stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

up
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-13 09:37:15 +02:00
parent e00f6365da
commit 6e45066e37
349 changed files with 17160 additions and 1867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Bun/BunLanguageAnalyzerTests.cs
View File

@@ -196,6 +196,25 @@ public sealed class BunLanguageAnalyzerTests
cancellationToken);
}
[Fact]
public async Task PatchedMultiVersionIsParsedAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var fixturePath = TestPaths.ResolveFixture("lang", "bun", "patched-multi-version");
var goldenPath = Path.Combine(fixturePath, "expected.json");
var analyzers = new ILanguageAnalyzer[]
{
new BunLanguageAnalyzer()
};
await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
fixturePath,
goldenPath,
analyzers,
cancellationToken);
}
[Fact]
public async Task DeepDependencyTreeIsParsedAsync()
{
@@ -252,4 +271,80 @@ public sealed class BunLanguageAnalyzerTests
analyzers,
cancellationToken);
}
[Fact]
public async Task ContainerLayersAreDiscoveredAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var fixturePath = TestPaths.ResolveFixture("lang", "bun", "container-layers");
var goldenPath = Path.Combine(fixturePath, "expected.json");
var analyzers = new ILanguageAnalyzer[]
{
new BunLanguageAnalyzer()
};
await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
fixturePath,
goldenPath,
analyzers,
cancellationToken);
}
[Fact]
public async Task BunfigOnlyEmitsDeclaredOnlyAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var fixturePath = TestPaths.ResolveFixture("lang", "bun", "bunfig-only");
var goldenPath = Path.Combine(fixturePath, "expected.json");
var analyzers = new ILanguageAnalyzer[]
{
new BunLanguageAnalyzer()
};
await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
fixturePath,
goldenPath,
analyzers,
cancellationToken);
}
[Fact]
public async Task LockfileDevClassificationIsDeterministicAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var fixturePath = TestPaths.ResolveFixture("lang", "bun", "lockfile-dev-classification");
var goldenPath = Path.Combine(fixturePath, "expected.json");
var analyzers = new ILanguageAnalyzer[]
{
new BunLanguageAnalyzer()
};
await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
fixturePath,
goldenPath,
analyzers,
cancellationToken);
}
[Fact]
public async Task NonConcreteVersionsUseExplicitKeyAsync()
{
var cancellationToken = TestContext.Current.CancellationToken;
var fixturePath = TestPaths.ResolveFixture("lang", "bun", "non-concrete-versions");
var goldenPath = Path.Combine(fixturePath, "expected.json");
var analyzers = new ILanguageAnalyzer[]
{
new BunLanguageAnalyzer()
};
await LanguageAnalyzerTestHarness.AssertDeterministicAsync(
fixturePath,
goldenPath,
analyzers,
cancellationToken);
}
}

2
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/bunfig-only/bunfig.toml Normal file
View File

@@ -0,0 +1,2 @@
[install]
cache = false

74
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/bunfig-only/expected.json Normal file
View File

@@ -0,0 +1,74 @@
[
{
"analyzerId": "bun",
"componentKey": "explicit::bun::npm::left-pad::sha256:8ad9c18ee1a619ce3a224346fe984c4ced211ac443ebf7d709a93f1343ef8ba2",
"name": "left-pad",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"declared.locator": "package.json#dependencies",
"declared.scope": "prod",
"declared.source": "package.json",
"declared.sourceType": "range",
"declared.versionSpec": "^1.3.0",
"declaredOnly": "true",
"packageManager": "bun"
},
"evidence": [
{
"kind": "file",
"source": "package.json",
"locator": "package.json",
"sha256": "465919e1195aa0b066f473c55341df77abff6a6b7d62e25d63ccfb7c13e3287b"
}
]
},
{
"analyzerId": "bun",
"componentKey": "explicit::bun::npm::local-file::sha256:61b6ef7b8e24fe3a1e1080296c61f2ca4ad8839f453e24cb8adf874678521caa",
"name": "local-file",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"declared.locator": "package.json#dependencies",
"declared.scope": "prod",
"declared.source": "package.json",
"declared.sourceType": "file",
"declared.versionSpec": "file:../local-file",
"declaredOnly": "true",
"packageManager": "bun"
},
"evidence": [
{
"kind": "file",
"source": "package.json",
"locator": "package.json",
"sha256": "465919e1195aa0b066f473c55341df77abff6a6b7d62e25d63ccfb7c13e3287b"
}
]
},
{
"analyzerId": "bun",
"componentKey": "explicit::bun::npm::typescript::sha256:5a0a88f051ea20b8875334dadc5bce3c0861d146b151ab7bab95654541b7a168",
"name": "typescript",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"declared.locator": "package.json#devDependencies",
"declared.scope": "dev",
"declared.source": "package.json",
"declared.sourceType": "range",
"declared.versionSpec": "~5.3.0",
"declaredOnly": "true",
"packageManager": "bun"
},
"evidence": [
{
"kind": "file",
"source": "package.json",
"locator": "package.json",
"sha256": "465919e1195aa0b066f473c55341df77abff6a6b7d62e25d63ccfb7c13e3287b"
}
]
}
]

11
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/bunfig-only/package.json Normal file
View File

@@ -0,0 +1,11 @@
{
"name": "bunfig-only-fixture",
"private": true,
"dependencies": {
"left-pad": "^1.3.0",
"local-file": "file:../local-file"
},
"devDependencies": {
"typescript": "~5.3.0"
}
}

6
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/container-layers/.layers/layer0/app/bun.lock Normal file
View File

@@ -0,0 +1,6 @@
{
"lockfileVersion": 1,
"packages": {
"ms@2.1.3": ["https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="]
}
}

7
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/container-layers/.layers/layer0/app/package.json Normal file
View File

@@ -0,0 +1,7 @@
{
"name": "bun-container-layers-fixture",
"version": "1.0.0",
"dependencies": {
"ms": "^2.1.3"
}
}

34
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/container-layers/expected.json Normal file
View File

@@ -0,0 +1,34 @@
[
{
"analyzerId": "bun",
"componentKey": "purl::pkg:npm/ms@2.1.3",
"purl": "pkg:npm/ms@2.1.3",
"name": "ms",
"version": "2.1.3",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"direct": "true",
"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
"packageManager": "bun",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"source": "bun.lock"
},
"evidence": [
{
"kind": "metadata",
"source": "integrity",
"locator": ".layers/layer0/app/bun.lock:packages[ms@2.1.3]",
"value": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
"sha256": "4a384b14aba7740bd500cdf0da7329a41a2940662e9b1fcab1fbc71c6c8389e7"
},
{
"kind": "metadata",
"source": "resolved",
"locator": ".layers/layer0/app/bun.lock:packages[ms@2.1.3]",
"value": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"sha256": "4a384b14aba7740bd500cdf0da7329a41a2940662e9b1fcab1fbc71c6c8389e7"
}
]
}
]

15
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/custom-registry/expected.json
View File

@@ -22,20 +22,23 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/@company/internal-pkg/package.json"
"locator": "node_modules/@company/internal-pkg/package.json",
"sha256": "f5311f43a95bd76e1912dbd7d0a5b3611baa9e82bcf72d5dc7f34c5f71f0ddf4"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-customhash123=="
"locator": "bun.lock:packages[@company/internal-pkg@1.0.0]",
"value": "sha512-customhash123==",
"sha256": "eb3bacf736d4a1b3cf9e02357afc1add9f20323916ce62cf8748c9ad9a80f195"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://npm.company.com/@company/internal-pkg/-/internal-pkg-1.0.0.tgz"
"locator": "bun.lock:packages[@company/internal-pkg@1.0.0]",
"value": "https://npm.company.com/@company/internal-pkg/-/internal-pkg-1.0.0.tgz",
"sha256": "eb3bacf736d4a1b3cf9e02357afc1add9f20323916ce62cf8748c9ad9a80f195"
}
]
}
]
]

28
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/deep-tree/expected.json
View File

@@ -19,19 +19,22 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/debug/package.json"
"locator": "node_modules/debug/package.json",
"sha256": "2258b5b4d7e5ed711aeef1a86d5d9e5abf2a04410e05bd89ea806e423417e493"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX\u002B7G/vCNNhehwxfkQ=="
"locator": "bun.lock:packages[debug@4.3.4]",
"value": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX\u002B7G/vCNNhehwxfkQ==",
"sha256": "33d4886c0591242ffb78b5e739c5248c81559312586d59d543d48387e4bb6a2b"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz"
"locator": "bun.lock:packages[debug@4.3.4]",
"value": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
"sha256": "33d4886c0591242ffb78b5e739c5248c81559312586d59d543d48387e4bb6a2b"
}
]
},
@@ -54,20 +57,23 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/ms/package.json"
"locator": "node_modules/ms/package.json",
"sha256": "ae11c4ce44027a95893e8c890aed0c582f04e8cf1b8022931eddcb613cd9d3f7"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
"locator": "bun.lock:packages[ms@2.1.3]",
"value": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
"sha256": "33d4886c0591242ffb78b5e739c5248c81559312586d59d543d48387e4bb6a2b"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz"
"locator": "bun.lock:packages[ms@2.1.3]",
"value": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"sha256": "33d4886c0591242ffb78b5e739c5248c81559312586d59d543d48387e4bb6a2b"
}
]
}
]
]

10
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/git-dependencies/expected.json
View File

@@ -21,14 +21,16 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/my-git-pkg/package.json"
"locator": "node_modules/my-git-pkg/package.json",
"sha256": "45687abed9d301c361987ca877da135e830c80dc3ce37f9ea1c74c7df96b8bf2"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "git\u002Bhttps://github.com/user/my-git-pkg.git#abc123def456"
"locator": "bun.lock:packages[my-git-pkg@1.0.0]",
"value": "git\u002Bhttps://github.com/user/my-git-pkg.git#abc123def456",
"sha256": "819a7efc185bd1314d21aa7fdc0e5b2134a0c9b758ecd9daa62cb6cba2feddd0"
}
]
}
]
]

28
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/isolated/expected.json
View File

@@ -18,19 +18,22 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/.bun/is-number@6.0.0/package.json"
"locator": "node_modules/.bun/is-number@6.0.0/package.json",
"sha256": "0324c895ec4aa4049c77371f08e937eed97a58e442595a8834ba21afd8e100b3"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-Wu1VZAVuL1snqOnHLxJ0l2p3pjlzLnMcJ8gJhaTZVfP7VFKN7fSJ8X/gR0qFCLwfFJ0Rqd3IxfS\u002BTY/Lc1Q7Pw=="
"locator": "bun.lock:packages[is-number@6.0.0]",
"value": "sha512-Wu1VZAVuL1snqOnHLxJ0l2p3pjlzLnMcJ8gJhaTZVfP7VFKN7fSJ8X/gR0qFCLwfFJ0Rqd3IxfS\u002BTY/Lc1Q7Pw==",
"sha256": "746b6c809e50ee2d7bdb27a0ee43046d48fa5f21d7597bbadd3bd44269798812"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/is-number/-/is-number-6.0.0.tgz"
"locator": "bun.lock:packages[is-number@6.0.0]",
"value": "https://registry.npmjs.org/is-number/-/is-number-6.0.0.tgz",
"sha256": "746b6c809e50ee2d7bdb27a0ee43046d48fa5f21d7597bbadd3bd44269798812"
}
]
},
@@ -54,20 +57,23 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/.bun/is-odd@3.0.1/package.json"
"locator": "node_modules/.bun/is-odd@3.0.1/package.json",
"sha256": "beb18158821ecb86f3bb2a6be3ef817c0b8dcdc3e05a53e0b9a1c62d74a595ac"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-CQpnWPrDwmP1\u002BSMHXvTXAoSEu2mCPgMU0VKt1WcA7D8VXCo4HfVNlUbD1k8Tg0BVDX/LhyRaZqKqiS4vI6tTHg=="
"locator": "bun.lock:packages[is-odd@3.0.1]",
"value": "sha512-CQpnWPrDwmP1\u002BSMHXvTXAoSEu2mCPgMU0VKt1WcA7D8VXCo4HfVNlUbD1k8Tg0BVDX/LhyRaZqKqiS4vI6tTHg==",
"sha256": "746b6c809e50ee2d7bdb27a0ee43046d48fa5f21d7597bbadd3bd44269798812"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/is-odd/-/is-odd-3.0.1.tgz"
"locator": "bun.lock:packages[is-odd@3.0.1]",
"value": "https://registry.npmjs.org/is-odd/-/is-odd-3.0.1.tgz",
"sha256": "746b6c809e50ee2d7bdb27a0ee43046d48fa5f21d7597bbadd3bd44269798812"
}
]
}
]
]

15
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/jsonc-lockfile/expected.json
View File

@@ -19,20 +19,23 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/lodash/package.json"
"locator": "node_modules/lodash/package.json",
"sha256": "82145cd4bdc9a690c14843b405179c60aeda1a958029f6ae62776c1b26e42169"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vz1kAmtILi\u002B8fm9nJMg7b0GN8sMEJz2mxG/S7mNxhWQ7\u002BD9bF8Q=="
"locator": "bun.lock:packages[lodash@4.17.21]",
"value": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vz1kAmtILi\u002B8fm9nJMg7b0GN8sMEJz2mxG/S7mNxhWQ7\u002BD9bF8Q==",
"sha256": "7b34fdbdf0cb3e0d07e25f7d7f452491dcfad421138449217a1c20b2f66a6475"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz"
"locator": "bun.lock:packages[lodash@4.17.21]",
"value": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"sha256": "7b34fdbdf0cb3e0d07e25f7d7f452491dcfad421138449217a1c20b2f66a6475"
}
]
}
]
]

10
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/lockfile-dev-classification/bun.lock Normal file
View File

@@ -0,0 +1,10 @@
{
"lockfileVersion": 1,
"packages": {
"prod-pkg@1.0.0": ["https://registry.npmjs.org/prod-pkg/-/prod-pkg-1.0.0.tgz", null, {"shared": "^1.0.0"}],
"dev-pkg@1.0.0": ["https://registry.npmjs.org/dev-pkg/-/dev-pkg-1.0.0.tgz", null, {"dev-only": "^1.0.0"}],
"shared@1.0.0": ["https://registry.npmjs.org/shared/-/shared-1.0.0.tgz", null],
"dev-only@1.0.0": ["https://registry.npmjs.org/dev-only/-/dev-only-1.0.0.tgz", null]
}
}

98
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/lockfile-dev-classification/expected.json Normal file
View File

@@ -0,0 +1,98 @@
[
{
"analyzerId": "bun",
"componentKey": "purl::pkg:npm/dev-only@1.0.0",
"purl": "pkg:npm/dev-only@1.0.0",
"name": "dev-only",
"version": "1.0.0",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"dev": "true",
"packageManager": "bun",
"resolved": "https://registry.npmjs.org/dev-only/-/dev-only-1.0.0.tgz",
"source": "bun.lock"
},
"evidence": [
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock:packages[dev-only@1.0.0]",
"value": "https://registry.npmjs.org/dev-only/-/dev-only-1.0.0.tgz",
"sha256": "4d40cc185e492e4544a6dc3b17cdfd77096e4d4260569a243eb694befbada6ac"
}
]
},
{
"analyzerId": "bun",
"componentKey": "purl::pkg:npm/dev-pkg@1.0.0",
"purl": "pkg:npm/dev-pkg@1.0.0",
"name": "dev-pkg",
"version": "1.0.0",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"dev": "true",
"direct": "true",
"packageManager": "bun",
"resolved": "https://registry.npmjs.org/dev-pkg/-/dev-pkg-1.0.0.tgz",
"source": "bun.lock"
},
"evidence": [
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock:packages[dev-pkg@1.0.0]",
"value": "https://registry.npmjs.org/dev-pkg/-/dev-pkg-1.0.0.tgz",
"sha256": "4d40cc185e492e4544a6dc3b17cdfd77096e4d4260569a243eb694befbada6ac"
}
]
},
{
"analyzerId": "bun",
"componentKey": "purl::pkg:npm/prod-pkg@1.0.0",
"purl": "pkg:npm/prod-pkg@1.0.0",
"name": "prod-pkg",
"version": "1.0.0",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"direct": "true",
"packageManager": "bun",
"resolved": "https://registry.npmjs.org/prod-pkg/-/prod-pkg-1.0.0.tgz",
"source": "bun.lock"
},
"evidence": [
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock:packages[prod-pkg@1.0.0]",
"value": "https://registry.npmjs.org/prod-pkg/-/prod-pkg-1.0.0.tgz",
"sha256": "4d40cc185e492e4544a6dc3b17cdfd77096e4d4260569a243eb694befbada6ac"
}
]
},
{
"analyzerId": "bun",
"componentKey": "purl::pkg:npm/shared@1.0.0",
"purl": "pkg:npm/shared@1.0.0",
"name": "shared",
"version": "1.0.0",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"packageManager": "bun",
"resolved": "https://registry.npmjs.org/shared/-/shared-1.0.0.tgz",
"source": "bun.lock"
},
"evidence": [
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock:packages[shared@1.0.0]",
"value": "https://registry.npmjs.org/shared/-/shared-1.0.0.tgz",
"sha256": "4d40cc185e492e4544a6dc3b17cdfd77096e4d4260569a243eb694befbada6ac"
}
]
}
]

11
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/lockfile-dev-classification/package.json Normal file
View File

@@ -0,0 +1,11 @@
{
"name": "bun-lockfile-dev-classification-fixture",
"version": "1.0.0",
"dependencies": {
"prod-pkg": "^1.0.0"
},
"devDependencies": {
"dev-pkg": "^1.0.0"
}
}

12
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/lockfile-only/expected.json
View File

@@ -18,15 +18,17 @@
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
"locator": "bun.lock:packages[ms@2.1.3]",
"value": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
"sha256": "4a384b14aba7740bd500cdf0da7329a41a2940662e9b1fcab1fbc71c6c8389e7"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz"
"locator": "bun.lock:packages[ms@2.1.3]",
"value": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"sha256": "4a384b14aba7740bd500cdf0da7329a41a2940662e9b1fcab1fbc71c6c8389e7"
}
]
}
]
]

28
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/multi-workspace/expected.json
View File

@@ -19,19 +19,22 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/lodash/package.json"
"locator": "node_modules/lodash/package.json",
"sha256": "82145cd4bdc9a690c14843b405179c60aeda1a958029f6ae62776c1b26e42169"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vz1kAmtILi\u002B8fm9nJMg7b0GN8sMEJz2mxG/S7mNxhWQ7\u002BD9bF8Q=="
"locator": "bun.lock:packages[lodash@4.17.21]",
"value": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vz1kAmtILi\u002B8fm9nJMg7b0GN8sMEJz2mxG/S7mNxhWQ7\u002BD9bF8Q==",
"sha256": "8a0d37c3761b81514ee397c3836ccff48167ce6aa1afdfd484ca7679e586df4a"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz"
"locator": "bun.lock:packages[lodash@4.17.21]",
"value": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"sha256": "8a0d37c3761b81514ee397c3836ccff48167ce6aa1afdfd484ca7679e586df4a"
}
]
},
@@ -55,20 +58,23 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/ms/package.json"
"locator": "node_modules/ms/package.json",
"sha256": "ae11c4ce44027a95893e8c890aed0c582f04e8cf1b8022931eddcb613cd9d3f7"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
"locator": "bun.lock:packages[ms@2.1.3]",
"value": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
"sha256": "8a0d37c3761b81514ee397c3836ccff48167ce6aa1afdfd484ca7679e586df4a"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz"
"locator": "bun.lock:packages[ms@2.1.3]",
"value": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"sha256": "8a0d37c3761b81514ee397c3836ccff48167ce6aa1afdfd484ca7679e586df4a"
}
]
}
]
]

11
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/multi-workspace/package.json Normal file
View File

@@ -0,0 +1,11 @@
{
"name": "bun-multi-workspace-fixture",
"version": "1.0.0",
"workspaces": [
"packages/*"
],
"dependencies": {
"lodash": "^4.17.21",
"ms": "^2.1.3"
}
}

21
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/non-concrete-versions/bun.lock Normal file
View File

@@ -0,0 +1,21 @@
{
"lockfileVersion": 1,
"packages": {
"file-pkg@file:../file-pkg.tgz": [
"file:../file-pkg.tgz",
null,
{}
],
"link-pkg@link:../link-pkg": [
"link:../link-pkg",
null,
{}
],
"local-pkg@workspace:*": [
"workspace:packages/local-pkg",
null,
{}
]
}
}

80
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/non-concrete-versions/expected.json Normal file
View File

@@ -0,0 +1,80 @@
[
{
"analyzerId": "bun",
"componentKey": "explicit::bun::npm::file-pkg::sha256:c541f5764a7e2fdea9fc5789b13e404f8e15ffc8db0110a81346552c607c89ff",
"name": "file-pkg",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"direct": "true",
"nonConcreteVersion": "true",
"packageManager": "bun",
"resolved": "file:../file-pkg.tgz",
"source": "bun.lock",
"sourceType": "file",
"specifier": "file:../file-pkg.tgz",
"versionSpec": "file:../file-pkg.tgz"
},
"evidence": [
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock:packages[file-pkg@file:../file-pkg.tgz]",
"value": "file:../file-pkg.tgz",
"sha256": "d7ae02476b6737ea3056226ea69e36bacb664feacd7a5223bc66ea287757656b"
}
]
},
{
"analyzerId": "bun",
"componentKey": "explicit::bun::npm::link-pkg::sha256:ebb0c3119ab319e05c02e2448f1d6b4a23dc69076bf8dbfbe95657a3405d1b11",
"name": "link-pkg",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"direct": "true",
"nonConcreteVersion": "true",
"packageManager": "bun",
"resolved": "link:../link-pkg",
"source": "bun.lock",
"sourceType": "link",
"specifier": "link:../link-pkg",
"versionSpec": "link:../link-pkg"
},
"evidence": [
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock:packages[link-pkg@link:../link-pkg]",
"value": "link:../link-pkg",
"sha256": "d7ae02476b6737ea3056226ea69e36bacb664feacd7a5223bc66ea287757656b"
}
]
},
{
"analyzerId": "bun",
"componentKey": "explicit::bun::npm::local-pkg::sha256:cafb6902358bb6a2503a67d71abe50446cdcb3c8359dfb6f3ab00ee1672a5c07",
"name": "local-pkg",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"direct": "true",
"nonConcreteVersion": "true",
"packageManager": "bun",
"resolved": "workspace:packages/local-pkg",
"source": "bun.lock",
"sourceType": "workspace",
"specifier": "workspace:packages/local-pkg",
"versionSpec": "workspace:*"
},
"evidence": [
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock:packages[local-pkg@workspace:*]",
"value": "workspace:packages/local-pkg",
"sha256": "d7ae02476b6737ea3056226ea69e36bacb664feacd7a5223bc66ea287757656b"
}
]
}
]

10
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/non-concrete-versions/package.json Normal file
View File

@@ -0,0 +1,10 @@
{
"name": "non-concrete-versions",
"version": "1.0.0",
"dependencies": {
"file-pkg": "file:../file-pkg.tgz",
"link-pkg": "link:../link-pkg",
"local-pkg": "workspace:*"
}
}

8
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/patched-multi-version/bun.lock Normal file
View File

@@ -0,0 +1,8 @@
{
"lockfileVersion": 1,
"packages": {
"lodash@4.17.21": ["https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", "sha512-lodash-421"],
"lodash@4.17.20": ["https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz", "sha512-lodash-420"]
}
}

86
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/patched-multi-version/expected.json Normal file
View File

@@ -0,0 +1,86 @@
[
{
"analyzerId": "bun",
"componentKey": "purl::pkg:npm/lodash@4.17.20",
"purl": "pkg:npm/lodash@4.17.20",
"name": "lodash",
"version": "4.17.20",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"direct": "true",
"integrity": "sha512-lodash-420",
"packageManager": "bun",
"patchFile": "patches/lodash@4.17.20.patch",
"patched": "true",
"path": "node_modules/a/node_modules/lodash",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
"scopeUnknown": "true",
"source": "node_modules"
},
"evidence": [
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/a/node_modules/lodash/package.json",
"sha256": "a883443850ed2188979ee56e2cf8200fa34935a65aae606d85d1aaa60d8ff32e"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock:packages[lodash@4.17.20]",
"value": "sha512-lodash-420",
"sha256": "e83cd6aa810c1a8af47d6ae0eb621a8a5dc13b23ec08925ad9b5ff4d035cfc7c"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock:packages[lodash@4.17.20]",
"value": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
"sha256": "e83cd6aa810c1a8af47d6ae0eb621a8a5dc13b23ec08925ad9b5ff4d035cfc7c"
}
]
},
{
"analyzerId": "bun",
"componentKey": "purl::pkg:npm/lodash@4.17.21",
"purl": "pkg:npm/lodash@4.17.21",
"name": "lodash",
"version": "4.17.21",
"type": "npm",
"usedByEntrypoint": false,
"metadata": {
"direct": "true",
"integrity": "sha512-lodash-421",
"packageManager": "bun",
"patchFile": "patches/lodash@4.17.21.patch",
"patched": "true",
"path": "node_modules/lodash",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"scopeUnknown": "true",
"source": "node_modules"
},
"evidence": [
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/lodash/package.json",
"sha256": "1bb77ea984b96ef61781adcc6299a2a1c5f9e42dcf594264cdbb96aa06f5c813"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock:packages[lodash@4.17.21]",
"value": "sha512-lodash-421",
"sha256": "e83cd6aa810c1a8af47d6ae0eb621a8a5dc13b23ec08925ad9b5ff4d035cfc7c"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock:packages[lodash@4.17.21]",
"value": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"sha256": "e83cd6aa810c1a8af47d6ae0eb621a8a5dc13b23ec08925ad9b5ff4d035cfc7c"
}
]
}
]

12
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/patched-multi-version/package.json Normal file
View File

@@ -0,0 +1,12 @@
{
"name": "patched-multi-version-fixture",
"version": "1.0.0",
"dependencies": {
"lodash": "^4.17.21"
},
"patchedDependencies": {
"lodash@4.17.21": "patches/lodash@4.17.21.patch",
"lodash@4.17.20": "patches/lodash@4.17.20.patch"
}
}

8
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/patched-multi-version/patches/lodash@4.17.20.patch Normal file
View File

@@ -0,0 +1,8 @@
diff --git a/index.js b/index.js
index 0000000..2222222 100644
--- a/index.js
+++ b/index.js
@@
-// placeholder
+// patched

8
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/patched-multi-version/patches/lodash@4.17.21.patch Normal file
View File

@@ -0,0 +1,8 @@
diff --git a/index.js b/index.js
index 0000000..1111111 100644
--- a/index.js
+++ b/index.js
@@
-// placeholder
+// patched

15
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/patched-packages/expected.json
View File

@@ -21,20 +21,23 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/lodash/package.json"
"locator": "node_modules/lodash/package.json",
"sha256": "82145cd4bdc9a690c14843b405179c60aeda1a958029f6ae62776c1b26e42169"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vz1kAmtILi\u002B8fm9nJMg7b0GN8sMEJz2mxG/S7mNxhWQ7\u002BD9bF8Q=="
"locator": "bun.lock:packages[lodash@4.17.21]",
"value": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vz1kAmtILi\u002B8fm9nJMg7b0GN8sMEJz2mxG/S7mNxhWQ7\u002BD9bF8Q==",
"sha256": "61ff5c565c08f6564bd16153c10feba4a171986510aaf40f84fe710eabd180c2"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz"
"locator": "bun.lock:packages[lodash@4.17.21]",
"value": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"sha256": "61ff5c565c08f6564bd16153c10feba4a171986510aaf40f84fe710eabd180c2"
}
]
}
]
]

28
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/scoped-packages/expected.json
View File

@@ -19,19 +19,22 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/@babel/core/package.json"
"locator": "node_modules/@babel/core/package.json",
"sha256": "c4d995bed6c0ec71ccf6ecb74ee8f20b1431798bd93e54182afcb6870b6cfa23"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-fQfkg0Gjkza3nf0c7/w6Xf34BW4YvzNfACRLmmb7XRLa6XHdR\u002BK9AlJlxneFfWYf6uhOzuzZVTjF/8KfndZANw=="
"locator": "bun.lock:packages[@babel/core@7.24.0]",
"value": "sha512-fQfkg0Gjkza3nf0c7/w6Xf34BW4YvzNfACRLmmb7XRLa6XHdR\u002BK9AlJlxneFfWYf6uhOzuzZVTjF/8KfndZANw==",
"sha256": "6ffde82e85e550d36bdb577210cd80c56cbd36c02dbfb4d8ec6ada27643bcd2d"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/@babel/core/-/core-7.24.0.tgz"
"locator": "bun.lock:packages[@babel/core@7.24.0]",
"value": "https://registry.npmjs.org/@babel/core/-/core-7.24.0.tgz",
"sha256": "6ffde82e85e550d36bdb577210cd80c56cbd36c02dbfb4d8ec6ada27643bcd2d"
}
]
},
@@ -55,20 +58,23 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/@types/node/package.json"
"locator": "node_modules/@types/node/package.json",
"sha256": "db7446931abf3479f92734485e30ee7631923d056bcfa5b210159008524f40e2"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-o9bjXmDNcF7GbM4CNQpmi\u002BTutCgap/K3w1JyKgxXjVJa7b8XWCF/wPH2E/0Vz9e\u002BV1B3eXX0WCw\u002BINcAobvUag=="
"locator": "bun.lock:packages[@types/node@20.11.0]",
"value": "sha512-o9bjXmDNcF7GbM4CNQpmi\u002BTutCgap/K3w1JyKgxXjVJa7b8XWCF/wPH2E/0Vz9e\u002BV1B3eXX0WCw\u002BINcAobvUag==",
"sha256": "6ffde82e85e550d36bdb577210cd80c56cbd36c02dbfb4d8ec6ada27643bcd2d"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/@types/node/-/node-20.11.0.tgz"
"locator": "bun.lock:packages[@types/node@20.11.0]",
"value": "https://registry.npmjs.org/@types/node/-/node-20.11.0.tgz",
"sha256": "6ffde82e85e550d36bdb577210cd80c56cbd36c02dbfb4d8ec6ada27643bcd2d"
}
]
}
]
]

15
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/standard/expected.json
View File

@@ -19,20 +19,23 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/lodash/package.json"
"locator": "node_modules/lodash/package.json",
"sha256": "bfe21067561ba47f62c290400e6208b95ac875f0c41e00c4dddce889e8a8ad4e"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vz1kAmtILi\u002B8fm9nJMg7b0GN8sMEJz2mxG/S7mNxhWQ7\u002BD9bF8Q=="
"locator": "bun.lock:packages[lodash@4.17.21]",
"value": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vz1kAmtILi\u002B8fm9nJMg7b0GN8sMEJz2mxG/S7mNxhWQ7\u002BD9bF8Q==",
"sha256": "61ff5c565c08f6564bd16153c10feba4a171986510aaf40f84fe710eabd180c2"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz"
"locator": "bun.lock:packages[lodash@4.17.21]",
"value": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"sha256": "61ff5c565c08f6564bd16153c10feba4a171986510aaf40f84fe710eabd180c2"
}
]
}
]
]

15
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/symlinks/expected.json
View File

@@ -19,20 +19,23 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/safe-pkg/package.json"
"locator": "node_modules/safe-pkg/package.json",
"sha256": "1ade6129984f59a954ec2c175075e74cb2759ba97b9b04acf76537262b0f35af"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-abc123"
"locator": "bun.lock:packages[safe-pkg@1.0.0]",
"value": "sha512-abc123",
"sha256": "54dd0b2c2f30e59b29970d34350d083b295789e056e849361da5be932d1ef747"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/safe-pkg/-/safe-pkg-1.0.0.tgz"
"locator": "bun.lock:packages[safe-pkg@1.0.0]",
"value": "https://registry.npmjs.org/safe-pkg/-/safe-pkg-1.0.0.tgz",
"sha256": "54dd0b2c2f30e59b29970d34350d083b295789e056e849361da5be932d1ef747"
}
]
}
]
]

15
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Fixtures/lang/bun/workspaces/expected.json
View File

@@ -19,20 +19,23 @@
{
"kind": "file",
"source": "node_modules",
"locator": "node_modules/chalk/package.json"
"locator": "node_modules/chalk/package.json",
"sha256": "7d6ff4f365c8d42bae13a48bb4bc84e4cef4e7a7bd7b211e0662ef62fb675736"
},
{
"kind": "metadata",
"source": "integrity",
"locator": "bun.lock",
"value": "sha512-dLitG79d\u002BGV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos\u002Buw7WmWF4wUwBd9jxjocFC2w=="
"locator": "bun.lock:packages[chalk@5.3.0]",
"value": "sha512-dLitG79d\u002BGV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos\u002Buw7WmWF4wUwBd9jxjocFC2w==",
"sha256": "8706c5aecdc68ae4f06c6a2f1bfa9e431e473a961c2f32063911febaba0c65cc"
},
{
"kind": "metadata",
"source": "resolved",
"locator": "bun.lock",
"value": "https://registry.npmjs.org/chalk/-/chalk-5.3.0.tgz"
"locator": "bun.lock:packages[chalk@5.3.0]",
"value": "https://registry.npmjs.org/chalk/-/chalk-5.3.0.tgz",
"sha256": "8706c5aecdc68ae4f06c6a2f1bfa9e431e473a961c2f32063911febaba0c65cc"
}
]
}
]
]

26
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Parsers/BunLockParserTests.cs
View File

@@ -322,7 +322,31 @@ public sealed class BunLockParserTests
Assert.Single(result.AllEntries);
var entry = result.AllEntries[0];
Assert.Single(entry.Dependencies);
Assert.Contains("ms", entry.Dependencies);
Assert.Equal("ms", entry.Dependencies[0].Name);
Assert.Equal("^2.1.3", entry.Dependencies[0].Specifier);
Assert.False(entry.Dependencies[0].IsOptionalPeer);
}
[Fact]
public void Parse_ArrayFormat_ExtractsOptionalPeerDependencies()
{
var content = """
{
"lockfileVersion": 1,
"packages": {
"pkg@1.0.0": ["https://registry.npmjs.org/pkg/-/pkg-1.0.0.tgz", null, {}, {"react": "^18.0.0"}]
}
}
""";
var result = BunLockParser.Parse(content);
Assert.Single(result.AllEntries);
var entry = result.AllEntries[0];
Assert.Single(entry.Dependencies);
Assert.Equal("react", entry.Dependencies[0].Name);
Assert.Equal("^18.0.0", entry.Dependencies[0].Specifier);
Assert.True(entry.Dependencies[0].IsOptionalPeer);
}
[Fact]

30
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Parsers/BunLockScopeClassifierTests.cs Normal file
View File

@@ -0,0 +1,30 @@
using StellaOps.Scanner.Analyzers.Lang.Bun.Internal;
using StellaOps.Scanner.Analyzers.Lang.Tests.TestUtilities;
namespace StellaOps.Scanner.Analyzers.Lang.Bun.Tests.Parsers;
public sealed class BunLockScopeClassifierTests
{
[Fact]
public void IncludeDevFalse_FiltersDevOnlyPackages()
{
var fixturePath = TestPaths.ResolveFixture("lang", "bun", "lockfile-dev-classification");
var lockPath = Path.Combine(fixturePath, "bun.lock");
var lockData = BunLockParser.Parse(File.ReadAllText(lockPath));
var declared = BunDeclaredDependencyCollector.Collect(fixturePath);
var classified = BunLockScopeClassifier.Classify(lockData, declared);
Assert.True(classified.FindEntry("dev-pkg", "1.0.0")?.IsDev ?? false);
Assert.True(classified.FindEntry("dev-only", "1.0.0")?.IsDev ?? false);
Assert.False(classified.FindEntry("prod-pkg", "1.0.0")?.IsDev ?? true);
Assert.False(classified.FindEntry("shared", "1.0.0")?.IsDev ?? true);
var filtered = BunLockInventory.ExtractPackages(classified, includeDev: false);
Assert.DoesNotContain(filtered, package => package.Name == "dev-pkg");
Assert.DoesNotContain(filtered, package => package.Name == "dev-only");
Assert.Contains(filtered, package => package.Name == "prod-pkg");
Assert.Contains(filtered, package => package.Name == "shared");
}
}

4
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Parsers/BunPackageTests.cs
View File

@@ -222,7 +222,7 @@ public sealed class BunPackageTests
var resolvedEvidence = evidence.FirstOrDefault(e => e.Source == "resolved");
Assert.NotNull(resolvedEvidence);
Assert.Equal(LanguageEvidenceKind.Metadata, resolvedEvidence.Kind);
Assert.Equal("bun.lock", resolvedEvidence.Locator);
Assert.Equal("bun.lock:packages[lodash@4.17.21]", resolvedEvidence.Locator);
Assert.Equal("https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", resolvedEvidence.Value);
// Integrity evidence
@@ -265,7 +265,7 @@ public sealed class BunPackageTests
IsOptional = false,
IsPeer = false,
SourceType = "npm",
Dependencies = new List<string> { "debug" }
Dependencies = new List<BunLockDependency> { new("debug", "^4.3.4", IsOptionalPeer: false) }
};
var package = BunPackage.FromLockEntry(lockEntry, "bun.lock");

13
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/Parsers/BunWorkspaceHelperTests.cs
View File

@@ -192,8 +192,8 @@ public sealed class BunWorkspaceHelperTests : IDisposable
var result = BunWorkspaceHelper.ParseWorkspaceInfo(_tempDir);
Assert.Single(result.PatchedDependencies);
Assert.True(result.PatchedDependencies.ContainsKey("lodash"));
Assert.Equal("patches/lodash@4.17.21.patch", result.PatchedDependencies["lodash"]);
Assert.True(result.PatchedDependencies.ContainsKey("lodash@4.17.21"));
Assert.Equal("patches/lodash@4.17.21.patch", result.PatchedDependencies["lodash@4.17.21"]);
}
[Fact]
@@ -215,8 +215,10 @@ public sealed class BunWorkspaceHelperTests : IDisposable
var result = BunWorkspaceHelper.ParseWorkspaceInfo(_tempDir);
Assert.Equal(2, result.PatchedDependencies.Count);
Assert.True(result.PatchedDependencies.ContainsKey("lodash"));
Assert.True(result.PatchedDependencies.ContainsKey("@babel+core"));
Assert.True(result.PatchedDependencies.ContainsKey("lodash@4.17.21"));
Assert.Equal("patches/lodash@4.17.21.patch", result.PatchedDependencies["lodash@4.17.21"]);
Assert.True(result.PatchedDependencies.ContainsKey("@babel/core@7.24.0"));
Assert.Equal("patches/@babel+core@7.24.0.patch", result.PatchedDependencies["@babel/core@7.24.0"]);
}
[Fact]
@@ -237,7 +239,8 @@ public sealed class BunWorkspaceHelperTests : IDisposable
var result = BunWorkspaceHelper.ParseWorkspaceInfo(_tempDir);
Assert.Single(result.PatchedDependencies);
Assert.True(result.PatchedDependencies.ContainsKey("ms"));
Assert.True(result.PatchedDependencies.ContainsKey("ms@2.1.3"));
Assert.Equal(".patches/ms@2.1.3.patch", result.PatchedDependencies["ms@2.1.3"]);
}
[Fact]

2
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests/StellaOps.Scanner.Analyzers.Lang.Bun.Tests.csproj
View File

@@ -17,12 +17,10 @@
<PackageReference Remove="xunit" />
<PackageReference Remove="xunit.runner.visualstudio" />
<PackageReference Remove="Microsoft.AspNetCore.Mvc.Testing" />
<PackageReference Remove="Mongo2Go" />
<PackageReference Remove="coverlet.collector" />
<PackageReference Remove="Microsoft.Extensions.TimeProvider.Testing" />
<ProjectReference Remove="..\StellaOps.Concelier.Testing\StellaOps.Concelier.Testing.csproj" />
<Compile Remove="$(MSBuildThisFileDirectory)..\StellaOps.Concelier.Tests.Shared\AssemblyInfo.cs" />
<Compile Remove="$(MSBuildThisFileDirectory)..\StellaOps.Concelier.Tests.Shared\MongoFixtureCollection.cs" />
<Using Remove="StellaOps.Concelier.Testing" />
</ItemGroup>