AikidoSec-safe-chain

mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 20:20:49 +00:00

Author	SHA1	Message	Date
Hans Ott	ad9551ca6d	Improve types and remove `async`	2025-11-03 11:26:10 +01:00
Hans Ott	86a2b8c2a7	Fix lint	2025-11-01 13:44:48 +01:00
Hans Ott	484cbcd960	Use @typedef {Object} X When you write @typedef {Object} ScanResult, you’re telling both JSDoc and TypeScript’s parser that this typedef represents an object type, not just an abstract name. This is important because it makes tools like IDEs, linters, and TypeScript’s JSDoc inference more reliable. It avoids ambiguity, especially in cases where the typedef might later be confused with something like a primitive, union, or function type. The official TypeScript documentation and the JSDoc spec both show this form as the canonical one for object shapes.	2025-11-01 13:28:11 +01:00
Hans Ott	c88b1a624f	Type check safe-chain package	2025-11-01 13:06:06 +01:00
Sander Declerck	b935f8d4f4	Merge pull request #105 from AikidoSec/kill-dry-run Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead	2025-10-15 12:04:26 +02:00
Sander Declerck	3e8ce13db5	Move generated abbrevs to a separate file	2025-10-15 11:51:56 +02:00
Sander Declerck	ea92ea0731	Remove abbrev package	2025-10-10 16:19:38 +02:00
Sander Declerck	8aebb1b96b	Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead	2025-10-10 16:18:43 +02:00
Sander Declerck	ad7e94dac4	Add unit tests for yarn environment variables	2025-10-09 15:35:43 +02:00
Sander Declerck	d5620b2d12	Don't set YARN_HTTPS_CA_FILE_PATH, it ignores all system CAs	2025-10-09 14:58:06 +02:00
Sander Declerck	43dcba8802	Wrap bun with safe-chain to block downloads of packages with malware	2025-10-08 15:12:06 +02:00
Sander Declerck	ea383a18de	Insert proxy settings for npx as well	2025-10-06 16:23:56 +02:00
Sander Declerck	67304751bd	Handle process exit better + some PR cleanup	2025-10-01 08:53:56 +02:00
Sander Declerck	e2afcb16e3	Implement a proxy blocking tarball requests for packages containing malware.	2025-09-30 13:52:21 +02:00
Sander Declerck	83141d375a	Escape args before running spawn	2025-09-24 14:29:49 +02:00
Sander Declerck	534aeee457	Use execSync instead of spawnSync for pnpm.	2025-09-23 14:32:20 +02:00
Sander Declerck	e557887da9	Merge branch 'main' into pnpm-broken-in-powershell	2025-09-23 14:16:38 +02:00
Sander Declerck	644b51795a	Add logs to diagnose broken pnpm	2025-09-22 15:15:41 +02:00
Sander Declerck	ea7ee5c6b9	Clarify doesCommandReturnNonZero function with a comment.	2025-09-19 13:13:28 +02:00
Sander Declerck	5a5afc1810	Fix liniting error	2025-09-19 08:55:34 +02:00
Sander Declerck	528a60c166	Exit installation when detecting changes failed due to non-zero exit code in dry-run	2025-09-19 08:52:42 +02:00
Sander Declerck	4e3fe7b738	Rely on npm version rather than node version to determine which scanner to use. Fixes #46	2025-09-15 09:39:41 +02:00
Sander Declerck	fdaa60b211	Add coverage for pnpm i alias, fixes #36	2025-09-10 09:25:49 +02:00
Sander Declerck	fd89ef3965	Add coverage for pnpm install command, fixes #32	2025-09-09 08:41:26 +02:00
Sander Declerck	7673d32912	Move safe-chain package to packages/safe-chain	2025-09-05 11:19:37 +02:00

25 commits