mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 12:10:49 +00:00
126 lines
3.1 KiB
Bash
126 lines
3.1 KiB
Bash
if [ -n "${BASH_SOURCE[0]:-}" ]; then
|
|
_sc_script_path="${BASH_SOURCE[0]}"
|
|
elif [ -n "${ZSH_VERSION:-}" ]; then
|
|
# ${(%):-%x} uses Zsh prompt expansion to get the sourced file's path.
|
|
# eval is required so other shells don't try to parse the Zsh-specific syntax.
|
|
eval '_sc_script_path="${(%):-%x}"'
|
|
else
|
|
_sc_script_path="$0"
|
|
fi
|
|
_sc_scripts_dir=$(CDPATH= cd -- "$(dirname -- "$_sc_script_path")" 2>/dev/null && pwd -P)
|
|
_sc_base=$(dirname -- "$_sc_scripts_dir")
|
|
export PATH="$PATH:${_sc_base}/bin"
|
|
unset _sc_base _sc_script_path _sc_scripts_dir
|
|
|
|
function npx() {
|
|
wrapSafeChainCommand "npx" "$@"
|
|
}
|
|
|
|
function yarn() {
|
|
wrapSafeChainCommand "yarn" "$@"
|
|
}
|
|
|
|
function pnpm() {
|
|
wrapSafeChainCommand "pnpm" "$@"
|
|
}
|
|
|
|
function pnpx() {
|
|
wrapSafeChainCommand "pnpx" "$@"
|
|
}
|
|
|
|
function rush() {
|
|
wrapSafeChainCommand "rush" "$@"
|
|
}
|
|
|
|
function rushx() {
|
|
wrapSafeChainCommand "rushx" "$@"
|
|
}
|
|
|
|
function bun() {
|
|
wrapSafeChainCommand "bun" "$@"
|
|
}
|
|
|
|
function bunx() {
|
|
wrapSafeChainCommand "bunx" "$@"
|
|
}
|
|
|
|
function npm() {
|
|
if [[ "$1" == "-v" || "$1" == "--version" ]] && [[ $# -eq 1 ]]; then
|
|
# If args is just -v or --version and nothing else, just run the npm version command
|
|
# This is because nvm uses this to check the version of npm
|
|
command npm "$@"
|
|
return
|
|
fi
|
|
|
|
wrapSafeChainCommand "npm" "$@"
|
|
}
|
|
|
|
function pip() {
|
|
wrapSafeChainCommand "pip" "$@"
|
|
}
|
|
|
|
function pip3() {
|
|
wrapSafeChainCommand "pip3" "$@"
|
|
}
|
|
|
|
function uv() {
|
|
wrapSafeChainCommand "uv" "$@"
|
|
}
|
|
|
|
function uvx() {
|
|
wrapSafeChainCommand "uvx" "$@"
|
|
}
|
|
|
|
function poetry() {
|
|
wrapSafeChainCommand "poetry" "$@"
|
|
}
|
|
|
|
# `python -m pip`, `python -m pip3`.
|
|
function python() {
|
|
wrapSafeChainCommand "python" "$@"
|
|
}
|
|
|
|
# `python3 -m pip`, `python3 -m pip3'.
|
|
function python3() {
|
|
wrapSafeChainCommand "python3" "$@"
|
|
}
|
|
|
|
function pipx() {
|
|
wrapSafeChainCommand "pipx" "$@"
|
|
}
|
|
|
|
function pdm() {
|
|
wrapSafeChainCommand "pdm" "$@"
|
|
}
|
|
|
|
function printSafeChainWarning() {
|
|
# \033[43;30m is used to set the background color to yellow and text color to black
|
|
# \033[0m is used to reset the text formatting
|
|
printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1"
|
|
# \033[36m is used to set the text color to cyan
|
|
printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n"
|
|
}
|
|
|
|
function wrapSafeChainCommand() {
|
|
local original_cmd="$1"
|
|
|
|
if ! type -f "${original_cmd}" > /dev/null 2>&1; then
|
|
# If the original command is not available, don't try to wrap it: invoke it
|
|
# transparently, so the shell can report errors as if this wrapper didn't
|
|
# exist.
|
|
command "$@"
|
|
return $?
|
|
fi
|
|
|
|
if command -v safe-chain > /dev/null 2>&1; then
|
|
# If the aikido command is available, just run it with the provided arguments.
|
|
# Unset PKG_EXECPATH so the yao-pkg bootstrap inside the safe-chain binary doesn't
|
|
# mistake argv[1] for a script path and try to resolve it against cwd.
|
|
(unset PKG_EXECPATH; safe-chain "$@")
|
|
else
|
|
# If the aikido command is not available, print a warning and run the original command
|
|
printSafeChainWarning "$original_cmd"
|
|
|
|
command "$@"
|
|
fi
|
|
}
|