From 50947cddbff7fc45bc03c35e52aa0b53183f13eb Mon Sep 17 00:00:00 2001 From: GENTILHOMME Thomas Date: Sun, 29 Mar 2026 21:55:04 +0200 Subject: [PATCH] test(scanner): enhance with describe/it and concurrency for long running UT --- .../scanner/test/NpmRegistryProvider.spec.ts | 2 +- .../scanner/test/comparePayloads.spec.ts | 488 +++++++++--------- workspaces/scanner/test/depWalker.spec.ts | 2 +- .../scanner/test/extractors/payload.spec.ts | 9 +- workspaces/scanner/test/from.spec.ts | 14 +- .../scanner/test/integrityWarning.spec.ts | 18 - workspaces/scanner/test/logger.spec.ts | 140 ++--- .../test/utils/addMissingVersionFlags.spec.ts | 72 +-- .../scanner/test/utils/getLinks.spec.ts | 4 +- .../scanner/test/utils/getUsedDeps.spec.ts | 28 +- .../test/utils/isNodesecurePayload.spec.ts | 41 ++ workspaces/scanner/test/utils/npmrc.spec.ts | 54 +- .../test/utils/parseSemverRange.spec.ts | 22 +- .../scanner/test/utils/warnings.spec.ts | 65 +-- workspaces/scanner/test/workingDir.spec.ts | 2 +- 15 files changed, 514 insertions(+), 447 deletions(-) delete mode 100644 workspaces/scanner/test/integrityWarning.spec.ts create mode 100644 workspaces/scanner/test/utils/isNodesecurePayload.spec.ts diff --git a/workspaces/scanner/test/NpmRegistryProvider.spec.ts b/workspaces/scanner/test/NpmRegistryProvider.spec.ts index 7270097f..7efb6b71 100644 --- a/workspaces/scanner/test/NpmRegistryProvider.spec.ts +++ b/workspaces/scanner/test/NpmRegistryProvider.spec.ts @@ -31,7 +31,7 @@ class FakeTokenStore implements TokenStore { } } -describe("NpmRegistryProvider", () => { +describe("NpmRegistryProvider", { concurrency: 2 }, () => { async function dummyThrow(): Promise { throw new HttpieOnHttpError({ data: null, diff --git a/workspaces/scanner/test/comparePayloads.spec.ts b/workspaces/scanner/test/comparePayloads.spec.ts index 2cfa49e8..e3e42d9b 100644 --- a/workspaces/scanner/test/comparePayloads.spec.ts +++ b/workspaces/scanner/test/comparePayloads.spec.ts @@ -1,5 +1,5 @@ // Import Node.js Dependencies -import { it } from "node:test"; +import { describe, it } from "node:test"; import assert from "node:assert"; import { join } from "node:path"; import { readFileSync } from "node:fs"; @@ -9,296 +9,300 @@ import { comparePayloads } from "../src/index.ts"; // CONSTANTS const kFixturePath = join(import.meta.dirname, "fixtures", "scannerPayloads"); -const kPayload = JSON.parse(readFileSync(join(kFixturePath, "/payload.json"), "utf8")); - -it("should throw an error if compared payloads have the same id", () => { - assert.throws( - () => compareTo("sameIdPayload"), - { message: `You try to compare two payloads with the same id '${kPayload.id}'` } - ); -}); - -it("should throw an error if compared payloads are not from the same package", () => { - assert.throws( - () => compareTo("otherRootDependency"), - { message: "You can't compare different package payloads 'foo' and 'bar'" } - ); -}); - -it("should detect warnings diff", () => { - const { - warnings: { added, removed }, - dependencies: { compared } - } = compareTo("warningChangedPayload"); - - assert.deepEqual(added, [ - { - type: "empty-package", - message: "..." - } - ]); - assert.deepEqual(removed, [ - { - type: "dangerous-dependency", - message: "..." - } - ]); - - const deepWarnings = compared.get("foo")!.versions.compared.get("2.0.0")!.warnings; - assert.strictEqual(deepWarnings.added.length, 1); - assert.deepStrictEqual(deepWarnings.added[0], { - kind: "unsafe-import", - location: [[4, 26], [4, 65]], - source: "JS-X-Ray", - i18n: "sast_warnings.unsafe_import", - severity: "Warning", - file: "examples/asyncawait.js" +const kPayload = JSON.parse( + readFileSync(join(kFixturePath, "/payload.json"), "utf8") +); + +describe("comparePayloads", () => { + it("should throw an error if compared payloads have the same id", () => { + assert.throws( + () => compareTo("sameIdPayload"), + { message: `You try to compare two payloads with the same id '${kPayload.id}'` } + ); }); - assert.strictEqual(deepWarnings.removed.length, 1); - assert.deepStrictEqual(deepWarnings.removed[0], { - kind: "unsafe-regex", - location: [[3, 16], [3, 55]], - source: "JS-X-Ray", - i18n: "sast_warnings.unsafe_import", - severity: "Warning", - file: "examples/asyncawait.js" + it("should throw an error if compared payloads are not from the same package", () => { + assert.throws( + () => compareTo("otherRootDependency"), + { message: "You can't compare different package payloads 'foo' and 'bar'" } + ); }); -}); - -it("should detect scanner version diff", () => { - const { scannerVersion } = compareTo("scannerVersionChanged"); - - assert.strictEqual(scannerVersion?.prev, "1.0.0"); - assert.strictEqual(scannerVersion.now, "1.0.1"); -}); - -it("should detect vulnerability strategy version diff", () => { - const { vulnerabilityStrategy } = compareTo("vulnerabilityStrategyChanged"); - assert.strictEqual(vulnerabilityStrategy?.prev, "npm"); - assert.strictEqual(vulnerabilityStrategy?.now, "snyk"); -}); - -it("should detect dependencies diff", () => { - const { dependencies: { compared, added, removed } } = compareTo("deeplyUpdatedPayload"); - - // Global comparison of dependencies - assert.strictEqual(added.size, 1); - assert.ok(added.has("baz")); - - assert.strictEqual(removed.size, 1); - assert.ok(removed.has("bar")); - - assert.strictEqual(compared.size, 1); - assert.ok(compared.has("foo")); - - // Updated dependency deep comparison - const foo = compared.get("foo")!; - assert.ok(foo.vulnerabilities.added.some((v) => v.id === "baz")); - assert.ok(foo.vulnerabilities.removed.some((v) => v.id === "bar")); - - assert.ok(foo.publishers.added.some((m) => m.name === "hugo")); - assert.ok(foo.publishers.removed.some((m) => m.name === "jack")); - - assert.ok(foo.maintainers.added.some((m) => m.name === "hugo")); - assert.ok(foo.maintainers.removed.some((m) => m.name === "jack")); - - assert.ok(foo.versions.added.has("3.0.2")); - assert.strictEqual(foo.versions.added.size, 1); - - assert.ok(foo.versions.removed.has("3.0.1")); - assert.strictEqual(foo.versions.removed.size, 1); - - assert.ok(foo.versions.compared.has("3.0.0")); - assert.ok(foo.versions.compared.has("2.0.0")); - assert.strictEqual(foo.versions.compared.size, 2); -}); + it("should detect warnings diff", () => { + const { + warnings: { added, removed }, + dependencies: { compared } + } = compareTo("warningChangedPayload"); + + assert.deepEqual(added, [ + { + type: "empty-package", + message: "..." + } + ]); + assert.deepEqual(removed, [ + { + type: "dangerous-dependency", + message: "..." + } + ]); + + const deepWarnings = compared.get("foo")!.versions.compared.get("2.0.0")!.warnings; + assert.strictEqual(deepWarnings.added.length, 1); + assert.deepStrictEqual(deepWarnings.added[0], { + kind: "unsafe-import", + location: [[4, 26], [4, 65]], + source: "JS-X-Ray", + i18n: "sast_warnings.unsafe_import", + severity: "Warning", + file: "examples/asyncawait.js" + }); + + assert.strictEqual(deepWarnings.removed.length, 1); + assert.deepStrictEqual(deepWarnings.removed[0], { + kind: "unsafe-regex", + location: [[3, 16], [3, 55]], + source: "JS-X-Ray", + i18n: "sast_warnings.unsafe_import", + severity: "Warning", + file: "examples/asyncawait.js" + }); + }); -it("should detect version diff", () => { - const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); + it("should detect scanner version diff", () => { + const { scannerVersion } = compareTo("scannerVersionChanged"); - const comparedVersion2 = compared.get("foo")!.versions.compared.get("2.0.0")!; - assert.ok(comparedVersion2.id?.prev === 1); - assert.ok(comparedVersion2.id.now === 0); + assert.strictEqual(scannerVersion?.prev, "1.0.0"); + assert.strictEqual(scannerVersion.now, "1.0.1"); + }); - assert.strictEqual(comparedVersion2.size?.prev, "1"); - assert.strictEqual(comparedVersion2.size.now, "2"); + it("should detect vulnerability strategy version diff", () => { + const { vulnerabilityStrategy } = compareTo("vulnerabilityStrategyChanged"); - const usedBy = comparedVersion2.usedBy; - assert.ok(usedBy.added.has("baz")); - assert.strictEqual(usedBy.added.size, 1); + assert.strictEqual(vulnerabilityStrategy?.prev, "npm"); + assert.strictEqual(vulnerabilityStrategy?.now, "snyk"); + }); - assert.ok(usedBy.removed.has("bar")); - assert.strictEqual(usedBy.removed.size, 1); + it("should detect dependencies diff", () => { + const { dependencies: { compared, added, removed } } = compareTo("deeplyUpdatedPayload"); - assert.strictEqual(usedBy.compared.get("foo")!.prev, "1.0.0"); - assert.strictEqual(usedBy.compared.get("foo")!.now, "1.0.1"); + // Global comparison of dependencies + assert.strictEqual(added.size, 1); + assert.ok(added.has("baz")); - assert.ok(comparedVersion2.isDevDependency?.prev === false); - assert.ok(comparedVersion2.isDevDependency?.now); + assert.strictEqual(removed.size, 1); + assert.ok(removed.has("bar")); - assert.ok(comparedVersion2.existOnRemoteRegistry?.prev === false); - assert.ok(comparedVersion2.existOnRemoteRegistry?.now === true); + assert.strictEqual(compared.size, 1); + assert.ok(compared.has("foo")); - assert.ok(comparedVersion2.description?.prev === "foo"); - assert.ok(comparedVersion2.description?.now === "bar"); + // Updated dependency deep comparison + const foo = compared.get("foo")!; + assert.ok(foo.vulnerabilities.added.some((v) => v.id === "baz")); + assert.ok(foo.vulnerabilities.removed.some((v) => v.id === "bar")); - assert.equal(comparedVersion2.author?.prev.name, "Sindre Sorhus"); - assert.deepStrictEqual(comparedVersion2.author?.now, { - name: "Franck Sorhus", - email: "franck@gmail.com", - url: "https://franck.com" - }); + assert.ok(foo.publishers.added.some((m) => m.name === "hugo")); + assert.ok(foo.publishers.removed.some((m) => m.name === "jack")); - // repository: diff on type only - assert.deepStrictEqual(comparedVersion2.repository?.prev, { - type: "svn", - url: "https://github.com/NodeSecure/js-x-ray" - }); + assert.ok(foo.maintainers.added.some((m) => m.name === "hugo")); + assert.ok(foo.maintainers.removed.some((m) => m.name === "jack")); - assert.deepStrictEqual(comparedVersion2.repository.now, { - type: "git", - url: "https://github.com/NodeSecure/js-x-ray" - }); + assert.ok(foo.versions.added.has("3.0.2")); + assert.strictEqual(foo.versions.added.size, 1); - assert.deepStrictEqual(comparedVersion2.links?.prev, { - npm: "https://www.npmjs.com/package/example-package", - homepage: "https://example-package.com", - repository: "https://github.com/example-package/example-repo" - }); + assert.ok(foo.versions.removed.has("3.0.1")); + assert.strictEqual(foo.versions.removed.size, 1); - assert.deepStrictEqual(comparedVersion2.links.now, { - npm: "https://www.npmjs.com/package/example-package2", - homepage: "https://example-package2.com", - repository: "https://github.com/example-package/example-repo2" + assert.ok(foo.versions.compared.has("3.0.0")); + assert.ok(foo.versions.compared.has("2.0.0")); + assert.strictEqual(foo.versions.compared.size, 2); }); - const comparedVersion3 = compared.get("foo")!.versions.compared.get("3.0.0")!; - assert.strictEqual(comparedVersion3.isDevDependency, undefined); - assert.strictEqual(comparedVersion3.author, undefined); - - // repository: diff on url only - assert.deepStrictEqual(comparedVersion3.repository?.prev, { - type: "git", - url: "https://github.com/NodeSecure/js-x-ray" + it("should detect version diff", () => { + const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); + + const comparedVersion2 = compared.get("foo")!.versions.compared.get("2.0.0")!; + assert.ok(comparedVersion2.id?.prev === 1); + assert.ok(comparedVersion2.id.now === 0); + + assert.strictEqual(comparedVersion2.size?.prev, "1"); + assert.strictEqual(comparedVersion2.size.now, "2"); + + const usedBy = comparedVersion2.usedBy; + assert.ok(usedBy.added.has("baz")); + assert.strictEqual(usedBy.added.size, 1); + + assert.ok(usedBy.removed.has("bar")); + assert.strictEqual(usedBy.removed.size, 1); + + assert.strictEqual(usedBy.compared.get("foo")!.prev, "1.0.0"); + assert.strictEqual(usedBy.compared.get("foo")!.now, "1.0.1"); + + assert.ok(comparedVersion2.isDevDependency?.prev === false); + assert.ok(comparedVersion2.isDevDependency?.now); + + assert.ok(comparedVersion2.existOnRemoteRegistry?.prev === false); + assert.ok(comparedVersion2.existOnRemoteRegistry?.now === true); + + assert.ok(comparedVersion2.description?.prev === "foo"); + assert.ok(comparedVersion2.description?.now === "bar"); + + assert.equal(comparedVersion2.author?.prev.name, "Sindre Sorhus"); + assert.deepStrictEqual(comparedVersion2.author?.now, { + name: "Franck Sorhus", + email: "franck@gmail.com", + url: "https://franck.com" + }); + + // repository: diff on type only + assert.deepStrictEqual(comparedVersion2.repository?.prev, { + type: "svn", + url: "https://github.com/NodeSecure/js-x-ray" + }); + + assert.deepStrictEqual(comparedVersion2.repository.now, { + type: "git", + url: "https://github.com/NodeSecure/js-x-ray" + }); + + assert.deepStrictEqual(comparedVersion2.links?.prev, { + npm: "https://www.npmjs.com/package/example-package", + homepage: "https://example-package.com", + repository: "https://github.com/example-package/example-repo" + }); + + assert.deepStrictEqual(comparedVersion2.links.now, { + npm: "https://www.npmjs.com/package/example-package2", + homepage: "https://example-package2.com", + repository: "https://github.com/example-package/example-repo2" + }); + + const comparedVersion3 = compared.get("foo")!.versions.compared.get("3.0.0")!; + assert.strictEqual(comparedVersion3.isDevDependency, undefined); + assert.strictEqual(comparedVersion3.author, undefined); + + // repository: diff on url only + assert.deepStrictEqual(comparedVersion3.repository?.prev, { + type: "git", + url: "https://github.com/NodeSecure/js-x-ray" + }); + + assert.deepStrictEqual(comparedVersion3.repository.now, { + type: "git", + url: "https://github.com/NodeSecure/js-x-ray2" + }); }); - assert.deepStrictEqual(comparedVersion3.repository.now, { - type: "git", - url: "https://github.com/NodeSecure/js-x-ray2" - }); -}); + it("should detect compared version composition diff", () => { + const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); -it("should detect compared version composition diff", () => { - const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); + const comparedVersion2 = compared.get("foo")!.versions.compared.get("2.0.0")!; - const comparedVersion2 = compared.get("foo")!.versions.compared.get("2.0.0")!; + const composition = comparedVersion2.composition; + assert.strictEqual(composition.minified.added.length, 1); + assert.strictEqual(composition.minified.added[0], "baz.min.js"); - const composition = comparedVersion2.composition; - assert.strictEqual(composition.minified.added.length, 1); - assert.strictEqual(composition.minified.added[0], "baz.min.js"); + assert.strictEqual(composition.minified.removed.length, 1); + assert.strictEqual(composition.minified.removed[0], "bar.min.js"); - assert.strictEqual(composition.minified.removed.length, 1); - assert.strictEqual(composition.minified.removed[0], "bar.min.js"); + assert.strictEqual(composition.required_thirdparty.added.length, 1); + assert.strictEqual(composition.required_thirdparty.added[0], "baz"); - assert.strictEqual(composition.required_thirdparty.added.length, 1); - assert.strictEqual(composition.required_thirdparty.added[0], "baz"); + assert.strictEqual(composition.required_thirdparty.removed.length, 1); + assert.strictEqual(composition.required_thirdparty.removed[0], "bar"); - assert.strictEqual(composition.required_thirdparty.removed.length, 1); - assert.strictEqual(composition.required_thirdparty.removed[0], "bar"); + assert.strictEqual(composition.required_nodejs.added.length, 1); + assert.strictEqual(composition.required_nodejs.added[0], "baz"); - assert.strictEqual(composition.required_nodejs.added.length, 1); - assert.strictEqual(composition.required_nodejs.added[0], "baz"); + assert.strictEqual(composition.required_nodejs.removed.length, 1); + assert.strictEqual(composition.required_nodejs.removed[0], "bar"); - assert.strictEqual(composition.required_nodejs.removed.length, 1); - assert.strictEqual(composition.required_nodejs.removed[0], "bar"); + assert.strictEqual(composition.unused.added.length, 1); + assert.strictEqual(composition.unused.added[0], "baz"); - assert.strictEqual(composition.unused.added.length, 1); - assert.strictEqual(composition.unused.added[0], "baz"); + assert.strictEqual(composition.unused.removed.length, 1); + assert.strictEqual(composition.unused.removed[0], "bar"); - assert.strictEqual(composition.unused.removed.length, 1); - assert.strictEqual(composition.unused.removed[0], "bar"); + assert.strictEqual(composition.missing.added.length, 1); + assert.strictEqual(composition.missing.added[0], "baz"); - assert.strictEqual(composition.missing.added.length, 1); - assert.strictEqual(composition.missing.added[0], "baz"); + assert.strictEqual(composition.missing.removed.length, 1); + assert.strictEqual(composition.missing.removed[0], "bar"); + }); - assert.strictEqual(composition.missing.removed.length, 1); - assert.strictEqual(composition.missing.removed[0], "bar"); -}); + it("should detect license IDs diff", () => { + const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); + const { uniqueLicenseIds } = compared.get("foo")!.versions.compared.get("2.0.0")!; -it("should detect license IDs diff", () => { - const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); - const { uniqueLicenseIds } = compared.get("foo")!.versions.compared.get("2.0.0")!; + assert.strictEqual(uniqueLicenseIds.added.length, 1); + assert.strictEqual(uniqueLicenseIds.added[0], "BSD-3-Clause"); - assert.strictEqual(uniqueLicenseIds.added.length, 1); - assert.strictEqual(uniqueLicenseIds.added[0], "BSD-3-Clause"); + assert.strictEqual(uniqueLicenseIds.removed.length, 1); + assert.strictEqual(uniqueLicenseIds.removed[0], "GPL-3.0"); + }); - assert.strictEqual(uniqueLicenseIds.removed.length, 1); - assert.strictEqual(uniqueLicenseIds.removed[0], "GPL-3.0"); -}); + it("should detect flags diff", () => { + const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); + const { flags } = compared.get("foo")!.versions.compared.get("2.0.0")!; -it("should detect flags diff", () => { - const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); - const { flags } = compared.get("foo")!.versions.compared.get("2.0.0")!; + assert.strictEqual(flags.added.length, 1); + assert.strictEqual(flags.added[0], "🌲"); - assert.strictEqual(flags.added.length, 1); - assert.strictEqual(flags.added[0], "🌲"); + assert.strictEqual(flags.removed.length, 1); + assert.strictEqual(flags.removed[0], "💎"); + }); - assert.strictEqual(flags.removed.length, 1); - assert.strictEqual(flags.removed[0], "💎"); -}); + it("should detect engines diff", () => { + const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); + const { engines } = compared.get("foo")!.versions.compared.get("2.0.0")!; -it("should detect engines diff", () => { - const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); - const { engines } = compared.get("foo")!.versions.compared.get("2.0.0")!; + assert.strictEqual(engines.added.size, 1); + assert.ok(engines.added.has("node4")); - assert.strictEqual(engines.added.size, 1); - assert.ok(engines.added.has("node4")); + assert.strictEqual(engines.removed.size, 1); + assert.ok(engines.removed.has("node")); - assert.strictEqual(engines.removed.size, 1); - assert.ok(engines.removed.has("node")); + assert.strictEqual(engines.compared.size, 2); + assert.ok(engines.compared.has("node2")); + assert.ok(engines.compared.has("node3")); + assert.strictEqual(engines.compared.get("node2")!.prev, "^12.20.0 || ^14.13.1 || >=16.0.0"); + assert.strictEqual(engines.compared.get("node2")!.now, "^14.20.0 || ^16.13.1 || >=18.0.0"); + }); - assert.strictEqual(engines.compared.size, 2); - assert.ok(engines.compared.has("node2")); - assert.ok(engines.compared.has("node3")); - assert.strictEqual(engines.compared.get("node2")!.prev, "^12.20.0 || ^14.13.1 || >=16.0.0"); - assert.strictEqual(engines.compared.get("node2")!.now, "^14.20.0 || ^16.13.1 || >=18.0.0"); -}); + it("should detect scripts diff", () => { + const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); + const { scripts } = compared.get("foo")!.versions.compared.get("2.0.0")!; -it("should detect scripts diff", () => { - const { dependencies: { compared } } = compareTo("deeplyUpdatedPayload"); - const { scripts } = compared.get("foo")!.versions.compared.get("2.0.0")!; + assert.strictEqual(scripts.added.size, 1); + assert.ok(scripts.added.has("lint")); - assert.strictEqual(scripts.added.size, 1); - assert.ok(scripts.added.has("lint")); + assert.strictEqual(scripts.removed.size, 1); + assert.ok(scripts.removed.has("ci")); - assert.strictEqual(scripts.removed.size, 1); - assert.ok(scripts.removed.has("ci")); + assert.strictEqual(scripts.compared.size, 2); + assert.ok(scripts.compared.has("test")); + assert.strictEqual(scripts.compared.get("test"), undefined); + assert.ok(scripts.compared.has("standard")); + assert.strictEqual(scripts.compared.get("standard")?.prev, "npx standard"); + assert.strictEqual(scripts.compared.get("standard")?.now, "npx standard --fix"); + }); - assert.strictEqual(scripts.compared.size, 2); - assert.ok(scripts.compared.has("test")); - assert.strictEqual(scripts.compared.get("test"), undefined); - assert.ok(scripts.compared.has("standard")); - assert.strictEqual(scripts.compared.get("standard")?.prev, "npx standard"); - assert.strictEqual(scripts.compared.get("standard")?.now, "npx standard --fix"); -}); + it("should not throw when author is null", () => { + const { dependencies: { compared } } = compareTo("nullAuthor"); + const { author } = compared.get("foo")!.versions.compared.get("2.0.0")!; -it("should not throw when author is null", () => { - const { dependencies: { compared } } = compareTo("nullAuthor"); - const { author } = compared.get("foo")!.versions.compared.get("2.0.0")!; + assert.strictEqual(author, void 0); + }); - assert.strictEqual(author, void 0); -}); + const payloads = {} as Record; + function compareTo(name: string) { + if (!payloads[name]) { + payloads[name] = JSON.parse(readFileSync(join(kFixturePath, `/${name}.json`), "utf8")); + } -const payloads = {} as Record; -function compareTo(name: string) { - if (!payloads[name]) { - payloads[name] = JSON.parse(readFileSync(join(kFixturePath, `/${name}.json`), "utf8")); + return comparePayloads( + kPayload, + payloads[name] + ); } - - return comparePayloads( - kPayload, - payloads[name] - ); -} +}); diff --git a/workspaces/scanner/test/depWalker.spec.ts b/workspaces/scanner/test/depWalker.spec.ts index 90a61214..6e417c78 100644 --- a/workspaces/scanner/test/depWalker.spec.ts +++ b/workspaces/scanner/test/depWalker.spec.ts @@ -73,7 +73,7 @@ function cleanupPayload(payload: Payload) { } } -describe("depWalker", () => { +describe("depWalker", { concurrency: 2 }, () => { it("should resolve and match the full dependency tree of @slimio/is", { skip }, async(t) => { Vulnera.setStrategy(Vulnera.strategies.GITHUB_ADVISORY); const { logger, errorCount } = buildLogger(); diff --git a/workspaces/scanner/test/extractors/payload.spec.ts b/workspaces/scanner/test/extractors/payload.spec.ts index 3f818bd6..97b97f4b 100644 --- a/workspaces/scanner/test/extractors/payload.spec.ts +++ b/workspaces/scanner/test/extractors/payload.spec.ts @@ -5,8 +5,13 @@ import path from "node:path"; import { describe, it } from "node:test"; // Import Internal Dependencies -import { type ExtractorCallbackParams } from "../../src/extractors/payload.ts"; -import { Extractors, type Payload } from "../../src/index.ts"; +import { + Extractors, + type Payload +} from "../../src/index.ts"; +import type { + ExtractorCallbackParams +} from "../../src/extractors/payload.ts"; // CONSTANTS const kFixturePath = path.join("fixtures", "extractors"); diff --git a/workspaces/scanner/test/from.spec.ts b/workspaces/scanner/test/from.spec.ts index 946e5599..ac249341 100644 --- a/workspaces/scanner/test/from.spec.ts +++ b/workspaces/scanner/test/from.spec.ts @@ -33,7 +33,7 @@ function buildFakePayload(): Payload { }; } -describe("scanner.from()", () => { +describe("scanner.from()", { concurrency: 2 }, () => { it("should fetch the payload of pacote on the npm registry", async() => { const result = await from( "pacote", @@ -95,6 +95,18 @@ describe("scanner.from()", () => { ); }); + it("should report an integrity-mismatch warning for 'darcyclarke-manifest-pkg'", async() => { + const result = await from("darcyclarke-manifest-pkg", { + maxDepth: 2 + }); + + assert.equal(result.warnings.length, 1); + + const warning = result.warnings[0]; + assert.equal(warning.type, "integrity-mismatch"); + assert.match(warning.message, /manifest & tarball integrity doesn't match/g); + }); + describe("cacheLookup", () => { it("should return the cached payload without running the dependency walker", async() => { const fakePayload = buildFakePayload(); diff --git a/workspaces/scanner/test/integrityWarning.spec.ts b/workspaces/scanner/test/integrityWarning.spec.ts deleted file mode 100644 index cdb12c85..00000000 --- a/workspaces/scanner/test/integrityWarning.spec.ts +++ /dev/null @@ -1,18 +0,0 @@ -// Import Node.js Dependencies -import { test } from "node:test"; -import assert from "node:assert"; - -// Import Internal Dependencies -import { from } from "../src/index.ts"; - -test("expect one warning from 'darcyclarke-manifest-pkg' with an integrity issue", async() => { - const result = await from("darcyclarke-manifest-pkg", { - maxDepth: 2 - }); - - assert.equal(result.warnings.length, 1); - - const warning = result.warnings[0]; - assert.equal(warning.type, "integrity-mismatch"); - assert.match(warning.message, /manifest & tarball integrity doesn't match/g); -}); diff --git a/workspaces/scanner/test/logger.spec.ts b/workspaces/scanner/test/logger.spec.ts index a73097d3..fb699eb8 100644 --- a/workspaces/scanner/test/logger.spec.ts +++ b/workspaces/scanner/test/logger.spec.ts @@ -1,6 +1,6 @@ // Import Node.js Dependencies import EventEmitter, { once } from "node:events"; -import { test } from "node:test"; +import { describe, it } from "node:test"; import assert from "node:assert"; // Import Third-party Dependencies @@ -9,95 +9,97 @@ import is from "@slimio/is"; // Import Internal Dependencies import { Logger } from "../src/index.ts"; -test("Logger: Creating a new class instance and assert all properties", () => { - assert.ok(is.classObject(Logger)); - const logger = new Logger(); - assert.ok(is.map(logger.events), "logger instance as an ES6 Map of events"); - assert.equal(logger.events.size, 0, "logger events must be empty"); - assert.ok(logger instanceof EventEmitter, "Logger class must extend from Node.js EventEmitter"); -}); +describe("Logger", () => { + it("should be a class with an empty events map extending EventEmitter", () => { + assert.ok(is.classObject(Logger)); + const logger = new Logger(); + assert.ok(is.map(logger.events), "logger instance as an ES6 Map of events"); + assert.equal(logger.events.size, 0, "logger events must be empty"); + assert.ok(logger instanceof EventEmitter, "Logger class must extend from Node.js EventEmitter"); + }); -test("Logger: Initialized event should have the right properties", () => { - const logger = new Logger().start("foobar"); - const data = logger.events.get("foobar")!; - assert.deepEqual(Object.keys(data), ["startedAt", "count"]); -}); + it("initialized event should have startedAt and count properties", () => { + const logger = new Logger().start("foobar"); + const data = logger.events.get("foobar")!; + assert.deepEqual(Object.keys(data), ["startedAt", "count"]); + }); -test("Logger: triggering .count() of unknown event must return zero", () => { - const logger = new Logger(); + it(".count() on unknown event should return zero", () => { + const logger = new Logger(); - assert.equal(logger.count("foobar"), 0); -}); + assert.equal(logger.count("foobar"), 0); + }); + + it(".start() should emit event and create a new events entry", async() => { + const logger = new Logger(); + setImmediate(() => { + logger.start("foobar"); + }); -test("Logger: triggering .start() with known event should emit event and create a new events entry", async() => { - const logger = new Logger(); - setImmediate(() => { - logger.start("foobar"); + const [eventName] = await once(logger, "start"); + assert.equal(eventName, "foobar"); + assert.ok(logger.events.has("foobar")); }); - const [eventName] = await once(logger, "start"); - assert.equal(eventName, "foobar"); - assert.ok(logger.events.has("foobar")); -}); + it(".count() on a started/ticked event should return one", async() => { + const logger = new Logger().start("foobar"); + setImmediate(() => { + logger.tick("foobar"); + }); -test("Logger: triggering .count() on a started/ticked event should return one", async() => { - const logger = new Logger().start("foobar"); - setImmediate(() => { - logger.tick("foobar"); + const [eventName] = await once(logger, "tick"); + assert.equal(eventName, "foobar"); + assert.equal(logger.count("foobar"), 1); }); - const [eventName] = await once(logger, "tick"); - assert.equal(eventName, "foobar"); - assert.equal(logger.count("foobar"), 1); -}); + it(".end() on a started event should emit end event", async() => { + const logger = new Logger().start("foobar"); + setImmediate(() => { + logger.end("foobar"); + }); -test("Logger: triggering .end() on a started event should emit end event", async() => { - const logger = new Logger().start("foobar"); - setImmediate(() => { - logger.end("foobar"); + const [eventName, properties] = await once(logger, "end"); + assert.equal(eventName, "foobar"); + assert.ok(typeof properties.executionTime === "number"); + assert.equal(properties.count, 0); }); - const [eventName, properties] = await once(logger, "end"); - assert.equal(eventName, "foobar"); - assert.ok(typeof properties.executionTime === "number"); - assert.equal(properties.count, 0); -}); + it(".start() called a second time on same event should not emit", async() => { + const logger = new Logger().start("foobar"); -test("Logger: triggering .start() a second time should not emit an event", async() => { - const logger = new Logger().start("foobar"); + let count = 0; + logger.on("start", () => { + count++; + }); - let count = 0; - logger.on("start", () => { - count++; + const loggerBis = logger.start("foobar"); + assert.strictEqual(logger, loggerBis); + assert.equal(count, 0); }); - const loggerBis = logger.start("foobar"); - assert.strictEqual(logger, loggerBis); - assert.equal(count, 0); -}); + it(".end() on unknown event should return without emitting", async() => { + const logger = new Logger(); -test("Logger: triggering .end() on a unknown event should return", async() => { - const logger = new Logger(); + let count = 0; + logger.on("end", () => { + count++; + }); - let count = 0; - logger.on("end", () => { - count++; + const loggerBis = logger.end("foobar"); + assert.strictEqual(logger, loggerBis); + assert.equal(count, 0); }); - const loggerBis = logger.end("foobar"); - assert.strictEqual(logger, loggerBis); - assert.equal(count, 0); -}); + it(".tick() on unknown event should return without emitting", async() => { + const logger = new Logger(); -test("Logger: triggering .tick() on a unknown event should return", async() => { - const logger = new Logger(); + let count = 0; + logger.on("tick", () => { + count++; + }); - let count = 0; - logger.on("tick", () => { - count++; + const loggerBis = logger.tick("foobar"); + assert.strictEqual(logger, loggerBis); + assert.equal(count, 0); }); - - const loggerBis = logger.tick("foobar"); - assert.strictEqual(logger, loggerBis); - assert.equal(count, 0); }); diff --git a/workspaces/scanner/test/utils/addMissingVersionFlags.spec.ts b/workspaces/scanner/test/utils/addMissingVersionFlags.spec.ts index 55a2872f..dc8608d7 100644 --- a/workspaces/scanner/test/utils/addMissingVersionFlags.spec.ts +++ b/workspaces/scanner/test/utils/addMissingVersionFlags.spec.ts @@ -1,42 +1,44 @@ // Import Node.js Dependencies -import { test } from "node:test"; -import assert from "node:assert"; +import { describe, it } from "node:test"; +import assert from "node:assert/strict"; // Import Internal Dependencies import { addMissingVersionFlags } from "../../src/utils/index.ts"; -test("addMissingVersionFlags should return all missing flags", () => { - const flags = new Set([ - "hasOutdatedDependency" - ]); - const gen = addMissingVersionFlags(flags, { - metadata: { - hasReceivedUpdateInOneYear: false, - hasManyPublishers: true, - hasChangedAuthor: true - }, - vulnerabilities: [{}], - versions: ["1.1.1", "1.5.0"] - } as any); - const resultFlags = [...gen]; - assert.deepEqual(resultFlags, [ - "isDead", "hasManyPublishers", "hasChangedAuthor", "hasVulnerabilities", "hasDuplicate" - ]); -}); +describe("utils.addMissingVersionFlags", () => { + it("should return all missing flags", () => { + const flags = new Set([ + "hasOutdatedDependency" + ]); + const gen = addMissingVersionFlags(flags, { + metadata: { + hasReceivedUpdateInOneYear: false, + hasManyPublishers: true, + hasChangedAuthor: true + }, + vulnerabilities: [{}], + versions: ["1.1.1", "1.5.0"] + } as any); + const resultFlags = [...gen]; + assert.deepEqual(resultFlags, [ + "isDead", "hasManyPublishers", "hasChangedAuthor", "hasVulnerabilities", "hasDuplicate" + ]); + }); -test("addMissingVersionFlags should return an empty array", () => { - const flags = new Set([ - "hasOutdatedDependency", "isDead", "hasManyPublishers", "hasChangedAuthor", "hasVulnerabilities", "hasDuplicate" - ]); - const gen = addMissingVersionFlags(flags, { - metadata: { - hasReceivedUpdateInOneYear: false, - hasManyPublishers: true, - hasChangedAuthor: true - }, - vulnerabilities: [{}], - versions: ["1.1.1", "1.5.0"] - } as any); - const resultFlags = [...gen]; - assert.deepEqual(resultFlags, []); + it("should return an empty array", () => { + const flags = new Set([ + "hasOutdatedDependency", "isDead", "hasManyPublishers", "hasChangedAuthor", "hasVulnerabilities", "hasDuplicate" + ]); + const gen = addMissingVersionFlags(flags, { + metadata: { + hasReceivedUpdateInOneYear: false, + hasManyPublishers: true, + hasChangedAuthor: true + }, + vulnerabilities: [{}], + versions: ["1.1.1", "1.5.0"] + } as any); + const resultFlags = [...gen]; + assert.deepEqual(resultFlags, []); + }); }); diff --git a/workspaces/scanner/test/utils/getLinks.spec.ts b/workspaces/scanner/test/utils/getLinks.spec.ts index d957c7cf..97074eca 100644 --- a/workspaces/scanner/test/utils/getLinks.spec.ts +++ b/workspaces/scanner/test/utils/getLinks.spec.ts @@ -3,7 +3,9 @@ import assert from "node:assert/strict"; import { describe, it } from "node:test"; // Import Third-party Dependencies -import { type PackumentVersion } from "@nodesecure/npm-types"; +import type { + PackumentVersion +} from "@nodesecure/npm-types"; // Import Internal Dependencies import * as utils from "../../src/utils/index.ts"; diff --git a/workspaces/scanner/test/utils/getUsedDeps.spec.ts b/workspaces/scanner/test/utils/getUsedDeps.spec.ts index dc161f3c..3f0c41b4 100644 --- a/workspaces/scanner/test/utils/getUsedDeps.spec.ts +++ b/workspaces/scanner/test/utils/getUsedDeps.spec.ts @@ -1,22 +1,24 @@ // Import Node.js Dependencies -import { test } from "node:test"; -import assert from "node:assert"; +import { describe, it } from "node:test"; +import assert from "node:assert/strict"; // Import Internal Dependencies import { getUsedDeps } from "../../src/utils/index.ts"; -test("getUsedDeps should handle scoped packages", () => { - const deps = getUsedDeps(new Set([ - "@slimio/is@latest" - ])); +describe("utils.getUsedDeps", () => { + it("should handle scoped packages", () => { + const deps = getUsedDeps(new Set([ + "@slimio/is@latest" + ])); - assert.deepStrictEqual(deps, [["@slimio/is", "latest"]]); -}); + assert.deepStrictEqual(deps, [["@slimio/is", "latest"]]); + }); -test("getUsedDeps should handle non-scoped packages", () => { - const deps = getUsedDeps(new Set([ - "is@latest" - ])); + it("should handle non-scoped packages", () => { + const deps = getUsedDeps(new Set([ + "is@latest" + ])); - assert.deepStrictEqual(deps, [["is", "latest"]]); + assert.deepStrictEqual(deps, [["is", "latest"]]); + }); }); diff --git a/workspaces/scanner/test/utils/isNodesecurePayload.spec.ts b/workspaces/scanner/test/utils/isNodesecurePayload.spec.ts new file mode 100644 index 00000000..4ffd1a0b --- /dev/null +++ b/workspaces/scanner/test/utils/isNodesecurePayload.spec.ts @@ -0,0 +1,41 @@ +// Import Node.js Dependencies +import { describe, it } from "node:test"; +import assert from "node:assert/strict"; + +// Import Internal Dependencies +import { isNodesecurePayload } from "../../src/utils/isNodesecurePayload.ts"; + +describe("utils.isNodesecurePayload", () => { + it("should return true when given a full Payload", () => { + assert.ok(isNodesecurePayload({ + id: "abc123", + scannerVersion: "1.0.0", + dependencies: {} + } as any)); + }); + + it("should return false when given a dependencies map (no id or scannerVersion)", () => { + assert.strictEqual(isNodesecurePayload({} as any), false); + }); + + it("should return false when dependencies key is missing", () => { + assert.strictEqual(isNodesecurePayload({ + id: "abc123", + scannerVersion: "1.0.0" + } as any), false); + }); + + it("should return false when id key is missing", () => { + assert.strictEqual(isNodesecurePayload({ + dependencies: {}, + scannerVersion: "1.0.0" + } as any), false); + }); + + it("should return false when scannerVersion key is missing", () => { + assert.strictEqual(isNodesecurePayload({ + id: "abc123", + dependencies: {} + } as any), false); + }); +}); diff --git a/workspaces/scanner/test/utils/npmrc.spec.ts b/workspaces/scanner/test/utils/npmrc.spec.ts index 27cfeb9e..ade44f29 100644 --- a/workspaces/scanner/test/utils/npmrc.spec.ts +++ b/workspaces/scanner/test/utils/npmrc.spec.ts @@ -1,16 +1,22 @@ // Import Node.js Dependencies -import { test, describe } from "node:test"; -import assert from "node:assert"; +import { describe, it } from "node:test"; +import assert from "node:assert/strict"; import * as fs from "node:fs"; import path from "node:path"; import os from "node:os"; // Import Internal Dependencies -import { parseNpmRc, readNpmRc, getRegistryForPackage } from "../../src/utils/npmrc.ts"; -import { TempDirectory } from "../../src/class/TempDirectory.class.ts"; - -describe("parseNpmRc", () => { - test("should parse scoped registry entries", () => { +import { + parseNpmRc, + readNpmRc, + getRegistryForPackage +} from "../../src/utils/npmrc.ts"; +import { + TempDirectory +} from "../../src/class/TempDirectory.class.ts"; + +describe("utils.parseNpmRc", () => { + it("should parse scoped registry entries", () => { const content = ` @nodesecure-test:registry=https://npm.private-registry.test/ @other:registry=https://other.registry.com/ @@ -22,7 +28,7 @@ describe("parseNpmRc", () => { assert.strictEqual(result["@other:registry"], "https://other.registry.com/"); }); - test("should parse auth token entries", () => { + it("should parse auth token entries", () => { const content = ` //npm.private-registry.test/:_authToken=my-token //registry.npmjs.org/:_authToken=public-token @@ -34,7 +40,7 @@ describe("parseNpmRc", () => { assert.strictEqual(result["//registry.npmjs.org/:_authToken"], "public-token"); }); - test("should resolve environment variables", () => { + it("should resolve environment variables", () => { process.env.__TEST_NPMRC_TOKEN__ = "resolved-token"; try { @@ -49,7 +55,7 @@ describe("parseNpmRc", () => { } }); - test("should resolve undefined env vars to empty string", () => { + it("should resolve undefined env vars to empty string", () => { // eslint-disable-next-line no-template-curly-in-string const content = "//npm.private-registry.test/:_authToken=${UNDEFINED_VAR_NPMRC_TEST}"; const result = parseNpmRc(content); @@ -57,7 +63,7 @@ describe("parseNpmRc", () => { assert.strictEqual(result["//npm.private-registry.test/:_authToken"], ""); }); - test("should skip comments and empty lines", () => { + it("should skip comments and empty lines", () => { const content = ` # This is a comment ; This is also a comment @@ -69,7 +75,7 @@ describe("parseNpmRc", () => { assert.deepStrictEqual(Object.keys(result), ["@nodesecure-test:registry"]); }); - test("should skip lines without equals sign", () => { + it("should skip lines without equals sign", () => { const content = ` no-equals-here @nodesecure-test:registry=https://npm.private-registry.test/ @@ -81,7 +87,7 @@ describe("parseNpmRc", () => { assert.strictEqual(result["@nodesecure-test:registry"], "https://npm.private-registry.test/"); }); - test("should parse a typical .npmrc with mixed entries", () => { + it("should parse a typical .npmrc with mixed entries", () => { const content = ` registry=https://registry.npmjs.org/ always-auth=true @@ -99,13 +105,13 @@ describe("parseNpmRc", () => { assert.strictEqual(result["//npm.private-registry.test/:_authToken"], "private-token"); }); - test("should return empty object for empty content", () => { + it("should return empty object for empty content", () => { assert.deepStrictEqual(parseNpmRc(""), {}); }); }); -describe("readNpmRc", () => { - test("should read .npmrc from given location", async() => { +describe("utils.readNpmRc", () => { + it("should read .npmrc from given location", async() => { await using tempDir = await TempDirectory.create(); const npmrcContent = ` @@ -120,7 +126,7 @@ describe("readNpmRc", () => { assert.strictEqual(result["//npm.private-registry.test/:_authToken"], "test-token"); }); - test("should return entries even if location has no .npmrc", async() => { + it("should return entries even if location has no .npmrc", async() => { await using tempDir = await TempDirectory.create(); const result = await readNpmRc(tempDir.location); @@ -128,7 +134,7 @@ describe("readNpmRc", () => { assert.ok(typeof result === "object"); }); - test("should merge user and project .npmrc (project wins)", async() => { + it("should merge user and project .npmrc (project wins)", async() => { await using tempDir = await TempDirectory.create(); const userNpmrcPath = path.join(os.homedir(), ".npmrc"); @@ -161,42 +167,42 @@ describe("readNpmRc", () => { }); }); -describe("getRegistryForPackage", () => { +describe("utils.getRegistryForPackage", () => { const npmRcEntries = { "@nodesecure-test:registry": "https://npm.private-registry.test/", "@private:registry": "https://private.registry.com/" }; const defaultRegistry = "https://registry.npmjs.org/"; - test("should return scoped registry for matching scope", () => { + it("should return scoped registry for matching scope", () => { assert.strictEqual( getRegistryForPackage("@nodesecure-test/utils", npmRcEntries, defaultRegistry), "https://npm.private-registry.test/" ); }); - test("should return scoped registry for another matching scope", () => { + it("should return scoped registry for another matching scope", () => { assert.strictEqual( getRegistryForPackage("@private/some-lib", npmRcEntries, defaultRegistry), "https://private.registry.com/" ); }); - test("should return default registry for non-scoped package", () => { + it("should return default registry for non-scoped package", () => { assert.strictEqual( getRegistryForPackage("express", npmRcEntries, defaultRegistry), defaultRegistry ); }); - test("should return default registry for unknown scope", () => { + it("should return default registry for unknown scope", () => { assert.strictEqual( getRegistryForPackage("@unknown/lib", npmRcEntries, defaultRegistry), defaultRegistry ); }); - test("should return default registry when no npmRcEntries", () => { + it("should return default registry when no npmRcEntries", () => { assert.strictEqual( getRegistryForPackage("@nodesecure-test/utils", {}, defaultRegistry), defaultRegistry diff --git a/workspaces/scanner/test/utils/parseSemverRange.spec.ts b/workspaces/scanner/test/utils/parseSemverRange.spec.ts index 1803085c..17bfe94c 100644 --- a/workspaces/scanner/test/utils/parseSemverRange.spec.ts +++ b/workspaces/scanner/test/utils/parseSemverRange.spec.ts @@ -1,12 +1,14 @@ // Import Node.js Dependencies -import { test, describe } from "node:test"; -import assert from "node:assert"; +import { describe, it } from "node:test"; +import assert from "node:assert/strict"; // Import Internal Dependencies -import { parseSemverRange } from "../../src/utils/parseSemverRange.ts"; +import { + parseSemverRange +} from "../../src/utils/parseSemverRange.ts"; -describe("parseSemverRange", () => { - test("should do nothing when the semver ranges are already well formatted", () => { +describe("utils.parseSemverRange", () => { + it("should do nothing when the semver ranges are already well formatted", () => { assert.deepEqual(parseSemverRange({ foo: "1.2.3", bar: "1.2.3 || 1.2.4" @@ -16,7 +18,7 @@ describe("parseSemverRange", () => { }); }); - test("should parse to semver range string when getting an array", () => { + it("should parse to semver range string when getting an array", () => { assert.deepEqual(parseSemverRange({ foo: ["1.2.3"], bar: ["1.2.3", "1.2.4"] @@ -27,27 +29,27 @@ describe("parseSemverRange", () => { }); describe("specs", () => { - test("should parse specs to name semver range", () => { + it("should parse specs to name semver range", () => { assert.deepEqual(parseSemverRange(["foo@1.2.3", "bar@1.2.3", "bar@1.2.4"]), { foo: "1.2.3", bar: "1.2.3 || 1.2.4" }); }); - test("should parse to wildcard when there is no version", () => { + it("should parse to wildcard when there is no version", () => { assert.deepEqual(parseSemverRange(["mocha", "jest@1.2.1", "jest"]), { mocha: "*", jest: "1.2.1 || *" }); }); - test("should include the org in the name", () => { + it("should include the org in the name", () => { assert.deepEqual(parseSemverRange(["@nodesecure/js-x-ray@1.0.0", "@nodesecure/js-x-ray@1.0.1"]), { "@nodesecure/js-x-ray": "1.0.0 || 1.0.1" }); }); - test("should should not parse invalid specs", () => { + it("should not parse invalid specs", () => { assert.deepEqual(parseSemverRange([""]), {}); }); }); diff --git a/workspaces/scanner/test/utils/warnings.spec.ts b/workspaces/scanner/test/utils/warnings.spec.ts index d4661c43..7a1ffe81 100644 --- a/workspaces/scanner/test/utils/warnings.spec.ts +++ b/workspaces/scanner/test/utils/warnings.spec.ts @@ -1,15 +1,20 @@ // Import Node.js Dependencies -import { test } from "node:test"; -import assert from "node:assert"; +import { describe, it } from "node:test"; +import assert from "node:assert/strict"; // Import Third-party Dependencies import * as i18n from "@nodesecure/i18n"; // Import Internal Dependencies -import { getDependenciesWarnings } from "../../src/utils/index.ts"; +import { + getDependenciesWarnings +} from "../../src/utils/index.ts"; import type { Dependency } from "../../src/types.ts"; -function createDependency(maintainers = [], publishers = []) { +function createDependency( + maintainers = [], + publishers = [] +) { return { metadata: { authors: { @@ -22,36 +27,38 @@ function createDependency(maintainers = [], publishers = []) { } as unknown as Dependency; } -test("getDependenciesWarnings for library '@scarf/scarf'", async() => { - const deps = new Map([ - ["@scarf/scarf", createDependency()] - ]); +describe("utils.getDependenciesWarnings", () => { + it("should warn for library '@scarf/scarf'", async() => { + const deps = new Map([ + ["@scarf/scarf", createDependency()] + ]); - const warnsArray = await getDependenciesWarnings(deps); - assert.strictEqual(warnsArray.warnings.length, 1); + const warnsArray = await getDependenciesWarnings(deps); + assert.strictEqual(warnsArray.warnings.length, 1); - const message = await i18n.getToken("scanner.disable_scarf"); + const message = await i18n.getToken("scanner.disable_scarf"); - const warning = warnsArray.warnings[0]; - assert.strictEqual(warning.type, "dangerous-dependency"); - assert.ok( - warning.message.includes(message) - ); -}); + const warning = warnsArray.warnings[0]; + assert.strictEqual(warning.type, "dangerous-dependency"); + assert.ok( + warning.message.includes(message) + ); + }); -test("getDependenciesWarnings for library 'iohook'", async() => { - const deps = new Map([ - ["iohook", createDependency()] - ]); + it("should warn for library 'iohook'", async() => { + const deps = new Map([ + ["iohook", createDependency()] + ]); - const warnsArray = await getDependenciesWarnings(deps); - assert.strictEqual(warnsArray.warnings.length, 1); + const warnsArray = await getDependenciesWarnings(deps); + assert.strictEqual(warnsArray.warnings.length, 1); - const message = await i18n.getToken("scanner.keylogging"); + const message = await i18n.getToken("scanner.keylogging"); - const warning = warnsArray.warnings[0]; - assert.strictEqual(warning.type, "dangerous-dependency"); - assert.ok( - warning.message.includes(message) - ); + const warning = warnsArray.warnings[0]; + assert.strictEqual(warning.type, "dangerous-dependency"); + assert.ok( + warning.message.includes(message) + ); + }); }); diff --git a/workspaces/scanner/test/workingDir.spec.ts b/workspaces/scanner/test/workingDir.spec.ts index fbc19786..aba6ccd3 100644 --- a/workspaces/scanner/test/workingDir.spec.ts +++ b/workspaces/scanner/test/workingDir.spec.ts @@ -37,7 +37,7 @@ function buildFakePayload(): Payload { }; } -describe("scanner.workingDir()", () => { +describe("scanner.workingDir()", { concurrency: 2 }, () => { it("should parse author, homepage and links for a local package who doesn't exist on the remote registry", async() => { const file = path.join(kFixturePath, "non-npm-package"); const result = await workingDir(file, {