From de33508b98bb7ab4bb41b61b286aa3418bbe81f6 Mon Sep 17 00:00:00 2001
From: cgombauld <clement.gombauld@cpexterne.org>
Date: Wed, 26 Nov 2025 19:31:01 +0100
Subject: [PATCH] feat(scripts): put suspicious scripts first

---
 .../components/package/pannels/scripts/scripts.js   | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/public/components/package/pannels/scripts/scripts.js b/public/components/package/pannels/scripts/scripts.js
index 75a5a007..370c9911 100644
--- a/public/components/package/pannels/scripts/scripts.js
+++ b/public/components/package/pannels/scripts/scripts.js
@@ -162,7 +162,7 @@ class Scripts extends LitElement {
     const hideItemsLength = 4;
     const scripts = Object.entries(this.package.dependencyVersion.scripts);
     const hideItems = scripts.length > hideItemsLength;
-    const scriptsToDisplay = this.isClosed ? scripts.slice(0, hideItemsLength) : scripts;
+    const scriptsToDisplay = this.#sortScripts(this.isClosed ? scripts.slice(0, hideItemsLength) : scripts);
 
     if (scripts.length === 0) {
       return nothing;
@@ -176,7 +176,7 @@ class Scripts extends LitElement {
       ${repeat(scriptsToDisplay,
         (script) => script,
         ([scriptName, scriptContent]) => {
-          const isSuspicious = kUnsafeNpmScripts.has(scriptName);
+          const isSuspicious = this.#isSuspicious(scriptName);
           const scriptClasses = classMap({
             script: true,
             suspicious: isSuspicious
@@ -203,6 +203,15 @@ class Scripts extends LitElement {
    `;
   }
 
+  #sortScripts(scripts) {
+    return [...scripts.filter(([scriptName]) => this.#isSuspicious(scriptName)),
+      ...scripts.filter(([scriptName]) => !this.#isSuspicious(scriptName))];
+  }
+
+  #isSuspicious(scriptName) {
+    return kUnsafeNpmScripts.has(scriptName);
+  }
+
   #renderDependencies() {
     const { composition } = this.package.dependencyVersion;