Add bun and vlt lockfiles (#202)

* Add bun and vlt lockfiles

* Add bun.lockb

* Add unit tests for bun.lock, bun.lockb, and vlt-lock.json manifest matching

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>

* Bump version to 2.2.87

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>

* Add missing version refs

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>

---------

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>
Co-authored-by: lelia <2418071+lelia@users.noreply.github.com>

Author: rreusser

pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.86"
+version = "2.2.88"
 requires-python = ">= 3.11"
 license = {"file" = "LICENSE"}
 dependencies = [

socketsecurity/__init__.py

@@ -1,3 +1,3 @@
 __author__ = 'socket.dev'
-__version__ = '2.2.86'
+__version__ = '2.2.88'
 USER_AGENT = f'SocketPythonCLI/{__version__}'

socketsecurity/core/utils.py

@@ -38,6 +38,15 @@
         },
         "pnpm-workspace.yml": {
             "pattern": "pnpm-workspace.yml"
+        },
+        "bun.lock": {
+            "pattern": "bun.lock"
+        },
+        "bun.lockb": {
+            "pattern": "bun.lockb"
+        },
+        "vlt-lock.json": {
+            "pattern": "vlt-lock.json"
         }
     },
     "pypi": {
@@ -105,4 +114,4 @@
             "pattern": "packages.lock.json"
         }
     }
-}
+}

tests/core/test_has_manifest_files.py

@@ -1,13 +1,17 @@
 from unittest.mock import patch
 
 from socketsecurity.core import Core
+from socketsecurity.core.utils import socket_globs
 
 # Minimal patterns matching what the Socket API returns
 MOCK_PATTERNS = {
     "npm": {
         "packagejson": {"pattern": "package.json"},
         "packagelockjson": {"pattern": "package-lock.json"},
         "yarnlock": {"pattern": "yarn.lock"},
+        "bunlock": {"pattern": "bun.lock"},
+        "bunlockb": {"pattern": "bun.lockb"},
+        "vltlockjson": {"pattern": "vlt-lock.json"},
     },
     "pypi": {
         "requirements": {"pattern": "*requirements.txt"},
@@ -66,3 +70,42 @@ def test_dot_slash_prefix_normalized(self, mock_patterns):
     def test_pom_xml_root(self, mock_patterns):
         core = Core.__new__(Core)
         assert core.has_manifest_files(["pom.xml"]) is True
+
+    def test_bun_lock_root(self, mock_patterns):
+        core = Core.__new__(Core)
+        assert core.has_manifest_files(["bun.lock"]) is True
+
+    def test_bun_lockb_root(self, mock_patterns):
+        core = Core.__new__(Core)
+        assert core.has_manifest_files(["bun.lockb"]) is True
+
+    def test_vlt_lock_json_root(self, mock_patterns):
+        core = Core.__new__(Core)
+        assert core.has_manifest_files(["vlt-lock.json"]) is True
+
+    def test_bun_lock_subdirectory(self, mock_patterns):
+        core = Core.__new__(Core)
+        assert core.has_manifest_files(["apps/web/bun.lock"]) is True
+
+
+@patch.object(Core, "get_supported_patterns", side_effect=RuntimeError("API unreachable"))
+@patch.object(Core, "__init__", lambda self, *a, **kw: None)
+class TestHasManifestFilesFallback:
+    """Exercises the socket_globs fallback path used when the Socket API is unreachable."""
+
+    def test_fallback_matches_bun_lock(self, mock_patterns):
+        core = Core.__new__(Core)
+        assert core.has_manifest_files(["bun.lock"]) is True
+
+    def test_fallback_matches_bun_lockb(self, mock_patterns):
+        core = Core.__new__(Core)
+        assert core.has_manifest_files(["bun.lockb"]) is True
+
+    def test_fallback_matches_vlt_lock_json(self, mock_patterns):
+        core = Core.__new__(Core)
+        assert core.has_manifest_files(["vlt-lock.json"]) is True
+
+    def test_fallback_patterns_dict_contains_new_entries(self, mock_patterns):
+        assert "bun.lock" in socket_globs["npm"]
+        assert "bun.lockb" in socket_globs["npm"]
+        assert "vlt-lock.json" in socket_globs["npm"]