Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add postinstall script to install the safe npm alias #98

Merged
merged 7 commits into from
Jan 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ socket --help
socket info webtorrent@1.9.1
socket report create package.json --view
socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ
socket wrapper --enable
```

## Commands
Expand All @@ -35,6 +36,10 @@ socket report view QXU8PmK7LfH608RAwfIKdbcHgwEd_ZeWJ9QEGv05FJUQ

* `socket report view <report-id>` - looks up issues and scores from a report

* `socket wrapper --enable` and `socket wrapper --disable` - Enables and disables the Socket 'safe-npm' wrapper.

* `socket raw-npm` and `socket raw-npx` - Temporarily disables the Socket 'safe-npm' wrapper.

## Aliases

All aliases supports flags and arguments of the commands they alias.
Expand Down
11 changes: 10 additions & 1 deletion cli.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,17 @@ import { initUpdateNotifier } from './lib/utils/update-notifier.js'
initUpdateNotifier()

try {
const formattedCliCommands = Object.fromEntries(Object.entries(cliCommands).map((entry) => {
if (entry[0] === 'rawNpm') {
entry[0] = 'raw-npm'
} else if (entry[0] === 'rawNpx') {
entry[0] = 'raw-npx'
}
return entry
}))

await meowWithSubcommands(
cliCommands,
formattedCliCommands,
{
aliases: {
ci: {
Expand Down
3 changes: 3 additions & 0 deletions lib/commands/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,6 @@ export * from './npm/index.js'
export * from './npx/index.js'
export * from './login/index.js'
export * from './logout/index.js'
export * from './wrapper/index.js'
export * from './raw-npm/index.js'
export * from './raw-npx/index.js'
59 changes: 59 additions & 0 deletions lib/commands/raw-npm/index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
import { spawn } from 'child_process'

import meow from 'meow'

import { validationFlags } from '../../flags/index.js'
import { printFlagList } from '../../utils/formatting.js'

/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
export const rawNpm = {
description: 'Temporarily disable the Socket npm wrapper',
async run (argv, importMeta, { parentName }) {
const name = parentName + ' raw-npm'

setupCommand(name, rawNpm.description, argv, importMeta)
}
}

/**
* @param {string} name
* @param {string} description
* @param {readonly string[]} argv
* @param {ImportMeta} importMeta
* @returns {void}
*/
function setupCommand (name, description, argv, importMeta) {
const flags = validationFlags

const cli = meow(`
Usage
$ ${name} <npm command>

Options
${printFlagList(flags, 6)}

Examples
$ ${name} install
`, {
argv,
description,
importMeta,
flags
})

if (!argv[0]) {
cli.showHelp()
return
}

spawn('npm', [argv.join(' ')], {
stdio: 'inherit',
shell: true
}).on('exit', (code, signal) => {
if (signal) {
process.kill(process.pid, signal)
} else if (code !== null) {
process.exit(code)
}
})
}
59 changes: 59 additions & 0 deletions lib/commands/raw-npx/index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
import { spawn } from 'child_process'

import meow from 'meow'

import { validationFlags } from '../../flags/index.js'
import { printFlagList } from '../../utils/formatting.js'

/** @type {import('../../utils/meow-with-subcommands.js').CliSubcommand} */
export const rawNpx = {
description: 'Temporarily disable the Socket npm/npx wrapper',
async run (argv, importMeta, { parentName }) {
const name = parentName + ' raw-npx'

setupCommand(name, rawNpx.description, argv, importMeta)
}
}

/**
* @param {string} name
* @param {string} description
* @param {readonly string[]} argv
* @param {ImportMeta} importMeta
* @returns {void}
*/
function setupCommand (name, description, argv, importMeta) {
const flags = validationFlags

const cli = meow(`
Usage
$ ${name} <npx command>

Options
${printFlagList(flags, 6)}

Examples
$ ${name} install
`, {
argv,
description,
importMeta,
flags
})

if (!argv[0]) {
cli.showHelp()
return
}

spawn('npx', [argv.join(' ')], {
stdio: 'inherit',
shell: true
}).on('exit', (code, signal) => {
if (signal) {
process.kill(process.pid, signal)
} else if (code !== null) {
process.exit(code)
}
})
}
199 changes: 199 additions & 0 deletions lib/commands/wrapper/index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,199 @@
/* eslint-disable no-console */
import fs from 'fs'
import homedir from 'os'
import readline from 'readline'

import meow from 'meow'

import { commandFlags } from '../../flags/index.js'
import { printFlagList } from '../../utils/formatting.js'

const BASH_FILE = `${homedir.homedir()}/.bashrc`
const ZSH_BASH_FILE = `${homedir.homedir()}/.zshrc`

/** @type {import('../../utils/meow-with-subcommands').CliSubcommand} */
export const wrapper = {
description: 'Enable or disable the Socket npm/npx wrapper',
async run (argv, importMeta, { parentName }) {
const name = parentName + ' wrapper'

setupCommand(name, wrapper.description, argv, importMeta)
}
}

/**
* @param {string} name
* @param {string} description
* @param {readonly string[]} argv
* @param {ImportMeta} importMeta
* @returns {void}
*/
function setupCommand (name, description, argv, importMeta) {
const flags = commandFlags

const cli = meow(`
Usage
$ ${name} <flag>

Options
${printFlagList(flags, 6)}

Examples
$ ${name} --enable
$ ${name} --disable
`, {
argv,
description,
importMeta,
flags
})

const { enable, disable } = cli.flags

if (argv[0] === '--postinstall') {
// Check if the wrapper is already enabled before showing the postinstall prompt
const socketWrapperEnabled = (fs.existsSync(BASH_FILE) && checkSocketWrapperAlreadySetup(BASH_FILE)) || (fs.existsSync(ZSH_BASH_FILE) && checkSocketWrapperAlreadySetup(BASH_FILE))

if (!socketWrapperEnabled) {
installSafeNpm(`The Socket CLI is now successfully installed! 🎉

To better protect yourself against supply-chain attacks, our "safe npm" wrapper can warn you about malicious packages whenever you run 'npm install'.

Do you want to install "safe npm" (this will create an alias to the socket-npm command)? (y/n)`)
}

return
}

if (!enable && !disable) {
cli.showHelp()
return
}

if (enable) {
if (fs.existsSync(BASH_FILE)) {
const socketWrapperEnabled = checkSocketWrapperAlreadySetup(BASH_FILE)
!socketWrapperEnabled && addAlias(BASH_FILE)
}
if (fs.existsSync(ZSH_BASH_FILE)) {
const socketWrapperEnabled = checkSocketWrapperAlreadySetup(ZSH_BASH_FILE)
!socketWrapperEnabled && addAlias(ZSH_BASH_FILE)
}
} else if (disable) {
if (fs.existsSync(BASH_FILE)) {
removeAlias(BASH_FILE)
}
if (fs.existsSync(ZSH_BASH_FILE)) {
removeAlias(ZSH_BASH_FILE)
}
}
if (!fs.existsSync(BASH_FILE) && !fs.existsSync(ZSH_BASH_FILE)) {
console.error('There was an issue setting up the alias in your bash profile')
}
return
}

/**
* @param {string} query
* @returns {void}
*/
const installSafeNpm = (query) => {
console.log(`
_____ _ _
| __|___ ___| |_ ___| |_
|__ | . | _| '_| -_| _|
|_____|___|___|_,_|___|_|

`)

const rl = readline.createInterface({
input: process.stdin,
output: process.stdout,
})
return askQuestion(rl, query)
}

/**
* @param {any} rl
* @param {string} query
* @returns {void}
*/
const askQuestion = (rl, query) => {
rl.question(query, (/** @type {string} */ ans) => {
if (ans.toLowerCase() === 'y') {
try {
if (fs.existsSync(BASH_FILE)) {
addAlias(BASH_FILE)
}
if (fs.existsSync(ZSH_BASH_FILE)) {
addAlias(ZSH_BASH_FILE)
}
} catch (e) {
throw new Error(`There was an issue setting up the alias: ${e}`)
}
rl.close()
} else if (ans.toLowerCase() !== 'n') {
askQuestion(rl, 'Incorrect input: please enter either y (yes) or n (no): ')
} else {
rl.close()
}
})
}

/**
* @param {string} file
* @returns {void}
*/
const addAlias = (file) => {
return fs.appendFile(file, 'alias npm="socket npm"\nalias npx="socket npx"\n', (err) => {
if (err) {
return new Error(`There was an error setting up the alias: ${err}`)
}
console.log(`
The alias was added to ${file}. Running 'npm install' will now be wrapped in Socket's "safe npm" 🎉
If you want to disable it at any time, run \`socket wrapper --disable\`
`)
})
}

/**
* @param {string} file
* @returns {void}
*/
const removeAlias = (file) => {
return fs.readFile(file, 'utf8', function (err, data) {
if (err) {
console.error(`There was an error removing the alias: ${err}`)
return
}
const linesWithoutSocketAlias = data.split('\n').filter(l => l !== 'alias npm="socket npm"' && l !== 'alias npx="socket npx"')

const updatedFileContent = linesWithoutSocketAlias.join('\n')

fs.writeFile(file, updatedFileContent, function (err) {
if (err) {
console.log(err)
return
} else {
console.log(`
The alias was removed from ${file}. Running 'npm install' will now run the standard npm command.
`)
}
})
})
}

/**
* @param {string} file
* @returns {boolean}
*/
const checkSocketWrapperAlreadySetup = (file) => {
const fileContent = fs.readFileSync(file, 'utf-8')
const linesWithSocketAlias = fileContent.split('\n').filter(l => l === 'alias npm="socket npm"' || l === 'alias npx="socket npx"')

if (linesWithSocketAlias.length) {
console.log(`The Socket npm/npx wrapper is set up in your bash profile (${file}).`)
return true
}
return false
}
14 changes: 14 additions & 0 deletions lib/flags/command.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
import { prepareFlags } from '../utils/flags.js'

export const commandFlags = prepareFlags({
enable: {
type: 'boolean',
default: false,
description: 'Enables the Socket npm/npx wrapper',
},
disable: {
type: 'boolean',
default: false,
description: 'Disables the Socket npm/npx wrapper',
}
})
1 change: 1 addition & 0 deletions lib/flags/index.js
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
export { outputFlags } from './output.js'
export { validationFlags } from './validation.js'
export { commandFlags } from './command.js'
5 changes: 3 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading