This directory contains comprehensive tests for the VSR (vlt-specific registry) covering all endpoints and functionality.
The test suite uses a hybrid approach combining both mocked and real Cloudflare Workers environments for optimal coverage and performance.
Package manifest endpoint tests covering both local/private packages and upstream registry public packages.
Covers:
- Local package manifests (packuments, versions, tarballs)
- Upstream registry manifests (NPM, JSR, Custom)
- Version-specific requests and semver handling
- Error handling for invalid packages and versions
- Response structure validation
Package packument endpoint tests for full package information including all versions and metadata.
Covers:
- Local/private package packuments
- Upstream public package packuments (NPM, JSR, Custom)
- Version range filtering and semver queries
- Response structure validation (name, dist-tags, versions, time)
- Error handling and special package names
- Performance and caching behavior
Health check endpoint tests for both root and upstream registries.
Covers:
- Root registry ping (
/-/ping) - Upstream registry ping (
/{upstream}/-/ping) - NPM compatibility headers
- Response format validation
User identity endpoint tests for authentication and user information.
Covers:
- Root registry whoami (
/-/whoami) - Upstream registry whoami (
/{upstream}/-/whoami) - Authentication behavior (authenticated vs unauthenticated)
- Response format consistency
- Error handling for invalid tokens
Package search endpoint tests for finding packages across registries.
Covers:
- Root registry search (
/-/search) - Upstream registry search (
/{upstream}/-/search) - Query parameter handling (text, size, from, quality, popularity, maintenance)
- Search response structure and pagination
- Legacy API redirects (
/-/v1/search) - Error handling and performance limits
Token management endpoint tests for authentication token CRUD operations.
Covers:
- Token listing (
GET /-/tokens) - Token creation (
POST /-/tokens) - Token updates (
PUT /-/tokens) - Token deletion (
DELETE /-/tokens/{token}) - Upstream token management
- Authentication and authorization
- Request validation and error handling
Access control endpoint tests for package permissions and collaborator management.
Covers:
- Package access status (
/-/package/{pkg}/access) - Collaborator management
(
/-/package/{pkg}/collaborators/{username}) - Scoped package access control
- Package list access (
/-/package/list) - Authentication and authorization levels
- Permission validation
Distribution tags endpoint tests for package version tagging.
Covers:
- Dist-tag retrieval (
/-/package/{pkg}/dist-tags) - Dist-tag creation/updates (
PUT /-/package/{pkg}/dist-tags/{tag}) - Dist-tag deletion (
DELETE /-/package/{pkg}/dist-tags/{tag}) - Semver validation and tag name validation
- Authentication and ownership checks
- Complete dist-tag lifecycle operations
Security audit endpoint tests for vulnerability scanning.
Covers:
- Root registry audit (
/-/npm/audit) - Upstream registry audit (
/{upstream}/-/npm/audit) - Package lock format support (v1, v2, v3)
- Dependency tree validation
- Legacy API redirects
- Request validation and error handling
- Audit implementation status
Static asset endpoint tests for web interface and public files.
Covers:
- Public assets (
/public/*) - Special files (
/favicon.ico,/robots.txt,/manifest.json) - Content-type headers for different file types
- Cache control and compression
- Security considerations (directory traversal prevention)
- Performance optimization (range requests, conditional requests)
The test suite uses two complementary approaches:
-
Mocked Environment Tests (
app.request()withmockEnv)- Used for complex endpoints (manifest, packument, search, tokens, access, etc.)
- Fast execution with comprehensive mocking
- Reliable and deterministic results
- Covers edge cases and error conditions
-
Real Cloudflare Workers Tests (
SELF.fetch()with real bindings)- Used for simple endpoints (ping, whoami)
- Real database and environment integration
- End-to-end validation with actual Workers runtime
- Configured via
@cloudflare/vitest-pool-workers
const mockEnv = {
DB: {
// Minimal D1 interface with Drizzle ORM compatibility
prepare: () => ({ bind: () => ({ get, all, run, raw }) }),
batch: () => Promise.resolve([]),
exec: () => Promise.resolve(),
},
BUCKET: { get, put, delete },
KV: { get, put, delete },
// Additional bindings as needed
}# Run all tests
vlr test
# Run specific test files
vlr test test/manifest.test.ts
vlr test test/tokens.test.ts
vlr test test/search.test.ts
# Run tests in watch mode
vlr test --watch
# Run tests with coverage
vlr test --coverage
# Run linting
vlr lintCurrent test coverage includes 8 comprehensive test files with 300+ individual tests:
- ✅ manifest.test.ts - 33 tests (Package manifests)
- ✅ packaument.test.ts - 40 tests (Package packuments)
- ✅ ping.test.ts - 5 tests (Health checks)
- ✅ whoami.test.ts - 10 tests (User identity)
- ✅ search.test.ts - 50+ tests (Package search)
- ✅ tokens.test.ts - 40+ tests (Token management)
- ✅ access.test.ts - 60+ tests (Access control)
- ✅ dist-tags.test.ts - 50+ tests (Distribution tags)
- ✅ audit.test.ts - 40+ tests (Security audits)
- ✅ static.test.ts - 60+ tests (Static assets)
- ✅ dashboard.test.ts - 40+ tests (Dashboard data)
- Full npm client compatibility for all utility endpoints
- Proper HTTP status codes and response formats
- Legacy API redirect support
- Semver validation and handling
- Root/local registry functionality
- Upstream registry proxying (NPM, JSR, Custom)
- Registry-specific endpoint behavior
- Upstream configuration validation
- Token-based authentication
- Package access control and permissions
- Collaborator management
- Security audit functionality
- Input validation and sanitization
- Response time validation
- Concurrent request handling
- Error handling and edge cases
- Cache control and optimization
- Resource limits and validation
Tests are configured in vitest.config.ts with:
- Cloudflare Workers pool for real environment testing
- 30-second timeout for upstream requests
- Real bindings setup in
test/setup.ts - Database schema creation for isolated test environments
- Environment variable configuration
-
Enhanced Integration Testing
- More real Cloudflare Workers tests as the framework matures
- End-to-end workflow testing
- Performance benchmarking
-
Advanced Test Scenarios
- Load testing for high-traffic scenarios
- Chaos engineering for resilience testing
- Cross-registry interaction testing
-
Test Automation
- Automated test generation for new endpoints
- Contract testing for API compatibility
- Visual regression testing for web interface