[quality] coverage-gap: scripts/lib/ has 18 untested JS modules — SBOM parser and markdown generator unprotected

## Finding

`scripts/lib/` contains 18 JavaScript/ESM modules that have **no test files**.
The top-level `scripts/*.js` files all have corresponding `*.test.js` coverage,
but the shared library layer is completely untested:

| File | Purpose |
|------|---------|
| `scripts/lib/sbom/parser.js` | Parses SBOM JSON for package extraction |
| `scripts/lib/sbom/api.js` | SBOM API calls |
| `scripts/lib/sbom/bst.js` | BST-specific SBOM logic |
| `scripts/lib/sbom/slim.js` | SBOM slimming/filtering |
| `scripts/lib/sbom/writer.js` | SBOM output writing |
| `scripts/lib/sbom-versions.js` | Version comparison/extraction |
| `scripts/lib/markdown-generator.mjs` | Generates markdown reports |
| `scripts/lib/card-feed-parser.mjs` | Parses card feed data |
| `scripts/lib/card-template.mjs` | Card template rendering |
| `scripts/lib/contributor-tracker.mjs` | Tracks contributor activity |
| `scripts/lib/label-mapping.mjs` | Maps GitHub labels |
| `scripts/lib/request-queue.js` | Rate-limited request queuing |
| `scripts/lib/build-metrics.mjs` | Build metrics collection |
| `scripts/lib/graphql-queries.mjs` | GraphQL query strings |
| `scripts/lib/github-sponsors.mjs` | GitHub Sponsors data |
| `scripts/lib/monitored-repos.mjs` | Repo list configuration |
| `scripts/lib/tap-promotions.mjs` | TAP promotion logic |
| `scripts/lib/update-artwork-detection.mjs` | Artwork change detection |

The SBOM parser and markdown generator are the highest-impact gaps — they
process production data and bugs in them would silently corrupt generated output.

## Recommendation

1. Start with `scripts/lib/sbom/parser.js` — add
   `scripts/lib/sbom/parser.test.js` with fixture JSON inputs
2. Add `scripts/lib/markdown-generator.test.mjs` for the report generator
3. Extend the CI `pages.yml` or add a `unit-tests.yml` workflow to run
   `node --test` or Jest across `scripts/lib/**/*.test.*`

## Priority
- Impact: medium — SBOM and markdown output errors are silent
- Effort: medium — needs test fixtures for SBOM JSON format

---
*Filed by quality agent (hold-gated mode)*


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[quality] coverage-gap: scripts/lib/ has 18 untested JS modules — SBOM parser and markdown generator unprotected #905

Finding

Recommendation

Priority

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

File	Purpose
`scripts/lib/sbom/parser.js`	Parses SBOM JSON for package extraction
`scripts/lib/sbom/api.js`	SBOM API calls
`scripts/lib/sbom/bst.js`	BST-specific SBOM logic
`scripts/lib/sbom/slim.js`	SBOM slimming/filtering
`scripts/lib/sbom/writer.js`	SBOM output writing
`scripts/lib/sbom-versions.js`	Version comparison/extraction
`scripts/lib/markdown-generator.mjs`	Generates markdown reports
`scripts/lib/card-feed-parser.mjs`	Parses card feed data
`scripts/lib/card-template.mjs`	Card template rendering
`scripts/lib/contributor-tracker.mjs`	Tracks contributor activity
`scripts/lib/label-mapping.mjs`	Maps GitHub labels
`scripts/lib/request-queue.js`	Rate-limited request queuing
`scripts/lib/build-metrics.mjs`	Build metrics collection
`scripts/lib/graphql-queries.mjs`	GraphQL query strings
`scripts/lib/github-sponsors.mjs`	GitHub Sponsors data
`scripts/lib/monitored-repos.mjs`	Repo list configuration
`scripts/lib/tap-promotions.mjs`	TAP promotion logic
`scripts/lib/update-artwork-detection.mjs`	Artwork change detection

Uh oh!

[quality] coverage-gap: scripts/lib/ has 18 untested JS modules — SBOM parser and markdown generator unprotected #905

Description

Finding

Recommendation

Priority

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions