test: add authenticated scan command tests #23
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add new scan command for discovering packages with available patches - Create crawlers module with NpmCrawler for node_modules traversal - Support local and global package crawling with batch yielding - Add batch API support to api-client for efficient PURL lookups - Include comprehensive tests for crawlers and scan output formatting 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
The public proxy cannot cache POST /patch/batch requests because Cloudflare CDN cannot cache requests with varying bodies. Modified searchPatchesBatch to fall back to individual GET /patch/by-package/:purl requests when using the public proxy, which ARE cacheable. Changes: - Add searchPatchesBatchViaIndividualQueries method with concurrency limiting - Convert individual SearchResponse to BatchSearchResponse format - Add severity ordering and CVE/GHSA extraction helpers - Add unit tests for batch vs individual query conversion logic 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Update api-client to send { components: [{purl: ...}] } instead of
{ purls: [...] } to match the server's CDX-compatible API format.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
- Include all patches (free and paid) in scan results - Show patch counts as "free+paid" format (e.g., "2+3") - Highlight paid patches in yellow when user lacks access - Add summary showing additional patches available with paid subscription - Include upgrade link to Socket pricing page 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
When a free-tier user attempts to download a paid patch: - Show prominent upgrade CTA with link to https://socket.dev/pricing - Display patch info (PURL, tier) so user knows what they're missing - Show count of paid patches in package selection UI - Include upgrade messaging when all available patches are paid 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
- Add lightweight terminal spinner utility for CLI progress indication - Show scanning progress with package count and relative path - Optimize npm crawler to only scan local node_modules by default - Add recursive workspace support while skipping symlinks - Skip following symlinks into nested node_modules (pnpm optimization) - Support well-known global paths for --global mode
Add comprehensive unit tests for the scan command's authenticated API flow: - Paid tier token authentication with Bearer header - Free tier (public proxy) without authentication - Batch mode scanning with multiple packages - Public proxy fallback to individual GET requests - Error handling (401, 403, 429, 500) - getAPIClientFromEnv behavior for both tiers Tests verify: - Paid tier can access both free and paid patches - Free tier only accesses free patches via public proxy - Batch POST endpoint used for authenticated API - Individual GET requests used for public proxy - Proper error messages for auth failures Co-Authored-By: Claude <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add comprehensive unit tests for the scan command's authenticated API flow.
Summary
Test Coverage
Test Plan
node --test dist/commands/scan-authenticated.test.js🤖 Generated with Claude Code