test: vulnerabilities api (#609) · davidwindham.com/npmx.dev@186bf30

davidwindham.com / npmx.dev

forked from npmx.dev/npmx.dev

fork atom

[READ-ONLY] a fast, modern browser for the npm registry

fork atom

test: vulnerabilities api (#609)

authored by

btea and committed by

GitHub 1 month ago 186bf307 4796b78e

+78

1 changed file

expand all

test

e2e

vulnerabilities.spec.ts

+78

test/e2e/vulnerabilities.spec.ts

··· 1 + import { expect, test } from '@nuxt/test-utils/playwright' 2 + 3 + function toLocalUrl(baseURL: string | undefined, path: string): string { 4 + if (!baseURL) return path 5 + return baseURL.endsWith('/') ? `${baseURL}${path.slice(1)}` : `${baseURL}${path}` 6 + } 7 + 8 + async function fetchVulnerabilities( 9 + page: { request: { get: (url: string) => Promise<any> } }, 10 + url: string, 11 + ) { 12 + const response = await page.request.get(url) 13 + const body = await response.json() 14 + return { response, body } 15 + } 16 + 17 + test.describe('vulnerabilities API', () => { 18 + test('unscoped package vulnerabilities analysis', async ({ page, baseURL }) => { 19 + const url = toLocalUrl(baseURL, '/api/registry/vulnerabilities/vue') 20 + const { response, body } = await fetchVulnerabilities(page, url) 21 + 22 + expect(response.status()).toBe(200) 23 + expect(response.headers()['content-type']).toContain('application/json') 24 + expect(body).toHaveProperty('package', 'vue') 25 + expect(body).toHaveProperty('version') 26 + expect(body).toHaveProperty('totalCounts') 27 + }) 28 + 29 + test('scoped package vulnerabilities with URL encoding', async ({ page, baseURL }) => { 30 + const url = toLocalUrl(baseURL, '/api/registry/vulnerabilities/@vitejs%2Fplugin-vue') 31 + const { response, body } = await fetchVulnerabilities(page, url) 32 + 33 + expect(response.status()).toBe(200) 34 + expect(response.headers()['content-type']).toContain('application/json') 35 + expect(body).toHaveProperty('package', '@vitejs/plugin-vue') 36 + expect(body).toHaveProperty('version') 37 + }) 38 + 39 + test('scoped package with explicit version and URL encoding', async ({ page, baseURL }) => { 40 + const url = toLocalUrl(baseURL, '/api/registry/vulnerabilities/@vitejs%2Fplugin-vue/v/6.0.3') 41 + const { response, body } = await fetchVulnerabilities(page, url) 42 + 43 + expect(response.status()).toBe(200) 44 + expect(response.headers()['content-type']).toContain('application/json') 45 + expect(body).toHaveProperty('package', '@vitejs/plugin-vue') 46 + expect(body).toHaveProperty('version', '6.0.3') 47 + }) 48 + 49 + test('scoped package without URL encoding (for comparison)', async ({ page, baseURL }) => { 50 + const url = toLocalUrl(baseURL, '/api/registry/vulnerabilities/@nuxt/kit') 51 + const { response, body } = await fetchVulnerabilities(page, url) 52 + 53 + expect(response.status()).toBe(200) 54 + expect(response.headers()['content-type']).toContain('application/json') 55 + expect(body).toHaveProperty('package', '@nuxt/kit') 56 + expect(body).toHaveProperty('version') 57 + }) 58 + 59 + test('complex scoped package name with URL encoding', async ({ page, baseURL }) => { 60 + const url = toLocalUrl(baseURL, '/api/registry/vulnerabilities/@babel%2Fcore') 61 + const { response, body } = await fetchVulnerabilities(page, url) 62 + 63 + expect(response.status()).toBe(200) 64 + expect(response.headers()['content-type']).toContain('application/json') 65 + expect(body).toHaveProperty('package', '@babel/core') 66 + expect(body).toHaveProperty('version') 67 + }) 68 + 69 + test('package not found returns appropriate error', async ({ page, baseURL }) => { 70 + const url = toLocalUrl( 71 + baseURL, 72 + '/api/registry/vulnerabilities/this-package-definitely-does-not-exist-12345', 73 + ) 74 + const response = await page.request.get(url) 75 + 76 + expect(response.status()).toBe(502) // Based on handleApiError fallback 77 + }) 78 + })