Fix type check issues

packages/safe-chain/bin/aikido-pip.js

@@ -16,4 +16,4 @@ setEcoSystem(ECOSYSTEM_PY);
 initializePackageManager(packageManagerName);
 const exitCode = await main(argv);
 
-process.exit(exitCode);
+process.exit(typeof exitCode === 'number' ? exitCode : 1);

packages/safe-chain/bin/aikido-pip3.js

@@ -16,4 +16,4 @@ setEcoSystem(ECOSYSTEM_PY);
 initializePackageManager(packageManagerName);
 const exitCode = await main(argv);
 
-process.exit(exitCode);
+process.exit(typeof exitCode === 'number' ? exitCode : 1);

packages/safe-chain/src/packagemanager/pip/createPackageManager.js

@@ -7,7 +7,13 @@ import {
   pipWheelCommand,
 } from "./utils/pipCommands.js";
 
+/**
+ * @param {string} [command]
+ */
 export function createPipPackageManager(command = "pip") {
+  /**
+   * @param {string[]} args
+   */
   function isSupportedCommand(args) {
     const scanner = findDependencyScannerForCommand(
       commandScannerMapping,
@@ -16,6 +22,9 @@ export function createPipPackageManager(command = "pip") {
     return scanner.shouldScan(args);
   }
 
+  /**
+   * @param {string[]} args
+   */
   function getDependencyUpdatesForCommand(args) {
     const scanner = findDependencyScannerForCommand(
       commandScannerMapping,
@@ -25,7 +34,7 @@ export function createPipPackageManager(command = "pip") {
   }
 
   return {
-    runCommand: (args) => runPip(command, args),
+    runCommand: /** @param {string[]} args */ (args) => runPip(command, args),
     isSupportedCommand,
     getDependencyUpdatesForCommand,
   };
@@ -43,6 +52,10 @@ const NULL_SCANNER = {
   scan: () => [],
 };
 
+/**
+ * @param {Record<string, any>} scanners
+ * @param {string[]} args
+ */
 function findDependencyScannerForCommand(scanners, args) {
   const command = getPipCommandForArgs(args);
   if (!command) {

packages/safe-chain/src/packagemanager/pip/dependencyScanner/commandArgumentScanner.js

@@ -1,13 +1,22 @@
 import { parsePackagesFromInstallArgs } from "../parsing/parsePackagesFromInstallArgs.js";
 import { hasDryRunArg } from "../utils/pipCommands.js";
 
+/**
+ * @param {{ ignoreDryRun?: boolean }} [options]
+ */
 export function commandArgumentScanner(options = {}) {
   const { ignoreDryRun = false } = options;
 
+  /**
+   * @param {string[]} args
+   */
   function shouldScan(args) {
     return shouldScanDependencies(args, ignoreDryRun);
   }
 
+  /**
+   * @param {string[]} args
+   */
   function scan(args) {
     return scanDependencies(args);
   }
@@ -18,14 +27,24 @@ export function commandArgumentScanner(options = {}) {
   };
 }
 
+/**
+ * @param {string[]} args
+ * @param {boolean} ignoreDryRun
+ */
 function shouldScanDependencies(args, ignoreDryRun) {
   return ignoreDryRun || !hasDryRunArg(args);
 }
 
+/**
+ * @param {string[]} args
+ */
 function scanDependencies(args) {
   return checkChangesFromArgs(args);
 }
 
+/**
+ * @param {string[]} args
+ */
 export function checkChangesFromArgs(args) {
   const packageUpdates = parsePackagesFromInstallArgs(args);
 

packages/safe-chain/src/packagemanager/pip/parsing/parsePackagesFromInstallArgs.js

@@ -14,6 +14,9 @@
  * - git+https://... (VCS URLs - returned without version)
  * - -r requirements.txt (handled by flag skipping)
  */
+/**
+ * @param {string[]} args
+ */
 export function parsePackagesFromInstallArgs(args) {
   const packages = [];
   let skipNext = false;
@@ -48,6 +51,9 @@ export function parsePackagesFromInstallArgs(args) {
   return packages;
 }
 
+/**
+ * @param {string} arg
+ */
 function isPipOptionWithParameter(arg) {
 
   // Check if a pip flag takes a parameter
@@ -100,6 +106,9 @@ function isPipOptionWithParameter(arg) {
   return optionsWithParameters.includes(arg);
 }
 
+/**
+ * @param {string} spec
+ */
 function parsePipSpec(spec) {
   // Ignore obvious URLs and paths, rely on mitm scanner
   const lower = spec.toLowerCase();

packages/safe-chain/src/packagemanager/pip/utils/pipCommands.js

@@ -2,6 +2,9 @@ export const pipInstallCommand = "install";
 export const pipDownloadCommand = "download";
 export const pipWheelCommand = "wheel";
 
+/**
+ * @param {string[]} args
+ */
 export function getPipCommandForArgs(args) {
   if (!args || args.length === 0) {
     return null;
@@ -17,6 +20,9 @@ export function getPipCommandForArgs(args) {
   return null;
 }
 
+/**
+ * @param {string[]} args
+ */
 export function hasDryRunArg(args) {
-  return args.some((arg) => arg === "--dry-run");
+  return args.some(/** @param {string} arg */ (arg) => arg === "--dry-run");
 }

packages/safe-chain/src/registryProxy/parsePackageFromUrl.js

@@ -32,6 +32,10 @@ export function parsePackageFromUrl(url) {
   return { packageName: undefined, version: undefined };
 }
 
+/**
+ * @param {string} url
+ * @param {string} registry
+ */
 function parseJsPackageFromUrl(url, registry) {
   let packageName, version;
   if (!registry || !url.endsWith(".tgz")) {
@@ -71,6 +75,10 @@ function parseJsPackageFromUrl(url, registry) {
   return { packageName, version };
 }
 
+/**
+ * @param {string} url
+ * @param {string} registry
+ */
 function parsePipPackageFromUrl(url, registry) {
   let packageName, version
 

packages/safe-chain/src/scanning/malwareDatabase.js

@@ -22,6 +22,7 @@ let cachedMalwareDatabase = null;
  * Normalize package name for comparison.
  * For Python packages (PEP-503): lowercase and replace _, -, . with -
  * For js packages: keep as-is (case-sensitive)
+ * @param {string} name
  */
 function normalizePackageName(name) {
   const ecosystem = getEcoSystem();