Merge pull request #1634 from laststance/copilot/add-aikido-safe-chain

ryota-murakami · web-flow · commit e81cf6fa9310 · 2025-10-12T20:06:34.000+09:00
diff --git a/.github/workflows/malware-safe-chain.yml b/.github/workflows/malware-safe-chain.yml
@@ -0,0 +1,62 @@
+# Aikido Safe Chain - Malware Detection for Package Installation
+#
+# This workflow integrates Aikido Safe Chain to protect against malicious packages
+# during dependency installation in CI/CD pipelines.
+#
+# What is Aikido Safe Chain?
+# Aikido Safe Chain is a free security tool that prevents developers from installing
+# malware through package managers (npm, pnpm, yarn, npx, pnpx). It wraps around
+# package manager commands and verifies packages against Aikido Intel - Open Sources
+# Threat Intelligence before installation. When malware is detected, it blocks the
+# installation and alerts the user.
+#
+# Key features:
+# - Free to use, no tokens required
+# - Works with Node.js 18+
+# - Supports npm, pnpm, yarn, npx, and pnpx
+# - Currently offers limited scanning for pnpm (scans install command arguments)
+# - Full dependency tree scanning support coming soon for pnpm
+#
+# GitHub Repository: https://github.com/AikidoSec/safe-chain
+# Documentation: https://github.com/AikidoSec/safe-chain#usage-in-cicd
+
+name: Safe Chain Security Check
+
+on:
+  pull_request: ~
+  push:
+    branches:
+      - main
+
+jobs:
+  safe-chain-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'pnpm'
+
+      - name: Install Aikido Safe Chain
+        run: |
+          npm install -g @aikidosec/safe-chain
+          safe-chain setup-ci
+        shell: bash
+
+      - name: Install dependencies with malware protection
+        run: pnpm install
+        shell: bash
+
+      - name: Verify installation
+        run: |
+          echo "✅ All dependencies installed successfully with Aikido Safe Chain protection"
+          echo "📦 No malicious packages detected"
diff --git a/public/mockServiceWorker.js b/public/mockServiceWorker.js
@@ -7,7 +7,7 @@
  * - Please do NOT modify this file.
  */
 
-const PACKAGE_VERSION = '2.9.0'
+const PACKAGE_VERSION = '2.10.2'
 const INTEGRITY_CHECKSUM = 'f5825c521429caf22a4dd13b66e243af'
 const IS_MOCKED_RESPONSE = Symbol('isMockedResponse')
 const activeClientIds = new Set()
