From 91315450651b58ca783f8a321a5f7dce282be162 Mon Sep 17 00:00:00 2001
From: Shakker <shakkerdroid@gmail.com>
Date: Mon, 11 May 2026 07:12:59 +0100
Subject: [PATCH] test: tighten file install warning assertion

---
 src/plugins/install.path.test.ts | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/plugins/install.path.test.ts b/src/plugins/install.path.test.ts
index 68cd3cdbf80..efce6437800 100644
--- a/src/plugins/install.path.test.ts
+++ b/src/plugins/install.path.test.ts
@@ -226,6 +226,7 @@ describe("installPluginFromPath", () => {
 
     const sourcePath = path.join(baseDir, "payload.js");
     fs.writeFileSync(sourcePath, "eval('danger');\n", "utf-8");
+    const expectedFinding = `Dynamic code execution detected (${sourcePath}:1)`;
 
     const { result, warnings } = await installFromFileWithWarnings({
       filePath: sourcePath,
@@ -235,11 +236,13 @@ describe("installPluginFromPath", () => {
     expect(result.ok).toBe(false);
     if (!result.ok) {
       expect(result.code).toBe(PLUGIN_INSTALL_ERROR_CODE.SECURITY_SCAN_BLOCKED);
-      expect(result.error).toContain('Plugin file "payload" installation blocked');
+      expect(result.error).toBe(
+        `Plugin file "payload" installation blocked: dangerous code patterns detected: ${expectedFinding}`,
+      );
     }
-    expect(warnings).toEqual(
-      expect.arrayContaining([expect.stringContaining("dangerous code pattern")]),
-    );
+    expect(warnings).toEqual([
+      `WARNING: Plugin file "payload" contains dangerous code patterns: ${expectedFinding}`,
+    ]);
   });
 
   it("allows plain file installs with dangerous code patterns when forced unsafe install is set", async () => {
@@ -249,6 +252,7 @@ describe("installPluginFromPath", () => {
 
     const sourcePath = path.join(baseDir, "payload.js");
     fs.writeFileSync(sourcePath, "eval('danger');\n", "utf-8");
+    const expectedFinding = `Dynamic code execution detected (${sourcePath}:1)`;
 
     const { result, warnings } = await installFromFileWithWarnings({
       filePath: sourcePath,
@@ -257,13 +261,10 @@ describe("installPluginFromPath", () => {
     });
 
     expect(result.ok).toBe(true);
-    expect(
-      warnings.some((warning) =>
-        warning.includes(
-          "forced despite dangerous code patterns via --dangerously-force-unsafe-install",
-        ),
-      ),
-    ).toBe(true);
+    expect(warnings).toEqual([
+      `WARNING: Plugin file "payload" contains dangerous code patterns: ${expectedFinding}`,
+      `WARNING: Plugin file "payload" installation forced despite dangerous code patterns via --dangerously-force-unsafe-install: ${expectedFinding}`,
+    ]);
   });
 
   it("blocks hardlink alias overwrites when installing a plain file plugin", async () => {