Skip to content

Commit ae9125e

Browse files
committed
test: add OA009 e2e case using examples/oa009-stale-floor fixture
Extends detectors.test.ts to cover OA009 through the real CLI binary. Uses the existing examples/oa009-stale-floor fixture (build-tool@2.0.0 declares semver ^7.5.4; override semver >=5.7.2 is therefore redundant). Asserts the finding fires, package name, severity, and the remove patch. No temp directory needed - the fixture already has the full node_modules structure.
1 parent 91360e1 commit ae9125e

1 file changed

Lines changed: 15 additions & 1 deletion

File tree

tests/e2e/detectors.test.ts

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020

2121
import { existsSync } from "node:fs";
2222
import { join } from "node:path";
23-
import { runCli, mkProject, rmProject } from "./harness.js";
23+
import { CLI, runCli, mkProject, rmProject } from "./harness.js";
2424

2525
/** Run `overrides <dir> --json` and return the parsed findings array. */
2626
function findingsFor(dir: string, extraArgs: string[] = []): any[] {
@@ -229,6 +229,20 @@ describe("e2e detectors OA001-OA008 fire through the real binary", () => {
229229
}
230230
});
231231

232+
it("OA009 stale floor: override floor already met by all parent declarations", () => {
233+
// Uses the checked-in examples/oa009-stale-floor fixture (no temp dir needed).
234+
// build-tool@2.0.0 declares "semver": "^7.5.4" (floor 7.5.4 >= 5.7.2).
235+
// The override "semver": ">=5.7.2" is therefore redundant and OA009 should fire.
236+
// CLI = dist/index.js; two levels up reaches the project root.
237+
const dir = join(CLI, "..", "..", "examples", "oa009-stale-floor");
238+
const findings = findingsFor(dir);
239+
expect(ruleIds(findings)).toContain("OA009");
240+
const oa009 = findings.find((f: any) => f.ruleId === "OA009");
241+
expect(oa009.package.name).toBe("semver");
242+
expect(oa009.severity).toBe("low");
243+
expect(oa009.fix.patch).toEqual([{ op: "remove", path: "/overrides/semver" }]);
244+
});
245+
232246
it("OA008 materialized vulnerable: a copy below the floor is on disk", () => {
233247
// Mirror oa008.test.ts: floor >=0.28.0; top-level copy satisfies but a
234248
// nested copy under tsx is 0.25.12 (below the floor). The walker only

0 commit comments

Comments
 (0)