Merge pull request #58 from sonukapoor/codex/issue-57-helper-tests

test: add helper unit tests

Author: sonukapoor

tests/helpers.test.ts

@@ -0,0 +1,213 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { parseArgs } from "../src/cli/args.js";
+import { maxSeverity, inferSeverity, normalizeSeverity } from "../src/osv/severity.js";
+import {
+  chooseBestLockfile,
+  findFiles,
+  findNearestPackageJson,
+  relativeOrName,
+  safeReadText,
+} from "../src/utils/file.js";
+import {
+  compareVersions,
+  looksLikeVersion,
+  normalizeRawVersion,
+  parseExactManifestVersion,
+} from "../src/utils/version.js";
+
+function createTempDir(): string {
+  return fs.mkdtempSync(path.join(os.tmpdir(), "cve-lite-helper-test-"));
+}
+
+function removeDir(dirPath: string) {
+  fs.rmSync(dirPath, { recursive: true, force: true });
+}
+
+describe("parseArgs", () => {
+  it("returns default options when no arguments are provided", () => {
+    const result = parseArgs([]);
+
+    expect(result).toEqual({
+      options: {
+        failOn: "critical",
+        batchSize: "100",
+        searchDepth: "4",
+        minSeverity: "medium",
+      },
+    });
+  });
+
+  it("parses flags, inline values, and a project path together", () => {
+    const result = parseArgs([
+      "--json",
+      "--verbose",
+      "--prod-only",
+      "--offline",
+      "--all",
+      "--fail-on=high",
+      "--batch-size",
+      "25",
+      "--cache-dir=.cache/test",
+      "--osv-url",
+      "https://example.com/osv",
+      "--search-depth=7",
+      "--min-severity",
+      "low",
+      "./fixture",
+    ]);
+
+    expect(result).toEqual({
+      options: {
+        json: true,
+        verbose: true,
+        prodOnly: true,
+        offline: true,
+        all: true,
+        failOn: "high",
+        batchSize: "25",
+        cacheDir: ".cache/test",
+        osvUrl: "https://example.com/osv",
+        searchDepth: "7",
+        minSeverity: "low",
+      },
+      projectArg: "./fixture",
+    });
+  });
+
+  it("throws on unknown options and unexpected extra arguments", () => {
+    expect(() => parseArgs(["--wat"])).toThrow("Unknown option: --wat");
+    expect(() => parseArgs(["project-a", "project-b"])).toThrow("Unexpected argument: project-b");
+  });
+});
+
+describe("severity helpers", () => {
+  it("infers severity from score ranges and database fallback", () => {
+    expect(inferSeverity({ id: "1", severity: [{ score: "9.8" }] })).toBe("critical");
+    expect(inferSeverity({ id: "2", severity: [{ score: "7.5" }] })).toBe("high");
+    expect(inferSeverity({ id: "3", severity: [{ score: "5.6" }] })).toBe("medium");
+    expect(inferSeverity({ id: "4", severity: [{ score: "2.1" }] })).toBe("low");
+    expect(inferSeverity({ id: "5", severity: [{ score: "0.0" }] })).toBe("none");
+    expect(inferSeverity({ id: "6", database_specific: { severity: "HIGH" } })).toBe("high");
+    expect(inferSeverity({ id: "7" })).toBe("unknown");
+  });
+
+  it("returns the highest severity across multiple vulnerabilities", () => {
+    expect(
+      maxSeverity([
+        { id: "1", severity: [{ score: "3.0" }] },
+        { id: "2", severity: [{ score: "9.1" }] },
+        { id: "3", database_specific: { severity: "medium" } },
+      ]),
+    ).toBe("critical");
+  });
+
+  it("normalizes valid labels and falls back invalid ones to critical", () => {
+    expect(normalizeSeverity("HIGH")).toBe("high");
+    expect(normalizeSeverity("unknown")).toBe("unknown");
+    expect(normalizeSeverity("not-a-level")).toBe("critical");
+  });
+});
+
+describe("version helpers", () => {
+  it("recognizes supported exact versions", () => {
+    expect(looksLikeVersion("1.2.3")).toBe(true);
+    expect(looksLikeVersion("1.2.3-beta")).toBe(true);
+    expect(looksLikeVersion("1.2")).toBe(false);
+    expect(looksLikeVersion("^1.2.3")).toBe(false);
+  });
+
+  it("compares versions numerically and with suffix segments", () => {
+    expect(compareVersions("1.2.3", "1.2.4")).toBeLessThan(0);
+    expect(compareVersions("2.0.0", "1.9.9")).toBeGreaterThan(0);
+    expect(compareVersions("1.2.3", "1.2.3")).toBe(0);
+    expect(compareVersions("1.2.3-beta", "1.2.3-alpha")).toBeGreaterThan(0);
+  });
+
+  it("parses exact manifest versions and normalizes raw versions", () => {
+    expect(parseExactManifestVersion("1.2.3")).toBe("1.2.3");
+    expect(parseExactManifestVersion(" npm:1.2.3 ")).toBe("1.2.3");
+    expect(parseExactManifestVersion("^1.2.3")).toBeNull();
+
+    expect(normalizeRawVersion("workspace:1.2.3")).toBe("1.2.3");
+    expect(normalizeRawVersion("npm:4.5.6")).toBe("4.5.6");
+    expect(normalizeRawVersion("../local-package")).toBeNull();
+    expect(normalizeRawVersion(42)).toBeNull();
+  });
+});
+
+describe("file helpers", () => {
+  it("safely reads files and returns an empty string for missing paths", () => {
+    const tempDir = createTempDir();
+    const filePath = path.join(tempDir, "note.txt");
+    fs.writeFileSync(filePath, "hello", "utf8");
+
+    try {
+      expect(safeReadText(filePath)).toBe("hello");
+      expect(safeReadText(path.join(tempDir, "missing.txt"))).toBe("");
+    } finally {
+      removeDir(tempDir);
+    }
+  });
+
+  it("returns relative paths when possible and falls back to the file name", () => {
+    const rootDir = "/tmp/project";
+    expect(relativeOrName(rootDir, "/tmp/project/src/index.ts")).toBe(path.join("src", "index.ts"));
+    expect(relativeOrName(rootDir, rootDir)).toBe("project");
+  });
+
+  it("finds matching files by depth while skipping excluded directories", () => {
+    const tempDir = createTempDir();
+    const nestedDir = path.join(tempDir, "packages", "app");
+    const gitDir = path.join(tempDir, ".git", "hooks");
+    const nodeModulesDir = path.join(tempDir, "node_modules", "left-pad");
+
+    fs.mkdirSync(nestedDir, { recursive: true });
+    fs.mkdirSync(gitDir, { recursive: true });
+    fs.mkdirSync(nodeModulesDir, { recursive: true });
+
+    const rootLock = path.join(tempDir, "package-lock.json");
+    const nestedLock = path.join(nestedDir, "yarn.lock");
+    const ignoredLock = path.join(nodeModulesDir, "package-lock.json");
+
+    fs.writeFileSync(rootLock, "{}", "utf8");
+    fs.writeFileSync(nestedLock, "content", "utf8");
+    fs.writeFileSync(ignoredLock, "{}", "utf8");
+
+    try {
+      const files = findFiles(tempDir, ["package-lock.json", "yarn.lock"], 3);
+      expect(files).toEqual([rootLock, nestedLock]);
+    } finally {
+      removeDir(tempDir);
+    }
+  });
+
+  it("finds the nearest package.json and chooses the preferred lockfile", () => {
+    const tempDir = createTempDir();
+    const nestedDir = path.join(tempDir, "packages", "app");
+    fs.mkdirSync(nestedDir, { recursive: true });
+
+    try {
+      expect(findNearestPackageJson(tempDir, 3)).toBeNull();
+
+      const nestedPackageJson = path.join(nestedDir, "package.json");
+      fs.writeFileSync(nestedPackageJson, "{}", "utf8");
+      expect(findNearestPackageJson(tempDir, 3)).toBe(nestedPackageJson);
+
+      const rootPackageJson = path.join(tempDir, "package.json");
+      fs.writeFileSync(rootPackageJson, "{}", "utf8");
+      expect(findNearestPackageJson(tempDir, 3)).toBe(rootPackageJson);
+
+      expect(
+        chooseBestLockfile([
+          path.join(tempDir, "packages", "app", "yarn.lock"),
+          path.join(tempDir, "pnpm-lock.yaml"),
+          path.join(tempDir, "package-lock.json"),
+        ]),
+      ).toBe(path.join(tempDir, "package-lock.json"));
+    } finally {
+      removeDir(tempDir);
+    }
+  });
+});