@aikidosec/safe-chain 1.1.10 → 1.2.0

package/src/shell-integration/setup-ci.js

@@ -8,6 +8,20 @@ import { fileURLToPath } from "url";
 import { includePython } from "../config/cliArguments.js";
 import { ECOSYSTEM_PY } from "../config/settings.js";
 
+/** @type {string} */
+// This checks the current file's dirname in a way that's compatible with:
+//  - Modulejs (import.meta.url)
+//  - ES modules (__dirname)
+// This is needed because safe-chain's npm package is built using ES modules,
+// but building the binaries requires commonjs.
+let dirname;
+if (import.meta.url) {
+  const filename = fileURLToPath(import.meta.url);
+  dirname = path.dirname(filename);
+} else {
+  dirname = __dirname;
+}
+
 /**
  * Loops over the detected shells and calls the setup function for each.
  */
@@ -19,6 +33,7 @@ export async function setupCi() {
   ui.emptyLine();
 
   const shimsDir = path.join(os.homedir(), ".safe-chain", "shims");
+  const binDir = path.join(os.homedir(), ".safe-chain", "bin");
   // Create the shims directory if it doesn't exist
   if (!fs.existsSync(shimsDir)) {
     fs.mkdirSync(shimsDir, { recursive: true });
@@ -26,7 +41,7 @@ export async function setupCi() {
 
   createShims(shimsDir);
   ui.writeInformation(`Created shims in ${shimsDir}`);
-  modifyPathForCi(shimsDir);
+  modifyPathForCi(shimsDir, binDir);
   ui.writeInformation(`Added shims directory to PATH for CI environments.`);
 }
 
@@ -37,10 +52,8 @@ export async function setupCi() {
  */
 function createUnixShims(shimsDir) {
   // Read the template file
-  const __filename = fileURLToPath(import.meta.url);
-  const __dirname = path.dirname(__filename);
   const templatePath = path.resolve(
-    __dirname,
+    dirname,
     "path-wrappers",
     "templates",
     "unix-wrapper.template.sh"
@@ -78,10 +91,8 @@ function createUnixShims(shimsDir) {
  */
 function createWindowsShims(shimsDir) {
   // Read the template file
-  const __filename = fileURLToPath(import.meta.url);
-  const __dirname = path.dirname(__filename);
   const templatePath = path.resolve(
-    __dirname,
+    dirname,
     "path-wrappers",
     "templates",
     "windows-wrapper.template.cmd"
@@ -124,13 +135,18 @@ function createShims(shimsDir) {
 
 /**
  * @param {string} shimsDir
+ * @param {string} binDir
  *
  * @returns {void}
  */
-function modifyPathForCi(shimsDir) {
+function modifyPathForCi(shimsDir, binDir) {
   if (process.env.GITHUB_PATH) {
     // In GitHub Actions, append the shims directory to GITHUB_PATH
-    fs.appendFileSync(process.env.GITHUB_PATH, shimsDir + os.EOL, "utf-8");
+    fs.appendFileSync(
+      process.env.GITHUB_PATH,
+      shimsDir + os.EOL + binDir + os.EOL,
+      "utf-8"
+    );
     ui.writeInformation(
       `Added shims directory to GITHUB_PATH for GitHub Actions.`
     );
@@ -141,6 +157,7 @@ function modifyPathForCi(shimsDir) {
     //  ##vso[task.prependpath]/path/to/add
     // Logging this to stdout will cause the Azure Pipelines agent to pick it up
     ui.writeInformation("##vso[task.prependpath]" + shimsDir);
+    ui.writeInformation("##vso[task.prependpath]" + binDir);
   }
 }
 

package/src/shell-integration/setup.js

@@ -5,8 +5,22 @@ import { knownAikidoTools, getPackageManagerList } from "./helpers.js";
 import fs from "fs";
 import os from "os";
 import path from "path";
-import { fileURLToPath } from "url";
 import { includePython } from "../config/cliArguments.js";
+import { fileURLToPath } from "url";
+
+/** @type {string} */
+// This checks the current file's dirname in a way that's compatible with:
+//  - Modulejs (import.meta.url)
+//  - ES modules (__dirname)
+// This is needed because safe-chain's npm package is built using ES modules,
+// but building the binaries requires commonjs.
+let dirname;
+if (import.meta.url) {
+  const filename = fileURLToPath(import.meta.url);
+  dirname = path.dirname(filename);
+} else {
+  dirname = __dirname;
+}
 
 /**
  * Loops over the detected shells and calls the setup function for each.
@@ -103,10 +117,8 @@ function copyStartupFiles() {
     }
 
     // Use absolute path for source
-    const __filename = fileURLToPath(import.meta.url);
-    const __dirname = path.dirname(__filename);
-    const sourcePath = path.resolve(
-      __dirname,
+    const sourcePath = path.join(
+      dirname,
       includePython() ? "startup-scripts/include-python" : "startup-scripts",
       file
     );

package/src/shell-integration/startup-scripts/include-python/init-fish.fish

@@ -1,57 +1,27 @@
-function printSafeChainWarning
-    set original_cmd $argv[1]
-    
-    # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
-    set_color -b yellow black
-    printf "Warning:"
-    set_color normal
-    printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
-    
-    # Cyan text for the install command
-    printf "Install safe-chain by using "
-    set_color cyan
-    printf "npm install -g @aikidosec/safe-chain"
-    set_color normal
-    printf ".\n"
-end
-
-function wrapSafeChainCommand
-    set original_cmd $argv[1]
-    set aikido_cmd $argv[2]
-    set cmd_args $argv[3..-1]
-    
-    if type -q $aikido_cmd
-        # If the aikido command is available, just run it with the provided arguments
-        $aikido_cmd $cmd_args
-    else
-        # If the aikido command is not available, print a warning and run the original command
-        printSafeChainWarning $original_cmd
-        command $original_cmd $cmd_args
-    end
-end
+set -gx PATH $PATH $HOME/.safe-chain/bin
 
 function npx
-    wrapSafeChainCommand "npx" "aikido-npx" $argv
+    wrapSafeChainCommand "npx" $argv
 end
 
 function yarn
-    wrapSafeChainCommand "yarn" "aikido-yarn" $argv
+    wrapSafeChainCommand "yarn" $argv
 end
 
 function pnpm
-    wrapSafeChainCommand "pnpm" "aikido-pnpm" $argv
+    wrapSafeChainCommand "pnpm" $argv
 end
 
 function pnpx
-    wrapSafeChainCommand "pnpx" "aikido-pnpx" $argv
+    wrapSafeChainCommand "pnpx" $argv
 end
 
 function bun
-    wrapSafeChainCommand "bun" "aikido-bun" $argv
+    wrapSafeChainCommand "bun" $argv
 end
 
 function bunx
-    wrapSafeChainCommand "bunx" "aikido-bunx" $argv
+    wrapSafeChainCommand "bunx" $argv
 end
 
 function npm
@@ -66,27 +36,59 @@ function npm
         end
     end
 
-    wrapSafeChainCommand "npm" "aikido-npm" $argv
+    wrapSafeChainCommand "npm" $argv
 end
 
+
 function pip
-    wrapSafeChainCommand "pip" "aikido-pip" $argv
+    wrapSafeChainCommand "pip" $argv
 end
 
 function pip3
-    wrapSafeChainCommand "pip3" "aikido-pip3" $argv
+    wrapSafeChainCommand "pip3" $argv
 end
 
 function uv
-    wrapSafeChainCommand "uv" "aikido-uv" $argv
+    wrapSafeChainCommand "uv" $argv
 end
 
 # `python -m pip`, `python -m pip3`.
 function python
-    wrapSafeChainCommand "python" "aikido-python" $argv
+    wrapSafeChainCommand "python" $argv
 end
 
 # `python3 -m pip`, `python3 -m pip3'.
 function python3
-    wrapSafeChainCommand "python3" "aikido-python3" $argv
+    wrapSafeChainCommand "python3" $argv
+end
+
+function printSafeChainWarning
+    set original_cmd $argv[1]
+    
+    # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
+    set_color -b yellow black
+    printf "Warning:"
+    set_color normal
+    printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
+    
+    # Cyan text for the install command
+    printf "Install safe-chain by using "
+    set_color cyan
+    printf "npm install -g @aikidosec/safe-chain"
+    set_color normal
+    printf ".\n"
+end
+
+function wrapSafeChainCommand
+    set original_cmd $argv[1]
+    set cmd_args $argv[2..-1]
+
+    if type -q safe-chain
+        # If the safe-chain command is available, just run it with the provided arguments
+        safe-chain $original_cmd $cmd_args
+    else
+        # If the safe-chain command is not available, print a warning and run the original command
+        printSafeChainWarning $original_cmd
+        command $original_cmd $cmd_args
+    end
 end

package/src/shell-integration/startup-scripts/include-python/init-posix.sh

@@ -1,53 +1,27 @@
-
-function printSafeChainWarning() {
-  # \033[43;30m is used to set the background color to yellow and text color to black
-  # \033[0m is used to reset the text formatting
-  printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1"
-  # \033[36m is used to set the text color to cyan
-  printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n"
-}
-
-function wrapSafeChainCommand() {
-  local original_cmd="$1"
-  local aikido_cmd="$2"
-
-  # Remove the first 2 arguments (original_cmd and aikido_cmd) from $@
-  # so that "$@" now contains only the arguments passed to the original command
-  shift 2
-
-  if command -v "$aikido_cmd" > /dev/null 2>&1; then
-    # If the aikido command is available, just run it with the provided arguments
-    "$aikido_cmd" "$@"
-  else
-    # If the aikido command is not available, print a warning and run the original command
-    printSafeChainWarning "$original_cmd"
-
-    command "$original_cmd" "$@"
-  fi
-}
+export PATH="$PATH:$HOME/.safe-chain/bin"
 
 function npx() {
-  wrapSafeChainCommand "npx" "aikido-npx" "$@"
+  wrapSafeChainCommand "npx" "$@"
 }
 
 function yarn() {
-  wrapSafeChainCommand "yarn" "aikido-yarn" "$@"
+  wrapSafeChainCommand "yarn" "$@"
 }
 
 function pnpm() {
-  wrapSafeChainCommand "pnpm" "aikido-pnpm" "$@"
+  wrapSafeChainCommand "pnpm" "$@"
 }
 
 function pnpx() {
-  wrapSafeChainCommand "pnpx" "aikido-pnpx" "$@"
+  wrapSafeChainCommand "pnpx" "$@"
 }
 
 function bun() {
-  wrapSafeChainCommand "bun" "aikido-bun" "$@"
+  wrapSafeChainCommand "bun" "$@"
 }
 
 function bunx() {
-  wrapSafeChainCommand "bunx" "aikido-bunx" "$@"
+  wrapSafeChainCommand "bunx" "$@"
 }
 
 function npm() {
@@ -58,27 +32,50 @@ function npm() {
     return
   fi
 
-  wrapSafeChainCommand "npm" "aikido-npm" "$@"
+  wrapSafeChainCommand "npm" "$@"
 }
 
+
 function pip() {
-  wrapSafeChainCommand "pip" "aikido-pip" "$@"
+  wrapSafeChainCommand "pip" "$@"
 }
 
 function pip3() {
-  wrapSafeChainCommand "pip3" "aikido-pip3" "$@"
+  wrapSafeChainCommand "pip3" "$@"
 }
 
 function uv() {
-  wrapSafeChainCommand "uv" "aikido-uv" "$@"
+  wrapSafeChainCommand "uv" "$@"
 }
 
 # `python -m pip`, `python -m pip3`.
 function python() {
-  wrapSafeChainCommand "python" "aikido-python" "$@"
+  wrapSafeChainCommand "python" "$@"
 }
 
 # `python3 -m pip`, `python3 -m pip3'.
 function python3() {
-  wrapSafeChainCommand "python3" "aikido-python3" "$@"
+  wrapSafeChainCommand "python3" "$@"
+}
+
+function printSafeChainWarning() {
+  # \033[43;30m is used to set the background color to yellow and text color to black
+  # \033[0m is used to reset the text formatting
+  printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. %s will run without it.\n" "$1"
+  # \033[36m is used to set the text color to cyan
+  printf "Install safe-chain by using \033[36mnpm install -g @aikidosec/safe-chain\033[0m.\n"
+}
+
+function wrapSafeChainCommand() {
+  local original_cmd="$1"
+
+  if command -v safe-chain > /dev/null 2>&1; then
+    # If the aikido command is available, just run it with the provided arguments
+    safe-chain "$@"
+  else
+    # If the aikido command is not available, print a warning and run the original command
+    printSafeChainWarning "$original_cmd"
+
+    command "$original_cmd" "$@"
+  fi
 }

package/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1

@@ -1,3 +1,66 @@
+# Use cross-platform path separator (: on Unix, ; on Windows)
+$pathSeparator = if ($IsWindows) { ';' } else { ':' }
+$safeChainBin = Join-Path $HOME '.safe-chain' 'bin'
+$env:PATH = "$env:PATH$pathSeparator$safeChainBin"
+
+function npx {
+    Invoke-WrappedCommand "npx" $args
+}
+
+function yarn {
+    Invoke-WrappedCommand "yarn" $args
+}
+
+function pnpm {
+    Invoke-WrappedCommand "pnpm" $args
+}
+
+function pnpx {
+    Invoke-WrappedCommand "pnpx" $args
+}
+
+function bun {
+    Invoke-WrappedCommand "bun" $args
+}
+
+function bunx {
+    Invoke-WrappedCommand "bunx" $args
+}
+
+function npm {
+    # If args is just -v or --version and nothing else, just run the npm version command
+    # This is because nvm uses this to check the version of npm
+    if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
+        Invoke-RealCommand "npm" $args
+        return
+    }
+
+    Invoke-WrappedCommand "npm" $args
+}
+
+function pip {
+    Invoke-WrappedCommand "pip" $args
+}
+
+function pip3 {
+    Invoke-WrappedCommand "pip3" $args
+}
+
+function uv {
+    Invoke-WrappedCommand "uv" $args
+}
+
+# `python -m pip`, `python -m pip3`.
+function python {
+    Invoke-WrappedCommand 'python' $args
+}
+
+# `python3 -m pip`, `python3 -m pip3'.
+function python3 {
+    Invoke-WrappedCommand 'python3' $args
+}
+
+
 function Write-SafeChainWarning {
     param([string]$Command)
     
@@ -39,73 +102,14 @@ function Invoke-RealCommand {
 function Invoke-WrappedCommand {
     param(
         [string]$OriginalCmd,
-        [string]$AikidoCmd,
         [string[]]$Arguments
     )
 
-    if (Test-CommandAvailable $AikidoCmd) {
-        & $AikidoCmd @Arguments
+    if (Test-CommandAvailable "safe-chain") {
+        & safe-chain $OriginalCmd @Arguments
     }
     else {
         Write-SafeChainWarning $OriginalCmd
         Invoke-RealCommand $OriginalCmd $Arguments
     }
 }
-
-function npx {
-    Invoke-WrappedCommand "npx" "aikido-npx" $args
-}
-
-function yarn {
-    Invoke-WrappedCommand "yarn" "aikido-yarn" $args
-}
-
-function pnpm {
-    Invoke-WrappedCommand "pnpm" "aikido-pnpm" $args
-}
-
-function pnpx {
-    Invoke-WrappedCommand "pnpx" "aikido-pnpx" $args
-}
-
-function bun {
-    Invoke-WrappedCommand "bun" "aikido-bun" $args
-}
-
-function bunx {
-    Invoke-WrappedCommand "bunx" "aikido-bunx" $args
-}
-
-function npm {
-    # If args is just -v or --version and nothing else, just run the npm version command
-    # This is because nvm uses this to check the version of npm
-    if (($args.Length -eq 1) -and (($args[0] -eq "-v") -or ($args[0] -eq "--version"))) {
-        Invoke-RealCommand "npm" $args
-        return
-    }
-    
-    Invoke-WrappedCommand "npm" "aikido-npm" $args
-}
-
-function pip {
-    Invoke-WrappedCommand "pip" "aikido-pip" $args
-}
-
-function pip3 {
-    Invoke-WrappedCommand "pip3" "aikido-pip3" $args
-}
-
-function uv {
-    Invoke-WrappedCommand "uv" "aikido-uv" $args
-}
-
-# `python -m pip`, `python -m pip3`.
-function python {
-    Invoke-WrappedCommand 'python' 'aikido-python' $args
-}
-
-# `python3 -m pip`, `python3 -m pip3'.
-function python3 {
-    Invoke-WrappedCommand 'python3' 'aikido-python3' $args
-}
-

package/src/shell-integration/startup-scripts/init-fish.fish

@@ -1,57 +1,27 @@
-function printSafeChainWarning
-    set original_cmd $argv[1]
-    
-    # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
-    set_color -b yellow black
-    printf "Warning:"
-    set_color normal
-    printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
-    
-    # Cyan text for the install command
-    printf "Install safe-chain by using "
-    set_color cyan
-    printf "npm install -g @aikidosec/safe-chain"
-    set_color normal
-    printf ".\n"
-end
-
-function wrapSafeChainCommand
-    set original_cmd $argv[1]
-    set aikido_cmd $argv[2]
-    set cmd_args $argv[3..-1]
-    
-    if type -q $aikido_cmd
-        # If the aikido command is available, just run it with the provided arguments
-        $aikido_cmd $cmd_args
-    else
-        # If the aikido command is not available, print a warning and run the original command
-        printSafeChainWarning $original_cmd
-        command $original_cmd $cmd_args
-    end
-end
+set -gx PATH $PATH $HOME/.safe-chain/bin
 
 function npx
-    wrapSafeChainCommand "npx" "aikido-npx" $argv
+    wrapSafeChainCommand "npx" $argv
 end
 
 function yarn
-    wrapSafeChainCommand "yarn" "aikido-yarn" $argv
+    wrapSafeChainCommand "yarn" $argv
 end
 
 function pnpm
-    wrapSafeChainCommand "pnpm" "aikido-pnpm" $argv
+    wrapSafeChainCommand "pnpm" $argv
 end
 
 function pnpx
-    wrapSafeChainCommand "pnpx" "aikido-pnpx" $argv
+    wrapSafeChainCommand "pnpx" $argv
 end
 
 function bun
-    wrapSafeChainCommand "bun" "aikido-bun" $argv
+    wrapSafeChainCommand "bun" $argv
 end
 
 function bunx
-    wrapSafeChainCommand "bunx" "aikido-bunx" $argv
+    wrapSafeChainCommand "bunx" $argv
 end
 
 function npm
@@ -66,5 +36,36 @@ function npm
         end
     end
 
-    wrapSafeChainCommand "npm" "aikido-npm" $argv
+    wrapSafeChainCommand "npm" $argv
+end
+
+function printSafeChainWarning
+    set original_cmd $argv[1]
+    
+    # Fish equivalent of ANSI color codes: yellow background, black text for "Warning:"
+    set_color -b yellow black
+    printf "Warning:"
+    set_color normal
+    printf " safe-chain is not available to protect you from installing malware. %s will run without it.\n" $original_cmd
+    
+    # Cyan text for the install command
+    printf "Install safe-chain by using "
+    set_color cyan
+    printf "npm install -g @aikidosec/safe-chain"
+    set_color normal
+    printf ".\n"
+end
+
+function wrapSafeChainCommand
+    set original_cmd $argv[1]
+    set cmd_args $argv[2..-1]
+
+    if type -q safe-chain
+        # If the safe-chain command is available, just run it with the provided arguments
+        safe-chain $original_cmd $cmd_args
+    else
+        # If the safe-chain command is not available, print a warning and run the original command
+        printSafeChainWarning $original_cmd
+        command $original_cmd $cmd_args
+    end
 end