diff --git a/src/utils/alerts-map.mts b/src/utils/alerts-map.mts index e8f6eb496..dfa9f229e 100644 --- a/src/utils/alerts-map.mts +++ b/src/utils/alerts-map.mts @@ -27,7 +27,7 @@ import { isNonEmptyString } from '@socketsecurity/registry/lib/strings' import { findSocketYmlSync } from './config.mts' import { toFilterConfig } from './filter-config.mts' import { extractPurlsFromPnpmLockfile } from './pnpm.mts' -import { getPublicApiToken, setupSdk } from './sdk.mts' +import { setupSdk } from './sdk.mts' import { addArtifactToAlertsMap } from './socket-package-alert.mts' import type { CompactSocketArtifact } from './alert/artifact.mts' @@ -91,7 +91,7 @@ export async function getAlertsMapFromPurls( opts.filter.fixable = true } - const { apiToken = getPublicApiToken(), spinner } = opts + const { apiToken, spinner } = opts const getText = () => `Looking up data for ${remaining} packages` diff --git a/src/utils/alerts-map.test.mts b/src/utils/alerts-map.test.mts new file mode 100644 index 000000000..583f12318 --- /dev/null +++ b/src/utils/alerts-map.test.mts @@ -0,0 +1,115 @@ +import { beforeEach, describe, expect, it, vi } from 'vitest' + +import { getAlertsMapFromPurls } from './alerts-map.mts' + +// Mock all dependencies with vi.hoisted for better type safety. +const mockSetupSdk = vi.hoisted(() => vi.fn()) +const mockFindSocketYmlSync = vi.hoisted(() => vi.fn()) +const mockAddArtifactToAlertsMap = vi.hoisted(() => vi.fn()) +const mockBatchPackageStream = vi.hoisted(() => vi.fn()) + +vi.mock('./sdk.mts', () => ({ + setupSdk: mockSetupSdk, +})) + +vi.mock('./config.mts', () => ({ + findSocketYmlSync: mockFindSocketYmlSync, +})) + +vi.mock('./socket-package-alert.mts', () => ({ + addArtifactToAlertsMap: mockAddArtifactToAlertsMap, +})) + +vi.mock('./filter-config.mts', () => ({ + toFilterConfig: vi.fn(filter => filter || {}), +})) + +describe('Alerts Map', () => { + beforeEach(() => { + vi.clearAllMocks() + + // Setup default mock implementations. + mockFindSocketYmlSync.mockReturnValue({ ok: false, data: undefined }) + mockAddArtifactToAlertsMap.mockResolvedValue(undefined) + + mockBatchPackageStream.mockImplementation(async function* () { + yield { + success: true, + data: { + alerts: [], + name: 'lodash', + purl: 'pkg:npm/lodash@4.17.21', + version: '4.17.21', + }, + } + }) + + mockSetupSdk.mockResolvedValue({ + ok: true, + data: { + batchPackageStream: mockBatchPackageStream, + }, + }) + }) + + describe('getAlertsMapFromPurls', () => { + it('should pass undefined apiToken to setupSdk when not provided', async () => { + const purls = ['pkg:npm/lodash@4.17.21'] + + await getAlertsMapFromPurls(purls, { + nothrow: true, + }) + + // setupSdk should be called with undefined apiToken to let it handle token resolution. + expect(mockSetupSdk).toHaveBeenCalledWith({ apiToken: undefined }) + }) + + it('should pass provided apiToken to setupSdk when explicitly set', async () => { + const purls = ['pkg:npm/lodash@4.17.21'] + const customToken = 'sktsec_test_custom_token' + + await getAlertsMapFromPurls(purls, { + apiToken: customToken, + nothrow: true, + }) + + // setupSdk should be called with the custom token. + expect(mockSetupSdk).toHaveBeenCalledWith({ apiToken: customToken }) + }) + + it('should return empty map when no purls provided', async () => { + const alertsMap = await getAlertsMapFromPurls([], { + nothrow: true, + }) + + expect(alertsMap).toBeInstanceOf(Map) + expect(alertsMap.size).toBe(0) + // setupSdk should not be called if there are no purls. + expect(mockSetupSdk).not.toHaveBeenCalled() + }) + + it('should process purls and return alerts map', async () => { + const purls = ['pkg:npm/lodash@4.17.21', 'pkg:npm/express@4.18.2'] + + const alertsMap = await getAlertsMapFromPurls(purls, { + nothrow: true, + }) + + expect(alertsMap).toBeInstanceOf(Map) + expect(mockSetupSdk).toHaveBeenCalledWith({ apiToken: undefined }) + expect(mockBatchPackageStream).toHaveBeenCalled() + }) + + it('should handle filter options correctly', async () => { + const purls = ['pkg:npm/lodash@4.17.21'] + + await getAlertsMapFromPurls(purls, { + filter: { actions: ['error', 'warn'] }, + nothrow: true, + }) + + expect(mockSetupSdk).toHaveBeenCalled() + expect(mockBatchPackageStream).toHaveBeenCalled() + }) + }) +}) diff --git a/src/utils/pnpm-scanning.test.mts b/src/utils/pnpm-scanning.test.mts index da4bbb549..8ce325f5f 100644 --- a/src/utils/pnpm-scanning.test.mts +++ b/src/utils/pnpm-scanning.test.mts @@ -3,7 +3,7 @@ import { beforeEach, describe, expect, it, vi } from 'vitest' import { getAlertsMapFromPnpmLockfile } from './alerts-map.mts' import { extractPurlsFromPnpmLockfile, parsePnpmLockfile } from './pnpm.mts' -// Mock all dependencies with vi.hoisted for better type safety +// Mock all dependencies with vi.hoisted for better type safety. const mockGetPublicApiToken = vi.hoisted(() => vi.fn()) const mockSetupSdk = vi.hoisted(() => vi.fn()) const mockFindSocketYmlSync = vi.hoisted(() => vi.fn()) @@ -31,7 +31,7 @@ describe('PNPM Lockfile PURL Scanning', () => { beforeEach(() => { vi.clearAllMocks() - // Setup default mock implementations + // Setup default mock implementations. mockGetPublicApiToken.mockReturnValue('test-token') mockFindSocketYmlSync.mockReturnValue({ ok: false, data: undefined }) mockAddArtifactToAlertsMap.mockResolvedValue(undefined)