milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix undefined error when adding scoped package on yarn, npm or npx

Browse source
This commit is contained in:
Sander Declerck 2025-08-16 19:45:51 +02:00
parent b57cc11157
commit 9e1c90a914
No known key found for this signature in database
7 changed files with 41 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/packagemanager/npm/parsing/parsePackagesFromInstallArgs.js
View file

@ -86,7 +86,9 @@ function parsePackagename(arg) {
const lastAtIndex = arg.lastIndexOf("@"); const lastAtIndex = arg.lastIndexOf("@");
let name, version; let name, version;
if (lastAtIndex !== -1) { // The index of the last "@" should be greater than 0
// If the index is 0, it means the package name starts with "@" (eg: "@vercel/otel")
if (lastAtIndex > 0) {
name = arg.slice(0, lastAtIndex); name = arg.slice(0, lastAtIndex);
version = arg.slice(lastAtIndex + 1); version = arg.slice(lastAtIndex + 1);
} else { } else {

8
src/packagemanager/npm/parsing/parsePackagesFromInstallArgs.spec.js
View file

@ -19,6 +19,14 @@ describe("parsePackagesFromInstallArgs", () => {
assert.deepEqual(result, [{ name: "@jest/transform", version: "29.7.0" }]); assert.deepEqual(result, [{ name: "@jest/transform", version: "29.7.0" }]);
}); });
it("should return the package in the format @vercel/otel", () => {
const args = ["install", "@vercel/otel"];
const result = parsePackagesFromInstallArgs(args);
assert.deepEqual(result, [{ name: "@vercel/otel", version: "latest" }]);
});
it("should return an array of changes for multiple packages", () => { it("should return an array of changes for multiple packages", () => {
const args = ["install", "express@4.17.1", "lodash@4.17.21"]; const args = ["install", "express@4.17.1", "lodash@4.17.21"];

4
src/packagemanager/npx/parsing/parsePackagesFromArguments.js
View file

@ -81,7 +81,9 @@ function parsePackagename(arg, defaultTag) {
const lastAtIndex = arg.lastIndexOf("@"); const lastAtIndex = arg.lastIndexOf("@");
let name, version; let name, version;
if (lastAtIndex !== -1) { // The index of the last "@" should be greater than 0
// If the index is 0, it means the package name starts with "@" (eg: "@vercel/otel")
if (lastAtIndex > 0) {
name = arg.slice(0, lastAtIndex); name = arg.slice(0, lastAtIndex);
version = arg.slice(lastAtIndex + 1); version = arg.slice(lastAtIndex + 1);
} else { } else {

8
src/packagemanager/npx/parsing/parsePackagesFromArguments.spec.js
View file

@ -19,6 +19,14 @@ describe("parsePackagesFromArguments", () => {
assert.deepEqual(result, [{ name: "http-server", version: "14.1.1" }]); assert.deepEqual(result, [{ name: "http-server", version: "14.1.1" }]);
}); });
it("should return the package in the format @vercel/otel", () => {
const args = ["@vercel/otel"];
const result = parsePackagesFromArguments(args);
assert.deepEqual(result, [{ name: "@vercel/otel", version: "latest" }]);
});
it("should return the package with latest tag if absent", () => { it("should return the package with latest tag if absent", () => {
const args = ["http-server"]; const args = ["http-server"];

8
src/packagemanager/pnpm/parsing/parsePackagesFromArguments.spec.js
View file

@ -27,6 +27,14 @@ describe("standardPnpmArgumentParser", () => {
assert.deepEqual(result, [{ name: "axios", version: "latest" }]); assert.deepEqual(result, [{ name: "axios", version: "latest" }]);
}); });
it("should return the package in the format @vercel/otel", () => {
const args = ["@vercel/otel"];
const result = parsePackagesFromArguments(args);
assert.deepEqual(result, [{ name: "@vercel/otel", version: "latest" }]);
});
it("should return the package with latest tag if the version is absent and package starts with @", () => { it("should return the package with latest tag if the version is absent and package starts with @", () => {
const args = ["@aikidosec/package-name"]; const args = ["@aikidosec/package-name"];

4
src/packagemanager/yarn/parsing/parsePackagesFromArguments.js
View file

@ -77,7 +77,9 @@ function parsePackagename(arg, defaultTag) {
const lastAtIndex = arg.lastIndexOf("@"); const lastAtIndex = arg.lastIndexOf("@");
let name, version; let name, version;
if (lastAtIndex !== -1) { // The index of the last "@" should be greater than 0
// If the index is 0, it means the package name starts with "@" (eg: "@vercel/otel")
if (lastAtIndex > 0) {
name = arg.slice(0, lastAtIndex); name = arg.slice(0, lastAtIndex);
version = arg.slice(lastAtIndex + 1); version = arg.slice(lastAtIndex + 1);
} else { } else {

8
src/packagemanager/yarn/parsing/parsePackagesFromArguments.spec.js
View file

@ -38,6 +38,14 @@ describe("standardYarnArgumentParser", () => {
]); ]);
}); });
it("should return the package in the format @vercel/otel", () => {
const args = ["add", "@vercel/otel"];
const result = parsePackagesFromArguments(args);
assert.deepEqual(result, [{ name: "@vercel/otel", version: "latest" }]);
});
it("should ignore options with parameters and return an array of changes", () => { it("should ignore options with parameters and return an array of changes", () => {
const args = ["add", "--proxy", "http://localhost", "axios@1.9.0"]; const args = ["add", "--proxy", "http://localhost", "axios@1.9.0"];