Merge pull request #284 from NodeSecure/update-eslint-v2

fraxken · web-flow · commit 833d93d1a4e0 · 2025-05-31T20:06:42.000+02:00
chore: update eslint-config to v2.x
diff --git a/package.json b/package.json
@@ -46,7 +46,7 @@
   },
   "homepage": "https://github.com/NodeSecure/vulnera#readme",
   "devDependencies": {
-    "@openally/config.eslint": "^1.3.0",
+    "@openally/config.eslint": "^2.1.0",
     "@openally/config.typescript": "^1.0.3",
     "@slimio/is": "^2.0.0",
     "@types/node": "^22.1.0",
@@ -60,7 +60,7 @@
     "@myunisoft/httpie": "^5.0.0",
     "@nodesecure/npm-registry-sdk": "^3.0.0",
     "@npmcli/arborist": "^9.0.0",
-    "@pnpm/audit": "^1002.0.0",
+    "@pnpm/audit": "1001.0.2",
     "@pnpm/lockfile-file": "^9.1.1"
   }
 }
diff --git a/src/database/nvd.ts b/src/database/nvd.ts
@@ -1,4 +1,4 @@
-// Import Third-Party Dependencies
+// Import Third-party Dependencies
 import * as httpie from "@myunisoft/httpie";
 
 // Import Internal Dependencies
diff --git a/src/database/osv.ts b/src/database/osv.ts
@@ -1,4 +1,4 @@
-// Import Third-Party Dependencies
+// Import Third-party Dependencies
 import * as httpie from "@myunisoft/httpie";
 
 // Import Internal Dependencies
diff --git a/src/database/snyk.ts b/src/database/snyk.ts
@@ -1,4 +1,4 @@
-// Import Third-Party Dependencies
+// Import Third-party Dependencies
 import * as httpie from "@myunisoft/httpie";
 
 // Import Internal Dependencies
diff --git a/src/index.ts b/src/index.ts
@@ -1,3 +1,4 @@
+// Import Internal Dependencies
 import {
   GitHubAdvisoryStrategy,
   type GithubAdvisoryStrategyDefinition,
diff --git a/src/strategies/sonatype.ts b/src/strategies/sonatype.ts
@@ -1,4 +1,4 @@
-// Import Third-Party Dependencies
+// Import Third-party Dependencies
 import * as httpie from "@myunisoft/httpie";
 
 // Import Internal Dependencies
diff --git a/src/strategies/types/api.ts b/src/strategies/types/api.ts
@@ -1,4 +1,4 @@
-// Import Internal Types
+// Import Internal Dependencies
 import type { Dependencies } from "./scanner.js";
 import type { StandardVulnerability } from "../../formats/standard/index.js";
 import type { Kind } from "../../constants.js";
diff --git a/test/database/nvd.unit.spec.ts b/test/database/nvd.unit.spec.ts
@@ -4,7 +4,7 @@ import assert from "node:assert";
 
 // Import Internal Dependencies
 import {
-  kHttpClientHeaders,
+  HTTP_CLIENT_HEADERS,
   setupHttpAgentMock
 } from "../strategies/utils.js";
 import { nvd } from "../../src/database/index.js";
@@ -29,7 +29,7 @@ describe("nvd", () => {
         path: `${new URL(nvd.ROOT_API).pathname}?${queryString}`,
         method: "GET"
       })
-      .reply(200, expectedResponse, kHttpClientHeaders);
+      .reply(200, expectedResponse, HTTP_CLIENT_HEADERS);
 
     const vulns = await nvd.findOne({
       packageName: "express",
@@ -39,7 +39,7 @@ describe("nvd", () => {
     assert.deepStrictEqual(vulns, expectedResponse.vulnerabilities);
   });
 
-  test(`should send a GET http request with severity parameter`, async() => {
+  test("should send a GET http request with severity parameter", async() => {
     const expectedResponse = { vulnerabilities: ["cve-data-1"] };
     const params = new URLSearchParams();
     params.append("keywordSearch", "express");
@@ -51,7 +51,7 @@ describe("nvd", () => {
         path: `${new URL(nvd.ROOT_API).pathname}?${queryString}`,
         method: "GET"
       })
-      .reply(200, expectedResponse, kHttpClientHeaders);
+      .reply(200, expectedResponse, HTTP_CLIENT_HEADERS);
 
     const vulns = await nvd.findOne({
       packageName: "express",
@@ -62,7 +62,7 @@ describe("nvd", () => {
     assert.deepStrictEqual(vulns, expectedResponse.vulnerabilities);
   });
 
-  test(`should send a GET http request to the NVD API using findOneBySpec`, async() => {
+  test("should send a GET http request to the NVD API using findOneBySpec", async() => {
     const expectedResponse = { vulnerabilities: ["cve-data-1", "cve-data-2"] };
     const packageName = "express";
     const params = new URLSearchParams();
@@ -74,13 +74,13 @@ describe("nvd", () => {
         path: `${new URL(nvd.ROOT_API).pathname}?${queryString}`,
         method: "GET"
       })
-      .reply(200, expectedResponse, kHttpClientHeaders);
+      .reply(200, expectedResponse, HTTP_CLIENT_HEADERS);
 
     const vulns = await nvd.findOneBySpec(`${packageName}@1.0.0`);
     assert.deepStrictEqual(vulns, expectedResponse.vulnerabilities);
   });
 
-  test(`should send multiple GET http requests to the NVD API using findMany`, async() => {
+  test("should send multiple GET http requests to the NVD API using findMany", async() => {
     const expectedResponse = { vulnerabilities: ["cve-data-1", "cve-data-2"] };
 
     const paramsFirst = new URLSearchParams();
@@ -96,14 +96,14 @@ describe("nvd", () => {
         path: `${new URL(nvd.ROOT_API).pathname}?${queryStringFirst}`,
         method: "GET"
       })
-      .reply(200, expectedResponse, kHttpClientHeaders);
+      .reply(200, expectedResponse, HTTP_CLIENT_HEADERS);
 
     mockedHttpClient
       .intercept({
         path: `${new URL(nvd.ROOT_API).pathname}?${queryStringSecond}`,
         method: "GET"
       })
-      .reply(200, expectedResponse, kHttpClientHeaders);
+      .reply(200, expectedResponse, HTTP_CLIENT_HEADERS);
 
     const result = await nvd.findMany(
       ["foobar", "yoobar"]
@@ -115,7 +115,7 @@ describe("nvd", () => {
     });
   });
 
-  test(`should handle empty response from NVD API`, async() => {
+  test("should handle empty response from NVD API", async() => {
     const emptyResponse = {};
 
     const params = new URLSearchParams();
@@ -127,7 +127,7 @@ describe("nvd", () => {
         path: `${new URL(nvd.ROOT_API).pathname}?${queryString}`,
         method: "GET"
       })
-      .reply(200, emptyResponse, kHttpClientHeaders);
+      .reply(200, emptyResponse, HTTP_CLIENT_HEADERS);
 
     const vulns = await nvd.findOne({
       packageName: "nonexistent",
diff --git a/test/database/osv.unit.spec.ts b/test/database/osv.unit.spec.ts
@@ -4,7 +4,7 @@ import assert from "node:assert";
 
 // Import Internal Dependencies
 import {
-  kHttpClientHeaders,
+  HTTP_CLIENT_HEADERS,
   setupHttpAgentMock
 } from "../strategies/utils";
 import { osv } from "../../src/database/index";
@@ -26,7 +26,7 @@ describe("osv", () => {
         method: "POST",
         body: JSON.stringify({ package: { name: "foobar", ecosystem: "npm" } })
       })
-      .reply(200, expectedResponse, kHttpClientHeaders);
+      .reply(200, expectedResponse, HTTP_CLIENT_HEADERS);
 
     const vulns = await osv.findOne({
       package: {
@@ -51,21 +51,21 @@ describe("osv", () => {
           package: { name: packageName, ecosystem: "npm" }
         })
       })
-      .reply(200, expectedResponse, kHttpClientHeaders);
+      .reply(200, expectedResponse, HTTP_CLIENT_HEADERS);
 
     const vulns = await osv.findOneBySpec(`${packageName}@2.0.0`);
     assert.strictEqual(vulns, expectedResponse.vulns);
   });
 
-  test(`should send multiple POST http requests to the OSV API using findMany`, async() => {
+  test("should send multiple POST http requests to the OSV API using findMany", async() => {
     const expectedResponse = { vulns: [1, 2, 3] };
 
     mockedHttpClient
       .intercept({
         path: new URL("/v1/query", osv.ROOT_API).href,
         method: "POST"
       })
-      .reply(200, expectedResponse, kHttpClientHeaders)
+      .reply(200, expectedResponse, HTTP_CLIENT_HEADERS)
       .times(2);
 
     const result = await osv.findMany(
diff --git a/test/database/snyk.unit.spec.ts b/test/database/snyk.unit.spec.ts
@@ -3,7 +3,7 @@ import { describe, test, after } from "node:test";
 import assert from "node:assert";
 
 // Import Internal Dependencies
-import { kHttpClientHeaders, setupHttpAgentMock } from "../strategies/utils";
+import { HTTP_CLIENT_HEADERS, setupHttpAgentMock } from "../strategies/utils";
 import { snyk } from "../../src/database";
 import { SNYK_ORG } from "../../src/constants";
 
@@ -15,7 +15,7 @@ describe("snyk", () => {
     restoreHttpAgent();
   });
 
-  test(`should send a POST http request to the Snyk API using findOne and then return the SnykAuditResponse`, async() => {
+  test("should send a POST http request to the Snyk API using findOne and then return the SnykAuditResponse", async() => {
     const expectedResponse = { issues: "some issues data" };
     const targetFile = "some target file content";
     const additionalFile = "some additional file content";
@@ -31,7 +31,7 @@ describe("snyk", () => {
           }
         })
       })
-      .reply(200, expectedResponse, kHttpClientHeaders);
+      .reply(200, expectedResponse, HTTP_CLIENT_HEADERS);
 
     const data = await snyk.findOne({
       files: {
@@ -43,7 +43,7 @@ describe("snyk", () => {
     assert.deepStrictEqual(data, expectedResponse);
   });
 
-  test(`should send a POST http request to the Snyk API using findOne without additional files`, async() => {
+  test("should send a POST http request to the Snyk API using findOne without additional files", async() => {
     const expectedResponse = { issues: "some issues data" };
     const targetFile = "some target file content";
 
@@ -57,7 +57,7 @@ describe("snyk", () => {
           }
         })
       })
-      .reply(200, expectedResponse, kHttpClientHeaders);
+      .reply(200, expectedResponse, HTTP_CLIENT_HEADERS);
 
     const data = await snyk.findOne({
       files: { target: { contents: targetFile } }
diff --git a/test/strategies/snyk/index.unit.spec.ts b/test/strategies/snyk/index.unit.spec.ts
@@ -9,7 +9,7 @@ import fs from "node:fs/promises";
 import { SnykStrategy } from "../../../src/strategies/snyk.js";
 import {
   expectVulnToBeNodeSecureStandardCompliant,
-  kHttpClientHeaders,
+  HTTP_CLIENT_HEADERS,
   setupHttpAgentMock
 } from "../utils.js";
 
@@ -71,7 +71,7 @@ test("snyk strategy: hydratePayloadDependencies", async() => {
       path: kSnykApiPath,
       method: "POST"
     })
-    .reply(200, responseBody, kHttpClientHeaders);
+    .reply(200, responseBody, HTTP_CLIENT_HEADERS);
 
   dependencies.set("node-uuid", { vulnerabilities: [] });
 
@@ -108,7 +108,7 @@ test("snyk strategy: hydratePayloadDependencies using NodeSecure standard format
       path: kSnykApiPath,
       method: "POST"
     })
-    .reply(200, responseBody, kHttpClientHeaders);
+    .reply(200, responseBody, HTTP_CLIENT_HEADERS);
 
   dependencies.set("node-uuid", { vulnerabilities: [] });
 
diff --git a/test/strategies/sonatype/index.integration.spec.ts b/test/strategies/sonatype/index.integration.spec.ts
@@ -38,8 +38,12 @@ test("sonatype strategy: fetching a package with a vulnerability using the API",
 
   const { vulnerabilities } = dependencies.get(
     packageWithVulnerability.package
+  )!;
+  const ids = vulnerabilities.map((vuln) => vuln.id);
+  assert.deepEqual(
+    ids,
+    ["CVE-2022-31150", "CVE-2022-35948", "CVE-2023-23936", "CVE-2025-47279"]
   );
-  assert.strictEqual(vulnerabilities.length, 3);
 
   const [vulnerability] = vulnerabilities;
 
diff --git a/test/strategies/sonatype/index.unit.spec.ts b/test/strategies/sonatype/index.unit.spec.ts
@@ -8,7 +8,7 @@ import {
 } from "../../../src/strategies/sonatype.js";
 import {
   expectVulnToBeNodeSecureStandardCompliant,
-  kHttpClientHeaders,
+  HTTP_CLIENT_HEADERS,
   setupHttpAgentMock
 } from "../utils.js";
 
@@ -47,7 +47,7 @@ test("sonatype strategy: hydratePayloadDependencies", async() => {
       method: "POST",
       body: JSON.stringify({ coordinates: [kFakePackageURL] })
     })
-    .reply(200, [kSonatypeVulnComponent], kHttpClientHeaders);
+    .reply(200, [kSonatypeVulnComponent], HTTP_CLIENT_HEADERS);
 
   dependencies.set("fake-npm-package", {
     vulnerabilities: [],
@@ -92,7 +92,7 @@ test("sonatype strategy: hydratePayloadDependencies when using NodeSecure standa
       method: "POST",
       body: JSON.stringify({ coordinates: [kFakePackageURL] })
     })
-    .reply(200, [kSonatypeVulnComponent], kHttpClientHeaders);
+    .reply(200, [kSonatypeVulnComponent], HTTP_CLIENT_HEADERS);
 
   dependencies.set("fake-npm-package", {
     vulnerabilities: [],
@@ -156,7 +156,7 @@ test("sonatype strategy: fetchDataForPackageURLs with coordinates exceeding the
       path: kSonatypeApiPath,
       method: "POST"
     })
-    .reply(200, [kSonatypeVulnComponent], kHttpClientHeaders)
+    .reply(200, [kSonatypeVulnComponent], HTTP_CLIENT_HEADERS)
     .times(2);
 
   dependencies.set("fake-npm-package", fakeDependencyPayload);
diff --git a/test/strategies/utils.ts b/test/strategies/utils.ts
@@ -5,7 +5,7 @@ import assert from "node:assert";
 import * as httpie from "@myunisoft/httpie";
 
 // CONSTANTS
-export const kHttpClientHeaders = {
+export const HTTP_CLIENT_HEADERS = {
   headers: { "content-type": "application/json" }
 };
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-// Import Third-Party Dependencies`
	`1`	`+// Import Third-party Dependencies`
`2`	`2`	`import * as httpie from "@myunisoft/httpie";`
`3`	`3`
`4`	`4`	`// Import Internal Dependencies`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+// Import Internal Dependencies`
`1`	`2`	`import {`
`2`	`3`	`GitHubAdvisoryStrategy,`
`3`	`4`	`type GithubAdvisoryStrategyDefinition,`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-// Import Internal Types`
	`1`	`+// Import Internal Dependencies`
`2`	`2`	`import type { Dependencies } from "./scanner.js";`
`3`	`3`	`import type { StandardVulnerability } from "../../formats/standard/index.js";`
`4`	`4`	`import type { Kind } from "../../constants.js";`