npm install-test support (#1468)

2024-11-05 05:17:00 +03:00 · 2022-01-11 16:34:19 -08:00 · 2022-01-11 16:34:19 -08:00 · 531561c8f4
commit 531561c8f4
parent 460d34aa2d
5 changed files with 14 additions and 7 deletions
--- a/checks/pinned_dependencies_test.go
+++ b/checks/pinned_dependencies_test.go
@ -240,7 +240,7 @@ func TestGithubWorkflowPkgManagerPinning(t *testing.T) {
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
-				NumberOfWarn:  25,
+				NumberOfWarn:  26,
 				NumberOfInfo:  0,
 				NumberOfDebug: 0,
 			},
@ -858,7 +858,7 @@ func TestDockerfileScriptDownload(t *testing.T) {
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
-				NumberOfWarn:  36,
+				NumberOfWarn:  37,
 				NumberOfInfo:  0,
 				NumberOfDebug: 0,
 			},
@ -1022,7 +1022,7 @@ func TestShellScriptDownload(t *testing.T) {
 			expected: scut.TestReturn{
 				Error:         nil,
 				Score:         checker.MinResultScore,
-				NumberOfWarn:  33,
+				NumberOfWarn:  34,
 				NumberOfInfo:  0,
 				NumberOfDebug: 0,
 			},
--- a/checks/shell_download_validate.go
+++ b/checks/shell_download_validate.go
@ -398,13 +398,12 @@ func isNpmUnpinnedDownload(cmd []string) bool {
 		return false
 	}

-	// `npm install` will automatically look up the
-	// package.json and package-lock.json, so we don't flag it.
 	for i := 1; i < len(cmd); i++ {
 		// Search for get/install/update commands.
 		// `npm ci` wil verify all hashes are present.
 		if strings.EqualFold(cmd[i], "install") ||
 			strings.EqualFold(cmd[i], "i") ||
+			strings.EqualFold(cmd[i], "install-test") ||
 			strings.EqualFold(cmd[i], "update") {
 			return true
 		}
--- a/checks/testdata/Dockerfile-pkg-managers
+++ b/checks/testdata/Dockerfile-pkg-managers
@ -79,4 +79,6 @@ RUN npm i -g typescript
 RUN npm install
 RUN npm install -g
 RUN npm i
-RUN npm ci
+RUN npm ci
+RUN npm install-test
+RUN npm install-ci-test
--- a/checks/testdata/github-workflow-pkg-managers.yaml
+++ b/checks/testdata/github-workflow-pkg-managers.yaml
@ -44,6 +44,10 @@ jobs:
        run: npm i -g typescript
      - name:
        run: npm ci
+      - name:
+        run: |
+          npm install-test
+          npm install-ci-test
      - name:
        run: go get github.com/org/name@some_tag
      - name:
--- a/checks/testdata/script-pkg-managers
+++ b/checks/testdata/script-pkg-managers
@ -81,4 +81,6 @@ npm i -g typescript
 npm install
 npm install -g
 npm i
-npm ci
+npm ci
+npm install-test
+npm install-ci-test