more cleanup

packages/safe-chain/src/packagemanager/pip/createPipPackageManager.js

@@ -19,7 +19,6 @@ export function createPipPackageManager(command = "pip") {
 
 async function runPipCommand(command, args) {
   try {
-    console.log("**createPipPackageManager.js** Running pip command");
     const result = await safeSpawn(command, args, {
       stdio: "inherit",
       env: mergeSafeChainProxyEnvironmentVariables(process.env),

packages/safe-chain/src/registryProxy/parsePackageFromUrl.js

@@ -1,40 +1,30 @@
 import { parse } from "semver";
 
-export const knownNpmRegistries = ["registry.npmjs.org"];
-export const knownYarnRegistries = ["registry.yarnpkg.com"];
+export const knownJsRegistries = ["registry.npmjs.org","registry.yarnpkg.com"];
 export const knownPipRegistries = ["files.pythonhosted.org", "pypi.org", "pypi.python.org", "pythonhosted.org"];
 
 export function parsePackageFromUrl(url) {
   let registry;
 
-  for (const knownRegistry of knownNpmRegistries) {
+  for (const knownRegistry of knownJsRegistries) {
     if (url.includes(knownRegistry)) {
       registry = knownRegistry;
-      return parseNpmYarnPackageFromUrl(url, registry);
+      return parseJsPackageFromUrl(url, registry);
     }
   }
 
   for (const knownRegistry of knownPipRegistries) {
-    console.log("**parsePackageFromUrl.js** Checking pip registry:", knownRegistry);
     if (url.includes(knownRegistry)) {
-      console.log("**parsePackageFromUrl.js** Matched pip registry:", knownRegistry);
       registry = knownRegistry;
       return parsePipPackageFromUrl(url, registry);
     }
   }
 
-  for (const knownRegistry of knownYarnRegistries) {
-    if (url.includes(knownRegistry)) {
-      registry = knownRegistry;
-      return parseNpmYarnPackageFromUrl(url, registry);
-    }
-  }
-
   // If no known registry matched, return { packageName: undefined, version: undefined }
   return { packageName: undefined, version: undefined };
 }
 
-function parseNpmYarnPackageFromUrl(url, registry) {
+function parseJsPackageFromUrl(url, registry) {
   let packageName, version;
   if (!registry || !url.endsWith(".tgz")) {
     return { packageName, version };
@@ -70,7 +60,6 @@ function parseNpmYarnPackageFromUrl(url, registry) {
     }
   }
 
-  console.log("**parsePackageFromUrl.js** Parsed package:", { packageName, version });
   return { packageName, version };
 }
 
@@ -79,7 +68,6 @@ function parsePipPackageFromUrl(url, registry) {
 
   // Basic validation
   if (!registry || typeof url !== "string") {
-    console.log("**parsePackageFromUrl.js** Invalid registry or URL");
     return { packageName, version};
   }
 
@@ -88,14 +76,12 @@ function parsePipPackageFromUrl(url, registry) {
   try {
     u = new URL(url);
   } catch {
-    console.log("**parsePackageFromUrl.js** Malformed URL:", url);
     return { packageName, version};
   }
 
   // Get the last path segment (filename) and decode it (strip query & fragment automatically)
   const lastSegment = u.pathname.split("/").filter(Boolean).pop();
   if (!lastSegment){
-    console.log("**parsePackageFromUrl.js** No filename in URL path:", url);
     return { packageName, version};
   }
 
@@ -115,7 +101,6 @@ function parsePipPackageFromUrl(url, registry) {
       if (version === "latest" || !packageName || !version) {
         return { packageName: undefined, version: undefined };
       }
-      console.log("**parsePackageFromUrl.js** Parsed package:", { packageName, version });
       return { packageName, version };
     }
   }
@@ -131,12 +116,10 @@ function parsePipPackageFromUrl(url, registry) {
       if (version === "latest" || !packageName || !version) {
         return { packageName: undefined, version: undefined };
       }
-      console.log("**parsePackageFromUrl.js** Parsed package:", { packageName, version });
       return { packageName, version };
     }
   }
 
   // Unknown file type or invalid
-  console.log("**parsePackageFromUrl.js** Unknown file type for URL:", url);
   return { packageName: undefined, version: undefined };
 }

packages/safe-chain/src/registryProxy/registryProxy.js

@@ -4,7 +4,7 @@ import { mitmConnect } from "./mitmRequestHandler.js";
 import { handleHttpProxyRequest } from "./plainHttpProxy.js";
 import { getCaCertPath } from "./certUtils.js";
 import { auditChanges } from "../scanning/audit/index.js";
-import { knownNpmRegistries, knownYarnRegistries, knownPipRegistries, parsePackageFromUrl } from "./parsePackageFromUrl.js";
+import { knownJsRegistries, knownPipRegistries, parsePackageFromUrl } from "./parsePackageFromUrl.js";
 import { ui } from "../environment/userInteraction.js";
 import chalk from "chalk";
 
@@ -109,8 +109,7 @@ function handleConnect(req, clientSocket, head) {
   // It establishes a tunnel to the server identified by the request URL
 
   console.log("**registryProxy.js** Handling CONNECT request for:", req.url);
-  if ((knownNpmRegistries.some((reg) => req.url.includes(reg))) 
-    || (knownYarnRegistries.some((reg) => req.url.includes(reg)))
+  if ((knownJsRegistries.some((reg) => req.url.includes(reg))) 
     || (knownPipRegistries.some((reg) => req.url.includes(reg)))) {
     mitmConnect(req, clientSocket, isAllowedUrl);    
   } else {
@@ -125,7 +124,6 @@ async function isAllowedUrl(url) {
   // packageName and version are undefined when the URL is not a package download
   // In that case, we can allow the request to proceed
   if (!packageName || !version) {
-    console.log("**registryProxy.js** Non-package URL, allowing:", url);
     return true;
   }
 
@@ -134,7 +132,6 @@ async function isAllowedUrl(url) {
   ]);
 
   if (!auditResult.isAllowed) {
-    console.log("**registryProxy.js** Blocking malicious package:", { packageName, version, url });
     state.blockedRequests.push({ packageName, version, url });
     return false;
   }