Skip to content

Commit 30b8653

Browse files
committed
Add unit tests
1 parent aa4bf07 commit 30b8653

File tree

1 file changed

+101
-0
lines changed

1 file changed

+101
-0
lines changed
Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
import { describe, expect, it } from 'vitest'
2+
import type { Packument, PackageVersionInfo } from '#shared/types'
3+
import { transformPackument } from '~/composables/npm/usePackage'
4+
import { detectPublishSecurityDowngradeForVersion } from '~/utils/publish-security'
5+
6+
function createVersion(version: string, hasAttestations = false) {
7+
return {
8+
name: 'foo',
9+
version,
10+
dist: {
11+
shasum: version,
12+
tarball: `https://registry.npmjs.org/foo/-/foo-${version}.tgz`,
13+
...(hasAttestations
14+
? {
15+
attestations: {
16+
url: `https://example.test/${version}`,
17+
provenance: { predicateType: 'https://slsa.dev/provenance/v1' },
18+
},
19+
}
20+
: {}),
21+
},
22+
}
23+
}
24+
25+
function toVersionInfos(packument: ReturnType<typeof transformPackument>): PackageVersionInfo[] {
26+
return Object.entries(packument.versions).map(([version, metadata]) => ({
27+
version,
28+
time: packument.time[version],
29+
hasProvenance: !!metadata.hasProvenance,
30+
deprecated: metadata.deprecated,
31+
}))
32+
}
33+
34+
describe('transformPackument', () => {
35+
it('includes requested old version and preserves provenance on it', () => {
36+
const packument = {
37+
'_id': 'foo',
38+
'name': 'foo',
39+
'dist-tags': { latest: '1.0.7' },
40+
'time': {
41+
'created': '2026-01-01T00:00:00.000Z',
42+
'modified': '2026-01-08T00:00:00.000Z',
43+
'1.0.0': '2026-01-01T00:00:00.000Z',
44+
'1.0.1': '2026-01-02T00:00:00.000Z',
45+
'1.0.2': '2026-01-03T00:00:00.000Z',
46+
'1.0.3': '2026-01-04T00:00:00.000Z',
47+
'1.0.4': '2026-01-05T00:00:00.000Z',
48+
'1.0.5': '2026-01-06T00:00:00.000Z',
49+
'1.0.6': '2026-01-07T00:00:00.000Z',
50+
'1.0.7': '2026-01-08T00:00:00.000Z',
51+
},
52+
'versions': {
53+
'1.0.0': createVersion('1.0.0', true),
54+
'1.0.1': createVersion('1.0.1'),
55+
'1.0.2': createVersion('1.0.2'),
56+
'1.0.3': createVersion('1.0.3'),
57+
'1.0.4': createVersion('1.0.4'),
58+
'1.0.5': createVersion('1.0.5'),
59+
'1.0.6': createVersion('1.0.6'),
60+
'1.0.7': createVersion('1.0.7'),
61+
},
62+
} as unknown as Packument
63+
64+
const transformed = transformPackument(packument, '1.0.0')
65+
66+
expect(transformed.versions['1.0.0']?.hasProvenance).toBe(true)
67+
expect(transformed.versions['1.0.1']).toBeUndefined()
68+
expect(transformed.versions['1.0.2']).toBeUndefined()
69+
})
70+
71+
it('works with downgrade detection for viewed version', () => {
72+
const packument = {
73+
'_id': 'foo',
74+
'name': 'foo',
75+
'dist-tags': { latest: '1.0.2' },
76+
'time': {
77+
'created': '2026-01-01T00:00:00.000Z',
78+
'modified': '2026-01-03T00:00:00.000Z',
79+
'1.0.0': '2026-01-01T00:00:00.000Z',
80+
'1.0.1': '2026-01-02T00:00:00.000Z',
81+
'1.0.2': '2026-01-03T00:00:00.000Z',
82+
},
83+
'versions': {
84+
'1.0.0': createVersion('1.0.0', true),
85+
'1.0.1': createVersion('1.0.1'),
86+
'1.0.2': createVersion('1.0.2', true),
87+
},
88+
} as unknown as Packument
89+
90+
const transformed = transformPackument(packument, '1.0.1')
91+
const infos = toVersionInfos(transformed)
92+
93+
expect(detectPublishSecurityDowngradeForVersion(infos, '1.0.2')).toBeNull()
94+
expect(detectPublishSecurityDowngradeForVersion(infos, '1.0.1')).toEqual({
95+
downgradedVersion: '1.0.1',
96+
downgradedPublishedAt: '2026-01-02T00:00:00.000Z',
97+
trustedVersion: '1.0.0',
98+
trustedPublishedAt: '2026-01-01T00:00:00.000Z',
99+
})
100+
})
101+
})

0 commit comments

Comments
 (0)