The snapshot tests for the audit-age CLI output change over time as the package versions in the fixture package lock files age.
Possibly the least-crappy way to deal with this is to generate the fixture packages and lock files at the time of each test, and have a mock npm registry that the CLI queries the package version dates from. This way we can dynamically set the published dates for the dependencies to cover a range of ages to test all the possible kinds of output, that won't change over time when the tests run in the future.
To achieve this, there might be some way to specify the URL for the mock registry in the fixture package.json or package-lock.json files, so the npm CLI will automatically query it. If this doesn't pan out, a new CLI option (e.g. --registry=http://localhost:3000) might need to be added, the downside being that we're not testing the CLI being used without that flag which is how real users will actually interact with it.
A risk is that by mocking the registry in the tests we might might not notice if the real npm registry behaves in a different way to our mocked one.
The snapshot tests for the
audit-age
CLI output change over time as the package versions in the fixture package lock files age.Possibly the least-crappy way to deal with this is to generate the fixture packages and lock files at the time of each test, and have a mock npm registry that the CLI queries the package version dates from. This way we can dynamically set the published dates for the dependencies to cover a range of ages to test all the possible kinds of output, that won't change over time when the tests run in the future.
To achieve this, there might be some way to specify the URL for the mock registry in the fixture
package.json
orpackage-lock.json
files, so the npm CLI will automatically query it. If this doesn't pan out, a new CLI option (e.g.--registry=http://localhost:3000
) might need to be added, the downside being that we're not testing the CLI being used without that flag which is how real users will actually interact with it.A risk is that by mocking the registry in the tests we might might not notice if the real npm registry behaves in a different way to our mocked one.