fix(enrichment): detect npm alias dependency targets for typosquat/confusion

[JSONbored]

Motivation

• Close a security-control bypass where npm alias dependency specifiers (e.g. "foo": "npm:[email protected]") were not parsed, so the analyzer never saw the real registry package and skipped typosquat and dependency-confusion checks.
• Ensure the typosquat/dependency-confusion analyzer evaluates the actual package name and version that will be installed, preserving the existing semver parsing behavior.

Description

• Change review-enrichment/src/analyzers/dependency-scan.ts to broaden the NPM_RE to capture the full package spec and add an NPM_ALIAS_RE to recognise npm:target@version alias specifiers and return the alias target name and version as the dependency entry.
• Preserve existing behaviour for ordinary semver specs by keeping the semver guard and stripping leading semver operators when appropriate.
• Add regression tests in review-enrichment/test/typosquat.test.ts including npmAliasAdd fixtures and tests that assert scanTyposquat now flags alias targets for both typosquat and dependency-confusion findings.

Testing

• Ran the review-enrichment unit test suite with npm run test --prefix review-enrichment, which passed (all tests green, new alias-target tests included).
• Verified git diff --check returned clean results locally.
• Attempted the full local gate with npm run test:ci, but it could not be completed due to an environment/network blocker in actionlint (WASM fallback reported a pre-existing custom runner label in .github/workflows/self-host-nightly.yml).
• Attempted npm audit --audit-level=moderate, which could not complete due to the npm registry audit endpoint returning 403 Forbidden in this environment.

---

Codex Task

[gittensory-orb]

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

_{Review updated: 2026-06-29 17:43:53 UTC}

2 files · 1 AI reviewer · 1 blocker · readiness 68/100 · CI green · clean

⏸️ Suggested Action - Manual Review

• The AI review flagged a possible must-fix defect below the automatic close-confidence floor, so the gate is held for a human reviewer instead of passed automatically.

Review summary
The change correctly redirects npm alias entries to the target package name so the typosquat/confusion analyzer sees what will actually be installed. The notable gap is that alias versions bypass the same semver-operator normalization used for normal npm specs, which makes common alias ranges like `npm:l0dash@​^1.0.0` produce a different version shape than ordinary dependencies. The added tests cover alias target selection for typosquat and confusion, but only with bare versions.

Blockers

• review-enrichment/src/analyzers/dependency-scan.ts:44 returns alias versions without stripping leading semver operators, so a reachable package.json line like `"safe": "npm:l0dash@​^1.0.0"` yields version `^1.0.0` while the existing npm path yields `1.0.0`, breaking the stated contract to preserve semver parsing behavior for alias targets.

Nits — 5 non-blocking

• review-enrichment/test/typosquat.test.ts:113 should add a regression case for an alias version with a leading semver operator so this path cannot drift from ordinary npm dependency parsing again.
• In review-enrichment/src/analyzers/dependency-scan.ts:44, normalize `alias[2]` with the same `replace(/^[\^~>=<\s]+/, "").trim()` used for normal npm specs before returning it.
• In review-enrichment/test/typosquat.test.ts:113, make one alias fixture use a caret range and assert the finding version is normalized to `1.0.0`.
• Readiness score is below the configured threshold — Use the readiness panel as advisory maintainer context; the score does not block this PR.
• AI reviewers agree on a likely critical defect: review-enrichment/src/analyzers/dependency-scan.ts:44 returns alias versions without stripping leading semver operators, so a reachable package.json line like `"safe": "npm:l0dash@​^1.0.0"` yields version `^1.0.0` while the existing npm path yields `1.0.0`, breaking the stated contract to preserve semver parsing behavior for alias targets. — Resolve the flagged defect, or override if the AI reviewers are mistaken, then re-run the gate.

Concerns raised — review before merging

• review-enrichment/src/analyzers/dependency-scan.ts:44 returns alias versions without stripping leading semver operators, so a reachable package.json line like `"safe": "npm:l0dash@​^1.0.0"` yields version `^1.0.0` while the existing npm path yields `1.0.0`, breaking the stated contract to preserve semver parsing behavior for alias targets.

Signal	Result	Evidence
Code review	❌ 1 blocker	1 reviewer
Linked issue	⚠️ Missing	No linked issue or no-issue rationale found.
Related work	⚠️ 1 scoped overlap	Top overlaps are listed below; lower-confidence bulk is hidden.
Change scope	❌ 8/20	High review scope from cached public metadata (size label size:S; no linked issue context).
Validation posture	✅ 25/25	PR body includes validation/test evidence.
Contributor workload	✅ 10/10	Author activity: 74 registered-repo PR(s), 57 merged, 280 issue(s).
Contributor context	✅ Confirmed Gittensor contributor	JSONbored; Gittensor profile; 74 PR(s), 280 issue(s).
Gate result	⚠️ Not blocking	Advisory; not blocking this PR.

Review context

• Author: JSONbored
• Role context: owner (maintainer lane)
• Public audience mode: oss maintainer
• Lane context: Repository registration is not available in the local Gittensory cache.
• Public profile languages: not available
• Official Gittensor activity: 74 PR(s), 280 issue(s).
• Related work: Titles/paths share 6 meaningful terms. (PR #1693, PR #1716)

Contributor next steps

• Treat this as maintainer-lane context rather than normal contributor-lane activity.
• Explain no-issue PR.
• Review top overlaps.
• Add a concise scope and risk note.
• Triage stale or unlinked PRs.
• No action.
• Link the issue being solved, or explicitly explain why this is a no-issue PR.
• Check active issues and PRs before submitting.

Signal definitions

• Related work = same linked issue, overlapping active PRs, or title/path similarity.
• Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
• Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
• Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
• Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

_{🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed}

---

💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

• Re-run Gittensory review