fix(scanner): drop warn advisories in non-interactive mode#2
Conversation
Bun prompts ("Continue anyway? [y/N]") whenever the scanner returns any
warn-level advisory. In CI / non-TTY environments this either hangs the
install or auto-cancels it, even though warns are not supposed to block.
Strip warn-level advisories from the scanner's return value when
CI=true or stdin is not a TTY, logging each to stderr so they remain
visible. Fatal advisories continue to block as before.
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 54 minutes and 41 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
WalkthroughTest suite now enforces interactive-mode environment through Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
src/scanner.ts (1)
102-118: Consider extracting anisInteractive()helper.The interactive detection logic here (lines 105-106) is duplicated verbatim in
applyIgnores(lines 136-137). Extracting a small helper would keep the two call sites in lockstep if the heuristic ever evolves (e.g.,NO_TTY,FORCE_COLOR,GITHUB_ACTIONS, etc.).♻️ Proposed refactor
+function isInteractive(): boolean { + return process.env.CI !== 'true' && (process.stdin?.isTTY ?? false); +} + function stripNonBlockingInCI( advisories: Bun.Security.Advisory[] ): Bun.Security.Advisory[] { - const interactive = - process.env.CI !== 'true' && (process.stdin?.isTTY ?? false); - if (interactive) return advisories; + if (isInteractive()) return advisories;And similarly in
applyIgnores.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/scanner.ts` around lines 102 - 118, Duplicate interactive-detection logic exists in stripNonBlockingInCI and applyIgnores; extract a small helper function (e.g., isInteractive or isTTYInteractive) that implements const interactive = process.env.CI !== 'true' && (process.stdin?.isTTY ?? false) and replace the duplicated lines in both stripNonBlockingInCI and applyIgnores with a call to that helper so both call sites stay in sync; place the helper near the top of src/scanner.ts (export only if needed) and ensure existing behavior/logging is unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/__tests__/scanner.test.ts`:
- Around line 96-100: The test teardown currently tries to restore
process.stdin.isTTY by assigning undefined when origIsTTYDescriptor is falsy,
which throws in CI because isTTY is non-writable; update the cleanup in
scanner.test.ts to, if origIsTTYDescriptor exists call
Object.defineProperty(process.stdin, 'isTTY', origIsTTYDescriptor) (as already
done), otherwise remove the property using Reflect.deleteProperty(process.stdin,
'isTTY') instead of assigning undefined — reference the origIsTTYDescriptor
variable and the process.stdin.isTTY restoration logic to locate the fix.
---
Nitpick comments:
In `@src/scanner.ts`:
- Around line 102-118: Duplicate interactive-detection logic exists in
stripNonBlockingInCI and applyIgnores; extract a small helper function (e.g.,
isInteractive or isTTYInteractive) that implements const interactive =
process.env.CI !== 'true' && (process.stdin?.isTTY ?? false) and replace the
duplicated lines in both stripNonBlockingInCI and applyIgnores with a call to
that helper so both call sites stay in sync; place the helper near the top of
src/scanner.ts (export only if needed) and ensure existing behavior/logging is
unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 85688b24-20ab-41d8-8d1f-454f2e7ca93b
📒 Files selected for processing (2)
src/__tests__/scanner.test.tssrc/scanner.ts
Summary
bun installwithCI=true(or any non-TTY environment) was hanging on theContinue anyway? [y/N]prompt whenever the scanner returned anywarn-level advisories. Per Bun's docs warns should "immediately exit if not [a TTY]" — in practice they were blocking installs.stripNonBlockingInCI()filter dropswarn-level advisories from the scanner's return value whenCI=trueorstdinis not a TTY, logging each to stderr so they remain visible.fataladvisories continue to block.beforeEach(so the existing severity-mapping tests still seewarns), with a new dedicated test covering the non-interactive strip behavior.Test plan
bun test(86 pass)bun install --frozen-lockfileno longer hangs when onlywarn-level advisories are returnedfataladvisories still abort the install in CISummary by CodeRabbit
Release Notes
Bug Fixes
Tests