Update Node test workflow

.github/workflows/test.yml

@@ -24,7 +24,5 @@ jobs:
     with:
       no-lockfile: true
       npm-test-script: 'test-ci'
-      node-versions: '20'
-      # We currently have some issues on Windows that will have to wait to be fixed
-      # os: 'ubuntu-latest,windows-latest'
-      os: 'ubuntu-latest'
+      node-versions: '20,22'
+      os: 'ubuntu-latest,windows-latest'

package.json

@@ -51,11 +51,11 @@
     "lint:fix": "npm run lint -- --fix && npm run lint:fix:fast",
     "lint:fix:fast": "prettier --cache --log-level warn --write .",
     "prepare": "husky && custompatch",
-    "test": "run-s check build:* test:*",
-    "test:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
+    "test": "run-s check build:* test:* test:coverage:*",
     "test-ci": "run-s build:* test:*",
     "test:unit": "tap-run",
-    "test:coverage": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
+    "test:coverage:c8": "c8 --reporter=none node --test 'test/socket-npm.test.cjs'",
+    "test:coverage:merge": "cp -r .tap/coverage/*.json coverage/tmp && c8 --reporter=lcov --reporter=text --include 'dist/{module-sync,require}/*.js' --exclude 'dist/require/vendor.js' report"
   },
   "dependencies": {
     "@apideck/better-ajv-errors": "^0.3.6",

test/path-resolve.test.ts

@@ -5,10 +5,12 @@ import { afterEach, beforeEach, describe, it } from 'node:test'
 import mockFs from 'mock-fs'
 import nock from 'nock'
 
+import { normalizePath } from '@socketsecurity/registry/lib/path'
+
 import { getPackageFiles } from './dist/path-resolve'
 
 const testPath = __dirname
-const mockPath = path.join(testPath, 'mock')
+const mockPath = normalizePath(path.join(testPath, 'mock'))
 
 const globPatterns = {
   general: {
@@ -88,10 +90,13 @@ describe('Path Resolve', () => {
         [`${mockPath}/package.json`]: '{}'
       })
 
-      assert.deepEqual(
-        await sortedGetPackageFiles(mockPath, ['.'], undefined, globPatterns),
-        [`${mockPath}/package.json`]
+      const actual = await sortedGetPackageFiles(
+        mockPath,
+        ['.'],
+        undefined,
+        globPatterns
       )
+      assert.deepEqual(actual.map(normalizePath), [`${mockPath}/package.json`])
     })
 
     it('should respect ignores from socket config', async () => {
@@ -102,24 +107,22 @@ describe('Path Resolve', () => {
         [`${mockPath}/foo/package.json`]: '{}'
       })
 
-      assert.deepEqual(
-        await sortedGetPackageFiles(
-          mockPath,
-          ['**/*'],
-          {
-            version: 2,
-            projectIgnorePaths: ['bar/*', '!bar/package.json'],
-            issueRules: {},
-            githubApp: {}
-          },
-          globPatterns
-        ),
-        [
-          `${mockPath}/bar/package.json`,
-          `${mockPath}/foo/package-lock.json`,
-          `${mockPath}/foo/package.json`
-        ]
+      const actual = await sortedGetPackageFiles(
+        mockPath,
+        ['**/*'],
+        {
+          version: 2,
+          projectIgnorePaths: ['bar/*', '!bar/package.json'],
+          issueRules: {},
+          githubApp: {}
+        },
+        globPatterns
       )
+      assert.deepEqual(actual.map(normalizePath), [
+        `${mockPath}/bar/package.json`,
+        `${mockPath}/foo/package-lock.json`,
+        `${mockPath}/foo/package.json`
+      ])
     })
 
     it('should respect .gitignore', async () => {
@@ -131,19 +134,17 @@ describe('Path Resolve', () => {
         [`${mockPath}/foo/package.json`]: '{}'
       })
 
-      assert.deepEqual(
-        await sortedGetPackageFiles(
-          mockPath,
-          ['**/*'],
-          undefined,
-          globPatterns
-        ),
-        [
-          `${mockPath}/bar/package.json`,
-          `${mockPath}/foo/package-lock.json`,
-          `${mockPath}/foo/package.json`
-        ]
+      const actual = await sortedGetPackageFiles(
+        mockPath,
+        ['**/*'],
+        undefined,
+        globPatterns
       )
+      assert.deepEqual(actual.map(normalizePath), [
+        `${mockPath}/bar/package.json`,
+        `${mockPath}/foo/package-lock.json`,
+        `${mockPath}/foo/package.json`
+      ])
     })
 
     it('should always ignore some paths', async () => {
@@ -162,15 +163,16 @@ describe('Path Resolve', () => {
         [`${mockPath}/foo/package.json`]: '{}'
       })
 
-      assert.deepEqual(
-        await sortedGetPackageFiles(
-          mockPath,
-          ['**/*'],
-          undefined,
-          globPatterns
-        ),
-        [`${mockPath}/foo/package-lock.json`, `${mockPath}/foo/package.json`]
+      const actual = await sortedGetPackageFiles(
+        mockPath,
+        ['**/*'],
+        undefined,
+        globPatterns
       )
+      assert.deepEqual(actual.map(normalizePath), [
+        `${mockPath}/foo/package-lock.json`,
+        `${mockPath}/foo/package.json`
+      ])
     })
 
     it('should ignore irrelevant matches', async () => {
@@ -181,15 +183,16 @@ describe('Path Resolve', () => {
         [`${mockPath}/foo/random.json`]: '{}'
       })
 
-      assert.deepEqual(
-        await sortedGetPackageFiles(
-          mockPath,
-          ['**/*'],
-          undefined,
-          globPatterns
-        ),
-        [`${mockPath}/foo/package-lock.json`, `${mockPath}/foo/package.json`]
+      const actual = await sortedGetPackageFiles(
+        mockPath,
+        ['**/*'],
+        undefined,
+        globPatterns
       )
+      assert.deepEqual(actual.map(normalizePath), [
+        `${mockPath}/foo/package-lock.json`,
+        `${mockPath}/foo/package.json`
+      ])
     })
 
     it('should be lenient on oddities', async () => {
@@ -199,15 +202,13 @@ describe('Path Resolve', () => {
         }
       })
 
-      assert.deepEqual(
-        await sortedGetPackageFiles(
-          mockPath,
-          ['**/*'],
-          undefined,
-          globPatterns
-        ),
-        []
+      const actual = await sortedGetPackageFiles(
+        mockPath,
+        ['**/*'],
+        undefined,
+        globPatterns
       )
+      assert.deepEqual(actual.map(normalizePath), [])
     })
 
     it('should resolve package and lock file', async () => {
@@ -216,31 +217,30 @@ describe('Path Resolve', () => {
         [`${mockPath}/package.json`]: '{}'
       })
 
-      assert.deepEqual(
-        await sortedGetPackageFiles(
-          mockPath,
-          ['**/*'],
-          undefined,
-          globPatterns
-        ),
-        [`${mockPath}/package-lock.json`, `${mockPath}/package.json`]
+      const actual = await sortedGetPackageFiles(
+        mockPath,
+        ['**/*'],
+        undefined,
+        globPatterns
       )
+      assert.deepEqual(actual.map(normalizePath), [
+        `${mockPath}/package-lock.json`,
+        `${mockPath}/package.json`
+      ])
     })
 
     it('should resolve package without lock file', async () => {
       mockFs({
         [`${mockPath}/package.json`]: '{}'
       })
 
-      assert.deepEqual(
-        await sortedGetPackageFiles(
-          mockPath,
-          ['**/*'],
-          undefined,
-          globPatterns
-        ),
-        [`${mockPath}/package.json`]
+      const actual = await sortedGetPackageFiles(
+        mockPath,
+        ['**/*'],
+        undefined,
+        globPatterns
       )
+      assert.deepEqual(actual.map(normalizePath), [`${mockPath}/package.json`])
     })
 
     it('should support alternative lock files', async () => {
@@ -249,15 +249,16 @@ describe('Path Resolve', () => {
         [`${mockPath}/package.json`]: '{}'
       })
 
-      assert.deepEqual(
-        await sortedGetPackageFiles(
-          mockPath,
-          ['**/*'],
-          undefined,
-          globPatterns
-        ),
-        [`${mockPath}/package.json`, `${mockPath}/yarn.lock`]
+      const actual = await sortedGetPackageFiles(
+        mockPath,
+        ['**/*'],
+        undefined,
+        globPatterns
       )
+      assert.deepEqual(actual.map(normalizePath), [
+        `${mockPath}/package.json`,
+        `${mockPath}/yarn.lock`
+      ])
     })
 
     it('should handle all variations', async () => {
@@ -271,23 +272,21 @@ describe('Path Resolve', () => {
         [`${mockPath}/abc/package.json`]: '{}'
       })
 
-      assert.deepEqual(
-        await sortedGetPackageFiles(
-          mockPath,
-          ['**/*'],
-          undefined,
-          globPatterns
-        ),
-        [
-          `${mockPath}/abc/package.json`,
-          `${mockPath}/bar/package.json`,
-          `${mockPath}/bar/yarn.lock`,
-          `${mockPath}/foo/package-lock.json`,
-          `${mockPath}/foo/package.json`,
-          `${mockPath}/package-lock.json`,
-          `${mockPath}/package.json`
-        ]
+      const actual = await sortedGetPackageFiles(
+        mockPath,
+        ['**/*'],
+        undefined,
+        globPatterns
       )
+      assert.deepEqual(actual.map(normalizePath), [
+        `${mockPath}/abc/package.json`,
+        `${mockPath}/bar/package.json`,
+        `${mockPath}/bar/yarn.lock`,
+        `${mockPath}/foo/package-lock.json`,
+        `${mockPath}/foo/package.json`,
+        `${mockPath}/package-lock.json`,
+        `${mockPath}/package.json`
+      ])
     })
   })
 })

test/socket-cdxgen.test.ts

@@ -1,4 +1,5 @@
 import assert from 'node:assert/strict'
+import path from 'node:path'
 import { describe, it } from 'node:test'
 
 import spawn from '@npmcli/promise-spawn'
@@ -9,32 +10,45 @@ type PromiseSpawnOptions = Exclude<Parameters<typeof spawn>[2], undefined> & {
   encoding?: BufferEncoding | undefined
 }
 
-const { distPath } = constants
+const { distPath, execPath } = constants
+
+const entryPath = path.join(distPath, 'cli.js')
+const testPath = __dirname
+const npmFixturesPath = path.join(testPath, 'socket-npm-fixtures')
 
 const spawnOpts: PromiseSpawnOptions = {
-  cwd: distPath,
+  cwd: npmFixturesPath,
   encoding: 'utf8'
 }
 
 describe('Socket cdxgen command', async () => {
   it('should forwards known commands to cdxgen', async () => {
     for (const command of ['-h', '--help']) {
       // eslint-disable-next-line no-await-in-loop
-      const ret = await spawn('./cli.js', ['cdxgen', command], spawnOpts)
+      const ret = await spawn(
+        execPath,
+        [entryPath, 'cdxgen', command],
+        spawnOpts
+      )
       assert.ok(ret.stdout.startsWith('cdxgen'), 'forwards commands to cdxgen')
     }
   })
   it('should not forward unknown commands to cdxgen', async () => {
     for (const command of ['-u', '--unknown']) {
       // eslint-disable-next-line no-await-in-loop
       await assert.rejects(
-        () => spawn('./cli.js', ['cdxgen', command], spawnOpts),
+        () => spawn(execPath, [entryPath, 'cdxgen', command], spawnOpts),
         e => e?.['stderr']?.startsWith(`Unknown argument: ${command}`),
         'singular'
       )
     }
     await assert.rejects(
-      () => spawn('./cli.js', ['cdxgen', '-u', '-h', '--unknown'], spawnOpts),
+      () =>
+        spawn(
+          execPath,
+          [entryPath, 'cdxgen', '-u', '-h', '--unknown'],
+          spawnOpts
+        ),
       e => e?.['stderr']?.startsWith('Unknown arguments: -u, --unknown'),
       'plural'
     )

test/socket-npm.test.cjs

@@ -8,10 +8,10 @@ const { describe, it } = require('node:test')
 const spawn = require('@npmcli/promise-spawn')
 
 const constants = require('../scripts/constants')
-const { distPath } = constants
+const { distPath, execPath } = constants
 
-const testPath = __dirname
 const entryPath = path.join(distPath, 'cli.js')
+const testPath = __dirname
 const npmFixturesPath = path.join(testPath, 'socket-npm-fixtures')
 
 // These aliases are defined in package.json.
@@ -28,7 +28,7 @@ for (const npm of ['npm8', 'npm10']) {
     it('should bail on new typosquat', async () => {
       await assert.rejects(
         () =>
-          spawn(process.execPath, [entryPath, 'npm', 'install', 'bowserify'], {
+          spawn(execPath, [entryPath, 'npm', 'install', 'bowserify'], {
             cwd: path.join(npmFixturesPath, 'lacking-typosquat'),
             encoding: 'utf8',
             env: {