Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

fix!: remove old audit fallback request #7911

Merged
merged 3 commits into from
Nov 20, 2024
Merged

Conversation

wraithgar
Copy link
Member

@wraithgar wraithgar commented Nov 14, 2024

BREAKING CHANGE: npm will no longer fall back to the old audit endpoint
if the bulk advisory request fails.

This legacy code has a long tail in npm. Getting rid of it was
difficult because of how load-bearing some of those requests were in
tests. This PR removes the old "mock server" that arborist tests spun
up, and moved that logic into the existing mock registry that the cli
uses. This will allow us to consolidate our logic in tests, and also
outline more granularly which tests actually make registry requests.

A few tests that were testing just the fallback behavior were also
removed.

Closes: npm/statusboard#900

@wraithgar
Copy link
Member Author

Test coverage failures are due to two things: Two functions which always get passed an object, and never get defaulted now, and uncovered lines in the packument cache because of missing headers in the mock registry.

@wraithgar wraithgar force-pushed the gar/audit-fallback branch 6 times, most recently from 0927b81 to bc020ec Compare November 18, 2024 21:15
@wraithgar wraithgar marked this pull request as ready for review November 18, 2024 21:17
@wraithgar wraithgar requested a review from a team as a code owner November 18, 2024 21:17
hashtagchris
hashtagchris previously approved these changes Nov 18, 2024
Copy link
Contributor

@hashtagchris hashtagchris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I think I'm able to follow the new MockRegistry-based code better than the old code.

mock-registry/lib/index.js Outdated Show resolved Hide resolved
workspaces/arborist/test/arborist/audit.js Show resolved Hide resolved
workspaces/arborist/test/arborist/build-ideal-tree.js Outdated Show resolved Hide resolved
BREAKING CHANGE: npm will no longer fall back to the old audit endpoint
if the bulk advisory request fails.

This legacy code has a long tail in npm.  Getting rid of it was
difficult because of how load-bearing some of those requests were in
tests.  This PR removes the old "mock server" that arborist tests spun
up, and moved that logic into the existing mock registry that the cli
uses.  This will allow us to consolidate our logic in tests, and also
outline more granularly which tests actually make registry requests.

A few tests that were testing just the fallback behavior were also
removed.

const fixture = (t, p) => require('../fixtures/reify-cases/' + p)(t)

const printReified = (path, opt) => reify(path, opt).then(printTree)
const fixtures = join(__dirname, '..', 'fixtures')
const createRegistry = (t, mocks) => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a thought, no action required

This is convenient on one hand but tedious to remember to include for each test on the other. I'd suggest in the future using a beforeEach (and when needed, scoping registry to describe()) and group tests by describe(), that way it wouldn't need to be defined every test. This is especially relevant if the test itself doesn't use the returned value.

This would group the tests into four different types of describe() "buckets" :

  1. createRegistry(t, true)
  2. createRegistry(t)
  3. const registry = createRegistry(t)
  4. const registry = createRegistry(t, true)

And you'd never need to use this within the file again. There is a caveat for one of the below examples that calls this with a loop, that would need to be handled differently.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I envisioned these mocks moving into the mock-registry folder and then being hard set when you called registry.mocks. The changes in this PR were the smallest possible to get things moved over.

Copy link
Contributor

@reggi reggi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a much needed, heavy lift and is a really elegant way of mocking and handling the audit endpoints. Thanks for this! 👍 🚀

@wraithgar wraithgar merged commit ec57f5f into latest Nov 20, 2024
45 checks passed
@wraithgar wraithgar deleted the gar/audit-fallback branch November 20, 2024 17:32
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Remove npm audit fallback request
3 participants