npm - @dependabit/action - Versions diffs - 0.1.1 - Mend

@dependabit/action 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (92) hide show

package/CHANGELOG.md +12 -0
package/LICENSE +21 -0
package/README.md +225 -0
package/action.yml +85 -0
package/dist/actions/check.d.ts +33 -0
package/dist/actions/check.d.ts.map +1 -0
package/dist/actions/check.js +162 -0
package/dist/actions/check.js.map +1 -0
package/dist/actions/generate.d.ts +9 -0
package/dist/actions/generate.d.ts.map +1 -0
package/dist/actions/generate.js +152 -0
package/dist/actions/generate.js.map +1 -0
package/dist/actions/update.d.ts +9 -0
package/dist/actions/update.d.ts.map +1 -0
package/dist/actions/update.js +246 -0
package/dist/actions/update.js.map +1 -0
package/dist/actions/validate.d.ts +33 -0
package/dist/actions/validate.d.ts.map +1 -0
package/dist/actions/validate.js +226 -0
package/dist/actions/validate.js.map +1 -0
package/dist/index.d.ts +8 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +35 -0
package/dist/index.js.map +1 -0
package/dist/logger.d.ts +114 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +154 -0
package/dist/logger.js.map +1 -0
package/dist/utils/agent-config.d.ts +31 -0
package/dist/utils/agent-config.d.ts.map +1 -0
package/dist/utils/agent-config.js +42 -0
package/dist/utils/agent-config.js.map +1 -0
package/dist/utils/agent-router.d.ts +33 -0
package/dist/utils/agent-router.d.ts.map +1 -0
package/dist/utils/agent-router.js +57 -0
package/dist/utils/agent-router.js.map +1 -0
package/dist/utils/errors.d.ts +51 -0
package/dist/utils/errors.d.ts.map +1 -0
package/dist/utils/errors.js +219 -0
package/dist/utils/errors.js.map +1 -0
package/dist/utils/inputs.d.ts +35 -0
package/dist/utils/inputs.d.ts.map +1 -0
package/dist/utils/inputs.js +47 -0
package/dist/utils/inputs.js.map +1 -0
package/dist/utils/metrics.d.ts +66 -0
package/dist/utils/metrics.d.ts.map +1 -0
package/dist/utils/metrics.js +116 -0
package/dist/utils/metrics.js.map +1 -0
package/dist/utils/outputs.d.ts +43 -0
package/dist/utils/outputs.d.ts.map +1 -0
package/dist/utils/outputs.js +146 -0
package/dist/utils/outputs.js.map +1 -0
package/dist/utils/performance.d.ts +100 -0
package/dist/utils/performance.d.ts.map +1 -0
package/dist/utils/performance.js +185 -0
package/dist/utils/performance.js.map +1 -0
package/dist/utils/reporter.d.ts +43 -0
package/dist/utils/reporter.d.ts.map +1 -0
package/dist/utils/reporter.js +122 -0
package/dist/utils/reporter.js.map +1 -0
package/dist/utils/secrets.d.ts +45 -0
package/dist/utils/secrets.d.ts.map +1 -0
package/dist/utils/secrets.js +94 -0
package/dist/utils/secrets.js.map +1 -0
package/package.json +45 -0
package/src/actions/check.ts +223 -0
package/src/actions/generate.ts +181 -0
package/src/actions/update.ts +284 -0
package/src/actions/validate.ts +292 -0
package/src/index.ts +43 -0
package/src/logger.test.ts +200 -0
package/src/logger.ts +210 -0
package/src/utils/agent-config.ts +61 -0
package/src/utils/agent-router.ts +67 -0
package/src/utils/errors.ts +251 -0
package/src/utils/inputs.ts +75 -0
package/src/utils/metrics.ts +169 -0
package/src/utils/outputs.ts +202 -0
package/src/utils/performance.ts +248 -0
package/src/utils/reporter.ts +169 -0
package/src/utils/secrets.ts +124 -0
package/test/actions/check.test.ts +216 -0
package/test/actions/generate.test.ts +82 -0
package/test/actions/update.test.ts +70 -0
package/test/actions/validate.test.ts +257 -0
package/test/utils/agent-config.test.ts +112 -0
package/test/utils/agent-router.test.ts +129 -0
package/test/utils/metrics.test.ts +221 -0
package/test/utils/reporter.test.ts +196 -0
package/test/utils/secrets.test.ts +217 -0
package/tsconfig.json +15 -0
package/tsconfig.tsbuildinfo +1 -0

package/test/utils/metrics.test.ts ADDED Viewed

@@ -0,0 +1,221 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { MetricsCalculator } from '../../src/utils/metrics.js';
+describe('MetricsCalculator', () => {
+  let calculator: MetricsCalculator;
+  beforeEach(() => {
+    calculator = new MetricsCalculator();
+  });
+  describe('constructor', () => {
+    it('should create calculator instance', () => {
+      expect(calculator).toBeInstanceOf(MetricsCalculator);
+    });
+    it('should accept custom window size', () => {
+      const calc = new MetricsCalculator({ windowDays: 60 });
+      expect(calc).toBeInstanceOf(MetricsCalculator);
+    });
+  });
+  describe('calculateFalsePositiveRate', () => {
+    it('should calculate rate from feedback data', () => {
+      const feedback = {
+        truePositives: 90,
+        falsePositives: 10,
+        total: 100
+      };
+      const rate = calculator.calculateFalsePositiveRate(feedback);
+      expect(rate).toBe(0.1); // 10%
+    });
+    it('should return 0 for no feedback', () => {
+      const feedback = {
+        truePositives: 0,
+        falsePositives: 0,
+        total: 0
+      };
+      const rate = calculator.calculateFalsePositiveRate(feedback);
+      expect(rate).toBe(0);
+    });
+    it('should handle 100% false positives', () => {
+      const feedback = {
+        truePositives: 0,
+        falsePositives: 50,
+        total: 50
+      };
+      const rate = calculator.calculateFalsePositiveRate(feedback);
+      expect(rate).toBe(1.0);
+    });
+  });
+  describe('calculateRollingAverage', () => {
+    it('should calculate 30-day rolling average', () => {
+      const referenceDate = new Date('2026-01-25');
+      const dataPoints = [
+        { date: '2026-01-01', falsePositiveRate: 0.1 },
+        { date: '2026-01-10', falsePositiveRate: 0.15 },
+        { date: '2026-01-20', falsePositiveRate: 0.05 }
+      ];
+      const average = calculator.calculateRollingAverage(dataPoints, 30, referenceDate);
+      expect(average).toBeCloseTo(0.1, 2); // (0.1 + 0.15 + 0.05) / 3
+    });
+    it('should return 0 for empty data', () => {
+      const average = calculator.calculateRollingAverage([]);
+      expect(average).toBe(0);
+    });
+    it('should filter data outside window', () => {
+      const now = new Date('2026-01-31');
+      const dataPoints = [
+        { date: '2025-12-15', falsePositiveRate: 0.5 }, // Outside 30-day window
+        { date: '2026-01-20', falsePositiveRate: 0.1 } // Inside window
+      ];
+      const average = calculator.calculateRollingAverage(dataPoints, 30, now);
+      expect(average).toBe(0.1); // Only includes recent data
+    });
+  });
+  describe('getTrend', () => {
+    it('should detect improving trend', () => {
+      const dataPoints = [
+        { date: '2026-01-01', falsePositiveRate: 0.2 },
+        { date: '2026-01-10', falsePositiveRate: 0.15 },
+        { date: '2026-01-20', falsePositiveRate: 0.1 },
+        { date: '2026-01-30', falsePositiveRate: 0.05 }
+      ];
+      const trend = calculator.getTrend(dataPoints);
+      expect(trend.direction).toBe('improving');
+      expect(trend.slope).toBeLessThan(0);
+    });
+    it('should detect worsening trend', () => {
+      const dataPoints = [
+        { date: '2026-01-01', falsePositiveRate: 0.05 },
+        { date: '2026-01-10', falsePositiveRate: 0.1 },
+        { date: '2026-01-20', falsePositiveRate: 0.15 },
+        { date: '2026-01-30', falsePositiveRate: 0.2 }
+      ];
+      const trend = calculator.getTrend(dataPoints);
+      expect(trend.direction).toBe('worsening');
+      expect(trend.slope).toBeGreaterThan(0);
+    });
+    it('should detect stable trend', () => {
+      const dataPoints = [
+        { date: '2026-01-01', falsePositiveRate: 0.1 },
+        { date: '2026-01-10', falsePositiveRate: 0.1 },
+        { date: '2026-01-20', falsePositiveRate: 0.1 },
+        { date: '2026-01-30', falsePositiveRate: 0.1 }
+      ];
+      const trend = calculator.getTrend(dataPoints);
+      expect(trend.direction).toBe('stable');
+      expect(Math.abs(trend.slope)).toBeLessThan(0.01);
+    });
+    it('should return no-data for insufficient data', () => {
+      const dataPoints = [{ date: '2026-01-01', falsePositiveRate: 0.1 }];
+      const trend = calculator.getTrend(dataPoints);
+      expect(trend.direction).toBe('no-data');
+    });
+  });
+  describe('checkThreshold', () => {
+    it('should pass when rate is below threshold', () => {
+      const result = calculator.checkThreshold(0.05, 0.1);
+      expect(result.passed).toBe(true);
+      expect(result.rate).toBe(0.05);
+      expect(result.threshold).toBe(0.1);
+    });
+    it('should fail when rate exceeds threshold', () => {
+      const result = calculator.checkThreshold(0.15, 0.1);
+      expect(result.passed).toBe(false);
+      expect(result.rate).toBe(0.15);
+      expect(result.threshold).toBe(0.1);
+    });
+    it('should use default threshold of 0.1', () => {
+      const result = calculator.checkThreshold(0.05);
+      expect(result.threshold).toBe(0.1);
+    });
+  });
+  describe('generateReport', () => {
+    it('should generate comprehensive metrics report', () => {
+      const feedback = {
+        truePositives: 90,
+        falsePositives: 10,
+        total: 100
+      };
+      const history = [
+        { date: '2026-01-01', falsePositiveRate: 0.15 },
+        { date: '2026-01-15', falsePositiveRate: 0.12 },
+        { date: '2026-01-30', falsePositiveRate: 0.1 }
+      ];
+      const report = calculator.generateReport(feedback, history);
+      expect(report.currentRate).toBe(0.1);
+      expect(report.rollingAverage).toBeCloseTo(0.123, 1); // Less precise check
+      expect(report.trend.direction).toBe('improving');
+      expect(report.thresholdCheck.passed).toBe(false); // Average > 0.1 threshold
+      expect(report.totalFeedback).toBe(100);
+    });
+    it('should handle empty history', () => {
+      const feedback = {
+        truePositives: 95,
+        falsePositives: 5,
+        total: 100
+      };
+      const report = calculator.generateReport(feedback, []);
+      expect(report.currentRate).toBe(0.05);
+      expect(report.rollingAverage).toBe(0);
+      expect(report.trend.direction).toBe('no-data');
+    });
+  });
+  describe('formatRate', () => {
+    it('should format rate as percentage', () => {
+      expect(calculator.formatRate(0.1)).toBe('10.0%');
+      expect(calculator.formatRate(0.05)).toBe('5.0%');
+      expect(calculator.formatRate(0.123)).toBe('12.3%');
+    });
+    it('should handle zero', () => {
+      expect(calculator.formatRate(0)).toBe('0.0%');
+    });
+    it('should handle 100%', () => {
+      expect(calculator.formatRate(1.0)).toBe('100.0%');
+    });
+  });
+});

package/test/utils/reporter.test.ts ADDED Viewed

@@ -0,0 +1,196 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { SummaryReporter } from '../../src/utils/reporter.js';
+describe('SummaryReporter', () => {
+  let reporter: SummaryReporter;
+  beforeEach(() => {
+    reporter = new SummaryReporter();
+  });
+  describe('generateSummary', () => {
+    it('should generate summary for dependency changes', () => {
+      const changes = [
+        {
+          dependency: {
+            id: 'dep1',
+            name: 'Test Dependency',
+            url: 'https://github.com/owner/repo'
+          },
+          severity: 'major',
+          changes: ['version'],
+          oldVersion: 'v1.0.0',
+          newVersion: 'v1.1.0'
+        }
+      ];
+      const summary = reporter.generateSummary(changes);
+      expect(summary).toBeDefined();
+      expect(summary).toContain('Test Dependency');
+      expect(summary).toContain('v1.0.0');
+      expect(summary).toContain('v1.1.0');
+      expect(summary).toContain('Major');
+    });
+    it('should handle multiple changes', () => {
+      const changes = [
+        {
+          dependency: { id: 'dep1', name: 'Dep 1', url: 'https://example.com/1' },
+          severity: 'breaking',
+          changes: ['version'],
+          oldVersion: 'v1.0.0',
+          newVersion: 'v2.0.0'
+        },
+        {
+          dependency: { id: 'dep2', name: 'Dep 2', url: 'https://example.com/2' },
+          severity: 'minor',
+          changes: ['content']
+        }
+      ];
+      const summary = reporter.generateSummary(changes);
+      expect(summary).toContain('Dep 1');
+      expect(summary).toContain('Dep 2');
+      expect(summary).toContain('Breaking');
+      expect(summary).toContain('Minor');
+    });
+    it('should format breaking changes prominently', () => {
+      const changes = [
+        {
+          dependency: { id: 'dep1', name: 'Breaking Dep', url: 'https://example.com' },
+          severity: 'breaking',
+          changes: ['version'],
+          oldVersion: 'v1.0.0',
+          newVersion: 'v2.0.0'
+        }
+      ];
+      const summary = reporter.generateSummary(changes);
+      expect(summary).toMatch(/breaking|⚠️|WARNING/i);
+    });
+    it('should include links to dependency URLs', () => {
+      const changes = [
+        {
+          dependency: {
+            id: 'dep1',
+            name: 'Test Dep',
+            url: 'https://github.com/owner/repo'
+          },
+          severity: 'major',
+          changes: ['version']
+        }
+      ];
+      const summary = reporter.generateSummary(changes);
+      expect(summary).toContain('https://github.com/owner/repo');
+    });
+    it('should handle empty changes', () => {
+      const summary = reporter.generateSummary([]);
+      expect(summary).toBeDefined();
+      expect(summary).toMatch(/no changes|up to date/i);
+    });
+  });
+  describe('generateIssueBody', () => {
+    it('should generate detailed issue body', () => {
+      const change = {
+        dependency: {
+          id: 'dep1',
+          name: 'Test Package',
+          url: 'https://github.com/owner/repo',
+          type: 'reference-implementation'
+        },
+        severity: 'major',
+        changes: ['version'],
+        oldVersion: 'v1.0.0',
+        newVersion: 'v1.1.0',
+        releaseNotes: 'New features added'
+      };
+      const body = reporter.generateIssueBody(change);
+      expect(body).toContain('Test Package');
+      expect(body).toContain('v1.0.0');
+      expect(body).toContain('v1.1.0');
+      expect(body).toContain('New features added');
+      expect(body).toContain('https://github.com/owner/repo');
+    });
+    it('should include change details', () => {
+      const change = {
+        dependency: {
+          id: 'dep1',
+          name: 'Test',
+          url: 'https://example.com'
+        },
+        severity: 'minor',
+        changes: ['content', 'metadata'],
+        diff: 'Content has been updated'
+      };
+      const body = reporter.generateIssueBody(change);
+      expect(body).toContain('content');
+      expect(body).toContain('metadata');
+    });
+    it('should format for breaking changes', () => {
+      const change = {
+        dependency: {
+          id: 'dep1',
+          name: 'Breaking Package',
+          url: 'https://example.com'
+        },
+        severity: 'breaking',
+        changes: ['version'],
+        oldVersion: 'v1.0.0',
+        newVersion: 'v2.0.0'
+      };
+      const body = reporter.generateIssueBody(change);
+      expect(body).toMatch(/breaking|⚠️|action required/i);
+    });
+  });
+  describe('formatChangeSummary', () => {
+    it('should format version changes', () => {
+      const result = reporter.formatChangeSummary({
+        changes: ['version'],
+        oldVersion: 'v1.0.0',
+        newVersion: 'v1.1.0'
+      });
+      expect(result).toContain('v1.0.0');
+      expect(result).toContain('v1.1.0');
+      expect(result).toContain('→');
+    });
+    it('should format content changes', () => {
+      const result = reporter.formatChangeSummary({
+        changes: ['content'],
+        contentDiff: '50 lines changed'
+      });
+      expect(result).toContain('content');
+    });
+    it('should handle multiple change types', () => {
+      const result = reporter.formatChangeSummary({
+        changes: ['version', 'content', 'metadata']
+      });
+      expect(result).toContain('version');
+      expect(result).toContain('content');
+      expect(result).toContain('metadata');
+    });
+  });
+});

package/test/utils/secrets.test.ts ADDED Viewed

@@ -0,0 +1,217 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { SecretResolver } from '../../src/utils/secrets';
+describe('SecretResolver', () => {
+  const originalEnv = process.env;
+  beforeEach(() => {
+    vi.clearAllMocks();
+    process.env = { ...originalEnv };
+  });
+  afterEach(() => {
+    process.env = originalEnv;
+  });
+  describe('constructor', () => {
+    it('should create resolver instance', () => {
+      const resolver = new SecretResolver();
+      expect(resolver).toBeInstanceOf(SecretResolver);
+    });
+    it('should accept custom prefix', () => {
+      const resolver = new SecretResolver({ prefix: 'CUSTOM_' });
+      expect(resolver).toBeInstanceOf(SecretResolver);
+    });
+  });
+  describe('resolve', () => {
+    it('should resolve secret from environment variable', async () => {
+      process.env.GITHUB_TOKEN = 'ghp_test123';
+      const resolver = new SecretResolver();
+      const value = await resolver.resolve('GITHUB_TOKEN');
+      expect(value).toBe('ghp_test123');
+    });
+    it('should resolve secret with custom prefix', async () => {
+      process.env.CUSTOM_API_KEY = 'api_key_123';
+      const resolver = new SecretResolver({ prefix: 'CUSTOM_' });
+      const value = await resolver.resolve('API_KEY');
+      expect(value).toBe('api_key_123');
+    });
+    it('should throw error for missing secret', async () => {
+      const resolver = new SecretResolver();
+      await expect(resolver.resolve('MISSING_SECRET')).rejects.toThrow(
+        'Secret MISSING_SECRET not found'
+      );
+    });
+    it('should resolve from GitHub Secrets in Actions context', async () => {
+      process.env.GITHUB_ACTIONS = 'true';
+      process.env.INPUT_API_TOKEN = 'secret_from_action';
+      const resolver = new SecretResolver();
+      const value = await resolver.resolve('INPUT_API_TOKEN');
+      expect(value).toBe('secret_from_action');
+    });
+    it('should handle secret reference format', async () => {
+      process.env.DB_PASSWORD = 'secure_password';
+      const resolver = new SecretResolver();
+      const value = await resolver.resolve('${{ secrets.DB_PASSWORD }}');
+      expect(value).toBe('secure_password');
+    });
+  });
+  describe('resolveMultiple', () => {
+    it('should resolve multiple secrets', async () => {
+      process.env.SECRET_1 = 'value1';
+      process.env.SECRET_2 = 'value2';
+      process.env.SECRET_3 = 'value3';
+      const resolver = new SecretResolver();
+      const secrets = await resolver.resolveMultiple(['SECRET_1', 'SECRET_2', 'SECRET_3']);
+      expect(secrets).toEqual({
+        SECRET_1: 'value1',
+        SECRET_2: 'value2',
+        SECRET_3: 'value3'
+      });
+    });
+    it('should throw error if any secret is missing', async () => {
+      process.env.SECRET_1 = 'value1';
+      const resolver = new SecretResolver();
+      await expect(resolver.resolveMultiple(['SECRET_1', 'MISSING'])).rejects.toThrow(
+        'Secret MISSING not found'
+      );
+    });
+    it('should resolve partial secrets with allowPartial option', async () => {
+      process.env.SECRET_1 = 'value1';
+      const resolver = new SecretResolver();
+      const secrets = await resolver.resolveMultiple(['SECRET_1', 'MISSING'], {
+        allowPartial: true
+      });
+      expect(secrets).toEqual({
+        SECRET_1: 'value1'
+      });
+    });
+  });
+  describe('resolveDependencyAuth', () => {
+    it('should resolve per-dependency authentication', async () => {
+      process.env.NPM_TOKEN = 'npm_token_123';
+      process.env.GITHUB_TOKEN = 'ghp_token_456';
+      const resolver = new SecretResolver();
+      const config = {
+        'registry.npmjs.org': { secretName: 'NPM_TOKEN' },
+        'github.com': { secretName: 'GITHUB_TOKEN' }
+      };
+      const auth = await resolver.resolveDependencyAuth(config);
+      expect(auth).toEqual({
+        'registry.npmjs.org': 'npm_token_123',
+        'github.com': 'ghp_token_456'
+      });
+    });
+    it('should handle missing dependency auth gracefully', async () => {
+      const resolver = new SecretResolver();
+      const config = {
+        'registry.npmjs.org': { secretName: 'MISSING_TOKEN' }
+      };
+      await expect(resolver.resolveDependencyAuth(config)).rejects.toThrow(
+        'Secret MISSING_TOKEN not found'
+      );
+    });
+  });
+  describe('validate', () => {
+    it('should validate secret name format', () => {
+      const resolver = new SecretResolver();
+      expect(resolver.validate('VALID_NAME')).toBe(true);
+      expect(resolver.validate('VALID_NAME_123')).toBe(true);
+    });
+    it('should reject invalid secret names', () => {
+      const resolver = new SecretResolver();
+      expect(resolver.validate('invalid-name')).toBe(false);
+      expect(resolver.validate('invalid name')).toBe(false);
+      expect(resolver.validate('123_INVALID')).toBe(false);
+    });
+    it('should validate GitHub Actions secret reference', () => {
+      const resolver = new SecretResolver();
+      expect(resolver.validate('${{ secrets.MY_SECRET }}')).toBe(true);
+    });
+  });
+  describe('security', () => {
+    it('should not log secret values', async () => {
+      process.env.SECRET_TOKEN = 'secret_value';
+      const consoleSpy = vi.spyOn(console, 'log');
+      const resolver = new SecretResolver();
+      await resolver.resolve('SECRET_TOKEN');
+      const logs = consoleSpy.mock.calls.flat().join(' ');
+      expect(logs).not.toContain('secret_value');
+      consoleSpy.mockRestore();
+    });
+    it('should mask secrets in error messages', async () => {
+      process.env.SECRET_TOKEN = 'secret_value';
+      const resolver = new SecretResolver();
+      try {
+        await resolver.resolve('INVALID_SECRET');
+      } catch (error) {
+        expect((error as Error).message).not.toContain('secret_value');
+      }
+    });
+  });
+  describe('caching', () => {
+    it('should cache resolved secrets', async () => {
+      process.env.CACHED_SECRET = 'cached_value';
+      const resolver = new SecretResolver({ enableCache: true });
+      const value1 = await resolver.resolve('CACHED_SECRET');
+      process.env.CACHED_SECRET = 'new_value';
+      const value2 = await resolver.resolve('CACHED_SECRET');
+      expect(value1).toBe('cached_value');
+      expect(value2).toBe('cached_value'); // Should return cached value
+    });
+    it('should clear cache on demand', async () => {
+      process.env.CACHED_SECRET = 'cached_value';
+      const resolver = new SecretResolver({ enableCache: true });
+      await resolver.resolve('CACHED_SECRET');
+      process.env.CACHED_SECRET = 'new_value';
+      resolver.clearCache();
+      const value = await resolver.resolve('CACHED_SECRET');
+      expect(value).toBe('new_value');
+    });
+  });
+});

package/tsconfig.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src"
+  },
+  "include": ["src"],
+  "exclude": ["src/**/*.test.ts", "src/**/*.spec.ts"],
+  "references": [
+    { "path": "../detector" },
+    { "path": "../github-client" },
+    { "path": "../manifest" },
+    { "path": "../monitor" }
+  ]
+}