fix: add offline advisory db sync hint#407
Open
MFA-G wants to merge 1 commit into
Open
Conversation
sonukapoor
reviewed
May 23, 2026
| const syncHint = options.offlineDb | ||
| ? `To build it, run: cve-lite advisories sync\nOr to save it to the requested path: cve-lite advisories sync --output ${options.offlineDb}` | ||
| : "To build it, run: cve-lite advisories sync"; | ||
| throw new Error(`Offline advisory database is not available: ${reason}\n${syncHint}`); |
Collaborator
There was a problem hiding this comment.
The string "To build it, run: cve-lite advisories sync" appears in both branches — it's the full else value and also the opening line of the if branch. If the command ever changes, it needs updating in two places. Worth extracting to a constant:
const BASE_SYNC_HINT = "To build it, run: cve-lite advisories sync";
const syncHint = options.offlineDb
? `${BASE_SYNC_HINT}\nOr to save it to the requested path: cve-lite advisories sync --output ${options.offlineDb}`
: BASE_SYNC_HINT;| parseArgsMock.mockReturnValue({ | ||
| command: "scan", | ||
| options: { | ||
| offline: true, |
Collaborator
There was a problem hiding this comment.
The four options failOn, batchSize, searchDepth, minSeverity are identical across both tests. A shared object at the top of the block makes it obvious which option is actually under test in each case:
const BASE_SCAN_OPTIONS = {
failOn: "critical",
batchSize: "100",
searchDepth: "4",
minSeverity: "medium",
} as const;
// then per test:
options: { offline: true, ...BASE_SCAN_OPTIONS }
options: { offlineDb: "/tmp/custom-advisories.db", ...BASE_SCAN_OPTIONS }|
|
||
| expect(result.exitCode).toBe(1); | ||
| expect(stripAnsi(result.stderr.join("\n"))).toContain("Offline advisory database is not available: file does not exist"); | ||
| expect(stripAnsi(result.stderr.join("\n"))).toContain("To build it, run: cve-lite advisories sync"); |
Collaborator
There was a problem hiding this comment.
stripAnsi(result.stderr.join("\n")) is evaluated twice here (and again in the second test). Store it once so the assertions read more cleanly:
const stderr = stripAnsi(result.stderr.join("\n"));
expect(stderr).toContain("Offline advisory database is not available: file does not exist");
expect(stderr).toContain("To build it, run: cve-lite advisories sync");
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
cve-lite advisories syncguidance when offline advisory DB initialization fails--output <path>guidance when users pass a custom--offline-dbpathFixes #402
Verification