diff options
Diffstat (limited to 'deps/npm/test/tap/audit.js')
| -rw-r--r-- | deps/npm/test/tap/audit.js | 216 |
1 files changed, 204 insertions, 12 deletions
diff --git a/deps/npm/test/tap/audit.js b/deps/npm/test/tap/audit.js index 3384579f77..631eedf276 100644 --- a/deps/npm/test/tap/audit.js +++ b/deps/npm/test/tap/audit.js @@ -12,21 +12,10 @@ const test = tap.test const Dir = Tacks.Dir const File = Tacks.File -const testDir = path.join(__dirname, path.basename(__filename, '.js')) +const testDir = common.pkg const EXEC_OPTS = { cwd: testDir } -tap.tearDown(function () { - process.chdir(__dirname) - try { - rimraf.sync(testDir) - } catch (e) { - if (process.platform !== 'win32') { - throw e - } - } -}) - function tmock (t) { return mr({port: common.port}).then(s => { t.tearDown(function () { @@ -263,6 +252,209 @@ test('exits with non-zero exit code for vulnerabilities at the `audit-level` fla }) }) +test('exits with zero exit code for vulnerabilities in devDependencies when running with production flag', t => { + const fixture = new Tacks(new Dir({ + 'package.json': new File({ + name: 'foo', + version: '1.0.0', + dependencies: { + gooddep: '1.0.0' + }, + devDependencies: { + baddep: '1.0.0' + } + }) + })) + fixture.create(testDir) + return tmock(t).then(srv => { + srv.filteringRequestBody(req => 'ok') + srv.post('/-/npm/v1/security/audits/quick', 'ok').reply(200, 'yeah') + srv.get('/gooddep').twice().reply(200, { + name: 'gooddep', + 'dist-tags': { + 'latest': '1.2.3' + }, + versions: { + '1.0.0': { + name: 'gooddep', + version: '1.0.0', + _hasShrinkwrap: false, + dist: { + shasum: 'deadbeef', + tarball: common.registry + '/idk/-/idk-1.0.0.tgz' + } + }, + '1.2.3': { + name: 'gooddep', + version: '1.2.3', + _hasShrinkwrap: false, + dist: { + shasum: 'deadbeef', + tarball: common.registry + '/idk/-/idk-1.2.3.tgz' + } + } + } + }) + srv.get('/baddep').twice().reply(200, { + name: 'baddep', + 'dist-tags': { + 'latest': '1.2.3' + }, + versions: { + '1.0.0': { + name: 'baddep', + version: '1.0.0', + _hasShrinkwrap: false, + dist: { + shasum: 'deadbeef', + tarball: common.registry + '/idk/-/idk-1.0.0.tgz' + } + }, + '1.2.3': { + name: 'baddep', + version: '1.2.3', + _hasShrinkwrap: false, + dist: { + shasum: 'deadbeef', + tarball: common.registry + '/idk/-/idk-1.2.3.tgz' + } + } + } + }) + return common.npm([ + 'install', + '--audit', + '--json', + '--production', + '--package-lock-only', + '--registry', common.registry, + '--cache', path.join(testDir, 'npm-cache') + ], EXEC_OPTS).then(([code, stdout, stderr]) => { + srv.filteringRequestBody(req => 'ok') + srv.post('/-/npm/v1/security/audits', 'ok').reply(200, { + actions: [], + metadata: { + vulnerabilities: {} + } + }) + return common.npm([ + 'audit', + '--json', + '--production', + '--registry', common.registry, + '--cache', path.join(testDir, 'npm-cache') + ], EXEC_OPTS).then(([code, stdout, stderr]) => { + t.equal(code, 0, 'exited OK') + }) + }) + }) +}) + +test('exits with non-zero exit code for vulnerabilities in dependencies when running with production flag', t => { + const fixture = new Tacks(new Dir({ + 'package.json': new File({ + name: 'foo', + version: '1.0.0', + dependencies: { + baddep: '1.0.0' + }, + devDependencies: { + gooddep: '1.0.0' + } + }) + })) + fixture.create(testDir) + return tmock(t).then(srv => { + srv.filteringRequestBody(req => 'ok') + srv.post('/-/npm/v1/security/audits/quick', 'ok').reply(200, 'yeah') + srv.get('/baddep').twice().reply(200, { + name: 'baddep', + 'dist-tags': { + 'latest': '1.2.3' + }, + versions: { + '1.0.0': { + name: 'baddep', + version: '1.0.0', + _hasShrinkwrap: false, + dist: { + shasum: 'deadbeef', + tarball: common.registry + '/idk/-/idk-1.0.0.tgz' + } + }, + '1.2.3': { + name: 'baddep', + version: '1.2.3', + _hasShrinkwrap: false, + dist: { + shasum: 'deadbeef', + tarball: common.registry + '/idk/-/idk-1.2.3.tgz' + } + } + } + }) + srv.get('/gooddep').twice().reply(200, { + name: 'gooddep', + 'dist-tags': { + 'latest': '1.2.3' + }, + versions: { + '1.0.0': { + name: 'gooddep', + version: '1.0.0', + _hasShrinkwrap: false, + dist: { + shasum: 'deadbeef', + tarball: common.registry + '/idk/-/idk-1.0.0.tgz' + } + }, + '1.2.3': { + name: 'gooddep', + version: '1.2.3', + _hasShrinkwrap: false, + dist: { + shasum: 'deadbeef', + tarball: common.registry + '/idk/-/idk-1.2.3.tgz' + } + } + } + }) + return common.npm([ + 'install', + '--audit', + '--json', + '--production', + '--package-lock-only', + '--registry', common.registry, + '--cache', path.join(testDir, 'npm-cache') + ], EXEC_OPTS).then(([code, stdout, stderr]) => { + srv.filteringRequestBody(req => 'ok') + srv.post('/-/npm/v1/security/audits', 'ok').reply(200, { + actions: [{ + action: 'update', + module: 'baddep', + target: '1.2.3', + resolves: [{path: 'baddep'}] + }], + metadata: { + vulnerabilities: { + low: 1 + } + } + }) + return common.npm([ + 'audit', + '--json', + '--production', + '--registry', common.registry, + '--cache', path.join(testDir, 'npm-cache') + ], EXEC_OPTS).then(([code, stdout, stderr]) => { + t.equal(code, 1, 'exited OK') + }) + }) + }) +}) + test('cleanup', t => { return rimraf(testDir) }) |