Fix stale didYouMean props (#81)

flowstate · web-flow · commit be87c349119d · 2026-05-22T18:02:47.000-04:00
* test: failing regression for stale didYouMean props

* fix(issues): drop stale didYouMean props, add detectedAt

Resolves CUS2-5. The didYouMean class declared four props
(alternatePackage, downloads, downloadsRatio, editDistance) but the
current OpenAPI schema (socket-sdk-js/openapi.json:9298) only emits
{ alternatePackage, detectedAt }. The three stale keys were dead at
runtime and detectedAt was missing a human-readable label entirely.
Updated to match the schema.

* chore(release): bump to 3.1.1 and sync pyproject.toml

Run via .hooks/sync_version.py after merging origin/main (now at 3.1.0
from lelia's purl PR). Keeps pyproject.toml and socketdev/version.py
in lockstep, as flagged in code review.

* chore: sync uv.lock to 3.1.1
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketdev"
-version = "3.1.0"
+version = "3.1.1"
 requires-python = ">= 3.9"
 dependencies = [
     'requests',
diff --git a/socketdev/core/issues.py b/socketdev/core/issues.py
@@ -463,7 +463,7 @@ class didYouMean:
 
 	def __init__(self):
 		self.description = "Package name is similar to other popular packages and may not be the package you want."
-		self.props = {"alternatePackage": "Alternate package", "downloads": "Downloads", "downloadsRatio": "Download ratio", "editDistance": "Edit distance"}
+		self.props = {"alternatePackage": "Alternate package", "detectedAt": "Detected at"}
 		self.suggestion = "Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages."
 		self.title = "Possible typosquat attack"
 		self.emoji = "\ud83e\uddd0"
diff --git a/socketdev/version.py b/socketdev/version.py
@@ -1 +1 @@
-__version__ = "3.1.0"
+__version__ = "3.1.1"
diff --git a/tests/unit/test_issues_did_you_mean_props.py b/tests/unit/test_issues_did_you_mean_props.py
@@ -0,0 +1,28 @@
+"""Contract test for the didYouMean alert-type class's props.
+
+The OpenAPI schema (`socket-sdk-js/openapi.json` around line 9298) declares
+that the API emits `didYouMean` alerts with ``props: { alternatePackage,
+detectedAt }``. The Python SDK previously declared four props
+(``alternatePackage``, ``downloads``, ``downloadsRatio``, ``editDistance``);
+the latter three are no longer in the API schema and were dead keys at
+runtime — and ``detectedAt`` was missing.
+
+Tracks CUS2-5. Sibling of CUS2-4.
+"""
+
+import unittest
+
+from socketdev.core.issues import didYouMean
+
+
+class TestDidYouMeanProps(unittest.TestCase):
+    def test_props_match_openapi_schema(self):
+        """API emits props { alternatePackage, detectedAt } (openapi.json:9298)."""
+        issue = didYouMean()
+        self.assertEqual(set(issue.props.keys()), {"alternatePackage", "detectedAt"})
+
+    def test_props_label_strings_are_non_empty(self):
+        """Every props key must have a non-empty human-readable label."""
+        issue = didYouMean()
+        for key, label in issue.props.items():
+            self.assertTrue(label, f"props[{key!r}] label should not be empty")
diff --git a/uv.lock b/uv.lock

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-__version__ = "3.1.0"`
	`1`	`+__version__ = "3.1.1"`