@aikidosec/safe-chain 1.0.23 → 1.1.0

package/README.md

@@ -4,7 +4,7 @@ The Aikido Safe Chain **prevents developers from installing malware** on their w
 
 The Aikido Safe Chain wraps around the [npm cli](https://github.com/npm/cli), [npx](https://github.com/npm/cli/blob/latest/docs/content/commands/npx.md), [yarn](https://yarnpkg.com/), [pnpm](https://pnpm.io/), and [pnpx](https://pnpm.io/cli/dlx) to provide extra checks before installing new packages. This tool will detect when a package contains malware and prompt you to exit, preventing npm, npx, yarn, pnpm or pnpx from downloading or running the malware.
 
-![demo](https://aikido-production-staticfiles-public.s3.eu-west-1.amazonaws.com/safe-pkg.gif)
+![demo](./docs/safe-package-manager-demo.png)
 
 Aikido Safe Chain works on Node.js version 18 and above and supports the following package managers:
 
@@ -88,4 +88,60 @@ npm install suspicious-package --safe-chain-malware-action=prompt
 
 # Usage in CI/CD
 
-[Learn more about Safe Chain CI/CD integration in the Aikido docs.](https://help.aikido.dev/code-scanning/aikido-malware-scanning/malware-scanning-with-safe-chain-in-ci-cd-environments)
+You can protect your CI/CD pipelines from malicious packages by integrating Aikido Safe Chain into your build process. This ensures that any packages installed during your automated builds are checked for malware before installation.
+
+For optimal protection in CI/CD environments, we recommend using **npm >= 10.4.0** as it provides full dependency tree scanning. Other package managers currently offer limited scanning of install command arguments only.
+
+## Setup
+
+To use Aikido Safe Chain in CI/CD environments, run the following command after installing the package:
+
+```shell
+safe-chain setup-ci
+```
+
+This automatically configures your CI environment to use Aikido Safe Chain for all package manager commands.
+
+## Supported Platforms
+
+- ✅ **GitHub Actions**
+- ✅ **Azure Pipelines**
+
+## GitHub Actions Example
+
+```yaml
+- name: Setup Node.js
+  uses: actions/setup-node@v4
+  with:
+    node-version: "22"
+    cache: "npm"
+
+- name: Setup safe-chain
+  run: |
+    npm i -g @aikidosec/safe-chain
+    safe-chain setup-ci
+
+- name: Install dependencies
+  run: |
+    npm ci
+```
+
+## Azure DevOps Example
+
+```yaml
+- task: NodeTool@0
+  inputs:
+    versionSpec: "22.x"
+  displayName: "Install Node.js"
+
+- script: |
+    npm i -g @aikidosec/safe-chain
+    safe-chain setup-ci
+  displayName: "Install safe chain"
+
+- script: |
+    npm ci
+  displayName: "npm install and build"
+```
+
+After setup, all subsequent package manager commands in your CI pipeline will automatically be protected by Aikido Safe Chain's malware detection.

package/bin/aikido-bun.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+
+import { main } from "../src/main.js";
+import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
+
+const packageManagerName = "bun";
+initializePackageManager(packageManagerName);
+var exitCode = await main(process.argv.slice(2));
+
+process.exit(exitCode);

package/bin/aikido-bunx.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+
+import { main } from "../src/main.js";
+import { initializePackageManager } from "../src/packagemanager/currentPackageManager.js";
+
+const packageManagerName = "bunx";
+initializePackageManager(packageManagerName);
+var exitCode = await main(process.argv.slice(2));
+
+process.exit(exitCode);

package/bin/aikido-npm.js

@@ -6,7 +6,9 @@ import { initializePackageManager } from "../src/packagemanager/currentPackageMa
 
 const packageManagerName = "npm";
 initializePackageManager(packageManagerName, getNpmVersion());
-await main(process.argv.slice(2));
+var exitCode = await main(process.argv.slice(2));
+
+process.exit(exitCode);
 
 function getNpmVersion() {
   try {

package/bin/aikido-npx.js

@@ -5,4 +5,6 @@ import { initializePackageManager } from "../src/packagemanager/currentPackageMa
 
 const packageManagerName = "npx";
 initializePackageManager(packageManagerName, process.versions.node);
-await main(process.argv.slice(2));
+var exitCode = await main(process.argv.slice(2));
+
+process.exit(exitCode);

package/bin/aikido-pnpm.js

@@ -5,4 +5,6 @@ import { initializePackageManager } from "../src/packagemanager/currentPackageMa
 
 const packageManagerName = "pnpm";
 initializePackageManager(packageManagerName, process.versions.node);
-await main(process.argv.slice(2));
+var exitCode = await main(process.argv.slice(2));
+
+process.exit(exitCode);

package/bin/aikido-pnpx.js

@@ -5,4 +5,6 @@ import { initializePackageManager } from "../src/packagemanager/currentPackageMa
 
 const packageManagerName = "pnpx";
 initializePackageManager(packageManagerName, process.versions.node);
-await main(process.argv.slice(2));
+var exitCode = await main(process.argv.slice(2));
+
+process.exit(exitCode);

package/bin/aikido-yarn.js

@@ -5,4 +5,6 @@ import { initializePackageManager } from "../src/packagemanager/currentPackageMa
 
 const packageManagerName = "yarn";
 initializePackageManager(packageManagerName, process.versions.node);
-await main(process.argv.slice(2));
+var exitCode = await main(process.argv.slice(2));
+
+process.exit(exitCode);

package/bin/safe-chain.js

@@ -4,6 +4,7 @@ import chalk from "chalk";
 import { ui } from "../src/environment/userInteraction.js";
 import { setup } from "../src/shell-integration/setup.js";
 import { teardown } from "../src/shell-integration/teardown.js";
+import { setupCi } from "../src/shell-integration/setup-ci.js";
 
 if (process.argv.length < 3) {
   ui.writeError("No command provided. Please provide a command to execute.");
@@ -23,6 +24,8 @@ if (command === "setup") {
   setup();
 } else if (command === "teardown") {
   teardown();
+} else if (command === "setup-ci") {
+  setupCi();
 } else {
   ui.writeError(`Unknown command: ${command}.`);
   ui.emptyLine();
@@ -53,5 +56,10 @@ function writeHelp() {
       "safe-chain teardown"
     )}: This will remove safe-chain aliases from your shell configuration.`
   );
+  ui.writeInformation(
+    `- ${chalk.cyan(
+      "safe-chain setup-ci"
+    )}: This will setup safe-chain for CI environments by creating shims and modifying the PATH.`
+  );
   ui.emptyLine();
 }

package/docs/shell-integration.md

@@ -2,21 +2,21 @@
 
 ## Overview
 
-The shell integration automatically wraps common package manager commands (`npm`, `npx`, `yarn`, `pnpm`, `pnpx`) with Aikido's security scanning functionality. This is achieved by adding shell aliases that redirect these commands to their Aikido-wrapped equivalents.
+The shell integration automatically wraps common package manager commands (`npm`, `npx`, `yarn`, `pnpm`, `pnpx`) with Aikido's security scanning functionality. This is achieved by sourcing startup scripts that define shell functions to wrap these commands with their Aikido-protected equivalents.
 
 ## Supported Shells
 
 Aikido Safe Chain supports integration with the following shells.
 
-| Shell                  | Startup File                 | Alias Format               |
-| ---------------------- | ---------------------------- | -------------------------- |
-| **Bash**               | `~/.bashrc`                  | `alias npm='aikido-npm'`   |
-| **Zsh**                | `~/.zshrc`                   | `alias npm='aikido-npm'`   |
-| **Fish**               | `~/.config/fish/config.fish` | `alias npm "aikido-npm"`   |
-| **PowerShell Core**    | `$PROFILE`                   | `Set-Alias npm aikido-npm` |
-| **Windows PowerShell** | `$PROFILE`                   | `Set-Alias npm aikido-npm` |
+| Shell                  | Startup File                 |
+| ---------------------- | ---------------------------- |
+| **Bash**               | `~/.bashrc`                  |
+| **Zsh**                | `~/.zshrc`                   |
+| **Fish**               | `~/.config/fish/config.fish` |
+| **PowerShell Core**    | `$PROFILE`                   |
+| **Windows PowerShell** | `$PROFILE`                   |
 
-## Commands
+## Setup Commands
 
 ### Setup Shell Integration
 
@@ -26,10 +26,11 @@ safe-chain setup
 
 This command:
 
+- Copies necessary startup scripts to Safe Chain's installation directory (`~/.safe-chain/scripts`)
 - Detects all supported shells on your system
-- Adds aliases for `npm`, `npx`, `yarn`, `pnpm` and `pnpx` to each shell's startup file
+- Sources each shell's startup file to add Safe Chain functions for `npm`, `npx`, `yarn`, `pnpm`, and `pnpx`
 
-❗ After running this command, **you must restart your terminal** for the changes to take effect. This ensures that the aliases are loaded correctly.
+❗ After running this command, **you must restart your terminal** for the changes to take effect. This ensures that the startup scripts are sourced correctly.
 
 ### Remove Shell Integration
 
@@ -40,13 +41,13 @@ safe-chain teardown
 This command:
 
 - Detects all supported shells on your system
-- Removes Aikido aliases from each shell's startup file
+- Removes the Safe Chain scripts from each shell's startup file, restoring the original commands
 
 ❗ After running this command, **you must restart your terminal** to restore the original commands.
 
 ## File Locations
 
-The system modifies the following files based on your shell configuration:
+The system modifies the following files to source Safe Chain startup scripts:
 
 ### Unix/Linux/macOS
 
@@ -64,15 +65,16 @@ The system modifies the following files based on your shell configuration:
 
 ### Common Issues
 
-**Aliases not working after setup:**
+**Shell functions not working after setup:**
 
 - Make sure to restart your terminal
-- Check that the startup file was actually modified
+- Check that the startup file was modified to source Safe Chain scripts
+- Check the sourced file exists at `~/.safe-chain/scripts/`
 - Verify your shell is reading the correct startup file
 
 **Getting 'command not found: aikido-npm' error:**
 
-This means the aliases are working but the Aikido commands aren't installed or available in your PATH:
+This means the shell functions are working but the Aikido commands aren't installed or available in your PATH:
 
 - Make sure Aikido Safe Chain is properly installed on your system
 - Verify the `aikido-npm`, `aikido-npx`, `aikido-yarn`, `aikido-pnpm` and `aikido-pnpx` commands exist
@@ -82,27 +84,40 @@ This means the aliases are working but the Aikido commands aren't installed or a
 
 To verify the integration is working, follow these steps:
 
-1. **Check if aliases were added to your shell startup file:**
+1. **Check if startup scripts were sourced in your shell startup file:**
 
    - **For Bash**: Open `~/.bashrc` in your text editor
    - **For Zsh**: Open `~/.zshrc` in your text editor
    - **For Fish**: Open `~/.config/fish/config.fish` in your text editor
    - **For PowerShell**: Open your PowerShell profile file (run `$PROFILE` in PowerShell to see the path)
 
-   Look for lines like:
+   Look for lines that source the Safe Chain startup scripts from `~/.safe-chain/scripts/`
 
-   - `alias npm='aikido-npm'` (Bash/Zsh)
-   - `alias npm "aikido-npm"` (Fish)
-   - `Set-Alias npm aikido-npm` (PowerShell)
-
-2. **Test that aliases are active in your terminal:**
+2. **Test that shell functions are active in your terminal:**
 
    After restarting your terminal, run these commands:
 
-   - `which npm` - Should show the path to `aikido-npm` instead of the original npm
    - `npm --version` - Should show output from the Aikido-wrapped version
-   - `type npm` - Alternative way to check what command `npm` resolves to
+   - `type npm` - Should show that `npm` is a function
+
+3. **If you need to remove the integration manually:**
+
+   Edit the same startup file from step 1 and delete any lines that source Safe Chain scripts from `~/.safe-chain/scripts/`.
+
+## Manual Setup
 
-3. **If you need to remove aliases manually:**
+For advanced users who prefer manual configuration, you can create wrapper functions directly in your shell's startup file. Shell functions take precedence over commands in PATH, so defining an `npm` function will intercept all `npm` calls:
+
+```bash
+# Example for Bash/Zsh
+npm() {
+  if command -v aikido-npm > /dev/null 2>&1; then
+    aikido-npm "$@"
+  else
+    echo "Warning: safe-chain is not installed. npm will run without protection."
+    command npm "$@"
+  fi
+}
+```
 
-   Edit the same startup file from step 1 and delete any lines containing `aikido-npm`, `aikido-npx`, `aikido-yarn`, `aikido-pnpm` or `aikido-pnpx`.
+Repeat this pattern for `npx`, `yarn`, `pnpm`, and `pnpx` using their respective `aikido-*` commands. After adding these functions, restart your terminal to apply the changes.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aikidosec/safe-chain",
-  "version": "1.0.23",
+  "version": "1.1.0",
   "scripts": {
     "test": "node --test --experimental-test-module-mocks 'src/**/*.spec.js'",
     "test:watch": "node --test --watch --experimental-test-module-mocks 'src/**/*.spec.js'",
@@ -12,6 +12,8 @@
     "aikido-yarn": "bin/aikido-yarn.js",
     "aikido-pnpm": "bin/aikido-pnpm.js",
     "aikido-pnpx": "bin/aikido-pnpx.js",
+    "aikido-bun": "bin/aikido-bun.js",
+    "aikido-bunx": "bin/aikido-bunx.js",
     "safe-chain": "bin/safe-chain.js"
   },
   "type": "module",
@@ -30,7 +32,9 @@
   "dependencies": {
     "abbrev": "3.0.1",
     "chalk": "5.4.1",
+    "https-proxy-agent": "7.0.6",
     "make-fetch-happen": "14.0.3",
+    "node-forge": "1.3.1",
     "npm-registry-fetch": "18.0.2",
     "ora": "8.2.0",
     "semver": "7.7.2"

package/src/main.js

@@ -4,19 +4,50 @@ import { scanCommand, shouldScanCommand } from "./scanning/index.js";
 import { ui } from "./environment/userInteraction.js";
 import { getPackageManager } from "./packagemanager/currentPackageManager.js";
 import { initializeCliArguments } from "./config/cliArguments.js";
+import { createSafeChainProxy } from "./registryProxy/registryProxy.js";
+import chalk from "chalk";
 
 export async function main(args) {
+  const proxy = createSafeChainProxy();
+  await proxy.startServer();
+
   try {
     // This parses all the --safe-chain arguments and removes them from the args array
     args = initializeCliArguments(args);
 
     if (shouldScanCommand(args)) {
-      await scanCommand(args);
+      const commandScanResult = await scanCommand(args);
+
+      // Returning the exit code back to the caller allows the promise
+      //  to be awaited in the bin files and return the correct exit code
+      if (commandScanResult !== 0) {
+        return commandScanResult;
+      }
+    }
+
+    const packageManagerResult = await getPackageManager().runCommand(args);
+
+    if (!proxy.verifyNoMaliciousPackages()) {
+      return 1;
     }
+
+    ui.emptyLine();
+    ui.writeInformation(
+      `${chalk.green(
+        "✔"
+      )} Safe-chain: Command completed, no malicious packages found.`
+    );
+
+    // Returning the exit code back to the caller allows the promise
+    //  to be awaited in the bin files and return the correct exit code
+    return packageManagerResult.status;
   } catch (error) {
     ui.writeError("Failed to check for malicious packages:", error.message);
-  }
 
-  var result = getPackageManager().runCommand(args);
-  process.exit(result.status);
+    // Returning the exit code back to the caller allows the promise
+    //  to be awaited in the bin files and return the correct exit code
+    return 1;
+  } finally {
+    await proxy.stopServer();
+  }
 }

package/src/packagemanager/bun/createBunPackageManager.js

@@ -0,0 +1,42 @@
+import { ui } from "../../environment/userInteraction.js";
+import { safeSpawn } from "../../utils/safeSpawn.js";
+import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
+
+export function createBunPackageManager() {
+  return {
+    runCommand: (args) => runBunCommand("bun", args),
+
+    // For bun, we use the proxy-only approach to block package downloads,
+    // so we don't need to analyze commands.
+    isSupportedCommand: () => false,
+    getDependencyUpdatesForCommand: () => [],
+  };
+}
+
+export function createBunxPackageManager() {
+  return {
+    runCommand: (args) => runBunCommand("bunx", args),
+
+    // For bunx, we use the proxy-only approach to block package downloads,
+    // so we don't need to analyze commands.
+    isSupportedCommand: () => false,
+    getDependencyUpdatesForCommand: () => [],
+  };
+}
+
+async function runBunCommand(command, args) {
+  try {
+    const result = await safeSpawn(command, args, {
+      stdio: "inherit",
+      env: mergeSafeChainProxyEnvironmentVariables(process.env),
+    });
+    return { status: result.status };
+  } catch (error) {
+    if (error.status) {
+      return { status: error.status };
+    } else {
+      ui.writeError("Error executing command:", error.message);
+      return { status: 1 };
+    }
+  }
+}

package/src/packagemanager/currentPackageManager.js

@@ -1,3 +1,7 @@
+import {
+  createBunPackageManager,
+  createBunxPackageManager,
+} from "./bun/createBunPackageManager.js";
 import { createNpmPackageManager } from "./npm/createPackageManager.js";
 import { createNpxPackageManager } from "./npx/createPackageManager.js";
 import {
@@ -21,6 +25,10 @@ export function initializePackageManager(packageManagerName, version) {
     state.packageManagerName = createPnpmPackageManager();
   } else if (packageManagerName === "pnpx") {
     state.packageManagerName = createPnpxPackageManager();
+  } else if (packageManagerName === "bun") {
+    state.packageManagerName = createBunPackageManager();
+  } else if (packageManagerName === "bunx") {
+    state.packageManagerName = createBunxPackageManager();
   } else {
     throw new Error("Unsupported package manager: " + packageManagerName);
   }

package/src/packagemanager/npm/dependencyScanner/dryRunScanner.js

@@ -1,4 +1,3 @@
-import { ui } from "../../../environment/userInteraction.js";
 import { parseDryRunOutput } from "../parsing/parseNpmInstallDryRunOutput.js";
 import { dryRunNpmCommandAndOutput } from "../runNpmCommand.js";
 import { hasDryRunArg } from "../utils/npmCommands.js";
@@ -9,6 +8,7 @@ export function dryRunScanner(scannerOptions) {
     shouldScan: (args) => shouldScanDependencies(scannerOptions, args),
   };
 }
+
 function scanDependencies(scannerOptions, args) {
   let dryRunArgs = args;
 
@@ -32,15 +32,22 @@ function shouldScanDependencies(scannerOptions, args) {
   return true;
 }
 
-function checkChangesWithDryRun(args) {
-  const dryRunOutput = dryRunNpmCommandAndOutput(args);
+async function checkChangesWithDryRun(args) {
+  const dryRunOutput = await dryRunNpmCommandAndOutput(args);
 
   // Dry-run can return a non-zero status code in some cases
   //  e.g., when running "npm audit fix --dry-run", it returns exit code 1
-  //  when there are vulnurabilities that can be fixed.
+  //  when there are vulnerabilities that can be fixed.
+  if (dryRunOutput.status !== 0 && !canCommandReturnNonZeroOnSuccess(args)) {
+    throw new Error(
+      `Dry-run command failed with exit code ${dryRunOutput.status} and output:\n${dryRunOutput.output}`
+    );
+  }
+
   if (dryRunOutput.status !== 0 && !dryRunOutput.output) {
-    ui.writeError("Detecting changes failed.");
-    return [];
+    throw new Error(
+      `Dry-run command failed with exit code ${dryRunOutput.status} and produced no output.`
+    );
   }
 
   const parsedOutput = parseDryRunOutput(dryRunOutput.output);
@@ -48,3 +55,13 @@ function checkChangesWithDryRun(args) {
   // reverse the array to have the top-level packages first
   return parsedOutput.reverse();
 }
+
+function canCommandReturnNonZeroOnSuccess(args) {
+  if (args.length < 2) {
+    return false;
+  }
+
+  // `npm audit fix --dry-run` can return exit code 1 when it succesfully ran and
+  // there were vulnerabilities that could be fixed
+  return args[0] === "audit" && args[1] === "fix";
+}

package/src/packagemanager/npm/runNpmCommand.js

@@ -1,10 +1,14 @@
-import { execSync } from "child_process";
 import { ui } from "../../environment/userInteraction.js";
+import { safeSpawn } from "../../utils/safeSpawn.js";
+import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
 
-export function runNpm(args) {
+export async function runNpm(args) {
   try {
-    const npmCommand = `npm ${args.join(" ")}`;
-    execSync(npmCommand, { stdio: "inherit" });
+    const result = await safeSpawn("npm", args, {
+      stdio: "inherit",
+      env: mergeSafeChainProxyEnvironmentVariables(process.env),
+    });
+    return { status: result.status };
   } catch (error) {
     if (error.status) {
       return { status: error.status };
@@ -13,17 +17,29 @@ export function runNpm(args) {
       return { status: 1 };
     }
   }
-  return { status: 0 };
 }
 
-export function dryRunNpmCommandAndOutput(args) {
+export async function dryRunNpmCommandAndOutput(args) {
   try {
-    const npmCommand = `npm ${args.join(" ")} --dry-run`;
-    const output = execSync(npmCommand, { stdio: "pipe" });
-    return { status: 0, output: output.toString() };
+    const result = await safeSpawn(
+      "npm",
+      [...args, "--ignore-scripts", "--dry-run"],
+      {
+        stdio: "pipe",
+        env: mergeSafeChainProxyEnvironmentVariables(process.env),
+      }
+    );
+    return {
+      status: result.status,
+      output: result.status === 0 ? result.stdout : result.stderr,
+    };
   } catch (error) {
     if (error.status) {
-      const output = error.stdout ? error.stdout.toString() : "";
+      const output =
+        error.stdout?.toString() ??
+        error.stderr?.toString() ??
+        error.message ??
+        "";
       return { status: error.status, output };
     } else {
       ui.writeError("Error executing command:", error.message);

package/src/packagemanager/npx/runNpxCommand.js

@@ -1,10 +1,14 @@
-import { execSync } from "child_process";
 import { ui } from "../../environment/userInteraction.js";
+import { safeSpawn } from "../../utils/safeSpawn.js";
+import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
 
-export function runNpx(args) {
+export async function runNpx(args) {
   try {
-    const npxCommand = `npx ${args.join(" ")}`;
-    execSync(npxCommand, { stdio: "inherit" });
+    const result = await safeSpawn("npx", args, {
+      stdio: "inherit",
+      env: mergeSafeChainProxyEnvironmentVariables(process.env),
+    });
+    return { status: result.status };
   } catch (error) {
     if (error.status) {
       return { status: error.status };
@@ -13,5 +17,4 @@ export function runNpx(args) {
       return { status: 1 };
     }
   }
-  return { status: 0 };
 }

package/src/packagemanager/pnpm/runPnpmCommand.js

@@ -1,24 +1,31 @@
-import { spawnSync } from "child_process";
 import { ui } from "../../environment/userInteraction.js";
+import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
+import { safeSpawn } from "../../utils/safeSpawn.js";
 
-export function runPnpmCommand(args, toolName = "pnpm") {
+export async function runPnpmCommand(args, toolName = "pnpm") {
   try {
     let result;
-
     if (toolName === "pnpm") {
-      result = spawnSync("pnpm", args, { stdio: "inherit" });
+      result = await safeSpawn("pnpm", args, {
+        stdio: "inherit",
+        env: mergeSafeChainProxyEnvironmentVariables(process.env),
+      });
     } else if (toolName === "pnpx") {
-      result = spawnSync("pnpx", args, { stdio: "inherit" });
+      result = await safeSpawn("pnpx", args, {
+        stdio: "inherit",
+        env: mergeSafeChainProxyEnvironmentVariables(process.env),
+      });
     } else {
       throw new Error(`Unsupported tool name for aikido-pnpm: ${toolName}`);
     }
 
-    if (result.status !== null) {
-      return { status: result.status };
-    }
+    return { status: result.status };
   } catch (error) {
-    ui.writeError("Error executing command:", error.message);
-    return { status: 1 };
+    if (error.status) {
+      return { status: error.status };
+    } else {
+      ui.writeError("Error executing command:", error.message);
+      return { status: 1 };
+    }
   }
-  return { status: 0 };
 }