Add CLI tool for asset management and improve documentation#1715
Open
drqsatoshi wants to merge 6 commits intoMetaMask:masterfrom
Open
Add CLI tool for asset management and improve documentation#1715drqsatoshi wants to merge 6 commits intoMetaMask:masterfrom
drqsatoshi wants to merge 6 commits intoMetaMask:masterfrom
Conversation
|
No dependency changes detected. Learn more about Socket for GitHub. 👍 No dependency changes detected in pull request |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
cli-update-asset.js
Outdated
| const CAIP19Schema = z.string().regex( | ||
| /^[-a-z0-9]{3,8}:[-a-zA-Z0-9]{1,32}\/[-a-z0-9]{3,8}:[a-zA-Z0-9]+$/, | ||
| 'Invalid CAIP-19 format. Expected: namespace:chainId/assetNamespace:assetReference' | ||
| ); |
There was a problem hiding this comment.
CAIP-19 regex rejects valid asset references with hyphens
Medium Severity
The CAIP19Schema regex uses [a-zA-Z0-9]+ for the asset reference segment, but the CAIP-19 specification defines asset references as [-a-zA-Z0-9]{1,64}. The regex is missing the hyphen character class and the max-length constraint. This causes the tool to reject valid CAIP-19 identifiers whose asset references contain hyphens, which some chain ecosystems may use. The fix would be changing the trailing segment to [-a-zA-Z0-9]{1,64}.
Author
There was a problem hiding this comment.
ooooo this is why Regex is hard. trailing commas, trailing egements.... segmentation faults suck.
drqsatoshi
force-pushed
the
mh/add-cli-to-update-tokens
branch
from
a11139b to
9a52db5
Compare
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduce a CLI tool for managing CAIP-19 contract metadata and icons, along with comprehensive documentation. This update also includes bug fixes and tests to ensure functionality, such as verifying asset integrity and handling image format changes.
Note
Medium Risk
Introduces new filesystem- and network-touching CLI behavior (downloading/writing/removing asset files) plus new dependency (
zod), which could affect contributor workflows if edge cases aren’t handled.Overview
Adds a new
cli-update-asset.jscommand-line tool to create/update, verify, and list CAIP-19 assets, including downloading icons from URLs, validating metadata withzod, and cleaning up stale icon files when formats change.Updates
package.jsonwithasset:*scripts and adds tests covering icon replacement andverifyrobustness, plus expands documentation inREADME.mdand adds AI instruction pointers (.cursorrules,CLAUDE.md,.github/copilot-instructions.md).Written by Cursor Bugbot for commit a11139b. This will update automatically on new commits. Configure here.