From d2a9450a1f8eba8593e0baae51c07d589880a714 Mon Sep 17 00:00:00 2001
From: Joan Perals Tresserra <jotresse@amazon.com>
Date: Fri, 25 Jul 2025 10:37:58 +0200
Subject: [PATCH 1/2] fix: Sanitize URL in prepare-package-lock script

---
 scripts/prepare-package-lock.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/prepare-package-lock.js b/scripts/prepare-package-lock.js
index 4da1bd0f..b5640fdf 100755
--- a/scripts/prepare-package-lock.js
+++ b/scripts/prepare-package-lock.js
@@ -23,7 +23,10 @@ function unlock(packages) {
 
     if (dependencyName.includes("@cloudscape-design/")) {
       delete packages[dependencyName];
-    } else if (dependency.resolved && dependency.resolved.includes("codeartifact.us-west-2.amazonaws.com")) {
+    } else if (
+      dependency.resolved &&
+      new URL(dependency.resolved).host.endsWith("codeartifact.us-west-2.amazonaws.com")
+    ) {
       throw Error(
         "package-lock.json file contains a reference to CodeArtifact. Use regular npm to update the packages.",
       );

From 0365cffe399aee503c7df60a481a46c0929c038b Mon Sep 17 00:00:00 2001
From: Joan Perals Tresserra <jotresse@amazon.com>
Date: Fri, 25 Jul 2025 11:00:26 +0200
Subject: [PATCH 2/2] Better check for subdomain

---
 scripts/prepare-package-lock.js | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/scripts/prepare-package-lock.js b/scripts/prepare-package-lock.js
index b5640fdf..48139a47 100755
--- a/scripts/prepare-package-lock.js
+++ b/scripts/prepare-package-lock.js
@@ -17,19 +17,27 @@ if (packageLock.lockfileVersion !== 2) {
   throw new Error('package-lock.json must have "lockfileVersion": 2');
 }
 
+const disallowedHosts = [
+  {
+    host: "codeartifact.us-west-2.amazonaws.com",
+    errorMessage:
+      "package-lock.json file contains a reference to CodeArtifact. Use regular npm to update the packages.",
+  },
+];
+
 function unlock(packages) {
   Object.keys(packages).forEach((dependencyName) => {
     const dependency = packages[dependencyName];
 
     if (dependencyName.includes("@cloudscape-design/")) {
       delete packages[dependencyName];
-    } else if (
-      dependency.resolved &&
-      new URL(dependency.resolved).host.endsWith("codeartifact.us-west-2.amazonaws.com")
-    ) {
-      throw Error(
-        "package-lock.json file contains a reference to CodeArtifact. Use regular npm to update the packages.",
-      );
+    } else if (dependency.resolved) {
+      const host = new URL(dependency.resolved).host;
+      for (const disalloweHost of disallowedHosts) {
+        if (host === disalloweHost.host || host.endsWith(`.${disalloweHost.host}`)) {
+          throw Error(disalloweHost.errorMessage);
+        }
+      }
     }
   });