()
| 39 | } |
| 40 | |
| 41 | async function run() { |
| 42 | console.log('\n=== Testing supply-chain advisory source refresh ===\n'); |
| 43 | |
| 44 | let passed = 0; |
| 45 | let failed = 0; |
| 46 | |
| 47 | if (await test('default sources cover the active npm and PyPI campaign', async () => { |
| 48 | const ids = DEFAULT_ADVISORY_SOURCES.map(source => source.id); |
| 49 | for (const requiredId of [ |
| 50 | 'tanstack-postmortem', |
| 51 | 'github-ghsa-g7cv-rxg3-hmpx', |
| 52 | 'stepsecurity-mini-shai-hulud', |
| 53 | 'openai-tanstack-response', |
| 54 | 'socket-node-ipc', |
| 55 | 'cisa-npm-compromise', |
| 56 | ]) { |
| 57 | assert.ok(ids.includes(requiredId), `Missing advisory source ${requiredId}`); |
| 58 | } |
| 59 | |
| 60 | const ecosystemCoverage = new Set(DEFAULT_ADVISORY_SOURCES.flatMap(source => source.ecosystems)); |
| 61 | assert.ok(ecosystemCoverage.has('npm')); |
| 62 | assert.ok(ecosystemCoverage.has('PyPI')); |
| 63 | assert.ok(ecosystemCoverage.has('AI developer tooling')); |
| 64 | })) passed++; else failed++; |
| 65 | |
| 66 | if (await test('offline report emits passing coverage checks and Linear-ready ITO-57 payload', async () => { |
| 67 | const report = await buildAdvisorySourceReport({ |
| 68 | generatedAt: '2026-05-16T00:00:00.000Z', |
| 69 | refresh: false, |
| 70 | }); |
| 71 | |
| 72 | assert.strictEqual(report.schema_version, 'ecc.supply-chain-advisory-sources.v1'); |
| 73 | assert.strictEqual(report.ready, true); |
| 74 | assert.strictEqual(report.refresh.enabled, false); |
| 75 | assert.ok(report.sources.length >= 8); |
| 76 | assert.ok(report.checks.every(check => check.status === 'pass')); |
| 77 | assert.strictEqual(report.linear.status.issueId, 'ITO-57'); |
| 78 | assert.match(report.linear.status.summary, /advisory sources current/i); |
| 79 | assert.match(report.linear.status.remaining, /Linear status/i); |
| 80 | })) passed++; else failed++; |
| 81 | |
| 82 | if (await test('refresh mode records per-source live check results', async () => { |
| 83 | const calls = []; |
| 84 | const report = await buildAdvisorySourceReport({ |
| 85 | generatedAt: '2026-05-16T00:00:00.000Z', |
| 86 | refresh: true, |
| 87 | fetchSource: async source => { |
| 88 | calls.push(source.id); |
| 89 | return { |
| 90 | ok: true, |
| 91 | statusCode: 200, |
| 92 | finalUrl: source.url, |
| 93 | checkedAt: '2026-05-16T00:00:00.000Z', |
| 94 | }; |
| 95 | }, |
| 96 | }); |
| 97 | |
| 98 | assert.deepStrictEqual( |
no test coverage detected