From 7c6261c890f2afccb8a6b3bfcd437dd6ae9b51cf Mon Sep 17 00:00:00 2001
From: Colin Rotherham <work@colinr.com>
Date: Tue, 19 Dec 2023 10:42:57 +0000
Subject: [PATCH] Add test for incorrectly hoisted Dependabot updates

---
 package-lock.json.unit.test.mjs | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 package-lock.json.unit.test.mjs

diff --git a/package-lock.json.unit.test.mjs b/package-lock.json.unit.test.mjs
new file mode 100644
index 0000000000..b9bfbff672
--- /dev/null
+++ b/package-lock.json.unit.test.mjs
@@ -0,0 +1,31 @@
+describe('package-lock.json', () => {
+  /** @type {import('./package-lock.json')} */
+  let packageLockJson
+
+  beforeAll(async () => {
+    packageLockJson = await import('./package-lock.json')
+  })
+
+  describe('Dependabot updates', () => {
+    /**
+     * When this check fails, the incorrect `package-lock.json` can be repaired
+     * by checking out the Dependabot branch and running `npm install` to remove
+     * the hoisted dependency
+     *
+     * {@link https://govuk-design-system-team-docs.netlify.app/how-we-work/version-control/pull-requests#reviewing-a-pr-from-dependabot}
+     */
+    it("should not hoist 'optionalDependencies' to 'dependencies'", () => {
+      const { dependencies, optionalDependencies } =
+        packageLockJson.packages['']
+
+      // List package names for comparison
+      const packageNames = Object.keys(dependencies ?? {})
+      const packageNamesOptional = Object.keys(optionalDependencies ?? {})
+
+      // Check no optional dependencies are hoisted
+      for (const name of packageNamesOptional) {
+        expect(packageNames).not.toContain(name)
+      }
+    })
+  })
+})