test: e2e audit cmd (#3382)

* test: e2e audit * Update process.ts * Update audit.spec.ts * Update package.json * chore: test * test * test * chore: add docs
2024-12-30 22:34:10 -05:00 · 2022-09-17 00:33:55 +02:00 · 2022-09-17 00:33:55 +02:00 · ccabb4b876
commit ccabb4b876
parent c3f287bc04
16 changed files with 377 additions and 6 deletions
--- a/test/cli/README.md
+++ b/test/cli/README.md
@ -3,9 +3,16 @@
 ## What is included on these test?

 - Default configuration only
- Basic commands eg (`install / add`, `info`, `publish`, `search`).
 - Test with all popular package managers (`yarn classic` and `yarn modern (2,3, 4)`, `pnpm 6,7` and `npm 6, 7 and 8`)

+### Commands Tested
+
+| cmd     | npm6 | npm7 | npm8 | pnpm6 | pnpm7 | yarn1 | yarn2 | yarn3 | yarn4 |
+| ------- | ---- | ---- | ---- | ----- | ----- | ----- | ----- | ----- | ----- |
+| publish | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ❌    | ❌    | ❌    |
+| info    | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ✅    | ✅    | ✅    |
+| audit   | ✅   | ✅   | ✅   | ✅    | ✅    | ✅    | ✅    | ✅    | ❌    |
+
 ## How it works?

 > TBA
--- a/test/cli/cli-commons/src/utils.ts
+++ b/test/cli/cli-commons/src/utils.ts
@ -67,7 +67,9 @@ export async function prepareGenericEmptyProject(
  version: string,
  port: number,
  token: string,
-  registryDomain: string
+  registryDomain: string,
+  dependencies = {},
+  devDependencies = {}
 ) {
  const getPackageJSON = (packageName, version = '1.0.0') => {
    const json = {
@ -78,6 +80,8 @@ export async function prepareGenericEmptyProject(
      scripts: {
        test: 'echo exit 1',
      },
+      dependencies,
+      devDependencies,
      keywords: ['foo', 'bar'],
      author: 'Juan Picado <jotadeveloper@gmail.com>',
      license: 'MIT',
--- a/test/cli/e2e-npm6/audit.spec.ts
+++ b/test/cli/e2e-npm6/audit.spec.ts
@ -0,0 +1,45 @@
+import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons';
+
+import { npm } from './utils';
+
+describe('audit a package', () => {
+  jest.setTimeout(10000);
+  let registry;
+
+  beforeAll(async () => {
+    const setup = await initialSetup();
+    registry = setup.registry;
+    await registry.init();
+  });
+
+  test.each([['verdaccio-memory', '@verdaccio/cli']])(
+    'should audit a package %s',
+    async (pkgName) => {
+      const { tempFolder } = await prepareGenericEmptyProject(
+        pkgName,
+        '1.0.0-patch',
+        registry.port,
+        registry.getToken(),
+        registry.getRegistryUrl(),
+        { jquery: '3.6.1' }
+      );
+      // install is required to create package lock file
+      await npm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl()));
+      const resp = await npm(
+        { cwd: tempFolder },
+        'audit',
+        '--json',
+        ...addRegistry(registry.getRegistryUrl())
+      );
+      const parsedBody = JSON.parse(resp.stdout as string);
+      expect(parsedBody.metadata).toBeDefined();
+      expect(parsedBody.actions).toBeDefined();
+      expect(parsedBody.advisories).toBeDefined();
+      expect(parsedBody.muted).toBeDefined();
+    }
+  );
+
+  afterAll(async () => {
+    registry.stop();
+  });
+});
--- a/test/cli/e2e-npm7/audit.spec.ts
+++ b/test/cli/e2e-npm7/audit.spec.ts
@ -0,0 +1,44 @@
+import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons';
+
+import { npm } from './utils';
+
+describe('audit a package', () => {
+  jest.setTimeout(10000);
+  let registry;
+
+  beforeAll(async () => {
+    const setup = await initialSetup();
+    registry = setup.registry;
+    await registry.init();
+  });
+
+  test.each([['verdaccio-memory', '@verdaccio/cli']])(
+    'should audit a package %s',
+    async (pkgName) => {
+      const { tempFolder } = await prepareGenericEmptyProject(
+        pkgName,
+        '1.0.0-patch',
+        registry.port,
+        registry.getToken(),
+        registry.getRegistryUrl(),
+        { jquery: '3.6.1' }
+      );
+      // install is required to create package lock file
+      await npm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl()));
+      const resp = await npm(
+        { cwd: tempFolder },
+        'audit',
+        '--json',
+        ...addRegistry(registry.getRegistryUrl())
+      );
+      const parsedBody = JSON.parse(resp.stdout as string);
+      expect(parsedBody.metadata).toBeDefined();
+      expect(parsedBody.auditReportVersion).toBeDefined();
+      expect(parsedBody.vulnerabilities).toBeDefined();
+    }
+  );
+
+  afterAll(async () => {
+    registry.stop();
+  });
+});
--- a/test/cli/e2e-npm8/audit.spec.ts
+++ b/test/cli/e2e-npm8/audit.spec.ts
@ -0,0 +1,44 @@
+import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons';
+
+import { npm } from './utils';
+
+describe('audit a package', () => {
+  jest.setTimeout(10000);
+  let registry;
+
+  beforeAll(async () => {
+    const setup = await initialSetup();
+    registry = setup.registry;
+    await registry.init();
+  });
+
+  test.each([['verdaccio-memory', '@verdaccio/cli']])(
+    'should audit a package %s',
+    async (pkgName) => {
+      const { tempFolder } = await prepareGenericEmptyProject(
+        pkgName,
+        '1.0.0-patch',
+        registry.port,
+        registry.getToken(),
+        registry.getRegistryUrl(),
+        { jquery: '3.6.1' }
+      );
+      // install is required to create package lock file
+      await npm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl()));
+      const resp = await npm(
+        { cwd: tempFolder },
+        'audit',
+        '--json',
+        ...addRegistry(registry.getRegistryUrl())
+      );
+      const parsedBody = JSON.parse(resp.stdout as string);
+      expect(parsedBody.metadata).toBeDefined();
+      expect(parsedBody.auditReportVersion).toBeDefined();
+      expect(parsedBody.vulnerabilities).toBeDefined();
+    }
+  );
+
+  afterAll(async () => {
+    registry.stop();
+  });
+});
--- a/test/cli/e2e-pnpm6/audit.spec.ts
+++ b/test/cli/e2e-pnpm6/audit.spec.ts
@ -0,0 +1,45 @@
+import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons';
+
+import { pnpm } from './utils';
+
+describe('audit a package', () => {
+  jest.setTimeout(10000);
+  let registry;
+
+  beforeAll(async () => {
+    const setup = await initialSetup();
+    registry = setup.registry;
+    await registry.init();
+  });
+
+  test.each([['verdaccio-memory', '@verdaccio/cli']])(
+    'should audit a package %s',
+    async (pkgName) => {
+      const { tempFolder } = await prepareGenericEmptyProject(
+        pkgName,
+        '1.0.0-patch',
+        registry.port,
+        registry.getToken(),
+        registry.getRegistryUrl(),
+        { jquery: '3.6.1' }
+      );
+      // install is required to create package lock file
+      await pnpm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl()));
+      const resp = await pnpm(
+        { cwd: tempFolder },
+        'audit',
+        '--json',
+        ...addRegistry(registry.getRegistryUrl())
+      );
+      const parsedBody = JSON.parse(resp.stdout as string);
+      expect(parsedBody.metadata).toBeDefined();
+      expect(parsedBody.actions).toBeDefined();
+      expect(parsedBody.advisories).toBeDefined();
+      expect(parsedBody.muted).toBeDefined();
+    }
+  );
+
+  afterAll(async () => {
+    registry.stop();
+  });
+});
--- a/test/cli/e2e-pnpm7/audit.spec.ts
+++ b/test/cli/e2e-pnpm7/audit.spec.ts
@ -0,0 +1,45 @@
+import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons';
+
+import { pnpm } from './utils';
+
+describe('install a package', () => {
+  jest.setTimeout(10000);
+  let registry;
+
+  beforeAll(async () => {
+    const setup = await initialSetup();
+    registry = setup.registry;
+    await registry.init();
+  });
+
+  test.each([['verdaccio-memory', '@verdaccio/cli']])(
+    'should audit a package %s',
+    async (pkgName) => {
+      const { tempFolder } = await prepareGenericEmptyProject(
+        pkgName,
+        '1.0.0-patch',
+        registry.port,
+        registry.getToken(),
+        registry.getRegistryUrl(),
+        { jquery: '3.6.1' }
+      );
+      // install is required to create package lock file
+      await pnpm({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl()));
+      const resp = await pnpm(
+        { cwd: tempFolder },
+        'audit',
+        '--json',
+        ...addRegistry(registry.getRegistryUrl())
+      );
+      const parsedBody = JSON.parse(resp.stdout as string);
+      expect(parsedBody.metadata).toBeDefined();
+      expect(parsedBody.actions).toBeDefined();
+      expect(parsedBody.advisories).toBeDefined();
+      expect(parsedBody.muted).toBeDefined();
+    }
+  );
+
+  afterAll(async () => {
+    registry.stop();
+  });
+});
--- a/test/cli/e2e-yarn1/audit.spec.ts
+++ b/test/cli/e2e-yarn1/audit.spec.ts
@ -0,0 +1,45 @@
+import { addRegistry, initialSetup, prepareGenericEmptyProject } from '@verdaccio/test-cli-commons';
+
+import { yarn } from './utils';
+
+describe('audit a package', () => {
+  jest.setTimeout(10000);
+  let registry;
+
+  beforeAll(async () => {
+    const setup = await initialSetup();
+    registry = setup.registry;
+    await registry.init();
+  });
+
+  test.each([['verdaccio-memory', '@verdaccio/cli']])(
+    'should audit a package %s',
+    async (pkgName) => {
+      const { tempFolder } = await prepareGenericEmptyProject(
+        pkgName,
+        '1.0.0-patch',
+        registry.port,
+        registry.getToken(),
+        registry.getRegistryUrl(),
+        { jquery: '3.6.1' }
+      );
+      // install is required to create package lock file
+      await yarn({ cwd: tempFolder }, 'install', ...addRegistry(registry.getRegistryUrl()));
+      const resp = await yarn(
+        { cwd: tempFolder },
+        'audit',
+        '--json',
+        ...addRegistry(registry.getRegistryUrl())
+      );
+      const parsedBody = JSON.parse(resp.stdout as string);
+      expect(parsedBody.type).toEqual('auditSummary');
+      expect(parsedBody.data.totalDependencies).toBeDefined();
+      expect(parsedBody.data.dependencies).toBeDefined();
+      expect(parsedBody.data.devDependencies).toBeDefined();
+    }
+  );
+
+  afterAll(async () => {
+    registry.stop();
+  });
+});
--- a/test/cli/e2e-yarn2/audit.spec.ts
+++ b/test/cli/e2e-yarn2/audit.spec.ts
@ -0,0 +1,39 @@
+import { join } from 'path';
+
+import { initialSetup, prepareYarnModernProject } from '@verdaccio/test-cli-commons';
+
+import { getYarnCommand, yarn } from './utils';
+
+describe('audit a package yarn 2', () => {
+  jest.setTimeout(10000);
+  let registry;
+  let projectFolder;
+
+  beforeAll(async () => {
+    const setup = await initialSetup();
+    registry = setup.registry;
+    await registry.init();
+    const { tempFolder } = await prepareYarnModernProject(
+      join(__dirname, './yarn-project'),
+      'yarn-2',
+      registry.getRegistryUrl(),
+      getYarnCommand()
+    );
+    projectFolder = tempFolder;
+  });
+
+  test('should run yarn npm audit info json body', async () => {
+    await yarn(projectFolder, 'install');
+    const resp = await yarn(projectFolder, 'npm', 'audit', '--json');
+    const parsedBody = JSON.parse(resp.stdout as string);
+    expect(parsedBody.advisories).toBeDefined();
+    expect(parsedBody.advisories['1069969']).toBeDefined();
+    expect(parsedBody.advisories['1069969'].recommendation).toEqual(
+      'Upgrade to version 3.4.0 or later'
+    );
+  });
+
+  afterAll(async () => {
+    registry.stop();
+  });
+});
--- a/test/cli/e2e-yarn2/yarn-project/package.json
+++ b/test/cli/e2e-yarn2/yarn-project/package.json
@ -1,4 +1,7 @@
 {
  "name": "foo",
-  "version": "1.0.0"
+  "version": "1.0.0",
+  "dependencies": {
+    "jquery": "3.0.0"
+  }
 }
--- a/test/cli/e2e-yarn3/audit.spec.ts
+++ b/test/cli/e2e-yarn3/audit.spec.ts
@ -0,0 +1,39 @@
+import { join } from 'path';
+
+import { initialSetup, prepareYarnModernProject } from '@verdaccio/test-cli-commons';
+
+import { getYarnCommand, yarn } from './utils';
+
+describe('audit a package yarn 3', () => {
+  jest.setTimeout(10000);
+  let registry;
+  let projectFolder;
+
+  beforeAll(async () => {
+    const setup = await initialSetup();
+    registry = setup.registry;
+    await registry.init();
+    const { tempFolder } = await prepareYarnModernProject(
+      join(__dirname, './yarn-project'),
+      'yarn-2',
+      registry.getRegistryUrl(),
+      getYarnCommand()
+    );
+    projectFolder = tempFolder;
+  });
+
+  test('should run yarn npm audit info json body', async () => {
+    await yarn(projectFolder, 'install');
+    const resp = await yarn(projectFolder, 'npm', 'audit', '--json');
+    const parsedBody = JSON.parse(resp.stdout as string);
+    expect(parsedBody.advisories).toBeDefined();
+    expect(parsedBody.advisories['1069969']).toBeDefined();
+    expect(parsedBody.advisories['1069969'].recommendation).toEqual(
+      'Upgrade to version 3.4.0 or later'
+    );
+  });
+
+  afterAll(async () => {
+    registry.stop();
+  });
+});
--- a/test/cli/e2e-yarn3/info.spec.ts
+++ b/test/cli/e2e-yarn3/info.spec.ts
@ -23,6 +23,7 @@ describe('install a package', () => {
  });

  test('should run yarn 3 info json body', async () => {
+    await yarn(projectFolder, 'install');
    const resp = await yarn(projectFolder, 'npm', 'info', 'verdaccio', '--json');
    const parsedBody = JSON.parse(resp.stdout as string);
    expect(parsedBody.name).toEqual('verdaccio');
--- a/test/cli/e2e-yarn3/yarn-project/.yarnrc.yml
+++ b/test/cli/e2e-yarn3/yarn-project/.yarnrc.yml
@ -2,6 +2,8 @@ httpRetry: 10
 httpTimeout: 100000
 npmRegistryServer: ${registry}
 yarnPath: .yarn/releases/yarn.js
-
+# on CI modify the lock file is not allowed
+# https://github.com/yarnpkg/berry/discussions/3486#discussioncomment-1379344
+enableImmutableInstalls: false
 unsafeHttpWhitelist:
  - localhost
--- a/test/cli/e2e-yarn3/yarn-project/package.json
+++ b/test/cli/e2e-yarn3/yarn-project/package.json
@ -1,4 +1,7 @@
 {
  "name": "foo",
-  "version": "1.0.0"
+  "version": "1.0.0",
+  "dependencies": {
+    "jquery": "3.0.0"
+  }
 }
--- a/test/cli/e2e-yarn4/utils.ts
+++ b/test/cli/e2e-yarn4/utils.ts
@ -8,6 +8,8 @@ export function getCommand(projectFolder) {

 export function getYarnCommand() {
  // FUTURE: yarn 4 rc still not available via registry
+  // tags: https://repo.yarnpkg.com/tags
+  // download binary: https://repo.yarnpkg.com/4.0.0-rc.14/packages/yarnpkg-cli/bin/yarn.js
  return join(__dirname, './bin/yarn-4.0.0-rc.14.cjs');
 }

--- a/test/cli/e2e-yarn4/yarn-project/package.json
+++ b/test/cli/e2e-yarn4/yarn-project/package.json
@ -1,4 +1,7 @@
 {
  "name": "foo",
-  "version": "1.0.0"
+  "version": "1.0.0",
+  "dependencies": {
+    "jquery": "3.0.0"
+  }
 }