Move safe-chain package to packages/safe-chain

2026-05-26 12:10:49 +00:00 · 2025-09-05 11:19:37 +02:00 · 2025-09-05 11:19:37 +02:00 · 7673d32912
commit 7673d32912
parent fc9a9ca129
68 changed files with 85 additions and 52 deletions
--- a/packages/safe-chain/src/api/aikido.js
+++ b/packages/safe-chain/src/api/aikido.js
@ -0,0 +1,31 @@
+const malwareDatabaseUrl =
+  "https://malware-list.aikido.dev/malware_predictions.json";
+
+export async function fetchMalwareDatabase() {
+  const response = await fetch(malwareDatabaseUrl);
+  if (!response.ok) {
+    throw new Error(`Error fetching malware database: ${response.statusText}`);
+  }
+
+  try {
+    let malwareDatabase = await response.json();
+    return {
+      malwareDatabase: malwareDatabase,
+      version: response.headers.get("etag") || undefined,
+    };
+  } catch (error) {
+    throw new Error(`Error parsing malware database: ${error.message}`);
+  }
+}
+
+export async function fetchMalwareDatabaseVersion() {
+  const response = await fetch(malwareDatabaseUrl, {
+    method: "HEAD",
+  });
+  if (!response.ok) {
+    throw new Error(
+      `Error fetching malware database version: ${response.statusText}`
+    );
+  }
+  return response.headers.get("etag") || undefined;
+}
--- a/packages/safe-chain/src/api/npmApi.js
+++ b/packages/safe-chain/src/api/npmApi.js
@ -0,0 +1,46 @@
+import * as semver from "semver";
+import * as npmFetch from "npm-registry-fetch";
+
+export async function resolvePackageVersion(packageName, versionRange) {
+  if (!versionRange) {
+    versionRange = "latest";
+  }
+
+  if (semver.valid(versionRange)) {
+    // The version is a fixed version, no need to resolve
+    return versionRange;
+  }
+
+  const packageInfo = await getPackageInfo(packageName);
+  if (!packageInfo) {
+    // It is possible that no version is found (could be a private package, or a package that doesn't exist)
+    // In this case, we return null to indicate that we couldn't resolve the version
+    return null;
+  }
+
+  const distTags = packageInfo["dist-tags"];
+  if (distTags && distTags[versionRange]) {
+    // If the version range is a dist-tag, return the version associated with that tag
+    // e.g., "latest", "next", etc.
+    return distTags[versionRange];
+  }
+
+  // If the version range is not a dist-tag, we need to resolve the highest version matching the range.
+  // This is useful for ranges like "^1.0.0" or "~2.3.4".
+  const availableVersions = Object.keys(packageInfo.versions);
+  const resolvedVersion = semver.maxSatisfying(availableVersions, versionRange);
+  if (resolvedVersion) {
+    return resolvedVersion;
+  }
+
+  // Nothing matched the range, return null
+  return null;
+}
+
+async function getPackageInfo(packageName) {
+  try {
+    return await npmFetch.json(packageName);
+  } catch {
+    return null;
+  }
+}