2024-09-29 05:47:10 -05:00
|
|
|
import { afterAll, beforeAll, describe, expect, test } from 'vitest';
|
|
|
|
|
2022-09-27 15:56:17 -05:00
|
|
|
import { initialSetup, yarnModernUtils } from '@verdaccio/test-cli-commons';
|
2022-09-16 17:33:55 -05:00
|
|
|
|
|
|
|
import { getYarnCommand, yarn } from './utils';
|
|
|
|
|
|
|
|
describe('audit a package yarn 2', () => {
|
|
|
|
let registry;
|
|
|
|
let projectFolder;
|
|
|
|
|
|
|
|
beforeAll(async () => {
|
|
|
|
const setup = await initialSetup();
|
|
|
|
registry = setup.registry;
|
|
|
|
await registry.init();
|
2022-09-27 15:56:17 -05:00
|
|
|
const { tempFolder } = await yarnModernUtils.prepareYarnModernProject(
|
2022-09-16 17:33:55 -05:00
|
|
|
'yarn-2',
|
|
|
|
registry.getRegistryUrl(),
|
2022-09-27 15:56:17 -05:00
|
|
|
getYarnCommand(),
|
|
|
|
{
|
|
|
|
packageName: '@scope/name',
|
|
|
|
version: '1.0.0',
|
2024-02-18 05:33:07 -05:00
|
|
|
dependencies: { aaa: 'latest' },
|
2022-09-27 15:56:17 -05:00
|
|
|
devDependencies: {},
|
|
|
|
}
|
2022-09-16 17:33:55 -05:00
|
|
|
);
|
|
|
|
projectFolder = tempFolder;
|
|
|
|
});
|
|
|
|
|
2022-09-27 15:56:17 -05:00
|
|
|
test('should run yarn npm audit info json body', async () => {
|
2022-09-16 17:33:55 -05:00
|
|
|
await yarn(projectFolder, 'install');
|
2024-02-18 05:33:07 -05:00
|
|
|
// this might fails if the dependency used above has vulnerabilities
|
|
|
|
// always try to use ar real dependency that does not have such issues
|
|
|
|
// yarn berry uses exit 1 if has error https://github.com/yarnpkg/berry/pull/4358
|
2022-09-16 17:33:55 -05:00
|
|
|
const resp = await yarn(projectFolder, 'npm', 'audit', '--json');
|
|
|
|
const parsedBody = JSON.parse(resp.stdout as string);
|
|
|
|
expect(parsedBody.advisories).toBeDefined();
|
|
|
|
});
|
|
|
|
|
|
|
|
afterAll(async () => {
|
|
|
|
registry.stop();
|
|
|
|
});
|
|
|
|
});
|