@aikidosec/safe-chain 1.0.18 → 1.0.20

package/bin/safe-chain.js

@@ -46,7 +46,7 @@ function writeHelp() {
   ui.writeInformation(
     `- ${chalk.cyan(
       "safe-chain setup"
-    )}: This will setup your shell to wrap safe-chain around npm, npx and yarn.`
+    )}: This will setup your shell to wrap safe-chain around npm, npx, yarn, pnpm and pnpx.`
   );
   ui.writeInformation(
     `- ${chalk.cyan(

package/package.json

@@ -1,15 +1,11 @@
 {
   "name": "@aikidosec/safe-chain",
-  "version": "1.0.18",
+  "version": "1.0.20",
   "scripts": {
     "test": "node --test --experimental-test-module-mocks 'src/**/*.spec.js'",
     "test:watch": "node --test --watch --experimental-test-module-mocks 'src/**/*.spec.js'",
     "lint": "eslint ."
   },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/AikidoSec/safe-chain.git"
-  },
   "bin": {
     "aikido-npm": "bin/aikido-npm.js",
     "aikido-npx": "bin/aikido-npx.js",
@@ -19,6 +15,14 @@
     "safe-chain": "bin/safe-chain.js"
   },
   "type": "module",
+  "exports": {
+    ".": {
+      "default": "./src/main.js"
+    },
+    "./scanning": {
+      "default": "./src/scanning/audit/index.js"
+    }
+  },
   "keywords": [],
   "author": "Aikido Security",
   "license": "AGPL-3.0-or-later",
@@ -31,19 +35,14 @@
     "ora": "^8.2.0",
     "semver": "^7.7.2"
   },
-  "devDependencies": {
-    "@eslint/js": "^9.26.0",
-    "eslint": "^9.26.0",
-    "eslint-plugin-import": "^2.31.0",
-    "globals": "^16.1.0",
-    "typescript-eslint": "^8.32.0"
-  },
-  "main": "eslint.config.js",
+  "main": "src/main.js",
   "bugs": {
     "url": "https://github.com/AikidoSec/safe-chain/issues"
   },
   "homepage": "https://github.com/AikidoSec/safe-chain#readme",
-  "overrides": {
-    "brace-expansion@<=2.0.2": "2.0.2"
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/AikidoSec/safe-chain.git",
+    "directory": "packages/safe-chain"
   }
 }

package/src/packagemanager/pnpm/createPackageManager.js

@@ -13,6 +13,8 @@ export function createPnpmPackageManager() {
       matchesCommand(args, "update") ||
       matchesCommand(args, "upgrade") ||
       matchesCommand(args, "up") ||
+      matchesCommand(args, "install") ||
+      matchesCommand(args, "i") ||
       // dlx does not always come in the first position
       // eg: pnpm --package=yo --package=generator-webapp dlx yo webapp
       // documentation: https://pnpm.io/cli/dlx#--package-name

package/src/shell-integration/supported-shells/bash.js

@@ -3,7 +3,8 @@ import {
   doesExecutableExistOnSystem,
   removeLinesMatchingPattern,
 } from "../helpers.js";
-import { execSync } from "child_process";
+import { execSync, spawnSync } from "child_process";
+import * as os from "os";
 
 const shellName = "Bash";
 const executableName = "bash";
@@ -43,10 +44,12 @@ function setup() {
 
 function getStartupFile() {
   try {
-    return execSync(startupFileCommand, {
+    var path = execSync(startupFileCommand, {
       encoding: "utf8",
       shell: executableName,
     }).trim();
+
+    return windowsFixPath(path);
   } catch (error) {
     throw new Error(
       `Command failed: ${startupFileCommand}. Error: ${error.message}`
@@ -54,6 +57,50 @@ function getStartupFile() {
   }
 }
 
+function windowsFixPath(path) {
+  try {
+    if (os.platform() !== "win32") {
+      return path;
+    }
+
+    // On windows cygwin bash, paths are returned in format /c/user/..., but we need it in format C:\user\...
+    // To convert, the cygpath -w command can be used to convert to the desired format.
+    // Cygpath only exists on Cygwin, so we first check if the command is available.
+    // If it is, we use it to convert the path.
+    if (hasCygpath()) {
+      return cygpathw(path);
+    }
+
+    return path;
+  } catch {
+    return path;
+  }
+}
+
+function hasCygpath() {
+  try {
+    var result = spawnSync("where", ["cygpath"], { shell: executableName });
+    return result.status === 0;
+  } catch {
+    return false;
+  }
+}
+
+function cygpathw(path) {
+  try {
+    var result = spawnSync("cygpath", ["-w", path], {
+      encoding: "utf8",
+      shell: executableName,
+    });
+    if (result.status === 0) {
+      return result.stdout.trim();
+    }
+    return path;
+  } catch {
+    return path;
+  }
+}
+
 export default {
   name: shellName,
   isInstalled,

package/.editorconfig

@@ -1,8 +0,0 @@
-
-[*]
-charset = utf-8
-insert_final_newline = true
-end_of_line = lf
-indent_style = space
-indent_size = 2
-max_line_length = 80

package/eslint.config.js

@@ -1,26 +0,0 @@
-import js from "@eslint/js";
-import { defineConfig, globalIgnores } from "@eslint/config-helpers";
-import globals from "globals";
-import importPlugin from "eslint-plugin-import";
-
-export default defineConfig([
-  {
-    files: ["**/*.{js,mjs,cjs,ts}"],
-    plugins: { js },
-    extends: ["js/recommended"],
-  },
-  {
-    files: ["**/*.{js,mjs,cjs,ts}"],
-    languageOptions: { globals: globals.node },
-  },
-  importPlugin.flatConfigs.recommended,
-  {
-    files: ["**/*.{js,mjs,cjs}"],
-    languageOptions: {
-      ecmaVersion: "latest",
-      sourceType: "module",
-    },
-    rules: {},
-  },
-  globalIgnores(['test/e2e']),
-]);

package/src/packagemanager/npm/parsing/parseNpmInstallDryRunOutput.spec.js

@@ -1,134 +0,0 @@
-import { describe, it } from "node:test";
-import assert from "node:assert";
-import { parseDryRunOutput } from "./parseNpmInstallDryRunOutput.js";
-
-describe("parseNpmInstallDryRunOutput", () => {
-  it("should parse added packages", () => {
-    const output = `
-add @jest/transform 29.7.0
-add @jest/test-result 29.7.0
-add @jest/reporters 29.7.0
-add @jest/console 29.7.0
-add jest-cli 29.7.0
-add import-local 3.2.0
-add @jest/types 29.6.3
-add @jest/core 29.7.0
-add jest 29.7.0
-
-added 267 packages in 831ms
-
-32 packages are looking for funding
-  run \`npm fund\` for details`;
-
-    const expected = [
-      { name: "@jest/transform", version: "29.7.0", type: "add" },
-      { name: "@jest/test-result", version: "29.7.0", type: "add" },
-      { name: "@jest/reporters", version: "29.7.0", type: "add" },
-      { name: "@jest/console", version: "29.7.0", type: "add" },
-      { name: "jest-cli", version: "29.7.0", type: "add" },
-      { name: "import-local", version: "3.2.0", type: "add" },
-      { name: "@jest/types", version: "29.6.3", type: "add" },
-      { name: "@jest/core", version: "29.7.0", type: "add" },
-      { name: "jest", version: "29.7.0", type: "add" },
-    ];
-
-    const result = parseDryRunOutput(output);
-
-    assert.deepEqual(result, expected);
-  });
-
-  it("should parse removed packages", () => {
-    const output = `
-remove react 19.1.0
-
-    removed 1 package in 115ms`;
-
-    const expected = [{ name: "react", version: "19.1.0", type: "remove" }];
-
-    const result = parseDryRunOutput(output);
-
-    assert.deepEqual(result, expected);
-  });
-
-  it("should parse changed packages", () => {
-    const output = `
-change react 19.0.0 => 19.1.0
-
-changed 1 package in 204ms`;
-
-    const expected = [
-      {
-        name: "react",
-        version: "19.1.0",
-        oldVersion: "19.0.0",
-        type: "change",
-      },
-    ];
-
-    const result = parseDryRunOutput(output);
-
-    assert.deepEqual(result, expected);
-  });
-
-  it("should parse mixed package changes", () => {
-    const output = `
-add @jest/transform 29.7.0
-add @jest/test-result 29.7.0
-add @jest/reporters 29.7.0
-add @jest/console 29.7.0
-add jest-cli 29.7.0
-add import-local 3.2.0
-add @jest/types 29.6.3
-add @jest/core 29.7.0
-add jest 29.7.0
-remove react 19.1.0
-change lodash 4.17.0 => 4.18.0
-
-removed 1 package in 115ms`;
-
-    const expected = [
-      { name: "@jest/transform", version: "29.7.0", type: "add" },
-      { name: "@jest/test-result", version: "29.7.0", type: "add" },
-      { name: "@jest/reporters", version: "29.7.0", type: "add" },
-      { name: "@jest/console", version: "29.7.0", type: "add" },
-      { name: "jest-cli", version: "29.7.0", type: "add" },
-      { name: "import-local", version: "3.2.0", type: "add" },
-      { name: "@jest/types", version: "29.6.3", type: "add" },
-      { name: "@jest/core", version: "29.7.0", type: "add" },
-      { name: "jest", version: "29.7.0", type: "add" },
-      { name: "react", version: "19.1.0", type: "remove" },
-      {
-        name: "lodash",
-        version: "4.18.0",
-        oldVersion: "4.17.0",
-        type: "change",
-      },
-    ];
-
-    const result = parseDryRunOutput(output);
-
-    assert.deepEqual(result, expected);
-  });
-
-  it("should work with npm v22.0.0", () => {
-    const output = `
-add  @jest/types                                        29.6.3
-add  @jest/core                                         29.7.0
-add  jest                                               29.7.0
-
-added 257 packages in 791ms
-
-44 packages are looking for funding
-    run \`npm fund\` for details`;
-
-    const expected = [
-      { name: "@jest/types", version: "29.6.3", type: "add" },
-      { name: "@jest/core", version: "29.7.0", type: "add" },
-      { name: "jest", version: "29.7.0", type: "add" },
-    ];
-
-    const result = parseDryRunOutput(output);
-
-    assert.deepEqual(result, expected);
-  });
-});

package/src/packagemanager/npm/parsing/parsePackagesFromInstallArgs.spec.js

@@ -1,184 +0,0 @@
-import { describe, it } from "node:test";
-import assert from "node:assert";
-import { parsePackagesFromInstallArgs } from "./parsePackagesFromInstallArgs.js";
-
-describe("parsePackagesFromInstallArgs", () => {
-  it("should return an empty array for no changes", () => {
-    const args = ["install"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, []);
-  });
-
-  it("should return an array of changes for one package", () => {
-    const args = ["install", "@jest/transform@29.7.0"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [{ name: "@jest/transform", version: "29.7.0" }]);
-  });
-
-  it("should return the package in the format @vercel/otel", () => {
-    const args = ["install", "@vercel/otel"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [{ name: "@vercel/otel", version: "latest" }]);
-  });
-
-  it("should return an array of changes for multiple packages", () => {
-    const args = ["install", "express@4.17.1", "lodash@4.17.21"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [
-      { name: "express", version: "4.17.1" },
-      { name: "lodash", version: "4.17.21" },
-    ]);
-  });
-
-  it("should ignore options and return an array of changes", () => {
-    const args = [
-      "install",
-      "--save-dev",
-      "express@4.17.1",
-      "--save-exact",
-      "lodash@4.17.21",
-    ];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [
-      { name: "express", version: "4.17.1" },
-      { name: "lodash", version: "4.17.21" },
-    ]);
-  });
-
-  it("should ignore options with parameters and return an array of changes", () => {
-    const args = [
-      "install",
-      "--save-dev",
-      "express@4.17.1",
-      "--loglevel",
-      "error",
-      "lodash@4.17.21",
-    ];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [
-      { name: "express", version: "4.17.1" },
-      { name: "lodash", version: "4.17.21" },
-    ]);
-  });
-
-  it("should not ignore the next argument if it is passed directly with the option", () => {
-    const args = [
-      "install",
-      "--save-dev",
-      "express@4.17.1",
-      "--loglevel=error",
-      "lodash@4.17.21",
-    ];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [
-      { name: "express", version: "4.17.1" },
-      { name: "lodash", version: "4.17.21" },
-    ]);
-  });
-
-  it("should set the default tag for packages", () => {
-    const args = ["install", "express", "lodash@4.17.21"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [
-      { name: "express", version: "latest" },
-      { name: "lodash", version: "4.17.21" },
-    ]);
-  });
-
-  it("should set the default tag for packages with a specific tag", () => {
-    const args = ["install", "express", "lodash@4.17.21", "--tag", "beta"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [
-      { name: "express", version: "beta" },
-      { name: "lodash", version: "4.17.21" },
-    ]);
-  });
-
-  it("should ignore alias", () => {
-    const args = ["install", "express@npm:express@4.17.1"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [{ name: "express", version: "4.17.1" }]);
-  });
-
-  it("should parse version even for aliased packages", () => {
-    const args = ["install", "express@npm:express@4.17.1"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [{ name: "express", version: "4.17.1" }]);
-  });
-
-  it("should parse scoped packages", () => {
-    const args = ["install", "@scope/package@1.0.0"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [{ name: "@scope/package", version: "1.0.0" }]);
-  });
-
-  it("should parse packages with version ranges", () => {
-    const args = ["install", "express@^4.17.1"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [{ name: "express", version: "^4.17.1" }]);
-  });
-
-  it("should parse package folders", () => {
-    const args = ["install", "./local-package"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [{ name: "./local-package", version: "latest" }]);
-  });
-
-  it("should parse tarballs", () => {
-    const args = ["install", "file:./local-package.tgz"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [
-      { name: "file:./local-package.tgz", version: "latest" },
-    ]);
-  });
-
-  it("should parse tarball URLs", () => {
-    const args = ["install", "https://example.com/local-package.tgz"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [
-      { name: "https://example.com/local-package.tgz", version: "latest" },
-    ]);
-  });
-
-  it("should parse git URLs", () => {
-    const args = ["install", "git://github.com/npm/cli.git"];
-
-    const result = parsePackagesFromInstallArgs(args);
-
-    assert.deepEqual(result, [
-      { name: "git://github.com/npm/cli.git", version: "latest" },
-    ]);
-  });
-});

package/src/packagemanager/npx/parsing/parsePackagesFromArguments.spec.js

@@ -1,155 +0,0 @@
-import { describe, it } from "node:test";
-import assert from "node:assert";
-import { parsePackagesFromArguments } from "./parsePackagesFromArguments.js";
-
-describe("parsePackagesFromArguments", () => {
-  it("should return an empty array for no changes", () => {
-    const args = [];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, []);
-  });
-
-  it("should return an array of changes for one package", () => {
-    const args = ["http-server@14.1.1"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "14.1.1" }]);
-  });
-
-  it("should return the package in the format @vercel/otel", () => {
-    const args = ["@vercel/otel"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "@vercel/otel", version: "latest" }]);
-  });
-
-  it("should return the package with latest tag if absent", () => {
-    const args = ["http-server"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "latest" }]);
-  });
-
-  it("should ignore double --", () => {
-    const args = ["--", "http-server"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "latest" }]);
-  });
-
-  it("should only return the first package", () => {
-    const args = ["http-server", "jest"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "latest" }]);
-  });
-
-  it("should return package with -p option", () => {
-    const args = ["-p", "http-server"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "latest" }]);
-  });
-
-  it("should return package with --package option", () => {
-    const args = ["--package", "http-server"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "latest" }]);
-  });
-
-  it("should return package with --package=x option", () => {
-    const args = ["--package=http-server"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "latest" }]);
-  });
-
-  it("should return package with --package=x@version option", () => {
-    const args = ["--package=http-server@1.0.0"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "1.0.0" }]);
-  });
-
-  it("should ignore options with parameters and return an array of changes", () => {
-    const args = ["--loglevel", "error", "http-server@14.1.1"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "14.1.1" }]);
-  });
-
-  it("should parse version even for aliased packages", () => {
-    const args = ["server@npm:http-server@14.1.1"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "14.1.1" }]);
-  });
-
-  it("should parse scoped packages", () => {
-    const args = ["@scope/package@1.0.0"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "@scope/package", version: "1.0.0" }]);
-  });
-
-  it("should parse packages with version ranges", () => {
-    const args = ["http-server@^14.1.1"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "http-server", version: "^14.1.1" }]);
-  });
-
-  it("should parse package folders", () => {
-    const args = ["./local-package"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [{ name: "./local-package", version: "latest" }]);
-  });
-
-  it("should parse tarballs", () => {
-    const args = ["file:./local-package.tgz"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [
-      { name: "file:./local-package.tgz", version: "latest" },
-    ]);
-  });
-
-  it("should parse tarball URLs", () => {
-    const args = ["https://example.com/local-package.tgz"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [
-      { name: "https://example.com/local-package.tgz", version: "latest" },
-    ]);
-  });
-
-  it("should parse git URLs", () => {
-    const args = ["git://github.com/http-party/http-server"];
-
-    const result = parsePackagesFromArguments(args);
-
-    assert.deepEqual(result, [
-      { name: "git://github.com/http-party/http-server", version: "latest" },
-    ]);
-  });
-});