mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 20:20:49 +00:00
48 lines
1.4 KiB
JavaScript
48 lines
1.4 KiB
JavaScript
import { safeSpawn } from "../../utils/safeSpawn.js";
|
|
import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
|
|
import { reportCommandExecutionFailure } from "../_shared/commandErrors.js";
|
|
|
|
/**
|
|
* @returns {import("../currentPackageManager.js").PackageManager}
|
|
*/
|
|
export function createBunPackageManager() {
|
|
return {
|
|
runCommand: (args) => runBunCommand("bun", args),
|
|
|
|
// For bun, we use the proxy-only approach to block package downloads,
|
|
// so we don't need to analyze commands.
|
|
isSupportedCommand: () => false,
|
|
getDependencyUpdatesForCommand: () => [],
|
|
};
|
|
}
|
|
|
|
/**
|
|
* @returns {import("../currentPackageManager.js").PackageManager}
|
|
*/
|
|
export function createBunxPackageManager() {
|
|
return {
|
|
runCommand: (args) => runBunCommand("bunx", args),
|
|
|
|
// For bunx, we use the proxy-only approach to block package downloads,
|
|
// so we don't need to analyze commands.
|
|
isSupportedCommand: () => false,
|
|
getDependencyUpdatesForCommand: () => [],
|
|
};
|
|
}
|
|
|
|
/**
|
|
* @param {string} command
|
|
* @param {string[]} args
|
|
* @returns {Promise<{status: number}>}
|
|
*/
|
|
async function runBunCommand(command, args) {
|
|
try {
|
|
const result = await safeSpawn(command, args, {
|
|
stdio: "inherit",
|
|
env: mergeSafeChainProxyEnvironmentVariables(process.env),
|
|
});
|
|
return { status: result.status };
|
|
} catch (/** @type any */ error) {
|
|
return reportCommandExecutionFailure(error, command);
|
|
}
|
|
}
|