add test for yarn package manager

Author: reey

tests/integration/__snapshots__/index.test.js.snap

@@ -0,0 +1,9 @@
+*
+!/.gitignore
+!/.gitattributes
+!/README.md
+!/package.json
+!/package-lock.json
+!/webpack.config.js
+!/src
+!/src/*

tests/integration/improvement-issue-1284-yarn/.gitignore

@@ -0,0 +1,9 @@
+# Test: is copied file's package detected
+
+This setup is intended to create reproducible results (SBoM).  
+It might install outdated, unmaintained or vulnerable components, for showcasing purposes.
+
+Importing `libphonenumber-js/max` should not result in `libphonenumber-js/max` being added to the SBoM without any version.
+Instead `libphonenumber-js` should be added with the correct version.
+
+Importing `luxon` should result in `luxon` being added to the SBoM.

tests/integration/improvement-issue-1284-yarn/README.md

@@ -0,0 +1,25 @@
+{
+  "name": "@cyclonedx-weboack-plugin-tests/improvement-issue-1284-yarn",
+  "description": "example to verify issue 1284 with yarn",
+  "private": true,
+  "main": "index.html",
+  "scripts": {
+    "prebuild": "node -r fs -e 'fs.rmSync(\"dist\",{recursive:true,force:true})'",
+    "build": "webpack build"
+  },
+  "dependencies": {
+    "libphonenumber-js": "^1.9.19",
+    "luxon": "3.4.4"
+  },
+  "devDependencies": {
+    "@cyclonedx/webpack-plugin": "portal:../../..",
+    "bootstrap": "^5.1.3",
+    "webpack": "^5.72.0",
+    "webpack-cli": "^4.9.2"
+  },
+  "engines": {
+    "node": ">=14.0.0",
+    "yarn": ">=4.3.0"
+  },
+  "packageManager": "yarn@4.3.0"
+}

tests/integration/improvement-issue-1284-yarn/package.json

@@ -0,0 +1,6 @@
+const { parsePhoneNumberFromString } = require("libphonenumber-js/max");
+const { DateTime } = require("luxon");
+
+console.log(DateTime.now());
+
+console.log(parsePhoneNumberFromString("+12133734253", "US"));

tests/integration/improvement-issue-1284-yarn/src/index.js

@@ -0,0 +1,37 @@
+/*!
+This file is part of CycloneDX Webpack plugin.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+const path = require('path')
+const { CycloneDxWebpackPlugin } = require('@cyclonedx/webpack-plugin')
+
+module.exports = {
+  entry: './src/index.js',
+  output: {
+    path: path.resolve(__dirname, 'dist'),
+    filename: 'bundle.js'
+  },
+  plugins: [
+    new CycloneDxWebpackPlugin(
+      {
+        outputLocation: '.bom',
+        reproducibleResults: true
+      }
+    )
+  ]
+}

tests/integration/improvement-issue-1284-yarn/webpack.config.js

@@ -137,6 +137,25 @@ const testSetups = [
         file: 'dist/.well-known/sbom'
       }
     ]
+  },
+  {
+    dir: 'improvement-issue-1284-yarn',
+    packageManager: 'yarn',
+    purpose: 'functional: verify enhanced package.json finder with yarn pkg manager',
+    results: [ // paths relative to `dir`
+      {
+        format: 'xml',
+        file: 'dist/.bom/bom.xml'
+      },
+      {
+        format: 'json',
+        file: 'dist/.bom/bom.json'
+      },
+      {
+        format: 'json',
+        file: 'dist/.well-known/sbom'
+      }
+    ]
   }
 ]
 
@@ -150,10 +169,10 @@ try {
 }
 
 describe('integration', () => {
-  testSetups.forEach(({ purpose, dir, results }) => {
+  testSetups.forEach(({ purpose, dir, results, packageManager }) => {
     describe(purpose, () => {
       const built = spawnSync(
-        'npm', ['run', 'build'], {
+        packageManager ?? 'npm', ['run', 'build'], {
           cwd: path.resolve(module.path, dir),
           stdio: ['ignore', 'pipe', 'pipe'],
           encoding: 'utf8',

tests/integration/index.test.js

@@ -34,6 +34,10 @@ const path = require('path');
     'improvement-issue-1284'
   ]
 
+  const REQUIRES_YARN_INSTALL = [
+    'improvement-issue-1284-yarn'
+  ]
+
   console.warn(`
   WILL SETUP INTEGRATION TEST BEDS
   THAT MIGHT CONTAIN OUTDATED VULNERABLE PACKAGES
@@ -57,4 +61,19 @@ const path = require('path');
       console.error(done)
     }
   }
+
+  for (const DIR of REQUIRES_YARN_INSTALL) {
+    console.log('>>> setup with yarn:', DIR)
+    done = spawnSync(
+      'yarn', ['install', '--immutable'], {
+        cwd: path.resolve(__dirname, DIR),
+        stdio: 'inherit',
+        shell: true
+      }
+    )
+    if (done.status !== 0) {
+      ++process.exitCode
+      console.error(done)
+    }
+  }
 })()