@aikidosec/safe-chain 1.2.2 → 1.2.4

package/README.md

@@ -22,6 +22,7 @@ Aikido Safe Chain supports the following package managers:
 - 📦 **pip** (beta)
 - 📦 **pip3** (beta)
 - 📦 **uv** (beta)
+- 📦 **poetry** (beta)
 
 # Usage
 
@@ -81,7 +82,7 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
 
    - The output should show that Aikido Safe Chain is blocking the installation of these test packages as they are flagged as malware.
 
-When running `npm`, `npx`, `yarn`, `pnpm`, `pnpx`, `bun`, `bunx`, `uv`, `pip`, or `pip3` commands, the Aikido Safe Chain will automatically check for malware in the packages you are trying to install. It also intercepts Python module invocations for pip when available (e.g., `python -m pip install ...`, `python3 -m pip download ...`). If any malware is detected, it will prompt you to exit the command.
+When running `npm`, `npx`, `yarn`, `pnpm`, `pnpx`, `bun`, `bunx`, `uv`, `pip`, `pip3` or `poetry` commands, the Aikido Safe Chain will automatically check for malware in the packages you are trying to install. It also intercepts Python module invocations for pip when available (e.g., `python -m pip install ...`, `python3 -m pip download ...`). If any malware is detected, it will prompt you to exit the command.
 
 You can check the installed version by running:
 
@@ -93,13 +94,13 @@ safe-chain --version
 
 ### Malware Blocking
 
-The Aikido Safe Chain works by running a lightweight proxy server that intercepts package downloads from the npm registry and PyPI. When you run npm, npx, yarn, pnpm, pnpx, bun, bunx, uv, `pip`, or `pip3` commands, all package downloads are routed through this local proxy, which verifies packages in real-time against **[Aikido Intel - Open Sources Threat Intelligence](https://intel.aikido.dev/?tab=malware)**. If malware is detected in any package (including deep dependencies), the proxy blocks the download before the malicious code reaches your machine.
+The Aikido Safe Chain works by running a lightweight proxy server that intercepts package downloads from the npm registry and PyPI. When you run npm, npx, yarn, pnpm, pnpx, bun, bunx, uv, pip, pip3 or poetry commands, all package downloads are routed through this local proxy, which verifies packages in real-time against **[Aikido Intel - Open Sources Threat Intelligence](https://intel.aikido.dev/?tab=malware)**. If malware is detected in any package (including deep dependencies), the proxy blocks the download before the malicious code reaches your machine.
 
 ### Minimum package age (npm only)
 
 For npm packages, Safe Chain temporarily suppresses packages published within the last 24 hours (by default) until they have been validated against malware. This provides an additional security layer during the critical period when newly published packages are most vulnerable to containing undetected threats. You can configure this threshold or bypass this protection entirely - see the [Minimum Package Age Configuration](#minimum-package-age) section below.
 
-⚠️ This feature **only applies to npm-based package managers** (npm, npx, yarn, pnpm, pnpx, bun, bunx) and does not apply to Python package managers (uv, pip, pip3).
+⚠️ This feature **only applies to npm-based package managers** (npm, npx, yarn, pnpm, pnpx, bun, bunx) and does not apply to Python package managers (uv, pip, pip3, poetry).
 
 ### Shell Integration
 
@@ -115,17 +116,21 @@ More information about the shell integration can be found in the [shell integrat
 
 ## Uninstallation
 
-To uninstall the Aikido Safe Chain, you can run the following command:
+To uninstall the Aikido Safe Chain, use our one-line uninstaller:
 
-1. **Remove all aliases from your shell** by running:
-   ```shell
-   safe-chain teardown
-   ```
-2. **Uninstall the Aikido Safe Chain package** using npm:
-   ```shell
-   npm uninstall -g @aikidosec/safe-chain
-   ```
-3. **❗Restart your terminal** to remove the aliases.
+### Unix/Linux/macOS
+
+```shell
+curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/uninstall-safe-chain.sh | sh
+```
+
+### Windows (PowerShell)
+
+```powershell
+iex (iwr "https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/uninstall-safe-chain.ps1" -UseBasicParsing)
+```
+
+**❗Restart your terminal** after uninstalling to ensure all aliases are removed.
 
 # Configuration
 
@@ -235,7 +240,7 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
   run: npm ci
 ```
 
-> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv) support.
+> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv/poetry) support.
 
 ## Azure DevOps Example
 
@@ -252,6 +257,6 @@ iex "& { $(iwr 'https://raw.githubusercontent.com/AikidoSec/safe-chain/main/inst
   displayName: "Install dependencies"
 ```
 
-> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv) support.
+> **Note:** Remove `--include-python` if you don't need Python (pip/pip3/uv/poetry) support.
 
 After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.

package/bin/aikido-poetry.js

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+
+import { main } from "../src/main.js";
+import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
+import { setEcoSystem, ECOSYSTEM_PY } from "../src/config/settings.js";
+
+setEcoSystem(ECOSYSTEM_PY);
+initializePackageManager("poetry");
+
+(async () => {
+  var exitCode = await main(process.argv.slice(2));
+  process.exit(exitCode);
+})();

package/bin/safe-chain.js

@@ -3,7 +3,7 @@
 import chalk from "chalk";
 import { ui } from "../src/environment/userInteraction.js";
 import { setup } from "../src/shell-integration/setup.js";
-import { teardown } from "../src/shell-integration/teardown.js";
+import { teardown, teardownDirectories } from "../src/shell-integration/teardown.js";
 import { setupCi } from "../src/shell-integration/setup-ci.js";
 import { initializeCliArguments } from "../src/config/cliArguments.js";
 import { setEcoSystem } from "../src/config/settings.js";
@@ -60,6 +60,7 @@ if (tool) {
 } else if (command === "setup") {
   setup();
 } else if (command === "teardown") {
+  teardownDirectories();
   teardown();
 } else if (command === "setup-ci") {
   setupCi();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aikidosec/safe-chain",
-  "version": "1.2.2",
+  "version": "1.2.4",
   "scripts": {
     "test": "node --test --experimental-test-module-mocks 'src/**/*.spec.js'",
     "test:watch": "node --test --watch --experimental-test-module-mocks 'src/**/*.spec.js'",
@@ -20,6 +20,7 @@
     "aikido-pip3": "bin/aikido-pip3.js",
     "aikido-python": "bin/aikido-python.js",
     "aikido-python3": "bin/aikido-python3.js",
+    "aikido-poetry": "bin/aikido-poetry.js",
     "safe-chain": "bin/safe-chain.js"
   },
   "type": "module",

package/src/config/configFile.js

@@ -67,7 +67,7 @@ function validateMinimumPackageAgeHours(value) {
  */
 export function getMinimumPackageAgeHours() {
   const config = readConfigFile();
-  if (config.minimumPackageAgeHours) {
+  if (config.minimumPackageAgeHours !== undefined) {
     const validated = validateMinimumPackageAgeHours(
       config.minimumPackageAgeHours
     );

package/src/config/settings.js

@@ -81,7 +81,7 @@ function validateMinimumPackageAgeHours(value) {
     return undefined;
   }
 
-  if (numericValue > 0) {
+  if (numericValue >= 0) {
     return numericValue;
   }
 

package/src/main.js

@@ -23,6 +23,7 @@ export async function main(args) {
   process.on("uncaughtException", (error) => {
     ui.writeError(`Safe-chain: Uncaught exception: ${error.message}`);
     ui.writeVerbose(`Stack trace: ${error.stack}`);
+    ui.writeBufferedLogsAndStopBuffering();
     process.exit(1);
   });
 
@@ -31,6 +32,7 @@ export async function main(args) {
     if (reason instanceof Error) {
       ui.writeVerbose(`Stack trace: ${reason.stack}`);
     }
+    ui.writeBufferedLogsAndStopBuffering();
     process.exit(1);
   });
 
@@ -64,8 +66,7 @@ export async function main(args) {
 
     const auditStats = getAuditStats();
     if (auditStats.totalPackages > 0) {
-      ui.emptyLine();
-      ui.writeInformation(
+      ui.writeVerbose(
         `${chalk.green("✔")} Safe-chain: Scanned ${
           auditStats.totalPackages
         } packages, no malware found.`
@@ -90,6 +91,7 @@ export async function main(args) {
     return packageManagerResult.status;
   } catch (/** @type any */ error) {
     ui.writeError("Failed to check for malicious packages:", error.message);
+    ui.writeBufferedLogsAndStopBuffering();
 
     // Returning the exit code back to the caller allows the promise
     //  to be awaited in the bin files and return the correct exit code

package/src/packagemanager/currentPackageManager.js

@@ -11,6 +11,7 @@ import {
 import { createYarnPackageManager } from "./yarn/createPackageManager.js";
 import { createPipPackageManager } from "./pip/createPackageManager.js";
 import { createUvPackageManager } from "./uv/createUvPackageManager.js";
+import { createPoetryPackageManager } from "./poetry/createPoetryPackageManager.js";
 
 /**
  * @type {{packageManagerName: PackageManager | null}}
@@ -58,6 +59,8 @@ export function initializePackageManager(packageManagerName, context) {
     state.packageManagerName = createPipPackageManager(context);
   } else if (packageManagerName === "uv") {
     state.packageManagerName = createUvPackageManager();
+  } else if (packageManagerName === "poetry") {
+    state.packageManagerName = createPoetryPackageManager();
   } else {
     throw new Error("Unsupported package manager: " + packageManagerName);
   }

package/src/packagemanager/pip/runPipCommand.js

@@ -8,6 +8,7 @@ import fsSync from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import ini from "ini";
+import { spawn } from "child_process";
 
 /**
  * Checks if this pip invocation should bypass safe-chain and spawn directly.
@@ -16,7 +17,7 @@ import ini from "ini";
  * @param {string[]} args - The arguments
  * @returns {boolean}
  */
-function shouldBypassSafeChain(command, args) {
+export function shouldBypassSafeChain(command, args) {
   if (command === PYTHON_COMMAND || command === PYTHON3_COMMAND) {
     // Check if args start with -m pip
     if (args.length >= 2 && args[0] === "-m" && (args[1] === PIP_COMMAND || args[1] === PIP3_COMMAND)) {
@@ -77,14 +78,16 @@ export async function runPip(command, args) {
   if (shouldBypassSafeChain(command, args)) {
     ui.writeVerbose(`Safe-chain: Bypassing safe-chain for non-pip invocation: ${command} ${args.join(" ")}`);
     // Spawn the ORIGINAL command with ORIGINAL args
-    const { spawn } = await import("child_process");
     return new Promise((_resolve) => {
       const proc = spawn(command, args, { stdio: "inherit" });
       proc.on("exit", (/** @type {number | null} */ code) => {
+        ui.writeVerbose(`${command} ${args.join(" ")} exited with status ${code}`);
+        ui.writeBufferedLogsAndStopBuffering();
         process.exit(code ?? 0);
       });
       proc.on("error", (/** @type {Error} */ err) => {
         ui.writeError(`Error executing command: ${err.message}`);
+        ui.writeBufferedLogsAndStopBuffering();
         process.exit(1);
       });
     });
@@ -93,7 +96,7 @@ export async function runPip(command, args) {
   try {
     const env = mergeSafeChainProxyEnvironmentVariables(process.env);
 
-    // Always provide Python with a complete CA bundle (Safe Chain CA + Mozilla + Node built-in roots)
+    // Always provide Python with a complete CA bundle (Safe Chain CA + Mozilla + Node built-in roots + user certs)
     // so that any network request made by pip, including those outside explicit CLI args,
     // validates correctly under both MITM'd and tunneled HTTPS.
     const combinedCaPath = getCombinedCaBundlePath();

package/src/packagemanager/poetry/createPoetryPackageManager.js

@@ -0,0 +1,77 @@
+import { ui } from "../../environment/userInteraction.js";
+import { safeSpawn } from "../../utils/safeSpawn.js";
+import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
+import { getCombinedCaBundlePath } from "../../registryProxy/certBundle.js";
+
+/**
+ * @returns {import("../currentPackageManager.js").PackageManager}
+ */
+export function createPoetryPackageManager() {
+  return {
+    runCommand: (args) => runPoetryCommand(args),
+
+    // MITM only approach for Poetry
+    isSupportedCommand: () => false,
+    getDependencyUpdatesForCommand: () => [],
+  };
+}
+
+/**
+ * Sets CA bundle environment variables used by Poetry and Python libraries.
+ * Poetry uses the Python requests library which respects these environment variables.
+ * 
+ * @param {NodeJS.ProcessEnv} env - Environment object to modify
+ * @param {string} combinedCaPath - Path to the combined CA bundle
+ */
+function setPoetryCaBundleEnvironmentVariables(env, combinedCaPath) {
+  // SSL_CERT_FILE: Used by Python SSL libraries and requests
+  if (env.SSL_CERT_FILE) {
+    ui.writeWarning("Safe-chain: User defined SSL_CERT_FILE found in environment. It will be overwritten.");
+  }
+  env.SSL_CERT_FILE = combinedCaPath;
+
+  // REQUESTS_CA_BUNDLE: Used by the requests library (which Poetry uses)
+  if (env.REQUESTS_CA_BUNDLE) {
+    ui.writeWarning("Safe-chain: User defined REQUESTS_CA_BUNDLE found in environment. It will be overwritten.");
+  }
+  env.REQUESTS_CA_BUNDLE = combinedCaPath;
+
+  // PIP_CERT: Poetry may use pip internally
+  if (env.PIP_CERT) {
+    ui.writeWarning("Safe-chain: User defined PIP_CERT found in environment. It will be overwritten.");
+  }
+  env.PIP_CERT = combinedCaPath;
+}
+
+/**
+ * Runs a poetry command with safe-chain's certificate bundle and proxy configuration.
+ * 
+ * Poetry respects standard HTTP_PROXY/HTTPS_PROXY environment variables through
+ * the Python requests library.
+ * 
+ * @param {string[]} args - Command line arguments to pass to poetry
+ * @returns {Promise<{status: number}>} Exit status of the poetry command
+ */
+async function runPoetryCommand(args) {
+  try {
+    const env = mergeSafeChainProxyEnvironmentVariables(process.env);
+
+    const combinedCaPath = getCombinedCaBundlePath();
+    setPoetryCaBundleEnvironmentVariables(env, combinedCaPath);
+
+    const result = await safeSpawn("poetry", args, {
+      stdio: "inherit",
+      env,
+    });
+    
+    return { status: result.status };
+  } catch (/** @type any */ error) {
+    if (error.status) {
+      return { status: error.status };
+    } else {
+      ui.writeError("Error executing command:", error.message);
+      ui.writeError("Is 'poetry' installed and available on your system?");
+      return { status: 1 };
+    }
+  }
+}

package/src/registryProxy/certBundle.js

@@ -6,6 +6,7 @@ import certifi from "certifi";
 import tls from "node:tls";
 import { X509Certificate } from "node:crypto";
 import { getCaCertPath } from "./certUtils.js";
+import { ui } from "../environment/userInteraction.js";
 
 /**
  * Check if a PEM string contains only parsable cert blocks.
@@ -14,6 +15,7 @@ import { getCaCertPath } from "./certUtils.js";
  */
 function isParsable(pem) {
   if (!pem || typeof pem !== "string") return false;
+  pem = normalizeLineEndings(pem);
   const begin = "-----BEGIN CERTIFICATE-----";
   const end = "-----END CERTIFICATE-----";
   const blocks = [];
@@ -41,20 +43,17 @@ function isParsable(pem) {
   }
 }
 
-/** @type {string | null} */
-let cachedPath = null;
-
 /**
- * Build a combined CA bundle for Python and Node HTTPS flows.
- * - Includes Safe Chain CA (for MITM of known registries)
- * - Includes Mozilla roots via npm `certifi` (public HTTPS)
- * - Includes Node's built-in root certificates as a portable fallback
+ * Build a combined CA bundle.
+ * Automatically includes:
+ * - Safe Chain CA (for MITM of known registries)
+ * - Mozilla roots via certifi (for public HTTPS)
+ * - Node's built-in root certificates (fallback)
+ * - User's custom certificates (if NODE_EXTRA_CA_CERTS environment variable is set)
+ * 
  * @returns {string} Path to the combined CA bundle PEM file
  */
 export function getCombinedCaBundlePath() {
-  if (cachedPath && fs.existsSync(cachedPath)) return cachedPath;
-
-  // Concatenate PEM files
   const parts = [];
 
   // 1) Safe Chain CA (for MITM'd registries)
@@ -87,9 +86,96 @@ export function getCombinedCaBundlePath() {
     // Ignore if unavailable
   }
 
+  // 4) User's NODE_EXTRA_CA_CERTS (if set)
+  const userCertPath = process.env.NODE_EXTRA_CA_CERTS;
+  if (userCertPath) {
+    const userPem = readUserCertificateFile(userCertPath);
+    if (userPem) {
+      parts.push(userPem.trim());
+      ui.writeVerbose(`Safe-chain: Merging user's NODE_EXTRA_CA_CERTS from ${userCertPath}`);
+    } else {
+      ui.writeWarning(`Safe-chain: Could not read or parse user's NODE_EXTRA_CA_CERTS from ${userCertPath}`);
+    }
+  }
+
   const combined = parts.filter(Boolean).join("\n");
-  const target = path.join(os.tmpdir(), "safe-chain-ca-bundle.pem");
+  const target = path.join(os.tmpdir(), `safe-chain-ca-bundle-${Date.now()}.pem`);
   fs.writeFileSync(target, combined, { encoding: "utf8" });
-  cachedPath = target;
-  return cachedPath;
+  return target;
+}
+
+/**
+ * Normalize path
+ * @param {string} p - Path to normalize
+ * @returns {string}
+ */
+function normalizePathF(p) {
+  return p.replace(/\\/g, "/");
+}
+
+/**
+ * Normalize line endings to LF
+ * @param {string} text - Text with mixed line endings
+ * @returns {string}
+ */
+function normalizeLineEndings(text) {
+  return text.replace(/\r\n/g, "\n").replace(/\r/g, "\n");
+}
+
+/**
+ * Read and validate user certificate file
+ * @param {string} certPath - Path to certificate file
+ * @returns {string | null} Certificate PEM content or null if invalid/unreadable
+ */
+function readUserCertificateFile(certPath) {
+  try {
+    // 1) Basic validation
+    if (typeof certPath !== "string" || certPath.trim().length === 0) {
+      return null;
+    }
+
+    // 2) Reject path traversal attempts (normalize backslashes first for Windows paths)
+    const normalizedPath = normalizePathF(certPath);
+    if (normalizedPath.includes("..")) {
+      return null;
+    }
+
+    // 3) Check if file exists and is not a directory or symlink
+    let stats;
+    try {
+      stats = fs.lstatSync(certPath);
+    } catch {
+      // File doesn't exist or can't be accessed
+      return null;
+    }
+
+    if (!stats.isFile()) {
+      // Reject directories and symlinks
+      return null;
+    }
+
+    // 4) Read file content
+    let content;
+    try {
+      content = fs.readFileSync(certPath, "utf8");
+    } catch {
+      return null;
+    }
+
+    if (!content || typeof content !== "string") {
+      return null;
+    }
+
+    // 5) Validate PEM format
+    if (!isParsable(content)) {
+      return null;
+    }
+
+    return content;
+  } catch {
+    // Silently fail on any errors
+    return null;
+  }
 }
+
+

package/src/registryProxy/certUtils.js

@@ -8,6 +8,17 @@ const ca = loadCa();
 
 const certCache = new Map();
 
+/**
+ * @param {forge.pki.PublicKey} publicKey
+ * @returns {string}
+ */
+function createKeyIdentifier(publicKey) {
+  return forge.pki.getPublicKeyFingerprint(publicKey, {
+    encoding: "binary",
+    md: forge.md.sha1.create(),
+  });
+}
+
 export function getCaCertPath() {
   return path.join(certFolder, "ca-cert.pem");
 }
@@ -33,6 +44,7 @@ export function generateCertForHost(hostname) {
   const attrs = [{ name: "commonName", value: hostname }];
   cert.setSubject(attrs);
   cert.setIssuer(ca.certificate.subject.attributes);
+  const authorityKeyIdentifier = createKeyIdentifier(ca.certificate.publicKey);
   cert.setExtensions([
     {
       name: "subjectAltName",
@@ -50,14 +62,42 @@ export function generateCertForHost(hostname) {
     },
     {
       /*
-        extKeyUsage serverAuth is required for TLS server authentication.
-        This is especially important for Python venv environments, which use their own
-        certificate validation logic and will reject certificates lacking the serverAuth EKU.
-        Adding serverAuth does not impact other usages
+        Extended Key Usage (EKU) serverAuth extension
+
+        Needed for TLS server authentication. This extension indicates the certificate's
+        public key may be used for TLS WWW server authentication.
+        Python virtualenv environments (like pipx-installed Poetry) enforce this strictly
+        https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12
       */
       name: "extKeyUsage",
       serverAuth: true,
     },
+    {
+      /*
+        Subject Key Identifier (SKI)
+        
+        Needed for Python virtualenv SSL validation and certificate chain building.
+        This extension provides a means of identifying certificates containing a particular public key.
+        Python virtualenv environments require this for proper certificate chain validation.
+        System Python installations may be more lenient.
+        https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.2
+      */
+      name: "subjectKeyIdentifier",
+      subjectKeyIdentifier: createKeyIdentifier(cert.publicKey),
+    },
+    {
+      /*
+        Authority Key Identifier (AKI)
+        
+        Needed for Python virtualenv SSL validation and certificate path validation.
+        This extension identifies the public key corresponding to the private key used to sign
+        this certificate. It links this certificate to its issuing CA certificate.
+        Without this, Python virtualenv certificate validation might fail (for instance for Poetry)
+        https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.1
+      */
+      name: "authorityKeyIdentifier",
+      keyIdentifier: authorityKeyIdentifier,
+    },
   ]);
   cert.sign(ca.privateKey, forge.md.sha256.create());
 
@@ -106,11 +146,13 @@ function generateCa() {
 
   const attrs = [{ name: "commonName", value: "safe-chain proxy" }];
   cert.setSubject(attrs);
-  cert.setIssuer(attrs);
+  cert.setIssuer(attrs); // Self-signed: issuer === subject
+  const keyIdentifier = createKeyIdentifier(cert.publicKey);
   cert.setExtensions([
     {
       name: "basicConstraints",
       cA: true,
+      critical: true, // Marking basicConstraints as critical is required for CA certificates so clients must process it to trust the cert as a CA
     },
     {
       name: "keyUsage",
@@ -118,6 +160,14 @@ function generateCa() {
       digitalSignature: true,
       keyEncipherment: true,
     },
+    {
+      name: "subjectKeyIdentifier",
+      subjectKeyIdentifier: keyIdentifier,
+    },
+    {
+      name: "authorityKeyIdentifier",
+      keyIdentifier,
+    },
   ]);
   cert.sign(keys.privateKey, forge.md.sha256.create());
 

package/src/registryProxy/getConnectTimeout.js

@@ -0,0 +1,13 @@
+import { isImdsEndpoint } from "./isImdsEndpoint.js";
+
+/**
+ * Returns appropriate connection timeout for a host.
+ * - IMDS endpoints: 3s (fail fast when outside cloud, reduce 5min delay to ~20s)
+ * - Other endpoints: 30s (allow for slow networks while preventing indefinite hangs)
+ */
+export function getConnectTimeout(/** @type {string} */ host) {
+  if (isImdsEndpoint(host)) {
+    return 3000;
+  }
+  return 30000;
+}

package/src/registryProxy/interceptors/interceptorBuilder.js

@@ -20,6 +20,12 @@ import { EventEmitter } from "events";
  * @property {(headers: NodeJS.Dict<string | string[]> | undefined) => NodeJS.Dict<string | string[]> | undefined} modifyRequestHeaders
  * @property {() => boolean} modifiesResponse
  * @property {(body: Buffer, headers: NodeJS.Dict<string | string[]> | undefined) => Buffer} modifyBody
+ *
+ * @typedef {Object} MalwareBlockedEvent
+ * @property {string} packageName
+ * @property {string} version
+ * @property {string} targetUrl
+ * @property {number} timestamp
  */
 
 /**

package/src/registryProxy/interceptors/pipInterceptor.js

@@ -32,7 +32,16 @@ function buildPipInterceptor(registry) {
       reqContext.targetUrl,
       registry
     );
-    if (await isMalwarePackage(packageName, version)) {
+
+    // Normalize underscores to hyphens for DB matching, as PyPI allows underscores in distribution names.
+    // Per python, packages that differ only by hyphen vs underscore are considered the same.
+    const hyphenName = packageName?.includes("_") ? packageName.replace(/_/g, "-") : packageName;
+
+    const isMalicious = 
+       await isMalwarePackage(packageName, version) 
+    || await isMalwarePackage(hyphenName, version);
+
+    if (isMalicious) {
       reqContext.blockMalware(packageName, version);
     }
   });
@@ -71,16 +80,21 @@ function parsePipPackageFromUrl(url, registry) {
   // Example wheel: https://files.pythonhosted.org/packages/xx/yy/requests-2.28.1-py3-none-any.whl
   // Example sdist: https://files.pythonhosted.org/packages/xx/yy/requests-2.28.1.tar.gz
 
-  // Wheel (.whl)
-  if (filename.endsWith(".whl")) {
-    const base = filename.slice(0, -4); // remove ".whl"
+  // Wheel (.whl) and Poetry's preflight metadata (.whl.metadata)
+  // Examples:
+  //   foo_bar-2.0.0-py3-none-any.whl
+  //   foo_bar-2.0.0-py3-none-any.whl.metadata
+  const wheelExtRe = /\.whl(?:\.metadata)?$/;
+  const wheelExtMatch = filename.match(wheelExtRe);
+  if (wheelExtMatch) {
+    const base = filename.replace(wheelExtRe, "");
     const firstDash = base.indexOf("-");
     if (firstDash > 0) {
       const dist = base.slice(0, firstDash); // may contain underscores
       const rest = base.slice(firstDash + 1); // version + the rest of tags
       const secondDash = rest.indexOf("-");
       const rawVersion = secondDash >= 0 ? rest.slice(0, secondDash) : rest;
-      packageName = dist; // preserve underscores
+      packageName = dist;
       version = rawVersion;
       // Reject "latest" as it's a placeholder, not a real version
       // When version is "latest", this signals the URL doesn't contain actual version info
@@ -92,10 +106,11 @@ function parsePipPackageFromUrl(url, registry) {
     }
   }
 
-  // Source dist (sdist)
-  const sdistExtMatch = filename.match(/\.(tar\.gz|zip|tar\.bz2|tar\.xz)$/i);
+  // Source dist (sdist) and potential metadata sidecars (e.g., .tar.gz.metadata)
+  const sdistExtWithMetadataRe = /\.(tar\.gz|zip|tar\.bz2|tar\.xz)(\.metadata)?$/i;
+  const sdistExtMatch = filename.match(sdistExtWithMetadataRe);
   if (sdistExtMatch) {
-    const base = filename.slice(0, -sdistExtMatch[0].length);
+    const base = filename.replace(sdistExtWithMetadataRe, "");
     const lastDash = base.lastIndexOf("-");
     if (lastDash > 0 && lastDash < base.length - 1) {
       packageName = base.slice(0, lastDash);
@@ -109,7 +124,6 @@ function parsePipPackageFromUrl(url, registry) {
       return { packageName, version };
     }
   }
-
   // Unknown file type or invalid
   return { packageName: undefined, version: undefined };
 }

package/src/registryProxy/registryProxy.js

@@ -2,7 +2,7 @@ import * as http from "http";
 import { tunnelRequest } from "./tunnelRequestHandler.js";
 import { mitmConnect } from "./mitmRequestHandler.js";
 import { handleHttpProxyRequest } from "./plainHttpProxy.js";
-import { getCaCertPath } from "./certUtils.js";
+import { getCombinedCaBundlePath } from "./certBundle.js";
 import { ui } from "../environment/userInteraction.js";
 import chalk from "chalk";
 import { createInterceptorForUrl } from "./interceptors/createInterceptorForEcoSystem.js";
@@ -36,10 +36,13 @@ function getSafeChainProxyEnvironmentVariables() {
     return {};
   }
 
+  const proxyUrl = `http://localhost:${state.port}`;
+  const caCertPath = getCombinedCaBundlePath();
+
   return {
-    HTTPS_PROXY: `http://localhost:${state.port}`,
-    GLOBAL_AGENT_HTTP_PROXY: `http://localhost:${state.port}`,
-    NODE_EXTRA_CA_CERTS: getCaCertPath(),
+    HTTPS_PROXY: proxyUrl,
+    GLOBAL_AGENT_HTTP_PROXY: proxyUrl,
+    NODE_EXTRA_CA_CERTS: caCertPath,
   };
 }
 
@@ -136,9 +139,14 @@ function handleConnect(req, clientSocket, head) {
 
   if (interceptor) {
     // Subscribe to malware blocked events
-    interceptor.on("malwareBlocked", (event) => {
-      onMalwareBlocked(event.packageName, event.version, event.url);
-    });
+    interceptor.on(
+      "malwareBlocked",
+      (
+        /** @type {import("./interceptors/interceptorBuilder.js").MalwareBlockedEvent} */ event
+      ) => {
+        onMalwareBlocked(event.packageName, event.version, event.targetUrl);
+      }
+    );
 
     mitmConnect(req, clientSocket, interceptor);
   } else {

package/src/registryProxy/tunnelRequestHandler.js

@@ -1,9 +1,10 @@
 import * as net from "net";
 import { ui } from "../environment/userInteraction.js";
 import { isImdsEndpoint } from "./isImdsEndpoint.js";
+import { getConnectTimeout } from "./getConnectTimeout.js";
 
 /** @type {string[]} */
-let timedoutEndpoints = [];
+let timedoutImdsEndpoints = [];
 
 /**
  * @param {import("http").IncomingMessage} req
@@ -43,7 +44,7 @@ function tunnelRequestToDestination(req, clientSocket, head) {
   const { port, hostname } = new URL(`http://${req.url}`);
   const isImds = isImdsEndpoint(hostname);
 
-  if (timedoutEndpoints.includes(hostname)) {
+  if (timedoutImdsEndpoints.includes(hostname)) {
     clientSocket.end("HTTP/1.1 502 Bad Gateway\r\n\r\n");
     if (isImds) {
       ui.writeVerbose(
@@ -74,9 +75,9 @@ function tunnelRequestToDestination(req, clientSocket, head) {
   serverSocket.setTimeout(connectTimeout);
 
   serverSocket.on("timeout", () => {
-    timedoutEndpoints.push(hostname);
     // Suppress error logging for IMDS endpoints - timeouts are expected when not in cloud
     if (isImds) {
+      timedoutImdsEndpoints.push(hostname);
       ui.writeVerbose(
         `Safe-chain: connect to ${hostname}:${
           port || 443
@@ -196,14 +197,3 @@ function tunnelRequestViaProxy(req, clientSocket, head, proxyUrl) {
   });
 }
 
-/**
- * Returns appropriate connection timeout for a host.
- * - IMDS endpoints: 3s (fail fast when outside cloud, reduce 5min delay to ~20s)
- * - Other endpoints: 30s (allow for slow networks while preventing indefinite hangs)
- */
-function getConnectTimeout(/** @type {string} */ host) {
-  if (isImdsEndpoint(host)) {
-    return 3000;
-  }
-  return 30000;
-}

package/src/shell-integration/helpers.js

@@ -76,6 +76,12 @@ export const knownAikidoTools = [
     ecoSystem: ECOSYSTEM_PY,
     internalPackageManagerName: "pip",
   },
+  {
+    tool: "poetry",
+    aikidoCommand: "aikido-poetry",
+    ecoSystem: ECOSYSTEM_PY,
+    internalPackageManagerName: "poetry",
+  },
   {
     tool: "python",
     aikidoCommand: "aikido-python",
@@ -107,6 +113,20 @@ export function getPackageManagerList() {
   return `${tools.join(", ")}, and ${lastTool} commands`;
 }
 
+/**
+ * @returns {string}
+ */
+export function getShimsDir() {
+  return path.join(os.homedir(), ".safe-chain", "shims");
+}
+
+/**
+ * @returns {string}
+ */
+export function getScriptsDir() {
+  return path.join(os.homedir(), ".safe-chain", "scripts");
+}
+
 /**
  * @param {string} executableName
  *

package/src/shell-integration/setup-ci.js

@@ -1,6 +1,6 @@
 import chalk from "chalk";
 import { ui } from "../environment/userInteraction.js";
-import { getPackageManagerList, knownAikidoTools } from "./helpers.js";
+import { getPackageManagerList, knownAikidoTools, getShimsDir } from "./helpers.js";
 import fs from "fs";
 import os from "os";
 import path from "path";
@@ -32,7 +32,7 @@ export async function setupCi() {
   );
   ui.emptyLine();
 
-  const shimsDir = path.join(os.homedir(), ".safe-chain", "shims");
+  const shimsDir = getShimsDir();
   const binDir = path.join(os.homedir(), ".safe-chain", "bin");
   // Create the shims directory if it doesn't exist
   if (!fs.existsSync(shimsDir)) {

package/src/shell-integration/setup.js

@@ -1,9 +1,8 @@
 import chalk from "chalk";
 import { ui } from "../environment/userInteraction.js";
 import { detectShells } from "./shellDetection.js";
-import { knownAikidoTools, getPackageManagerList } from "./helpers.js";
+import { knownAikidoTools, getPackageManagerList, getScriptsDir } from "./helpers.js";
 import fs from "fs";
-import os from "os";
 import path from "path";
 import { includePython } from "../config/cliArguments.js";
 import { fileURLToPath } from "url";
@@ -107,10 +106,10 @@ function setupShell(shell) {
 
 function copyStartupFiles() {
   const startupFiles = ["init-posix.sh", "init-pwsh.ps1", "init-fish.fish"];
+  const targetDir = getScriptsDir();
 
   for (const file of startupFiles) {
-    const targetDir = path.join(os.homedir(), ".safe-chain", "scripts");
-    const targetPath = path.join(os.homedir(), ".safe-chain", "scripts", file);
+    const targetPath = path.join(targetDir, file);
 
     if (!fs.existsSync(targetDir)) {
       fs.mkdirSync(targetDir, { recursive: true });

package/src/shell-integration/startup-scripts/include-python/init-fish.fish

@@ -52,6 +52,10 @@ function uv
     wrapSafeChainCommand "uv" $argv
 end
 
+function poetry
+    wrapSafeChainCommand "poetry" $argv
+end
+
 # `python -m pip`, `python -m pip3`.
 function python
     wrapSafeChainCommand "python" $argv

package/src/shell-integration/startup-scripts/include-python/init-posix.sh

@@ -48,6 +48,10 @@ function uv() {
   wrapSafeChainCommand "uv" "$@"
 }
 
+function poetry() {
+  wrapSafeChainCommand "poetry" "$@"
+}
+
 # `python -m pip`, `python -m pip3`.
 function python() {
   wrapSafeChainCommand "python" "$@"

package/src/shell-integration/startup-scripts/include-python/init-pwsh.ps1

@@ -50,6 +50,10 @@ function uv {
     Invoke-WrappedCommand "uv" $args
 }
 
+function poetry {
+    Invoke-WrappedCommand "poetry" $args
+}
+
 # `python -m pip`, `python -m pip3`.
 function python {
     Invoke-WrappedCommand 'python' $args

package/src/shell-integration/teardown.js

@@ -1,7 +1,8 @@
 import chalk from "chalk";
 import { ui } from "../environment/userInteraction.js";
 import { detectShells } from "./shellDetection.js";
-import { knownAikidoTools, getPackageManagerList } from "./helpers.js";
+import { knownAikidoTools, getPackageManagerList, getShimsDir, getScriptsDir } from "./helpers.js";
+import fs from "fs";
 
 /**
  * @returns {Promise<void>}
@@ -62,3 +63,44 @@ export async function teardown() {
     return;
   }
 }
+
+/**
+ * Removes directories created by setup-ci and setup commands
+ * @returns {Promise<void>}
+ */
+export async function teardownDirectories() {
+  const shimsDir = getShimsDir();
+  const scriptsDir = getScriptsDir();
+
+  // Remove CI shims directory
+  if (fs.existsSync(shimsDir)) {
+    try {
+      fs.rmSync(shimsDir, { recursive: true, force: true });
+      ui.writeInformation(
+        `${chalk.bold("- CI Shims:")} ${chalk.green("Removed successfully")}`
+      );
+    } catch (/** @type {any} */ error) {
+      ui.writeError(
+        `${chalk.bold("- CI Shims:")} ${chalk.red(
+          "Failed to remove"
+        )}. Error: ${error.message}`
+      );
+    }
+  }
+
+  // Remove scripts directory
+  if (fs.existsSync(scriptsDir)) {
+    try {
+      fs.rmSync(scriptsDir, { recursive: true, force: true });
+      ui.writeInformation(
+        `${chalk.bold("- Scripts:")} ${chalk.green("Removed successfully")}`
+      );
+    } catch (/** @type {any} */ error) {
+      ui.writeError(
+        `${chalk.bold("- Scripts:")} ${chalk.red(
+          "Failed to remove"
+        )}. Error: ${error.message}`
+      );
+    }
+  }
+}