milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
912 commits 61 branches 106 tags 3.3 MiB
Commit graph

487 commits

Author SHA1 Message Date
Reinier Criel
5c431291c7
Fix some logic 2026-02-11 14:23:48 +01:00
Reinier Criel
b7f793f1f9
Attempted fix for powershell swallowing '--' 2026-02-11 14:23:48 +01:00
bitterpanda
3210b68b43
Update packages/safe-chain/src/api/aikido.js 2026-02-11 14:23:48 +01:00
Sander Declerck
0e6d002b4c
Don't swallow error on retry 2026-02-11 14:23:48 +01:00
Sander Declerck
cf8e39c5fd
Handle pr comments 2026-02-11 14:23:48 +01:00
Sander Declerck
4a53a7b20d
Add tests for malware db retry 2026-02-11 14:23:47 +01:00
Sander Declerck
14e94dcb62
Retry downloading the malware database 3 times 2026-02-11 14:23:47 +01:00
bitterpanda
a7388bbdcf
Update packages/safe-chain/src/registryProxy/interceptors/npm/modifyNpmInfo.js 2026-02-11 14:23:47 +01:00
Reinier Criel
2cba4be1aa
Include package name in logging when minimum package age is not met 2026-02-11 14:23:47 +01:00
Sander Declerck
0411a579ae
Wait and poll until proxy starts for max 60s 2026-01-13 10:02:48 +01:00
Sander Declerck
6006760b67
Only inherit io when loglevel verbose 2026-01-12 15:39:26 +01:00
Sander Declerck
9d1f7ac6fd
Use ramaproxy if it's available. 2026-01-12 14:15:30 +01:00
Sander Declerck
595f269f62
Add comment about backwards compat. 2026-01-12 11:20:25 +01:00
Sander Declerck
3573ef2bc5
Allow to configure loglevel through an env variable 2026-01-12 10:50:06 +01:00
Sander Declerck
094d1416ca
Merge pull request #272 from graemechapman/patch-1 
fix: Allow running commands if safe-chain npm package is not installed
 2026-01-07 12:03:19 +01:00
Sander Declerck
8bfbe1c77d
Merge pull request #232 from galargh/pip-custom-registries 
feat: allow python custom registries configuration
 2026-01-05 14:01:51 +01:00
Sander Declerck
74c57cd86a
Merge pull request #262 from AikidoSec/safe-chain-verify-command 
Add command to verify safe-chain is intercepting the package managers commands
 2026-01-05 09:10:05 +01:00
galargh
b23ba9d9c4 chore: update test parametrization 2026-01-02 10:39:15 +01:00
Graeme Chapman
c510d886a9
Simplify command execution in init-posix.sh 2025-12-31 10:57:08 +00:00
Graeme Chapman
a0e19818a0
fix: Allow running commands if safe-chain npm package is not installed 2025-12-31 10:18:58 +00:00
galargh
c53a7347e2 feat: allow python custom registries configuration through config file 2025-12-22 13:49:45 +01:00
galargh
39e2001d97 Merge remote-tracking branch 'origin/main' into pip-custom-registries 2025-12-22 13:27:04 +01:00
jassanw
3b6beb7f16 default to port 443 if port is null or empty 2025-12-19 18:49:58 -08:00
cherryace
bd19f477f7 Using port from req url when creating proxy request instead of hardcoded port 443 2025-12-19 17:57:33 -08:00
Sander Declerck
b571aad6a0
Add command to verify safe-chain is intercepting the package managers commands 2025-12-19 16:18:21 +01:00
Sander Declerck
53c59e35e9
Merge pull request #258 from thomasbecker/fix/connection-timeout-issue-228 
fix: use true connection timeout instead of idle timeout
 2025-12-19 11:05:53 +01:00
Sander Declerck
120e12fd34
Merge pull request #259 from AikidoSec/configure-custom-npm-registries 
Allow to configure custom/private npm registries
 2025-12-19 10:42:51 +01:00
Reinier Criel
bbf5f8189b
Merge pull request #256 from AikidoSec/feature/pipx-2 
Add PIPX support
 2025-12-19 09:41:00 +01:00
Sander Declerck
9f93763b98
Handle code quality comments 2025-12-18 18:18:45 +01:00
Sander Declerck
deb0ad5428
Create a single emptyConfig object 2025-12-18 18:03:09 +01:00
Sander Declerck
e3aa2e15cb
Add npmjs.com to known registries too. 2025-12-18 17:59:15 +01:00
Sander Declerck
41cc24d1f5
Allow to configure custom/prinvate npm registries 2025-12-18 13:52:49 +01:00
Reinier Criel
287bd7a41f Remove redundant comment 2025-12-18 13:41:18 +01:00
Reinier Criel
6ce3791140 Fix check 2025-12-18 13:37:29 +01:00
Thomas Becker
878e549211 fix: use true connection timeout instead of idle timeout 
socket.setTimeout() is an idle timeout in Node.js (node docs)[https://nodejs.org/api/net.html#socketsettimeouttimeout-callback]
- it fires after N ms of inactivity, not N ms after the connection attempt. This
caused false timeout errors after successful data transfers when connections
went idle for longer than the timeout period.

Replace with JS setTimeout() that:
- Fires N ms after connection attempt starts
- Gets cleared on successful connect
- Return 504 Gateway Timeout (more accurate than 502)

Also adds proper close event handlers for socket cleanup.

Fixes #228
 2025-12-18 12:53:49 +01:00
Reinier Criel
28f34a8380 Fix env func 2025-12-18 12:09:28 +01:00
Reinier Criel
a1d348b768 Fix test 2025-12-18 11:45:43 +01:00
Reinier Criel
dbc7272fb4 Some cleanup 2025-12-18 10:43:27 +01:00
Reinier Criel
d2fc531c81 Fix tests and add command support 2025-12-18 10:33:31 +01:00
Reinier Criel
b9de94f0f1 Merge branch 'main' into feature/pipx-2 2025-12-17 14:28:14 +01:00
Reinier Criel
5de43c1bf2 Some modifications 2025-12-17 13:26:14 +01:00
Reinier Criel
3c18ad76f7 Skeleton 2025-12-17 11:37:51 +01:00
bitterpanda
9db8a2cc24
Merge pull request #250 from AikidoSec/bug/py-flag-warning 
Emit deprecation warning when --include-python flag is used
 2025-12-16 15:25:38 +01:00
Reinier Criel
379cd20154 Fix linter issue 2025-12-16 15:05:03 +01:00
Reinier Criel
a47ea153da Simplify 2025-12-16 14:53:30 +01:00
Reinier Criel
037a83e1ff Print warning if deprecated --include-python flag is given 2025-12-16 14:47:53 +01:00
Sander Declerck
316922e9a6
Merge branch 'main' into fix-powershell-install-script-path-separator 2025-12-16 13:06:57 +01:00
Reinier Criel
b0faf9d48d Merge branch 'main' into feature/remove-pypi-flag 2025-12-16 09:05:10 +01:00
Sander Declerck
eb59e98785
Fix path separator on Windows Powershell 2025-12-15 17:50:38 +01:00
Reinier Criel
53e47581d4 Remove unneeded comment 2025-12-15 15:59:24 +01:00