diff --git a/test/cli/README.md b/test/cli/README.md index 0025c236b..098d9d47f 100644 --- a/test/cli/README.md +++ b/test/cli/README.md @@ -3,9 +3,16 @@ ## What is included on these test? - Default configuration only -- Basic commands eg (`install / add`, `info`, `publish`, `search`). - Test with all popular package managers (`yarn classic` and `yarn modern (2,3, 4)`, `pnpm 6,7` and `npm 6, 7 and 8`) +### Commands Tested + +| cmd | npm6 | npm7 | npm8 | pnpm6 | pnpm7 | yarn1 | yarn2 | yarn3 | yarn4 | +| ------- | ---- | ---- | ---- | ----- | ----- | ----- | ----- | ----- | ----- | +| publish | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | +| info | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | +| audit | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | + ## How it works? > TBA diff --git a/test/cli/cli-commons/src/utils.ts b/test/cli/cli-commons/src/utils.ts index d3f621fe4..8f97e8cee 100644 --- a/test/cli/cli-commons/src/utils.ts +++ b/test/cli/cli-commons/src/utils.ts @@ -67,7 +67,9 @@ export async function prepareGenericEmptyProject( version: string, port: number, token: string, - registryDomain: string + registryDomain: string, + dependencies = {}, + devDependencies = {} ) { const getPackageJSON = (packageName, version = '1.0.0') => { const json = { @@ -78,6 +80,8 @@ export async function prepareGenericEmptyProject( scripts: { test: 'echo exit 1', }, + dependencies, + devDependencies, keywords: ['foo', 'bar'], author: 'Juan Picado ', license: 'MIT', diff --git a/test/cli/e2e-npm6/audit.spec.ts b/test/cli/e2e-npm6/audit.spec.ts new file mode 100644 index 000000000..8f9684223 --- /dev/null +++ b/test/cli/e2e-npm6/audit.spec.ts @@ -0,0 +1,45 @@ +import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons'; + +import { npm } from './utils'; + +describe('audit a package', () => { + jest.setTimeout(10000); + let registry; + + beforeAll(async () => { + const setup = await initialSetup(); + registry = setup.registry; + await registry.init(); + }); + + test.each([['verdaccio-memory', '@verdaccio/cli']])( + 'should audit a package %s', + async (pkgName) => { + const { tempFolder } = await prepareGenericEmptyProject( + pkgName, + '1.0.0-patch', + registry.port, + registry.getToken(), + registry.getRegistryUrl(), + { jquery: '3.6.1' } + ); + // install is required to create package lock file + await npm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl())); + const resp = await npm( + { cwd: tempFolder }, + 'audit', + '--json', + ...addRegistry(registry.getRegistryUrl()) + ); + const parsedBody = JSON.parse(resp.stdout as string); + expect(parsedBody.metadata).toBeDefined(); + expect(parsedBody.actions).toBeDefined(); + expect(parsedBody.advisories).toBeDefined(); + expect(parsedBody.muted).toBeDefined(); + } + ); + + afterAll(async () => { + registry.stop(); + }); +}); diff --git a/test/cli/e2e-npm7/audit.spec.ts b/test/cli/e2e-npm7/audit.spec.ts new file mode 100644 index 000000000..b2ecf2d5a --- /dev/null +++ b/test/cli/e2e-npm7/audit.spec.ts @@ -0,0 +1,44 @@ +import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons'; + +import { npm } from './utils'; + +describe('audit a package', () => { + jest.setTimeout(10000); + let registry; + + beforeAll(async () => { + const setup = await initialSetup(); + registry = setup.registry; + await registry.init(); + }); + + test.each([['verdaccio-memory', '@verdaccio/cli']])( + 'should audit a package %s', + async (pkgName) => { + const { tempFolder } = await prepareGenericEmptyProject( + pkgName, + '1.0.0-patch', + registry.port, + registry.getToken(), + registry.getRegistryUrl(), + { jquery: '3.6.1' } + ); + // install is required to create package lock file + await npm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl())); + const resp = await npm( + { cwd: tempFolder }, + 'audit', + '--json', + ...addRegistry(registry.getRegistryUrl()) + ); + const parsedBody = JSON.parse(resp.stdout as string); + expect(parsedBody.metadata).toBeDefined(); + expect(parsedBody.auditReportVersion).toBeDefined(); + expect(parsedBody.vulnerabilities).toBeDefined(); + } + ); + + afterAll(async () => { + registry.stop(); + }); +}); diff --git a/test/cli/e2e-npm8/audit.spec.ts b/test/cli/e2e-npm8/audit.spec.ts new file mode 100644 index 000000000..b2ecf2d5a --- /dev/null +++ b/test/cli/e2e-npm8/audit.spec.ts @@ -0,0 +1,44 @@ +import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons'; + +import { npm } from './utils'; + +describe('audit a package', () => { + jest.setTimeout(10000); + let registry; + + beforeAll(async () => { + const setup = await initialSetup(); + registry = setup.registry; + await registry.init(); + }); + + test.each([['verdaccio-memory', '@verdaccio/cli']])( + 'should audit a package %s', + async (pkgName) => { + const { tempFolder } = await prepareGenericEmptyProject( + pkgName, + '1.0.0-patch', + registry.port, + registry.getToken(), + registry.getRegistryUrl(), + { jquery: '3.6.1' } + ); + // install is required to create package lock file + await npm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl())); + const resp = await npm( + { cwd: tempFolder }, + 'audit', + '--json', + ...addRegistry(registry.getRegistryUrl()) + ); + const parsedBody = JSON.parse(resp.stdout as string); + expect(parsedBody.metadata).toBeDefined(); + expect(parsedBody.auditReportVersion).toBeDefined(); + expect(parsedBody.vulnerabilities).toBeDefined(); + } + ); + + afterAll(async () => { + registry.stop(); + }); +}); diff --git a/test/cli/e2e-pnpm6/audit.spec.ts b/test/cli/e2e-pnpm6/audit.spec.ts new file mode 100644 index 000000000..bacb77e0c --- /dev/null +++ b/test/cli/e2e-pnpm6/audit.spec.ts @@ -0,0 +1,45 @@ +import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons'; + +import { pnpm } from './utils'; + +describe('audit a package', () => { + jest.setTimeout(10000); + let registry; + + beforeAll(async () => { + const setup = await initialSetup(); + registry = setup.registry; + await registry.init(); + }); + + test.each([['verdaccio-memory', '@verdaccio/cli']])( + 'should audit a package %s', + async (pkgName) => { + const { tempFolder } = await prepareGenericEmptyProject( + pkgName, + '1.0.0-patch', + registry.port, + registry.getToken(), + registry.getRegistryUrl(), + { jquery: '3.6.1' } + ); + // install is required to create package lock file + await pnpm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl())); + const resp = await pnpm( + { cwd: tempFolder }, + 'audit', + '--json', + ...addRegistry(registry.getRegistryUrl()) + ); + const parsedBody = JSON.parse(resp.stdout as string); + expect(parsedBody.metadata).toBeDefined(); + expect(parsedBody.actions).toBeDefined(); + expect(parsedBody.advisories).toBeDefined(); + expect(parsedBody.muted).toBeDefined(); + } + ); + + afterAll(async () => { + registry.stop(); + }); +}); diff --git a/test/cli/e2e-pnpm7/audit.spec.ts b/test/cli/e2e-pnpm7/audit.spec.ts new file mode 100644 index 000000000..72c12842e --- /dev/null +++ b/test/cli/e2e-pnpm7/audit.spec.ts @@ -0,0 +1,45 @@ +import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons'; + +import { pnpm } from './utils'; + +describe('install a package', () => { + jest.setTimeout(10000); + let registry; + + beforeAll(async () => { + const setup = await initialSetup(); + registry = setup.registry; + await registry.init(); + }); + + test.each([['verdaccio-memory', '@verdaccio/cli']])( + 'should audit a package %s', + async (pkgName) => { + const { tempFolder } = await prepareGenericEmptyProject( + pkgName, + '1.0.0-patch', + registry.port, + registry.getToken(), + registry.getRegistryUrl(), + { jquery: '3.6.1' } + ); + // install is required to create package lock file + await pnpm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl())); + const resp = await pnpm( + { cwd: tempFolder }, + 'audit', + '--json', + ...addRegistry(registry.getRegistryUrl()) + ); + const parsedBody = JSON.parse(resp.stdout as string); + expect(parsedBody.metadata).toBeDefined(); + expect(parsedBody.actions).toBeDefined(); + expect(parsedBody.advisories).toBeDefined(); + expect(parsedBody.muted).toBeDefined(); + } + ); + + afterAll(async () => { + registry.stop(); + }); +}); diff --git a/test/cli/e2e-yarn1/audit.spec.ts b/test/cli/e2e-yarn1/audit.spec.ts new file mode 100644 index 000000000..d09f34708 --- /dev/null +++ b/test/cli/e2e-yarn1/audit.spec.ts @@ -0,0 +1,45 @@ +import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons'; + +import { yarn } from './utils'; + +describe('audit a package', () => { + jest.setTimeout(10000); + let registry; + + beforeAll(async () => { + const setup = await initialSetup(); + registry = setup.registry; + await registry.init(); + }); + + test.each([['verdaccio-memory', '@verdaccio/cli']])( + 'should audit a package %s', + async (pkgName) => { + const { tempFolder } = await prepareGenericEmptyProject( + pkgName, + '1.0.0-patch', + registry.port, + registry.getToken(), + registry.getRegistryUrl(), + { jquery: '3.6.1' } + ); + // install is required to create package lock file + await yarn({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl())); + const resp = await yarn( + { cwd: tempFolder }, + 'audit', + '--json', + ...addRegistry(registry.getRegistryUrl()) + ); + const parsedBody = JSON.parse(resp.stdout as string); + expect(parsedBody.type).toEqual('auditSummary'); + expect(parsedBody.data.totalDependencies).toBeDefined(); + expect(parsedBody.data.dependencies).toBeDefined(); + expect(parsedBody.data.devDependencies).toBeDefined(); + } + ); + + afterAll(async () => { + registry.stop(); + }); +}); diff --git a/test/cli/e2e-yarn2/audit.spec.ts b/test/cli/e2e-yarn2/audit.spec.ts new file mode 100644 index 000000000..4b32c2c48 --- /dev/null +++ b/test/cli/e2e-yarn2/audit.spec.ts @@ -0,0 +1,39 @@ +import { join } from 'path'; + +import { initialSetup, prepareYarnModernProject } from '@verdaccio/test-cli-commons'; + +import { getYarnCommand, yarn } from './utils'; + +describe('audit a package yarn 2', () => { + jest.setTimeout(10000); + let registry; + let projectFolder; + + beforeAll(async () => { + const setup = await initialSetup(); + registry = setup.registry; + await registry.init(); + const { tempFolder } = await prepareYarnModernProject( + join(__dirname, './yarn-project'), + 'yarn-2', + registry.getRegistryUrl(), + getYarnCommand() + ); + projectFolder = tempFolder; + }); + + test('should run yarn npm audit info json body', async () => { + await yarn(projectFolder, 'install'); + const resp = await yarn(projectFolder, 'npm', 'audit', '--json'); + const parsedBody = JSON.parse(resp.stdout as string); + expect(parsedBody.advisories).toBeDefined(); + expect(parsedBody.advisories['1069969']).toBeDefined(); + expect(parsedBody.advisories['1069969'].recommendation).toEqual( + 'Upgrade to version 3.4.0 or later' + ); + }); + + afterAll(async () => { + registry.stop(); + }); +}); diff --git a/test/cli/e2e-yarn2/yarn-project/package.json b/test/cli/e2e-yarn2/yarn-project/package.json index da86787ad..d716038b3 100644 --- a/test/cli/e2e-yarn2/yarn-project/package.json +++ b/test/cli/e2e-yarn2/yarn-project/package.json @@ -1,4 +1,7 @@ { "name": "foo", - "version": "1.0.0" + "version": "1.0.0", + "dependencies": { + "jquery": "3.0.0" + } } diff --git a/test/cli/e2e-yarn3/audit.spec.ts b/test/cli/e2e-yarn3/audit.spec.ts new file mode 100644 index 000000000..4d50db86c --- /dev/null +++ b/test/cli/e2e-yarn3/audit.spec.ts @@ -0,0 +1,39 @@ +import { join } from 'path'; + +import { initialSetup, prepareYarnModernProject } from '@verdaccio/test-cli-commons'; + +import { getYarnCommand, yarn } from './utils'; + +describe('audit a package yarn 3', () => { + jest.setTimeout(10000); + let registry; + let projectFolder; + + beforeAll(async () => { + const setup = await initialSetup(); + registry = setup.registry; + await registry.init(); + const { tempFolder } = await prepareYarnModernProject( + join(__dirname, './yarn-project'), + 'yarn-2', + registry.getRegistryUrl(), + getYarnCommand() + ); + projectFolder = tempFolder; + }); + + test('should run yarn npm audit info json body', async () => { + await yarn(projectFolder, 'install'); + const resp = await yarn(projectFolder, 'npm', 'audit', '--json'); + const parsedBody = JSON.parse(resp.stdout as string); + expect(parsedBody.advisories).toBeDefined(); + expect(parsedBody.advisories['1069969']).toBeDefined(); + expect(parsedBody.advisories['1069969'].recommendation).toEqual( + 'Upgrade to version 3.4.0 or later' + ); + }); + + afterAll(async () => { + registry.stop(); + }); +}); diff --git a/test/cli/e2e-yarn3/info.spec.ts b/test/cli/e2e-yarn3/info.spec.ts index d8a8c0277..a3f0e8191 100644 --- a/test/cli/e2e-yarn3/info.spec.ts +++ b/test/cli/e2e-yarn3/info.spec.ts @@ -23,6 +23,7 @@ describe('install a package', () => { }); test('should run yarn 3 info json body', async () => { + await yarn(projectFolder, 'install'); const resp = await yarn(projectFolder, 'npm', 'info', 'verdaccio', '--json'); const parsedBody = JSON.parse(resp.stdout as string); expect(parsedBody.name).toEqual('verdaccio'); diff --git a/test/cli/e2e-yarn3/yarn-project/.yarnrc.yml b/test/cli/e2e-yarn3/yarn-project/.yarnrc.yml index 1cc77bdb6..6aa2a1ed4 100644 --- a/test/cli/e2e-yarn3/yarn-project/.yarnrc.yml +++ b/test/cli/e2e-yarn3/yarn-project/.yarnrc.yml @@ -2,6 +2,8 @@ httpRetry: 10 httpTimeout: 100000 npmRegistryServer: ${registry} yarnPath: .yarn/releases/yarn.js - +# on CI modify the lock file is not allowed +# https://github.com/yarnpkg/berry/discussions/3486#discussioncomment-1379344 +enableImmutableInstalls: false unsafeHttpWhitelist: - localhost diff --git a/test/cli/e2e-yarn3/yarn-project/package.json b/test/cli/e2e-yarn3/yarn-project/package.json index da86787ad..d716038b3 100644 --- a/test/cli/e2e-yarn3/yarn-project/package.json +++ b/test/cli/e2e-yarn3/yarn-project/package.json @@ -1,4 +1,7 @@ { "name": "foo", - "version": "1.0.0" + "version": "1.0.0", + "dependencies": { + "jquery": "3.0.0" + } } diff --git a/test/cli/e2e-yarn4/utils.ts b/test/cli/e2e-yarn4/utils.ts index 80f531629..6c4fdf4a8 100644 --- a/test/cli/e2e-yarn4/utils.ts +++ b/test/cli/e2e-yarn4/utils.ts @@ -8,6 +8,8 @@ export function getCommand(projectFolder) { export function getYarnCommand() { // FUTURE: yarn 4 rc still not available via registry + // tags: https://repo.yarnpkg.com/tags + // download binary: https://repo.yarnpkg.com/4.0.0-rc.14/packages/yarnpkg-cli/bin/yarn.js return join(__dirname, './bin/yarn-4.0.0-rc.14.cjs'); } diff --git a/test/cli/e2e-yarn4/yarn-project/package.json b/test/cli/e2e-yarn4/yarn-project/package.json index da86787ad..d716038b3 100644 --- a/test/cli/e2e-yarn4/yarn-project/package.json +++ b/test/cli/e2e-yarn4/yarn-project/package.json @@ -1,4 +1,7 @@ { "name": "foo", - "version": "1.0.0" + "version": "1.0.0", + "dependencies": { + "jquery": "3.0.0" + } }