Test: Unit tests for parser and decision engine

[ProduktEntdecker]

Overview

Add unit tests to ensure reliability of the security scanner.

Depends On

• Feature: Command parser for npm/pip/brew install #2 (Command parser)
• Feature: Decision engine (allow/deny/ask) #4 (Decision engine)

Acceptance Criteria

• Set up test framework (vitest or jest)
• Tests for command parser (npm, pip, brew variants)
• Tests for edge cases (no version, multiple packages, flags)
• Tests for decision engine (all severity levels)
• Mock OSV API responses for testing
• Add test script to package.json

Test Cases

Parser

• npm install lodash → extracts lodash
• npm install lodash@4.17.0 → extracts lodash@4.17.0
• npm i -D typescript → extracts typescript (ignores -D)
• pip install requests>=2.0 → extracts requests
• brew install wget curl → extracts both

Decision Engine

• 0 vulns → allow
• 1 LOW → allow
• 1 MEDIUM → ask
• 1 HIGH → deny
• 1 CRITICAL → deny

Priority: P2

[coderabbitai]

📝 CodeRabbit Plan Mode

Generate an implementation plan and prompts that you can use with your favorite coding agent.

✅ Successfully generated implementation plan.

💡 Use @coderabbitai <feedback> to replan

Examples

• Example 1
• Example 2

---

🔗 Similar Issues

Related Issues

• Feature: OSV API integration for vulnerability checks #3

👤 Suggested Assignees

• ProduktEntdecker

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!

[coderabbitai]

Warning

This task cannot be completed as specified because its stated dependencies (Ticket #2: Command Parser and Ticket #4: Decision Engine with allow/ask/deny logic) have not been implemented in the codebase. The exploration confirms that the current tool only accepts direct package name and version inputs (not install commands) and only calculates severity levels (CRITICAL/HIGH/MEDIUM/LOW/UNKNOWN) without any allow/ask/deny decision logic. The ticket's test cases explicitly require testing "npm install lodash" parsing and "0 vulns → allow / 1 MEDIUM → ask / 1 HIGH → deny" decisions - features that do not exist.

You can reply directly to this comment with additional context or clarifications to help CodeRabbit complete the planning task, with an @-mention to the bot.