fix: vuln-scan tap names + JSON salvage (#62, #92) and disable Homebrew analytics#103
Merged
Merged
Conversation
…an output Fixes two vulnerability-scan bugs from the issue backlog. #92 (invalid_argument): scan rejected tap-qualified formula names like `anomalyco/tap/opencode`. validate_formula_name / validateFormulaName now allow `/` but enforce the exact `user/repo/name` shape (reject empty segments, leading/trailing slash, `.`/`..`, and deeper paths). scan_one / scanOne match the reported record by exact name OR last `/`-segment, since `brew vulns` may echo the bare or tap-qualified form. #62 (json_parse): scan choked when brew printed a banner/notice on stdout around the `--json` document. parse_scan_output / parseScanOutput now salvage the JSON document out of line-oriented noise (first `[`/`{` line to last `]`/`}` line); a malformed bracketed payload still errors, and pure prose on a clean exit yields `[]` instead of a scary parse error. Tauri also gains `--quiet` (native already had it) so brew's chatter stays off stdout in the first place. Tests: cargo +7, swift vulns +7. Both shells in parity. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A user reported a startup connection to `*.influxdata.com`. Root cause is Homebrew's own analytics (brew 4.0+ pings InfluxDB Cloud unless HOMEBREW_NO_ANALYTICS=1), fired because we shell out to `brew` — not Brew Browser telemetry (we send none). Set HOMEBREW_NO_ANALYTICS=1 on every brew subprocess we spawn so we never trigger it on the user's behalf; their own global brew-analytics preference for manual CLI use is untouched. Tauri: brew/exec.rs gains BREW_ENV + apply_brew_env(), applied at the 2 exec spawn sites and the 3 vulns/client.rs spawn sites. Native: BrewService.brewEnvironment() (NO_ANALYTICS + NO_COLOR + NO_ENV_HINTS) at runCapture + runStreaming. Tests: cargo +1, swift +2. See https://docs.brew.sh/Analytics. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This was referenced Jun 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two related fixes, one commit each.
fix(vulns): tap-qualified names (#92) + JSON salvage (#62) —
08950d1The two remaining
bugkeepers in the backlog, both vulnerability-scan failures.invalid_argument— scan rejected tap-qualified formula names likeanomalyco/tap/opencode.validate_formula_name/validateFormulaNamenow allow/but enforce the exactuser/repo/nameshape (reject empty segments, leading/trailing slash,./.., deeper paths).scan_one/scanOnematch the reported record by exact name or last/-segment, sincebrew vulnsmay echo the bare or tap-qualified form.json_parse— scan choked when brew printed a banner/notice on stdout around the--jsondocument.parse_scan_output/parseScanOutputsalvage the JSON document out of line-oriented noise (first[/{line → last]/}line); a malformed bracketed payload still errors, and pure prose on a clean exit yields[]instead of a scary parse error. Tauri also gains--quiet(native already had it).fix(privacy): disable Homebrew's own analytics on app-spawned brew —
6821364A user reported a startup connection to
*.influxdata.com. Root cause is Homebrew's own analytics (brew 4.0+ pings InfluxDB Cloud unlessHOMEBREW_NO_ANALYTICS=1), fired because we shell out tobrew— not Brew Browser telemetry (we send none). We now setHOMEBREW_NO_ANALYTICS=1on every brew subprocess we spawn; the user's own global brew-analytics preference for manual CLI use is untouched.brew/exec.rsgainsBREW_ENV+apply_brew_env(), applied at the 2 exec spawn sites + 3vulns/client.rsspawn sites.BrewService.brewEnvironment()(NO_ANALYTICS+NO_COLOR+NO_ENV_HINTS) atrunCapture+runStreaming.See https://docs.brew.sh/Analytics.
Tests
🤖 Generated with Claude Code