@aikidosec/safe-chain 1.2.0 → 1.2.2

package/README.md

@@ -1,4 +1,4 @@
-![Aikido Safe Chain](./docs/banner.svg)
+![Aikido Safe Chain](https://raw.githubusercontent.com/AikidoSec/safe-chain/main/docs/banner.svg)
 
 # Aikido Safe Chain
 
@@ -10,7 +10,7 @@
 - ✅ **Blocks packages newer than 24 hours** without breaking your build
 - ✅ **Tokenless, free, no build data shared**
 
-Aikido Safe Chain works on Node.js version 16 and above and supports the following package managers:
+Aikido Safe Chain supports the following package managers:
 
 - 📦 **npm**
 - 📦 **npx**
@@ -29,7 +29,7 @@ Aikido Safe Chain works on Node.js version 16 and above and supports the followi
 
 Installing the Aikido Safe Chain is easy with our one-line installer.
 
-> ⚠️ **Already installed via npm?** See the [migration guide](docs/npm-to-binary-migration.md) to switch to the binary version.
+> ⚠️ **Already installed via npm?** See the [migration guide](https://github.com/AikidoSec/safe-chain/blob/main/docs/npm-to-binary-migration.md) to switch to the binary version.
 
 ### Unix/Linux/macOS
 
@@ -111,7 +111,7 @@ The Aikido Safe Chain integrates with your shell to provide a seamless experienc
 - ✅ **PowerShell**
 - ✅ **PowerShell Core**
 
-More information about the shell integration can be found in the [shell integration documentation](docs/shell-integration.md).
+More information about the shell integration can be found in the [shell integration documentation](https://github.com/AikidoSec/safe-chain/blob/main/docs/shell-integration.md).
 
 ## Uninstallation
 
@@ -182,8 +182,6 @@ You can set the minimum package age through multiple sources (in order of priori
 
 You can protect your CI/CD pipelines from malicious packages by integrating Aikido Safe Chain into your build process. This ensures that any packages installed during your automated builds are checked for malware before installation.
 
-For optimal protection in CI/CD environments, we recommend using **npm >= 10.4.0** as it provides full dependency tree scanning. Other package managers currently offer limited scanning of install command arguments only.
-
 ## Installation for CI/CD
 
 Use the `--ci` flag to automatically configure Aikido Safe Chain for CI/CD environments. This sets up executable shims in the PATH instead of shell aliases.

package/bin/aikido-pip.js

@@ -3,15 +3,12 @@
 import { main } from "../src/main.js";
 import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
 import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
-import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
+import { PIP_PACKAGE_MANAGER, PIP_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
 
 // Set eco system
 setEcoSystem(ECOSYSTEM_PY);
 
-// Set current invocation
-setCurrentPipInvocation(PIP_INVOCATIONS.PIP);
-
-initializePackageManager(PIP_PACKAGE_MANAGER);
+initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PIP_COMMAND, args: process.argv.slice(2) });
 
 (async () => {
   // Pass through only user-supplied pip args

package/bin/aikido-pip3.js

@@ -3,16 +3,12 @@
 import { main } from "../src/main.js";
 import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
 import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
-import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
+import { PIP_PACKAGE_MANAGER, PIP3_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
 
 // Set eco system
 setEcoSystem(ECOSYSTEM_PY);
 
-// Set current invocation
-setCurrentPipInvocation(PIP_INVOCATIONS.PIP3);
-
-// Create package manager
-initializePackageManager(PIP_PACKAGE_MANAGER);
+initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PIP3_COMMAND, args: process.argv.slice(2) });
 
 (async () => {
   // Pass through only user-supplied pip args

package/bin/aikido-python.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
-import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
+import { PIP_PACKAGE_MANAGER, PYTHON_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
 import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
 import { main } from "../src/main.js";
 
@@ -11,20 +11,9 @@ setEcoSystem(ECOSYSTEM_PY);
 // Strip nodejs and wrapper script from args
 let argv = process.argv.slice(2);
 
-(async () => {
-  if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) {
-    setEcoSystem(ECOSYSTEM_PY);
-    setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP);
-    initializePackageManager(PIP_PACKAGE_MANAGER);
-
-    // Strip off the '-m pip' or '-m pip3' from the args
-    argv = argv.slice(2);
+initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PYTHON_COMMAND, args: argv });
 
-    var exitCode = await main(argv);
-    process.exit(exitCode);
-  } else {
-    // Forward to real python binary for non-pip flows
-    const { spawn } = await import('child_process');
-    spawn('python', argv, { stdio: 'inherit' });
-  }
+(async () => {
+  var exitCode = await main(argv);
+  process.exit(exitCode);
 })();

package/bin/aikido-python3.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
-import { setCurrentPipInvocation, PIP_INVOCATIONS, PIP_PACKAGE_MANAGER } from "../src/packagemanager/pip/pipSettings.js";
+import { PIP_PACKAGE_MANAGER, PYTHON3_COMMAND } from "../src/packagemanager/pip/pipSettings.js";
 import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
 import { main } from "../src/main.js";
 
@@ -11,20 +11,9 @@ setEcoSystem(ECOSYSTEM_PY);
 // Strip nodejs and wrapper script from args
 let argv = process.argv.slice(2);
 
-(async () => {
-  if (argv[0] === '-m' && (argv[1] === 'pip' || argv[1] === 'pip3')) {
-    setEcoSystem(ECOSYSTEM_PY);
-    setCurrentPipInvocation(argv[1] === 'pip3' ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP);
-    initializePackageManager(PIP_PACKAGE_MANAGER);
-
-    // Strip off the '-m pip' or '-m pip3' from the args
-    argv = argv.slice(2);
+initializePackageManager(PIP_PACKAGE_MANAGER, { tool: PYTHON3_COMMAND, args: argv });
 
-    var exitCode = await main(argv);
-    process.exit(exitCode);
-  } else {
-    // Forward to real python3 binary for non-pip flows
-    const { spawn } = await import('child_process');
-    spawn('python3', argv, { stdio: 'inherit' });
-  }
+(async () => {
+  var exitCode = await main(argv);
+  process.exit(exitCode);
 })();

package/bin/safe-chain.js

@@ -13,11 +13,6 @@ import path from "path";
 import { fileURLToPath } from "url";
 import fs from "fs";
 import { knownAikidoTools } from "../src/shell-integration/helpers.js";
-import {
-  PIP_INVOCATIONS,
-  PIP_PACKAGE_MANAGER,
-  setCurrentPipInvocation,
-} from "../src/packagemanager/pip/pipSettings.js";
 
 /** @type {string} */
 // This checks the current file's dirname in a way that's compatible with:
@@ -46,15 +41,14 @@ const command = process.argv[2];
 
 const tool = knownAikidoTools.find((tool) => tool.tool === command);
 
-if (tool && tool.internalPackageManagerName === PIP_PACKAGE_MANAGER) {
-  (async function () {
-    await executePip(tool);
-  })();
-} else if (tool) {
+if (tool) {
   const args = process.argv.slice(3);
 
   setEcoSystem(tool.ecoSystem);
-  initializePackageManager(tool.internalPackageManagerName);
+  
+  // Provide tool context to PM (pip uses this; others ignore)
+  const toolContext = { tool: tool.tool, args };
+  initializePackageManager(tool.internalPackageManagerName, toolContext);
 
   (async () => {
     var exitCode = await main(args);
@@ -140,51 +134,3 @@ async function getVersion() {
 
   return "0.0.0";
 }
-
-/**
- * @param {import("../src/shell-integration/helpers.js").AikidoTool} tool
- */
-async function executePip(tool) {
-  // Scanners for pip / pip3 / python / python3 use a slightly different approach:
-  //  - They all use the same PIP_PACKAGE_MANAGER internally, but need some setup to be able to do so
-  //     - It needs to set which tool to run (pip / pip3 / python / python3)
-  //     - For python and python3, the -m pip/pip3 args are removed and later added again by the package manager
-  //  - Python / python3 skips safe-chain if not being run with -m pip or -m pip3
-
-  let args = process.argv.slice(3);
-  setEcoSystem(tool.ecoSystem);
-  initializePackageManager(PIP_PACKAGE_MANAGER);
-
-  let shouldSkip = false;
-  if (tool.tool === "pip") {
-    setCurrentPipInvocation(PIP_INVOCATIONS.PIP);
-  } else if (tool.tool === "pip3") {
-    setCurrentPipInvocation(PIP_INVOCATIONS.PIP3);
-  } else if (tool.tool === "python") {
-    if (args[0] === "-m" && (args[1] === "pip" || args[1] === "pip3")) {
-      setCurrentPipInvocation(
-        args[1] === "pip3" ? PIP_INVOCATIONS.PY_PIP3 : PIP_INVOCATIONS.PY_PIP
-      );
-      args = args.slice(2);
-    } else {
-      shouldSkip = true;
-    }
-  } else if (tool.tool === "python3") {
-    if (args[0] === "-m" && (args[1] === "pip" || args[1] === "pip3")) {
-      setCurrentPipInvocation(
-        args[1] === "pip3" ? PIP_INVOCATIONS.PY3_PIP3 : PIP_INVOCATIONS.PY3_PIP
-      );
-      args = args.slice(2);
-    } else {
-      shouldSkip = true;
-    }
-  }
-
-  if (shouldSkip) {
-    const { spawn } = await import("child_process");
-    spawn(tool.tool, args, { stdio: "inherit" });
-  } else {
-    var exitCode = await main(args);
-    process.exit(exitCode);
-  }
-}

package/docs/npm-to-binary-migration.md

@@ -20,7 +20,7 @@ Depending on the version manager you're using, the uninstall process differs:
    npm uninstall -g @aikidosec/safe-chain
    ```
 
-4. **Install the binary version** (see [Installation](../README.md#installation))
+4. **Install the binary version** (see [Installation](https://github.com/AikidoSec/safe-chain/blob/main/README.md#installation))
 
 ### nvm (Node Version Manager)
 
@@ -51,7 +51,7 @@ Depending on the version manager you're using, the uninstall process differs:
 
    Repeat for each Node version where safe-chain was installed.
 
-4. **Install the binary version** (see [Installation](../README.md#installation))
+4. **Install the binary version** (see [Installation](https://github.com/AikidoSec/safe-chain/blob/main/README.md#installation))
 
 ### Volta
 
@@ -69,7 +69,7 @@ Depending on the version manager you're using, the uninstall process differs:
    volta uninstall @aikidosec/safe-chain
    ```
 
-4. **Install the binary version** (see [Installation](../README.md#installation))
+4. **Install the binary version** (see [Installation](https://github.com/AikidoSec/safe-chain/blob/main/README.md#installation))
 
 ## Troubleshooting
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aikidosec/safe-chain",
-  "version": "1.2.0",
+  "version": "1.2.2",
   "scripts": {
     "test": "node --test --experimental-test-module-mocks 'src/**/*.spec.js'",
     "test:watch": "node --test --watch --experimental-test-module-mocks 'src/**/*.spec.js'",

package/src/packagemanager/currentPackageManager.js

@@ -35,10 +35,11 @@ const state = {
 
 /**
  * @param {string} packageManagerName
+ * @param {{ tool: string, args: string[] }} [context] - Optional tool context for package managers like pip
  *
  * @return {PackageManager}
  */
-export function initializePackageManager(packageManagerName) {
+export function initializePackageManager(packageManagerName, context) {
   if (packageManagerName === "npm") {
     state.packageManagerName = createNpmPackageManager();
   } else if (packageManagerName === "npx") {
@@ -54,7 +55,7 @@ export function initializePackageManager(packageManagerName) {
   } else if (packageManagerName === "bunx") {
     state.packageManagerName = createBunxPackageManager();
   } else if (packageManagerName === "pip") {
-    state.packageManagerName = createPipPackageManager();
+    state.packageManagerName = createPipPackageManager(context);
   } else if (packageManagerName === "uv") {
     state.packageManagerName = createUvPackageManager();
   } else {

package/src/packagemanager/pip/createPackageManager.js

@@ -1,17 +1,21 @@
 import { runPip } from "./runPipCommand.js";
-import { getCurrentPipInvocation } from "./pipSettings.js";
+import { PIP_COMMAND } from "./pipSettings.js";
+
 /**
+ * @param {{ tool: string, args: string[] }} [context] - Optional context with tool name and args
  * @returns {import("../currentPackageManager.js").PackageManager}
  */
-export function createPipPackageManager() {
+export function createPipPackageManager(context) {
+  const tool = context?.tool || PIP_COMMAND;
+
   return {
     /**
      * @param {string[]} args
      */
     runCommand: (args) => {
-      const invocation = getCurrentPipInvocation();
-      const fullArgs = [...invocation.args, ...args];
-      return runPip(invocation.command, fullArgs);
+      // Args from main.js are already stripped of --safe-chain-* flags
+      // We just pass the tool (e.g. "python3") and the args (e.g. ["-m", "pip", "install", ...])
+      return runPip(tool, args);
     },
     // For pip, rely solely on MITM proxy to detect/deny downloads from known registries.
     isSupportedCommand: () => false,

package/src/packagemanager/pip/pipSettings.js

@@ -1,30 +1,6 @@
 export const PIP_PACKAGE_MANAGER = "pip";
 
-// All supported python/pip invocations for Safe Chain interception
-export const PIP_INVOCATIONS = {
-  PIP: { command: "pip", args: [] },
-  PIP3: { command: "pip3", args: [] },
-  PY_PIP: { command: "python", args: ["-m", "pip"] },
-  PY3_PIP: { command: "python3", args: ["-m", "pip"] },
-  PY_PIP3: { command: "python", args: ["-m", "pip3"] },
-  PY3_PIP3: { command: "python3", args: ["-m", "pip3"] }
-};
-
-/**
- * @type {{ command: string, args: string[] }}
- */
-let currentInvocation = PIP_INVOCATIONS.PY3_PIP; // Default to python3 -m pip
-
-/**
- * @param {{ command: string, args: string[] }} invocation
- */
-export function setCurrentPipInvocation(invocation) {
-  currentInvocation = invocation;
-}
-
-/**
- * @returns {{ command: string, args: string[] }}
- */
-export function getCurrentPipInvocation() {
-  return currentInvocation;
-}
+export const PIP_COMMAND = "pip";
+export const PIP3_COMMAND = "pip3";
+export const PYTHON_COMMAND = "python";
+export const PYTHON3_COMMAND = "python3";

package/src/packagemanager/pip/runPipCommand.js

@@ -2,12 +2,31 @@ import { ui } from "../../environment/userInteraction.js";
 import { safeSpawn } from "../../utils/safeSpawn.js";
 import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
 import { getCombinedCaBundlePath } from "../../registryProxy/certBundle.js";
+import { PIP_COMMAND, PIP3_COMMAND, PYTHON_COMMAND, PYTHON3_COMMAND } from "./pipSettings.js";
 import fs from "node:fs/promises";
 import fsSync from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import ini from "ini";
 
+/**
+ * Checks if this pip invocation should bypass safe-chain and spawn directly.
+ * Returns true if the tool is python/python3 but NOT being run with -m pip/pip3.
+ * @param {string} command - The command executable
+ * @param {string[]} args - The arguments
+ * @returns {boolean}
+ */
+function shouldBypassSafeChain(command, args) {
+  if (command === PYTHON_COMMAND || command === PYTHON3_COMMAND) {
+    // Check if args start with -m pip
+    if (args.length >= 2 && args[0] === "-m" && (args[1] === PIP_COMMAND || args[1] === PIP3_COMMAND)) {
+      return false;
+    }
+    return true;
+  }
+  return false;
+}
+
 /**
  * Sets fallback CA bundle environment variables used by Python libraries.
  * These are applied in addition to the PIP_CONFIG_FILE to ensure all Python
@@ -49,11 +68,28 @@ function setFallbackCaBundleEnvironmentVariables(env, combinedCaPath) {
  * Special handling for commands that modify config/cache/state: PIP_CONFIG_FILE is NOT overridden to allow
  * users to read/write persistent config. Only CA environment variables are set for these commands.
  * 
- * @param {string} command - The pip command to execute (e.g., 'pip3')
+ * @param {string} command - The pip command executable (e.g., 'pip3' or 'python3')
  * @param {string[]} args - Command line arguments to pass to pip
  * @returns {Promise<{status: number}>} Exit status of the pip command
  */
 export async function runPip(command, args) {
+  // Check if we should bypass safe-chain (python/python3 without -m pip)
+  if (shouldBypassSafeChain(command, args)) {
+    ui.writeVerbose(`Safe-chain: Bypassing safe-chain for non-pip invocation: ${command} ${args.join(" ")}`);
+    // Spawn the ORIGINAL command with ORIGINAL args
+    const { spawn } = await import("child_process");
+    return new Promise((_resolve) => {
+      const proc = spawn(command, args, { stdio: "inherit" });
+      proc.on("exit", (/** @type {number | null} */ code) => {
+        process.exit(code ?? 0);
+      });
+      proc.on("error", (/** @type {Error} */ err) => {
+        ui.writeError(`Error executing command: ${err.message}`);
+        process.exit(1);
+      });
+    });
+  }
+
   try {
     const env = mergeSafeChainProxyEnvironmentVariables(process.env);
 

package/src/registryProxy/isImdsEndpoint.js

@@ -0,0 +1,13 @@
+// Instance Metadata Service (IMDS) endpoints used by cloud providers.
+// Cloud SDK tools probe these to detect environment and retrieve credentials.
+// When outside cloud environments, connections timeout - we reduce timeout (3s vs 30s)
+// and suppress error logging since this is expected behavior.
+const imdsEndpoints = [
+  "metadata.google.internal",
+  "metadata.goog",
+  "169.254.169.254", // AWS, Azure, Oracle Cloud, GCP
+];
+
+export function isImdsEndpoint(/** @type {string} */ host) {
+  return imdsEndpoints.includes(host);
+}

package/src/registryProxy/tunnelRequestHandler.js

@@ -1,5 +1,9 @@
 import * as net from "net";
 import { ui } from "../environment/userInteraction.js";
+import { isImdsEndpoint } from "./isImdsEndpoint.js";
+
+/** @type {string[]} */
+let timedoutEndpoints = [];
 
 /**
  * @param {import("http").IncomingMessage} req
@@ -37,6 +41,21 @@ export function tunnelRequest(req, clientSocket, head) {
  */
 function tunnelRequestToDestination(req, clientSocket, head) {
   const { port, hostname } = new URL(`http://${req.url}`);
+  const isImds = isImdsEndpoint(hostname);
+
+  if (timedoutEndpoints.includes(hostname)) {
+    clientSocket.end("HTTP/1.1 502 Bad Gateway\r\n\r\n");
+    if (isImds) {
+      ui.writeVerbose(
+        `Safe-chain: Closing connection because previously timedout connect to ${hostname}`
+      );
+    } else {
+      ui.writeError(
+        `Safe-chain: Closing connection because previously timedout connect to ${hostname}`
+      );
+    }
+    return;
+  }
 
   const serverSocket = net.connect(
     Number.parseInt(port) || 443,
@@ -49,6 +68,31 @@ function tunnelRequestToDestination(req, clientSocket, head) {
     }
   );
 
+  // Set explicit connection timeout to avoid waiting for OS default (~2 minutes).
+  // IMDS endpoints get shorter timeout (3s) since they're commonly unreachable outside cloud environments.
+  const connectTimeout = getConnectTimeout(hostname);
+  serverSocket.setTimeout(connectTimeout);
+
+  serverSocket.on("timeout", () => {
+    timedoutEndpoints.push(hostname);
+    // Suppress error logging for IMDS endpoints - timeouts are expected when not in cloud
+    if (isImds) {
+      ui.writeVerbose(
+        `Safe-chain: connect to ${hostname}:${
+          port || 443
+        } timed out after ${connectTimeout}ms`
+      );
+    } else {
+      ui.writeError(
+        `Safe-chain: connect to ${hostname}:${
+          port || 443
+        } timed out after ${connectTimeout}ms`
+      );
+    }
+    serverSocket.destroy(); // Clean up socket to prevent event loop hanging
+    clientSocket.end("HTTP/1.1 502 Bad Gateway\r\n\r\n");
+  });
+
   clientSocket.on("error", () => {
     // This can happen if the client TCP socket sends RST instead of FIN.
     // Not subscribing to 'error' event will cause node to throw and crash.
@@ -58,9 +102,15 @@ function tunnelRequestToDestination(req, clientSocket, head) {
   });
 
   serverSocket.on("error", (err) => {
-    ui.writeError(
-      `Safe-chain: error connecting to ${hostname}:${port} - ${err.message}`
-    );
+    if (isImds) {
+      ui.writeVerbose(
+        `Safe-chain: error connecting to ${hostname}:${port} - ${err.message}`
+      );
+    } else {
+      ui.writeError(
+        `Safe-chain: error connecting to ${hostname}:${port} - ${err.message}`
+      );
+    }
     if (clientSocket.writable) {
       clientSocket.end("HTTP/1.1 502 Bad Gateway\r\n\r\n");
     }
@@ -145,3 +195,15 @@ function tunnelRequestViaProxy(req, clientSocket, head, proxyUrl) {
     }
   });
 }
+
+/**
+ * Returns appropriate connection timeout for a host.
+ * - IMDS endpoints: 3s (fail fast when outside cloud, reduce 5min delay to ~20s)
+ * - Other endpoints: 30s (allow for slow networks while preventing indefinite hangs)
+ */
+function getConnectTimeout(/** @type {string} */ host) {
+  if (isImdsEndpoint(host)) {
+    return 3000;
+  }
+  return 30000;
+}

package/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1

@@ -1,6 +1,6 @@
 # Use cross-platform path separator (: on Unix, ; on Windows)
 $pathSeparator = if ($IsWindows) { ';' } else { ':' }
-$safeChainBin = Join-Path $HOME '.safe-chain' 'bin'
+$safeChainBin = Join-Path (Join-Path $HOME '.safe-chain') 'bin'
 $env:PATH = "$env:PATH$pathSeparator$safeChainBin"
 
 function npx {

package/src/shell-integration/startup-scripts/init-pwsh.ps1

@@ -1,6 +1,6 @@
 # Use cross-platform path separator (: on Unix, ; on Windows)
 $pathSeparator = if ($IsWindows) { ';' } else { ':' }
-$safeChainBin = Join-Path $HOME '.safe-chain' 'bin'
+$safeChainBin = Join-Path (Join-Path $HOME '.safe-chain') 'bin'
 $env:PATH = "$env:PATH$pathSeparator$safeChainBin"
 
 function npx {