From e891d1a992517f000a386dc9507dcd9cc96db6ad Mon Sep 17 00:00:00 2001
From: James McMeeking <james.mcmeeking@joingelt.com>
Date: Fri, 8 May 2026 13:13:37 +0100
Subject: [PATCH] Update e2e suite to cover supported package managers

---
 test/e2e/rush.e2e.spec.js | 109 +++++++++++++++++++++++++++-----------
 1 file changed, 77 insertions(+), 32 deletions(-)

diff --git a/test/e2e/rush.e2e.spec.js b/test/e2e/rush.e2e.spec.js
index efe7ead..fb3cbdd 100644
--- a/test/e2e/rush.e2e.spec.js
+++ b/test/e2e/rush.e2e.spec.js
@@ -4,6 +4,11 @@ import assert from "node:assert";
 
 describe("E2E: rush coverage", () => {
   let container;
+  const packageManagerConfigs = [
+    { name: "pnpm", versionField: "pnpmVersion", version: "latest" },
+    { name: "yarn", versionField: "yarnVersion", version: "latest" },
+    { name: "npm", versionField: "npmVersion", version: "latest" },
+  ];
 
   before(async () => {
     DockerTestContainer.buildImage();
@@ -65,41 +70,81 @@ describe("E2E: rush coverage", () => {
       `Malicious package was added despite safe-chain protection. Output was:\n${packageJson.output}`
     );
   });
+
+  for (const packageManagerConfig of packageManagerConfigs) {
+    it(`safe-chain proxy blocks malicious package downloads during rush update with ${packageManagerConfig.name}`, async () => {
+      const shell = await container.openShell("zsh");
+      await setupRushWorkspace(shell, {
+        packageManagerConfig,
+        packageJson: `{
+  "name": "test-app",
+  "version": "1.0.0",
+  "dependencies": {
+    "safe-chain-test": "0.0.1-security"
+  }
+}`,
+      });
+
+      const result = await shell.runCommand("cd /testapp/apps/test-app && rush update");
+
+      assert.ok(
+        result.output.includes("blocked 1 malicious package downloads"),
+        `Output did not include expected text. Output was:\n${result.output}`
+      );
+      assert.ok(
+        result.output.includes("- safe-chain-test"),
+        `Output did not include expected text. Output was:\n${result.output}`
+      );
+      assert.ok(
+        result.output.includes("Exiting without installing malicious packages."),
+        `Output did not include expected text. Output was:\n${result.output}`
+      );
+    });
+  }
 });
 
-async function setupRushWorkspace(shell) {
-  await shell.runCommand("mkdir -p /testapp/common/config/rush /testapp/apps/test-app");
-  await shell.runCommand(`cat > /testapp/common/config/rush/rush.json <<'EOF'
-{
-  "$schema": "https://developer.microsoft.com/json-schemas/rush/v5/rush.schema.json",
-  "rushVersion": "5.175.1",
-  "pnpmVersion": "11.0.6",
-  "nodeSupportedVersionRange": ">=18.0.0",
-  "projectFolderMinDepth": 1,
-  "projectFolderMaxDepth": 2,
-  "gitPolicy": {},
-  "repository": {
-    "url": "https://example.com/testapp.git",
-    "defaultBranch": "main"
-  },
-  "eventHooks": {
-    "preRushInstall": [],
-    "postRushInstall": [],
-    "preRushBuild": [],
-    "postRushBuild": []
-  },
-  "projects": [
-    {
-      "packageName": "test-app",
-      "projectFolder": "apps/test-app"
-    }
-  ]
-}
-EOF`);
-  await shell.runCommand(`cat > /testapp/apps/test-app/package.json <<'EOF'
-{
+async function setupRushWorkspace(shell, options = {}) {
+  const packageManagerConfig = options.packageManagerConfig ?? {
+    versionField: "pnpmVersion",
+    version: "11.0.6",
+  };
+  const packageJson = options.packageJson ?? `{
   "name": "test-app",
   "version": "1.0.0"
+}`;
+  const rushConfig = {
+    $schema: "https://developer.microsoft.com/json-schemas/rush/v5/rush.schema.json",
+    rushVersion: "5.175.1",
+    [packageManagerConfig.versionField]: packageManagerConfig.version,
+    nodeSupportedVersionRange: ">=18.0.0",
+    projectFolderMinDepth: 1,
+    projectFolderMaxDepth: 2,
+    gitPolicy: {},
+    repository: {
+      url: "https://example.com/testapp.git",
+      defaultBranch: "main",
+    },
+    eventHooks: {
+      preRushInstall: [],
+      postRushInstall: [],
+      preRushBuild: [],
+      postRushBuild: [],
+    },
+    projects: [
+      {
+        packageName: "test-app",
+        projectFolder: "apps/test-app",
+      },
+    ],
+  };
+
+  await shell.runCommand("rm -rf /testapp/common /testapp/apps/test-app");
+  await shell.runCommand("mkdir -p /testapp/apps/test-app");
+  await writeTextFile(shell, "/testapp/rush.json", JSON.stringify(rushConfig, null, 2));
+  await writeTextFile(shell, "/testapp/apps/test-app/package.json", packageJson);
 }
-EOF`);
+
+async function writeTextFile(shell, filePath, content) {
+  const encoded = Buffer.from(content).toString("base64");
+  await shell.runCommand(`printf '%s' '${encoded}' | base64 -d > ${filePath}`);
 }