fix: extract integrity command (#647)

* fix(command): extract integrity spec argument

* fix(command): extract integrity unit tests

---------

Co-authored-by: Raulo Erwan. <erwan.raulo.externe@emeria.eu>

Author: ErwanRaulo

bin/index.js

@@ -9,16 +9,16 @@ catch {
 }
 
 // Import Node.js Dependencies
-import path from "node:path";
 import { createRequire } from "node:module";
+import path from "node:path";
 import { fileURLToPath } from "node:url";
 
 // Import Third-party Dependencies
-import sade from "sade";
-import semver from "semver";
 import * as i18n from "@nodesecure/i18n";
-import * as vulnera from "@nodesecure/vulnera";
 import { loadRegistryURLFromLocalSystem } from "@nodesecure/npm-registry-sdk";
+import * as vulnera from "@nodesecure/vulnera";
+import sade from "sade";
+import semver from "semver";
 
 // Import Internal Dependencies
 import * as commands from "../src/commands/index.js";
@@ -135,8 +135,9 @@ prog
   .action(commands.cache.main);
 
 prog
-  .command("extract integrity [spec]")
+  .command("extract integrity <spec>")
   .describe(i18n.getTokenSync("cli.commands.extractIntegrity.desc"))
+  .example("nsecure extract integrity lodash@^4.1.2")
   .action(commands.extractIntegrity.main);
 
 prog.parse(process.argv);

i18n/english.js

@@ -78,7 +78,10 @@ const cli = {
       cleared: "Cache cleared successfully!"
     },
     extractIntegrity: {
-      desc: "Extract the integrity of a package from its manifest and tarball and compare the two integrities if different from one another."
+      desc: "Extract the integrity of a package from its manifest and tarball and compare the two integrities if different from one another.",
+      missingSpecVersion: tS`You must specify a version for '${0}' package.`,
+      invalidSpec: tS`The package spec '${0}' is invalid.`,
+      specNotFound: tS`The package spec '${0}' could not be found from the npm registry.`
     }
   },
   startHttp: {

i18n/french.js

@@ -78,7 +78,10 @@ const cli = {
       cleared: "Cache nettoyé avec succès !"
     },
     extractIntegrity: {
-      desc: "Extraire l'intégrité d'un paquet à partir de son manifeste et du tarball et comparer les deux intégrités si elles sont différentes."
+      desc: "Extraire l'intégrité d'un paquet à partir de son manifeste et du tarball et comparer les deux intégrités si elles sont différentes.",
+      missingSpecVersion: tS`Vous devez spécifier une version pour le package '${0}'.`,
+      invalidSpec: tS`La spécification '${0}' est invalide.`,
+      specNotFound: tS`La spécification '${0}' n'a pas pu être trouvée dans le registre npm.`
     }
   },
   startHttp: {

src/commands/extract-integrity.js

@@ -4,29 +4,53 @@ import os from "node:os";
 import path from "node:path";
 
 // Import Third-party Dependencies
-import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk";
-import { diff } from "json-diff-ts";
-import { tarball } from "@nodesecure/scanner";
+import * as i18n from "@nodesecure/i18n";
+
 import {
-  parseNpmSpec,
-  packageJSONIntegrityHash
+  packageJSONIntegrityHash,
+  parseNpmSpec
 } from "@nodesecure/mama";
+import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk";
+import { tarball } from "@nodesecure/scanner";
+import { diff } from "json-diff-ts";
+
+// Import Internal Dependencies
+import kleur from "../utils/styleText.js";
+
+const Ki18nCommandName = "cli.commands.extractIntegrity";
 
 export async function main(
   npmPackageSpec
 ) {
   const parsedPackageSpec = parseNpmSpec(npmPackageSpec);
   if (!parsedPackageSpec) {
-    throw new Error(`Invalid npm spec: ${npmPackageSpec}`);
+    console.log(kleur.red().bold(` [!] ${i18n.getTokenSync(`${Ki18nCommandName}.invalidSpec`, npmPackageSpec)}\n`));
+    process.exit(1);
+  }
+
+  const { name, semver } = parsedPackageSpec;
+  if (!semver) {
+    console.log(kleur.red().bold(` [!] ${i18n.getTokenSync(`${Ki18nCommandName}.missingSpecVersion`, name)}\n`));
+    process.exit(1);
   }
 
-  const packumentVersion = await npmRegistrySDK.packumentVersion(
-    parsedPackageSpec.name,
-    parsedPackageSpec.semver,
-    {
-      token: process.env.NODE_SECURE_TOKEN
+  let packumentVersion;
+  try {
+    packumentVersion = await npmRegistrySDK.packumentVersion(
+      name,
+      semver,
+      {
+        token: process.env.NODE_SECURE_TOKEN
+      }
+    );
+  }
+  catch (error) {
+    if (error.statusCode === 404) {
+      console.log(kleur.yellow().bold(` [!] ${i18n.getTokenSync(`${Ki18nCommandName}.specNotFound`, npmPackageSpec)}\n`));
+      process.exit(1);
     }
-  );
+  }
+
   const remote = packageJSONIntegrityHash(
     packumentVersion,
     { isFromRemoteRegistry: true }

test/commands/cache.test.js

@@ -7,26 +7,26 @@ catch {
 }
 
 // Import Node.js Dependencies
-import fs from "node:fs";
-import path from "node:path";
-import url from "node:url";
 import assert from "node:assert";
 import childProcess from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
 import { after, before, describe, it } from "node:test";
+import url from "node:url";
 
 // Import Third-party Dependencies
+import { DEFAULT_PAYLOAD_PATH } from "@nodesecure/cache";
 import * as i18n from "@nodesecure/i18n";
 import { cache } from "@nodesecure/server";
-import { DEFAULT_PAYLOAD_PATH } from "@nodesecure/cache";
 
 // Import Internal Dependencies
-import { arrayFromAsync } from "../helpers/utils.js";
 import { main } from "../../src/commands/cache.js";
+import { arrayFromAsync } from "../helpers/utils.js";
 
 // CONSTANTS
 const __dirname = path.dirname(url.fileURLToPath(import.meta.url));
 
-describe("Cache command", { concurrency: 1 }, () => {
+describe("CLI Commands: cache", { concurrency: 1 }, () => {
   let lang;
   let actualCache;
   let dummyPayload = null;

test/commands/extract-integrity.test.js

@@ -0,0 +1,55 @@
+// Load .env file if it exists (quiet - no error if missing)
+try {
+  process.loadEnvFile();
+}
+catch {
+  // .env file not found or not readable - ignore silently
+}
+
+// Import Node.js Dependencies
+import assert from "node:assert";
+import path from "node:path";
+import { describe, test } from "node:test";
+import { fileURLToPath } from "node:url";
+
+// Import Internal Dependencies
+import { runProcess } from "../helpers/cliCommandRunner.js";
+import { arrayFromAsync } from "../helpers/utils.js";
+
+// CONSTANTS
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const kProcessDir = path.join(__dirname, "..", "process");
+
+describe("CLI Commands: extract integrity", () => {
+  test("should not find an integrity diff", async() => {
+    const expectedLine = "no integrity diff found";
+
+    const lines = await arrayFromAsync(runProcess({ path: path.join(kProcessDir, "extract-integrity/valid-spec.js") }));
+
+    assert.equal(lines[0], expectedLine, `should be ${expectedLine}`);
+  });
+
+  test("should not check integrity if version is missing", async() => {
+    const expectedLine = " [!] You must specify a version for 'express' package.";
+
+    const lines = await arrayFromAsync(runProcess({ path: path.join(kProcessDir, "extract-integrity/missing-version.js") }));
+
+    assert.equal(lines[0], expectedLine, `should be ${expectedLine}`);
+  });
+
+  test("should not check integrity for invalid spec", async() => {
+    const expectedLine = " [!] The package spec '' is invalid.";
+
+    const lines = await arrayFromAsync(runProcess({ path: path.join(kProcessDir, "extract-integrity/invalid-spec.js") }));
+
+    assert.equal(lines[0], expectedLine, `should be ${expectedLine}`);
+  });
+
+  test("should not check integrity if spec is not found", async() => {
+    const expectedLine = " [!] The package spec 'express@not-found' could not be found from the npm registry.";
+
+    const lines = await arrayFromAsync(runProcess({ path: path.join(kProcessDir, "extract-integrity/not-found.js") }));
+
+    assert.equal(lines[0], expectedLine, `should be ${expectedLine}`);
+  });
+});