mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 20:20:49 +00:00
41ab4b1edb
- Less dev dependencies - Much faster - More helpful output - More sane defaults - Easier config
38 lines
1.2 KiB
JavaScript
38 lines
1.2 KiB
JavaScript
// oxlint-disable no-console
|
|
import { auditChanges } from "@aikidosec/safe-chain/scanning";
|
|
|
|
// Bun Security Scanner for Safe-Chain
|
|
// This is the entry point for Bun's native security scanner integration
|
|
|
|
export const scanner = {
|
|
version: "1", // Our scanner is using version 1 of the bun security scanner API.
|
|
|
|
async scan({ packages }) {
|
|
const advisories = [];
|
|
|
|
try {
|
|
const changes = packages.map((pkg) => ({
|
|
name: pkg.name,
|
|
version: pkg.version,
|
|
type: "add",
|
|
}));
|
|
|
|
const audit = await auditChanges(changes);
|
|
|
|
if (!audit.isAllowed) {
|
|
for (const change of audit.disallowedChanges) {
|
|
advisories.push({
|
|
level: "fatal", // Fatal will block the installation process, this is what we want for packages that contain malware.
|
|
package: change.name,
|
|
url: null,
|
|
description: `Package ${change.name}@${change.version} contains known security threats (${change.reason}). Installation blocked by Safe-Chain.`,
|
|
});
|
|
}
|
|
}
|
|
} catch (error) {
|
|
console.warn(`Safe-Chain security scan failed: ${error.message}`);
|
|
}
|
|
|
|
return advisories;
|
|
},
|
|
};
|