment on why exit status is handled in bin/aikido-(tool).js 2025-10-06 13:47:38 +02:00
Sander Declerck
ccaa7934ee
Improve cli output. 2025-10-03 16:21:55 +02:00
Sander Declerck
cc4d20e380
Fix line explosion on Windows PowerShell 2025-10-02 15:15:04 +02:00
Sander Declerck
53bfb14fea
Only load the malware database once 2025-10-02 09:20:59 +02:00
Sander Declerck
a6980d5108
Add upstream proxy support 2025-10-02 09:06:35 +02:00
Sander Declerck
60543308f4
Change validity of generateCertForHost to 1 hour. 2025-10-01 10:01:04 +02:00
Sander Declerck
49fd0f5928
Better error-handling when stopping the proxy 2025-10-01 09:24:18 +02:00
Sander Declerck
67304751bd
Handle process exit better + some PR cleanup 2025-10-01 08:53:56 +02:00
Sander Declerck
95663dc5f4
Fix proxy for npm 10.0.0 -> 10.4.0 2025-10-01 08:10:49 +02:00
Sander Declerck
3b145a4695
Create verifyNoMaliciousPackages function in proxy 2025-09-30 15:11:00 +02:00
Sander Declerck
a3f91b8b55
Fix linting issue 2025-09-30 13:53:59 +02:00
Sander Declerck
e2afcb16e3
Implement a proxy blocking tarball requests for packages containing malware. 2025-09-30 13:52:21 +02:00
Sander Declerck
04cb001006
Merge pull request #78 from AikidoSec/fish-test-command-not-working 
init-fish: split up if to prevent expanded args to break the condition
 2025-09-24 15:47:12 +02:00
Sander Declerck
cea4507559
Merge pull request #70 from AikidoSec/non-interactive-terminal-support 
Support for CI/CD
 2025-09-24 15:37:36 +02:00
Sander Declerck
1514fb44c5
init-fish: split up if to prevent expanded args to break the condition 2025-09-24 14:51:32 +02:00