Skip to content

Commit

Permalink
Merge pull request #5196 from snyk/feat/npm-without-lockfiles
Browse files Browse the repository at this point in the history
 container: npm/yarn scan without a lockfile UNIFY-68
  • Loading branch information
adrobuta authored May 16, 2024
2 parents 7209627 + e2d77a9 commit 3fcf8bc
Show file tree
Hide file tree
Showing 7 changed files with 64 additions and 11 deletions.
18 changes: 9 additions & 9 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@
"semver": "^6.0.0",
"snyk-config": "^5.0.0",
"snyk-cpp-plugin": "2.24.0",
"snyk-docker-plugin": "6.11.1",
"snyk-docker-plugin": "6.12.0",
"snyk-go-plugin": "1.23.0",
"snyk-gradle-plugin": "4.1.0",
"snyk-module": "3.1.0",
Expand Down
Binary file not shown.
Binary file not shown.
Binary file not shown.
36 changes: 36 additions & 0 deletions test/jest/acceptance/snyk-container/container.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,42 @@ describe('snyk container', () => {
await expect(cli).toDisplay(`yum @ 4.9.0`, { timeout: 60 * 1000 });
});

it('npm depGraph is generated in an npm image with lockfiles', async () => {
const { code, stdout, stderr } = await runSnykCLIWithDebug(
`container test docker-archive:test/fixtures/container-projects/npm7-with-package-lock-file.tar --print-deps`,
);

assertCliExitCode(code, 1, stderr);
expect(stdout).toContain('Package manager: npm');
});

it('npm depGraph is generated in an npm image without package-lock.json file', async () => {
const { code, stdout, stderr } = await runSnykCLIWithDebug(
`container test docker-archive:test/fixtures/container-projects/npm7-without-package-lock-file.tar --print-deps`,
);

assertCliExitCode(code, 1, stderr);
expect(stdout).toContain('Package manager: npm');
});

it('npm depGraph is generated in an npm image without package-lock.json and package.json file', async () => {
const { code, stdout, stderr } = await runSnykCLIWithDebug(
`container test docker-archive:test/fixtures/container-projects/npm7-without-package-and-lock-file.tar --print-deps`,
);

assertCliExitCode(code, 1, stderr);
expect(stdout).toContain('Package manager: npm');
});

it('npm depGraph is generated in an npm image with lockfiles image', async () => {
const { code, stdout, stderr } = await runSnykCLIWithDebug(
`container test docker-archive:test/fixtures/container-projects/npm7-without-package-lock-file.tar --print-deps`,
);

assertCliExitCode(code, 1, stderr);
expect(stdout).toContain('Package manager: npm');
});

it('finds dependencies in oci image (library/ubuntu)', async () => {
cli = await startSnykCLI(
'container test library/ubuntu@sha256:7a57c69fe1e9d5b97c5fe649849e79f2cfc3bf11d10bbd5218b4eb61716aebe6 --print-deps',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,12 +44,29 @@ describe('container test projects behavior with --app-vulns, --file and --exclud
);
const jsonOutput = JSON.parse(stdout);
expect(Array.isArray(jsonOutput)).toBeFalsy();
expect(jsonOutput.applications).toBeUndefined();
expect(jsonOutput.ok).toEqual(false);
expect(jsonOutput.uniqueCount).toBeGreaterThan(0);
expect(code).toEqual(1);
}, 30000);

it('should find vulns on an npm project application image without package-lock.json file', async () => {
const { code, stdout } = await runSnykCLI(
`container test docker-archive:test/fixtures/container-projects/npm7-without-package-lock-file.tar --json --app-vulns`,
);
const jsonOutput = JSON.parse(stdout);
expect(Array.isArray(jsonOutput)).toBeFalsy();
expect(jsonOutput.uniqueCount).toBeGreaterThan(0);
expect(code).toEqual(1);
}, 60000);

it('should find vulns on an npm project application image without package.json and package-lock.json file', async () => {
const { code, stdout } = await runSnykCLI(
`container test docker-archive:test/fixtures/container-projects/npm7-without-package-and-lock-file.tar --print-deps --app-vulns`,
);
expect(code).toEqual(1);
expect(stdout).toContain('Package manager: npm');
}, 60000);

it('should show app vulns tip when available', async () => {
const { stdout } = await runSnykCLI(
`container test docker-archive:test/fixtures/container-projects/os-packages-and-app-vulns.tar`,
Expand Down

0 comments on commit 3fcf8bc

Please sign in to comment.