Skip to content

Commit

Permalink
add postinstall script to add the safe npm alias
Browse files Browse the repository at this point in the history
  • Loading branch information
@charliegerard
charliegerard committed Jan 11, 2024
1 parent ad7b908 commit cbb7da0
Show file tree
Hide file tree
Showing 3 changed files with 77 additions and 3 deletions.
72 changes: 72 additions & 0 deletions lib/utils/safe-npm.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
import { exec } from 'child_process'
import fs from 'fs'
import homedir from 'os'
import readline from 'readline'

console.log(`

Check warning on line 6 in lib/utils/safe-npm.js

View workflow job for this annotation

GitHub Actions / Linting / Test (20, ubuntu-latest) 

Unexpected console statement
_____ _ _
| __|___ ___| |_ ___| |_
|__ | . | _| '_| -_| _|
|_____|___|___|_,_|___|_|
`)

/**
* @param {string} query
* @returns {void}
*/
const installSafeNpm = (query) => {
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout,
})
return askQuestion(rl, query)
}

/**
* @param {any} rl
* @param {string} query
* @returns {void}
*/
const askQuestion = (rl, query) => {
rl.question(query, (/** @type {string} */ ans) => {
if (ans.toLowerCase() === 'y') {
const bashFile = `${homedir.homedir()}/.bashrc`
const zshBashFile = `${homedir.homedir()}/.zshrc`

try {
if (fs.existsSync(bashFile)) {
addAlias(bashFile)
} else if (fs.existsSync(zshBashFile)) {
addAlias(zshBashFile)
}
} catch (e) {
throw new Error('There was an issue setting up the alias.', { cause: e })

Check failure on line 44 in lib/utils/safe-npm.js

View workflow job for this annotation

GitHub Actions / type-check / TS 4.9, "es2020", ./. 

Expected 0-1 arguments, but got 2.

Check failure on line 44 in lib/utils/safe-npm.js

View workflow job for this annotation

GitHub Actions / type-check / TS next, "es2020", ./. 

Expected 0-1 arguments, but got 2.
}
rl.close()
} else if (ans.toLowerCase() !== 'n') {
askQuestion(rl, 'Incorrect input: please enter either y (yes) or n (no): ')
} else {
rl.close()
}
})
}

/**
* @param {string} file
* @returns {void}
*/
const addAlias = (file) => {
exec(`echo "alias npm='socket npm' \nalias npx='socket npx'" >> ${file}`, (err, _, stderr) => {
if (err) {
return new Error(`There was an error setting up the alias: ${stderr}`)
}
console.log(`The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉`)

Check warning on line 64 in lib/utils/safe-npm.js

View workflow job for this annotation

GitHub Actions / Linting / Test (20, ubuntu-latest) 

Unexpected console statement
})
}

installSafeNpm(`The Socket CLI is now successfully installed! 🎉
To better protect yourself against supply-chain attacks, our "safe npm" wrapper can warn you about malicious packages whenever you run 'npm install'.
Do you want to install "safe npm" (this will create an alias to the socket-npm command)? (y/n)`)
5 changes: 3 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,8 @@
"prepare": "husky install",
"test:unit": "c8 --reporter=lcov --reporter text node --test",
"test-ci": "run-s test:*",
"test": "run-s check test:*"
"test": "run-s check test:*",
"postinstall": "node lib/utils/safe-npm.js"
},
"devDependencies": {
"@socketsecurity/eslint-config": "^3.0.1",
Expand Down

0 comments on commit cbb7da0

Please sign in to comment.