From 86ca98645dd2885287566310b0b7eda498a67cbd Mon Sep 17 00:00:00 2001 From: BitterPanda Date: Sat, 4 Apr 2026 20:58:15 +0200 Subject: [PATCH] update deps & remvoe archiver in favour of yazl --- package.json | 2 +- packages/safe-chain/package.json | 11 +++++----- .../src/ultimate/ultimateTroubleshooting.js | 22 ++++++++++++------- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/package.json b/package.json index 2793f9c..4f3b8fb 100644 --- a/package.json +++ b/package.json @@ -21,6 +21,6 @@ "devDependencies": { "oxlint": "^1.22.0", "esbuild": "^0.27.0", - "@yao-pkg/pkg": "6.10.1" + "@yao-pkg/pkg": "6.14.2" } } diff --git a/packages/safe-chain/package.json b/packages/safe-chain/package.json index d4f3501..029da96 100644 --- a/packages/safe-chain/package.json +++ b/packages/safe-chain/package.json @@ -38,18 +38,17 @@ "license": "AGPL-3.0-or-later", "description": "The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), [pnpx](https://pnpm.io/cli/dlx), [bun](https://bun.sh/), [bunx](https://bun.sh/docs/cli/bunx), [uv](https://docs.astral.sh/uv/) (Python), and [pip](https://pip.pypa.io/) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm, pnpx, bun, bunx, uv, or pip/pip3 from downloading or running the malware.", "dependencies": { - "archiver": "^7.0.1", "certifi": "14.5.15", - "chalk": "5.4.1", + "chalk": "5.6.2", "https-proxy-agent": "7.0.6", "ini": "6.0.0", - "make-fetch-happen": "15.0.3", - "node-forge": "1.3.2", + "make-fetch-happen": "15.0.5", + "node-forge": "1.4.0", "npm-registry-fetch": "19.1.1", - "semver": "7.7.2" + "semver": "7.7.4", + "yazl": "3.3.1" }, "devDependencies": { - "@types/archiver": "^7.0.0", "@types/ini": "^4.1.1", "@types/make-fetch-happen": "^10.0.4", "@types/node": "^18.19.130", diff --git a/packages/safe-chain/src/ultimate/ultimateTroubleshooting.js b/packages/safe-chain/src/ultimate/ultimateTroubleshooting.js index 114bd5e..4360803 100644 --- a/packages/safe-chain/src/ultimate/ultimateTroubleshooting.js +++ b/packages/safe-chain/src/ultimate/ultimateTroubleshooting.js @@ -2,9 +2,9 @@ import { platform } from 'os'; import { ui } from "../environment/userInteraction.js"; import { readFileSync, existsSync } from "node:fs"; import {randomUUID} from "node:crypto"; -import {createWriteStream} from "fs"; -import archiver from 'archiver'; +import {createWriteStream, readdirSync, statSync} from "fs"; import path from "node:path"; +import yazl from "yazl"; export async function printUltimateLogs() { const { proxyLogPath, ultimateLogPath, proxyErrLogPath, ultimateErrLogPath } = getPathsPerPlatform(); @@ -34,22 +34,28 @@ export async function troubleshootingExport() { const date = new Date().toISOString().split('T')[0]; const uuid = randomUUID(); const zipFileName = `safechain-ultimate-${date}-${uuid}.zip`; + const zipfile = new yazl.ZipFile(); + const entries = readdirSync(logDir); + for (const entry of entries) { + const fullPath = path.join(logDir, entry); + if (statSync(fullPath).isFile()) { + zipfile.addFile(fullPath, entry); + } + } + zipfile.end(); + const output = createWriteStream(zipFileName); - const archive = archiver('zip', { zlib: { level: 9 } }); + zipfile.outputStream.pipe(output); output.on('close', () => { ui.writeInformation(`Logs collected and zipped as: ${path.resolve(zipFileName)}`); resolve(zipFileName); }); - archive.on('error', (/** @type {Error} */ err) => { + output.on('error', (/** @type {Error} */ err) => { ui.writeError(`Failed to zip logs: ${err.message}`); reject(err); }); - - archive.pipe(output); - archive.directory(logDir, false); - archive.finalize(); }); }