From 7978a79339b54cdba0f8a98dbbeda7fbfc7d9ac2 Mon Sep 17 00:00:00 2001
From: Claude Bot <claude-bot@bun.sh>
Date: Wed, 14 Jan 2026 21:55:44 +0000
Subject: [PATCH] fix: address code review comments for peer dependency
 warnings

- Add buffer overflow protection with "..." truncation marker
- Replace two loose substring assertions with single regex match

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../PackageManager/PackageManagerEnqueue.zig  | 28 +++++++++++++++----
 test/cli/install/bun-install-registry.test.ts |  7 ++---
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/src/install/PackageManager/PackageManagerEnqueue.zig b/src/install/PackageManager/PackageManagerEnqueue.zig
index 8f3098a271..92e5cbc6b4 100644
--- a/src/install/PackageManager/PackageManagerEnqueue.zig
+++ b/src/install/PackageManager/PackageManagerEnqueue.zig
@@ -1946,16 +1946,32 @@ fn getDependencyPath(this: *PackageManager, package_id: PackageID, buf: *[1024]u
         const pkg_id = path_ids[i];
         const name = names[pkg_id].slice(string_buf);
 
-        if (written > 0 and written + 3 < buf.len) {
+        // Check if we have enough space for separator + full name
+        const separator_len: usize = if (written > 0) 3 else 0; // " > "
+        const needed = separator_len + name.len;
+        const remaining = buf.len - written;
+
+        if (needed > remaining) {
+            // Not enough space - add truncation marker and stop
+            const truncation_marker = "...";
+            if (remaining >= separator_len + truncation_marker.len) {
+                if (separator_len > 0) {
+                    @memcpy(buf[written..][0..3], " > ");
+                    written += 3;
+                }
+                @memcpy(buf[written..][0..truncation_marker.len], truncation_marker);
+                written += truncation_marker.len;
+            }
+            break;
+        }
+
+        if (separator_len > 0) {
             @memcpy(buf[written..][0..3], " > ");
             written += 3;
         }
 
-        const copy_len = @min(name.len, buf.len - written);
-        if (copy_len > 0) {
-            @memcpy(buf[written..][0..copy_len], name[0..copy_len]);
-            written += copy_len;
-        }
+        @memcpy(buf[written..][0..name.len], name);
+        written += name.len;
     }
 
     return buf[0..written];
diff --git a/test/cli/install/bun-install-registry.test.ts b/test/cli/install/bun-install-registry.test.ts
index 0a5c36f59f..1d5631713d 100644
--- a/test/cli/install/bun-install-registry.test.ts
+++ b/test/cli/install/bun-install-registry.test.ts
@@ -3912,8 +3912,8 @@ describe("hoisting", async () => {
     expect(err).not.toContain("not found");
     expect(err).not.toContain("error:");
     // New improved peer dependency warning format shows the requiring package, expected version, and actual version
-    expect(err).toContain("peer-deps-fixed");
-    expect(err).toContain("has unmet peer dependency no-deps@^1.0.0 (found 2.0.0)");
+    // Match: "warn: ...peer-deps-fixed has unmet peer dependency no-deps@^1.0.0 (found 2.0.0)"
+    expect(err).toMatch(/warn:.*peer-deps-fixed has unmet peer dependency no-deps@\^1\.0\.0 \(found 2\.0\.0\)/);
 
     expect(out.replace(/\s*\[[0-9\.]+m?s\]\s*$/, "").split(/\r?\n/)).toEqual([
       expect.stringContaining("bun install v1."),
@@ -7676,8 +7676,7 @@ describe("yarn tests", () => {
     expect(err).not.toContain("error:");
     expect(err).not.toContain("not found");
     // New improved peer dependency warning format shows the requiring package, expected version, and actual version
-    expect(err).toContain("peer-deps-fixed");
-    expect(err).toContain("has unmet peer dependency no-deps@^1.0.0 (found 2.0.0)");
+    expect(err).toMatch(/warn:.*peer-deps-fixed has unmet peer dependency no-deps@\^1\.0\.0 \(found 2\.0\.0\)/);
     expect(out.replace(/\s*\[[0-9\.]+m?s\]\s*$/, "").split(/\r?\n/)).toEqual([
       expect.stringContaining("bun install v1."),
       "",