__tests__/audit.test.ts

import * as child_process from 'child_process'
import * as fs from 'fs'
import * as path from 'path'
import { Audit } from '../src/audit'
import { fileURLToPath } from 'url'
import { dirname } from 'path'

const __filename = fileURLToPath(import.meta.url)
const __dirname = dirname(__filename)

vi.mock('child_process')

const audit = new Audit()

describe('run', () => {
  beforeEach(() => {
    vi.mocked(child_process).spawnSync.mockClear()
  })

  test('finds vulnerabilities with default values', () => {
    vi.mocked(child_process).spawnSync.mockImplementation(
      (): child_process.SpawnSyncReturns<string> => {
        const stdout = fs
          .readFileSync(path.join(__dirname, 'testdata/audit/error.txt'))
          .toString()

        return {
          pid: 100,
          output: [null, stdout, ''],
          stdout,
          stderr: '',
          status: 1,
          signal: null,
          error: undefined
        }
      }
    )

    audit.run('low', 'false', 'false')
    expect(audit.foundVulnerability()).toBeTruthy()
  })

  test('finds vulnerabilities with production flag enabled', () => {
    vi.mocked(child_process).spawnSync.mockImplementation(
      (): child_process.SpawnSyncReturns<string> => {
        const stdout = fs
          .readFileSync(path.join(__dirname, 'testdata/audit/error.txt'))
          .toString()

        return {
          pid: 100,
          output: [null, stdout, ''],
          stdout,
          stderr: '',
          status: 1,
          signal: null,
          error: undefined
        }
      }
    )

    audit.run('low', 'true', 'false')
    expect(audit.foundVulnerability()).toBeTruthy()
  })

  test('finds vulnerabilities with json flag enabled', () => {
    vi.mocked(child_process).spawnSync.mockImplementation(
      (): child_process.SpawnSyncReturns<string> => {
        const stdout = fs
          .readFileSync(path.join(__dirname, 'testdata/audit/error.json'))
          .toString()

        return {
          pid: 100,
          output: [null, stdout, ''],
          stdout,
          stderr: '',
          status: 1,
          signal: null,
          error: undefined
        }
      }
    )

    audit.run('low', 'false', 'true')
    expect(audit.foundVulnerability()).toBeTruthy()
  })

  test('does not find vulnerabilities', () => {
    vi.mocked(child_process).spawnSync.mockImplementation(
      (): child_process.SpawnSyncReturns<string> => {
        const stdout = fs
          .readFileSync(path.join(__dirname, 'testdata/audit/success.txt'))
          .toString()

        return {
          pid: 100,
          output: [null, stdout, ''],
          stdout,
          stderr: '',
          status: 0,
          signal: null,
          error: undefined
        }
      }
    )

    audit.run('low', 'false', 'false')
    expect(audit.foundVulnerability()).toBeFalsy()
  })

  test('throws an error if error is not null', () => {
    vi.mocked(child_process).spawnSync.mockImplementation(
      (): child_process.SpawnSyncReturns<string> => {
        return {
          pid: 100,
          output: [null, '', ''],
          stdout: '',
          stderr: '',
          status: 0,
          signal: null,
          error: new Error('Something is wrong')
        }
      }
    )

    expect.assertions(1)
    const e = new Error('Something is wrong')
    expect(() => audit.run('low', 'false', 'false')).toThrowError(e)
  })

  test('throws an error if status is null', () => {
    vi.mocked(child_process).spawnSync.mockImplementation(
      (): child_process.SpawnSyncReturns<string> => {
        return {
          pid: 100,
          output: [null, '', ''],
          stdout: '',
          stderr: '',
          status: null,
          signal: 'SIGTERM',
          error: undefined
        }
      }
    )

    expect.assertions(1)
    const e = new Error('the subprocess terminated due to a signal.')
    expect(() => audit.run('low', 'false', 'false')).toThrowError(e)
  })

  test('throws an error if stderr is null', () => {
    vi.mocked(child_process).spawnSync.mockImplementation(
      (): child_process.SpawnSyncReturns<string> => {
        return {
          pid: 100,
          output: [null, '', 'Something is wrong'],
          stdout: '',
          stderr: 'Something is wrong',
          status: 1,
          signal: null,
          error: undefined
        }
      }
    )

    expect.assertions(1)
    const e = new Error('Something is wrong')
    expect(() => audit.run('low', 'false', 'false')).toThrowError(e)
  })
})
add unit test and cleanup (#28) * remove unnessary import * use mock for child_process.spawnSync() * document useful resources * use v1.1.0 for daily scan 2019-12-13 16:09:10 +09:00			`import * as child_process from 'child_process'`
			`import * as fs from 'fs'`
			`import * as path from 'path'`
fix: resolve prettier and eslint conflict by removing bracketSpacing: false 2025-05-03 12:32:25 +00:00			`import { Audit } from '../src/audit'`
			`import { fileURLToPath } from 'url'`
			`import { dirname } from 'path'`
feat: migrate codebase to ES Modules 2025-05-03 02:15:44 +00:00
			`const __filename = fileURLToPath(import.meta.url)`
			`const __dirname = dirname(__filename)`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00
refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mock('child_process')`
add unit test and cleanup (#28) * remove unnessary import * use mock for child_process.spawnSync() * document useful resources * use v1.1.0 for daily scan 2019-12-13 16:09:10 +09:00
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`const audit = new Audit()`

add unit test and cleanup (#28) * remove unnessary import * use mock for child_process.spawnSync() * document useful resources * use v1.1.0 for daily scan 2019-12-13 16:09:10 +09:00			`describe('run', () => {`
			`beforeEach(() => {`
refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mocked(child_process).spawnSync.mockClear()`
add unit test and cleanup (#28) * remove unnessary import * use mock for child_process.spawnSync() * document useful resources * use v1.1.0 for daily scan 2019-12-13 16:09:10 +09:00			`})`

feat: add the ability to run with '--production' (#75) * feat: add the ability to run with '--production' Adding the config options to run npm audit with the --production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> * fix: add tests Adding the relevant tests for the new production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> 2020-11-12 12:33:56 +02:00			`test('finds vulnerabilities with default values', () => {`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`vi.mocked(child_process).spawnSync.mockImplementation(`
			`(): child_process.SpawnSyncReturns<string> => {`
			`const stdout = fs`
			`.readFileSync(path.join(__dirname, 'testdata/audit/error.txt'))`
			`.toString()`

			`return {`
			`pid: 100,`
			`output: [null, stdout, ''],`
			`stdout,`
			`stderr: '',`
			`status: 1,`
			`signal: null,`
			`error: undefined`
			`}`
add unit test and cleanup (#28) * remove unnessary import * use mock for child_process.spawnSync() * document useful resources * use v1.1.0 for daily scan 2019-12-13 16:09:10 +09:00			`}`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`)`
add unit test and cleanup (#28) * remove unnessary import * use mock for child_process.spawnSync() * document useful resources * use v1.1.0 for daily scan 2019-12-13 16:09:10 +09:00
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`audit.run('low', 'false', 'false')`
feat: add the ability to run with '--production' (#75) * feat: add the ability to run with '--production' Adding the config options to run npm audit with the --production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> * fix: add tests Adding the relevant tests for the new production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> 2020-11-12 12:33:56 +02:00			`expect(audit.foundVulnerability()).toBeTruthy()`
			`})`

			`test('finds vulnerabilities with production flag enabled', () => {`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`vi.mocked(child_process).spawnSync.mockImplementation(`
			`(): child_process.SpawnSyncReturns<string> => {`
			`const stdout = fs`
			`.readFileSync(path.join(__dirname, 'testdata/audit/error.txt'))`
			`.toString()`

			`return {`
			`pid: 100,`
			`output: [null, stdout, ''],`
			`stdout,`
			`stderr: '',`
			`status: 1,`
			`signal: null,`
			`error: undefined`
			`}`
feat: add the ability to run with '--production' (#75) * feat: add the ability to run with '--production' Adding the config options to run npm audit with the --production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> * fix: add tests Adding the relevant tests for the new production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> 2020-11-12 12:33:56 +02:00			`}`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`)`
feat: add the ability to run with '--production' (#75) * feat: add the ability to run with '--production' Adding the config options to run npm audit with the --production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> * fix: add tests Adding the relevant tests for the new production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> 2020-11-12 12:33:56 +02:00
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`audit.run('low', 'true', 'false')`
			`expect(audit.foundVulnerability()).toBeTruthy()`
			`})`

			`test('finds vulnerabilities with json flag enabled', () => {`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`vi.mocked(child_process).spawnSync.mockImplementation(`
			`(): child_process.SpawnSyncReturns<string> => {`
			`const stdout = fs`
			`.readFileSync(path.join(__dirname, 'testdata/audit/error.json'))`
			`.toString()`

			`return {`
			`pid: 100,`
			`output: [null, stdout, ''],`
			`stdout,`
			`stderr: '',`
			`status: 1,`
			`signal: null,`
			`error: undefined`
			`}`
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`}`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`)`
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00
			`audit.run('low', 'false', 'true')`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`expect(audit.foundVulnerability()).toBeTruthy()`
			`})`

			`test('does not find vulnerabilities', () => {`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`vi.mocked(child_process).spawnSync.mockImplementation(`
			`(): child_process.SpawnSyncReturns<string> => {`
			`const stdout = fs`
			`.readFileSync(path.join(__dirname, 'testdata/audit/success.txt'))`
			`.toString()`

			`return {`
			`pid: 100,`
			`output: [null, stdout, ''],`
			`stdout,`
			`stderr: '',`
			`status: 0,`
			`signal: null,`
			`error: undefined`
			`}`
add unit test and cleanup (#28) * remove unnessary import * use mock for child_process.spawnSync() * document useful resources * use v1.1.0 for daily scan 2019-12-13 16:09:10 +09:00			`}`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`)`
add unit test and cleanup (#28) * remove unnessary import * use mock for child_process.spawnSync() * document useful resources * use v1.1.0 for daily scan 2019-12-13 16:09:10 +09:00
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`audit.run('low', 'false', 'false')`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`expect(audit.foundVulnerability()).toBeFalsy()`
			`})`
Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00
Catch errors thrown by Audit.run and increase child process buffer size (#67) * Audit.run does not need to be async * Set max buffer size for npm audit subprocess to 10MiB 2020-07-14 02:59:28 -07:00			`test('throws an error if error is not null', () => {`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`vi.mocked(child_process).spawnSync.mockImplementation(`
			`(): child_process.SpawnSyncReturns<string> => {`
			`return {`
			`pid: 100,`
			`output: [null, '', ''],`
			`stdout: '',`
			`stderr: '',`
			`status: 0,`
			`signal: null,`
			`error: new Error('Something is wrong')`
			`}`
Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00			`}`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`)`
Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00
			`expect.assertions(1)`
			`const e = new Error('Something is wrong')`
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`expect(() => audit.run('low', 'false', 'false')).toThrowError(e)`
Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00			`})`

Catch errors thrown by Audit.run and increase child process buffer size (#67) * Audit.run does not need to be async * Set max buffer size for npm audit subprocess to 10MiB 2020-07-14 02:59:28 -07:00			`test('throws an error if status is null', () => {`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`vi.mocked(child_process).spawnSync.mockImplementation(`
			`(): child_process.SpawnSyncReturns<string> => {`
			`return {`
			`pid: 100,`
			`output: [null, '', ''],`
			`stdout: '',`
			`stderr: '',`
			`status: null,`
			`signal: 'SIGTERM',`
			`error: undefined`
			`}`
Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00			`}`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`)`
Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00
			`expect.assertions(1)`
			`const e = new Error('the subprocess terminated due to a signal.')`
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`expect(() => audit.run('low', 'false', 'false')).toThrowError(e)`
Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00			`})`

Catch errors thrown by Audit.run and increase child process buffer size (#67) * Audit.run does not need to be async * Set max buffer size for npm audit subprocess to 10MiB 2020-07-14 02:59:28 -07:00			`test('throws an error if stderr is null', () => {`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`vi.mocked(child_process).spawnSync.mockImplementation(`
			`(): child_process.SpawnSyncReturns<string> => {`
			`return {`
			`pid: 100,`
			`output: [null, '', 'Something is wrong'],`
			`stdout: '',`
			`stderr: 'Something is wrong',`
			`status: 1,`
			`signal: null,`
			`error: undefined`
			`}`
Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00			`}`
fix(lint): resolve @typescript-eslint/no-explicit-any warnings 2025-05-07 12:11:12 +00:00			`)`
Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00
			`expect.assertions(1)`
			`const e = new Error('Something is wrong')`
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`expect(() => audit.run('low', 'false', 'false')).toThrowError(e)`
Add unit test for error handling (#30) 2019-12-14 12:56:45 +09:00			`})`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`})`