GoogleChrome · brendankenny · Jul 20, 2019 · Jun 28, 2019 · Jun 28, 2019 · Jun 28, 2019
diff --git a/lighthouse-core/test/audits/dobetterweb/no-vulnerable-libraries-test.js b/lighthouse-core/test/audits/dobetterweb/no-vulnerable-libraries-test.js
@@ -99,3 +99,20 @@ describe('Avoids front-end JavaScript libraries with known vulnerabilities', ()
     assert.equal(auditResult.score, 1);
   });
 });
+
+describe('Every snyk vulnerability has an upperbound', () => {
+  for (const vulns of Object.values(NoVulnerableLibrariesAudit.snykDB.npm)) {
+    for (const vuln of vulns) {
+      for (const semver of vuln.semver.vulnerable) {
+        assert.notEqual(semver, '*', 'invalid semver: * is not allowed');
+
+        const clauses = semver.split('||');
+        for (const clause of clauses) {
+          if (!clause.trim().startsWith('=') && !clause.includes('<')) {
+            assert.fail(`invalid semver: ${semver}. Must contain an upper bound`);
+          }
+        }
+      }
+    }
+  }
+});