electron / fiddle / 24118177443
89%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 104
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 89.371% (-0.01%) from 89.382%
24118177443

push

github

web-flow 
feat: add Socket Firewall integration for secure package installation (#1880)

* feat: add Socket Firewall (sfw) support for npm installs

Integrates Socket Firewall (https://github.com/SocketDev/sfw-free) to
protect against supply chain attacks when installing npm dependencies
from Fiddle gists.

Changes:
- Add `sfw` as a dependency for wrapping npm/yarn commands
- Add `isUsingSocketFirewall` setting (enabled by default)
- Modify `addModules` to use sfw when enabled and available
- Add IPC handler `NPM_IS_SFW_INSTALLED` to check sfw availability
- Add settings toggle in Execution settings panel
- Add comprehensive tests for sfw integration

When enabled, Fiddle runs `sfw npm install` instead of `npm install`,
which scans packages during installation and blocks malicious ones.
Falls back to direct npm/yarn if sfw is not installed on the system.

https://claude.ai/code/session_01K6g5VZoNQRGLr4stRvHEVw

* docs: add THIRD_PARTY_NOTICES.md for sfw license attribution

The sfw npm wrapper is MIT licensed, but the sfw-free binary it
downloads at runtime is under the PolyForm Shield License 1.0.0.
Include the full license text to satisfy the Notices provision.

https://claude.ai/code/session_01K6g5VZoNQRGLr4stRvHEVw

* feat: embed sfw script with the app instead of requiring global install

Bundle the sfw CLI script (node_modules/sfw/dist/sfw.mjs) into the
webpack output via CopyPlugin so it ships with the packaged Electron
app. At runtime, resolve the embedded path and run it via the system
Node.js (`node sfw.mjs npm install ...`) rather than relying on a
globally installed `sfw` binary.

This means Socket Firewall works out of the box — users no longer
need to `npm install -g sfw`.

https://claude.ai/code/session_01K6g5VZoNQRGLr4stRvHEVw

* fix: unpack embedded sfw from asar and ship its package.json

sfw.mjs reads ../package.json at runtime to populate its version string,
so the bundled layout must mirror node_modules/sfw/ (dist/sfw.mjs plus
a sibling pac... (continued)

512 of 557 branches covered (91.92%)

Branch coverage included in aggregate %.

16 of 19 new or added lines in 5 files covered. (84.21%)

3465 of 3893 relevant lines covered (89.01%)

48.41 hits per line

Uncovered Changes

Lines Coverage File
2
69.84
 -1.83% src/renderer/components/settings-execution.tsx
1
92.68
 0.79% src/main/npm.ts
Jobs
ID Job ID Ran Files Coverage
1 24118177443.1 104
89.37
 GitHub Action Run
Source Files on build 24118177443