Use proxy reporting endpoint to subscribe to blocked events

2026-05-26 12:10:49 +00:00 · 2026-03-03 13:53:38 +01:00 · 2026-03-03 13:53:38 +01:00 · 68352d9ca4
commit 68352d9ca4
parent b03c1f6817
6 changed files with 193 additions and 58 deletions
--- a/packages/safe-chain/src/registryProxy/ramaProxy/createRamaProxy.js
+++ b/packages/safe-chain/src/registryProxy/ramaProxy/createRamaProxy.js
@ -6,6 +6,8 @@ import { dirname, join } from "node:path";
 import { promisify } from "node:util";
 import { ui } from "../../environment/userInteraction.js";
 import { getLoggingLevel, LOGGING_VERBOSE } from "../../config/settings.js";
+import { getReportingServer } from "./reportingServer.js";
+import EventEmitter from "node:events";

 const readFilePromise = promisify(readFile);

@ -37,23 +39,40 @@ export function getRamaPath() {
 * @returns {import("../registryProxy.js").SafeChainProxy} */
 export function createRamaProxy(ramaPath) {
  const tempDir = mkdtempSync(join(tmpdir(), "safe-chain-proxy-"));
+  const reportingServer = getReportingServer();
+  /** @type {EventEmitter<import("../registryProxy.js").ProxyServerEvents>} */
+  const emitter = new EventEmitter();
  /** @type {RamaProxyInstance | null} */
  let ramaInstance = null;

-  return {
+  return Object.assign(emitter, {
    startServer: async () => {
-      ramaInstance = await startRama(ramaPath, tempDir);
+      await reportingServer.start();
+      reportingServer.addListener("blockReceived", (ev) =>
+        emitter.emit("malwareBlocked", {
+          packageName: ev.artifact.identifier,
+          packageVersion: ev.artifact.version,
+        }),
+      );
+      ui.writeVerbose(
+        `Started reporting server at ${reportingServer.getAddress()}`,
+      );
+      ramaInstance = await startRama(
+        ramaPath,
+        tempDir,
+        reportingServer.getAddress(),
+      );
      ui.writeVerbose(
        `Proxy started at address "${ramaInstance.proxyAddress}"`,
      );
    },
    stopServer: async () => {
+      await reportingServer.stop();
      if (ramaInstance) {
        ramaInstance.process.kill();
      }
      return Promise.resolve();
    },
-    verifyNoMaliciousPackages: () => true,
    hasSuppressedVersions: () => false,
    getServerPort: () => {
      if (!ramaInstance) return null;
@ -61,17 +80,25 @@ export function createRamaProxy(ramaPath) {
      return url.port ? parseInt(url.port, 10) : null;
    },
    getCaCert: () => ramaInstance?.caCert ?? null,
-  };
+  });
 }

 /**
 * @param {string} ramaPath
 * @param {string} dataFolder
+ * @param {string} reportingUrl
 * @returns {Promise<RamaProxyInstance>}
 */
-async function startRama(ramaPath, dataFolder) {
+async function startRama(ramaPath, dataFolder, reportingUrl) {
  const startTime = Date.now();
-  const args = ["--secrets", "memory", "--data", dataFolder];
+  const args = [
+    "--secrets",
+    "memory",
+    "--data",
+    dataFolder,
+    "--reporting-endpoint",
+    reportingUrl,
+  ];
  const process =
    getLoggingLevel() === LOGGING_VERBOSE
      ? spawn(ramaPath, args, {