UNPKG

lavamoat

Version:

`lavamoat` is a NodeJS runtime where modules are defined in [SES][SesGithub] Compartments. It aims to reduce the risk of malicious code in the app dependency graph, known as "software supply chain attacks".

github.com/LavaMoat/lavamoat

LavaMoat/lavamoat

92 lines (91 loc) 3.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
module.exports = (yargs, defaults) => { // the path for the policy file yargs.option('policy', { alias: ['p', 'policyPath'], describe: 'Pass in policy. Accepts a filepath string to the existing policy. When used in conjunction with --autopolicy, specifies where to write the policy. Default: ./lavamoat/node/policy.json', type: 'string', default: defaults.policyPath, }) // the path for the policy override file yargs.option('policyOverride', { alias: ['o', 'override', 'policyOverridePath'], describe: 'Pass in override policy. Accepts a filepath string to the existing override policy. Default: ./lavamoat/node/policy-override.json', type: 'string', default: defaults.policyOverridePath, }) // the path for the policy debug file yargs.option('policyDebug', { alias: ['pd', 'policydebug', 'policyDebugPath'], describe: 'Pass in debug policy. Accepts a filepath string to the existing debug policy. Default: ./lavamoat/node/policy-debug.json', type: 'string', default: defaults.policyDebugPath, }) // parsing mode, write policy to policy path yargs.option('writeAutoPolicy', { alias: ['a', 'autopolicy'], describe: 'Generate a "policy.json" and "policy-override.json" in the current working directory. Overwrites any existing policy files. The override policy is for making manual policy changes and always takes precedence over the automatically generated policy.', type: 'boolean', default: defaults.writeAutoPolicy, }) // parsing + run mode, write policy to policy path then execute with new policy yargs.option('writeAutoPolicyAndRun', { alias: ['ar', 'autorun'], describe: 'parse + generate a LavaMoat policy file then execute with the new policy.', type: 'boolean', default: defaults.writeAutoPolicyAndRun, }) // parsing mode, write policy debug info to specified or default path yargs.option('writeAutoPolicyDebug', { alias: ['dp', 'debugpolicy'], describe: 'when writeAutoPolicy is enabled, write policy debug info to specified or default path', type: 'boolean', default: defaults.writeAutoPolicyDebug, }) // parsing mode, write policy debug info to specified or default path yargs.option('projectRoot', { describe: 'specify the director from where packages should be resolved', type: 'string', default: defaults.projectRoot, }) // debugMode, disable some protections for easier debugging yargs.option('debugMode', { alias: ['d', 'debug'], describe: 'Disable some protections and extra logging for easier debugging.', type: 'boolean', default: defaults.debugMode, }) // log initialization stats yargs.option('statsMode', { alias: ['stats'], describe: 'enable writing and logging of stats', type: 'boolean', default: defaults.statsMode, }) // scuttle global this yargs.option('scuttleGlobalThis', { alias: ['scuttleGlobalThis'], describe: 'whether to scuttle global this or not', type: 'object', default: defaults.scuttleGlobalThis, }) // format scuttle global this config value yargs.coerce('scuttleGlobalThis', (arg) => typeof arg === 'string' ? JSON.parse(arg) : arg ) // scuttle global this exceptions array yargs.option('scuttleGlobalThisExceptions', { deprecated: true, alias: ['scuttleGlobalThisExceptions'], describe: 'scuttle global this except for the properties provided in this array', type: 'array', default: defaults.scuttleGlobalThisExceptions, }) }