From 6db54ca7406fdff9c36b4d0200ec19ed5a22d837 Mon Sep 17 00:00:00 2001 From: Alistair Smith Date: Thu, 31 Jul 2025 14:36:56 -0700 Subject: [PATCH] remove tests we wont use --- .../bun-install-security-provider.test.ts | 242 +----------------- 1 file changed, 3 insertions(+), 239 deletions(-) diff --git a/test/cli/install/bun-install-security-provider.test.ts b/test/cli/install/bun-install-security-provider.test.ts index d9388b63db..b358004bae 100644 --- a/test/cli/install/bun-install-security-provider.test.ts +++ b/test/cli/install/bun-install-security-provider.test.ts @@ -41,7 +41,7 @@ function test( await write(scannerPath, options.scanner); } else { const s = `export const provider = { - version: "1", + version: "1", scan: ${options.scanner.toString()}, };`; await write(scannerPath, s); @@ -889,244 +889,6 @@ describe("Local Packages", () => { }); }); -describe("GitHub Dependencies", () => { - test("scanner receives GitHub dependencies with commit hash", { - scanner: async ({ packages }) => { - console.log("GitHub packages:"); - for (const pkg of packages) { - if (pkg.registryUrl?.includes("github.com") || pkg.requestedRange?.includes("github:")) { - console.log(`- GitHub: ${pkg.name} (${pkg.requestedRange})`); - } - } - return []; - }, - expectedExitCode: 0, - expect: async ({ out }) => { - await write("package.json", { - name: "test-github", - dependencies: { - "express": "github:expressjs/express#4.18.2", - "lodash": "github:lodash/lodash", - }, - }); - - expect(out).toContain("GitHub:"); - }, - }); - - test("scanner with GitHub shorthand syntax", { - scanner: async ({ packages }) => { - for (const pkg of packages) { - if (pkg.requestedRange?.includes("/")) { - console.log(`Shorthand GitHub: ${pkg.name} from ${pkg.requestedRange}`); - } - } - return []; - }, - expectedExitCode: 0, - expect: async ({ out }) => { - await write("package.json", { - name: "test-gh-shorthand", - dependencies: { - "my-pkg": "user/repo", - "another": "org/package#branch", - }, - }); - - expect(out).toContain("Shorthand GitHub:"); - }, - }); - - test("scanner flags suspicious GitHub repos", { - scanner: async ({ packages }) => { - const suspiciousPkg = packages.find(p => p.requestedRange?.includes("malicious-user/evil-package")); - if (suspiciousPkg) { - return [ - { - package: suspiciousPkg.name, - description: "Package from untrusted GitHub repository", - level: "fatal", - url: "https://example.com/github-malware", - }, - ]; - } - return []; - }, - fails: true, - expect: async ({ out }) => { - await write("package.json", { - name: "test-suspicious", - dependencies: { - "evil": "malicious-user/evil-package", - }, - }); - - expect(out).toContain("FATAL:"); - expect(out).toContain("untrusted GitHub repository"); - }, - }); -}); - -describe("Git Dependencies", () => { - test("scanner receives git protocol dependencies", { - scanner: async ({ packages }) => { - console.log("Git packages:"); - for (const pkg of packages) { - if ( - pkg.registryUrl?.startsWith("git+") || - pkg.registryUrl?.endsWith(".git") || - pkg.requestedRange?.startsWith("git+") - ) { - console.log(`- Git: ${pkg.name} from ${pkg.requestedRange}`); - } - } - return []; - }, - expectedExitCode: 0, - expect: async ({ out }) => { - await write("package.json", { - name: "test-git", - dependencies: { - "my-git-pkg": "git+https://github.com/example/repo.git", - "another-git": "git+ssh://git@github.com:company/private.git", - }, - }); - - expect(out).toContain("Git:"); - }, - }); - - test("scanner with git SSH URLs", { - scanner: async ({ packages }) => { - for (const pkg of packages) { - if (pkg.requestedRange?.includes("git@")) { - console.log(`SSH Git package: ${pkg.name} from ${pkg.requestedRange}`); - } - } - return []; - }, - expectedExitCode: 0, - expect: async ({ out }) => { - await write("package.json", { - name: "test-git-ssh", - dependencies: { - "private-pkg": "git@github.com:company/private-repo.git", - "internal": "git@gitlab.company.com:internal/tool.git", - }, - }); - - expect(out).toContain("SSH Git package:"); - }, - }); - - test("scanner with git tags and branches", { - scanner: async ({ packages }) => { - for (const pkg of packages) { - if (pkg.requestedRange?.includes(".git#")) { - const [, ref] = pkg.requestedRange.split("#"); - console.log(`Git ref: ${pkg.name} at ${ref}`); - } - } - return []; - }, - expectedExitCode: 0, - expect: async ({ out }) => { - await write("package.json", { - name: "test-git-refs", - dependencies: { - "tagged": "git+https://github.com/example/repo.git#v1.2.3", - "branched": "git+https://github.com/example/repo.git#feature/new", - }, - }); - - expect(out).toContain("Git ref:"); - }, - }); -}); - -describe("Tarball Dependencies", () => { - test("scanner receives tarball URL dependencies", { - scanner: async ({ packages }) => { - console.log("Tarball packages:"); - for (const pkg of packages) { - if ( - pkg.requestedRange?.endsWith(".tgz") || - pkg.requestedRange?.endsWith(".tar.gz") || - pkg.registryUrl?.match(/\.(tgz|tar\.gz)$/) - ) { - console.log(`- Tarball: ${pkg.name} from ${pkg.requestedRange}`); - } - } - return []; - }, - expectedExitCode: 0, - expect: async ({ out }) => { - await write("package.json", { - name: "test-tarball", - dependencies: { - "my-tarball": "https://example.com/package-1.0.0.tgz", - "another": "https://registry.npmjs.org/some-package/-/some-package-2.0.0.tgz", - }, - }); - - expect(out).toContain("Tarball:"); - }, - }); - - test("scanner flags malicious tarballs", { - scanner: async ({ packages }) => { - const tarballPkg = packages.find( - p => p.requestedRange?.includes("suspicious-domain.com") && p.requestedRange?.match(/\.(tgz|tar\.gz)$/), - ); - if (tarballPkg) { - return [ - { - package: tarballPkg.name, - description: "Tarball from untrusted source", - level: "fatal", - url: "https://example.com/untrusted-tarball", - }, - ]; - } - return []; - }, - fails: true, - expect: async ({ out }) => { - await write("package.json", { - name: "test-bad-tarball", - dependencies: { - "evil-pkg": "https://suspicious-domain.com/evil.tgz", - }, - }); - - expect(out).toContain("FATAL:"); - expect(out).toContain("Tarball from untrusted source"); - }, - }); - - test("scanner with local tarball files", { - scanner: async ({ packages }) => { - for (const pkg of packages) { - if (pkg.requestedRange?.startsWith("file:") && pkg.requestedRange?.match(/\.(tgz|tar\.gz)$/)) { - console.log(`Local tarball: ${pkg.name}`); - } - } - return []; - }, - expectedExitCode: 0, - expect: async ({ out }) => { - await write("package.json", { - name: "test-local-tarball", - dependencies: { - "prebuilt": "file:./prebuilt-1.0.0.tgz", - }, - }); - - expect(out).toContain("Local tarball:"); - }, - }); -}); - describe("Scoped Packages", () => { test("scanner handles scoped packages correctly", { scanner: async ({ packages }) => { @@ -1358,6 +1120,8 @@ describe("Complex Scenarios", () => { }); expect(out).toContain("Dependency sources:"); + + expect().fail("Todo"); }, });