AikidoSec-safe-chain

mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00

Author	SHA1	Message	Date
Sander Declerck	b060cec580	Revert "Add safe-chain-test for verification" This reverts commit `7b8a945875`.	2025-12-16 13:35:41 +01:00
Sander Declerck	7b8a945875	Add safe-chain-test for verification	2025-12-16 13:34:14 +01:00
Reinier Criel	c1a12c9573	Merge branch 'main' into feature/poetry-2	2025-12-03 07:41:52 -08:00
Sander Declerck	ab446e081d	Restore fork	2025-11-28 16:33:09 +01:00
Sander Declerck	8d82d4d56f	Clean up the PR	2025-11-28 16:28:45 +01:00
Sander Declerck	35ab58c440	Try package downgrade	2025-11-28 15:53:38 +01:00
Reinier Criel	7ab51a992c	Merge branch 'main' into feature/poetry-2	2025-11-27 12:54:55 -08:00
Sander Declerck	afbf3d94c2	Merge branch 'main' into safe-chain-binaries	2025-11-27 15:14:52 +01:00
Sander Declerck	b14ff4cb33	First time build of the safe-chain binaries	2025-11-27 15:01:57 +01:00
Sander Declerck	c5b4fbf238	Update node-forge, npm-registry-fetch and make-fetch-happen	2025-11-27 10:34:11 +01:00
Reinier Criel	4bfc315b57	Skeleton	2025-11-26 14:13:49 -08:00
Reinier Criel	cab3a0aba3	Add uv (Astral Python package manager) support - Add uv package manager implementation following pip pattern - Configure MITM proxy with CA bundle for PyPI packages - Add shell integration (bash/zsh/fish/PowerShell) - Conditional on --include-python flag - Add 33 comprehensive E2E tests covering: - uv pip install/sync/compile commands - uv add for project dependencies - uv tool install for global tools - uv run --with for ephemeral dependencies - uv sync for project syncing - Malware blocking verification for all methods - Update documentation and package.json - Install uv in Docker test environment	2025-11-25 14:10:20 -08:00
Sander Declerck	c8df7566b5	Remove ora dependency	2025-11-25 14:22:31 +01:00
Reinier Criel	474d91d29a	Indentation	2025-11-13 13:32:49 -08:00
Reinier Criel	f4ff18304a	Fix imports	2025-11-13 13:20:11 -08:00
Reinier Criel	61c9f1a1ef	Merge config file if it exists	2025-11-13 11:14:45 -08:00
Reinier Criel	f400c5576a	WIP	2025-11-06 08:32:25 -08:00
Reinier Criel	548d416996	Merge remote-tracking branch 'origin/main' into feature/pypi	2025-11-03 06:49:53 -08:00
Hans Ott	6f962a9299	Use Node.js 18 types	2025-11-01 13:09:08 +01:00
Hans Ott	c88b1a624f	Type check safe-chain package	2025-11-01 13:06:06 +01:00
Reinier Criel	f38a12c6d5	Combine certificates	2025-10-30 16:00:32 -07:00
Reinier Criel	8b7784ecc0	Omly pass --cert when using known registry	2025-10-30 12:36:32 -07:00
Reinier Criel	190607de92	Adapt per review	2025-10-27 09:23:47 -07:00
Reinier Criel	d0f2edec0a	Skeleton	2025-10-21 15:25:12 -07:00
Sander Declerck	ea92ea0731	Remove abbrev package	2025-10-10 16:19:38 +02:00
Hans Ott	5518846e96	Update packages/safe-chain/package.json Co-authored-by: Timo Kössler <info@timokoessler.de>	2025-10-10 11:45:34 +02:00
Hans Ott	41ab4b1edb	Use oxlint instead of eslint - Less dev dependencies - Much faster - More helpful output - More sane defaults - Easier config	2025-10-09 18:03:45 +02:00
Sander Declerck	41e88d422e	Add mention of bun everywhere	2025-10-08 16:42:59 +02:00
Sander Declerck	b08b4e2d4e	Wrap bun with safe-chain to block downloads of packages with malware	2025-10-08 16:42:59 +02:00
Sander Declerck	a6980d5108	Add upstream proxy support	2025-10-02 09:06:35 +02:00
Sander Declerck	e2afcb16e3	Implement a proxy blocking tarball requests for packages containing malware.	2025-09-30 13:52:21 +02:00
Sander Declerck	d5cd59fd25	Use strict dependency versions	2025-09-17 14:14:04 +02:00
Sander Declerck	3d75b56ebd	Respect HTTPS_PROXY when fetching malware database.	2025-09-15 13:39:14 +02:00
Sander Declerck	f163101200	Remove @inquirer/prompts, update eslint.	2025-09-15 10:04:49 +02:00
Sander Declerck	dc3ab32078	Implement basic bun security scanner for safe chain	2025-09-05 14:19:02 +02:00
Sander Declerck	7673d32912	Move safe-chain package to packages/safe-chain	2025-09-05 11:19:37 +02:00

36 commits