zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-05-17 22:33:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: tighten supply-chain IOC package matching

Browse Source
This commit is contained in:
Affaan Mustafa
2026-05-16 03:15:55 -04:00
committed by Affaan Mustafa
parent eb59afb590
commit 7420441512
2 changed files with 86 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
tests/ci/scan-supply-chain-iocs.test.js
View File

@@ -154,6 +154,30 @@ function run() {
});
})) passed++; else failed++;
if (test('does not combine package-name substrings with unrelated versions', () => {
withFixture({
'package-lock.json': JSON.stringify({
packages: {
'node_modules/react-remove-scroll': {
version: '2.6.3',
},
'node_modules/@tailwindcss/node': {
version: '4.2.1',
dependencies: {
lightningcss: '1.31.1',
},
},
'node_modules/lightningcss': {
version: '1.31.1',
},
},
}, null, 2),
}, rootDir => {
const result = scanSupplyChainIocs({ rootDir });
assert.deepStrictEqual(result.findings, []);
});
})) passed++; else failed++;
if (test('does not flag benign substrings in clean package scripts', () => {
withFixture({
'node_modules/uuid/package.json': JSON.stringify({