milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adapt per review

Browse source
This commit is contained in:
Reinier Criel 2026-03-27 13:17:58 -07:00
parent 8353f353ae
commit 2df8ce463c
6 changed files with 127 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

25
packages/safe-chain/src/registryProxy/interceptors/npm/parseNpmPackageUrl.js
View file

@ -5,16 +5,29 @@
*/
export function parseNpmPackageUrl(url, registry) {
let packageName, version;
const urlWithoutParams = url.split("?")[0].split("#")[0];
let parsedUrl;
if (!registry || !urlWithoutParams.endsWith(".tgz")) {
try {
parsedUrl = new URL(url);
} catch {
return { packageName, version };
}
const registryIndex = urlWithoutParams.indexOf(registry);
const afterRegistry = decodeURIComponent(urlWithoutParams.substring(
registryIndex + registry.length + 1
)); // +1 to skip the slash
const pathname = parsedUrl.pathname;
if (!registry || !pathname.endsWith(".tgz")) {
return { packageName, version };
}
const registryPrefix = `${registry}/`;
const urlAfterProtocol = `${parsedUrl.host}${pathname}`;
if (!urlAfterProtocol.startsWith(registryPrefix)) {
return { packageName, version };
}
const afterRegistry = decodeURIComponent(
urlAfterProtocol.substring(registryPrefix.length)
);
const separatorIndex = afterRegistry.indexOf("/-/");
if (separatorIndex === -1) {