11cb0ef41Sopenharmony_ciconst fs = require('fs') 21cb0ef41Sopenharmony_ciconst zlib = require('zlib') 31cb0ef41Sopenharmony_ciconst path = require('path') 41cb0ef41Sopenharmony_ciconst t = require('tap') 51cb0ef41Sopenharmony_ci 61cb0ef41Sopenharmony_ciconst { default: tufmock } = require('@tufjs/repo-mock') 71cb0ef41Sopenharmony_ciconst { load: loadMockNpm } = require('../../fixtures/mock-npm') 81cb0ef41Sopenharmony_ciconst MockRegistry = require('@npmcli/mock-registry') 91cb0ef41Sopenharmony_ci 101cb0ef41Sopenharmony_ciconst gunzip = zlib.gunzipSync 111cb0ef41Sopenharmony_ciconst gzip = zlib.gzipSync 121cb0ef41Sopenharmony_ci 131cb0ef41Sopenharmony_cit.cleanSnapshot = str => str.replace(/package(s)? in [0-9]+[a-z]+/g, 'package$1 in xxx') 141cb0ef41Sopenharmony_ci 151cb0ef41Sopenharmony_ciconst tree = { 161cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 171cb0ef41Sopenharmony_ci name: 'test-dep', 181cb0ef41Sopenharmony_ci version: '1.0.0', 191cb0ef41Sopenharmony_ci dependencies: { 201cb0ef41Sopenharmony_ci 'test-dep-a': '*', 211cb0ef41Sopenharmony_ci }, 221cb0ef41Sopenharmony_ci }), 231cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 241cb0ef41Sopenharmony_ci name: 'test-dep', 251cb0ef41Sopenharmony_ci version: '1.0.0', 261cb0ef41Sopenharmony_ci lockfileVersion: 2, 271cb0ef41Sopenharmony_ci requires: true, 281cb0ef41Sopenharmony_ci packages: { 291cb0ef41Sopenharmony_ci '': { 301cb0ef41Sopenharmony_ci xname: 'scratch', 311cb0ef41Sopenharmony_ci version: '1.0.0', 321cb0ef41Sopenharmony_ci dependencies: { 331cb0ef41Sopenharmony_ci 'test-dep-a': '*', 341cb0ef41Sopenharmony_ci }, 351cb0ef41Sopenharmony_ci devDependencies: {}, 361cb0ef41Sopenharmony_ci }, 371cb0ef41Sopenharmony_ci 'node_modules/test-dep-a': { 381cb0ef41Sopenharmony_ci name: 'test-dep-a', 391cb0ef41Sopenharmony_ci version: '1.0.0', 401cb0ef41Sopenharmony_ci }, 411cb0ef41Sopenharmony_ci }, 421cb0ef41Sopenharmony_ci dependencies: { 431cb0ef41Sopenharmony_ci 'test-dep-a': { 441cb0ef41Sopenharmony_ci version: '1.0.0', 451cb0ef41Sopenharmony_ci }, 461cb0ef41Sopenharmony_ci }, 471cb0ef41Sopenharmony_ci }), 481cb0ef41Sopenharmony_ci 'test-dep-a-vuln': { 491cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 501cb0ef41Sopenharmony_ci name: 'test-dep-a', 511cb0ef41Sopenharmony_ci version: '1.0.0', 521cb0ef41Sopenharmony_ci }), 531cb0ef41Sopenharmony_ci 'vulnerable.txt': 'vulnerable test-dep-a', 541cb0ef41Sopenharmony_ci }, 551cb0ef41Sopenharmony_ci 'test-dep-a-fixed': { 561cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 571cb0ef41Sopenharmony_ci name: 'test-dep-a', 581cb0ef41Sopenharmony_ci version: '1.0.1', 591cb0ef41Sopenharmony_ci }), 601cb0ef41Sopenharmony_ci 'fixed.txt': 'fixed test-dep-a', 611cb0ef41Sopenharmony_ci }, 621cb0ef41Sopenharmony_ci} 631cb0ef41Sopenharmony_ci 641cb0ef41Sopenharmony_cit.test('normal audit', async t => { 651cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 661cb0ef41Sopenharmony_ci prefixDir: tree, 671cb0ef41Sopenharmony_ci }) 681cb0ef41Sopenharmony_ci const registry = new MockRegistry({ 691cb0ef41Sopenharmony_ci tap: t, 701cb0ef41Sopenharmony_ci registry: npm.config.get('registry'), 711cb0ef41Sopenharmony_ci }) 721cb0ef41Sopenharmony_ci 731cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 741cb0ef41Sopenharmony_ci name: 'test-dep-a', 751cb0ef41Sopenharmony_ci packuments: [{ version: '1.0.0' }, { version: '1.0.1' }], 761cb0ef41Sopenharmony_ci }) 771cb0ef41Sopenharmony_ci await registry.package({ manifest }) 781cb0ef41Sopenharmony_ci const advisory = registry.advisory({ 791cb0ef41Sopenharmony_ci id: 100, 801cb0ef41Sopenharmony_ci vulnerable_versions: '<1.0.1', 811cb0ef41Sopenharmony_ci }) 821cb0ef41Sopenharmony_ci const bulkBody = gzip(JSON.stringify({ 'test-dep-a': ['1.0.0'] })) 831cb0ef41Sopenharmony_ci registry.nock.post('/-/npm/v1/security/advisories/bulk', bulkBody) 841cb0ef41Sopenharmony_ci .reply(200, { 851cb0ef41Sopenharmony_ci 'test-dep-a': [advisory], 861cb0ef41Sopenharmony_ci }) 871cb0ef41Sopenharmony_ci 881cb0ef41Sopenharmony_ci await npm.exec('audit', []) 891cb0ef41Sopenharmony_ci t.ok(process.exitCode, 'would have exited uncleanly') 901cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 911cb0ef41Sopenharmony_ci}) 921cb0ef41Sopenharmony_ci 931cb0ef41Sopenharmony_cit.test('fallback audit ', async t => { 941cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 951cb0ef41Sopenharmony_ci prefixDir: tree, 961cb0ef41Sopenharmony_ci }) 971cb0ef41Sopenharmony_ci const registry = new MockRegistry({ 981cb0ef41Sopenharmony_ci tap: t, 991cb0ef41Sopenharmony_ci registry: npm.config.get('registry'), 1001cb0ef41Sopenharmony_ci }) 1011cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 1021cb0ef41Sopenharmony_ci name: 'test-dep-a', 1031cb0ef41Sopenharmony_ci packuments: [{ version: '1.0.0' }, { version: '1.0.1' }], 1041cb0ef41Sopenharmony_ci }) 1051cb0ef41Sopenharmony_ci await registry.package({ manifest }) 1061cb0ef41Sopenharmony_ci const advisory = registry.advisory({ 1071cb0ef41Sopenharmony_ci id: 100, 1081cb0ef41Sopenharmony_ci module_name: 'test-dep-a', 1091cb0ef41Sopenharmony_ci vulnerable_versions: '<1.0.1', 1101cb0ef41Sopenharmony_ci findings: [{ version: '1.0.0', paths: ['test-dep-a'] }], 1111cb0ef41Sopenharmony_ci }) 1121cb0ef41Sopenharmony_ci registry.nock 1131cb0ef41Sopenharmony_ci .post('/-/npm/v1/security/advisories/bulk').reply(404) 1141cb0ef41Sopenharmony_ci .post('/-/npm/v1/security/audits/quick', body => { 1151cb0ef41Sopenharmony_ci const unzipped = JSON.parse(gunzip(Buffer.from(body, 'hex'))) 1161cb0ef41Sopenharmony_ci return t.match(unzipped, { 1171cb0ef41Sopenharmony_ci name: 'test-dep', 1181cb0ef41Sopenharmony_ci version: '1.0.0', 1191cb0ef41Sopenharmony_ci requires: { 'test-dep-a': '*' }, 1201cb0ef41Sopenharmony_ci dependencies: { 'test-dep-a': { version: '1.0.0' } }, 1211cb0ef41Sopenharmony_ci }) 1221cb0ef41Sopenharmony_ci }).reply(200, { 1231cb0ef41Sopenharmony_ci actions: [], 1241cb0ef41Sopenharmony_ci muted: [], 1251cb0ef41Sopenharmony_ci advisories: { 1261cb0ef41Sopenharmony_ci 100: advisory, 1271cb0ef41Sopenharmony_ci }, 1281cb0ef41Sopenharmony_ci metadata: { 1291cb0ef41Sopenharmony_ci vulnerabilities: { info: 0, low: 0, moderate: 0, high: 1, critical: 0 }, 1301cb0ef41Sopenharmony_ci dependencies: 1, 1311cb0ef41Sopenharmony_ci devDependencies: 0, 1321cb0ef41Sopenharmony_ci optionalDependencies: 0, 1331cb0ef41Sopenharmony_ci totalDependencies: 1, 1341cb0ef41Sopenharmony_ci }, 1351cb0ef41Sopenharmony_ci }) 1361cb0ef41Sopenharmony_ci await npm.exec('audit', []) 1371cb0ef41Sopenharmony_ci t.ok(process.exitCode, 'would have exited uncleanly') 1381cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 1391cb0ef41Sopenharmony_ci}) 1401cb0ef41Sopenharmony_ci 1411cb0ef41Sopenharmony_cit.test('json audit', async t => { 1421cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 1431cb0ef41Sopenharmony_ci prefixDir: tree, 1441cb0ef41Sopenharmony_ci config: { 1451cb0ef41Sopenharmony_ci json: true, 1461cb0ef41Sopenharmony_ci }, 1471cb0ef41Sopenharmony_ci }) 1481cb0ef41Sopenharmony_ci const registry = new MockRegistry({ 1491cb0ef41Sopenharmony_ci tap: t, 1501cb0ef41Sopenharmony_ci registry: npm.config.get('registry'), 1511cb0ef41Sopenharmony_ci }) 1521cb0ef41Sopenharmony_ci 1531cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 1541cb0ef41Sopenharmony_ci name: 'test-dep-a', 1551cb0ef41Sopenharmony_ci packuments: [{ version: '1.0.0' }, { version: '1.0.1' }], 1561cb0ef41Sopenharmony_ci }) 1571cb0ef41Sopenharmony_ci await registry.package({ manifest }) 1581cb0ef41Sopenharmony_ci const advisory = registry.advisory({ id: 100 }) 1591cb0ef41Sopenharmony_ci const bulkBody = gzip(JSON.stringify({ 'test-dep-a': ['1.0.0'] })) 1601cb0ef41Sopenharmony_ci registry.nock.post('/-/npm/v1/security/advisories/bulk', bulkBody) 1611cb0ef41Sopenharmony_ci .reply(200, { 1621cb0ef41Sopenharmony_ci 'test-dep-a': [advisory], 1631cb0ef41Sopenharmony_ci }) 1641cb0ef41Sopenharmony_ci 1651cb0ef41Sopenharmony_ci await npm.exec('audit', []) 1661cb0ef41Sopenharmony_ci t.ok(process.exitCode, 'would have exited uncleanly') 1671cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 1681cb0ef41Sopenharmony_ci}) 1691cb0ef41Sopenharmony_ci 1701cb0ef41Sopenharmony_cit.test('audit fix - bulk endpoint', async t => { 1711cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 1721cb0ef41Sopenharmony_ci prefixDir: tree, 1731cb0ef41Sopenharmony_ci }) 1741cb0ef41Sopenharmony_ci const registry = new MockRegistry({ 1751cb0ef41Sopenharmony_ci tap: t, 1761cb0ef41Sopenharmony_ci registry: npm.config.get('registry'), 1771cb0ef41Sopenharmony_ci }) 1781cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 1791cb0ef41Sopenharmony_ci name: 'test-dep-a', 1801cb0ef41Sopenharmony_ci packuments: [{ version: '1.0.0' }, { version: '1.0.1' }], 1811cb0ef41Sopenharmony_ci }) 1821cb0ef41Sopenharmony_ci await registry.package({ 1831cb0ef41Sopenharmony_ci manifest, 1841cb0ef41Sopenharmony_ci tarballs: { 1851cb0ef41Sopenharmony_ci '1.0.1': path.join(npm.prefix, 'test-dep-a-fixed'), 1861cb0ef41Sopenharmony_ci }, 1871cb0ef41Sopenharmony_ci }) 1881cb0ef41Sopenharmony_ci const advisory = registry.advisory({ id: 100, vulnerable_versions: '1.0.0' }) 1891cb0ef41Sopenharmony_ci registry.nock.post('/-/npm/v1/security/advisories/bulk', body => { 1901cb0ef41Sopenharmony_ci const unzipped = JSON.parse(gunzip(Buffer.from(body, 'hex'))) 1911cb0ef41Sopenharmony_ci return t.same(unzipped, { 'test-dep-a': ['1.0.0'] }) 1921cb0ef41Sopenharmony_ci }) 1931cb0ef41Sopenharmony_ci .reply(200, { // first audit 1941cb0ef41Sopenharmony_ci 'test-dep-a': [advisory], 1951cb0ef41Sopenharmony_ci }) 1961cb0ef41Sopenharmony_ci .post('/-/npm/v1/security/advisories/bulk', body => { 1971cb0ef41Sopenharmony_ci const unzipped = JSON.parse(gunzip(Buffer.from(body, 'hex'))) 1981cb0ef41Sopenharmony_ci return t.same(unzipped, { 'test-dep-a': ['1.0.1'] }) 1991cb0ef41Sopenharmony_ci }) 2001cb0ef41Sopenharmony_ci .reply(200, { // after fix 2011cb0ef41Sopenharmony_ci 'test-dep-a': [], 2021cb0ef41Sopenharmony_ci }) 2031cb0ef41Sopenharmony_ci await npm.exec('audit', ['fix']) 2041cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 2051cb0ef41Sopenharmony_ci const pkg = fs.readFileSync(path.join(npm.prefix, 'package-lock.json'), 'utf8') 2061cb0ef41Sopenharmony_ci t.matchSnapshot(pkg, 'lockfile has test-dep-a@1.0.1') 2071cb0ef41Sopenharmony_ci t.ok( 2081cb0ef41Sopenharmony_ci fs.existsSync(path.join(npm.prefix, 'node_modules', 'test-dep-a', 'fixed.txt')), 2091cb0ef41Sopenharmony_ci 'has test-dep-a@1.0.1 on disk' 2101cb0ef41Sopenharmony_ci ) 2111cb0ef41Sopenharmony_ci}) 2121cb0ef41Sopenharmony_ci 2131cb0ef41Sopenharmony_cit.test('audit fix no package lock', async t => { 2141cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 2151cb0ef41Sopenharmony_ci config: { 2161cb0ef41Sopenharmony_ci 'package-lock': false, 2171cb0ef41Sopenharmony_ci }, 2181cb0ef41Sopenharmony_ci }) 2191cb0ef41Sopenharmony_ci await t.rejects( 2201cb0ef41Sopenharmony_ci npm.exec('audit', ['fix']), 2211cb0ef41Sopenharmony_ci { code: 'EUSAGE' } 2221cb0ef41Sopenharmony_ci ) 2231cb0ef41Sopenharmony_ci}) 2241cb0ef41Sopenharmony_ci 2251cb0ef41Sopenharmony_cit.test('completion', async t => { 2261cb0ef41Sopenharmony_ci const { audit } = await loadMockNpm(t, { command: 'audit' }) 2271cb0ef41Sopenharmony_ci t.test('fix', async t => { 2281cb0ef41Sopenharmony_ci await t.resolveMatch( 2291cb0ef41Sopenharmony_ci audit.completion({ conf: { argv: { remain: ['npm', 'audit'] } } }), 2301cb0ef41Sopenharmony_ci ['fix'], 2311cb0ef41Sopenharmony_ci 'completes to fix' 2321cb0ef41Sopenharmony_ci ) 2331cb0ef41Sopenharmony_ci }) 2341cb0ef41Sopenharmony_ci 2351cb0ef41Sopenharmony_ci t.test('subcommand fix', async t => { 2361cb0ef41Sopenharmony_ci await t.resolveMatch( 2371cb0ef41Sopenharmony_ci audit.completion({ conf: { argv: { remain: ['npm', 'audit', 'fix'] } } }), 2381cb0ef41Sopenharmony_ci [], 2391cb0ef41Sopenharmony_ci 'resolves to ?' 2401cb0ef41Sopenharmony_ci ) 2411cb0ef41Sopenharmony_ci }) 2421cb0ef41Sopenharmony_ci 2431cb0ef41Sopenharmony_ci t.test('subcommand not recognized', async t => { 2441cb0ef41Sopenharmony_ci await t.rejects(audit.completion({ conf: { argv: { remain: ['npm', 'audit', 'repare'] } } }), { 2451cb0ef41Sopenharmony_ci message: 'repare not recognized', 2461cb0ef41Sopenharmony_ci }) 2471cb0ef41Sopenharmony_ci }) 2481cb0ef41Sopenharmony_ci}) 2491cb0ef41Sopenharmony_ci 2501cb0ef41Sopenharmony_cit.test('audit signatures', async t => { 2511cb0ef41Sopenharmony_ci const VALID_REGISTRY_KEYS = { 2521cb0ef41Sopenharmony_ci keys: [{ 2531cb0ef41Sopenharmony_ci expires: null, 2541cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 2551cb0ef41Sopenharmony_ci keytype: 'ecdsa-sha2-nistp256', 2561cb0ef41Sopenharmony_ci scheme: 'ecdsa-sha2-nistp256', 2571cb0ef41Sopenharmony_ci key: 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i6UPp+' + 2581cb0ef41Sopenharmony_ci 'IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg==', 2591cb0ef41Sopenharmony_ci }], 2601cb0ef41Sopenharmony_ci } 2611cb0ef41Sopenharmony_ci 2621cb0ef41Sopenharmony_ci const TUF_VALID_REGISTRY_KEYS = { 2631cb0ef41Sopenharmony_ci keys: [{ 2641cb0ef41Sopenharmony_ci keyId: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 2651cb0ef41Sopenharmony_ci keyUsage: 'npm:signatures', 2661cb0ef41Sopenharmony_ci publicKey: { 2671cb0ef41Sopenharmony_ci rawBytes: 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i6UPp+' + 2681cb0ef41Sopenharmony_ci 'IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg==', 2691cb0ef41Sopenharmony_ci keyDetails: 'PKIX_ECDSA_P256_SHA_256', 2701cb0ef41Sopenharmony_ci validFor: { 2711cb0ef41Sopenharmony_ci start: '1999-01-01T00:00:00.000Z', 2721cb0ef41Sopenharmony_ci }, 2731cb0ef41Sopenharmony_ci }, 2741cb0ef41Sopenharmony_ci }], 2751cb0ef41Sopenharmony_ci } 2761cb0ef41Sopenharmony_ci 2771cb0ef41Sopenharmony_ci const TUF_MISMATCHING_REGISTRY_KEYS = { 2781cb0ef41Sopenharmony_ci keys: [{ 2791cb0ef41Sopenharmony_ci keyId: 'SHA256:2l3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 2801cb0ef41Sopenharmony_ci keyUsage: 'npm:signatures', 2811cb0ef41Sopenharmony_ci publicKey: { 2821cb0ef41Sopenharmony_ci rawBytes: 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i6UPp+' + 2831cb0ef41Sopenharmony_ci 'IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg==', 2841cb0ef41Sopenharmony_ci keyDetails: 'PKIX_ECDSA_P256_SHA_256', 2851cb0ef41Sopenharmony_ci validFor: { 2861cb0ef41Sopenharmony_ci start: '1999-01-01T00:00:00.000Z', 2871cb0ef41Sopenharmony_ci }, 2881cb0ef41Sopenharmony_ci }, 2891cb0ef41Sopenharmony_ci }], 2901cb0ef41Sopenharmony_ci } 2911cb0ef41Sopenharmony_ci 2921cb0ef41Sopenharmony_ci const TUF_EXPIRED_REGISTRY_KEYS = { 2931cb0ef41Sopenharmony_ci keys: [{ 2941cb0ef41Sopenharmony_ci keyId: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 2951cb0ef41Sopenharmony_ci keyUsage: 'npm:signatures', 2961cb0ef41Sopenharmony_ci publicKey: { 2971cb0ef41Sopenharmony_ci rawBytes: 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i6UPp+' + 2981cb0ef41Sopenharmony_ci 'IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg==', 2991cb0ef41Sopenharmony_ci keyDetails: 'PKIX_ECDSA_P256_SHA_256', 3001cb0ef41Sopenharmony_ci validFor: { 3011cb0ef41Sopenharmony_ci start: '1999-01-01T00:00:00.000Z', 3021cb0ef41Sopenharmony_ci end: '2021-01-11T15:45:42.144Z', 3031cb0ef41Sopenharmony_ci }, 3041cb0ef41Sopenharmony_ci }, 3051cb0ef41Sopenharmony_ci }], 3061cb0ef41Sopenharmony_ci } 3071cb0ef41Sopenharmony_ci 3081cb0ef41Sopenharmony_ci const TUF_VALID_KEYS_TARGET = { 3091cb0ef41Sopenharmony_ci name: 'registry.npmjs.org/keys.json', 3101cb0ef41Sopenharmony_ci content: JSON.stringify(TUF_VALID_REGISTRY_KEYS), 3111cb0ef41Sopenharmony_ci } 3121cb0ef41Sopenharmony_ci 3131cb0ef41Sopenharmony_ci const TUF_MISMATCHING_KEYS_TARGET = { 3141cb0ef41Sopenharmony_ci name: 'registry.npmjs.org/keys.json', 3151cb0ef41Sopenharmony_ci content: JSON.stringify(TUF_MISMATCHING_REGISTRY_KEYS), 3161cb0ef41Sopenharmony_ci } 3171cb0ef41Sopenharmony_ci 3181cb0ef41Sopenharmony_ci const TUF_EXPIRED_KEYS_TARGET = { 3191cb0ef41Sopenharmony_ci name: 'registry.npmjs.org/keys.json', 3201cb0ef41Sopenharmony_ci content: JSON.stringify(TUF_EXPIRED_REGISTRY_KEYS), 3211cb0ef41Sopenharmony_ci } 3221cb0ef41Sopenharmony_ci 3231cb0ef41Sopenharmony_ci const TUF_TARGET_NOT_FOUND = [] 3241cb0ef41Sopenharmony_ci 3251cb0ef41Sopenharmony_ci const installWithValidSigs = { 3261cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 3271cb0ef41Sopenharmony_ci name: 'test-dep', 3281cb0ef41Sopenharmony_ci version: '1.0.0', 3291cb0ef41Sopenharmony_ci dependencies: { 3301cb0ef41Sopenharmony_ci 'kms-demo': '1.0.0', 3311cb0ef41Sopenharmony_ci }, 3321cb0ef41Sopenharmony_ci }), 3331cb0ef41Sopenharmony_ci node_modules: { 3341cb0ef41Sopenharmony_ci 'kms-demo': { 3351cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 3361cb0ef41Sopenharmony_ci name: 'kms-demo', 3371cb0ef41Sopenharmony_ci version: '1.0.0', 3381cb0ef41Sopenharmony_ci }), 3391cb0ef41Sopenharmony_ci }, 3401cb0ef41Sopenharmony_ci }, 3411cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 3421cb0ef41Sopenharmony_ci name: 'test-dep', 3431cb0ef41Sopenharmony_ci version: '1.0.0', 3441cb0ef41Sopenharmony_ci lockfileVersion: 2, 3451cb0ef41Sopenharmony_ci requires: true, 3461cb0ef41Sopenharmony_ci packages: { 3471cb0ef41Sopenharmony_ci '': { 3481cb0ef41Sopenharmony_ci name: 'scratch', 3491cb0ef41Sopenharmony_ci version: '1.0.0', 3501cb0ef41Sopenharmony_ci dependencies: { 3511cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 3521cb0ef41Sopenharmony_ci }, 3531cb0ef41Sopenharmony_ci }, 3541cb0ef41Sopenharmony_ci 'node_modules/kms-demo': { 3551cb0ef41Sopenharmony_ci version: '1.0.0', 3561cb0ef41Sopenharmony_ci }, 3571cb0ef41Sopenharmony_ci }, 3581cb0ef41Sopenharmony_ci dependencies: { 3591cb0ef41Sopenharmony_ci 'kms-demo': { 3601cb0ef41Sopenharmony_ci version: '1.0.0', 3611cb0ef41Sopenharmony_ci }, 3621cb0ef41Sopenharmony_ci }, 3631cb0ef41Sopenharmony_ci }), 3641cb0ef41Sopenharmony_ci } 3651cb0ef41Sopenharmony_ci 3661cb0ef41Sopenharmony_ci const installWithValidAttestations = { 3671cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 3681cb0ef41Sopenharmony_ci name: 'test-dep', 3691cb0ef41Sopenharmony_ci version: '1.0.0', 3701cb0ef41Sopenharmony_ci dependencies: { 3711cb0ef41Sopenharmony_ci sigstore: '1.0.0', 3721cb0ef41Sopenharmony_ci }, 3731cb0ef41Sopenharmony_ci }), 3741cb0ef41Sopenharmony_ci node_modules: { 3751cb0ef41Sopenharmony_ci sigstore: { 3761cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 3771cb0ef41Sopenharmony_ci name: 'sigstore', 3781cb0ef41Sopenharmony_ci version: '1.0.0', 3791cb0ef41Sopenharmony_ci }), 3801cb0ef41Sopenharmony_ci }, 3811cb0ef41Sopenharmony_ci }, 3821cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 3831cb0ef41Sopenharmony_ci name: 'test-dep', 3841cb0ef41Sopenharmony_ci version: '1.0.0', 3851cb0ef41Sopenharmony_ci lockfileVersion: 2, 3861cb0ef41Sopenharmony_ci requires: true, 3871cb0ef41Sopenharmony_ci packages: { 3881cb0ef41Sopenharmony_ci '': { 3891cb0ef41Sopenharmony_ci name: 'test-dep', 3901cb0ef41Sopenharmony_ci version: '1.0.0', 3911cb0ef41Sopenharmony_ci dependencies: { 3921cb0ef41Sopenharmony_ci sigstore: '^1.0.0', 3931cb0ef41Sopenharmony_ci }, 3941cb0ef41Sopenharmony_ci }, 3951cb0ef41Sopenharmony_ci 'node_modules/sigstore': { 3961cb0ef41Sopenharmony_ci version: '1.0.0', 3971cb0ef41Sopenharmony_ci }, 3981cb0ef41Sopenharmony_ci }, 3991cb0ef41Sopenharmony_ci dependencies: { 4001cb0ef41Sopenharmony_ci sigstore: { 4011cb0ef41Sopenharmony_ci version: '1.0.0', 4021cb0ef41Sopenharmony_ci }, 4031cb0ef41Sopenharmony_ci }, 4041cb0ef41Sopenharmony_ci }), 4051cb0ef41Sopenharmony_ci } 4061cb0ef41Sopenharmony_ci 4071cb0ef41Sopenharmony_ci const installWithMultipleValidAttestations = { 4081cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 4091cb0ef41Sopenharmony_ci name: 'test-dep', 4101cb0ef41Sopenharmony_ci version: '1.0.0', 4111cb0ef41Sopenharmony_ci dependencies: { 4121cb0ef41Sopenharmony_ci sigstore: '1.0.0', 4131cb0ef41Sopenharmony_ci 'tuf-js': '1.0.0', 4141cb0ef41Sopenharmony_ci }, 4151cb0ef41Sopenharmony_ci }), 4161cb0ef41Sopenharmony_ci node_modules: { 4171cb0ef41Sopenharmony_ci sigstore: { 4181cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 4191cb0ef41Sopenharmony_ci name: 'sigstore', 4201cb0ef41Sopenharmony_ci version: '1.0.0', 4211cb0ef41Sopenharmony_ci }), 4221cb0ef41Sopenharmony_ci }, 4231cb0ef41Sopenharmony_ci 'tuf-js': { 4241cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 4251cb0ef41Sopenharmony_ci name: 'tuf-js', 4261cb0ef41Sopenharmony_ci version: '1.0.0', 4271cb0ef41Sopenharmony_ci }), 4281cb0ef41Sopenharmony_ci }, 4291cb0ef41Sopenharmony_ci }, 4301cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 4311cb0ef41Sopenharmony_ci name: 'test-dep', 4321cb0ef41Sopenharmony_ci version: '1.0.0', 4331cb0ef41Sopenharmony_ci lockfileVersion: 2, 4341cb0ef41Sopenharmony_ci requires: true, 4351cb0ef41Sopenharmony_ci packages: { 4361cb0ef41Sopenharmony_ci '': { 4371cb0ef41Sopenharmony_ci name: 'test-dep', 4381cb0ef41Sopenharmony_ci version: '1.0.0', 4391cb0ef41Sopenharmony_ci dependencies: { 4401cb0ef41Sopenharmony_ci sigstore: '^1.0.0', 4411cb0ef41Sopenharmony_ci 'tuf-js': '^1.0.0', 4421cb0ef41Sopenharmony_ci }, 4431cb0ef41Sopenharmony_ci }, 4441cb0ef41Sopenharmony_ci 'node_modules/sigstore': { 4451cb0ef41Sopenharmony_ci version: '1.0.0', 4461cb0ef41Sopenharmony_ci }, 4471cb0ef41Sopenharmony_ci 'node_modules/tuf-js': { 4481cb0ef41Sopenharmony_ci version: '1.0.0', 4491cb0ef41Sopenharmony_ci }, 4501cb0ef41Sopenharmony_ci }, 4511cb0ef41Sopenharmony_ci dependencies: { 4521cb0ef41Sopenharmony_ci sigstore: { 4531cb0ef41Sopenharmony_ci version: '1.0.0', 4541cb0ef41Sopenharmony_ci }, 4551cb0ef41Sopenharmony_ci 'tuf-js': { 4561cb0ef41Sopenharmony_ci version: '1.0.0', 4571cb0ef41Sopenharmony_ci }, 4581cb0ef41Sopenharmony_ci }, 4591cb0ef41Sopenharmony_ci }), 4601cb0ef41Sopenharmony_ci } 4611cb0ef41Sopenharmony_ci 4621cb0ef41Sopenharmony_ci const installWithAlias = { 4631cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 4641cb0ef41Sopenharmony_ci name: 'test-dep', 4651cb0ef41Sopenharmony_ci version: '1.0.0', 4661cb0ef41Sopenharmony_ci dependencies: { 4671cb0ef41Sopenharmony_ci get: 'npm:node-fetch@^1.0.0', 4681cb0ef41Sopenharmony_ci }, 4691cb0ef41Sopenharmony_ci }), 4701cb0ef41Sopenharmony_ci node_modules: { 4711cb0ef41Sopenharmony_ci get: { 4721cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 4731cb0ef41Sopenharmony_ci name: 'node-fetch', 4741cb0ef41Sopenharmony_ci version: '1.7.1', 4751cb0ef41Sopenharmony_ci }), 4761cb0ef41Sopenharmony_ci }, 4771cb0ef41Sopenharmony_ci }, 4781cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 4791cb0ef41Sopenharmony_ci name: 'test-dep', 4801cb0ef41Sopenharmony_ci version: '1.0.0', 4811cb0ef41Sopenharmony_ci lockfileVersion: 2, 4821cb0ef41Sopenharmony_ci requires: true, 4831cb0ef41Sopenharmony_ci packages: { 4841cb0ef41Sopenharmony_ci '': { 4851cb0ef41Sopenharmony_ci name: 'test-dep', 4861cb0ef41Sopenharmony_ci version: '1.0.0', 4871cb0ef41Sopenharmony_ci dependencies: { 4881cb0ef41Sopenharmony_ci get: 'npm:node-fetch@^1.0.0', 4891cb0ef41Sopenharmony_ci }, 4901cb0ef41Sopenharmony_ci }, 4911cb0ef41Sopenharmony_ci 'node_modules/demo': { 4921cb0ef41Sopenharmony_ci name: 'node-fetch', 4931cb0ef41Sopenharmony_ci version: '1.7.1', 4941cb0ef41Sopenharmony_ci }, 4951cb0ef41Sopenharmony_ci }, 4961cb0ef41Sopenharmony_ci dependencies: { 4971cb0ef41Sopenharmony_ci get: { 4981cb0ef41Sopenharmony_ci version: 'npm:node-fetch@1.7.1', 4991cb0ef41Sopenharmony_ci }, 5001cb0ef41Sopenharmony_ci }, 5011cb0ef41Sopenharmony_ci }), 5021cb0ef41Sopenharmony_ci } 5031cb0ef41Sopenharmony_ci 5041cb0ef41Sopenharmony_ci const noInstall = { 5051cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 5061cb0ef41Sopenharmony_ci name: 'test-dep', 5071cb0ef41Sopenharmony_ci version: '1.0.0', 5081cb0ef41Sopenharmony_ci dependencies: { 5091cb0ef41Sopenharmony_ci 'kms-demo': '1.0.0', 5101cb0ef41Sopenharmony_ci }, 5111cb0ef41Sopenharmony_ci }), 5121cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 5131cb0ef41Sopenharmony_ci name: 'test-dep', 5141cb0ef41Sopenharmony_ci version: '1.0.0', 5151cb0ef41Sopenharmony_ci lockfileVersion: 2, 5161cb0ef41Sopenharmony_ci requires: true, 5171cb0ef41Sopenharmony_ci packages: { 5181cb0ef41Sopenharmony_ci '': { 5191cb0ef41Sopenharmony_ci name: 'scratch', 5201cb0ef41Sopenharmony_ci version: '1.0.0', 5211cb0ef41Sopenharmony_ci dependencies: { 5221cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 5231cb0ef41Sopenharmony_ci }, 5241cb0ef41Sopenharmony_ci }, 5251cb0ef41Sopenharmony_ci 'node_modules/kms-demo': { 5261cb0ef41Sopenharmony_ci version: '1.0.0', 5271cb0ef41Sopenharmony_ci }, 5281cb0ef41Sopenharmony_ci }, 5291cb0ef41Sopenharmony_ci dependencies: { 5301cb0ef41Sopenharmony_ci 'kms-demo': { 5311cb0ef41Sopenharmony_ci version: '1.0.0', 5321cb0ef41Sopenharmony_ci }, 5331cb0ef41Sopenharmony_ci }, 5341cb0ef41Sopenharmony_ci }), 5351cb0ef41Sopenharmony_ci } 5361cb0ef41Sopenharmony_ci 5371cb0ef41Sopenharmony_ci const workspaceInstall = { 5381cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 5391cb0ef41Sopenharmony_ci name: 'workspaces-project', 5401cb0ef41Sopenharmony_ci version: '1.0.0', 5411cb0ef41Sopenharmony_ci workspaces: ['packages/*'], 5421cb0ef41Sopenharmony_ci dependencies: { 5431cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 5441cb0ef41Sopenharmony_ci }, 5451cb0ef41Sopenharmony_ci }), 5461cb0ef41Sopenharmony_ci node_modules: { 5471cb0ef41Sopenharmony_ci a: t.fixture('symlink', '../packages/a'), 5481cb0ef41Sopenharmony_ci b: t.fixture('symlink', '../packages/b'), 5491cb0ef41Sopenharmony_ci c: t.fixture('symlink', '../packages/c'), 5501cb0ef41Sopenharmony_ci 'kms-demo': { 5511cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 5521cb0ef41Sopenharmony_ci name: 'kms-demo', 5531cb0ef41Sopenharmony_ci version: '1.0.0', 5541cb0ef41Sopenharmony_ci }), 5551cb0ef41Sopenharmony_ci }, 5561cb0ef41Sopenharmony_ci async: { 5571cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 5581cb0ef41Sopenharmony_ci name: 'async', 5591cb0ef41Sopenharmony_ci version: '2.5.0', 5601cb0ef41Sopenharmony_ci }), 5611cb0ef41Sopenharmony_ci }, 5621cb0ef41Sopenharmony_ci 'light-cycle': { 5631cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 5641cb0ef41Sopenharmony_ci name: 'light-cycle', 5651cb0ef41Sopenharmony_ci version: '1.4.2', 5661cb0ef41Sopenharmony_ci }), 5671cb0ef41Sopenharmony_ci }, 5681cb0ef41Sopenharmony_ci }, 5691cb0ef41Sopenharmony_ci packages: { 5701cb0ef41Sopenharmony_ci a: { 5711cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 5721cb0ef41Sopenharmony_ci name: 'a', 5731cb0ef41Sopenharmony_ci version: '1.0.0', 5741cb0ef41Sopenharmony_ci dependencies: { 5751cb0ef41Sopenharmony_ci b: '^1.0.0', 5761cb0ef41Sopenharmony_ci async: '^2.0.0', 5771cb0ef41Sopenharmony_ci }, 5781cb0ef41Sopenharmony_ci }), 5791cb0ef41Sopenharmony_ci }, 5801cb0ef41Sopenharmony_ci b: { 5811cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 5821cb0ef41Sopenharmony_ci name: 'b', 5831cb0ef41Sopenharmony_ci version: '1.0.0', 5841cb0ef41Sopenharmony_ci dependencies: { 5851cb0ef41Sopenharmony_ci 'light-cycle': '^1.0.0', 5861cb0ef41Sopenharmony_ci }, 5871cb0ef41Sopenharmony_ci }), 5881cb0ef41Sopenharmony_ci }, 5891cb0ef41Sopenharmony_ci c: { 5901cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 5911cb0ef41Sopenharmony_ci name: 'c', 5921cb0ef41Sopenharmony_ci version: '1.0.0', 5931cb0ef41Sopenharmony_ci }), 5941cb0ef41Sopenharmony_ci }, 5951cb0ef41Sopenharmony_ci }, 5961cb0ef41Sopenharmony_ci } 5971cb0ef41Sopenharmony_ci 5981cb0ef41Sopenharmony_ci const installWithMultipleDeps = { 5991cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 6001cb0ef41Sopenharmony_ci name: 'test-dep', 6011cb0ef41Sopenharmony_ci version: '1.0.0', 6021cb0ef41Sopenharmony_ci dependencies: { 6031cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 6041cb0ef41Sopenharmony_ci }, 6051cb0ef41Sopenharmony_ci devDependencies: { 6061cb0ef41Sopenharmony_ci async: '~1.1.0', 6071cb0ef41Sopenharmony_ci }, 6081cb0ef41Sopenharmony_ci }), 6091cb0ef41Sopenharmony_ci node_modules: { 6101cb0ef41Sopenharmony_ci 'kms-demo': { 6111cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 6121cb0ef41Sopenharmony_ci name: 'kms-demo', 6131cb0ef41Sopenharmony_ci version: '1.0.0', 6141cb0ef41Sopenharmony_ci }), 6151cb0ef41Sopenharmony_ci }, 6161cb0ef41Sopenharmony_ci async: { 6171cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 6181cb0ef41Sopenharmony_ci name: 'async', 6191cb0ef41Sopenharmony_ci version: '1.1.1', 6201cb0ef41Sopenharmony_ci dependencies: { 6211cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 6221cb0ef41Sopenharmony_ci }, 6231cb0ef41Sopenharmony_ci }), 6241cb0ef41Sopenharmony_ci }, 6251cb0ef41Sopenharmony_ci }, 6261cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 6271cb0ef41Sopenharmony_ci name: 'test-dep', 6281cb0ef41Sopenharmony_ci version: '1.0.0', 6291cb0ef41Sopenharmony_ci lockfileVersion: 2, 6301cb0ef41Sopenharmony_ci requires: true, 6311cb0ef41Sopenharmony_ci packages: { 6321cb0ef41Sopenharmony_ci '': { 6331cb0ef41Sopenharmony_ci name: 'scratch', 6341cb0ef41Sopenharmony_ci version: '1.0.0', 6351cb0ef41Sopenharmony_ci dependencies: { 6361cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 6371cb0ef41Sopenharmony_ci }, 6381cb0ef41Sopenharmony_ci devDependencies: { 6391cb0ef41Sopenharmony_ci async: '~1.0.0', 6401cb0ef41Sopenharmony_ci }, 6411cb0ef41Sopenharmony_ci }, 6421cb0ef41Sopenharmony_ci 'node_modules/kms-demo': { 6431cb0ef41Sopenharmony_ci version: '1.0.0', 6441cb0ef41Sopenharmony_ci }, 6451cb0ef41Sopenharmony_ci 'node_modules/async': { 6461cb0ef41Sopenharmony_ci version: '1.1.1', 6471cb0ef41Sopenharmony_ci }, 6481cb0ef41Sopenharmony_ci }, 6491cb0ef41Sopenharmony_ci dependencies: { 6501cb0ef41Sopenharmony_ci 'kms-demo': { 6511cb0ef41Sopenharmony_ci version: '1.0.0', 6521cb0ef41Sopenharmony_ci }, 6531cb0ef41Sopenharmony_ci async: { 6541cb0ef41Sopenharmony_ci version: '1.1.1', 6551cb0ef41Sopenharmony_ci dependencies: { 6561cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 6571cb0ef41Sopenharmony_ci }, 6581cb0ef41Sopenharmony_ci }, 6591cb0ef41Sopenharmony_ci }, 6601cb0ef41Sopenharmony_ci }), 6611cb0ef41Sopenharmony_ci } 6621cb0ef41Sopenharmony_ci 6631cb0ef41Sopenharmony_ci const installWithPeerDeps = { 6641cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 6651cb0ef41Sopenharmony_ci name: 'test-dep', 6661cb0ef41Sopenharmony_ci version: '1.0.0', 6671cb0ef41Sopenharmony_ci peerDependencies: { 6681cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 6691cb0ef41Sopenharmony_ci }, 6701cb0ef41Sopenharmony_ci }), 6711cb0ef41Sopenharmony_ci node_modules: { 6721cb0ef41Sopenharmony_ci 'kms-demo': { 6731cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 6741cb0ef41Sopenharmony_ci name: 'kms-demo', 6751cb0ef41Sopenharmony_ci version: '1.0.0', 6761cb0ef41Sopenharmony_ci }), 6771cb0ef41Sopenharmony_ci }, 6781cb0ef41Sopenharmony_ci }, 6791cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 6801cb0ef41Sopenharmony_ci name: 'test-dep', 6811cb0ef41Sopenharmony_ci version: '1.0.0', 6821cb0ef41Sopenharmony_ci lockfileVersion: 2, 6831cb0ef41Sopenharmony_ci requires: true, 6841cb0ef41Sopenharmony_ci packages: { 6851cb0ef41Sopenharmony_ci '': { 6861cb0ef41Sopenharmony_ci name: 'scratch', 6871cb0ef41Sopenharmony_ci version: '1.0.0', 6881cb0ef41Sopenharmony_ci peerDependencies: { 6891cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 6901cb0ef41Sopenharmony_ci }, 6911cb0ef41Sopenharmony_ci }, 6921cb0ef41Sopenharmony_ci 'node_modules/kms-demo': { 6931cb0ef41Sopenharmony_ci version: '1.0.0', 6941cb0ef41Sopenharmony_ci }, 6951cb0ef41Sopenharmony_ci }, 6961cb0ef41Sopenharmony_ci dependencies: { 6971cb0ef41Sopenharmony_ci 'kms-demo': { 6981cb0ef41Sopenharmony_ci version: '1.0.0', 6991cb0ef41Sopenharmony_ci }, 7001cb0ef41Sopenharmony_ci }, 7011cb0ef41Sopenharmony_ci }), 7021cb0ef41Sopenharmony_ci } 7031cb0ef41Sopenharmony_ci 7041cb0ef41Sopenharmony_ci const installWithOptionalDeps = { 7051cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 7061cb0ef41Sopenharmony_ci name: 'test-dep', 7071cb0ef41Sopenharmony_ci version: '1.0.0', 7081cb0ef41Sopenharmony_ci dependencies: { 7091cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 7101cb0ef41Sopenharmony_ci }, 7111cb0ef41Sopenharmony_ci optionalDependencies: { 7121cb0ef41Sopenharmony_ci lorem: '^1.0.0', 7131cb0ef41Sopenharmony_ci }, 7141cb0ef41Sopenharmony_ci }, null, 2), 7151cb0ef41Sopenharmony_ci node_modules: { 7161cb0ef41Sopenharmony_ci 'kms-demo': { 7171cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 7181cb0ef41Sopenharmony_ci name: 'kms-demo', 7191cb0ef41Sopenharmony_ci version: '1.0.0', 7201cb0ef41Sopenharmony_ci }), 7211cb0ef41Sopenharmony_ci }, 7221cb0ef41Sopenharmony_ci }, 7231cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 7241cb0ef41Sopenharmony_ci name: 'test-dep', 7251cb0ef41Sopenharmony_ci version: '1.0.0', 7261cb0ef41Sopenharmony_ci lockfileVersion: 2, 7271cb0ef41Sopenharmony_ci requires: true, 7281cb0ef41Sopenharmony_ci packages: { 7291cb0ef41Sopenharmony_ci '': { 7301cb0ef41Sopenharmony_ci name: 'scratch', 7311cb0ef41Sopenharmony_ci version: '1.0.0', 7321cb0ef41Sopenharmony_ci dependencies: { 7331cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 7341cb0ef41Sopenharmony_ci }, 7351cb0ef41Sopenharmony_ci optionalDependencies: { 7361cb0ef41Sopenharmony_ci lorem: '^1.0.0', 7371cb0ef41Sopenharmony_ci }, 7381cb0ef41Sopenharmony_ci }, 7391cb0ef41Sopenharmony_ci 'node_modules/kms-demo': { 7401cb0ef41Sopenharmony_ci version: '1.0.0', 7411cb0ef41Sopenharmony_ci }, 7421cb0ef41Sopenharmony_ci }, 7431cb0ef41Sopenharmony_ci dependencies: { 7441cb0ef41Sopenharmony_ci 'kms-demo': { 7451cb0ef41Sopenharmony_ci version: '1.0.0', 7461cb0ef41Sopenharmony_ci }, 7471cb0ef41Sopenharmony_ci }, 7481cb0ef41Sopenharmony_ci }), 7491cb0ef41Sopenharmony_ci } 7501cb0ef41Sopenharmony_ci 7511cb0ef41Sopenharmony_ci const installWithMultipleRegistries = { 7521cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 7531cb0ef41Sopenharmony_ci name: 'test-dep', 7541cb0ef41Sopenharmony_ci version: '1.0.0', 7551cb0ef41Sopenharmony_ci dependencies: { 7561cb0ef41Sopenharmony_ci '@npmcli/arborist': '^1.0.0', 7571cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 7581cb0ef41Sopenharmony_ci }, 7591cb0ef41Sopenharmony_ci }), 7601cb0ef41Sopenharmony_ci node_modules: { 7611cb0ef41Sopenharmony_ci '@npmcli/arborist': { 7621cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 7631cb0ef41Sopenharmony_ci name: '@npmcli/arborist', 7641cb0ef41Sopenharmony_ci version: '1.0.14', 7651cb0ef41Sopenharmony_ci }), 7661cb0ef41Sopenharmony_ci }, 7671cb0ef41Sopenharmony_ci 'kms-demo': { 7681cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 7691cb0ef41Sopenharmony_ci name: 'kms-demo', 7701cb0ef41Sopenharmony_ci version: '1.0.0', 7711cb0ef41Sopenharmony_ci }), 7721cb0ef41Sopenharmony_ci }, 7731cb0ef41Sopenharmony_ci }, 7741cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 7751cb0ef41Sopenharmony_ci name: 'test-dep', 7761cb0ef41Sopenharmony_ci version: '1.0.0', 7771cb0ef41Sopenharmony_ci lockfileVersion: 2, 7781cb0ef41Sopenharmony_ci requires: true, 7791cb0ef41Sopenharmony_ci packages: { 7801cb0ef41Sopenharmony_ci '': { 7811cb0ef41Sopenharmony_ci name: 'test-dep', 7821cb0ef41Sopenharmony_ci version: '1.0.0', 7831cb0ef41Sopenharmony_ci dependencies: { 7841cb0ef41Sopenharmony_ci '@npmcli/arborist': '^1.0.0', 7851cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 7861cb0ef41Sopenharmony_ci }, 7871cb0ef41Sopenharmony_ci }, 7881cb0ef41Sopenharmony_ci 'node_modules/@npmcli/arborist': { 7891cb0ef41Sopenharmony_ci version: '1.0.14', 7901cb0ef41Sopenharmony_ci }, 7911cb0ef41Sopenharmony_ci 'node_modules/kms-demo': { 7921cb0ef41Sopenharmony_ci version: '1.0.0', 7931cb0ef41Sopenharmony_ci }, 7941cb0ef41Sopenharmony_ci }, 7951cb0ef41Sopenharmony_ci dependencies: { 7961cb0ef41Sopenharmony_ci '@npmcli/arborist': { 7971cb0ef41Sopenharmony_ci version: '1.0.14', 7981cb0ef41Sopenharmony_ci }, 7991cb0ef41Sopenharmony_ci 'kms-demo': { 8001cb0ef41Sopenharmony_ci version: '1.0.0', 8011cb0ef41Sopenharmony_ci }, 8021cb0ef41Sopenharmony_ci }, 8031cb0ef41Sopenharmony_ci }), 8041cb0ef41Sopenharmony_ci } 8051cb0ef41Sopenharmony_ci 8061cb0ef41Sopenharmony_ci const installWithThirdPartyRegistry = { 8071cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 8081cb0ef41Sopenharmony_ci name: 'test-dep', 8091cb0ef41Sopenharmony_ci version: '1.0.0', 8101cb0ef41Sopenharmony_ci dependencies: { 8111cb0ef41Sopenharmony_ci '@npmcli/arborist': '^1.0.0', 8121cb0ef41Sopenharmony_ci }, 8131cb0ef41Sopenharmony_ci }), 8141cb0ef41Sopenharmony_ci node_modules: { 8151cb0ef41Sopenharmony_ci '@npmcli/arborist': { 8161cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 8171cb0ef41Sopenharmony_ci name: '@npmcli/arborist', 8181cb0ef41Sopenharmony_ci version: '1.0.14', 8191cb0ef41Sopenharmony_ci }), 8201cb0ef41Sopenharmony_ci }, 8211cb0ef41Sopenharmony_ci }, 8221cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 8231cb0ef41Sopenharmony_ci name: 'test-dep', 8241cb0ef41Sopenharmony_ci version: '1.0.0', 8251cb0ef41Sopenharmony_ci lockfileVersion: 2, 8261cb0ef41Sopenharmony_ci requires: true, 8271cb0ef41Sopenharmony_ci packages: { 8281cb0ef41Sopenharmony_ci '': { 8291cb0ef41Sopenharmony_ci name: 'test-dep', 8301cb0ef41Sopenharmony_ci version: '1.0.0', 8311cb0ef41Sopenharmony_ci dependencies: { 8321cb0ef41Sopenharmony_ci '@npmcli/arborist': '^1.0.0', 8331cb0ef41Sopenharmony_ci }, 8341cb0ef41Sopenharmony_ci }, 8351cb0ef41Sopenharmony_ci 'node_modules/@npmcli/arborist': { 8361cb0ef41Sopenharmony_ci version: '1.0.14', 8371cb0ef41Sopenharmony_ci }, 8381cb0ef41Sopenharmony_ci }, 8391cb0ef41Sopenharmony_ci dependencies: { 8401cb0ef41Sopenharmony_ci '@npmcli/arborist': { 8411cb0ef41Sopenharmony_ci version: '1.0.14', 8421cb0ef41Sopenharmony_ci }, 8431cb0ef41Sopenharmony_ci }, 8441cb0ef41Sopenharmony_ci }), 8451cb0ef41Sopenharmony_ci } 8461cb0ef41Sopenharmony_ci 8471cb0ef41Sopenharmony_ci async function manifestWithValidSigs ({ registry }) { 8481cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 8491cb0ef41Sopenharmony_ci name: 'kms-demo', 8501cb0ef41Sopenharmony_ci packuments: [{ 8511cb0ef41Sopenharmony_ci version: '1.0.0', 8521cb0ef41Sopenharmony_ci dist: { 8531cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/kms-demo/-/kms-demo-1.0.0.tgz', 8541cb0ef41Sopenharmony_ci integrity: 'sha512-QqZ7VJ/8xPkS9s2IWB7Shj3qTJdcRyeXKbPQnsZjsPEwvutGv0EGeVchPca' + 8551cb0ef41Sopenharmony_ci 'uoiDFJlGbZMFq5GDCurAGNSghJQ==', 8561cb0ef41Sopenharmony_ci signatures: [ 8571cb0ef41Sopenharmony_ci { 8581cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 8591cb0ef41Sopenharmony_ci sig: 'MEUCIDrLNspFeU5NZ6d55ycVBZIMXnPJi/XnI1Y2dlJvK8P1AiEAnXjn1IOMUd+U7YfPH' + 8601cb0ef41Sopenharmony_ci '+FNjwfLq+jCwfH8uaxocq+mpPk=', 8611cb0ef41Sopenharmony_ci }, 8621cb0ef41Sopenharmony_ci ], 8631cb0ef41Sopenharmony_ci }, 8641cb0ef41Sopenharmony_ci }], 8651cb0ef41Sopenharmony_ci }) 8661cb0ef41Sopenharmony_ci await registry.package({ manifest }) 8671cb0ef41Sopenharmony_ci } 8681cb0ef41Sopenharmony_ci 8691cb0ef41Sopenharmony_ci async function manifestWithValidAttestations ({ registry }) { 8701cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 8711cb0ef41Sopenharmony_ci name: 'sigstore', 8721cb0ef41Sopenharmony_ci packuments: [{ 8731cb0ef41Sopenharmony_ci version: '1.0.0', 8741cb0ef41Sopenharmony_ci dist: { 8751cb0ef41Sopenharmony_ci // eslint-disable-next-line max-len 8761cb0ef41Sopenharmony_ci integrity: 'sha512-e+qfbn/zf1+rCza/BhIA//Awmf0v1pa5HQS8Xk8iXrn9bgytytVLqYD0P7NSqZ6IELTgq+tcDvLPkQjNHyWLNg==', 8771cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/sigstore/-/sigstore-1.0.0.tgz', 8781cb0ef41Sopenharmony_ci // eslint-disable-next-line max-len 8791cb0ef41Sopenharmony_ci attestations: { url: 'https://registry.npmjs.org/-/npm/v1/attestations/sigstore@1.0.0', provenance: { predicateType: 'https://slsa.dev/provenance/v0.2' } }, 8801cb0ef41Sopenharmony_ci // eslint-disable-next-line max-len 8811cb0ef41Sopenharmony_ci signatures: [{ keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', sig: 'MEQCIBlpcHT68iWOpx8pJr3WUzD1EqQ7tb0CmY36ebbceR6IAiAVGRaxrFoyh0/5B7H1o4VFhfsHw9F8G+AxOZQq87q+lg==' }], 8821cb0ef41Sopenharmony_ci }, 8831cb0ef41Sopenharmony_ci }], 8841cb0ef41Sopenharmony_ci }) 8851cb0ef41Sopenharmony_ci await registry.package({ manifest }) 8861cb0ef41Sopenharmony_ci } 8871cb0ef41Sopenharmony_ci 8881cb0ef41Sopenharmony_ci async function manifestWithMultipleValidAttestations ({ registry }) { 8891cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 8901cb0ef41Sopenharmony_ci name: 'tuf-js', 8911cb0ef41Sopenharmony_ci packuments: [{ 8921cb0ef41Sopenharmony_ci version: '1.0.0', 8931cb0ef41Sopenharmony_ci dist: { 8941cb0ef41Sopenharmony_ci // eslint-disable-next-line max-len 8951cb0ef41Sopenharmony_ci integrity: 'sha512-1dxsQwESDzACJjTdYHQ4wJ1f/of7jALWKfJEHSBWUQB/5UTJUx9SW6GHXp4mZ1KvdBRJCpGjssoPFGi4hvw8/A==', 8961cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/tuf-js/-/tuf-js-1.0.0.tgz', 8971cb0ef41Sopenharmony_ci // eslint-disable-next-line max-len 8981cb0ef41Sopenharmony_ci attestations: { url: 'https://registry.npmjs.org/-/npm/v1/attestations/tuf-js@1.0.0', provenance: { predicateType: 'https://slsa.dev/provenance/v0.2' } }, 8991cb0ef41Sopenharmony_ci // eslint-disable-next-line max-len 9001cb0ef41Sopenharmony_ci signatures: [{ keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', sig: 'MEYCIQDgGQeY2QLkLuoO9YxOqFZ+a6zYuaZpXhc77kUfdCUXDQIhAJp/vV+9Xg1bfM5YlTvKIH9agUEOu5T76+tQaHY2vZyO' }], 9011cb0ef41Sopenharmony_ci }, 9021cb0ef41Sopenharmony_ci }], 9031cb0ef41Sopenharmony_ci }) 9041cb0ef41Sopenharmony_ci await registry.package({ manifest }) 9051cb0ef41Sopenharmony_ci } 9061cb0ef41Sopenharmony_ci 9071cb0ef41Sopenharmony_ci async function manifestWithInvalidSigs ({ registry, name = 'kms-demo', version = '1.0.0' }) { 9081cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 9091cb0ef41Sopenharmony_ci name, 9101cb0ef41Sopenharmony_ci packuments: [{ 9111cb0ef41Sopenharmony_ci version, 9121cb0ef41Sopenharmony_ci dist: { 9131cb0ef41Sopenharmony_ci tarball: `https://registry.npmjs.org/${name}/-/${name}-${version}.tgz`, 9141cb0ef41Sopenharmony_ci integrity: 'sha512-QqZ7VJ/8xPkS9s2IWB7Shj3qTJdcRyeXKbPQnsZjsPEwvutGv0EGeVchPca' + 9151cb0ef41Sopenharmony_ci 'uoiDFJlGbZMFq5GDCurAGNSghJQ==', 9161cb0ef41Sopenharmony_ci signatures: [ 9171cb0ef41Sopenharmony_ci { 9181cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 9191cb0ef41Sopenharmony_ci sig: 'bogus', 9201cb0ef41Sopenharmony_ci }, 9211cb0ef41Sopenharmony_ci ], 9221cb0ef41Sopenharmony_ci }, 9231cb0ef41Sopenharmony_ci }], 9241cb0ef41Sopenharmony_ci }) 9251cb0ef41Sopenharmony_ci await registry.package({ manifest }) 9261cb0ef41Sopenharmony_ci } 9271cb0ef41Sopenharmony_ci 9281cb0ef41Sopenharmony_ci async function manifestWithoutSigs ({ registry, name = 'kms-demo', version = '1.0.0' }) { 9291cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 9301cb0ef41Sopenharmony_ci name, 9311cb0ef41Sopenharmony_ci packuments: [{ 9321cb0ef41Sopenharmony_ci version, 9331cb0ef41Sopenharmony_ci }], 9341cb0ef41Sopenharmony_ci }) 9351cb0ef41Sopenharmony_ci await registry.package({ manifest }) 9361cb0ef41Sopenharmony_ci } 9371cb0ef41Sopenharmony_ci 9381cb0ef41Sopenharmony_ci function mockTUF ({ target, npm }) { 9391cb0ef41Sopenharmony_ci const opts = { 9401cb0ef41Sopenharmony_ci baseURL: 'https://tuf-repo-cdn.sigstore.dev', 9411cb0ef41Sopenharmony_ci metadataPathPrefix: '', 9421cb0ef41Sopenharmony_ci cachePath: path.join(npm.cache, '_tuf', 'tuf-repo-cdn.sigstore.dev'), 9431cb0ef41Sopenharmony_ci } 9441cb0ef41Sopenharmony_ci return tufmock(target, opts) 9451cb0ef41Sopenharmony_ci } 9461cb0ef41Sopenharmony_ci 9471cb0ef41Sopenharmony_ci t.test('with valid signatures', async t => { 9481cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 9491cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 9501cb0ef41Sopenharmony_ci }) 9511cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 9521cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 9531cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 9541cb0ef41Sopenharmony_ci 9551cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 9561cb0ef41Sopenharmony_ci 9571cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 9581cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 1 package/) 9591cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 9601cb0ef41Sopenharmony_ci }) 9611cb0ef41Sopenharmony_ci 9621cb0ef41Sopenharmony_ci t.test('with valid signatures using alias', async t => { 9631cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 9641cb0ef41Sopenharmony_ci prefixDir: installWithAlias, 9651cb0ef41Sopenharmony_ci }) 9661cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 9671cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 9681cb0ef41Sopenharmony_ci name: 'node-fetch', 9691cb0ef41Sopenharmony_ci packuments: [{ 9701cb0ef41Sopenharmony_ci version: '1.7.1', 9711cb0ef41Sopenharmony_ci dist: { 9721cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.1.tgz', 9731cb0ef41Sopenharmony_ci integrity: 'sha512-j8XsFGCLw79vWXkZtMSmmLaOk9z5SQ9bV/tkbZVCqvgwzrjAGq6' + 9741cb0ef41Sopenharmony_ci '6igobLofHtF63NvMTp2WjytpsNTGKa+XRIQ==', 9751cb0ef41Sopenharmony_ci signatures: [ 9761cb0ef41Sopenharmony_ci { 9771cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 9781cb0ef41Sopenharmony_ci sig: 'MEYCIQDEn2XrrMXlRm+wh2tOIUyb0Km3ZujfT+6Mf61OXGK9zQIhANnPauUwx3' + 9791cb0ef41Sopenharmony_ci 'N9RcQYQakDpOmLvYzNkySh7fmzmvyhk21j', 9801cb0ef41Sopenharmony_ci }, 9811cb0ef41Sopenharmony_ci ], 9821cb0ef41Sopenharmony_ci }, 9831cb0ef41Sopenharmony_ci }], 9841cb0ef41Sopenharmony_ci }) 9851cb0ef41Sopenharmony_ci await registry.package({ manifest }) 9861cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 9871cb0ef41Sopenharmony_ci 9881cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 9891cb0ef41Sopenharmony_ci 9901cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 9911cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 1 package/) 9921cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 9931cb0ef41Sopenharmony_ci }) 9941cb0ef41Sopenharmony_ci 9951cb0ef41Sopenharmony_ci t.test('with key fallback to legacy API', async t => { 9961cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 9971cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 9981cb0ef41Sopenharmony_ci }) 9991cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 10001cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 10011cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_TARGET_NOT_FOUND }) 10021cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/keys').reply(200, VALID_REGISTRY_KEYS) 10031cb0ef41Sopenharmony_ci 10041cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 10051cb0ef41Sopenharmony_ci 10061cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 10071cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 1 package/) 10081cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 10091cb0ef41Sopenharmony_ci }) 10101cb0ef41Sopenharmony_ci 10111cb0ef41Sopenharmony_ci t.test('with multiple valid signatures and one invalid', async t => { 10121cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 10131cb0ef41Sopenharmony_ci prefixDir: { 10141cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 10151cb0ef41Sopenharmony_ci name: 'test-dep', 10161cb0ef41Sopenharmony_ci version: '1.0.0', 10171cb0ef41Sopenharmony_ci dependencies: { 10181cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 10191cb0ef41Sopenharmony_ci 'node-fetch': '^1.6.0', 10201cb0ef41Sopenharmony_ci }, 10211cb0ef41Sopenharmony_ci devDependencies: { 10221cb0ef41Sopenharmony_ci async: '~2.1.0', 10231cb0ef41Sopenharmony_ci }, 10241cb0ef41Sopenharmony_ci }), 10251cb0ef41Sopenharmony_ci node_modules: { 10261cb0ef41Sopenharmony_ci 'kms-demo': { 10271cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 10281cb0ef41Sopenharmony_ci name: 'kms-demo', 10291cb0ef41Sopenharmony_ci version: '1.0.0', 10301cb0ef41Sopenharmony_ci }), 10311cb0ef41Sopenharmony_ci }, 10321cb0ef41Sopenharmony_ci async: { 10331cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 10341cb0ef41Sopenharmony_ci name: 'async', 10351cb0ef41Sopenharmony_ci version: '2.5.0', 10361cb0ef41Sopenharmony_ci }), 10371cb0ef41Sopenharmony_ci }, 10381cb0ef41Sopenharmony_ci 'node-fetch': { 10391cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 10401cb0ef41Sopenharmony_ci name: 'node-fetch', 10411cb0ef41Sopenharmony_ci version: '1.6.0', 10421cb0ef41Sopenharmony_ci }), 10431cb0ef41Sopenharmony_ci }, 10441cb0ef41Sopenharmony_ci }, 10451cb0ef41Sopenharmony_ci 'package-lock.json': JSON.stringify({ 10461cb0ef41Sopenharmony_ci name: 'test-dep', 10471cb0ef41Sopenharmony_ci version: '1.0.0', 10481cb0ef41Sopenharmony_ci lockfileVersion: 2, 10491cb0ef41Sopenharmony_ci requires: true, 10501cb0ef41Sopenharmony_ci packages: { 10511cb0ef41Sopenharmony_ci '': { 10521cb0ef41Sopenharmony_ci name: 'test-dep', 10531cb0ef41Sopenharmony_ci version: '1.0.0', 10541cb0ef41Sopenharmony_ci dependencies: { 10551cb0ef41Sopenharmony_ci 'kms-demo': '^1.0.0', 10561cb0ef41Sopenharmony_ci 'node-fetch': '^1.6.0', 10571cb0ef41Sopenharmony_ci }, 10581cb0ef41Sopenharmony_ci devDependencies: { 10591cb0ef41Sopenharmony_ci async: '~2.1.0', 10601cb0ef41Sopenharmony_ci }, 10611cb0ef41Sopenharmony_ci }, 10621cb0ef41Sopenharmony_ci 'node_modules/kms-demo': { 10631cb0ef41Sopenharmony_ci version: '1.0.0', 10641cb0ef41Sopenharmony_ci }, 10651cb0ef41Sopenharmony_ci 'node_modules/async': { 10661cb0ef41Sopenharmony_ci version: '2.5.0', 10671cb0ef41Sopenharmony_ci }, 10681cb0ef41Sopenharmony_ci 'node_modules/node-fetch': { 10691cb0ef41Sopenharmony_ci version: '1.6.0', 10701cb0ef41Sopenharmony_ci }, 10711cb0ef41Sopenharmony_ci }, 10721cb0ef41Sopenharmony_ci dependencies: { 10731cb0ef41Sopenharmony_ci 'kms-demo': { 10741cb0ef41Sopenharmony_ci version: '1.0.0', 10751cb0ef41Sopenharmony_ci }, 10761cb0ef41Sopenharmony_ci 'node-fetch': { 10771cb0ef41Sopenharmony_ci version: '1.6.0', 10781cb0ef41Sopenharmony_ci }, 10791cb0ef41Sopenharmony_ci async: { 10801cb0ef41Sopenharmony_ci version: '2.5.0', 10811cb0ef41Sopenharmony_ci }, 10821cb0ef41Sopenharmony_ci }, 10831cb0ef41Sopenharmony_ci }), 10841cb0ef41Sopenharmony_ci }, 10851cb0ef41Sopenharmony_ci }) 10861cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 10871cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 10881cb0ef41Sopenharmony_ci const asyncManifest = registry.manifest({ 10891cb0ef41Sopenharmony_ci name: 'async', 10901cb0ef41Sopenharmony_ci packuments: [{ 10911cb0ef41Sopenharmony_ci version: '2.5.0', 10921cb0ef41Sopenharmony_ci dist: { 10931cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/async/-/async-2.5.0.tgz', 10941cb0ef41Sopenharmony_ci integrity: 'sha512-e+lJAJeNWuPCNyxZKOBdaJGyLGHugXVQtrAwtuAe2vhxTYxFT' 10951cb0ef41Sopenharmony_ci + 'KE73p8JuTmdH0qdQZtDvI4dhJwjZc5zsfIsYw==', 10961cb0ef41Sopenharmony_ci signatures: [ 10971cb0ef41Sopenharmony_ci { 10981cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 10991cb0ef41Sopenharmony_ci sig: 'MEUCIQCM8cX2U3IVZKKhzQx1w5AlNSDUI+fVf4857K1qT0NTNgIgdT4qwEl' + 11001cb0ef41Sopenharmony_ci '/kg2vU1uIWUI0bGikRvVHCHlRs1rgjPMpRFA=', 11011cb0ef41Sopenharmony_ci }, 11021cb0ef41Sopenharmony_ci ], 11031cb0ef41Sopenharmony_ci }, 11041cb0ef41Sopenharmony_ci }], 11051cb0ef41Sopenharmony_ci }) 11061cb0ef41Sopenharmony_ci await registry.package({ manifest: asyncManifest }) 11071cb0ef41Sopenharmony_ci await manifestWithInvalidSigs({ registry, name: 'node-fetch', version: '1.6.0' }) 11081cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 11091cb0ef41Sopenharmony_ci 11101cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 11111cb0ef41Sopenharmony_ci 11121cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 11131cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 3 packages/) 11141cb0ef41Sopenharmony_ci t.match(joinedOutput(), /2 packages have verified registry signatures/) 11151cb0ef41Sopenharmony_ci t.match(joinedOutput(), /1 package has an invalid registry signature/) 11161cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 11171cb0ef41Sopenharmony_ci }) 11181cb0ef41Sopenharmony_ci 11191cb0ef41Sopenharmony_ci t.test('with bundled and peer deps and no signatures', async t => { 11201cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 11211cb0ef41Sopenharmony_ci prefixDir: installWithPeerDeps, 11221cb0ef41Sopenharmony_ci }) 11231cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 11241cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 11251cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 11261cb0ef41Sopenharmony_ci 11271cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 11281cb0ef41Sopenharmony_ci 11291cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 11301cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 1 package/) 11311cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 11321cb0ef41Sopenharmony_ci }) 11331cb0ef41Sopenharmony_ci 11341cb0ef41Sopenharmony_ci t.test('with invalid signatures', async t => { 11351cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 11361cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 11371cb0ef41Sopenharmony_ci }) 11381cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 11391cb0ef41Sopenharmony_ci await manifestWithInvalidSigs({ registry }) 11401cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 11411cb0ef41Sopenharmony_ci 11421cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 11431cb0ef41Sopenharmony_ci 11441cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 11451cb0ef41Sopenharmony_ci t.match(joinedOutput(), /invalid registry signature/) 11461cb0ef41Sopenharmony_ci t.match(joinedOutput(), /kms-demo@1.0.0/) 11471cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 11481cb0ef41Sopenharmony_ci }) 11491cb0ef41Sopenharmony_ci 11501cb0ef41Sopenharmony_ci t.test('with valid and missing signatures', async t => { 11511cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 11521cb0ef41Sopenharmony_ci prefixDir: installWithMultipleDeps, 11531cb0ef41Sopenharmony_ci }) 11541cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 11551cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 11561cb0ef41Sopenharmony_ci await manifestWithoutSigs({ registry, name: 'async', version: '1.1.1' }) 11571cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 11581cb0ef41Sopenharmony_ci 11591cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 11601cb0ef41Sopenharmony_ci 11611cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 11621cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 2 packages/) 11631cb0ef41Sopenharmony_ci t.match(joinedOutput(), /verified registry signature/) 11641cb0ef41Sopenharmony_ci t.match(joinedOutput(), /missing registry signature/) 11651cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 11661cb0ef41Sopenharmony_ci }) 11671cb0ef41Sopenharmony_ci 11681cb0ef41Sopenharmony_ci t.test('with both invalid and missing signatures', async t => { 11691cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 11701cb0ef41Sopenharmony_ci prefixDir: installWithMultipleDeps, 11711cb0ef41Sopenharmony_ci }) 11721cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 11731cb0ef41Sopenharmony_ci await manifestWithInvalidSigs({ registry }) 11741cb0ef41Sopenharmony_ci await manifestWithoutSigs({ registry, name: 'async', version: '1.1.1' }) 11751cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 11761cb0ef41Sopenharmony_ci 11771cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 11781cb0ef41Sopenharmony_ci 11791cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 11801cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 2 packages/) 11811cb0ef41Sopenharmony_ci t.match(joinedOutput(), /invalid/) 11821cb0ef41Sopenharmony_ci t.match(joinedOutput(), /missing/) 11831cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 11841cb0ef41Sopenharmony_ci }) 11851cb0ef41Sopenharmony_ci 11861cb0ef41Sopenharmony_ci t.test('with multiple invalid signatures', async t => { 11871cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 11881cb0ef41Sopenharmony_ci prefixDir: installWithMultipleDeps, 11891cb0ef41Sopenharmony_ci }) 11901cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 11911cb0ef41Sopenharmony_ci await manifestWithInvalidSigs({ registry, name: 'kms-demo', version: '1.0.0' }) 11921cb0ef41Sopenharmony_ci await manifestWithInvalidSigs({ registry, name: 'async', version: '1.1.1' }) 11931cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 11941cb0ef41Sopenharmony_ci 11951cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 11961cb0ef41Sopenharmony_ci 11971cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 11981cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 11991cb0ef41Sopenharmony_ci }) 12001cb0ef41Sopenharmony_ci 12011cb0ef41Sopenharmony_ci t.test('with multiple missing signatures', async t => { 12021cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 12031cb0ef41Sopenharmony_ci prefixDir: installWithMultipleDeps, 12041cb0ef41Sopenharmony_ci }) 12051cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 12061cb0ef41Sopenharmony_ci await manifestWithoutSigs({ registry, name: 'kms-demo', version: '1.0.0' }) 12071cb0ef41Sopenharmony_ci await manifestWithoutSigs({ registry, name: 'async', version: '1.1.1' }) 12081cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 12091cb0ef41Sopenharmony_ci 12101cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 12111cb0ef41Sopenharmony_ci 12121cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 12131cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 12141cb0ef41Sopenharmony_ci }) 12151cb0ef41Sopenharmony_ci 12161cb0ef41Sopenharmony_ci t.test('with signatures but no public keys', async t => { 12171cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 12181cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 12191cb0ef41Sopenharmony_ci }) 12201cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 12211cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 12221cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_TARGET_NOT_FOUND }) 12231cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/keys').reply(404) 12241cb0ef41Sopenharmony_ci 12251cb0ef41Sopenharmony_ci await t.rejects( 12261cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 12271cb0ef41Sopenharmony_ci /no corresponding public key can be found/, 12281cb0ef41Sopenharmony_ci 'should throw with error' 12291cb0ef41Sopenharmony_ci ) 12301cb0ef41Sopenharmony_ci }) 12311cb0ef41Sopenharmony_ci 12321cb0ef41Sopenharmony_ci t.test('with signatures but the public keys are expired', async t => { 12331cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 12341cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 12351cb0ef41Sopenharmony_ci }) 12361cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 12371cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 12381cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_EXPIRED_KEYS_TARGET }) 12391cb0ef41Sopenharmony_ci 12401cb0ef41Sopenharmony_ci await t.rejects( 12411cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 12421cb0ef41Sopenharmony_ci /the corresponding public key has expired/, 12431cb0ef41Sopenharmony_ci 'should throw with error' 12441cb0ef41Sopenharmony_ci ) 12451cb0ef41Sopenharmony_ci }) 12461cb0ef41Sopenharmony_ci 12471cb0ef41Sopenharmony_ci t.test('with signatures but the public keyid does not match', async t => { 12481cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 12491cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 12501cb0ef41Sopenharmony_ci }) 12511cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 12521cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 12531cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_MISMATCHING_KEYS_TARGET }) 12541cb0ef41Sopenharmony_ci 12551cb0ef41Sopenharmony_ci await t.rejects( 12561cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 12571cb0ef41Sopenharmony_ci /no corresponding public key can be found/, 12581cb0ef41Sopenharmony_ci 'should throw with error' 12591cb0ef41Sopenharmony_ci ) 12601cb0ef41Sopenharmony_ci }) 12611cb0ef41Sopenharmony_ci 12621cb0ef41Sopenharmony_ci t.test('with keys but missing signature', async t => { 12631cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 12641cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 12651cb0ef41Sopenharmony_ci }) 12661cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 12671cb0ef41Sopenharmony_ci await manifestWithoutSigs({ registry }) 12681cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 12691cb0ef41Sopenharmony_ci 12701cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 12711cb0ef41Sopenharmony_ci 12721cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 12731cb0ef41Sopenharmony_ci t.match( 12741cb0ef41Sopenharmony_ci joinedOutput(), 12751cb0ef41Sopenharmony_ci /registry is providing signing keys/ 12761cb0ef41Sopenharmony_ci ) 12771cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 12781cb0ef41Sopenharmony_ci }) 12791cb0ef41Sopenharmony_ci 12801cb0ef41Sopenharmony_ci t.test('output details about missing signatures', async t => { 12811cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 12821cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 12831cb0ef41Sopenharmony_ci }) 12841cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 12851cb0ef41Sopenharmony_ci await manifestWithoutSigs({ registry }) 12861cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 12871cb0ef41Sopenharmony_ci 12881cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 12891cb0ef41Sopenharmony_ci 12901cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 12911cb0ef41Sopenharmony_ci t.match( 12921cb0ef41Sopenharmony_ci joinedOutput(), 12931cb0ef41Sopenharmony_ci /kms-demo/ 12941cb0ef41Sopenharmony_ci ) 12951cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 12961cb0ef41Sopenharmony_ci }) 12971cb0ef41Sopenharmony_ci 12981cb0ef41Sopenharmony_ci t.test('json output with valid signatures', async t => { 12991cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 13001cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 13011cb0ef41Sopenharmony_ci config: { 13021cb0ef41Sopenharmony_ci json: true, 13031cb0ef41Sopenharmony_ci }, 13041cb0ef41Sopenharmony_ci }) 13051cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 13061cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 13071cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 13081cb0ef41Sopenharmony_ci 13091cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 13101cb0ef41Sopenharmony_ci 13111cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 13121cb0ef41Sopenharmony_ci t.match(joinedOutput(), JSON.stringify({ invalid: [], missing: [] }, null, 2)) 13131cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 13141cb0ef41Sopenharmony_ci }) 13151cb0ef41Sopenharmony_ci 13161cb0ef41Sopenharmony_ci t.test('json output with invalid signatures', async t => { 13171cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 13181cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 13191cb0ef41Sopenharmony_ci config: { 13201cb0ef41Sopenharmony_ci json: true, 13211cb0ef41Sopenharmony_ci }, 13221cb0ef41Sopenharmony_ci }) 13231cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 13241cb0ef41Sopenharmony_ci await manifestWithInvalidSigs({ registry }) 13251cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 13261cb0ef41Sopenharmony_ci 13271cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 13281cb0ef41Sopenharmony_ci 13291cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 13301cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 13311cb0ef41Sopenharmony_ci }) 13321cb0ef41Sopenharmony_ci 13331cb0ef41Sopenharmony_ci t.test('json output with invalid and missing signatures', async t => { 13341cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 13351cb0ef41Sopenharmony_ci prefixDir: installWithMultipleDeps, 13361cb0ef41Sopenharmony_ci config: { 13371cb0ef41Sopenharmony_ci json: true, 13381cb0ef41Sopenharmony_ci }, 13391cb0ef41Sopenharmony_ci }) 13401cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 13411cb0ef41Sopenharmony_ci await manifestWithInvalidSigs({ registry }) 13421cb0ef41Sopenharmony_ci await manifestWithoutSigs({ registry, name: 'async', version: '1.1.1' }) 13431cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 13441cb0ef41Sopenharmony_ci 13451cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 13461cb0ef41Sopenharmony_ci 13471cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 13481cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 13491cb0ef41Sopenharmony_ci }) 13501cb0ef41Sopenharmony_ci 13511cb0ef41Sopenharmony_ci t.test('omit dev dependencies with missing signature', async t => { 13521cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 13531cb0ef41Sopenharmony_ci prefixDir: installWithMultipleDeps, 13541cb0ef41Sopenharmony_ci config: { 13551cb0ef41Sopenharmony_ci omit: ['dev'], 13561cb0ef41Sopenharmony_ci }, 13571cb0ef41Sopenharmony_ci }) 13581cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 13591cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 13601cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 13611cb0ef41Sopenharmony_ci 13621cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 13631cb0ef41Sopenharmony_ci 13641cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 13651cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 1 package/) 13661cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 13671cb0ef41Sopenharmony_ci }) 13681cb0ef41Sopenharmony_ci 13691cb0ef41Sopenharmony_ci t.test('third-party registry without keys (E404) does not verify', async t => { 13701cb0ef41Sopenharmony_ci const registryUrl = 'https://verdaccio-clone2.org' 13711cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 13721cb0ef41Sopenharmony_ci prefixDir: installWithThirdPartyRegistry, 13731cb0ef41Sopenharmony_ci config: { 13741cb0ef41Sopenharmony_ci scope: '@npmcli', 13751cb0ef41Sopenharmony_ci registry: registryUrl, 13761cb0ef41Sopenharmony_ci }, 13771cb0ef41Sopenharmony_ci }) 13781cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: registryUrl }) 13791cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 13801cb0ef41Sopenharmony_ci name: '@npmcli/arborist', 13811cb0ef41Sopenharmony_ci packuments: [{ 13821cb0ef41Sopenharmony_ci version: '1.0.14', 13831cb0ef41Sopenharmony_ci dist: { 13841cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/@npmcli/arborist/-/@npmcli/arborist-1.0.14.tgz', 13851cb0ef41Sopenharmony_ci integrity: 'sha512-caa8hv5rW9VpQKk6tyNRvSaVDySVjo9GkI7Wj/wcsFyxPm3tYrE' + 13861cb0ef41Sopenharmony_ci 'sFyTjSnJH8HCIfEGVQNjqqKXaXLFVp7UBag==', 13871cb0ef41Sopenharmony_ci }, 13881cb0ef41Sopenharmony_ci }], 13891cb0ef41Sopenharmony_ci }) 13901cb0ef41Sopenharmony_ci await registry.package({ manifest }) 13911cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_TARGET_NOT_FOUND }) 13921cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/keys').reply(404) 13931cb0ef41Sopenharmony_ci 13941cb0ef41Sopenharmony_ci await t.rejects( 13951cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 13961cb0ef41Sopenharmony_ci /found no dependencies to audit that were installed from a supported registry/ 13971cb0ef41Sopenharmony_ci ) 13981cb0ef41Sopenharmony_ci }) 13991cb0ef41Sopenharmony_ci 14001cb0ef41Sopenharmony_ci t.test('third-party registry without keys (E400) does not verify', async t => { 14011cb0ef41Sopenharmony_ci const registryUrl = 'https://verdaccio-clone2.org' 14021cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 14031cb0ef41Sopenharmony_ci prefixDir: installWithThirdPartyRegistry, 14041cb0ef41Sopenharmony_ci config: { 14051cb0ef41Sopenharmony_ci scope: '@npmcli', 14061cb0ef41Sopenharmony_ci registry: registryUrl, 14071cb0ef41Sopenharmony_ci }, 14081cb0ef41Sopenharmony_ci }) 14091cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: registryUrl }) 14101cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 14111cb0ef41Sopenharmony_ci name: '@npmcli/arborist', 14121cb0ef41Sopenharmony_ci packuments: [{ 14131cb0ef41Sopenharmony_ci version: '1.0.14', 14141cb0ef41Sopenharmony_ci dist: { 14151cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/@npmcli/arborist/-/@npmcli/arborist-1.0.14.tgz', 14161cb0ef41Sopenharmony_ci integrity: 'sha512-caa8hv5rW9VpQKk6tyNRvSaVDySVjo9GkI7Wj/wcsFyxPm3tYrE' + 14171cb0ef41Sopenharmony_ci 'sFyTjSnJH8HCIfEGVQNjqqKXaXLFVp7UBag==', 14181cb0ef41Sopenharmony_ci }, 14191cb0ef41Sopenharmony_ci }], 14201cb0ef41Sopenharmony_ci }) 14211cb0ef41Sopenharmony_ci await registry.package({ manifest }) 14221cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_TARGET_NOT_FOUND }) 14231cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/keys').reply(400) 14241cb0ef41Sopenharmony_ci 14251cb0ef41Sopenharmony_ci await t.rejects( 14261cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 14271cb0ef41Sopenharmony_ci /found no dependencies to audit that were installed from a supported registry/ 14281cb0ef41Sopenharmony_ci ) 14291cb0ef41Sopenharmony_ci }) 14301cb0ef41Sopenharmony_ci 14311cb0ef41Sopenharmony_ci t.test('third-party registry with keys and signatures', async t => { 14321cb0ef41Sopenharmony_ci const registryUrl = 'https://verdaccio-clone.org' 14331cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 14341cb0ef41Sopenharmony_ci prefixDir: installWithThirdPartyRegistry, 14351cb0ef41Sopenharmony_ci config: { 14361cb0ef41Sopenharmony_ci scope: '@npmcli', 14371cb0ef41Sopenharmony_ci registry: registryUrl, 14381cb0ef41Sopenharmony_ci }, 14391cb0ef41Sopenharmony_ci }) 14401cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: registryUrl }) 14411cb0ef41Sopenharmony_ci 14421cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 14431cb0ef41Sopenharmony_ci name: '@npmcli/arborist', 14441cb0ef41Sopenharmony_ci packuments: [{ 14451cb0ef41Sopenharmony_ci version: '1.0.14', 14461cb0ef41Sopenharmony_ci dist: { 14471cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/@npmcli/arborist/-/@npmcli/arborist-1.0.14.tgz', 14481cb0ef41Sopenharmony_ci integrity: 'sha512-caa8hv5rW9VpQKk6tyNRvSaVDySVjo9GkI7Wj/wcsFyxPm3tYrE' + 14491cb0ef41Sopenharmony_ci 'sFyTjSnJH8HCIfEGVQNjqqKXaXLFVp7UBag==', 14501cb0ef41Sopenharmony_ci signatures: [ 14511cb0ef41Sopenharmony_ci { 14521cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 14531cb0ef41Sopenharmony_ci sig: 'MEUCIAvNpR3G0j7WOPUuVMhE0ZdM8PnDNcsoeFD8Iwz9YWIMAiEAn8cicDC2' + 14541cb0ef41Sopenharmony_ci 'Sf9MFQydqTv6S5XYsAh9Af1sig1nApNI11M=', 14551cb0ef41Sopenharmony_ci }, 14561cb0ef41Sopenharmony_ci ], 14571cb0ef41Sopenharmony_ci }, 14581cb0ef41Sopenharmony_ci }], 14591cb0ef41Sopenharmony_ci }) 14601cb0ef41Sopenharmony_ci await registry.package({ manifest }) 14611cb0ef41Sopenharmony_ci mockTUF({ npm, 14621cb0ef41Sopenharmony_ci target: { 14631cb0ef41Sopenharmony_ci name: 'verdaccio-clone.org/keys.json', 14641cb0ef41Sopenharmony_ci content: JSON.stringify(TUF_VALID_REGISTRY_KEYS), 14651cb0ef41Sopenharmony_ci } }) 14661cb0ef41Sopenharmony_ci 14671cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 14681cb0ef41Sopenharmony_ci 14691cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 14701cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 1 package/) 14711cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 14721cb0ef41Sopenharmony_ci }) 14731cb0ef41Sopenharmony_ci 14741cb0ef41Sopenharmony_ci t.test('third-party registry with invalid signatures errors', async t => { 14751cb0ef41Sopenharmony_ci const registryUrl = 'https://verdaccio-clone.org' 14761cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 14771cb0ef41Sopenharmony_ci prefixDir: installWithThirdPartyRegistry, 14781cb0ef41Sopenharmony_ci config: { 14791cb0ef41Sopenharmony_ci scope: '@npmcli', 14801cb0ef41Sopenharmony_ci registry: registryUrl, 14811cb0ef41Sopenharmony_ci }, 14821cb0ef41Sopenharmony_ci }) 14831cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: registryUrl }) 14841cb0ef41Sopenharmony_ci 14851cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 14861cb0ef41Sopenharmony_ci name: '@npmcli/arborist', 14871cb0ef41Sopenharmony_ci packuments: [{ 14881cb0ef41Sopenharmony_ci version: '1.0.14', 14891cb0ef41Sopenharmony_ci dist: { 14901cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/@npmcli/arborist/-/@npmcli/arborist-1.0.14.tgz', 14911cb0ef41Sopenharmony_ci integrity: 'sha512-caa8hv5rW9VpQKk6tyNRvSaVDySVjo9GkI7Wj/wcsFyxPm3tYrE' + 14921cb0ef41Sopenharmony_ci 'sFyTjSnJH8HCIfEGVQNjqqKXaXLFVp7UBag==', 14931cb0ef41Sopenharmony_ci signatures: [ 14941cb0ef41Sopenharmony_ci { 14951cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 14961cb0ef41Sopenharmony_ci sig: 'bogus', 14971cb0ef41Sopenharmony_ci }, 14981cb0ef41Sopenharmony_ci ], 14991cb0ef41Sopenharmony_ci }, 15001cb0ef41Sopenharmony_ci }], 15011cb0ef41Sopenharmony_ci }) 15021cb0ef41Sopenharmony_ci await registry.package({ manifest }) 15031cb0ef41Sopenharmony_ci mockTUF({ npm, 15041cb0ef41Sopenharmony_ci target: { 15051cb0ef41Sopenharmony_ci name: 'verdaccio-clone.org/keys.json', 15061cb0ef41Sopenharmony_ci content: JSON.stringify(TUF_VALID_REGISTRY_KEYS), 15071cb0ef41Sopenharmony_ci } }) 15081cb0ef41Sopenharmony_ci 15091cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 15101cb0ef41Sopenharmony_ci 15111cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 15121cb0ef41Sopenharmony_ci t.match(joinedOutput(), /https:\/\/verdaccio-clone.org/) 15131cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 15141cb0ef41Sopenharmony_ci }) 15151cb0ef41Sopenharmony_ci 15161cb0ef41Sopenharmony_ci t.test('third-party registry with keys and missing signatures errors', async t => { 15171cb0ef41Sopenharmony_ci const registryUrl = 'https://verdaccio-clone.org' 15181cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 15191cb0ef41Sopenharmony_ci prefixDir: installWithThirdPartyRegistry, 15201cb0ef41Sopenharmony_ci config: { 15211cb0ef41Sopenharmony_ci scope: '@npmcli', 15221cb0ef41Sopenharmony_ci registry: registryUrl, 15231cb0ef41Sopenharmony_ci }, 15241cb0ef41Sopenharmony_ci }) 15251cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: registryUrl }) 15261cb0ef41Sopenharmony_ci 15271cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 15281cb0ef41Sopenharmony_ci name: '@npmcli/arborist', 15291cb0ef41Sopenharmony_ci packuments: [{ 15301cb0ef41Sopenharmony_ci version: '1.0.14', 15311cb0ef41Sopenharmony_ci dist: { 15321cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/@npmcli/arborist/-/@npmcli/arborist-1.0.14.tgz', 15331cb0ef41Sopenharmony_ci integrity: 'sha512-caa8hv5rW9VpQKk6tyNRvSaVDySVjo9GkI7Wj/wcsFyxPm3tYrE' + 15341cb0ef41Sopenharmony_ci 'sFyTjSnJH8HCIfEGVQNjqqKXaXLFVp7UBag==', 15351cb0ef41Sopenharmony_ci }, 15361cb0ef41Sopenharmony_ci }], 15371cb0ef41Sopenharmony_ci }) 15381cb0ef41Sopenharmony_ci await registry.package({ manifest }) 15391cb0ef41Sopenharmony_ci mockTUF({ npm, 15401cb0ef41Sopenharmony_ci target: { 15411cb0ef41Sopenharmony_ci name: 'verdaccio-clone.org/keys.json', 15421cb0ef41Sopenharmony_ci content: JSON.stringify(TUF_VALID_REGISTRY_KEYS), 15431cb0ef41Sopenharmony_ci } }) 15441cb0ef41Sopenharmony_ci 15451cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 15461cb0ef41Sopenharmony_ci 15471cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 15481cb0ef41Sopenharmony_ci t.match(joinedOutput(), /1 package has a missing registry signature/) 15491cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 15501cb0ef41Sopenharmony_ci }) 15511cb0ef41Sopenharmony_ci 15521cb0ef41Sopenharmony_ci t.test('third-party registry with sub-path', async t => { 15531cb0ef41Sopenharmony_ci const registryUrl = 'https://verdaccio-clone.org/npm' 15541cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 15551cb0ef41Sopenharmony_ci prefixDir: installWithThirdPartyRegistry, 15561cb0ef41Sopenharmony_ci config: { 15571cb0ef41Sopenharmony_ci scope: '@npmcli', 15581cb0ef41Sopenharmony_ci registry: registryUrl, 15591cb0ef41Sopenharmony_ci }, 15601cb0ef41Sopenharmony_ci }) 15611cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: registryUrl }) 15621cb0ef41Sopenharmony_ci 15631cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 15641cb0ef41Sopenharmony_ci name: '@npmcli/arborist', 15651cb0ef41Sopenharmony_ci packuments: [{ 15661cb0ef41Sopenharmony_ci version: '1.0.14', 15671cb0ef41Sopenharmony_ci dist: { 15681cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/@npmcli/arborist/-/@npmcli/arborist-1.0.14.tgz', 15691cb0ef41Sopenharmony_ci integrity: 'sha512-caa8hv5rW9VpQKk6tyNRvSaVDySVjo9GkI7Wj/wcsFyxPm3tYrE' + 15701cb0ef41Sopenharmony_ci 'sFyTjSnJH8HCIfEGVQNjqqKXaXLFVp7UBag==', 15711cb0ef41Sopenharmony_ci signatures: [ 15721cb0ef41Sopenharmony_ci { 15731cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 15741cb0ef41Sopenharmony_ci sig: 'MEUCIAvNpR3G0j7WOPUuVMhE0ZdM8PnDNcsoeFD8Iwz9YWIMAiEAn8cicDC2' + 15751cb0ef41Sopenharmony_ci 'Sf9MFQydqTv6S5XYsAh9Af1sig1nApNI11M=', 15761cb0ef41Sopenharmony_ci }, 15771cb0ef41Sopenharmony_ci ], 15781cb0ef41Sopenharmony_ci }, 15791cb0ef41Sopenharmony_ci }], 15801cb0ef41Sopenharmony_ci }) 15811cb0ef41Sopenharmony_ci await registry.package({ manifest }) 15821cb0ef41Sopenharmony_ci 15831cb0ef41Sopenharmony_ci mockTUF({ npm, 15841cb0ef41Sopenharmony_ci target: { 15851cb0ef41Sopenharmony_ci name: 'verdaccio-clone.org/npm/keys.json', 15861cb0ef41Sopenharmony_ci content: JSON.stringify(TUF_VALID_REGISTRY_KEYS), 15871cb0ef41Sopenharmony_ci } }) 15881cb0ef41Sopenharmony_ci 15891cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 15901cb0ef41Sopenharmony_ci 15911cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 15921cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 1 package/) 15931cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 15941cb0ef41Sopenharmony_ci }) 15951cb0ef41Sopenharmony_ci 15961cb0ef41Sopenharmony_ci t.test('third-party registry with sub-path (trailing slash)', async t => { 15971cb0ef41Sopenharmony_ci const registryUrl = 'https://verdaccio-clone.org/npm/' 15981cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 15991cb0ef41Sopenharmony_ci prefixDir: installWithThirdPartyRegistry, 16001cb0ef41Sopenharmony_ci config: { 16011cb0ef41Sopenharmony_ci scope: '@npmcli', 16021cb0ef41Sopenharmony_ci registry: registryUrl, 16031cb0ef41Sopenharmony_ci }, 16041cb0ef41Sopenharmony_ci }) 16051cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: registryUrl }) 16061cb0ef41Sopenharmony_ci 16071cb0ef41Sopenharmony_ci const manifest = registry.manifest({ 16081cb0ef41Sopenharmony_ci name: '@npmcli/arborist', 16091cb0ef41Sopenharmony_ci packuments: [{ 16101cb0ef41Sopenharmony_ci version: '1.0.14', 16111cb0ef41Sopenharmony_ci dist: { 16121cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/@npmcli/arborist/-/@npmcli/arborist-1.0.14.tgz', 16131cb0ef41Sopenharmony_ci integrity: 'sha512-caa8hv5rW9VpQKk6tyNRvSaVDySVjo9GkI7Wj/wcsFyxPm3tYrE' + 16141cb0ef41Sopenharmony_ci 'sFyTjSnJH8HCIfEGVQNjqqKXaXLFVp7UBag==', 16151cb0ef41Sopenharmony_ci signatures: [ 16161cb0ef41Sopenharmony_ci { 16171cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 16181cb0ef41Sopenharmony_ci sig: 'MEUCIAvNpR3G0j7WOPUuVMhE0ZdM8PnDNcsoeFD8Iwz9YWIMAiEAn8cicDC2' + 16191cb0ef41Sopenharmony_ci 'Sf9MFQydqTv6S5XYsAh9Af1sig1nApNI11M=', 16201cb0ef41Sopenharmony_ci }, 16211cb0ef41Sopenharmony_ci ], 16221cb0ef41Sopenharmony_ci }, 16231cb0ef41Sopenharmony_ci }], 16241cb0ef41Sopenharmony_ci }) 16251cb0ef41Sopenharmony_ci await registry.package({ manifest }) 16261cb0ef41Sopenharmony_ci 16271cb0ef41Sopenharmony_ci mockTUF({ npm, 16281cb0ef41Sopenharmony_ci target: { 16291cb0ef41Sopenharmony_ci name: 'verdaccio-clone.org/npm/keys.json', 16301cb0ef41Sopenharmony_ci content: JSON.stringify(TUF_VALID_REGISTRY_KEYS), 16311cb0ef41Sopenharmony_ci } }) 16321cb0ef41Sopenharmony_ci 16331cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 16341cb0ef41Sopenharmony_ci 16351cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 16361cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 1 package/) 16371cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 16381cb0ef41Sopenharmony_ci }) 16391cb0ef41Sopenharmony_ci 16401cb0ef41Sopenharmony_ci t.test('multiple registries with keys and signatures', async t => { 16411cb0ef41Sopenharmony_ci const registryUrl = 'https://verdaccio-clone.org' 16421cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 16431cb0ef41Sopenharmony_ci prefixDir: { 16441cb0ef41Sopenharmony_ci ...installWithMultipleRegistries, 16451cb0ef41Sopenharmony_ci '.npmrc': `@npmcli:registry=${registryUrl}\n`, 16461cb0ef41Sopenharmony_ci }, 16471cb0ef41Sopenharmony_ci }) 16481cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 16491cb0ef41Sopenharmony_ci const thirdPartyRegistry = new MockRegistry({ 16501cb0ef41Sopenharmony_ci tap: t, 16511cb0ef41Sopenharmony_ci registry: registryUrl, 16521cb0ef41Sopenharmony_ci }) 16531cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 16541cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 16551cb0ef41Sopenharmony_ci 16561cb0ef41Sopenharmony_ci const manifest = thirdPartyRegistry.manifest({ 16571cb0ef41Sopenharmony_ci name: '@npmcli/arborist', 16581cb0ef41Sopenharmony_ci packuments: [{ 16591cb0ef41Sopenharmony_ci version: '1.0.14', 16601cb0ef41Sopenharmony_ci dist: { 16611cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/@npmcli/arborist/-/@npmcli/arborist-1.0.14.tgz', 16621cb0ef41Sopenharmony_ci integrity: 'sha512-caa8hv5rW9VpQKk6tyNRvSaVDySVjo9GkI7Wj/wcsFyxPm3tYrE' + 16631cb0ef41Sopenharmony_ci 'sFyTjSnJH8HCIfEGVQNjqqKXaXLFVp7UBag==', 16641cb0ef41Sopenharmony_ci signatures: [ 16651cb0ef41Sopenharmony_ci { 16661cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 16671cb0ef41Sopenharmony_ci sig: 'MEUCIAvNpR3G0j7WOPUuVMhE0ZdM8PnDNcsoeFD8Iwz9YWIMAiEAn8cicDC2' + 16681cb0ef41Sopenharmony_ci 'Sf9MFQydqTv6S5XYsAh9Af1sig1nApNI11M=', 16691cb0ef41Sopenharmony_ci }, 16701cb0ef41Sopenharmony_ci ], 16711cb0ef41Sopenharmony_ci }, 16721cb0ef41Sopenharmony_ci }], 16731cb0ef41Sopenharmony_ci }) 16741cb0ef41Sopenharmony_ci await thirdPartyRegistry.package({ manifest }) 16751cb0ef41Sopenharmony_ci thirdPartyRegistry.nock.get('/-/npm/v1/keys') 16761cb0ef41Sopenharmony_ci .reply(200, { 16771cb0ef41Sopenharmony_ci keys: [{ 16781cb0ef41Sopenharmony_ci expires: null, 16791cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 16801cb0ef41Sopenharmony_ci keytype: 'ecdsa-sha2-nistp256', 16811cb0ef41Sopenharmony_ci scheme: 'ecdsa-sha2-nistp256', 16821cb0ef41Sopenharmony_ci key: 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Olb3zMAFFxXKHiIkQO5cJ3Yhl5i6UPp+' + 16831cb0ef41Sopenharmony_ci 'IhuteBJbuHcA5UogKo0EWtlWwW6KSaKoTNEYL7JlCQiVnkhBktUgg==', 16841cb0ef41Sopenharmony_ci }], 16851cb0ef41Sopenharmony_ci }) 16861cb0ef41Sopenharmony_ci 16871cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 16881cb0ef41Sopenharmony_ci 16891cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 16901cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 2 packages/) 16911cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 16921cb0ef41Sopenharmony_ci }) 16931cb0ef41Sopenharmony_ci 16941cb0ef41Sopenharmony_ci t.test('errors with an empty install', async t => { 16951cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 16961cb0ef41Sopenharmony_ci prefixDir: { 16971cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 16981cb0ef41Sopenharmony_ci name: 'test-dep', 16991cb0ef41Sopenharmony_ci version: '1.0.0', 17001cb0ef41Sopenharmony_ci }), 17011cb0ef41Sopenharmony_ci }, 17021cb0ef41Sopenharmony_ci }) 17031cb0ef41Sopenharmony_ci 17041cb0ef41Sopenharmony_ci await t.rejects( 17051cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 17061cb0ef41Sopenharmony_ci /found no installed dependencies to audit/ 17071cb0ef41Sopenharmony_ci ) 17081cb0ef41Sopenharmony_ci }) 17091cb0ef41Sopenharmony_ci 17101cb0ef41Sopenharmony_ci t.test('errors when TUF errors', async t => { 17111cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 17121cb0ef41Sopenharmony_ci prefixDir: installWithMultipleDeps, 17131cb0ef41Sopenharmony_ci mocks: { 17141cb0ef41Sopenharmony_ci '@sigstore/tuf': { 17151cb0ef41Sopenharmony_ci initTUF: async () => ({ 17161cb0ef41Sopenharmony_ci getTarget: async () => { 17171cb0ef41Sopenharmony_ci throw new Error('error refreshing TUF metadata') 17181cb0ef41Sopenharmony_ci }, 17191cb0ef41Sopenharmony_ci }), 17201cb0ef41Sopenharmony_ci }, 17211cb0ef41Sopenharmony_ci }, 17221cb0ef41Sopenharmony_ci }) 17231cb0ef41Sopenharmony_ci 17241cb0ef41Sopenharmony_ci await t.rejects( 17251cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 17261cb0ef41Sopenharmony_ci /error refreshing TUF metadata/ 17271cb0ef41Sopenharmony_ci ) 17281cb0ef41Sopenharmony_ci }) 17291cb0ef41Sopenharmony_ci 17301cb0ef41Sopenharmony_ci t.test('errors when the keys endpoint errors', async t => { 17311cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 17321cb0ef41Sopenharmony_ci prefixDir: installWithMultipleDeps, 17331cb0ef41Sopenharmony_ci }) 17341cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 17351cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_TARGET_NOT_FOUND }) 17361cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/keys') 17371cb0ef41Sopenharmony_ci .reply(500, { error: 'keys broke' }) 17381cb0ef41Sopenharmony_ci 17391cb0ef41Sopenharmony_ci await t.rejects( 17401cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 17411cb0ef41Sopenharmony_ci /keys broke/ 17421cb0ef41Sopenharmony_ci ) 17431cb0ef41Sopenharmony_ci }) 17441cb0ef41Sopenharmony_ci 17451cb0ef41Sopenharmony_ci t.test('ignores optional dependencies', async t => { 17461cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 17471cb0ef41Sopenharmony_ci prefixDir: installWithOptionalDeps, 17481cb0ef41Sopenharmony_ci }) 17491cb0ef41Sopenharmony_ci 17501cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 17511cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 17521cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 17531cb0ef41Sopenharmony_ci 17541cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 17551cb0ef41Sopenharmony_ci 17561cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 17571cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 1 package/) 17581cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 17591cb0ef41Sopenharmony_ci }) 17601cb0ef41Sopenharmony_ci 17611cb0ef41Sopenharmony_ci t.test('errors when no installed dependencies', async t => { 17621cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 17631cb0ef41Sopenharmony_ci prefixDir: noInstall, 17641cb0ef41Sopenharmony_ci }) 17651cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 17661cb0ef41Sopenharmony_ci 17671cb0ef41Sopenharmony_ci await t.rejects( 17681cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 17691cb0ef41Sopenharmony_ci /found no dependencies to audit that were installed from a supported registry/ 17701cb0ef41Sopenharmony_ci ) 17711cb0ef41Sopenharmony_ci }) 17721cb0ef41Sopenharmony_ci 17731cb0ef41Sopenharmony_ci t.test('should skip missing non-prod deps', async t => { 17741cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 17751cb0ef41Sopenharmony_ci prefixDir: { 17761cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 17771cb0ef41Sopenharmony_ci name: 'delta', 17781cb0ef41Sopenharmony_ci version: '1.0.0', 17791cb0ef41Sopenharmony_ci devDependencies: { 17801cb0ef41Sopenharmony_ci chai: '^1.0.0', 17811cb0ef41Sopenharmony_ci }, 17821cb0ef41Sopenharmony_ci }, null, 2), 17831cb0ef41Sopenharmony_ci node_modules: {}, 17841cb0ef41Sopenharmony_ci }, 17851cb0ef41Sopenharmony_ci }) 17861cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 17871cb0ef41Sopenharmony_ci 17881cb0ef41Sopenharmony_ci await t.rejects( 17891cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 17901cb0ef41Sopenharmony_ci /found no dependencies to audit that were installed from a supported registry/ 17911cb0ef41Sopenharmony_ci ) 17921cb0ef41Sopenharmony_ci }) 17931cb0ef41Sopenharmony_ci 17941cb0ef41Sopenharmony_ci t.test('should skip invalid pkg ranges', async t => { 17951cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 17961cb0ef41Sopenharmony_ci prefixDir: { 17971cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 17981cb0ef41Sopenharmony_ci name: 'delta', 17991cb0ef41Sopenharmony_ci version: '1.0.0', 18001cb0ef41Sopenharmony_ci dependencies: { 18011cb0ef41Sopenharmony_ci cat: '>=^2', 18021cb0ef41Sopenharmony_ci }, 18031cb0ef41Sopenharmony_ci }, null, 2), 18041cb0ef41Sopenharmony_ci node_modules: { 18051cb0ef41Sopenharmony_ci cat: { 18061cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 18071cb0ef41Sopenharmony_ci name: 'cat', 18081cb0ef41Sopenharmony_ci version: '1.0.0', 18091cb0ef41Sopenharmony_ci }, null, 2), 18101cb0ef41Sopenharmony_ci }, 18111cb0ef41Sopenharmony_ci }, 18121cb0ef41Sopenharmony_ci }, 18131cb0ef41Sopenharmony_ci }) 18141cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_TARGET_NOT_FOUND }) 18151cb0ef41Sopenharmony_ci 18161cb0ef41Sopenharmony_ci await t.rejects( 18171cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 18181cb0ef41Sopenharmony_ci /found no dependencies to audit that were installed from a supported registry/ 18191cb0ef41Sopenharmony_ci ) 18201cb0ef41Sopenharmony_ci }) 18211cb0ef41Sopenharmony_ci 18221cb0ef41Sopenharmony_ci t.test('should skip git specs', async t => { 18231cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 18241cb0ef41Sopenharmony_ci prefixDir: { 18251cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 18261cb0ef41Sopenharmony_ci name: 'delta', 18271cb0ef41Sopenharmony_ci version: '1.0.0', 18281cb0ef41Sopenharmony_ci dependencies: { 18291cb0ef41Sopenharmony_ci cat: 'github:username/foo', 18301cb0ef41Sopenharmony_ci }, 18311cb0ef41Sopenharmony_ci }, null, 2), 18321cb0ef41Sopenharmony_ci node_modules: { 18331cb0ef41Sopenharmony_ci cat: { 18341cb0ef41Sopenharmony_ci 'package.json': JSON.stringify({ 18351cb0ef41Sopenharmony_ci name: 'cat', 18361cb0ef41Sopenharmony_ci version: '1.0.0', 18371cb0ef41Sopenharmony_ci }, null, 2), 18381cb0ef41Sopenharmony_ci }, 18391cb0ef41Sopenharmony_ci }, 18401cb0ef41Sopenharmony_ci }, 18411cb0ef41Sopenharmony_ci }) 18421cb0ef41Sopenharmony_ci 18431cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 18441cb0ef41Sopenharmony_ci 18451cb0ef41Sopenharmony_ci await t.rejects( 18461cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 18471cb0ef41Sopenharmony_ci /found no dependencies to audit that were installed from a supported registry/ 18481cb0ef41Sopenharmony_ci ) 18491cb0ef41Sopenharmony_ci }) 18501cb0ef41Sopenharmony_ci 18511cb0ef41Sopenharmony_ci t.test('errors for global packages', async t => { 18521cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 18531cb0ef41Sopenharmony_ci config: { global: true }, 18541cb0ef41Sopenharmony_ci }) 18551cb0ef41Sopenharmony_ci 18561cb0ef41Sopenharmony_ci await t.rejects( 18571cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 18581cb0ef41Sopenharmony_ci /`npm audit signatures` does not support global packages/, 18591cb0ef41Sopenharmony_ci { code: 'ECIGLOBAL' } 18601cb0ef41Sopenharmony_ci ) 18611cb0ef41Sopenharmony_ci }) 18621cb0ef41Sopenharmony_ci 18631cb0ef41Sopenharmony_ci t.test('with invalid signtaures and color output enabled', async t => { 18641cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 18651cb0ef41Sopenharmony_ci prefixDir: installWithValidSigs, 18661cb0ef41Sopenharmony_ci config: { color: 'always' }, 18671cb0ef41Sopenharmony_ci }) 18681cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 18691cb0ef41Sopenharmony_ci await manifestWithInvalidSigs({ registry }) 18701cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 18711cb0ef41Sopenharmony_ci 18721cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 18731cb0ef41Sopenharmony_ci 18741cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 18751cb0ef41Sopenharmony_ci t.match( 18761cb0ef41Sopenharmony_ci joinedOutput(), 18771cb0ef41Sopenharmony_ci // eslint-disable-next-line no-control-regex 18781cb0ef41Sopenharmony_ci /\u001b\[1m\u001b\[31minvalid\u001b\[39m\u001b\[22m registry signature/ 18791cb0ef41Sopenharmony_ci ) 18801cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 18811cb0ef41Sopenharmony_ci }) 18821cb0ef41Sopenharmony_ci 18831cb0ef41Sopenharmony_ci t.test('with valid attestations', async t => { 18841cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 18851cb0ef41Sopenharmony_ci prefixDir: installWithValidAttestations, 18861cb0ef41Sopenharmony_ci mocks: { 18871cb0ef41Sopenharmony_ci pacote: t.mock('pacote', { 18881cb0ef41Sopenharmony_ci sigstore: { verify: async () => true }, 18891cb0ef41Sopenharmony_ci }), 18901cb0ef41Sopenharmony_ci }, 18911cb0ef41Sopenharmony_ci }) 18921cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 18931cb0ef41Sopenharmony_ci await manifestWithValidAttestations({ registry }) 18941cb0ef41Sopenharmony_ci const fixture = fs.readFileSync( 18951cb0ef41Sopenharmony_ci path.join(__dirname, '..', 'fixtures', 'sigstore/valid-sigstore-attestations.json'), 18961cb0ef41Sopenharmony_ci 'utf8' 18971cb0ef41Sopenharmony_ci ) 18981cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/attestations/sigstore@1.0.0').reply(200, fixture) 18991cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 19001cb0ef41Sopenharmony_ci 19011cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 19021cb0ef41Sopenharmony_ci 19031cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 19041cb0ef41Sopenharmony_ci t.match(joinedOutput(), /1 package has a verified attestation/) 19051cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 19061cb0ef41Sopenharmony_ci }) 19071cb0ef41Sopenharmony_ci 19081cb0ef41Sopenharmony_ci t.test('with multiple valid attestations', async t => { 19091cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 19101cb0ef41Sopenharmony_ci prefixDir: installWithMultipleValidAttestations, 19111cb0ef41Sopenharmony_ci mocks: { 19121cb0ef41Sopenharmony_ci pacote: t.mock('pacote', { 19131cb0ef41Sopenharmony_ci sigstore: { verify: async () => true }, 19141cb0ef41Sopenharmony_ci }), 19151cb0ef41Sopenharmony_ci }, 19161cb0ef41Sopenharmony_ci }) 19171cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 19181cb0ef41Sopenharmony_ci await manifestWithValidAttestations({ registry }) 19191cb0ef41Sopenharmony_ci await manifestWithMultipleValidAttestations({ registry }) 19201cb0ef41Sopenharmony_ci const fixture1 = fs.readFileSync( 19211cb0ef41Sopenharmony_ci path.join(__dirname, '..', 'fixtures', 'sigstore/valid-sigstore-attestations.json'), 19221cb0ef41Sopenharmony_ci 'utf8' 19231cb0ef41Sopenharmony_ci ) 19241cb0ef41Sopenharmony_ci const fixture2 = fs.readFileSync( 19251cb0ef41Sopenharmony_ci path.join(__dirname, '..', 'fixtures', 'sigstore/valid-tuf-js-attestations.json'), 19261cb0ef41Sopenharmony_ci 'utf8' 19271cb0ef41Sopenharmony_ci ) 19281cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/attestations/sigstore@1.0.0').reply(200, fixture1) 19291cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/attestations/tuf-js@1.0.0').reply(200, fixture2) 19301cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 19311cb0ef41Sopenharmony_ci 19321cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 19331cb0ef41Sopenharmony_ci 19341cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 19351cb0ef41Sopenharmony_ci t.match(joinedOutput(), /2 packages have verified attestations/) 19361cb0ef41Sopenharmony_ci }) 19371cb0ef41Sopenharmony_ci 19381cb0ef41Sopenharmony_ci t.test('with invalid attestations', async t => { 19391cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 19401cb0ef41Sopenharmony_ci prefixDir: installWithValidAttestations, 19411cb0ef41Sopenharmony_ci mocks: { 19421cb0ef41Sopenharmony_ci pacote: t.mock('pacote', { 19431cb0ef41Sopenharmony_ci sigstore: { 19441cb0ef41Sopenharmony_ci verify: async () => { 19451cb0ef41Sopenharmony_ci throw new Error(`artifact signature verification failed`) 19461cb0ef41Sopenharmony_ci }, 19471cb0ef41Sopenharmony_ci }, 19481cb0ef41Sopenharmony_ci }), 19491cb0ef41Sopenharmony_ci }, 19501cb0ef41Sopenharmony_ci }) 19511cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 19521cb0ef41Sopenharmony_ci await manifestWithValidAttestations({ registry }) 19531cb0ef41Sopenharmony_ci const fixture = fs.readFileSync( 19541cb0ef41Sopenharmony_ci path.join(__dirname, '..', 'fixtures', 'sigstore/valid-sigstore-attestations.json'), 19551cb0ef41Sopenharmony_ci 'utf8' 19561cb0ef41Sopenharmony_ci ) 19571cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/attestations/sigstore@1.0.0').reply(200, fixture) 19581cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 19591cb0ef41Sopenharmony_ci 19601cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 19611cb0ef41Sopenharmony_ci 19621cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 19631cb0ef41Sopenharmony_ci t.match( 19641cb0ef41Sopenharmony_ci joinedOutput(), 19651cb0ef41Sopenharmony_ci '1 package has an invalid attestation' 19661cb0ef41Sopenharmony_ci ) 19671cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 19681cb0ef41Sopenharmony_ci }) 19691cb0ef41Sopenharmony_ci 19701cb0ef41Sopenharmony_ci t.test('json output with invalid attestations', async t => { 19711cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 19721cb0ef41Sopenharmony_ci prefixDir: installWithValidAttestations, 19731cb0ef41Sopenharmony_ci config: { 19741cb0ef41Sopenharmony_ci json: true, 19751cb0ef41Sopenharmony_ci }, 19761cb0ef41Sopenharmony_ci mocks: { 19771cb0ef41Sopenharmony_ci pacote: t.mock('pacote', { 19781cb0ef41Sopenharmony_ci sigstore: { 19791cb0ef41Sopenharmony_ci verify: async () => { 19801cb0ef41Sopenharmony_ci throw new Error(`artifact signature verification failed`) 19811cb0ef41Sopenharmony_ci }, 19821cb0ef41Sopenharmony_ci }, 19831cb0ef41Sopenharmony_ci }), 19841cb0ef41Sopenharmony_ci }, 19851cb0ef41Sopenharmony_ci }) 19861cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 19871cb0ef41Sopenharmony_ci await manifestWithValidAttestations({ registry }) 19881cb0ef41Sopenharmony_ci const fixture = fs.readFileSync( 19891cb0ef41Sopenharmony_ci path.join(__dirname, '..', 'fixtures', 'sigstore/valid-sigstore-attestations.json'), 19901cb0ef41Sopenharmony_ci 'utf8' 19911cb0ef41Sopenharmony_ci ) 19921cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/attestations/sigstore@1.0.0').reply(200, fixture) 19931cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 19941cb0ef41Sopenharmony_ci 19951cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 19961cb0ef41Sopenharmony_ci 19971cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 19981cb0ef41Sopenharmony_ci t.match(joinedOutput(), 'artifact signature verification failed') 19991cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 20001cb0ef41Sopenharmony_ci }) 20011cb0ef41Sopenharmony_ci 20021cb0ef41Sopenharmony_ci t.test('with multiple invalid attestations', async t => { 20031cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 20041cb0ef41Sopenharmony_ci prefixDir: installWithMultipleValidAttestations, 20051cb0ef41Sopenharmony_ci mocks: { 20061cb0ef41Sopenharmony_ci pacote: t.mock('pacote', { 20071cb0ef41Sopenharmony_ci sigstore: { 20081cb0ef41Sopenharmony_ci verify: async () => { 20091cb0ef41Sopenharmony_ci throw new Error(`artifact signature verification failed`) 20101cb0ef41Sopenharmony_ci }, 20111cb0ef41Sopenharmony_ci }, 20121cb0ef41Sopenharmony_ci }), 20131cb0ef41Sopenharmony_ci }, 20141cb0ef41Sopenharmony_ci }) 20151cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 20161cb0ef41Sopenharmony_ci await manifestWithValidAttestations({ registry }) 20171cb0ef41Sopenharmony_ci await manifestWithMultipleValidAttestations({ registry }) 20181cb0ef41Sopenharmony_ci const fixture1 = fs.readFileSync( 20191cb0ef41Sopenharmony_ci path.join(__dirname, '..', 'fixtures', 'sigstore/valid-sigstore-attestations.json'), 20201cb0ef41Sopenharmony_ci 'utf8' 20211cb0ef41Sopenharmony_ci ) 20221cb0ef41Sopenharmony_ci const fixture2 = fs.readFileSync( 20231cb0ef41Sopenharmony_ci path.join(__dirname, '..', 'fixtures', 'sigstore/valid-tuf-js-attestations.json'), 20241cb0ef41Sopenharmony_ci 'utf8' 20251cb0ef41Sopenharmony_ci ) 20261cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/attestations/sigstore@1.0.0').reply(200, fixture1) 20271cb0ef41Sopenharmony_ci registry.nock.get('/-/npm/v1/attestations/tuf-js@1.0.0').reply(200, fixture2) 20281cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 20291cb0ef41Sopenharmony_ci 20301cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 20311cb0ef41Sopenharmony_ci 20321cb0ef41Sopenharmony_ci t.equal(process.exitCode, 1, 'should exit with error') 20331cb0ef41Sopenharmony_ci t.match( 20341cb0ef41Sopenharmony_ci joinedOutput(), 20351cb0ef41Sopenharmony_ci '2 packages have invalid attestations' 20361cb0ef41Sopenharmony_ci ) 20371cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 20381cb0ef41Sopenharmony_ci }) 20391cb0ef41Sopenharmony_ci 20401cb0ef41Sopenharmony_ci t.test('workspaces', async t => { 20411cb0ef41Sopenharmony_ci t.test('verifies registry deps and ignores local workspace deps', async t => { 20421cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 20431cb0ef41Sopenharmony_ci prefixDir: workspaceInstall, 20441cb0ef41Sopenharmony_ci }) 20451cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 20461cb0ef41Sopenharmony_ci await manifestWithValidSigs({ registry }) 20471cb0ef41Sopenharmony_ci const asyncManifest = registry.manifest({ 20481cb0ef41Sopenharmony_ci name: 'async', 20491cb0ef41Sopenharmony_ci packuments: [{ 20501cb0ef41Sopenharmony_ci version: '2.5.0', 20511cb0ef41Sopenharmony_ci dist: { 20521cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/async/-/async-2.5.0.tgz', 20531cb0ef41Sopenharmony_ci integrity: 'sha512-e+lJAJeNWuPCNyxZKOBdaJGyLGHugXVQtrAwtuAe2vhxTYxFT' 20541cb0ef41Sopenharmony_ci + 'KE73p8JuTmdH0qdQZtDvI4dhJwjZc5zsfIsYw==', 20551cb0ef41Sopenharmony_ci signatures: [ 20561cb0ef41Sopenharmony_ci { 20571cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 20581cb0ef41Sopenharmony_ci sig: 'MEUCIQCM8cX2U3IVZKKhzQx1w5AlNSDUI+fVf4857K1qT0NTNgIgdT4qwEl' + 20591cb0ef41Sopenharmony_ci '/kg2vU1uIWUI0bGikRvVHCHlRs1rgjPMpRFA=', 20601cb0ef41Sopenharmony_ci }, 20611cb0ef41Sopenharmony_ci ], 20621cb0ef41Sopenharmony_ci }, 20631cb0ef41Sopenharmony_ci }], 20641cb0ef41Sopenharmony_ci }) 20651cb0ef41Sopenharmony_ci const lightCycleManifest = registry.manifest({ 20661cb0ef41Sopenharmony_ci name: 'light-cycle', 20671cb0ef41Sopenharmony_ci packuments: [{ 20681cb0ef41Sopenharmony_ci version: '1.4.2', 20691cb0ef41Sopenharmony_ci dist: { 20701cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/light-cycle/-/light-cycle-1.4.2.tgz', 20711cb0ef41Sopenharmony_ci integrity: 'sha512-badZ3KMUaGwQfVcHjXTXSecYSXxT6f99bT+kVzBqmO10U1UNlE' + 20721cb0ef41Sopenharmony_ci 'thJ1XAok97E4gfDRTA2JJ3r0IeMPtKf0EJMw==', 20731cb0ef41Sopenharmony_ci signatures: [ 20741cb0ef41Sopenharmony_ci { 20751cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 20761cb0ef41Sopenharmony_ci sig: 'MEUCIQDXjoxQz4MzPqaIuy2RJmBlcFp0UD3h9EhKZxxEz9IYZAIgLO0znG5' + 20771cb0ef41Sopenharmony_ci 'aGciTAg4u8fE0/UXBU4gU7JcvTZGxW2BmKGw=', 20781cb0ef41Sopenharmony_ci }, 20791cb0ef41Sopenharmony_ci ], 20801cb0ef41Sopenharmony_ci }, 20811cb0ef41Sopenharmony_ci }], 20821cb0ef41Sopenharmony_ci }) 20831cb0ef41Sopenharmony_ci await registry.package({ manifest: asyncManifest }) 20841cb0ef41Sopenharmony_ci await registry.package({ manifest: lightCycleManifest }) 20851cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 20861cb0ef41Sopenharmony_ci 20871cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 20881cb0ef41Sopenharmony_ci 20891cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 20901cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 3 packages/) 20911cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 20921cb0ef41Sopenharmony_ci }) 20931cb0ef41Sopenharmony_ci 20941cb0ef41Sopenharmony_ci t.test('verifies registry deps when filtering by workspace name', async t => { 20951cb0ef41Sopenharmony_ci const { npm, joinedOutput } = await loadMockNpm(t, { 20961cb0ef41Sopenharmony_ci prefixDir: workspaceInstall, 20971cb0ef41Sopenharmony_ci config: { workspace: './packages/a' }, 20981cb0ef41Sopenharmony_ci }) 20991cb0ef41Sopenharmony_ci const registry = new MockRegistry({ tap: t, registry: npm.config.get('registry') }) 21001cb0ef41Sopenharmony_ci const asyncManifest = registry.manifest({ 21011cb0ef41Sopenharmony_ci name: 'async', 21021cb0ef41Sopenharmony_ci packuments: [{ 21031cb0ef41Sopenharmony_ci version: '2.5.0', 21041cb0ef41Sopenharmony_ci dist: { 21051cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/async/-/async-2.5.0.tgz', 21061cb0ef41Sopenharmony_ci integrity: 'sha512-e+lJAJeNWuPCNyxZKOBdaJGyLGHugXVQtrAwtuAe2vhxTYxFT' 21071cb0ef41Sopenharmony_ci + 'KE73p8JuTmdH0qdQZtDvI4dhJwjZc5zsfIsYw==', 21081cb0ef41Sopenharmony_ci signatures: [ 21091cb0ef41Sopenharmony_ci { 21101cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 21111cb0ef41Sopenharmony_ci sig: 'MEUCIQCM8cX2U3IVZKKhzQx1w5AlNSDUI+fVf4857K1qT0NTNgIgdT4qwEl' + 21121cb0ef41Sopenharmony_ci '/kg2vU1uIWUI0bGikRvVHCHlRs1rgjPMpRFA=', 21131cb0ef41Sopenharmony_ci }, 21141cb0ef41Sopenharmony_ci ], 21151cb0ef41Sopenharmony_ci }, 21161cb0ef41Sopenharmony_ci }], 21171cb0ef41Sopenharmony_ci }) 21181cb0ef41Sopenharmony_ci const lightCycleManifest = registry.manifest({ 21191cb0ef41Sopenharmony_ci name: 'light-cycle', 21201cb0ef41Sopenharmony_ci packuments: [{ 21211cb0ef41Sopenharmony_ci version: '1.4.2', 21221cb0ef41Sopenharmony_ci dist: { 21231cb0ef41Sopenharmony_ci tarball: 'https://registry.npmjs.org/light-cycle/-/light-cycle-1.4.2.tgz', 21241cb0ef41Sopenharmony_ci integrity: 'sha512-badZ3KMUaGwQfVcHjXTXSecYSXxT6f99bT+kVzBqmO10U1UNlE' + 21251cb0ef41Sopenharmony_ci 'thJ1XAok97E4gfDRTA2JJ3r0IeMPtKf0EJMw==', 21261cb0ef41Sopenharmony_ci signatures: [ 21271cb0ef41Sopenharmony_ci { 21281cb0ef41Sopenharmony_ci keyid: 'SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA', 21291cb0ef41Sopenharmony_ci sig: 'MEUCIQDXjoxQz4MzPqaIuy2RJmBlcFp0UD3h9EhKZxxEz9IYZAIgLO0znG5' + 21301cb0ef41Sopenharmony_ci 'aGciTAg4u8fE0/UXBU4gU7JcvTZGxW2BmKGw=', 21311cb0ef41Sopenharmony_ci }, 21321cb0ef41Sopenharmony_ci ], 21331cb0ef41Sopenharmony_ci }, 21341cb0ef41Sopenharmony_ci }], 21351cb0ef41Sopenharmony_ci }) 21361cb0ef41Sopenharmony_ci await registry.package({ manifest: asyncManifest }) 21371cb0ef41Sopenharmony_ci await registry.package({ manifest: lightCycleManifest }) 21381cb0ef41Sopenharmony_ci mockTUF({ npm, target: TUF_VALID_KEYS_TARGET }) 21391cb0ef41Sopenharmony_ci 21401cb0ef41Sopenharmony_ci await npm.exec('audit', ['signatures']) 21411cb0ef41Sopenharmony_ci 21421cb0ef41Sopenharmony_ci t.notOk(process.exitCode, 'should exit successfully') 21431cb0ef41Sopenharmony_ci t.match(joinedOutput(), /audited 2 packages/) 21441cb0ef41Sopenharmony_ci t.matchSnapshot(joinedOutput()) 21451cb0ef41Sopenharmony_ci }) 21461cb0ef41Sopenharmony_ci 21471cb0ef41Sopenharmony_ci // TODO: This should verify kms-demo, but doesn't because arborist filters 21481cb0ef41Sopenharmony_ci // workspace deps even if they're also root deps 21491cb0ef41Sopenharmony_ci t.test('verifies registry dep if workspaces is disabled', async t => { 21501cb0ef41Sopenharmony_ci const { npm } = await loadMockNpm(t, { 21511cb0ef41Sopenharmony_ci prefixDir: workspaceInstall, 21521cb0ef41Sopenharmony_ci config: { workspaces: false }, 21531cb0ef41Sopenharmony_ci }) 21541cb0ef41Sopenharmony_ci 21551cb0ef41Sopenharmony_ci await t.rejects( 21561cb0ef41Sopenharmony_ci npm.exec('audit', ['signatures']), 21571cb0ef41Sopenharmony_ci /found no installed dependencies to audit/ 21581cb0ef41Sopenharmony_ci ) 21591cb0ef41Sopenharmony_ci }) 21601cb0ef41Sopenharmony_ci }) 21611cb0ef41Sopenharmony_ci}) 2162