Only write to stdout when safe-chain audited packages

2026-05-26 12:10:49 +00:00 · 2025-11-05 12:01:08 +01:00 · 2025-11-05 12:01:08 +01:00 · e4c40330f7
commit e4c40330f7
parent 18f30ac66e
3 changed files with 225 additions and 6 deletions
--- a/packages/safe-chain/src/scanning/audit/index.js
+++ b/packages/safe-chain/src/scanning/audit/index.js
@ -18,6 +18,29 @@ import {
 * @property {boolean} isAllowed
 */

+/**
+ * @typedef {Object} AuditStats
+ * @property {number} verifiedPackages
+ * @property {number} safePackages
+ * @property {number} malwarePackages
+ */
+
+/**
+ * @type AuditStats
+ */
+const auditStats = {
+  verifiedPackages: 0,
+  safePackages: 0,
+  malwarePackages: 0,
+};
+
+/**
+ * @returns {AuditStats}
+ */
+export function getAuditStats() {
+  return auditStats;
+}
+
 /**
 * @param {PackageChange[]} changes
 *
@ -41,16 +64,20 @@ export async function auditChanges(changes) {
    );

    if (malwarePackage) {
+      auditStats.malwarePackages += 1;
      ui.writeVerbose(
        `Safe-chain: Package ${change.name}@${change.version} is marked as malware: ${malwarePackage.status}`
      );
      disallowedChanges.push({ ...change, reason: malwarePackage.status });
    } else {
+      auditStats.safePackages += 1;
      ui.writeVerbose(
        `Safe-chain: Package ${change.name}@${change.version} is clean`
      );
      allowedChanges.push(change);
    }
+
+    auditStats.verifiedPackages += 1;
  }

  const auditResults = {