@safetnsr/vet 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/checks/tests.d.ts +2 -0
- package/dist/checks/tests.js +228 -0
- package/dist/cli.js +4 -1
- package/package.json +1 -1
|
@@ -0,0 +1,228 @@
|
|
|
1
|
+
import { join } from 'node:path';
|
|
2
|
+
import { readFileSync } from 'node:fs';
|
|
3
|
+
import { walkFiles } from '../util.js';
|
|
4
|
+
const TEST_FILE_RE = /\.(test|spec)\.(ts|js|tsx|jsx)$/;
|
|
5
|
+
const TEST_DIR_RE = /(?:^|[/\\])(__tests__|tests?)[/\\]/;
|
|
6
|
+
function isTestFile(relPath) {
|
|
7
|
+
return TEST_FILE_RE.test(relPath) || TEST_DIR_RE.test(relPath);
|
|
8
|
+
}
|
|
9
|
+
// Pattern 1: Tautological assertions
|
|
10
|
+
function findTautological(lines, file) {
|
|
11
|
+
const issues = [];
|
|
12
|
+
// expect(literal).toBe(literal) or .toEqual(literal)
|
|
13
|
+
const expectLiteral = /expect\(([^)]+)\)\s*\.\s*(?:toBe|toEqual)\(\s*([^)]+)\s*\)/;
|
|
14
|
+
// assert.strictEqual(x, x)
|
|
15
|
+
const assertStrictEqual = /assert\.strictEqual\(\s*([^,]+?)\s*,\s*([^)]+?)\s*\)/;
|
|
16
|
+
for (let i = 0; i < lines.length; i++) {
|
|
17
|
+
const line = lines[i];
|
|
18
|
+
const m1 = line.match(expectLiteral);
|
|
19
|
+
if (m1) {
|
|
20
|
+
const left = m1[1].trim();
|
|
21
|
+
const right = m1[2].trim();
|
|
22
|
+
if (left === right) {
|
|
23
|
+
issues.push({
|
|
24
|
+
severity: 'error',
|
|
25
|
+
message: `tautological assertion: expect(${left}).toBe/toEqual(${right})`,
|
|
26
|
+
file, line: i + 1, fixable: false,
|
|
27
|
+
fixHint: 'assert on actual behavior, not constant values',
|
|
28
|
+
});
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
const m2 = line.match(assertStrictEqual);
|
|
32
|
+
if (m2) {
|
|
33
|
+
const left = m2[1].trim();
|
|
34
|
+
const right = m2[2].trim();
|
|
35
|
+
if (left === right) {
|
|
36
|
+
issues.push({
|
|
37
|
+
severity: 'error',
|
|
38
|
+
message: `tautological assertion: assert.strictEqual(${left}, ${left})`,
|
|
39
|
+
file, line: i + 1, fixable: false,
|
|
40
|
+
fixHint: 'compare different values — input vs expected output',
|
|
41
|
+
});
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
return issues;
|
|
46
|
+
}
|
|
47
|
+
// Pattern 2: Empty test bodies
|
|
48
|
+
function findEmptyBodies(content, file) {
|
|
49
|
+
const issues = [];
|
|
50
|
+
// Match it/test with arrow or function, empty body
|
|
51
|
+
const re = /(?:^|\n)([ \t]*(?:it|test)\s*\([^,]+,\s*(?:(?:async\s+)?(?:\(\)\s*=>|\([^)]*\)\s*=>|function\s*\([^)]*\)))\s*\{([\s]*)\}\s*\))/g;
|
|
52
|
+
let m;
|
|
53
|
+
while ((m = re.exec(content)) !== null) {
|
|
54
|
+
const body = m[2];
|
|
55
|
+
// body should be empty or whitespace/comments only
|
|
56
|
+
const stripped = body.replace(/\/\/[^\n]*/g, '').replace(/\/\*[\s\S]*?\*\//g, '').trim();
|
|
57
|
+
if (stripped === '') {
|
|
58
|
+
const line = content.substring(0, m.index).split('\n').length;
|
|
59
|
+
issues.push({
|
|
60
|
+
severity: 'error',
|
|
61
|
+
message: 'empty test body — test does nothing',
|
|
62
|
+
file, line, fixable: false,
|
|
63
|
+
fixHint: 'add actual test logic or remove the test',
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
return issues;
|
|
68
|
+
}
|
|
69
|
+
// Pattern 3: Todo / skipped tests
|
|
70
|
+
function findTodoSkipped(lines, file) {
|
|
71
|
+
const issues = [];
|
|
72
|
+
const todoRe = /(?:it|test)\.todo\s*\(/;
|
|
73
|
+
const skippedRe = /(?:^|\s)(?:xit|xtest|xdescribe)\s*\(/;
|
|
74
|
+
for (let i = 0; i < lines.length; i++) {
|
|
75
|
+
if (todoRe.test(lines[i])) {
|
|
76
|
+
issues.push({
|
|
77
|
+
severity: 'warning',
|
|
78
|
+
message: 'todo test — placeholder with no implementation',
|
|
79
|
+
file, line: i + 1, fixable: false,
|
|
80
|
+
fixHint: 'implement the test or remove the placeholder',
|
|
81
|
+
});
|
|
82
|
+
}
|
|
83
|
+
if (skippedRe.test(lines[i])) {
|
|
84
|
+
issues.push({
|
|
85
|
+
severity: 'warning',
|
|
86
|
+
message: 'skipped test — disabled with x prefix',
|
|
87
|
+
file, line: i + 1, fixable: false,
|
|
88
|
+
fixHint: 'fix and re-enable or remove the skipped test',
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
return issues;
|
|
93
|
+
}
|
|
94
|
+
// Pattern 4: Zero-assertion tests
|
|
95
|
+
// We need to find test blocks with code but no assertions
|
|
96
|
+
function findZeroAssertionTests(content, file) {
|
|
97
|
+
const issues = [];
|
|
98
|
+
// Find it(...) or test(...) blocks - simplified regex for the opening
|
|
99
|
+
const testBlockRe = /(?:^|\n)([ \t]*)(?:it|test)\s*\(\s*(?:'[^']*'|"[^"]*"|`[^`]*`)\s*,\s*(?:async\s+)?(?:\(\)\s*=>|\([^)]*\)\s*=>|function\s*\([^)]*\))\s*\{/g;
|
|
100
|
+
let m;
|
|
101
|
+
while ((m = testBlockRe.exec(content)) !== null) {
|
|
102
|
+
const startIdx = m.index + m[0].length;
|
|
103
|
+
// Find matching closing brace
|
|
104
|
+
let depth = 1;
|
|
105
|
+
let i = startIdx;
|
|
106
|
+
while (i < content.length && depth > 0) {
|
|
107
|
+
if (content[i] === '{')
|
|
108
|
+
depth++;
|
|
109
|
+
else if (content[i] === '}')
|
|
110
|
+
depth--;
|
|
111
|
+
i++;
|
|
112
|
+
}
|
|
113
|
+
if (depth !== 0)
|
|
114
|
+
continue;
|
|
115
|
+
const body = content.substring(startIdx, i - 1);
|
|
116
|
+
const stripped = body.replace(/\/\/[^\n]*/g, '').replace(/\/\*[\s\S]*?\*\//g, '').trim();
|
|
117
|
+
if (stripped === '')
|
|
118
|
+
continue; // empty body handled elsewhere
|
|
119
|
+
// Check for assertion calls
|
|
120
|
+
const assertionRe = /(?:expect\s*\(|assert\.|\.should\.|toBe\s*\(|toEqual\s*\(|toMatch\s*\(|toThrow\s*\()/;
|
|
121
|
+
if (!assertionRe.test(body)) {
|
|
122
|
+
const line = content.substring(0, m.index).split('\n').length;
|
|
123
|
+
issues.push({
|
|
124
|
+
severity: 'warning',
|
|
125
|
+
message: 'test has code but no assertions',
|
|
126
|
+
file, line, fixable: false,
|
|
127
|
+
fixHint: 'add expect() or assert calls to verify behavior',
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
return issues;
|
|
132
|
+
}
|
|
133
|
+
// Pattern 5: Mock-only tests
|
|
134
|
+
function findMockOnlyTests(content, file) {
|
|
135
|
+
const issues = [];
|
|
136
|
+
const testBlockRe = /(?:^|\n)([ \t]*)(?:it|test)\s*\(\s*(?:'[^']*'|"[^"]*"|`[^`]*`)\s*,\s*(?:async\s+)?(?:\(\)\s*=>|\([^)]*\)\s*=>|function\s*\([^)]*\))\s*\{/g;
|
|
137
|
+
let m;
|
|
138
|
+
while ((m = testBlockRe.exec(content)) !== null) {
|
|
139
|
+
const startIdx = m.index + m[0].length;
|
|
140
|
+
let depth = 1;
|
|
141
|
+
let i = startIdx;
|
|
142
|
+
while (i < content.length && depth > 0) {
|
|
143
|
+
if (content[i] === '{')
|
|
144
|
+
depth++;
|
|
145
|
+
else if (content[i] === '}')
|
|
146
|
+
depth--;
|
|
147
|
+
i++;
|
|
148
|
+
}
|
|
149
|
+
if (depth !== 0)
|
|
150
|
+
continue;
|
|
151
|
+
const body = content.substring(startIdx, i - 1);
|
|
152
|
+
// Find all expect lines
|
|
153
|
+
const expectLines = body.split('\n').filter(l => /expect\s*\(/.test(l));
|
|
154
|
+
if (expectLines.length === 0)
|
|
155
|
+
continue;
|
|
156
|
+
const mockRe = /\.mock|mockFn|jest\.fn|vi\.fn/;
|
|
157
|
+
const allMock = expectLines.every(l => mockRe.test(l));
|
|
158
|
+
if (allMock) {
|
|
159
|
+
const line = content.substring(0, m.index).split('\n').length;
|
|
160
|
+
issues.push({
|
|
161
|
+
severity: 'info',
|
|
162
|
+
message: 'test only asserts on mocks — no real behavior verified',
|
|
163
|
+
file, line, fixable: false,
|
|
164
|
+
fixHint: 'add assertions on actual return values or side effects',
|
|
165
|
+
});
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
return issues;
|
|
169
|
+
}
|
|
170
|
+
// Pattern 6: Duplicate describe blocks
|
|
171
|
+
function findDuplicateDescribes(lines, file) {
|
|
172
|
+
const issues = [];
|
|
173
|
+
const describeRe = /describe\s*\(\s*(['"`])([^'"`]+)\1/;
|
|
174
|
+
const seen = new Map();
|
|
175
|
+
for (let i = 0; i < lines.length; i++) {
|
|
176
|
+
const m = lines[i].match(describeRe);
|
|
177
|
+
if (m) {
|
|
178
|
+
const name = m[2];
|
|
179
|
+
if (seen.has(name)) {
|
|
180
|
+
issues.push({
|
|
181
|
+
severity: 'info',
|
|
182
|
+
message: `duplicate describe block: "${name}"`,
|
|
183
|
+
file, line: i + 1, fixable: false,
|
|
184
|
+
fixHint: 'merge duplicate describe blocks into one',
|
|
185
|
+
});
|
|
186
|
+
}
|
|
187
|
+
else {
|
|
188
|
+
seen.set(name, i + 1);
|
|
189
|
+
}
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
return issues;
|
|
193
|
+
}
|
|
194
|
+
export function checkTests(cwd, ignore) {
|
|
195
|
+
const allFiles = walkFiles(cwd, ignore);
|
|
196
|
+
const testFiles = allFiles.filter(f => isTestFile(f));
|
|
197
|
+
const issues = [];
|
|
198
|
+
for (const rel of testFiles) {
|
|
199
|
+
let content;
|
|
200
|
+
try {
|
|
201
|
+
content = readFileSync(join(cwd, rel), 'utf-8');
|
|
202
|
+
}
|
|
203
|
+
catch {
|
|
204
|
+
continue;
|
|
205
|
+
}
|
|
206
|
+
const lines = content.split('\n');
|
|
207
|
+
issues.push(...findTautological(lines, rel));
|
|
208
|
+
issues.push(...findEmptyBodies(content, rel));
|
|
209
|
+
issues.push(...findTodoSkipped(lines, rel));
|
|
210
|
+
issues.push(...findZeroAssertionTests(content, rel));
|
|
211
|
+
issues.push(...findMockOnlyTests(content, rel));
|
|
212
|
+
issues.push(...findDuplicateDescribes(lines, rel));
|
|
213
|
+
}
|
|
214
|
+
let score = 100;
|
|
215
|
+
for (const issue of issues) {
|
|
216
|
+
if (issue.severity === 'error')
|
|
217
|
+
score -= 8;
|
|
218
|
+
else if (issue.severity === 'warning')
|
|
219
|
+
score -= 4;
|
|
220
|
+
else
|
|
221
|
+
score -= 2;
|
|
222
|
+
}
|
|
223
|
+
score = Math.max(0, score);
|
|
224
|
+
const summary = issues.length > 0
|
|
225
|
+
? `${issues.length} test anti-pattern${issues.length !== 1 ? 's' : ''} found across ${testFiles.length} test file${testFiles.length !== 1 ? 's' : ''}`
|
|
226
|
+
: 'no test anti-patterns found';
|
|
227
|
+
return { name: 'tests', score, maxScore: 100, issues, summary };
|
|
228
|
+
}
|
package/dist/cli.js
CHANGED
|
@@ -16,6 +16,7 @@ import { checkIntegrity } from './checks/integrity.js';
|
|
|
16
16
|
import { checkReceipt, runReceiptCommand } from './checks/receipt.js';
|
|
17
17
|
import { checkMemory } from './checks/memory.js';
|
|
18
18
|
import { checkVerify } from './checks/verify.js';
|
|
19
|
+
import { checkTests } from './checks/tests.js';
|
|
19
20
|
import { checkMap, renderMapReport } from './checks/map.js';
|
|
20
21
|
import { score } from './scorer.js';
|
|
21
22
|
import { reportPretty, reportJSON, reportBadge } from './reporter.js';
|
|
@@ -169,9 +170,11 @@ async function runChecks() {
|
|
|
169
170
|
const memoryResult = checkMemory(cwd);
|
|
170
171
|
// Verify: agent claim validation
|
|
171
172
|
const verifyResult = checkVerify(cwd, since);
|
|
173
|
+
// Tests: test theater detection
|
|
174
|
+
const testsResult = checkTests(cwd, ignore);
|
|
172
175
|
return score(cwd, {
|
|
173
176
|
security: [scanResult, secretsResult, configResult, modelsResult, owaspResult],
|
|
174
|
-
integrity: [diffResult, integrityResult, receiptResult, memoryResult, verifyResult],
|
|
177
|
+
integrity: [diffResult, integrityResult, receiptResult, memoryResult, verifyResult, testsResult],
|
|
175
178
|
debt: [readyResult, historyResult, debtResult],
|
|
176
179
|
deps: [depsResult],
|
|
177
180
|
});
|