Skip to content

fix: make the deny check respect pkg namespaces #1015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dominikvagner wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: make the deny check respect pkg namespaces #1015

dominikvagner wants to merge 1 commit into from

Conversation

@dominikvagner
Copy link

@dominikvagner dominikvagner commented Nov 10, 2025
edited
Loading

Summary

This adds a namespace condition into the deny check. This will fix an issue where the check would deny different packages than those actually provided.
Also adds a test for this and fixes one test present by providing package URLs.

Testing steps

Steps to reproduce the behavior:

  1. Go to any project with some packages.
    (ex.: a repo that has the valid eslint pkg as a dependency)
  2. Have a config with a denied package, that has the same name, but a different namespace.
    (ex.: deny the malware @typescript_eslinter/eslint pkg)
  3. Run the action.
  4. Verify that it doesn't list the regular eslint as a denied package.

Closes: #1014

Copilot AI review requested due to automatic review settings November 10, 2025 10:24
@dominikvagner dominikvagner requested a review from a team as a code owner November 10, 2025 10:24
Copilot AI reviewed Nov 10, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the package denial logic to include namespace checking, preventing false positives when packages share the same name but belong to different namespaces. The getNamespace call is refactored to be computed once per change and reused across both denied packages and denied groups checks.

Key changes:

  • Added namespace comparison to the denied packages matching logic
  • Moved namespace extraction outside the loops for better code reuse and performance
  • Added test coverage for namespace differentiation scenarios

Reviewed Changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File Description
src/deny.ts Refactored to extract namespace once per change and added namespace check to denied packages logic
dist/index.js Compiled JavaScript output reflecting the source changes
tests/deny.test.ts Added test for namespace differentiation and updated existing test data with explicit package URLs

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dominikvagner dominikvagner force-pushed the fix-deny-check-namespaces branch from 465a957 to 494dbc6 Compare November 10, 2025 10:29
@dominikvagner dominikvagner force-pushed the fix-deny-check-namespaces branch from 494dbc6 to e9082bb Compare November 27, 2025 08:11
@dominikvagner
fix: make the deny check respect pkg namespaces
f0f8aee 
This adds a namespace condition into the deny check. This will fix an
issue where the check would deny different packages than those actually
provided.
Also adds a test for this and fixes one test present by providing package
URLs.
@dominikvagner dominikvagner force-pushed the fix-deny-check-namespaces branch from e9082bb to f0f8aee Compare November 27, 2025 08:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Deny check doesn't respect namespaces of denied packages

1 participant

@dominikvagner