fix(scripts): clamp audit request timer

2026-06-28 07:03:34 +00:00 · 2026-06-22 03:30:19 +02:00
parent 4113982fa8
commit 2a6554ac12
2 changed files with 41 additions and 5 deletions
--- a/scripts/pre-commit/pnpm-audit-prod.mjs
+++ b/scripts/pre-commit/pnpm-audit-prod.mjs
@@ -14,6 +14,7 @@ const MIN_SEVERITY = "high";
 export const BULK_ADVISORY_ERROR_BODY_MAX_CHARS = 4096;
 export const BULK_ADVISORY_RESPONSE_BODY_MAX_BYTES = 8 * 1024 * 1024;
 export const BULK_ADVISORY_REQUEST_TIMEOUT_MS = 60_000;
+const MAX_TIMER_TIMEOUT_MS = 2_147_000_000;
 const SEVERITY_RANK = {
  info: 0,
  low: 1,
@@ -695,9 +696,11 @@ function parsePositiveIntegerEnv(name, fallback) {
 }

 function resolveBulkAdvisoryRequestTimeoutMs() {
-  return parsePositiveIntegerEnv(
-    "OPENCLAW_PNPM_AUDIT_BULK_TIMEOUT_MS",
-    BULK_ADVISORY_REQUEST_TIMEOUT_MS,
+  return clampTimerTimeoutMs(
+    parsePositiveIntegerEnv(
+      "OPENCLAW_PNPM_AUDIT_BULK_TIMEOUT_MS",
+      BULK_ADVISORY_REQUEST_TIMEOUT_MS,
+    ),
  );
 }

@@ -708,15 +711,21 @@ function resolveBulkAdvisoryResponseBodyMaxBytes() {
  );
 }

+function clampTimerTimeoutMs(valueMs) {
+  const value = Number.isFinite(valueMs) ? valueMs : BULK_ADVISORY_REQUEST_TIMEOUT_MS;
+  return Math.min(Math.max(Math.floor(value), 1), MAX_TIMER_TIMEOUT_MS);
+}
+
 async function withBulkAdvisoryTimeout({ label, timeoutMs, run }) {
+  const resolvedTimeoutMs = clampTimerTimeoutMs(timeoutMs);
  const controller = new AbortController();
  let timeout;
  const timeoutPromise = new Promise((_resolve, reject) => {
    timeout = setTimeout(() => {
-      const error = new Error(`${label} exceeded timeout of ${timeoutMs}ms`);
+      const error = new Error(`${label} exceeded timeout of ${resolvedTimeoutMs}ms`);
      controller.abort(error);
      reject(error);
-    }, timeoutMs);
+    }, resolvedTimeoutMs);
  });
  try {
    return await Promise.race([run({ signal: controller.signal, timeoutPromise }), timeoutPromise]);