Update to support Node strip-only TypeScript support

[cjbarth]

Description

Due to changes in Node, TypeScript support is now built-in and enabled by default, but only the "strip-only" version. This caused problems for our tests. This adjusts the tests to work with the newer versions of Node.

See https://github.com/nodejs/node/releases/tag/v23.6.0

Summary by CodeRabbit

• Chores

  • Updated test commands to build the project before running tests and to use a dedicated test configuration for more reliable, consistent test runs.

• Tests

  • Refactored decoding and inflation steps across multiple test cases to use clearer, immutable variables and explicit UTF‑8 decoding, improving readability and maintainability with no behavioral changes.

[coderabbitai]

Walkthrough

Package.json test scripts now run the build step and pass a Mocha config file; test-watch uses Mocha with the same config. Tests in test/samlRequest.spec.ts refactor base64-decode + inflate logic to use const locals and explicit UTF‑8 string conversion, preserving existing assertions and flow.

Changes

Cohort / File(s)	Summary
Test runner flow package.json	Updated test script from npm run tsc && nyc mocha → npm run build && nyc mocha --config .mocharc.json. Updated test-watch from mocha --watch → mocha --config .mocharc.json --watch.
SAML request test refactor test/samlRequest.spec.ts	Replaced mutable buffer pattern with explicit const decoded = Buffer.from(..., 'base64'), const inflated = zlib.inflateRawSync(decoded), and parseStringPromise(inflated.toString('utf8')) across multiple tests; variable naming clarified, no behavioral changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant NPM as npm
  participant Build as build script
  participant NYC as nyc
  participant Mocha as Mocha
  participant Config as .mocharc.json
  participant Tests as test/samlRequest.spec.ts

  Dev->>NPM: run "npm test"
  NPM->>Build: npm run build
  Build-->>NPM: artifacts ready
  NPM->>NYC: nyc mocha --config .mocharc.json
  NYC->>Mocha: start with config
  Mocha->>Config: load .mocharc.json
  Mocha->>Tests: execute tests
  Tests-->>Mocha: decode -> inflate -> parse -> assert
  Mocha-->>NYC: test results
  NYC-->>Dev: coverage + results

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

I nibble code with whiskered cheer,
Build then test — the path is clear.
Decode, inflate, UTF‑8 delight,
Consts in place, the XML's light.
Mocha reads config; nyc keeps score — thump, thump, encore. 🐇

Pre-merge checks (2 passed, 1 inconclusive)

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description Check	❓ Inconclusive	The description explains the root cause, links to the relevant Node release, and notes that tests were adjusted, satisfying the basic summary requirement, but it does not follow the repository template: it omits an explicit use-case description, does not complete the checklist fields (Issue Addressed, Tests included?, Documentation updated?), and lacks an explicit confirmation of which tests/files were changed. Because the repo template expects those sections, the current description is incomplete relative to the required structure.	Please update the PR description to follow the repository template by adding a brief summary of which files/areas were changed and an explicit confirmation that tests are included (mentioning the test files), indicate any issue number addressed if applicable, describe the specific use-case and systems affected, and complete the checklist fields; include SAML spec links only if the PR modifies SAML-related behavior.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title concisely and accurately states the PR’s primary purpose—adding support for Node’s "strip-only" TypeScript behavior—and aligns with the PR objectives to adjust tests for newer Node versions; it is short, specific, and free of noise or unrelated details, so a teammate scanning history will understand the main change.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (6)

package.json (1)

48-50: Mocha config verified — ts-node present; align test-watch and consider trimming duplicate builds.

• Verified: .mocharc.json requires "ts-node/register".
• Keep watch mode consistent:

-    "test-watch": "mocha --watch",
+    "test-watch": "mocha --config .mocharc.json --watch",

• Confirm whether prepare/prerelease also run the build (test runs "npm run build"); if so, remove one to avoid duplicate builds.

test/samlRequest.spec.ts (5)

98-101: Decode/deflate flow is correct; specify UTF-8 for determinism.

Explicitly pass "utf8" to toString() to avoid locale-dependent defaults and keep snapshots stable.

-          return parseStringPromise(inflated.toString());
+          return parseStringPromise(inflated.toString("utf8"));

And likewise here:

-          return parseStringPromise(inflated.toString());
+          return parseStringPromise(inflated.toString("utf8"));

Also applies to: 121-125

---

186-190: Same UTF-8 nit.

-          return parseStringPromise(inflated.toString());
+          return parseStringPromise(inflated.toString("utf8"));

…and:

-          return parseStringPromise(inflated.toString());
+          return parseStringPromise(inflated.toString("utf8"));

Also applies to: 209-213

---

278-282: Same UTF-8 nit across this block.

-          return parseStringPromise(inflated.toString());
+          return parseStringPromise(inflated.toString("utf8"));

…and:

-          return parseStringPromise(inflated.toString());
+          return parseStringPromise(inflated.toString("utf8"));

Also applies to: 301-305

---

370-374: Same UTF-8 nit here too.

-          return parseStringPromise(inflated.toString());
+          return parseStringPromise(inflated.toString("utf8"));

…and:

-          return parseStringPromise(inflated.toString());
+          return parseStringPromise(inflated.toString("utf8"));

Also applies to: 393-397

---

98-101: Reduce repetition with a tiny helper.

Eight spots repeat the same base64→inflate→parse steps. Consider a small test helper to keep future edits (e.g., zlib options) in one place.

Add near the top of the file:

async function parseDeflatedBase64Xml(b64: string) {
  const decoded = Buffer.from(b64, "base64");
  const inflated = zlib.inflateRawSync(decoded);
  return parseStringPromise(inflated.toString("utf8"));
}

Then replace repeated sequences with:

return parseDeflatedBase64Xml(encodedSamlRequest);

Also applies to: 121-125, 186-190, 209-213, 278-282, 301-305, 370-374, 393-397

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1d8d66f and 446e52a.

📒 Files selected for processing (2)

• package.json (1 hunks)
• test/samlRequest.spec.ts (8 hunks)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

test/samlRequest.spec.ts (3)

98-101: DRY the decode/parse logic into a small helper to reduce repetition.

This sequence repeats many times; a helper improves readability and lowers maintenance.

Add a tiny test-local helper (outside the changed ranges):

function parseAuthnRequestFromBase64(b64: string, opts: { compressed: boolean }) {
  const buf = Buffer.from(b64, "base64");
  const xml = opts.compressed ? zlib.inflateRawSync(buf).toString("utf8") : buf.toString("utf8");
  return parseStringPromise(xml);
}

Apply it (example for Lines 98-101):

-          const decoded = Buffer.from(encodedSamlRequest, "base64");
-          const inflated = zlib.inflateRawSync(decoded);
-
-          return parseStringPromise(inflated.toString("utf8"));
+          return parseAuthnRequestFromBase64(encodedSamlRequest, { compressed: true });

Repeat similarly for the other compressed cases; use { compressed: false } in the skipRequestCompression tests.

Also applies to: 121-124, 186-189, 209-212, 278-281, 301-304, 370-373, 393-396

---

98-101: Minor: keep the chain tight to reduce temporaries (optional).

If you don’t adopt the helper, inlining the toString into one return reduces noise.

-          const decoded = Buffer.from(encodedSamlRequest, "base64");
-          const inflated = zlib.inflateRawSync(decoded);
-
-          return parseStringPromise(inflated.toString("utf8"));
+          return parseStringPromise(zlib.inflateRawSync(Buffer.from(encodedSamlRequest, "base64")).toString("utf8"));

---

3-3: Consider Node built-in import specifier.

Using node:zlib is the modern builtin specifier; keeps intent clear and avoids resolution edge-cases.

Example (outside changed lines):

import * as zlib from "node:zlib";

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 446e52a and c78ce56.

📒 Files selected for processing (2)

• package.json (1 hunks)
• test/samlRequest.spec.ts (10 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: test (ubuntu-latest, 18, false)

🔇 Additional comments (2)

test/samlRequest.spec.ts (2)

98-101: LGTM: explicit base64 → inflateRaw → UTF‑8 parse sequence is correct.

Solid, explicit handling that’s robust across Node’s strip-only TS execution.

Also applies to: 121-124, 186-189, 209-212, 278-281, 301-304, 370-373, 393-396

---

494-494: LGTM: no inflate when skipRequestCompression=true.

Direct base64 decode + UTF‑8 parse here matches the config and avoids unnecessary zlib usage.

Also applies to: 515-515