@aikidosec/safe-chain 1.4.9 → 1.5.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aikidosec/safe-chain",
-  "version": "1.4.9",
+  "version": "1.5.1",
   "scripts": {
     "test": "node --test --experimental-test-module-mocks 'src/**/*.spec.js'",
     "test:watch": "node --test --watch --experimental-test-module-mocks 'src/**/*.spec.js'",
@@ -16,6 +16,7 @@
     "aikido-bun": "bin/aikido-bun.js",
     "aikido-bunx": "bin/aikido-bunx.js",
     "aikido-uv": "bin/aikido-uv.js",
+    "aikido-uvx": "bin/aikido-uvx.js",
     "aikido-pip": "bin/aikido-pip.js",
     "aikido-pip3": "bin/aikido-pip3.js",
     "aikido-python": "bin/aikido-python.js",
@@ -36,9 +37,8 @@
   "keywords": [],
   "author": "Aikido Security",
   "license": "AGPL-3.0-or-later",
-  "description": "The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), [pnpx](https://pnpm.io/cli/dlx), [bun](https://bun.sh/), [bunx](https://bun.sh/docs/cli/bunx), [uv](https://docs.astral.sh/uv/) (Python), and [pip](https://pip.pypa.io/) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm, pnpx, bun, bunx, uv, or pip/pip3 from downloading or running the malware.",
+  "description": "The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), [pnpx](https://pnpm.io/cli/dlx), [bun](https://bun.sh/), [bunx](https://bun.sh/docs/cli/bunx), [uv](https://docs.astral.sh/uv/) (Python), and [pip](https://pip.pypa.io/) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm, pnpx, bun, bunx, uv, uvx, or pip/pip3 from downloading or running the malware.",
   "dependencies": {
-    "archiver": "^7.0.1",
     "certifi": "14.5.15",
     "chalk": "5.4.1",
     "https-proxy-agent": "7.0.6",
@@ -49,7 +49,6 @@
     "semver": "7.7.2"
   },
   "devDependencies": {
-    "@types/archiver": "^7.0.0",
     "@types/ini": "^4.1.1",
     "@types/make-fetch-happen": "^10.0.4",
     "@types/node": "^18.19.130",

package/src/config/configFile.js

@@ -3,6 +3,7 @@ import path from "path";
 import os from "os";
 import { ui } from "../environment/userInteraction.js";
 import { getEcoSystem } from "./settings.js";
+import { getSafeChainBaseDir } from "./safeChainDir.js";
 
 /**
  * @typedef {Object} SafeChainConfig
@@ -304,8 +305,7 @@ function getConfigFilePath() {
  * @returns {string}
  */
 export function getSafeChainDirectory() {
-  const homeDir = os.homedir();
-  const safeChainDir = path.join(homeDir, ".safe-chain");
+  const safeChainDir = getSafeChainBaseDir();
 
   if (!fs.existsSync(safeChainDir)) {
     fs.mkdirSync(safeChainDir, { recursive: true });

package/src/config/safeChainDir.js

@@ -0,0 +1,71 @@
+import os from "os";
+import path from "path";
+import { fileURLToPath } from "url";
+import { getInstalledSafeChainDir } from "../installLocation.js";
+
+/**
+ * @returns {string}
+ */
+export function getSafeChainBaseDir() {
+  return getInstalledSafeChainDir() ?? path.join(os.homedir(), ".safe-chain");
+}
+
+/**
+ * @returns {string}
+ */
+export function getBinDir() {
+  return path.join(getSafeChainBaseDir(), "bin");
+}
+
+/**
+ * @returns {string}
+ */
+export function getShimsDir() {
+  return path.join(getSafeChainBaseDir(), "shims");
+}
+
+/**
+ * @returns {string}
+ */
+export function getScriptsDir() {
+  return path.join(getSafeChainBaseDir(), "scripts");
+}
+
+/**
+ * @returns {string}
+ */
+export function getCertsDir() {
+  return path.join(getSafeChainBaseDir(), "certs");
+}
+
+/**
+ * Resolves the directory of the calling module.
+ * Falls back to __dirname when import.meta.url is unavailable (pkg CJS binary).
+ * @param {string | undefined} moduleUrl
+ * @returns {string}
+ */
+function resolveModuleDir(moduleUrl) {
+  if (moduleUrl) {
+    return path.dirname(fileURLToPath(moduleUrl));
+  }
+  // eslint-disable-next-line no-undef
+  return __dirname;
+}
+
+/**
+ * @param {string | undefined} moduleUrl
+ * @param {string} fileName
+ * @returns {string}
+ */
+export function getStartupScriptSourcePath(moduleUrl, fileName) {
+  return path.join(resolveModuleDir(moduleUrl), "startup-scripts", fileName);
+}
+
+/**
+ * @param {string | undefined} moduleUrl
+ * @param {string} fileName
+ * @returns {string}
+ */
+export function getPathWrapperTemplatePath(moduleUrl, fileName) {
+  return path.join(resolveModuleDir(moduleUrl), "path-wrappers", "templates", fileName);
+}

package/src/installLocation.js

@@ -0,0 +1,42 @@
+import path from "path";
+
+/** @type {NodeJS.Process & { pkg?: unknown }} */
+const processWithPkg = process;
+
+/**
+ * @param {string} executablePath
+ * @returns {string | undefined}
+ */
+export function deriveInstallDirFromExecutablePath(executablePath) {
+  if (!executablePath) {
+    return undefined;
+  }
+
+  const pathLibrary = executablePath.includes("\\") ? path.win32 : path.posix;
+  const executableDir = pathLibrary.dirname(executablePath);
+  if (pathLibrary.basename(executableDir) !== "bin") {
+    return undefined;
+  }
+
+  return pathLibrary.dirname(executableDir);
+}
+
+/**
+ * Returns the install directory for a packaged safe-chain binary.
+ * Custom installation directories only apply to packaged binary installs.
+ * For npm/global/dev-script executions this intentionally returns undefined,
+ * which causes callers to fall back to the default ~/.safe-chain layout.
+ *
+ * @param {{ isPackaged?: boolean, executablePath?: string }} [options]
+ * @returns {string | undefined}
+ */
+export function getInstalledSafeChainDir(options = {}) {
+  const isPackaged = options.isPackaged ?? Boolean(processWithPkg.pkg);
+  if (!isPackaged) {
+    return undefined;
+  }
+
+  return deriveInstallDirFromExecutablePath(
+    options.executablePath ?? process.execPath,
+  );
+}

package/src/packagemanager/currentPackageManager.js

@@ -13,6 +13,7 @@ import { createPipPackageManager } from "./pip/createPackageManager.js";
 import { createUvPackageManager } from "./uv/createUvPackageManager.js";
 import { createPoetryPackageManager } from "./poetry/createPoetryPackageManager.js";
 import { createPipXPackageManager } from "./pipx/createPipXPackageManager.js";
+import { createUvxPackageManager } from "./uvx/createUvxPackageManager.js";
 
 /**
  * @type {{packageManagerName: PackageManager | null}}
@@ -60,6 +61,8 @@ export function initializePackageManager(packageManagerName, context) {
     state.packageManagerName = createPipPackageManager(context);
   } else if (packageManagerName === "uv") {
     state.packageManagerName = createUvPackageManager();
+  } else if (packageManagerName === "uvx") {
+    state.packageManagerName = createUvxPackageManager();
   } else if (packageManagerName === "poetry") {
     state.packageManagerName = createPoetryPackageManager();
   } else if (packageManagerName === "pipx") {

package/src/packagemanager/uvx/createUvxPackageManager.js

@@ -0,0 +1,18 @@
+import { runUv } from "../uv/runUvCommand.js";
+
+/**
+ * @returns {import("../currentPackageManager.js").PackageManager}
+ */
+export function createUvxPackageManager() {
+  return {
+    /**
+     * @param {string[]} args
+     */
+    runCommand: (args) => {
+      return runUv("uvx", args);
+    },
+    // For uvx, rely solely on MITM
+    isSupportedCommand: () => false,
+    getDependencyUpdatesForCommand: () => [],
+  };
+}

package/src/registryProxy/certUtils.js

@@ -1,9 +1,8 @@
 import forge from "node-forge";
 import path from "path";
 import fs from "fs";
-import os from "os";
+import { getCertsDir } from "../config/safeChainDir.js";
 
-const certFolder = path.join(os.homedir(), ".safe-chain", "certs");
 const ca = loadCa();
 
 const certCache = new Map();
@@ -20,7 +19,7 @@ function createKeyIdentifier(publicKey) {
 }
 
 export function getCaCertPath() {
-  return path.join(certFolder, "ca-cert.pem");
+  return path.join(getCertsDir(), "ca-cert.pem");
 }
 
 /**
@@ -112,6 +111,7 @@ export function generateCertForHost(hostname) {
 }
 
 function loadCa() {
+  const certFolder = getCertsDir();
   const keyPath = path.join(certFolder, "ca-key.pem");
   const certPath = path.join(certFolder, "ca-cert.pem");
 

package/src/registryProxy/interceptors/pip/modifyPipInfo.js

@@ -6,6 +6,23 @@ export { parsePipMetadataUrl, isPipPackageInfoUrl } from "./parsePipPackageUrl.j
 import { getPipMetadataContentType, logSuppressedVersion } from "./pipMetadataResponseUtils.js";
 import { modifyPipJsonResponse } from "./modifyPipJsonResponse.js";
 
+/**
+ * Strip conditional GET headers so PyPI always returns a full 200 response
+ * with a body we can rewrite. Without this, pip sends If-None-Match /
+ * If-Modified-Since, PyPI responds 304 Not Modified (empty body), and
+ * safe-chain cannot rewrite it — leaving pip with a cached index that still
+ * lists too-young versions. Those versions are then blocked at direct-download
+ * time with a hard 403, preventing dependency resolution from completing.
+ *
+ * @param {NodeJS.Dict<string | string[]>} headers
+ * @returns {NodeJS.Dict<string | string[]>}
+ */
+export function modifyPipInfoRequestHeaders(headers) {
+  delete headers["if-none-match"];
+  delete headers["if-modified-since"];
+  return headers;
+}
+
 // Match simple-index anchor tags and capture their href so we can suppress
 // individual distribution links from PyPI HTML metadata responses.
 const HTML_ANCHOR_HREF_RE =

package/src/registryProxy/interceptors/pip/pipInterceptor.js

@@ -9,6 +9,7 @@ import { openNewPackagesDatabase } from "../../../scanning/newPackagesListCache.
 import { interceptRequests } from "../interceptorBuilder.js";
 import { isExcludedFromMinimumPackageAge } from "../minimumPackageAgeExclusions.js";
 import {
+  modifyPipInfoRequestHeaders,
   modifyPipInfoResponse,
   parsePipMetadataUrl,
 } from "./modifyPipInfo.js";
@@ -61,6 +62,7 @@ function createPipRequestHandler(registry) {
       !isExcludedFromMinimumPackageAge(metadataPackageName)
     ) {
       const newPackagesDatabase = await openNewPackagesDatabase();
+      reqContext.modifyRequestHeaders(modifyPipInfoRequestHeaders);
       reqContext.modifyBody((body, headers) =>
         modifyPipInfoResponse(
           body,

package/src/scanning/malwareDatabase.js

@@ -15,8 +15,12 @@ import { getEcoSystem, ECOSYSTEM_PY } from "../config/settings.js";
  * @property {function(string, string): boolean} isMalware
  */
 
-/** @type {MalwareDatabase | null} */
-let cachedMalwareDatabase = null;
+// Caching the Promise (rather than the resolved database) prevents duplicate fetches. If we cached the resolved
+// value, multiple callers could pass the null-check before the first fetch completes (because each `await` yields
+// control back to the event loop, allowing other callers to run). Since the Promise assignment is synchronous, all
+// concurrent callers see it immediately and share a single fetch.
+/** @type {Promise<MalwareDatabase> | null} */
+let cachedMalwareDatabasePromise = null;
 
 /**
  * Normalize package name for comparison.
@@ -34,45 +38,44 @@ function normalizePackageName(name) {
   return name;
 }
 
-export async function openMalwareDatabase() {
-  if (cachedMalwareDatabase) {
-    return cachedMalwareDatabase;
-  }
-
-  const malwareDatabase = await getMalwareDatabase();
-
-  /**
-   * @param {string} name
-   * @param {string} version
-   * @returns {string}
-   */
-  function getPackageStatus(name, version) {
-    const normalizedName = normalizePackageName(name);
-    const packageData = malwareDatabase.find(
-      (pkg) => {
-        const normalizedPkgName = normalizePackageName(pkg.package_name);
-        return normalizedPkgName === normalizedName &&
-          (pkg.version === version || pkg.version === "*");
+export function openMalwareDatabase() {
+  if (!cachedMalwareDatabasePromise) {
+    cachedMalwareDatabasePromise = getMalwareDatabase().then((malwareDatabase) => {
+      /**
+       * @param {string} name
+       * @param {string} version
+       * @returns {string}
+       */
+      function getPackageStatus(name, version) {
+        const normalizedName = normalizePackageName(name);
+        const packageData = malwareDatabase.find(
+          (pkg) => {
+            const normalizedPkgName = normalizePackageName(pkg.package_name);
+            return normalizedPkgName === normalizedName &&
+              (pkg.version === version || pkg.version === "*");
+          }
+        );
+
+        if (!packageData) {
+          return MALWARE_STATUS_OK;
+        }
+
+        return packageData.reason;
       }
-    );
 
-    if (!packageData) {
-      return MALWARE_STATUS_OK;
-    }
-
-    return packageData.reason;
+      return {
+        getPackageStatus,
+        isMalware: (/** @type {string} */ name, /** @type {string} */ version) => {
+          const status = getPackageStatus(name, version);
+          return isMalwareStatus(status);
+        },
+      };
+    }).catch((error) => {
+      cachedMalwareDatabasePromise = null;
+      throw error;
+    });
   }
-
-  // This implicitly caches the malware database
-  //  that's closed over by the getPackageStatus function
-  cachedMalwareDatabase = {
-    getPackageStatus,
-    isMalware: (name, version) => {
-      const status = getPackageStatus(name, version);
-      return isMalwareStatus(status);
-    },
-  };
-  return cachedMalwareDatabase;
+  return cachedMalwareDatabasePromise;
 }
 
 /**

package/src/scanning/newPackagesListCache.js

@@ -16,30 +16,27 @@ import { warnOnceAboutUnavailableDatabase } from "./newPackagesDatabaseWarnings.
  */
 
 // Shared per-process cache to avoid rebuilding the same feed-backed database on each request.
-/** @type {NewPackagesDatabase | null} */
-let cachedNewPackagesDatabase = null;
+// Caching the Promise (rather than the resolved database) prevents duplicate fetches. If we cached the resolved
+// value, multiple callers could pass the null-check before the first fetch completes (because each `await` yields
+// control back to the event loop, allowing other callers to run). Since the Promise assignment is synchronous, all
+// concurrent callers see it immediately and share a single fetch.
+/** @type {Promise<NewPackagesDatabase> | null} */
+let cachedNewPackagesDatabasePromise = null;
 
 /**
  * @returns {Promise<NewPackagesDatabase>}
  */
-export async function openNewPackagesDatabase() {
-  if (cachedNewPackagesDatabase) {
-    return cachedNewPackagesDatabase;
+export function openNewPackagesDatabase() {
+  if (!cachedNewPackagesDatabasePromise) {
+    cachedNewPackagesDatabasePromise = getNewPackagesList()
+      .then((newPackagesList) => buildNewPackagesDatabase(newPackagesList))
+      .catch((/** @type {any} */ error) => {
+        warnOnceAboutUnavailableDatabase(error);
+        cachedNewPackagesDatabasePromise = null;
+        return { isNewlyReleasedPackage: () => false };
+      });
   }
-
-  /** @type {import("../api/aikido.js").NewPackageEntry[]} */
-  let newPackagesList;
-
-  try {
-    newPackagesList = await getNewPackagesList();
-  } catch (/** @type {any} */ error) {
-    warnOnceAboutUnavailableDatabase(error);
-    cachedNewPackagesDatabase = { isNewlyReleasedPackage: () => false };
-    return cachedNewPackagesDatabase;
-  }
-
-  cachedNewPackagesDatabase = buildNewPackagesDatabase(newPackagesList);
-  return cachedNewPackagesDatabase;
+  return cachedNewPackagesDatabasePromise;
 }
 
 /**

package/src/shell-integration/helpers.js

@@ -66,6 +66,12 @@ export const knownAikidoTools = [
     ecoSystem: ECOSYSTEM_PY,
     internalPackageManagerName: "uv",
   },
+  {
+    tool: "uvx",
+    aikidoCommand: "aikido-uvx",
+    ecoSystem: ECOSYSTEM_PY,
+    internalPackageManagerName: "uvx",
+  },
   {
     tool: "pip",
     aikidoCommand: "aikido-pip",
@@ -121,20 +127,6 @@ export function getPackageManagerList() {
   return `${tools.join(", ")}, and ${lastTool} commands`;
 }
 
-/**
- * @returns {string}
- */
-export function getShimsDir() {
-  return path.join(os.homedir(), ".safe-chain", "shims");
-}
-
-/**
- * @returns {string}
- */
-export function getScriptsDir() {
-  return path.join(os.homedir(), ".safe-chain", "scripts");
-}
-
 /**
  * @param {string} executableName
  *

package/src/shell-integration/path-wrappers/templates/unix-wrapper.template.sh

@@ -4,13 +4,28 @@
 
 # Function to remove shim from PATH (POSIX-compliant)
 remove_shim_from_path() {
-    echo "$PATH" | sed "s|$HOME/.safe-chain/shims:||g"
+    _safe_chain_phys=$(CDPATH= cd -- "$(dirname -- "$0")" 2>/dev/null && pwd -P)
+    if [ -z "$_safe_chain_phys" ]; then
+        echo "$PATH"
+        return
+    fi
+    _path=$(echo "$PATH" | sed "s|${_safe_chain_phys}:||g")
+    # Also remove via dirname of $0 directly — on macOS /tmp is a symlink to /private/tmp,
+    # so pwd -P resolves to /private/tmp/… but PATH may still contain /tmp/….
+    _dir=$(dirname -- "$0")
+    case "$_dir" in
+        /*) [ "$_dir" != "$_safe_chain_phys" ] && _path=$(echo "$_path" | sed "s|${_dir}:||g") ;;
+    esac
+    echo "$_path"
 }
 
 if command -v safe-chain >/dev/null 2>&1; then
   # Remove shim directory from PATH when calling {{AIKIDO_COMMAND}} to prevent infinite loops
   PATH=$(remove_shim_from_path) exec safe-chain {{PACKAGE_MANAGER}} "$@"
 else
+  # safe-chain is not reachable — warn the user so they know protection is inactive
+  printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. {{PACKAGE_MANAGER}} will run without it.\n" >&2
+
   # Dynamically find original {{PACKAGE_MANAGER}} (excluding this shim directory)
   original_cmd=$(PATH=$(remove_shim_from_path) command -v {{PACKAGE_MANAGER}})
   if [ -n "$original_cmd" ]; then

package/src/shell-integration/path-wrappers/templates/windows-wrapper.template.cmd

@@ -3,7 +3,8 @@ REM Generated wrapper for {{PACKAGE_MANAGER}} by safe-chain
 REM This wrapper intercepts {{PACKAGE_MANAGER}} calls for non-interactive environments
 
 REM Remove shim directory from PATH to prevent infinite loops
-set "SHIM_DIR=%USERPROFILE%\.safe-chain\shims"
+set "SHIM_DIR=%~dp0"
+if "%SHIM_DIR:~-1%"=="\" set "SHIM_DIR=%SHIM_DIR:~0,-1%"
 call set "CLEAN_PATH=%%PATH:%SHIM_DIR%;=%%"
 
 REM Check if aikido command is available with clean PATH
@@ -21,4 +22,4 @@ if %errorlevel%==0 (
     REM If we get here, original command was not found
     echo Error: Could not find original {{PACKAGE_MANAGER}} >&2
     exit /b 1
-)
+)

package/src/shell-integration/setup-ci.js

@@ -1,24 +1,14 @@
 import chalk from "chalk";
 import { ui } from "../environment/userInteraction.js";
-import { getPackageManagerList, knownAikidoTools, getShimsDir } from "./helpers.js";
+import { getPackageManagerList, knownAikidoTools } from "./helpers.js";
+import {
+  getShimsDir,
+  getBinDir,
+  getPathWrapperTemplatePath,
+} from "../config/safeChainDir.js";
 import fs from "fs";
 import os from "os";
 import path from "path";
-import { fileURLToPath } from "url";
-
-/** @type {string} */
-// This checks the current file's dirname in a way that's compatible with:
-//  - Modulejs (import.meta.url)
-//  - ES modules (__dirname)
-// This is needed because safe-chain's npm package is built using ES modules,
-// but building the binaries requires commonjs.
-let dirname;
-if (import.meta.url) {
-  const filename = fileURLToPath(import.meta.url);
-  dirname = path.dirname(filename);
-} else {
-  dirname = __dirname;
-}
 
 /**
  * Loops over the detected shells and calls the setup function for each.
@@ -31,7 +21,7 @@ export async function setupCi() {
   ui.emptyLine();
 
   const shimsDir = getShimsDir();
-  const binDir = path.join(os.homedir(), ".safe-chain", "bin");
+  const binDir = getBinDir();
   // Create the shims directory if it doesn't exist
   if (!fs.existsSync(shimsDir)) {
     fs.mkdirSync(shimsDir, { recursive: true });
@@ -50,12 +40,7 @@ export async function setupCi() {
  */
 function createUnixShims(shimsDir) {
   // Read the template file
-  const templatePath = path.resolve(
-    dirname,
-    "path-wrappers",
-    "templates",
-    "unix-wrapper.template.sh"
-  );
+  const templatePath = getPathWrapperTemplatePath(import.meta.url, "unix-wrapper.template.sh");
 
   if (!fs.existsSync(templatePath)) {
     ui.writeError(`Template file not found: ${templatePath}`);
@@ -89,12 +74,7 @@ function createUnixShims(shimsDir) {
  */
 function createWindowsShims(shimsDir) {
   // Read the template file
-  const templatePath = path.resolve(
-    dirname,
-    "path-wrappers",
-    "templates",
-    "windows-wrapper.template.cmd"
-  );
+  const templatePath = getPathWrapperTemplatePath(import.meta.url, "windows-wrapper.template.cmd");
 
   if (!fs.existsSync(templatePath)) {
     ui.writeError(`Windows template file not found: ${templatePath}`);

package/src/shell-integration/setup.js

@@ -1,28 +1,10 @@
 import chalk from "chalk";
 import { ui } from "../environment/userInteraction.js";
 import { detectShells } from "./shellDetection.js";
-import {
-  knownAikidoTools,
-  getPackageManagerList,
-  getScriptsDir,
-} from "./helpers.js";
+import { knownAikidoTools, getPackageManagerList } from "./helpers.js";
+import { getScriptsDir, getStartupScriptSourcePath } from "../config/safeChainDir.js";
 import fs from "fs";
 import path from "path";
-import { fileURLToPath } from "url";
-
-/** @type {string} */
-// This checks the current file's dirname in a way that's compatible with:
-//  - Modulejs (import.meta.url)
-//  - ES modules (__dirname)
-// This is needed because safe-chain's npm package is built using ES modules,
-// but building the binaries requires commonjs.
-let dirname;
-if (import.meta.url) {
-  const filename = fileURLToPath(import.meta.url);
-  dirname = path.dirname(filename);
-} else {
-  dirname = __dirname;
-}
 
 /**
  * Loops over the detected shells and calls the setup function for each.
@@ -122,8 +104,7 @@ function copyStartupFiles() {
       fs.mkdirSync(targetDir, { recursive: true });
     }
 
-    // Use absolute path for source
-    const sourcePath = path.join(dirname, "startup-scripts", file);
+    const sourcePath = getStartupScriptSourcePath(import.meta.url, file);
     fs.copyFileSync(sourcePath, targetPath);
   }
 }

package/src/shell-integration/startup-scripts/init-fish.fish

@@ -1,4 +1,7 @@
-set -gx PATH $PATH $HOME/.safe-chain/bin
+set -l safe_chain_script (status filename)
+set -l safe_chain_scripts_dir (dirname $safe_chain_script)
+set -l safe_chain_base (dirname $safe_chain_scripts_dir)
+set -gx PATH $PATH $safe_chain_base/bin
 
 function npx
     wrapSafeChainCommand "npx" $argv
@@ -51,6 +54,10 @@ function uv
     wrapSafeChainCommand "uv" $argv
 end
 
+function uvx
+    wrapSafeChainCommand "uvx" $argv
+end
+
 function poetry
     wrapSafeChainCommand "poetry" $argv
 end

package/src/shell-integration/startup-scripts/init-posix.sh

@@ -1,4 +1,16 @@
-export PATH="$PATH:$HOME/.safe-chain/bin"
+if [ -n "${BASH_SOURCE[0]:-}" ]; then
+    _sc_script_path="${BASH_SOURCE[0]}"
+elif [ -n "${ZSH_VERSION:-}" ]; then
+    # ${(%):-%x} uses Zsh prompt expansion to get the sourced file's path.
+    # eval is required so other shells don't try to parse the Zsh-specific syntax.
+    eval '_sc_script_path="${(%):-%x}"'
+else
+    _sc_script_path="$0"
+fi
+_sc_scripts_dir=$(CDPATH= cd -- "$(dirname -- "$_sc_script_path")" 2>/dev/null && pwd -P)
+_sc_base=$(dirname -- "$_sc_scripts_dir")
+export PATH="$PATH:${_sc_base}/bin"
+unset _sc_base _sc_script_path _sc_scripts_dir
 
 function npx() {
   wrapSafeChainCommand "npx" "$@"
@@ -47,6 +59,10 @@ function uv() {
   wrapSafeChainCommand "uv" "$@"
 }
 
+function uvx() {
+  wrapSafeChainCommand "uvx" "$@"
+}
+
 function poetry() {
   wrapSafeChainCommand "poetry" "$@"
 }