test(plugin-js-packages-e2e): create vulnerabilities e2e test

Author: vmasek

e2e/plugin-js-packages-e2e/eslint.config.js

@@ -0,0 +1,12 @@
+import tseslint from 'typescript-eslint';
+import baseConfig from '../../eslint.config.js';
+
+export default tseslint.config(...baseConfig, {
+  files: ['**/*.ts'],
+  languageOptions: {
+    parserOptions: {
+      projectService: true,
+      tsconfigRootDir: import.meta.dirname,
+    },
+  },
+});

e2e/plugin-js-packages-e2e/mocks/fixtures/npm-repo/code-pushup.config.ts

@@ -0,0 +1,7 @@
+import jsPackagesPlugin from '@code-pushup/js-packages-plugin';
+import type { CoreConfig } from '@code-pushup/models';
+
+export default {
+  persist: { outputDir: './' },
+  plugins: [await jsPackagesPlugin({ packageManager: 'npm' })],
+} satisfies CoreConfig;

e2e/plugin-js-packages-e2e/mocks/fixtures/npm-repo/package-lock.json

@@ -0,0 +1,5 @@
+{
+  "dependencies": {
+    "express": "3.0.0"
+  }
+}

e2e/plugin-js-packages-e2e/mocks/fixtures/npm-repo/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "plugin-js-packages-e2e",
+  "$schema": "../../node_modules/nx/schemas/project-schema.json",
+  "projectType": "application",
+  "sourceRoot": "e2e/plugin-js-packages-e2e/src",
+  "implicitDependencies": ["cli", "plugin-js-packages"],
+  "targets": {
+    "lint": {
+      "executor": "@nx/linter:eslint",
+      "outputs": ["{options.outputFile}"],
+      "options": {
+        "lintFilePatterns": ["e2e/plugin-eslint-e2e/**/*.ts"]
+      }
+    },
+    "e2e": {
+      "executor": "@nx/vite:test",
+      "options": {
+        "configFile": "e2e/plugin-eslint-e2e/vite.config.e2e.ts"
+      }
+    }
+  },
+  "tags": ["scope:plugin", "type:e2e"]
+}

e2e/plugin-js-packages-e2e/project.json

@@ -0,0 +1,99 @@
+import { cp } from 'node:fs/promises';
+import path from 'node:path';
+import { afterAll, beforeAll, expect, it } from 'vitest';
+import {
+  type AuditReport,
+  type Report,
+  reportSchema,
+} from '@code-pushup/models';
+import { nxTargetProject } from '@code-pushup/test-nx-utils';
+import { teardownTestFolder } from '@code-pushup/test-setup';
+import { E2E_ENVIRONMENTS_DIR, TEST_OUTPUT_DIR } from '@code-pushup/test-utils';
+import { executeProcess, readJsonFile } from '@code-pushup/utils';
+
+describe('plugin-js-packages', () => {
+  const fixturesDir = path.join(
+    'e2e',
+    'plugin-js-packages-e2e',
+    'mocks',
+    'fixtures',
+  );
+  const fixturesNPMDir = path.join(fixturesDir, 'npm-repo');
+
+  const envRoot = path.join(
+    E2E_ENVIRONMENTS_DIR,
+    nxTargetProject(),
+    TEST_OUTPUT_DIR,
+  );
+  const npmRepoDir = path.join(envRoot, 'npm-repo');
+
+  beforeAll(async () => {
+    await cp(fixturesNPMDir, npmRepoDir, { recursive: true });
+  });
+
+  afterAll(async () => {
+    await teardownTestFolder(npmRepoDir);
+  });
+
+  it('should run JS packages plugin for NPM and create report.json', async () => {
+    const { code, stderr } = await executeProcess({
+      command: 'node',
+      args: [
+        '../../node_modules/@code-pushup/cli/src/index.js',
+        'collect',
+        '--no-progress',
+      ],
+      cwd: npmRepoDir,
+    });
+
+    expect(code).toBe(0);
+    expect(stderr).toBe('');
+
+    const report = await readJsonFile<Report>(
+      path.join(npmRepoDir, 'report.json'),
+    );
+
+    const plugin = report.plugins[0]!;
+    const npmAuditProd = plugin.audits.find(
+      ({ slug }) => slug === 'npm-audit-prod',
+    )!;
+    const npmOutdatedProd = plugin.audits.find(
+      ({ slug }) => slug === 'npm-outdated-prod',
+    )!;
+
+    expect(plugin.packageName).toBe('@code-pushup/js-packages-plugin');
+    expect(plugin.audits).toHaveLength(4);
+
+    expect(npmAuditProd).toEqual<AuditReport>(
+      expect.objectContaining({
+        value: expect.any(Number),
+      }),
+    );
+    expect(npmAuditProd.value).toBeGreaterThanOrEqual(7); // there are 7 vulnerabilities (6 high, 1 low) in prod dependency at the time
+    expect(npmAuditProd.displayValue).toMatch(/\d vulnerabilities/);
+    expect(npmAuditProd.details?.issues!.length).toBeGreaterThanOrEqual(7);
+
+    const expressConnectIssue = npmAuditProd.details!.issues![0]!;
+    expect(expressConnectIssue?.severity).toBe('error');
+    expect(expressConnectIssue?.message).toContain('express');
+    expect(expressConnectIssue?.message).toContain('2.30.2');
+    expect(expressConnectIssue?.message).toContain(
+      'methodOverride Middleware Reflected Cross-Site Scripting in connect',
+    );
+
+    expect(npmOutdatedProd.score).toBe(0);
+    expect(npmOutdatedProd.value).toBe(1); // there is 1 outdated prod dependency at the time
+    expect(npmOutdatedProd.displayValue).toBe(
+      '1 major outdated package version',
+    );
+    expect(npmOutdatedProd.details?.issues).toHaveLength(1);
+
+    const expressOutdatedIssue = npmOutdatedProd.details!.issues![0]!;
+    expect(expressOutdatedIssue.severity).toBe('error');
+    expect(expressOutdatedIssue.message).toMatch(
+      /^Package \[`express`]\(http:\/\/expressjs\.com\/?\) requires a \*\*major\*\* update from \*\*3.0.0\*\* to \*\*\d+\.\d+\.\d+\*\*\.$/,
+    );
+
+    expect(() => reportSchema.parse(report)).not.toThrow();
+  });
+});

e2e/plugin-js-packages-e2e/tests/plugin-js-packages.e2e.test.ts

@@ -0,0 +1,20 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "module": "ESNext",
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "noImplicitOverride": true,
+    "noPropertyAccessFromIndexSignature": true,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true,
+    "types": ["vitest"]
+  },
+  "files": [],
+  "include": [],
+  "references": [
+    {
+      "path": "./tsconfig.test.json"
+    }
+  ]
+}

e2e/plugin-js-packages-e2e/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "outDir": "../../dist/out-tsc",
+    "types": ["vitest/globals", "vitest/importMeta", "vite/client", "node"],
+    "target": "ES2020"
+  },
+  "exclude": ["__test-env__/**"],
+  "include": [
+    "vite.config.e2e.ts",
+    "tests/**/*.e2e.test.ts",
+    "tests/**/*.d.ts",
+    "mocks/**/*.ts"
+  ]
+}