feat: add the ability to run with '--production' (#75)

* feat: add the ability to run with '--production' Adding the config options to run npm audit with the --production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> * fix: add tests Adding the relevant tests for the new production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com>
2020-11-12 12:33:56 +02:00
parent 107a3c4a4a
commit 42e6d27a29
8 changed files with 56 additions and 9 deletions
--- a/tests/audit.test.ts
+++ b/tests/audit.test.ts
@@ -13,7 +13,7 @@ describe('run', () => {
    mocked(child_process).spawnSync.mockClear()
  })

-  test('finds vulnerabilities', () => {
+  test('finds vulnerabilities with default values', () => {
    mocked(child_process).spawnSync.mockImplementation((): any => {
      const stdout = fs.readFileSync(
        path.join(__dirname, 'testdata/audit/error.txt')
@@ -30,7 +30,28 @@ describe('run', () => {
      }
    })

-    audit.run('low')
+    audit.run('low', 'false')
+    expect(audit.foundVulnerability()).toBeTruthy()
+  })
+
+  test('finds vulnerabilities with production flag enabled', () => {
+    mocked(child_process).spawnSync.mockImplementation((): any => {
+      const stdout = fs.readFileSync(
+        path.join(__dirname, 'testdata/audit/error.txt')
+      )
+
+      return {
+        pid: 100,
+        output: [stdout],
+        stdout,
+        stderr: '',
+        status: 1,
+        signal: null,
+        error: null
+      }
+    })
+
+    audit.run('low', 'true')
    expect(audit.foundVulnerability()).toBeTruthy()
  })

@@ -51,7 +72,7 @@ describe('run', () => {
      }
    })

-    audit.run('low')
+    audit.run('low', 'false')
    expect(audit.foundVulnerability()).toBeFalsy()
  })

@@ -70,7 +91,7 @@ describe('run', () => {

    expect.assertions(1)
    const e = new Error('Something is wrong')
-    expect(() => audit.run('low')).toThrowError(e)
+    expect(() => audit.run('low', 'false')).toThrowError(e)
  })

  test('throws an error if status is null', () => {
@@ -88,7 +109,7 @@ describe('run', () => {

    expect.assertions(1)
    const e = new Error('the subprocess terminated due to a signal.')
-    expect(() => audit.run('low')).toThrowError(e)
+    expect(() => audit.run('low', 'false')).toThrowError(e)
  })

  test('throws an error if stderr is null', () => {
@@ -106,6 +127,6 @@ describe('run', () => {

    expect.assertions(1)
    const e = new Error('Something is wrong')
-    expect(() => audit.run('low')).toThrowError(e)
+    expect(() => audit.run('low', 'false')).toThrowError(e)
  })
 })
--- a/tests/main.test.ts
+++ b/tests/main.test.ts
@@ -15,6 +15,7 @@ describe('run', () => {
    mocked(pr).createComment.mockClear()

    process.env.INPUT_AUDIT_LEVEL = 'low'
+    process.env.INPUT_PRODUCTION_FLAG = 'false'
    process.env.INPUT_GITHUB_CONTEXT =
      '{ "event_name": "pull_request", "event": { "number": 100} }'
    process.env.INPUT_GITHUB_TOKEN = '***'
--- a/tests/testdata/workdir/package-lock.json
+++ b/tests/testdata/workdir/package-lock.json
@@ -355,6 +355,12 @@
        "mime-types": "~2.1.24"
      }
    },
+    "typescript": {
+      "version": "3.9.7",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.7.tgz",
+      "integrity": "sha512-BLbiRkiBzAwsjut4x/dsibSTB6yWpwT5qWmC2OfuCg3GgVQCSgMs4vEctYPhsaGtd0AeuuHMkjZ2h2WG8MSzRw==",
+      "dev": true
+    },
    "unpipe": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
--- a/tests/testdata/workdir/package.json
+++ b/tests/testdata/workdir/package.json
@@ -11,5 +11,8 @@
  "license": "ISC",
  "dependencies": {
    "express": "^4.17.1"
+  },
+  "devDependencies": {
+    "typescript": "^3.9.7"
  }
 }