Summary
normalizeRisk in scripts/parse-zap-report.js has subtle behavior (riskcode vs riskdesc) documented in comments. Small regressions are easy to introduce without automated checks.
Scope (good first issue)
- Extract
normalizeRisk (and optionally normalizeRouteish) into a tiny module under scripts/ that parse-zap-report.js requires, or add a scripts/*.test.js file using Node's built-in node:test (Node 22 is already used in CI).
- Add tests covering: riskcode mapping, riskdesc with parenthetical confidence (e.g. informational labeled with high confidence), and at least one
normalizeRouteish case (UUID or numeric id collapsing).
CI follow-up (optional stretch)
- Add a CI step to run
node --test scripts/*.test.js if you use node:test; keep runtime minimal.
Acceptance criteria
- Tests run locally with a single documented command in the PR description.
- No change to parse output for existing golden/typical ZAP JSON shapes (or document intentional fixes with tests).
Files
scripts/parse-zap-report.js (refactor as needed)- New test file(s) under
scripts/
Summary
normalizeRiskinscripts/parse-zap-report.jshas subtle behavior (riskcode vs riskdesc) documented in comments. Small regressions are easy to introduce without automated checks.Scope (good first issue)
normalizeRisk(and optionallynormalizeRouteish) into a tiny module underscripts/thatparse-zap-report.jsrequires, or add ascripts/*.test.jsfile using Node's built-innode:test(Node 22 is already used in CI).normalizeRouteishcase (UUID or numeric id collapsing).CI follow-up (optional stretch)
node --test scripts/*.test.jsif you usenode:test; keep runtime minimal.Acceptance criteria
Files
scripts/parse-zap-report.js(refactor as needed)scripts/