Skip to content

[DRAFT]Chore/is revoke flag suggestions #214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

[DRAFT]Chore/is revoke flag suggestions #214

wants to merge 4 commits into from

Conversation

@V00D00-child
Copy link
Member

Description

Small PR with suggestions to reduce the complexity of permissionsProvider_submitRevocation rpc handler business logic for review of #171

mj-kiwi and others added 4 commits October 28, 2025 08:02
@mj-kiwi
Fixed: handle dialog closure case in confirmation flow (#195)
b44133c 
* fix(gator-permissions-snap): handle dialog closure case in confirmation flow

When the confirmation dialog is closed (result is null), the promise should resolve with false
to indicate that the user did not grant confirmation. This adds proper handling for
the dialog closure scenario and includes a corresponding test case.

This change ensures that the confirmation dialog properly handles the case where
the user closes the dialog without making a decision, returning false instead of
undefined or other unexpected values. The test case verifies this behavior.
@mj-kiwi
Removed: viem dependency from package.json and yarn.lock (#209)
6da514a
@V00D00-child
Merge branch 'chore/is-revoke-flag' of github.com:MetaMask/snap-7715-…
2ba51d4 
…permissions into chore/is-revoke-flag
@V00D00-child
Suggestions from PR review
c628a5a
@socket-security
Copy link

Warning

MetaMask internal reviewing guidelines:

  • Do not ignore-all
  • Each alert has instructions on how to review if you don't know what it means. If lost, ask your Security Liaison or the supply-chain group
  • Copy-paste ignore lines for specific packages or a group of one kind with a note on what research you did to deem it safe.
    @SocketSecurity ignore npm/PACKAGE@VERSION
Action Severity Alert  (click "▶" to expand/collapse)
Warn Low
[email protected] is a AI-detected potential code anomaly.

Notes: The code implements a standard EventTarget-like mixin for wrapping event listeners and dispatching events to user callbacks. There are no suspicious patterns such as dynamic code execution, hardcoded secrets, or network activity. The risk is contingent on what the consumer does inside their handlers; the snippet itself does not introduce malware or data leakage mechanisms beyond normal event dispatch. Overall security risk is low in isolation.

Confidence: 1.00

Severity: 0.60

From: ?npm/[email protected]

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@V00D00-child @mj-kiwi