builtbykev/vyndr
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity

Session 31: Code audit + security review — NFL MARKET_MAP gap fixed, npm audit 0 vulns (1695 tests)

Browse Source 
- Add NFL keys to oddsNormalizer.MARKET_MAP (defensive; same silent-zero
  class as the Session 30 MLB bug) + NFL surface test
- npm audit fix: ws/qs + Supabase transitives, 7 vulns -> 0 (semver-safe)
- Audit findings documented in BUILD-STATE: grades cache has no writer,
  NFL/NHL not wired end-to-end, rate limiting only on /analyze, tests
  mutate a tracked jsonl, leaked GitHub PAT in origin remote (rotate)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kev
2026-06-14 23:48:40 -04:00
parent a3351e2135
commit 2ba3958c7a
4 changed files with 186 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/unit/oddsNormalizer.test.js
+31
View File
@@ -121,6 +121,37 @@ describe('oddsNormalizer', () => {
}
});
it('exposes the NFL market keys added in the Session 31 audit', () => {
// Defensive mapping landed before NFL is fully wired so it can't
// repeat the MLB silent-zero bug. Both odds-api `_yds` and the
// `_yards` spellings must resolve, and internal names align with
// config/statFilters.js (passing/rushing/receiving_yards, interceptions).
expect(MARKET_MAP.player_pass_yds).toBe('passing_yards');
expect(MARKET_MAP.player_pass_yards).toBe('passing_yards');
expect(MARKET_MAP.player_rush_yds).toBe('rushing_yards');
expect(MARKET_MAP.player_reception_yds).toBe('receiving_yards');
expect(MARKET_MAP.player_receiving_yards).toBe('receiving_yards');
expect(MARKET_MAP.player_receptions).toBe('receptions');
expect(MARKET_MAP.player_pass_interceptions).toBe('interceptions');
expect(MARKET_MAP.player_anytime_td).toBe('anytime_td');
// End-to-end: an NFL market normalizes to a real prop, not zero.
const event = makeEvent({
bookmakers: [
makeBookmaker('draftkings', [
makeMarket('player_pass_yds', [
makeOutcome('Over', 'Patrick Mahomes', -110, 275.5),
makeOutcome('Under', 'Patrick Mahomes', -110, 275.5),
]),
]),
],
});
const result = normalizeProps([event]);
expect(result).toHaveLength(1);
expect(result[0].stat_type).toBe('passing_yards');
expect(result[0].player).toBe('Patrick Mahomes');
});
it('handles missing/null odds gracefully (skips incomplete outcomes)', () => {
const event = makeEvent({
bookmakers: [