Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add postinstall script to install the safe npm alias #98

Merged
merged 7 commits into from
Jan 19, 2024
Merged

Add postinstall script to install the safe npm alias #98

merged 7 commits into from
Jan 19, 2024

Conversation

charliegerard
Copy link
Contributor

@charliegerard charliegerard commented Jan 11, 2024
edited
Loading

PR description

This PR adds the following functionalities:

  • A postinstall script to ask users if they want to install our npm and npx wrapper so they're automatically protected against malicious packages. (It checks first if the aliases already exist and if so, does not prompt the user)
  • The commands socket wrapper with the flags --enable and --disable if users want to add/remove the aliases later on. If the user enters socket wrapper --enable, the logic checks if the aliases are already set up and if so, lets the user know, otherwise adds the aliases in the bashrc or zshrc file.
  • The commands socket raw-npm and socket raw-npx to temporarily bypass the wrapper.

Flow:

  • When the CLI has finished installing, the output looks like this:
Screenshot 2024-01-10 at 7 39 30 PM
  • If the user enters "n", the interface just exits.
  • If the user enters "y", the logic checks if the file ~/.bashrc or ~/.zshrc exist and if so, the aliases are added to this file and the following output is displayed.
Screenshot 2024-01-10 at 7 44 52 PM

@charliegerard charliegerard marked this pull request as ready for review January 11, 2024 15:53
@feross
Copy link
Member

feross commented Jan 11, 2024
edited
Loading

@charliegerard This is an excellent idea!

Should we also expose it in a CLI command, in case I deny it but want to do it later? Could be a command like socket wrapper enable and socket wrapper disable?

@charliegerard charliegerard marked this pull request as draft January 16, 2024 19:40
@charliegerard charliegerard changed the title Add postinstall script to install the safe npm alias [WIP] Add postinstall script to install the safe npm alias Jan 16, 2024
@charliegerard charliegerard changed the title [WIP] Add postinstall script to install the safe npm alias Add postinstall script to install the safe npm alias Jan 17, 2024
@charliegerard charliegerard marked this pull request as ready for review January 17, 2024 21:22
@charliegerard
Copy link
Contributor Author

Implemented the feedback to replace echo with fs.appendFile and add the aliases in both the .bashrc and .zshrc files.

@charliegerard charliegerard merged commit 47047ab into master Jan 19, 2024
14 checks passed
@charliegerard charliegerard deleted the cg/postInstallSafeNpm branch January 19, 2024 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philliprossii7 philliprossii7 philliprossii7 approved these changes

@bmeck bmeck bmeck approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@charliegerard @feross @bmeck @philliprossii7