Remove ora dependency

2026-05-26 12:10:49 +00:00 · 2025-11-25 14:22:31 +01:00 · 2025-11-25 14:22:31 +01:00 · c8df7566b5
commit c8df7566b5
parent d158e15c08
5 changed files with 17 additions and 426 deletions
--- a/packages/safe-chain/src/scanning/index.js
+++ b/packages/safe-chain/src/scanning/index.js
@ -29,36 +29,19 @@ export async function scanCommand(args) {
  }

  let timedOut = false;
-
-  const spinner = ui.startProcess(
-    "Safe-chain: Scanning for malicious packages..."
-  );
  /** @type {import("./audit/index.js").AuditResult | undefined} */
  let audit;

  await Promise.race([
    (async () => {
-      try {
-        const packageManager = getPackageManager();
-        const changes = await packageManager.getDependencyUpdatesForCommand(
-          args
-        );
+      const packageManager = getPackageManager();
+      const changes = await packageManager.getDependencyUpdatesForCommand(args);

-        if (timedOut) {
-          return;
-        }
-
-        if (changes.length > 0) {
-          spinner.setText(
-            `Safe-chain: Scanning ${changes.length} package(s)...`
-          );
-        }
-
-        audit = await auditChanges(changes);
-      } catch (/** @type any */ error) {
-        spinner.fail(`Safe-chain: Error while scanning.`);
-        throw error;
+      if (timedOut) {
+        return;
      }
+
+      audit = await auditChanges(changes);
    })(),
    setTimeout(getScanTimeout()).then(() => {
      timedOut = true;
@ -66,15 +49,13 @@ export async function scanCommand(args) {
  ]);

  if (timedOut) {
-    spinner.fail("Safe-chain: Timeout exceeded while scanning.");
    throw new Error("Timeout exceeded while scanning npm install command.");
  }

  if (!audit || audit.isAllowed) {
-    spinner.stop();
    return 0;
  } else {
-    printMaliciousChanges(audit.disallowedChanges, spinner);
+    printMaliciousChanges(audit.disallowedChanges);
    onMalwareFound();
    return 1;
  }
@ -82,12 +63,12 @@ export async function scanCommand(args) {

 /**
 * @param {import("./audit/index.js").PackageChange[]} changes
- * @param spinner {import("../environment/userInteraction.js").Spinner}
- *
 * @return {void}
 */
-function printMaliciousChanges(changes, spinner) {
-  spinner.fail("Safe-chain: " + chalk.bold("Malicious changes detected:"));
+function printMaliciousChanges(changes) {
+  ui.writeInformation(
+    chalk.red("✖") + " Safe-chain: " + chalk.bold("Malicious changes detected:")
+  );

  for (const change of changes) {
    ui.writeInformation(` - ${change.name}@${change.version}`);
--- a/packages/safe-chain/src/scanning/index.scanCommand.spec.js
+++ b/packages/safe-chain/src/scanning/index.scanCommand.spec.js
@ -5,12 +5,6 @@ import { setTimeout } from "node:timers/promises";
 describe("scanCommand", async () => {
  const getScanTimeoutMock = mock.fn(() => 1000);
  const mockGetDependencyUpdatesForCommand = mock.fn();
-  const mockStartProcess = mock.fn(() => ({
-    setText: () => {},
-    succeed: () => {},
-    fail: () => {},
-    stop: () => {},
-  }));

  // import { getPackageManager } from "../packagemanager/currentPackageManager.js";
  mock.module("../packagemanager/currentPackageManager.js", {
@ -36,7 +30,6 @@ describe("scanCommand", async () => {
  mock.module("../environment/userInteraction.js", {
    namedExports: {
      ui: {
-        startProcess: mockStartProcess,
        writeError: () => {},
        writeInformation: () => {},
        writeWarning: () => {},
@ -75,51 +68,20 @@ describe("scanCommand", async () => {
  const { scanCommand } = await import("./index.js");

  it("should succeed when there are no changes", async () => {
-    let progressWasStopped = false;
-    mockStartProcess.mock.mockImplementationOnce(() => ({
-      setText: () => {},
-      succeed: () => {},
-      fail: () => {},
-      stop: () => {
-        progressWasStopped = true;
-      },
-    }));
    mockGetDependencyUpdatesForCommand.mock.mockImplementation(() => []);

    await scanCommand(["install", "lodash"]);
-
-    assert.equal(progressWasStopped, true);
  });

  it("should succeed when changes are not malicious", async () => {
-    let progressWasStopped = false;
-    mockStartProcess.mock.mockImplementationOnce(() => ({
-      setText: () => {},
-      succeed: () => {},
-      fail: () => {},
-      stop: () => {
-        progressWasStopped = true;
-      },
-    }));
    mockGetDependencyUpdatesForCommand.mock.mockImplementation(() => [
      { name: "lodash", version: "4.17.21" },
    ]);

    await scanCommand(["install", "lodash"]);
-
-    assert.equal(progressWasStopped, true);
  });

  it("should throw an error when timing out", async () => {
-    let failureMessageWasSet = false;
-    mockStartProcess.mock.mockImplementationOnce(() => ({
-      setText: () => {},
-      succeed: () => {},
-      fail: () => {
-        failureMessageWasSet = true;
-      },
-      stop: () => {},
-    }));
    getScanTimeoutMock.mock.mockImplementationOnce(() => 100);
    mockGetDependencyUpdatesForCommand.mock.mockImplementation(async () => {
      await setTimeout(150);
@ -127,83 +89,9 @@ describe("scanCommand", async () => {
    });

    await assert.rejects(scanCommand(["install", "lodash"]));
-
-    assert.equal(failureMessageWasSet, true);
  });

  it("should fail and return 1 malicious changes are detected", async () => {
-    let failureMessageWasSet = false;
-    mockStartProcess.mock.mockImplementationOnce(() => ({
-      setText: () => {},
-      succeed: () => {},
-      fail: () => {
-        failureMessageWasSet = true;
-      },
-      stop: () => {},
-    }));
-    mockGetDependencyUpdatesForCommand.mock.mockImplementation(() => [
-      { name: "malicious", version: "1.0.0" },
-    ]);
-
-    const result = await scanCommand(["install", "malicious"]);
-
-    assert.equal(failureMessageWasSet, true);
-    assert.equal(result, 1);
-  });
-
-  it("should not report a timeout when the user takes a long time to respond (it should not affect the timeout)", async () => {
-    let failureMessages = [];
-    mockStartProcess.mock.mockImplementationOnce(() => ({
-      setText: () => {},
-      succeed: () => {},
-      fail: (message) => {
-        failureMessages.push(message);
-      },
-      stop: () => {},
-    }));
-    getScanTimeoutMock.mock.mockImplementationOnce(() => 100);
-    mockGetDependencyUpdatesForCommand.mock.mockImplementation(async () => {
-      return [{ name: "malicious", version: "4.17.21" }];
-    });
-
-    await scanCommand(["install", "malicious"]);
-
-    assert.equal(failureMessages.length, 1);
-    const failureMessage = failureMessages[0];
-    assert.equal(failureMessage.toLowerCase().includes("timeout"), false);
-    assert.equal(failureMessage.toLowerCase().includes("malicious"), true);
-  });
-
-  it("should exit immediately when malicious changes are detected in block mode", async () => {
-    let failureMessageWasSet = false;
-
-    mockStartProcess.mock.mockImplementationOnce(() => ({
-      setText: () => {},
-      succeed: () => {},
-      fail: () => {
-        failureMessageWasSet = true;
-      },
-      stop: () => {},
-    }));
-
-    mockGetDependencyUpdatesForCommand.mock.mockImplementation(() => [
-      { name: "malicious", version: "1.0.0" },
-    ]);
-
-    const result = await scanCommand(["install", "malicious"]);
-
-    assert.equal(failureMessageWasSet, true);
-    assert.equal(result, 1);
-  });
-
-  it("should exit immediately when malicious changes are detected in block mode without prompting", async () => {
-    mockStartProcess.mock.mockImplementationOnce(() => ({
-      setText: () => {},
-      succeed: () => {},
-      fail: () => {},
-      stop: () => {},
-    }));
-
    mockGetDependencyUpdatesForCommand.mock.mockImplementation(() => [
      { name: "malicious", version: "1.0.0" },
    ]);