From ea92ea0731faa010fcc028210f865ce5a91ce893 Mon Sep 17 00:00:00 2001
From: Sander Declerck <sander@sdsoftware.be>
Date: Fri, 10 Oct 2025 16:19:38 +0200
Subject: [PATCH] Remove abbrev package

---
 packages/safe-chain/package.json              |   1 -
 .../src/packagemanager/npm/utils/cmd-list.js  | 363 +++++++++++++++++-
 2 files changed, 359 insertions(+), 5 deletions(-)

diff --git a/packages/safe-chain/package.json b/packages/safe-chain/package.json
index 42bfb55..98ccd52 100644
--- a/packages/safe-chain/package.json
+++ b/packages/safe-chain/package.json
@@ -30,7 +30,6 @@
   "license": "AGPL-3.0-or-later",
   "description": "The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), [pnpx](https://pnpm.io/cli/dlx), [bun](https://bun.sh/), and [bunx](https://bun.sh/docs/cli/bunx) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm, pnpx, bun, or bunx from downloading or running the malware.",
   "dependencies": {
-    "abbrev": "3.0.1",
     "chalk": "5.4.1",
     "https-proxy-agent": "7.0.6",
     "make-fetch-happen": "14.0.3",
diff --git a/packages/safe-chain/src/packagemanager/npm/utils/cmd-list.js b/packages/safe-chain/src/packagemanager/npm/utils/cmd-list.js
index 187204d..8467147 100644
--- a/packages/safe-chain/src/packagemanager/npm/utils/cmd-list.js
+++ b/packages/safe-chain/src/packagemanager/npm/utils/cmd-list.js
@@ -1,7 +1,5 @@
 // Based on https://github.com/npm/cli/blob/latest/lib/utils/cmd-list.js
 
-import abbrev from "abbrev";
-
 const commands = [
   "access",
   "adduser",
@@ -72,6 +70,365 @@ const commands = [
   "whoami",
 ];
 
+// This was ran with the abbrev package to generate the abbrevs object below
+// console.log(abbrev(commands.concat(Object.keys(aliases))));
+const abbrevs = {
+  ac: "access",
+  acc: "access",
+  acce: "access",
+  acces: "access",
+  access: "access",
+  add: "add",
+  "add-": "add-user",
+  "add-u": "add-user",
+  "add-us": "add-user",
+  "add-use": "add-user",
+  "add-user": "add-user",
+  addu: "adduser",
+  addus: "adduser",
+  adduse: "adduser",
+  adduser: "adduser",
+  aud: "audit",
+  audi: "audit",
+  audit: "audit",
+  aut: "author",
+  auth: "author",
+  autho: "author",
+  author: "author",
+  b: "bugs",
+  bu: "bugs",
+  bug: "bugs",
+  bugs: "bugs",
+  c: "c",
+  ca: "cache",
+  cac: "cache",
+  cach: "cache",
+  cache: "cache",
+  ci: "ci",
+  cit: "cit",
+  "clean-install": "clean-install",
+  "clean-install-": "clean-install-test",
+  "clean-install-t": "clean-install-test",
+  "clean-install-te": "clean-install-test",
+  "clean-install-tes": "clean-install-test",
+  "clean-install-test": "clean-install-test",
+  com: "completion",
+  comp: "completion",
+  compl: "completion",
+  comple: "completion",
+  complet: "completion",
+  completi: "completion",
+  completio: "completion",
+  completion: "completion",
+  con: "config",
+  conf: "config",
+  confi: "config",
+  config: "config",
+  cr: "create",
+  cre: "create",
+  crea: "create",
+  creat: "create",
+  create: "create",
+  dd: "ddp",
+  ddp: "ddp",
+  ded: "dedupe",
+  dedu: "dedupe",
+  dedup: "dedupe",
+  dedupe: "dedupe",
+  dep: "deprecate",
+  depr: "deprecate",
+  depre: "deprecate",
+  deprec: "deprecate",
+  depreca: "deprecate",
+  deprecat: "deprecate",
+  deprecate: "deprecate",
+  dif: "diff",
+  diff: "diff",
+  "dist-tag": "dist-tag",
+  "dist-tags": "dist-tags",
+  docs: "docs",
+  doct: "doctor",
+  docto: "doctor",
+  doctor: "doctor",
+  ed: "edit",
+  edi: "edit",
+  edit: "edit",
+  exe: "exec",
+  exec: "exec",
+  expla: "explain",
+  explai: "explain",
+  explain: "explain",
+  explo: "explore",
+  explor: "explore",
+  explore: "explore",
+  find: "find",
+  "find-": "find-dupes",
+  "find-d": "find-dupes",
+  "find-du": "find-dupes",
+  "find-dup": "find-dupes",
+  "find-dupe": "find-dupes",
+  "find-dupes": "find-dupes",
+  fu: "fund",
+  fun: "fund",
+  fund: "fund",
+  g: "get",
+  ge: "get",
+  get: "get",
+  help: "help",
+  "help-": "help-search",
+  "help-s": "help-search",
+  "help-se": "help-search",
+  "help-sea": "help-search",
+  "help-sear": "help-search",
+  "help-searc": "help-search",
+  "help-search": "help-search",
+  hl: "hlep",
+  hle: "hlep",
+  hlep: "hlep",
+  ho: "home",
+  hom: "home",
+  home: "home",
+  i: "i",
+  ic: "ic",
+  in: "in",
+  inf: "info",
+  info: "info",
+  ini: "init",
+  init: "init",
+  inn: "innit",
+  inni: "innit",
+  innit: "innit",
+  ins: "ins",
+  inst: "inst",
+  insta: "insta",
+  instal: "instal",
+  install: "install",
+  "install-ci": "install-ci-test",
+  "install-ci-": "install-ci-test",
+  "install-ci-t": "install-ci-test",
+  "install-ci-te": "install-ci-test",
+  "install-ci-tes": "install-ci-test",
+  "install-ci-test": "install-ci-test",
+  "install-cl": "install-clean",
+  "install-cle": "install-clean",
+  "install-clea": "install-clean",
+  "install-clean": "install-clean",
+  "install-t": "install-test",
+  "install-te": "install-test",
+  "install-tes": "install-test",
+  "install-test": "install-test",
+  isnt: "isnt",
+  isnta: "isnta",
+  isntal: "isntal",
+  isntall: "isntall",
+  "isntall-": "isntall-clean",
+  "isntall-c": "isntall-clean",
+  "isntall-cl": "isntall-clean",
+  "isntall-cle": "isntall-clean",
+  "isntall-clea": "isntall-clean",
+  "isntall-clean": "isntall-clean",
+  iss: "issues",
+  issu: "issues",
+  issue: "issues",
+  issues: "issues",
+  it: "it",
+  la: "la",
+  lin: "link",
+  link: "link",
+  lis: "list",
+  list: "list",
+  ll: "ll",
+  ln: "ln",
+  logi: "login",
+  login: "login",
+  logo: "logout",
+  logou: "logout",
+  logout: "logout",
+  ls: "ls",
+  og: "ogr",
+  ogr: "ogr",
+  or: "org",
+  org: "org",
+  ou: "outdated",
+  out: "outdated",
+  outd: "outdated",
+  outda: "outdated",
+  outdat: "outdated",
+  outdate: "outdated",
+  outdated: "outdated",
+  ow: "owner",
+  own: "owner",
+  owne: "owner",
+  owner: "owner",
+  pa: "pack",
+  pac: "pack",
+  pack: "pack",
+  pi: "ping",
+  pin: "ping",
+  ping: "ping",
+  pk: "pkg",
+  pkg: "pkg",
+  pre: "prefix",
+  pref: "prefix",
+  prefi: "prefix",
+  prefix: "prefix",
+  pro: "profile",
+  prof: "profile",
+  profi: "profile",
+  profil: "profile",
+  profile: "profile",
+  pru: "prune",
+  prun: "prune",
+  prune: "prune",
+  pu: "publish",
+  pub: "publish",
+  publ: "publish",
+  publi: "publish",
+  publis: "publish",
+  publish: "publish",
+  q: "query",
+  qu: "query",
+  que: "query",
+  quer: "query",
+  query: "query",
+  r: "r",
+  rb: "rb",
+  reb: "rebuild",
+  rebu: "rebuild",
+  rebui: "rebuild",
+  rebuil: "rebuild",
+  rebuild: "rebuild",
+  rem: "remove",
+  remo: "remove",
+  remov: "remove",
+  remove: "remove",
+  rep: "repo",
+  repo: "repo",
+  res: "restart",
+  rest: "restart",
+  resta: "restart",
+  restar: "restart",
+  restart: "restart",
+  rm: "rm",
+  ro: "root",
+  roo: "root",
+  root: "root",
+  rum: "rum",
+  run: "run",
+  "run-": "run-script",
+  "run-s": "run-script",
+  "run-sc": "run-script",
+  "run-scr": "run-script",
+  "run-scri": "run-script",
+  "run-scrip": "run-script",
+  "run-script": "run-script",
+  s: "s",
+  sb: "sbom",
+  sbo: "sbom",
+  sbom: "sbom",
+  se: "se",
+  sea: "search",
+  sear: "search",
+  searc: "search",
+  search: "search",
+  set: "set",
+  sho: "show",
+  show: "show",
+  shr: "shrinkwrap",
+  shri: "shrinkwrap",
+  shrin: "shrinkwrap",
+  shrink: "shrinkwrap",
+  shrinkw: "shrinkwrap",
+  shrinkwr: "shrinkwrap",
+  shrinkwra: "shrinkwrap",
+  shrinkwrap: "shrinkwrap",
+  si: "sit",
+  sit: "sit",
+  star: "star",
+  stars: "stars",
+  start: "start",
+  sto: "stop",
+  stop: "stop",
+  t: "t",
+  tea: "team",
+  team: "team",
+  tes: "test",
+  test: "test",
+  to: "token",
+  tok: "token",
+  toke: "token",
+  token: "token",
+  ts: "tst",
+  tst: "tst",
+  ud: "udpate",
+  udp: "udpate",
+  udpa: "udpate",
+  udpat: "udpate",
+  udpate: "udpate",
+  un: "un",
+  und: "undeprecate",
+  unde: "undeprecate",
+  undep: "undeprecate",
+  undepr: "undeprecate",
+  undepre: "undeprecate",
+  undeprec: "undeprecate",
+  undepreca: "undeprecate",
+  undeprecat: "undeprecate",
+  undeprecate: "undeprecate",
+  uni: "uninstall",
+  unin: "uninstall",
+  unins: "uninstall",
+  uninst: "uninstall",
+  uninsta: "uninstall",
+  uninstal: "uninstall",
+  uninstall: "uninstall",
+  unl: "unlink",
+  unli: "unlink",
+  unlin: "unlink",
+  unlink: "unlink",
+  unp: "unpublish",
+  unpu: "unpublish",
+  unpub: "unpublish",
+  unpubl: "unpublish",
+  unpubli: "unpublish",
+  unpublis: "unpublish",
+  unpublish: "unpublish",
+  uns: "unstar",
+  unst: "unstar",
+  unsta: "unstar",
+  unstar: "unstar",
+  up: "up",
+  upd: "update",
+  upda: "update",
+  updat: "update",
+  update: "update",
+  upg: "upgrade",
+  upgr: "upgrade",
+  upgra: "upgrade",
+  upgrad: "upgrade",
+  upgrade: "upgrade",
+  ur: "urn",
+  urn: "urn",
+  v: "v",
+  veri: "verison",
+  veris: "verison",
+  veriso: "verison",
+  verison: "verison",
+  vers: "version",
+  versi: "version",
+  versio: "version",
+  version: "version",
+  vi: "view",
+  vie: "view",
+  view: "view",
+  who: "whoami",
+  whoa: "whoami",
+  whoam: "whoami",
+  whoami: "whoami",
+  why: "why",
+  x: "x",
+};
+
 // These must resolve to an entry in commands
 const aliases = {
   // aliases
@@ -158,8 +515,6 @@ export function deref(c) {
     return aliases[c];
   }
 
-  const abbrevs = abbrev(commands.concat(Object.keys(aliases)));
-
   // first deref the abbrev, if there is one
   // then resolve any aliases
   // so `npm install-cl` will resolve to `install-clean` then to `ci`