npm - api-tests-coverage - Versions diffs - 1.0.13 → 1.0.15 - Mend

api-tests-coverage 1.0.13 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (100) hide show

package/dist/src/pipeline/stages/sca/ciDetector.js ADDED Viewed

@@ -0,0 +1,87 @@
+"use strict";
+/**
+ * CI platform detection.
+ *
+ * Detects the CI platform from project structure by checking
+ * for well-known CI configuration files.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectCiPlatform = detectCiPlatform;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const CI_DETECTION_RULES = [
+    {
+        platform: 'github-actions',
+        paths: ['.github/workflows'],
+    },
+    {
+        platform: 'gitlab-ci',
+        paths: ['.gitlab-ci.yml', '.gitlab-ci.yaml'],
+    },
+    {
+        platform: 'jenkins',
+        paths: ['Jenkinsfile', 'jenkins/Jenkinsfile'],
+    },
+    {
+        platform: 'azure-devops',
+        paths: ['azure-pipelines.yml', 'azure-pipelines.yaml', '.azure-pipelines'],
+    },
+    {
+        platform: 'circleci',
+        paths: ['.circleci/config.yml', '.circleci/config.yaml'],
+    },
+    {
+        platform: 'travis-ci',
+        paths: ['.travis.yml', '.travis.yaml'],
+    },
+];
+/**
+ * Detect the CI platform from project structure.
+ *
+ * Returns the first matching platform, or 'none' if no CI configuration is found.
+ * Checks directories with `fs.existsSync` which handles both files and directories.
+ */
+function detectCiPlatform(projectRoot) {
+    for (const rule of CI_DETECTION_RULES) {
+        for (const relPath of rule.paths) {
+            const fullPath = path.join(projectRoot, relPath);
+            if (fs.existsSync(fullPath)) {
+                return rule.platform;
+            }
+        }
+    }
+    return 'none';
+}

package/dist/src/pipeline/stages/sca/dependencyClassification.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Dependency classification lookup table.
+ *
+ * Maps ~200 common dependency names to their functional category.
+ * Used by the SCA stage to classify project dependencies into
+ * httpClients, testFrameworks, assertionLibraries, mockingLibraries,
+ * securityLibraries, performanceTools, e2eFrameworks, and frameworks.
+ */
+import type { DependencyCategory } from './types';
+/**
+ * Lookup table: dependency name (lowercased) → category.
+ *
+ * Entries are grouped by language ecosystem for readability.
+ * When matching, we also support partial/contains matching for
+ * certain patterns (e.g. "spring-security-*" → securityLibrary).
+ */
+export declare const DEPENDENCY_CLASSIFICATION: Record<string, DependencyCategory>;
+/**
+ * Prefix patterns for fuzzy matching.
+ * If a dependency name starts with any of these prefixes, it gets the associated category.
+ */
+export declare const DEPENDENCY_PREFIX_RULES: Array<{
+    prefix: string;
+    category: DependencyCategory;
+}>;
+/**
+ * Classify a dependency name into a category.
+ * Returns 'unknown' if no match is found.
+ */
+export declare function classifyDependency(name: string): DependencyCategory;
+//# sourceMappingURL=dependencyClassification.d.ts.map

package/dist/src/pipeline/stages/sca/dependencyClassification.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dependencyClassification.d.ts","sourceRoot":"","sources":["../../../../../src/pipeline/stages/sca/dependencyClassification.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAElD;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAoPxE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,uBAAuB,EAAE,KAAK,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,kBAAkB,CAAA;CAAE,CAe3F,CAAC;AAEF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,CAiBnE"}

package/dist/src/pipeline/stages/sca/dependencyClassification.js ADDED Viewed

@@ -0,0 +1,296 @@
+"use strict";
+/**
+ * Dependency classification lookup table.
+ *
+ * Maps ~200 common dependency names to their functional category.
+ * Used by the SCA stage to classify project dependencies into
+ * httpClients, testFrameworks, assertionLibraries, mockingLibraries,
+ * securityLibraries, performanceTools, e2eFrameworks, and frameworks.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEPENDENCY_PREFIX_RULES = exports.DEPENDENCY_CLASSIFICATION = void 0;
+exports.classifyDependency = classifyDependency;
+/**
+ * Lookup table: dependency name (lowercased) → category.
+ *
+ * Entries are grouped by language ecosystem for readability.
+ * When matching, we also support partial/contains matching for
+ * certain patterns (e.g. "spring-security-*" → securityLibrary).
+ */
+exports.DEPENDENCY_CLASSIFICATION = {
+    // ─── HTTP Clients ───────────────────────────────────────────────────────────
+    // JavaScript/TypeScript
+    axios: 'httpClient',
+    got: 'httpClient',
+    'node-fetch': 'httpClient',
+    'cross-fetch': 'httpClient',
+    'isomorphic-fetch': 'httpClient',
+    ky: 'httpClient',
+    superagent: 'httpClient',
+    undici: 'httpClient',
+    needle: 'httpClient',
+    request: 'httpClient',
+    // Java/Kotlin
+    'retrofit2': 'httpClient',
+    'okhttp': 'httpClient',
+    'okhttp3': 'httpClient',
+    'httpclient': 'httpClient',
+    'httpcore': 'httpClient',
+    'java-http-client': 'httpClient',
+    'spring-web': 'httpClient',
+    'webclient': 'httpClient',
+    'resttemplate': 'httpClient',
+    'feign-core': 'httpClient',
+    'spring-cloud-starter-openfeign': 'httpClient',
+    // Python
+    requests: 'httpClient',
+    httpx: 'httpClient',
+    aiohttp: 'httpClient',
+    urllib3: 'httpClient',
+    httplib2: 'httpClient',
+    // ─── Test Frameworks ────────────────────────────────────────────────────────
+    // JavaScript/TypeScript
+    jest: 'testFramework',
+    'ts-jest': 'testFramework',
+    mocha: 'testFramework',
+    jasmine: 'testFramework',
+    'jasmine-core': 'testFramework',
+    ava: 'testFramework',
+    tape: 'testFramework',
+    vitest: 'testFramework',
+    // Java
+    'junit-jupiter': 'testFramework',
+    'junit-jupiter-api': 'testFramework',
+    'junit-jupiter-engine': 'testFramework',
+    'junit-jupiter-params': 'testFramework',
+    'junit-vintage-engine': 'testFramework',
+    junit: 'testFramework',
+    'junit-platform-launcher': 'testFramework',
+    testng: 'testFramework',
+    'spring-boot-starter-test': 'testFramework',
+    // Kotlin
+    'kotest-runner-junit5': 'testFramework',
+    'kotest-framework-engine': 'testFramework',
+    'kotest-assertions-core': 'testFramework',
+    // Python
+    pytest: 'testFramework',
+    'pytest-asyncio': 'testFramework',
+    'pytest-xdist': 'testFramework',
+    'pytest-cov': 'testFramework',
+    unittest2: 'testFramework',
+    nose2: 'testFramework',
+    // Ruby
+    rspec: 'testFramework',
+    'rspec-core': 'testFramework',
+    'rspec-rails': 'testFramework',
+    minitest: 'testFramework',
+    // ─── Assertion Libraries ────────────────────────────────────────────────────
+    // JavaScript/TypeScript
+    chai: 'assertionLibrary',
+    'chai-http': 'assertionLibrary',
+    'chai-as-promised': 'assertionLibrary',
+    expect: 'assertionLibrary',
+    'power-assert': 'assertionLibrary',
+    'should': 'assertionLibrary',
+    'unexpected': 'assertionLibrary',
+    // Java
+    assertj: 'assertionLibrary',
+    'assertj-core': 'assertionLibrary',
+    hamcrest: 'assertionLibrary',
+    'hamcrest-core': 'assertionLibrary',
+    'hamcrest-all': 'assertionLibrary',
+    'truth': 'assertionLibrary',
+    // Python
+    'pytest-assume': 'assertionLibrary',
+    'assertpy': 'assertionLibrary',
+    // ─── Mocking Libraries ─────────────────────────────────────────────────────
+    // JavaScript/TypeScript
+    sinon: 'mockingLibrary',
+    nock: 'mockingLibrary',
+    'msw': 'mockingLibrary',
+    'jest-mock-extended': 'mockingLibrary',
+    testdouble: 'mockingLibrary',
+    proxyquire: 'mockingLibrary',
+    rewire: 'mockingLibrary',
+    // Java
+    'mockito-core': 'mockingLibrary',
+    'mockito-junit-jupiter': 'mockingLibrary',
+    'mockito-inline': 'mockingLibrary',
+    mockito: 'mockingLibrary',
+    powermock: 'mockingLibrary',
+    'powermock-api-mockito2': 'mockingLibrary',
+    easymock: 'mockingLibrary',
+    wiremock: 'mockingLibrary',
+    // Kotlin
+    mockk: 'mockingLibrary',
+    'mockk-android': 'mockingLibrary',
+    // Python
+    'pytest-mock': 'mockingLibrary',
+    'responses': 'mockingLibrary',
+    'requests-mock': 'mockingLibrary',
+    'vcrpy': 'mockingLibrary',
+    'httpretty': 'mockingLibrary',
+    'freezegun': 'mockingLibrary',
+    'time-machine': 'mockingLibrary',
+    // Ruby
+    'webmock': 'mockingLibrary',
+    'vcr': 'mockingLibrary',
+    'mocha-ruby': 'mockingLibrary',
+    // ─── Security Libraries ─────────────────────────────────────────────────────
+    // JavaScript/TypeScript
+    passport: 'securityLibrary',
+    'passport-jwt': 'securityLibrary',
+    'passport-local': 'securityLibrary',
+    helmet: 'securityLibrary',
+    cors: 'securityLibrary',
+    csurf: 'securityLibrary',
+    'express-rate-limit': 'securityLibrary',
+    jsonwebtoken: 'securityLibrary',
+    bcrypt: 'securityLibrary',
+    bcryptjs: 'securityLibrary',
+    'jose': 'securityLibrary',
+    // Java
+    'spring-security-core': 'securityLibrary',
+    'spring-security-web': 'securityLibrary',
+    'spring-security-config': 'securityLibrary',
+    'spring-security-test': 'securityLibrary',
+    'spring-boot-starter-security': 'securityLibrary',
+    'spring-security-oauth2': 'securityLibrary',
+    'java-jwt': 'securityLibrary',
+    'jjwt': 'securityLibrary',
+    'jjwt-api': 'securityLibrary',
+    'nimbus-jose-jwt': 'securityLibrary',
+    'keycloak-spring-boot-starter': 'securityLibrary',
+    // Python
+    'django-cors-headers': 'securityLibrary',
+    'python-jose': 'securityLibrary',
+    'pyjwt': 'securityLibrary',
+    'passlib': 'securityLibrary',
+    'python-multipart': 'securityLibrary',
+    'authlib': 'securityLibrary',
+    // ─── Performance Tools ──────────────────────────────────────────────────────
+    k6: 'performanceTool',
+    gatling: 'performanceTool',
+    'gatling-charts-highcharts': 'performanceTool',
+    locust: 'performanceTool',
+    artillery: 'performanceTool',
+    autocannon: 'performanceTool',
+    vegeta: 'performanceTool',
+    wrk: 'performanceTool',
+    'clinic': 'performanceTool',
+    'jmeter': 'performanceTool',
+    // ─── E2E Frameworks ────────────────────────────────────────────────────────
+    cypress: 'e2eFramework',
+    playwright: 'e2eFramework',
+    '@playwright/test': 'e2eFramework',
+    selenium: 'e2eFramework',
+    'selenium-webdriver': 'e2eFramework',
+    webdriverio: 'e2eFramework',
+    puppeteer: 'e2eFramework',
+    testcafe: 'e2eFramework',
+    nightwatch: 'e2eFramework',
+    'cucumber-js': 'e2eFramework',
+    '@cucumber/cucumber': 'e2eFramework',
+    // Java
+    'cucumber-java': 'e2eFramework',
+    'cucumber-junit': 'e2eFramework',
+    'cucumber-spring': 'e2eFramework',
+    'selenium-java': 'e2eFramework',
+    // Python
+    behave: 'e2eFramework',
+    'pytest-bdd': 'e2eFramework',
+    'selenium-python': 'e2eFramework',
+    splinter: 'e2eFramework',
+    // Ruby
+    capybara: 'e2eFramework',
+    'cucumber-ruby': 'e2eFramework',
+    // ─── Frameworks ────────────────────────────────────────────────────────────
+    // JavaScript/TypeScript
+    express: 'framework',
+    '@nestjs/core': 'framework',
+    '@nestjs/common': 'framework',
+    'fastify': 'framework',
+    koa: 'framework',
+    hapi: 'framework',
+    '@hapi/hapi': 'framework',
+    'next': 'framework',
+    nuxt: 'framework',
+    // Java
+    'spring-boot': 'framework',
+    'spring-boot-starter-web': 'framework',
+    'spring-boot-starter-webflux': 'framework',
+    'spring-webmvc': 'framework',
+    'ktor-server-core': 'framework',
+    'ktor-server-netty': 'framework',
+    'ktor-server-cio': 'framework',
+    'quarkus-resteasy': 'framework',
+    'micronaut-http-server-netty': 'framework',
+    // Python
+    django: 'framework',
+    'django-rest-framework': 'framework',
+    'djangorestframework': 'framework',
+    flask: 'framework',
+    fastapi: 'framework',
+    starlette: 'framework',
+    tornado: 'framework',
+    sanic: 'framework',
+    // Ruby
+    rails: 'framework',
+    sinatra: 'framework',
+    grape: 'framework',
+    // ─── Database ────────────────────────────────────────────────────────────
+    pg: 'database',
+    mysql2: 'database',
+    sequelize: 'database',
+    typeorm: 'database',
+    prisma: 'database',
+    '@prisma/client': 'database',
+    mongoose: 'database',
+    knex: 'database',
+    'better-sqlite3': 'database',
+    // ─── HTTP Testing ───────────────────────────────────────────────────────
+    supertest: 'testFramework',
+    'rest-assured': 'testFramework',
+    pactum: 'testFramework',
+};
+/**
+ * Prefix patterns for fuzzy matching.
+ * If a dependency name starts with any of these prefixes, it gets the associated category.
+ */
+exports.DEPENDENCY_PREFIX_RULES = [
+    { prefix: 'spring-security', category: 'securityLibrary' },
+    { prefix: 'spring-boot-starter', category: 'framework' },
+    { prefix: 'junit-jupiter', category: 'testFramework' },
+    { prefix: 'mockito-', category: 'mockingLibrary' },
+    { prefix: 'kotest-', category: 'testFramework' },
+    { prefix: 'cucumber-', category: 'e2eFramework' },
+    { prefix: '@nestjs/', category: 'framework' },
+    { prefix: 'passport-', category: 'securityLibrary' },
+    { prefix: 'chai-', category: 'assertionLibrary' },
+    { prefix: 'rspec-', category: 'testFramework' },
+    { prefix: 'pytest-', category: 'testFramework' },
+    { prefix: 'ktor-server', category: 'framework' },
+    { prefix: 'ktor-client', category: 'httpClient' },
+    { prefix: '@playwright/', category: 'e2eFramework' },
+];
+/**
+ * Classify a dependency name into a category.
+ * Returns 'unknown' if no match is found.
+ */
+function classifyDependency(name) {
+    const lower = name.toLowerCase();
+    // Exact match first
+    const exact = exports.DEPENDENCY_CLASSIFICATION[lower];
+    if (exact)
+        return exact;
+    // Try original case for scoped packages
+    const original = exports.DEPENDENCY_CLASSIFICATION[name];
+    if (original)
+        return original;
+    // Prefix matching
+    for (const rule of exports.DEPENDENCY_PREFIX_RULES) {
+        if (lower.startsWith(rule.prefix))
+            return rule.category;
+    }
+    return 'unknown';
+}

package/dist/src/pipeline/stages/sca/dependencyDetector.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Dependency detector — parses manifest files to extract dependency names and versions.
+ *
+ * Supports:
+ * - package.json (JavaScript/TypeScript)
+ * - pom.xml (Java/Kotlin Maven)
+ * - build.gradle / build.gradle.kts (Java/Kotlin Gradle)
+ * - requirements.txt (Python)
+ * - pyproject.toml (Python)
+ * - Pipfile (Python)
+ * - Gemfile (Ruby)
+ * - go.mod (Go)
+ */
+import type { ParsedDependency, DependencyParseResult } from './types';
+/** Manifest file names this detector handles. */
+export declare const MANIFEST_FILES: readonly ["package.json", "pom.xml", "build.gradle", "build.gradle.kts", "requirements.txt", "pyproject.toml", "Pipfile", "Gemfile", "go.mod"];
+/**
+ * Scan a project root for manifest files and parse all dependencies.
+ */
+export declare function detectDependencies(projectRoot: string): DependencyParseResult;
+/**
+ * Parse a single manifest file and return dependency entries.
+ */
+export declare function parseManifest(fileName: string, content: string, sourceFile: string): ParsedDependency[];
+//# sourceMappingURL=dependencyDetector.d.ts.map

package/dist/src/pipeline/stages/sca/dependencyDetector.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dependencyDetector.d.ts","sourceRoot":"","sources":["../../../../../src/pipeline/stages/sca/dependencyDetector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH,OAAO,KAAK,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAEvE,iDAAiD;AACjD,eAAO,MAAM,cAAc,gJAUjB,CAAC;AAEX;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,WAAW,EAAE,MAAM,GAAG,qBAAqB,CAqB7E;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,gBAAgB,EAAE,CAwBpB"}