milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1158 commits 61 branches 106 tags 3.3 MiB
Commit graph

19 commits

Author SHA1 Message Date
Stephen Benjamin
14c8abffea Add uvx support 
Add uvx as a supported package manager so that `uvx` commands are
routed through safe-chain's MITM proxy for malware detection, just
like `uv`. Previously, `uvx` bypassed all safe-chain protections.

The uvx package manager reuses the existing uv command runner since
uvx is functionally equivalent to `uv tool run`.

Fixes #268

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-14 10:04:10 -04:00
Reinier Criel
dbc7272fb4 Some cleanup 2025-12-18 10:43:27 +01:00
Reinier Criel
d2fc531c81 Fix tests and add command support 2025-12-18 10:33:31 +01:00
bitterpanda
15cc6ff7fe
Merge pull request #178 from AikidoSec/feature/poetry-2 
Add Poetry support
 2025-12-05 15:56:20 +01:00
Reinier Criel
e211f531c5 Refactor PyPI logic and cleanup 2025-12-04 12:37:59 -08:00
Reinier Criel
4bfc315b57 Skeleton 2025-11-26 14:13:49 -08:00
Reinier Criel
e03bceba88 Some cleanup 2025-11-25 14:37:31 -08:00
Reinier Criel
cab3a0aba3 Add uv (Astral Python package manager) support 
- Add uv package manager implementation following pip pattern
- Configure MITM proxy with CA bundle for PyPI packages
- Add shell integration (bash/zsh/fish/PowerShell)
- Conditional on --include-python flag
- Add 33 comprehensive E2E tests covering:
  - uv pip install/sync/compile commands
  - uv add for project dependencies
  - uv tool install for global tools
  - uv run --with for ephemeral dependencies
  - uv sync for project syncing
  - Malware blocking verification for all methods
- Update documentation and package.json
- Install uv in Docker test environment
 2025-11-25 14:10:20 -08:00
Reinier Criel
28d24bb6ea Another iteration 2025-11-06 10:26:26 -08:00
Reinier Criel
548d416996 Merge remote-tracking branch 'origin/main' into feature/pypi 2025-11-03 06:49:53 -08:00
Hans Ott
ad9551ca6d Improve types and remove async 2025-11-03 11:26:10 +01:00
Hans Ott
484cbcd960 Use @typedef {Object} X 
When you write @typedef {Object} ScanResult, you’re telling both JSDoc and TypeScript’s parser that this typedef represents an object type, not just an abstract name. This is important because it makes tools like IDEs, linters, and TypeScript’s JSDoc inference more reliable. It avoids ambiguity, especially in cases where the typedef might later be confused with something like a primitive, union, or function type. The official TypeScript documentation and the JSDoc spec both show this form as the canonical one for object shapes.
 2025-11-01 13:28:11 +01:00
Hans Ott
c88b1a624f Type check safe-chain package 2025-11-01 13:06:06 +01:00
Reinier Criel
059cba06bc Implement e2e tests 2025-10-23 11:41:13 -07:00
Reinier Criel
1fdb15a392 Fix some border cases 2025-10-23 09:14:05 -07:00
Reinier Criel
f086aeb2be Skeleton 2025-10-22 06:59:32 -07:00
Sander Declerck
8aebb1b96b
Remove dry-run scanner for npm, relying on the proxy to block maliscious package downloads instead 2025-10-10 16:18:43 +02:00
Sander Declerck
43dcba8802
Wrap bun with safe-chain to block downloads of packages with malware 2025-10-08 15:12:06 +02:00
Sander Declerck
7673d32912
Move safe-chain package to packages/safe-chain 2025-09-05 11:19:37 +02:00
Renamed from src/packagemanager/currentPackageManager.js (Browse further)