Organize output scrubbers into dedicated test/utils/scrubbers/ directory

- Create test/utils/scrubbers/ with separate files by category:
  - text.mts: Text normalization (log symbols, newlines, ASCII safety)
  - security.mts: Token sanitization and error message scrubbing
  - package-managers.mts: Timing and version scrubbing for npm/pnpm/firewall
  - clean-output.mts: Main entry point that composes all scrubbers

- Update pnpm timing scrubber to normalize both seconds and milliseconds to 'Xs'
- Update pnpm test snapshots to use normalized timing (Xs instead of Xms)
- Update test/utils.mts to import cleanOutput from new location

All pnpm tests now pass with stable snapshots.

Author: jdalton

src/commands/pnpm/cmd-pnpm.test.mts

@@ -168,7 +168,7 @@ describe('socket pnpm', async () => {
         Already up to date
         Progress: resolved 1043, reused 932, downloaded 0, added 0, done
 
-        Done in 1s using pnpm v10.17.0"
+        Done in Xs using pnpm v10.17.0"
       `)
       expect(code, 'dry-run add should exit with code 0').toBe(0)
     },
@@ -207,7 +207,7 @@ describe('socket pnpm', async () => {
         Already up to date
         Progress: resolved 1043, reused 932, downloaded 0, added 0, done
 
-        Done in 1.2s using pnpm v10.17.0"
+        Done in Xs using pnpm v10.17.0"
       `)
       expect(code, 'dry-run add scoped package should exit with code 0').toBe(0)
     },
@@ -233,7 +233,7 @@ describe('socket pnpm', async () => {
 
         . prepare$ husky
         . prepare: Done
-        Done in 824ms using pnpm v10.17.0"
+        Done in Xs using pnpm v10.17.0"
       `)
       expect(code, 'dry-run install should exit with code 0').toBe(0)
     },
@@ -259,7 +259,7 @@ describe('socket pnpm', async () => {
 
         . prepare$ husky
         . prepare: Done
-        Done in 837ms using pnpm v10.17.0"
+        Done in Xs using pnpm v10.17.0"
       `)
       expect(
         code,
@@ -288,7 +288,7 @@ describe('socket pnpm', async () => {
 
         . prepare$ husky
         . prepare: Done
-        Done in 820ms using pnpm v10.17.0"
+        Done in Xs using pnpm v10.17.0"
       `)
       expect(
         code,
@@ -317,7 +317,7 @@ describe('socket pnpm', async () => {
 
         . prepare$ husky
         . prepare: Done
-        Done in 925ms using pnpm v10.17.0"
+        Done in Xs using pnpm v10.17.0"
       `)
       expect(
         code,

test/utils.mts

@@ -4,9 +4,9 @@ import { fileURLToPath } from 'node:url'
 import { it, vi } from 'vitest'
 
 import { spawn } from '@socketsecurity/registry/lib/spawn'
-import { stripAnsi } from '@socketsecurity/registry/lib/strings'
 
 import constants, { FLAG_HELP, FLAG_VERSION } from '../src/constants.mts'
+import { cleanOutput } from './utils/scrubbers/clean-output.mts'
 
 import type { CResult } from '../src/types.mts'
 import type {
@@ -19,16 +19,6 @@ import type { MockedFunction } from 'vitest'
 const __filename = fileURLToPath(import.meta.url)
 const __dirname = path.dirname(__filename)
 
-// The asciiUnsafeRegexp match characters that are:
-//   * Control characters in the Unicode range:
-//     - \u0000 to \u0007 (e.g., NUL, BEL)
-//     - \u0009 (Tab, but note: not \u0008 Backspace or \u000A Newline)
-//     - \u000B to \u001F (other non-printable control characters)
-//   * All non-ASCII characters:
-//     - \u0080 to \uFFFF (extended Unicode)
-// eslint-disable-next-line no-control-regex
-const asciiUnsafeRegexp = /[\u0000-\u0007\u0009\u000b-\u001f\u0080-\uffff]/g
-
 // Note: The fixture directory is in the same directory as this utils file.
 export const testPath = __dirname
 
@@ -61,103 +51,8 @@ export const YARN_BERRY_AGENT_FIXTURE = path.join(
 export const BUN_AGENT_FIXTURE = path.join(AGENT_FIXTURE_PATH, 'bun')
 export const VLT_AGENT_FIXTURE = path.join(AGENT_FIXTURE_PATH, 'vlt')
 
-function normalizeLogSymbols(str: string): string {
-  return str
-    .replaceAll('✖', '×')
-    .replaceAll('ℹ', 'i')
-    .replaceAll('✔', '√')
-    .replaceAll('⚠', '‼')
-}
-
-function normalizeNewlines(str: string): string {
-  return (
-    str
-      // Replace all literal \r\n.
-      .replaceAll('\r\n', '\n')
-      // Replace all escaped \\r\\n.
-      .replaceAll('\\r\\n', '\\n')
-  )
-}
-
-function stripZeroWidthSpace(str: string): string {
-  return str.replaceAll('\u200b', '')
-}
-
-function toAsciiSafeString(str: string): string {
-  return str.replace(asciiUnsafeRegexp, m => {
-    const code = m.charCodeAt(0)
-    return code < 255
-      ? `\\x${code.toString(16).padStart(2, '0')}`
-      : `\\u${code.toString(16).padStart(4, '0')}`
-  })
-}
-
-function stripTokenErrorMessages(str: string): string {
-  // Remove API token error messages to avoid snapshot inconsistencies
-  // when local environment has/doesn't have tokens set.
-  return str.replace(
-    /^\s*[×✖]\s+This command requires a Socket API token for access.*$/gm,
-    '',
-  )
-}
-
-function scrubFirewallOutput(str: string): string {
-  // Scrub dynamic content from Socket Firewall output to prevent snapshot inconsistencies
-  // from version numbers, timing, package counts, and other variable data.
-
-  let result = str
-
-  // Normalize Yarn version numbers (e.g., "Yarn 4.10.3" -> "Yarn X.X.X")
-  result = result.replace(/Yarn \d+\.\d+\.\d+/g, 'Yarn X.X.X')
-
-  // Normalize timing information (e.g., "3s 335ms" -> "Xs XXXms", "0s 357ms" -> "Xs XXXms")
-  result = result.replace(/\d+s \d+ms/g, 'Xs XXXms')
-
-  // Normalize package count information (e.g., "1137 more" -> "XXXX more")
-  result = result.replace(/and \d+ more\./g, 'and XXXX more.')
-
-  return result
-}
-
-function sanitizeTokens(str: string): string {
-  // Sanitize Socket API tokens to prevent leaking credentials into snapshots.
-  // Socket tokens follow the format: sktsec_[alphanumeric+underscore characters]
-
-  // Match Socket API tokens: sktsec_ followed by word characters
-  const tokenPattern = /sktsec_\w+/g
-  let result = str.replace(tokenPattern, 'sktsec_REDACTED_TOKEN')
-
-  // Sanitize token values in JSON-like structures
-  result = result.replace(
-    /"apiToken"\s*:\s*"sktsec_[^"]+"/g,
-    '"apiToken":"sktsec_REDACTED_TOKEN"',
-  )
-
-  // Sanitize token prefixes that might be displayed (e.g., "zP416" -> "REDAC")
-  // Match 5-character alphanumeric strings that appear after "token:" labels
-  result = result.replace(
-    /token:\s*\[?\d+m\]?([A-Za-z0-9]{5})\*{3}/gi,
-    'token: REDAC***',
-  )
-
-  return result
-}
-
-export function cleanOutput(output: string | Buffer<ArrayBufferLike>): string {
-  return toAsciiSafeString(
-    normalizeLogSymbols(
-      normalizeNewlines(
-        stripZeroWidthSpace(
-          scrubFirewallOutput(
-            sanitizeTokens(
-              stripTokenErrorMessages(stripAnsi(String(output).trim())),
-            ),
-          ),
-        ),
-      ),
-    ),
-  ).trim()
-}
+// Re-export cleanOutput from scrubbers for convenience
+export { cleanOutput }
 
 /**
  * Check if output contains cdxgen help content.

test/utils/scrubbers/clean-output.mts

@@ -0,0 +1,40 @@
+/** @fileoverview Main output cleaner that applies all scrubbers. */
+
+import { stripAnsi } from '@socketsecurity/registry/lib/strings'
+
+import {
+  scrubFirewallOutput,
+  scrubNpmOutput,
+  scrubPnpmOutput,
+} from './package-managers.mts'
+import { sanitizeTokens, stripTokenErrorMessages } from './security.mts'
+import {
+  normalizeLogSymbols,
+  normalizeNewlines,
+  stripZeroWidthSpace,
+  toAsciiSafeString,
+} from './text.mts'
+
+/**
+ * Apply all standard scrubbers to output for consistent test snapshots.
+ * This is the main function that should be used for cleaning test output.
+ */
+export function cleanOutput(output: string | Buffer<ArrayBufferLike>): string {
+  return toAsciiSafeString(
+    normalizeLogSymbols(
+      normalizeNewlines(
+        stripZeroWidthSpace(
+          scrubPnpmOutput(
+            scrubNpmOutput(
+              scrubFirewallOutput(
+                sanitizeTokens(
+                  stripTokenErrorMessages(stripAnsi(String(output).trim())),
+                ),
+              ),
+            ),
+          ),
+        ),
+      ),
+    ),
+  ).trim()
+}

test/utils/scrubbers/package-managers.mts

@@ -0,0 +1,54 @@
+/** @fileoverview Package manager output scrubbers for test snapshots. */
+
+/**
+ * Scrub Socket Firewall output to prevent snapshot inconsistencies
+ * from version numbers, timing, package counts, and other variable data.
+ */
+export function scrubFirewallOutput(str: string): string {
+  let result = str
+
+  // Normalize Yarn version numbers (e.g., "Yarn 4.10.3" -> "Yarn X.X.X")
+  result = result.replace(/Yarn \d+\.\d+\.\d+/g, 'Yarn X.X.X')
+
+  // Normalize timing information (e.g., "3s 335ms" -> "Xs XXXms", "0s 357ms" -> "Xs XXXms")
+  result = result.replace(/\d+s \d+ms/g, 'Xs XXXms')
+
+  // Normalize package count information (e.g., "1137 more" -> "XXXX more")
+  result = result.replace(/and \d+ more\./g, 'and XXXX more.')
+
+  return result
+}
+
+/**
+ * Scrub pnpm output to prevent snapshot inconsistencies from timing variations.
+ * Normalizes execution time to prevent flaky tests.
+ */
+export function scrubPnpmOutput(str: string): string {
+  let result = str
+
+  // Normalize pnpm timing: "Done in 1.2s" -> "Done in Xs", "Done in 825ms" -> "Done in Xs"
+  result = result.replace(
+    /Done in \d+(\.\d+)?s using pnpm/g,
+    'Done in Xs using pnpm',
+  )
+  result = result.replace(/Done in \d+ms using pnpm/g, 'Done in Xs using pnpm')
+
+  return result
+}
+
+/**
+ * Scrub npm output to prevent snapshot inconsistencies from timing variations.
+ * Normalizes execution time to prevent flaky tests.
+ */
+export function scrubNpmOutput(str: string): string {
+  let result = str
+
+  // Normalize npm timing variations
+  result = result.replace(
+    /added \d+ packages in \d+(\.\d+)?s/g,
+    'added X packages in Xs',
+  )
+  result = result.replace(/up to date in \d+(\.\d+)?s/g, 'up to date in Xs')
+
+  return result
+}

test/utils/scrubbers/security.mts

@@ -0,0 +1,37 @@
+/** @fileoverview Security-related scrubbers for test snapshots. */
+
+/**
+ * Strip API token error messages to avoid snapshot inconsistencies
+ * when local environment has/doesn't have tokens set.
+ */
+export function stripTokenErrorMessages(str: string): string {
+  return str.replace(
+    /^\s*[×✖]\s+This command requires a Socket API token for access.*$/gm,
+    '',
+  )
+}
+
+/**
+ * Sanitize Socket API tokens to prevent leaking credentials into snapshots.
+ * Socket tokens follow the format: sktsec_[alphanumeric+underscore characters]
+ */
+export function sanitizeTokens(str: string): string {
+  // Match Socket API tokens: sktsec_ followed by word characters
+  const tokenPattern = /sktsec_\w+/g
+  let result = str.replace(tokenPattern, 'sktsec_REDACTED_TOKEN')
+
+  // Sanitize token values in JSON-like structures
+  result = result.replace(
+    /"apiToken"\s*:\s*"sktsec_[^"]+"/g,
+    '"apiToken":"sktsec_REDACTED_TOKEN"',
+  )
+
+  // Sanitize token prefixes that might be displayed (e.g., "zP416" -> "REDAC")
+  // Match 5-character alphanumeric strings that appear after "token:" labels
+  result = result.replace(
+    /token:\s*\[?\d+m\]?([A-Za-z0-9]{5})\*{3}/gi,
+    'token: REDAC***',
+  )
+
+  return result
+}

test/utils/scrubbers/text.mts

@@ -0,0 +1,47 @@
+/** @fileoverview Text normalization scrubbers for test snapshots. */
+
+/**
+ * Normalize log symbols to ASCII equivalents for consistent snapshots.
+ * Maps Unicode symbols to basic ASCII characters.
+ */
+export function normalizeLogSymbols(str: string): string {
+  return str
+    .replaceAll('✖', '×')
+    .replaceAll('ℹ', 'i')
+    .replaceAll('✔', '√')
+    .replaceAll('⚠', '‼')
+}
+
+/**
+ * Normalize newlines to LF for consistent snapshots across platforms.
+ */
+export function normalizeNewlines(str: string): string {
+  return (
+    str
+      // Replace all literal \r\n.
+      .replaceAll('\r\n', '\n')
+      // Replace all escaped \\r\\n.
+      .replaceAll('\\r\\n', '\\n')
+  )
+}
+
+/**
+ * Strip zero-width spaces that may appear in output.
+ */
+export function stripZeroWidthSpace(str: string): string {
+  return str.replaceAll('\u200b', '')
+}
+
+/**
+ * Convert non-ASCII characters to escape sequences for safe snapshots.
+ */
+export function toAsciiSafeString(str: string): string {
+  // Match characters outside printable ASCII range (32-126) excluding newlines/tabs.
+  const asciiUnsafeRegexp = /[^\n\t\x20-\x7e]/g
+  return str.replace(asciiUnsafeRegexp, m => {
+    const code = m.charCodeAt(0)
+    return code < 255
+      ? `\\x${code.toString(16).padStart(2, '0')}`
+      : `\\u${code.toString(16).padStart(4, '0')}`
+  })
+}