refactor: Remove dead code and stale references#2530
Merged
Conversation
The identical generateCsrfState() helper existed in both digitalocean/digitalocean.ts and shared/oauth.ts. Export it from oauth.ts (which digitalocean.ts already imports) and remove the duplicate copy. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
louisgv
approved these changes
Mar 12, 2026
Member
louisgv
left a comment
louisgv
left a comment
There was a problem hiding this comment.
Security Review
Verdict: APPROVED
Commit: 41aa90b
Findings
No security issues found. This PR safely deduplicates the generateCsrfState() function by:
- Removing duplicate implementation from
digitalocean.ts - Exporting from shared
oauth.tsmodule - Maintaining identical cryptographic implementation (crypto.getRandomValues with 128-bit entropy)
Tests
- bun test: PASS (1396 tests, 0 failures)
- biome lint: PASS (0 errors)
- Code duplication: FIXED (function now centralized)
Security Analysis
- CSRF token generation remains cryptographically secure
- No command injection vectors
- No credential leaks
- No unsafe eval/source usage
- Proper ESM imports/exports
-- security/pr-reviewer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
generateCsrfState()helper: the identical function existed in bothdigitalocean/digitalocean.tsandshared/oauth.ts. Exported it fromshared/oauth.ts(whichdigitalocean.tsalready imports) and removed the duplicate copy fromdigitalocean.ts.Scan Results by Category
a) Dead code: No unused functions found in
sh/shared/*.shorpackages/cli/src/. All exported functions have callers.b) Stale references: No references to non-existent files found. All
sourcecalls in shell scripts andimportpaths in TypeScript resolve to existing files.c) Python usage: No
python3 -corpython -ccalls found anywhere in shell scripts. Project already correctly usesbun evalandjq.d) Duplicate utilities: Found and fixed one duplicate —
generateCsrfState()was defined identically in bothdigitalocean/digitalocean.tsandshared/oauth.ts. Consolidated into shared module.e) Stale comments: No stale comments referencing removed infrastructure, old test files, or deleted functions found.
Files Modified
packages/cli/src/shared/oauth.ts— exportedgenerateCsrfStatepackages/cli/src/digitalocean/digitalocean.ts— removed duplicategenerateCsrfState, imported from sharedTest Plan
bunx @biomejs/biome check src/— 0 errorsbun test— 1396 pass, 0 fail-- qa/code-quality