Only use mitm for pip packages

2026-05-26 20:20:49 +00:00 · 2025-11-05 08:34:40 -08:00 · 2025-11-05 08:34:40 -08:00 · f0a3ae51db
commit f0a3ae51db
parent 96d7c460fa
8 changed files with 9 additions and 698 deletions
--- a/packages/safe-chain/src/packagemanager/pip/createPackageManager.js
+++ b/packages/safe-chain/src/packagemanager/pip/createPackageManager.js
@ -1,79 +1,15 @@
-import { commandArgumentScanner } from "./dependencyScanner/commandArgumentScanner.js";
 import { runPip } from "./runPipCommand.js";
-import {
-  getPipCommandForArgs,
-  pipInstallCommand,
-  pipDownloadCommand,
-  pipWheelCommand,
-} from "./utils/pipCommands.js";

 /**
 * @param {string} [command]
 * @returns {import("../currentPackageManager.js").PackageManager}
 */
 export function createPipPackageManager(command = "pip") {
-  /**
-   * @param {string[]} args
-   * @returns {boolean}
-   */
-  function isSupportedCommand(args) {
-    const scanner = findDependencyScannerForCommand(
-      commandScannerMapping,
-      args
-    );
-    return scanner.shouldScan(args);
-  }
-
-  /**
-   * @param {string[]} args
-   * @returns {ReturnType<import("../currentPackageManager.js").PackageManager["getDependencyUpdatesForCommand"]>}
-   */
-  function getDependencyUpdatesForCommand(args) {
-    const scanner = findDependencyScannerForCommand(
-      commandScannerMapping,
-      args
-    );
-    return scanner.scan(args);
-  }
-
  return {
    runCommand: /** @param {string[]} args */ (args) => runPip(command, args),
-    isSupportedCommand,
-    getDependencyUpdatesForCommand,
+    // For pip, rely solely on MITM proxy to detect/deny downloads from known registries.
+    isSupportedCommand: () => false,
+    getDependencyUpdatesForCommand: () => [],
  };
 }

-/**
- * @type {Record<string, import("./dependencyScanner/commandArgumentScanner.js").CommandArgumentScanner>}
- */
-const commandScannerMapping = {
-  [pipInstallCommand]: commandArgumentScanner(),
-  [pipDownloadCommand]: commandArgumentScanner(), // download also fetches packages from PyPI
-  [pipWheelCommand]: commandArgumentScanner(), // wheel downloads and builds packages
-  // Other commands return null scanner by default
-};
-
-/**
- * @returns {import("./dependencyScanner/commandArgumentScanner.js").CommandArgumentScanner}
- */
-function nullScanner() {
-  return {
-    shouldScan: () => false,
-    scan: () => [],
-  };
-}
-
-/**
- * @param {Record<string, import("./dependencyScanner/commandArgumentScanner.js").CommandArgumentScanner>} scanners
- * @param {string[]} args
- * @returns {import("./dependencyScanner/commandArgumentScanner.js").CommandArgumentScanner}
- */
-function findDependencyScannerForCommand(scanners, args) {
-  const command = getPipCommandForArgs(args);
-  if (!command) {
-    return nullScanner();
-  }
-
-  const scanner = scanners[command];
-  return scanner || nullScanner();
-}