Adapt per review

2026-05-26 12:10:49 +00:00 · 2026-03-27 13:17:58 -07:00 · 2026-03-27 13:17:58 -07:00 · 2df8ce463c
commit 2df8ce463c
parent 8353f353ae
6 changed files with 127 additions and 107 deletions
--- a/packages/safe-chain/src/registryProxy/interceptors/npm/parseNpmPackageUrl.js
+++ b/packages/safe-chain/src/registryProxy/interceptors/npm/parseNpmPackageUrl.js
@ -5,16 +5,29 @@
 */
 export function parseNpmPackageUrl(url, registry) {
  let packageName, version;
-  const urlWithoutParams = url.split("?")[0].split("#")[0];
+  let parsedUrl;

-  if (!registry || !urlWithoutParams.endsWith(".tgz")) {
+  try {
+    parsedUrl = new URL(url);
+  } catch {
    return { packageName, version };
  }

-  const registryIndex = urlWithoutParams.indexOf(registry);
-  const afterRegistry = decodeURIComponent(urlWithoutParams.substring(
-    registryIndex + registry.length + 1
-  )); // +1 to skip the slash
+  const pathname = parsedUrl.pathname;
+
+  if (!registry || !pathname.endsWith(".tgz")) {
+    return { packageName, version };
+  }
+
+  const registryPrefix = `${registry}/`;
+  const urlAfterProtocol = `${parsedUrl.host}${pathname}`;
+  if (!urlAfterProtocol.startsWith(registryPrefix)) {
+    return { packageName, version };
+  }
+
+  const afterRegistry = decodeURIComponent(
+    urlAfterProtocol.substring(registryPrefix.length)
+  );

  const separatorIndex = afterRegistry.indexOf("/-/");
  if (separatorIndex === -1) {
--- a/packages/safe-chain/src/registryProxy/registryProxy.js
+++ b/packages/safe-chain/src/registryProxy/registryProxy.js
@ -28,8 +28,8 @@ export function createSafeChainProxy() {
  return {
    startServer: () => startServer(server),
    stopServer: () => stopServer(server),
-    verifyNoMaliciousPackages,
-    verifyNoMinimumAgeBlockedRequests,
+    hasBlockedMaliciousPackages,
+    hasBlockedMinimumAgeRequests,
    hasSuppressedVersions: getHasSuppressedVersions,
  };
 }
@ -198,10 +198,9 @@ function onMinimumAgeRequestBlocked(packageName, version, url) {
  state.blockedMinimumAgeRequests.push({ packageName, version, url });
 }

-function verifyNoMaliciousPackages() {
+function hasBlockedMaliciousPackages() {
  if (state.blockedRequests.length === 0) {
-    // No malicious packages were blocked, so nothing to block
-    return true;
+    return false;
  }

  ui.emptyLine();
@ -220,12 +219,12 @@ function verifyNoMaliciousPackages() {
  ui.writeExitWithoutInstallingMaliciousPackages();
  ui.emptyLine();

-  return false;
+  return true;
 }

-function verifyNoMinimumAgeBlockedRequests() {
+function hasBlockedMinimumAgeRequests() {
  if (state.blockedMinimumAgeRequests.length === 0) {
-    return true;
+    return false;
  }

  ui.emptyLine();
@ -252,5 +251,5 @@ function verifyNoMinimumAgeBlockedRequests() {
  );
  ui.emptyLine();

-  return false;
+  return true;
 }