milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 20:20:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
1234 commits 61 branches 106 tags 3.3 MiB
Commit graph

120 commits

Author SHA1 Message Date
Chris Ingram
8453012f7b
Merge remote-tracking branch 'aikido/main' into feat/pdm-support 2026-05-14 09:51:31 +01:00
James McMeeking
7ce44b4c62
Remove the unecessary proxy setting 2026-05-08 13:12:40 +01:00
James McMeeking
55f2123f5c
Remove the normalisation bits added in error 2026-05-08 11:25:07 +01:00
James McMeeking
08ae1ef732
Pull parsing logic into distinct file and remove invalid continue 2026-05-08 11:08:58 +01:00
James McMeeking
98a1ba7d10
Add rushx support too 
Co-authored-by: Copilot <copilot@github.com>
 2026-05-01 17:04:38 +01:00
James
84346fdea7
Merge branch 'main' into feature/add-rush-monorepo-support 2026-04-23 16:29:15 +01:00
Chris Ingram
abbe0480b6
Merge branch 'main' into feat/pdm-support 2026-04-22 14:25:32 +01:00
Stephen Benjamin
14c8abffea Add uvx support 
Add uvx as a supported package manager so that `uvx` commands are
routed through safe-chain's MITM proxy for malware detection, just
like `uv`. Previously, `uvx` bypassed all safe-chain protections.

The uvx package manager reuses the existing uv command runner since
uvx is functionally equivalent to `uv tool run`.

Fixes #268

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-14 10:04:10 -04:00
Chris Ingram
1eb4fe05fd Add pdm package manager support 
PDM is a modern Python package manager using pyproject.toml (PEP 621).
Uses the same MITM-only proxy approach as poetry/uv/pipx — all malware
detection and minimum package age enforcement happens at the proxy layer
by intercepting PyPI requests.
 2026-04-06 13:01:42 +01:00
James McMeeking
6f976f6a2b
Address PR comments 2026-04-02 13:03:01 +01:00
James McMeeking
5690e55d99
Add rush command wrapper and tests 2026-04-02 12:31:02 +01:00
root
ce05e82885 fix(cli): remove unused ui imports after error-helper refactor 2026-02-27 01:36:42 +08:00
root
62e262785f fix(cli): surface package manager command execution failures 2026-02-27 01:09:45 +08:00
Reinier Criel
287bd7a41f Remove redundant comment 2025-12-18 13:41:18 +01:00
Reinier Criel
6ce3791140 Fix check 2025-12-18 13:37:29 +01:00
Reinier Criel
28f34a8380 Fix env func 2025-12-18 12:09:28 +01:00
Reinier Criel
a1d348b768 Fix test 2025-12-18 11:45:43 +01:00
Reinier Criel
dbc7272fb4 Some cleanup 2025-12-18 10:43:27 +01:00
Reinier Criel
d2fc531c81 Fix tests and add command support 2025-12-18 10:33:31 +01:00
Reinier Criel
dc6fcb9761 Skeleton 2025-12-15 14:42:58 +01:00
Uriel Corfa
cb9f3ee145
Do not rely on asynchronous import of child_process. 
Importing child_process asynchronously causes loader errors when running the
binary dist:

$ ./dist/safe-chain python --safe-chain-logging=verbose
Safe-chain: Bypassing safe-chain for non-pip invocation: python
Failed to check for malicious packages: A dynamic import callback was not specified.
$

Relying on a regular import does not cause this issue. There is no obvious
reason for this import to be dynamic (in particular, there are no tests using
this to mock the spawn function), so let's simplify.
 2025-12-12 09:09:52 +01:00
Uriel Corfa
db2c272aea
Add a unit test for shouldBypassSafeChain 2025-12-12 09:09:52 +01:00
Uriel Corfa
64d87ae1e1
Flush buffered logs before exiting 2025-12-12 09:09:50 +01:00
Reinier Criel
d9fe775d11 Fix some issues 2025-12-08 15:18:06 -08:00
bitterpanda
15cc6ff7fe
Merge pull request #178 from AikidoSec/feature/poetry-2 
Add Poetry support
 2025-12-05 15:56:20 +01:00
Reinier Criel
e211f531c5 Refactor PyPI logic and cleanup 2025-12-04 12:37:59 -08:00
Reinier Criel
c1a12c9573 Merge branch 'main' into feature/poetry-2 2025-12-03 07:41:52 -08:00
Reinier Criel
795e7af23e Clean up comments 2025-12-02 08:44:43 -08:00
Reinier Criel
a4f9f590a4 Don't modify config for config related commands 2025-12-02 08:31:47 -08:00
Reinier Criel
292345f709 Fix some comments 2025-12-01 12:45:06 -08:00
Reinier Criel
4bfc315b57 Skeleton 2025-11-26 14:13:49 -08:00
Reinier Criel
023bccec11 Some more cleanup 2025-11-25 19:55:36 -08:00
Reinier Criel
5cb1bb935b More cleanup' 2025-11-25 15:03:33 -08:00
Reinier Criel
e03bceba88 Some cleanup 2025-11-25 14:37:31 -08:00
Reinier Criel
cab3a0aba3 Add uv (Astral Python package manager) support 
- Add uv package manager implementation following pip pattern
- Configure MITM proxy with CA bundle for PyPI packages
- Add shell integration (bash/zsh/fish/PowerShell)
- Conditional on --include-python flag
- Add 33 comprehensive E2E tests covering:
  - uv pip install/sync/compile commands
  - uv add for project dependencies
  - uv tool install for global tools
  - uv run --with for ephemeral dependencies
  - uv sync for project syncing
  - Malware blocking verification for all methods
- Update documentation and package.json
- Install uv in Docker test environment
 2025-11-25 14:10:20 -08:00
Reinier Criel
72bf44cb6d Fix linting issue 2025-11-21 10:31:57 -08:00
Reinier Criel
ab1aa0dce9 Little cleanup 2025-11-21 09:58:43 -08:00
Reinier Criel
0a0ac85542 Adapt per review 2025-11-21 09:41:07 -08:00
bitterpanda
f030b16adf
rm obvious comments 2025-11-21 13:33:33 +01:00
Reinier Criel
0e5b9b23f1 Fix tests 2025-11-17 10:18:47 -08:00
Reinier Criel
87fcb7239a Adapt per review 2025-11-17 10:03:38 -08:00
Reinier Criel
7039961d4c Bugfix 2025-11-13 15:50:37 -08:00
Reinier Criel
0b3cc1c175 Some more cleanup 2025-11-13 15:50:14 -08:00
Reinier Criel
4ee18973de Fix unit test 2025-11-13 12:48:04 -08:00
Reinier Criel
a0e24b1722 Update comments 2025-11-13 11:21:53 -08:00
Reinier Criel
61c9f1a1ef Merge config file if it exists 2025-11-13 11:14:45 -08:00
Reinier Criel
fbd11c6d44 Update 2025-11-12 14:01:06 -08:00
Reinier Criel
285906ea9d Update doc 2025-11-12 13:39:58 -08:00
Reinier Criel
f215368c4a Some small fixes 2025-11-12 13:30:22 -08:00
Reinier Criel
fdef9e0766 Some tweaks 2025-11-12 13:11:02 -08:00