SCANNPM-131 Migrate unit tests to Node test runner

[vdiez]

Summary

• Replace Jest with Node's native test runner and tsx
• Remove jest, ts-jest, @types/jest, and jest-sonar-reporter dependencies
• Use dependency injection pattern for testability instead of experimental module mocking
• Add src/deps.ts for shared dependency interfaces
• Update all test files to use node:test and node:assert
• Use node: prefix for all Node.js built-in imports
• Update CLAUDE.md with current conventions

Test plan

• All 122 unit tests pass with npm test
• Build succeeds with npm run build
• CI pipeline passes

🤖 Generated with Claude Code

[hashicorp-vault-sonar-prod]

SCANNPM-131

[zglicz]

Please rework the business logic, so that not all of the methods need to accept the mocks/DI code. This will make it much, much cleaner.

[vdiez]

Changes in this session

Refactor: Centralized Dependency Injection

Addressed the PR feedback to clean up the dependency injection approach. Instead of passing deps parameters to every function, we now use a centralized dependency container pattern:

New files created:

• src/deps.ts - Centralized Dependencies interface with getDeps(), setDeps(), and resetDeps() functions
• test/unit/test-helpers.ts - Reusable mock factory functions (createMockFsDeps, createMockHttpDeps, createMockProcessDeps, createMockChildProcess, etc.)

Pattern change:

// Before: deps parameter in every function
export async function fetchJRE(properties: Props, deps: JavaDeps = {}) { ... }

// After: clean function signatures, deps accessed via getDeps()
export async function fetchJRE(properties: Props): Promise<string> {
  const { fs, http } = getDeps();
  // ...
}

Test pattern:

beforeEach(() => {
  setDeps({ http: createMockHttpDeps({ fetch: mockFetch }) });
});

afterEach(() => {
  resetDeps();
});

Removed sinon dependency

Replaced all sinon stubs with native node:test mocks:

• scan.test.ts - Replaced sinon.stub(process, 'cwd') with setDeps({ process: createMockProcessDeps({ cwd: () => __dirname }) })
• properties.test.ts - Refactored FakeProjectMock class to use setDeps() instead of sinon stubs
• scanner-engine.test.ts - Removed sinon.stub(process.stdout, 'write') (was only suppressing output, test validates via mockLog)

Fixed TypeScript errors

• Added proper Mock<T> typing from node:test when accessing mock call arguments
• Updated test helper return types from Partial<Dependencies['X']> to full Dependencies['X']

Stats

• 18 files changed: 949 insertions, 1296 deletions (net -347 lines)
• All 137 tests pass
• Coverage maintained: 90.55% statements, 83.56% branches

[sonarqubecloud]

SonarQube reviewer guide

Important

We are currently testing different models for AI Summary.
Please give us your feedback by filling this form.

Model A:

Summary: Migrate test suite from Jest to Node.js native test runner and improve dependency injection architecture.

Review Focus:

• The new deps.ts module introduces a centralized dependency injection container - verify all dependencies are properly abstracted and mockable
• Tests now use Node.js native node:test and node:assert APIs instead of Jest - check for correct mock lifecycle management (proper cleanup in afterEach)
• Environment variable handling in properties tests is complex due to proxy-from-env library accessing global process.env - review the restoreProxyEnvVars() helper
• The createMockChildProcess helper in test-helpers.ts requires manual event emission in tests - ensure tests properly trigger exit events to avoid hangs

Start review at: src/deps.ts. This is the foundation of the refactoring - it defines the dependency injection pattern that enables testing without Jest. Understanding how dependencies are centralized here (fs, process, http, spawn, etc.) is crucial to reviewing how tests mock these dependencies throughout the codebase.

Model B:

Summary: Migrates the test framework from Jest to Node.js native test runner with comprehensive refactoring.

Review Focus:
This is a major architectural change from Jest to Node's native test runner. Key areas requiring careful review:

1. Dependency injection system (src/deps.ts) - New centralized DI container replacing scattered mocks
2. Test helper functions (test/unit/test-helpers.ts) - How mocks are created and used across tests
3. Test rewrites - Verify mock patterns are consistently applied, particularly around async operations and event emitters
4. Pre-commit hook simplification (.husky/pre-commit) - Now just runs npm run precommit instead of full husky setup

Start review at: src/deps.ts. This file is the foundation of the new architecture. Understanding the dependency injection pattern is critical to reviewing all subsequent changes, as every test and module now uses this centralized container instead of direct Jest mocks.

See all code changes, issues, and quality metrics in one place.

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
87.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud