import { describe, it, expect, vi, beforeEach } from 'vitest';
import { analyzeDependencies } from '../src/analyzer';
import * as api from '../src/api';
// Mock API module
vi.mock('../src/api');
describe('Analyzer', () => {
beforeEach(() => {
vi.clearAllMocks();
});
it('should identify vulnerabilities from OSV', async () => {
// Setup mocks
vi.mocked(api.checkOSVBatch).mockResolvedValue([
{ vulns: [{ id: 'GHSA-123', summary: 'Bad', severity: 'HIGH' }] }
]);
vi.mocked(api.checkSocket).mockResolvedValue({ name: 'pkg', version: '1.0' });
const results = await analyzeDependencies([{ name: 'axios', version: '1.0.0' }]);
expect(results).toHaveLength(1);
expect(results[0].safe).toBe(false);
expect(results[0].vulnerabilities).toHaveLength(1);
expect(results[0].vulnerabilities[0].id).toBe('GHSA-123');
expect(results[0].vulnerabilities[0].source).toBe('OSV');
expect(results[0].vulnerabilities[0].url).toBe('https://osv.dev/vulnerability/GHSA-123');
});
it('should identify risks from Socket.dev', async () => {
vi.mocked(api.checkOSVBatch).mockResolvedValue([{}]); // No OSV vuln
vi.mocked(api.checkSocket).mockResolvedValue({
name: 'malware',
version: '6.6.6',
hasInstallScript: true,
score: { supplyChain: 50 }
});
const results = await analyzeDependencies([{ name: 'malware', version: '6.6.6' }]);
expect(results).toHaveLength(1);
expect(results[0].safe).toBe(false);
expect(results[0].risks).toHaveLength(2);
expect(results[0].risks[0].type).toBe('install_script');
expect(results[0].risks[0].source).toBe('Socket');
expect(results[0].risks[0].url).toBe('https://socket.dev/npm/package/malware/overview/6.6.6');
});
it('should return nothing if package is safe', async () => {
vi.mocked(api.checkOSVBatch).mockResolvedValue([{}]);
vi.mocked(api.checkSocket).mockResolvedValue({
name: 'pkg',
version: '1.0',
hasInstallScript: false,
score: { supplyChain: 99 }
});
const results = await analyzeDependencies([{ name: 'react', version: '18.0.0' }]);
expect(results).toHaveLength(0);
});
});
