diff options
Diffstat (limited to 'deps/npm/test')
| -rw-r--r-- | deps/npm/test/common-tap.js | 3 | ||||
| -rw-r--r-- | deps/npm/test/fake-registry.md | 2 | ||||
| -rw-r--r-- | deps/npm/test/fixtures/config/userconfig-with-gc | 2 | ||||
| -rw-r--r-- | deps/npm/test/tap/audit.js | 120 | ||||
| -rw-r--r-- | deps/npm/test/tap/fund.js | 4 | ||||
| -rw-r--r-- | deps/npm/test/tap/install-mention-funding.js | 14 | ||||
| -rw-r--r-- | deps/npm/test/tap/install.fund.js | 19 | ||||
| -rw-r--r-- | deps/npm/test/tap/team.js | 23 | ||||
| -rw-r--r-- | deps/npm/test/tap/utils.funding.js | 67 |
9 files changed, 230 insertions, 24 deletions
diff --git a/deps/npm/test/common-tap.js b/deps/npm/test/common-tap.js index 86a9057121..9e38c7690f 100644 --- a/deps/npm/test/common-tap.js +++ b/deps/npm/test/common-tap.js @@ -193,7 +193,8 @@ exports.makeGitRepo = function (params, cb) { git.chainableExec(['config', 'user.name', user], opts), git.chainableExec(['config', 'user.email', email], opts), // don't time out tests waiting for a gpg passphrase or 2fa - git.chainableExec(['config', 'commit.gpgsign', 'false'], opts), + git.chainableExec(['config', 'commit.gpgSign', 'false'], opts), + git.chainableExec(['config', 'tag.gpgSign', 'false'], opts), git.chainableExec(['config', 'tag.forceSignAnnotated', 'false'], opts), git.chainableExec(['add'].concat(added), opts), git.chainableExec(['commit', '-m', message], opts) diff --git a/deps/npm/test/fake-registry.md b/deps/npm/test/fake-registry.md index 766c0972dc..604fda4167 100644 --- a/deps/npm/test/fake-registry.md +++ b/deps/npm/test/fake-registry.md @@ -160,7 +160,7 @@ compatibility mode and the default value of port comes from `common.port`. ### done() -Resets all of the configured mocks. +Resets all of the configured mocks. ### close() diff --git a/deps/npm/test/fixtures/config/userconfig-with-gc b/deps/npm/test/fixtures/config/userconfig-with-gc index 866f78dab6..b00d5195bd 100644 --- a/deps/npm/test/fixtures/config/userconfig-with-gc +++ b/deps/npm/test/fixtures/config/userconfig-with-gc @@ -1,4 +1,4 @@ -globalconfig = /Users/ruyadorno/Documents/workspace/cli/test/fixtures/config/globalconfig +globalconfig = /Users/claudiahdz/npm/cli/test/fixtures/config/globalconfig email = i@izs.me env-thing = ${random_env_var} init.author.name = Isaac Z. Schlueter diff --git a/deps/npm/test/tap/audit.js b/deps/npm/test/tap/audit.js index 631eedf276..ca3da87a3a 100644 --- a/deps/npm/test/tap/audit.js +++ b/deps/npm/test/tap/audit.js @@ -27,6 +27,66 @@ function tmock (t) { }) } +const quickAuditResult = { + actions: [], + advisories: { + '1316': { + findings: [ + { + version: '1.0.0', + paths: [ + 'baddep' + ] + } + ], + 'id': 1316, + 'created': '2019-11-14T15:29:41.991Z', + 'updated': '2019-11-14T19:35:30.677Z', + 'deleted': null, + 'title': 'Arbitrary Code Execution', + 'found_by': { + 'link': '', + 'name': 'François Lajeunesse-Robert', + 'email': '' + }, + 'reported_by': { + 'link': '', + 'name': 'François Lajeunesse-Robert', + 'email': '' + }, + 'module_name': 'baddep', + 'cves': [], + 'vulnerable_versions': '<4.5.2', + 'patched_versions': '>=4.5.2', + 'overview': 'a nice overview of the advisory', + 'recommendation': 'how you should fix it', + 'references': '', + 'access': 'public', + 'severity': 'high', + 'cwe': 'CWE-79', + 'metadata': { + 'module_type': '', + 'exploitability': 6, + 'affected_components': '' + }, + 'url': 'https://npmjs.com/advisories/1234542069' + } + }, + 'muted': [], + 'metadata': { + 'vulnerabilities': { + 'info': 0, + 'low': 0, + 'moderate': 0, + 'high': 1, + 'critical': 0 + }, + 'dependencies': 1, + 'devDependencies': 0, + 'totalDependencies': 1 + } +} + test('exits with zero exit code for vulnerabilities below the `audit-level` flag', t => { const fixture = new Tacks(new Dir({ 'package.json': new File({ @@ -40,7 +100,7 @@ test('exits with zero exit code for vulnerabilities below the `audit-level` flag fixture.create(testDir) return tmock(t).then(srv => { srv.filteringRequestBody(req => 'ok') - srv.post('/-/npm/v1/security/audits/quick', 'ok').reply(200, 'yeah') + srv.post('/-/npm/v1/security/audits/quick', 'ok').reply(200, quickAuditResult) srv.get('/baddep').twice().reply(200, { name: 'baddep', 'dist-tags': { @@ -75,6 +135,8 @@ test('exits with zero exit code for vulnerabilities below the `audit-level` flag '--registry', common.registry, '--cache', path.join(testDir, 'npm-cache') ], EXEC_OPTS).then(([code, stdout, stderr]) => { + const result = JSON.parse(stdout) + t.same(result.audit, quickAuditResult, 'printed quick audit result') srv.filteringRequestBody(req => 'ok') srv.post('/-/npm/v1/security/audits', 'ok').reply(200, { actions: [{ @@ -102,6 +164,62 @@ test('exits with zero exit code for vulnerabilities below the `audit-level` flag }) }) +test('shows quick audit results summary for human', t => { + const fixture = new Tacks(new Dir({ + 'package.json': new File({ + name: 'foo', + version: '1.0.0', + dependencies: { + baddep: '1.0.0' + } + }) + })) + fixture.create(testDir) + return tmock(t).then(srv => { + srv.filteringRequestBody(req => 'ok') + srv.post('/-/npm/v1/security/audits/quick', 'ok').reply(200, quickAuditResult) + srv.get('/baddep').twice().reply(200, { + name: 'baddep', + 'dist-tags': { + 'latest': '1.2.3' + }, + versions: { + '1.0.0': { + name: 'baddep', + version: '1.0.0', + _hasShrinkwrap: false, + dist: { + shasum: 'deadbeef', + tarball: common.registry + '/idk/-/idk-1.0.0.tgz' + } + }, + '1.2.3': { + name: 'baddep', + version: '1.2.3', + _hasShrinkwrap: false, + dist: { + shasum: 'deadbeef', + tarball: common.registry + '/idk/-/idk-1.2.3.tgz' + } + } + } + }) + return common.npm([ + 'install', + '--audit', + '--no-json', + '--package-lock-only', + '--registry', common.registry, + '--cache', path.join(testDir, 'npm-cache') + ], EXEC_OPTS).then(([code, stdout, stderr]) => { + t.match(stdout, new RegExp('added 1 package and audited 1 package in .*\\n' + + 'found 1 high severity vulnerability\\n' + + ' run `npm audit fix` to fix them, or `npm audit` for details\\n'), + 'shows quick audit result') + }) + }) +}) + test('exits with non-zero exit code for vulnerabilities at the `audit-level` flag', t => { const fixture = new Tacks(new Dir({ 'package.json': new File({ diff --git a/deps/npm/test/tap/fund.js b/deps/npm/test/tap/fund.js index cc66bea51a..364dc1b6f8 100644 --- a/deps/npm/test/tap/fund.js +++ b/deps/npm/test/tap/fund.js @@ -92,9 +92,7 @@ const fixture = new Tacks(Dir({ node_modules: Dir({ 'sub-bar': getFixturePackage({ name: 'sub-bar', - funding: { - url: 'https://example.com/sponsor' - } + funding: 'https://example.com/sponsor' }) }) }) diff --git a/deps/npm/test/tap/install-mention-funding.js b/deps/npm/test/tap/install-mention-funding.js index ebd25a5732..3e9b81f240 100644 --- a/deps/npm/test/tap/install-mention-funding.js +++ b/deps/npm/test/tap/install-mention-funding.js @@ -68,8 +68,8 @@ test('mention npm fund upon installing single dependency', function (t) { if (err) throw err t.is(code, 0, 'installed successfully') t.is(stderr, '', 'no warnings') - t.includes(stdout, '1 package is looking for funding.', 'should print amount of packages needing funding') - t.includes(stdout, 'Run "npm fund" to find out more.', 'should print npm fund mention') + t.includes(stdout, '1 package is looking for funding', 'should print amount of packages needing funding') + t.includes(stdout, ' run `npm fund` for details', 'should print npm fund mention') t.end() }) }) @@ -80,8 +80,8 @@ test('mention npm fund upon installing multiple dependencies', function (t) { if (err) throw err t.is(code, 0, 'installed successfully') t.is(stderr, '', 'no warnings') - t.includes(stdout, '4 packages are looking for funding.', 'should print amount of packages needing funding') - t.includes(stdout, 'Run "npm fund" to find out more.', 'should print npm fund mention') + t.includes(stdout, '4 packages are looking for funding', 'should print amount of packages needing funding') + t.includes(stdout, ' run `npm fund` for details', 'should print npm fund mention') t.end() }) }) @@ -92,8 +92,8 @@ test('skips mention npm fund using --no-fund option', function (t) { if (err) throw err t.is(code, 0, 'installed successfully') t.is(stderr, '', 'no warnings') - t.doesNotHave(stdout, '4 packages are looking for funding.', 'should print amount of packages needing funding') - t.doesNotHave(stdout, 'Run "npm fund" to find out more.', 'should print npm fund mention') + t.doesNotHave(stdout, '4 packages are looking for funding', 'should print amount of packages needing funding') + t.doesNotHave(stdout, ' run `npm fund` for details', 'should print npm fund mention') t.end() }) }) @@ -105,7 +105,7 @@ test('mention packages looking for funding using --json', function (t) { t.is(code, 0, 'installed successfully') t.is(stderr, '', 'no warnings') const res = JSON.parse(stdout) - t.match(res.funding, '4 packages are looking for funding.', 'should print amount of packages needing funding') + t.match(res.funding, '4 packages are looking for funding', 'should print amount of packages needing funding') t.end() }) }) diff --git a/deps/npm/test/tap/install.fund.js b/deps/npm/test/tap/install.fund.js index 37a61e4289..fca5fb3afd 100644 --- a/deps/npm/test/tap/install.fund.js +++ b/deps/npm/test/tap/install.fund.js @@ -1,16 +1,15 @@ 'use strict' -const { EOL } = require('os') const { test } = require('tap') const { getPrintFundingReport } = require('../../lib/install/fund') test('message when there are no funding found', (t) => { - t.deepEqual( + t.equal( getPrintFundingReport({}), '', 'should not print any message if missing info' ) - t.deepEqual( + t.equal( getPrintFundingReport({ name: 'foo', version: '1.0.0', @@ -19,7 +18,7 @@ test('message when there are no funding found', (t) => { '', 'should not print any message if package has no dependencies' ) - t.deepEqual( + t.equal( getPrintFundingReport({ fund: true, idealTree: { @@ -38,7 +37,7 @@ test('message when there are no funding found', (t) => { }) test('print appropriate message for a single package', (t) => { - t.deepEqual( + t.equal( getPrintFundingReport({ fund: true, idealTree: { @@ -54,15 +53,15 @@ test('print appropriate message for a single package', (t) => { } ] } - }), - `${EOL}1 package is looking for funding.${EOL}Run "npm fund" to find out more.`, + }).replace(/[\r\n]+/g, '\n'), + `\n1 package is looking for funding\n run \`npm fund\` for details\n`, 'should print single package message' ) t.end() }) test('print appropriate message for many packages', (t) => { - t.deepEqual( + t.equal( getPrintFundingReport({ fund: true, idealTree: { @@ -92,8 +91,8 @@ test('print appropriate message for many packages', (t) => { } ] } - }), - `${EOL}3 packages are looking for funding.${EOL}Run "npm fund" to find out more.`, + }).replace(/[\r\n]+/g, '\n'), + `\n3 packages are looking for funding\n run \`npm fund\` for details\n`, 'should print many package message' ) t.end() diff --git a/deps/npm/test/tap/team.js b/deps/npm/test/tap/team.js index 939da45b77..17acf82f4b 100644 --- a/deps/npm/test/tap/team.js +++ b/deps/npm/test/tap/team.js @@ -88,6 +88,29 @@ test('team destroy', function (t) { }) }) +test('team destroy is not allowed for the default developers team', (t) => { + const teamData = { + name: 'developers', + scope_id: 1234, + created: '2015-07-23T18:07:49.959Z', + updated: '2015-07-23T18:07:49.959Z', + deleted: '2015-07-23T18:27:27.178Z' + } + server.delete('/-/team/myorg/' + teamData.name).reply(405, teamData) + common.npm([ + 'team', 'destroy', 'myorg:' + teamData.name, + '--registry', common.registry, + '--loglevel', 'silent', + '--json' + ], {}, function (err, code, stdout, stderr) { + t.ifError(err, 'npm team') + t.equal(code, 1, 'exited with code 1') + t.equal(stderr, '', 'no error output') + t.match(JSON.parse(stdout), {error: {code: 'E405'}}) + t.end() + }) +}) + test('team add', function (t) { var user = 'zkat' server.put('/-/team/myorg/myteam/user', JSON.stringify({ diff --git a/deps/npm/test/tap/utils.funding.js b/deps/npm/test/tap/utils.funding.js index 60a7a1e67e..51b89e5f8d 100644 --- a/deps/npm/test/tap/utils.funding.js +++ b/deps/npm/test/tap/utils.funding.js @@ -35,6 +35,28 @@ test('single item missing funding', (t) => { t.end() }) +test('funding object missing url', (t) => { + t.deepEqual( + getFundingInfo({ name: 'project', + dependencies: { + 'single-item': { + name: 'single-item', + version: '1.0.0', + funding: { + type: 'Foo' + } + } + }}), + { + name: 'project', + dependencies: {}, + length: 0 + }, + 'should return empty list' + ) + t.end() +}) + test('use path if name is missing', (t) => { t.deepEqual( getFundingInfo({ name: undefined, @@ -86,6 +108,51 @@ test('single item tree', (t) => { t.end() }) +test('top-level funding info', (t) => { + t.deepEqual( + getFundingInfo({ name: 'project', + funding: 'http://example.com' + }), + { + name: 'project', + funding: { + url: 'http://example.com' + }, + dependencies: {}, + length: 0 + }, + 'should return top-level item with normalized funding info' + ) + t.end() +}) + +test('use string shorthand', (t) => { + t.deepEqual( + getFundingInfo({ name: 'project', + dependencies: { + 'single-item': { + name: 'single-item', + version: '1.0.0', + funding: 'http://example.com' + } + }}), + { + name: 'project', + dependencies: { + 'single-item': { + version: '1.0.0', + funding: { + url: 'http://example.com' + } + } + }, + length: 1 + }, + 'should return item with normalized funding info' + ) + t.end() +}) + test('duplicate items along the tree', (t) => { t.deepEqual( getFundingInfo({ name: 'project', |