refactor(utils/copy): remove chai dev dependency

[therealharshit]

---

type: pre_commit_static_analysis_report
description: Results of running static analysis checks when committing changes. report:

• task: lint_filenames status: passed
• task: lint_editorconfig status: passed
• task: lint_markdown status: na
• task: lint_package_json status: passed
• task: lint_repl_help status: na
• task: lint_javascript_src status: na
• task: lint_javascript_cli status: na
• task: lint_javascript_examples status: na
• task: lint_javascript_tests status: passed
• task: lint_javascript_benchmarks status: na
• task: lint_python status: na
• task: lint_r status: na
• task: lint_c_src status: na
• task: lint_c_examples status: na
• task: lint_c_benchmarks status: na
• task: lint_c_tests_fixtures status: na
• task: lint_shell status: na
• task: lint_typescript_declarations status: passed
• task: lint_typescript_tests status: na
• task: lint_license_headers status: passed ---

Resolves #{{TODO: add issue number}}.

Description

What is the purpose of this pull request?

This pull request:

• Removes the chai dev dependancy

Related Issues

Does this pull request have any related issues?

This pull request has the following related issues:

• Resolve a part of # [Idea]: improve project supply chain security by bringing production dependencies in-house google-summer-of-code#102

Questions

Any questions for reviewers of this pull request?

No.

Other

Any other information relevant to this pull request? This may include screenshots, references, and/or implementation notes.

No.

Checklist

Please ensure the following tasks are completed before submitting this pull request.

• Read, understood, and followed the contributing guidelines.

AI Assistance

When authoring the changes proposed in this PR, did you use any kind of AI assistance?

• Yes
• No

If you answered "yes" above, how did you use AI assistance?

• Code generation (e.g., when writing an implementation or fixing a bug)
• Test/benchmark generation
• Documentation (including examples)
• Research and understanding

Disclosure

If you answered "yes" to using AI assistance, please provide a short disclosure indicating how you used AI assistance. This helps reviewers determine how much scrutiny to apply when reviewing your contribution. Example disclosures: "This PR was written primarily by Claude Code." or "I consulted ChatGPT to understand the codebase, but the proposed changes were fully authored manually by myself.".

{{TODO: add disclosure if applicable}}

---

@stdlib-js/reviewers

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: npm form-data uses unsafe random function in form-data for choosing boundary CVE: GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary (CRITICAL) Affected versions: < 2.5.4; >= 3.0.0 < 3.0.4; >= 4.0.0 < 4.0.4 Patched version: 2.5.4 From: ? → npm/form-data@2.3.3 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/form-data@2.3.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Prototype Pollution in npm minimist CVE: GHSA-xvch-5gv4-984h Prototype Pollution in minimist (CRITICAL) Affected versions: >= 1.0.0 < 1.2.6; < 0.2.4 Patched version: 0.2.4 From: ? → npm/factor-bundle@2.5.0 → npm/minimist@0.0.5 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimist@0.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[therealharshit]

I am not sure why CI test cases are failing and I think it's not related to my changes in this PR.

I recently did a clean rebase on develop, and checking the CI logs, the tests strictly isolated to my changes in @stdlib/utils/copy are passing perfectly.

therealharshit@Harshits-MacBook-Air stdlib % make TESTS_FILTER=".*/utils/copy/.*" test

Running test: /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/utils/copy/test/test.js

  main export is a function

    ✔ /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/utils/copy/test/test.js
    ✔ export is a function

  if provided a nonnegative integer level, the function will throw an error

    ✔ throws when provided a string
    ✔ throws when provided a number
    ✔ throws when provided a number
    ✔ throws when provided a object
    ✔ throws when provided a number
    ✔ throws when provided a undefined
    ✔ throws when provided a boolean
    ✔ throws when provided a object
    ✔ throws when provided a object
    ✔ throws when provided a function

  the function deep copies an input value

    ✔ returns expected value
    ✔ returns expected value
    ✔ returns expected value
    ✔ has expected length
    ✔ returns expected value
    ✔ has expected length
    ✔ element 0 is equal
    ✔ element 1 is equal
    ✔ element 2 is equal
    ✔ element 3 is equal
    ✔ element 4 is equal
    ✔ element 5 is equal
    ✔ element 6 is equal
    ✔ element 7 is equal
    ✔ element 8 is equal
    ✔ element 9 is equal
    ✔ element 10 is NaN
    ✔ element 11 is equal
    ✔ element 12 is equal
    ✔ element 13 is equal
    ✔ element 14 is equal
    ✔ element 15 is equal
    ✔ element 16 is equal
    ✔ element 17 is equal
    ✔ element 18 is equal
    ✔ element 19 is equal
    ✔ element 20 is equal
    ✔ element 21 is equal
    ✔ element 22 is equal
    ✔ element 23 is equal
    ✔ returns expected value
    ✔ has expected length
    ✔ returns expected value

  the function supports deep coping to a specified level

    ✔ copy to depth 1
    ✔ copy to depth 2

  when provided a level equal to 0, the function returns the input reference

    ✔ copy to depth 0


  total:     48
  passing:   48
  duration:  85ms



Running test: /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/utils/copy/test/test.process_env.js

  in Node <=v0.10.x, `process.env` does not behave like a normal object and cannot be copied using traditional means (hasOwnProperties, but no property descriptors)

    ✔ /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/utils/copy/test/test.process_env.js
    ✔ successfully copies process.env


  total:     2
  passing:   2
  duration:  30ms



Running test: /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/utils/copy/test/test.copy_error.js

  main export is a function

    ✔ /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/utils/copy/test/test.copy_error.js
    ✔ export is a function

  generic <Error> object

    ✔ separate instances
    ✔ instance of Error
    ✔ equal messages
    ✔ equal names
    ✔ equal stack trace

  <TypeError>

    ✔ separate instances
    ✔ instance of TypeError
    ✔ equal messages
    ✔ equal names
    ✔ equal stack trace

  <RangeError>

    ✔ separate instances
    ✔ instance of RangeError
    ✔ equal messages
    ✔ equal names
    ✔ equal stack trace

  <SyntaxError>

    ✔ separate instances
    ✔ instance of SyntaxError
    ✔ equal messages
    ✔ equal names
    ✔ equal stack trace

  <ReferenceError>

    ✔ separate instances
    ✔ instance of ReferenceError
    ✔ equal messages
    ✔ equal names
    ✔ equal stack trace

  <EvalError>

    ✔ separate instances
    ✔ instance of EvalError
    ✔ equal messages
    ✔ equal names
    ✔ equal stack trace

  <URIError>

    ✔ separate instances
    ✔ instance of URIError
    ✔ equal messages
    ✔ equal names
    ✔ equal stack trace

  environments missing a `stack` trace

    ✔ no stack trace

  `code` property (Node.js)

    ✔ equal codes

  `errno` property (Node.js)

    ✔ equal errno

  `syscall` property (Node.js)

    ✔ equal syscall values

  additional (enumerable) properties

    ✔ data descriptor
    ✔ data descriptor
    ✔ accessor descriptor
    ✔ accessor descriptor
    ✔ new instances
    ✔ deep equal

  custom errors (proto)

    ✔ separate instances
    ✔ instance of CustomError
    ✔ instance of Error
    ✔ equal messages
    ✔ equal names
    ✔ equal stack trace

  custom errors (subclass; ES2015)

    ✔ separate instances
    ✔ instance of CustomError
    ✔ instance of Error
    ✔ equal messages
    ✔ equal names
    ✔ equal stack trace


  total:     59
  passing:   59
  duration:  31ms



Running test: /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/utils/copy/test/test.deep_copy.js

  main export is a function

    ✔ /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/utils/copy/test/test.deep_copy.js
    ✔ export is a function

  copy primitives

    ✔ copies a string primitive
    ✔ copies a number primitive
    ✔ copies a object primitive
    ✔ copies a undefined primitive
    ✔ copies a boolean primitive

  copy `NaN`

    ✔ copies a NaN primitive

  copy typed arrays

    ✔ distinct references
    ✔ deep equal
    ✔ distinct references
    ✔ deep equal
    ✔ distinct references
    ✔ deep equal
    ✔ distinct references
    ✔ deep equal
    ✔ distinct references
    ✔ deep equal
    ✔ distinct references
    ✔ deep equal
    ✔ distinct references
    ✔ deep equal
    ✔ distinct references
    ✔ deep equal
    ✔ distinct references
    ✔ deep equal

  copy `Boolean` objects to boolean primitives

    ✔ not an object
    ✔ equal values

  copy `String` objects to string primitives

    ✔ not an object
    ✔ equal values

  copy `Number` objects to number primitives

    ✔ not an object
    ✔ equal values

  copy `Date` objects

    ✔ distinct references
    ✔ equal values

  copy `RegExp` objects

    ✔ distinct references
    ✔ equal values

  copy `Error` objects

    ✔ distinct references
    ✔ deep equal

  copy special `Error` objects (e.g., `TypeError`, etc)

    ✔ distinct references
    ✔ deep equal

  copy Node.js buffers

    ✔ distinct references
    ✔ deep equal

  clone (simple) class instances

    ✔ distinct references
    ✔ deep equal

  if an environment does not support at least ES5, the function will return an empty object for class instances

    ✔ deep equal

  copy empty arrays

    ✔ distinct references
    ✔ deep equal

  copy sparse arrays

    ✔ distinct references
    ✔ deep equal

  copy complex arrays

    ✔ distinct references
    ✔ has expected length
    ✔ element 0 is equal
    ✔ element 1 is equal
    ✔ element 2 is equal
    ✔ element 3 is equal
    ✔ element 4 is equal
    ✔ element 5 is equal
    ✔ element 6 is equal
    ✔ element 7 is equal
    ✔ element 8 is equal
    ✔ element 9 is equal
    ✔ element 10 is NaN
    ✔ element 11 is equal
    ✔ element 12 is equal
    ✔ element 13 is equal
    ✔ element 14 is equal
    ✔ element 15 is equal
    ✔ element 16 is equal
    ✔ element 17 is equal
    ✔ element 18 is equal
    ✔ element 19 is equal
    ✔ element 20 is equal
    ✔ element 21 is equal
    ✔ element 22 is equal
    ✔ element 23 is equal

  copy `Set` objects

    ✔ distinct references
    ✔ deep equal
    ✔ distinct references
    ✔ deep equal

  copy `Map` objects

    ✔ distinct references
    ✔ deep equal
    ✔ distinct references
    ✔ deep equal

  object which cannot be extended

    ✔ distinct references
    ✔ deep equal
    ✔ cannot be extended

  object which is sealed

    ✔ distinct references
    ✔ deep equal
    ✔ is sealed

  object which is frozen

    ✔ distinct references
    ✔ deep equal
    ✔ is frozen

  circular references

    ✔ deep equal
    ✔ circular reference

  arbitrary depth

    ✔ level 1
    ✔ boolean primitive
    ✔ share typed array ref
    ✔ share array ref
    ✔ share object ref

  arbitrary depth

    ✔ deep equal
    ✔ boolean primitive
    ✔ distinct typed arrays
    ✔ distinct arrays
    ✔ distinct objects
    ✔ shared nested objects

  property descriptors (primitives)

    ✔ deep equal
    ✔ property descriptor

  data property descriptors

    ✔ deep equal
    ✔ property descriptor

  accessor property descriptors

    ✔ deep equal
    ✔ property descriptor

  data property descriptors (nested)

    ✔ deep equal
    ✔ property descriptor `a`
    ✔ property descriptor `b`

  accessor property descriptors (deep)

    ✔ deep equal
    ✔ property descriptor `a`
    ✔ property descriptor `b`


  total:     117
  passing:   117
  duration:  30ms

Let me know how we can proceed.

[therealharshit]

The same tests appear to also fail on the latest develop branch without my changes:

Switched to branch 'develop'
Your branch is up to date with 'origin/develop'.
(base) therealharshit@Harshits-MacBook-Air stdlib % make TESTS_FILTER=".*/_tools/github/rank-followers/.*" tools-test

Running test: /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/test/test.js

  main export is a function

    ✔ /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/test/test.js
    ✔ main export is a function

  module exports a factory method

    ✔ export includes a factory method


  total:     3
  passing:   3
  duration:  133ms



Running test: /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/test/test.main.js

  main export is a function

    ✔ /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/test/test.main.js
    ✔ export is a function

  function returns an error to a provided callback if an error is encountered when running analysis

    ✔ equal status
    ✔ equal message

  function returns analysis results to a provided callback

    ✔ does not return an error
    ✔ deep equal

  function returns rate limit info to a provided callback

    ✔ does not return an error
    ✔ deep equal

  function supports providing only a `username` option (no authentication)

    ✔ does not return an error
    ✔ deep equal

  function supports providing only a `token` option (analyze the authenticated user's followers)

    ✔ does not return an error
    ✔ deep equal

  function supports providing both `token` and `username` options to analyze another user's followers (increased rate limits)

    ✔ does not return an error
    ✔ deep equal


  total:     14
  passing:   14
  duration:  79ms



Running test: /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/test/test.cli.js

  command-line interface

    ✔ /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/test/test.cli.js

  when invoked with a `--help` flag, the command-line interface prints the help text to `stderr`

    ✔ does not print to `stdout`
    ✔ expected value

  when invoked with a `-h` flag, the command-line interface prints the help text to `stderr`

    ✔ does not print to `stdout`
    ✔ expected value

  when invoked with a `--version` flag, the command-line interface prints the version to `stderr`

    ✔ does not print to `stdout`
    ✔ expected value

  when invoked with a `-V` flag, the command-line interface prints the version to `stderr`

    ✔ does not print to `stdout`
    ✔ expected value

  the command-line interface supports specifying a `token`

    ✔ sets option
    ✔ does not print to `stderr`

  the command-line interface supports specifying a `useragent`

    ✔ sets option
    ✔ does not print to `stderr`

  the command-line interface supports specifying a `useragent` (alias)

    ✔ sets option
    ✔ does not print to `stderr`

  the command-line interface supports specifying a `format`


    ✖ sets option
    --------------
      operator: equal
      expected: 'csv'
      actual:   undefined
      at: done (/Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/test/test.cli.js:299:6)

    ✔ does not print to `stderr`

  the command-line interface supports specifying a `method`

    ✔ sets option
    ✔ does not print to `stderr`

  the command-line interface supports specifying a `delimiter`


    ✖ sets option
    --------------
      operator: equal
      expected: ';'
      actual:   undefined
      at: done (/Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/test/test.cli.js:379:6)

    ✔ does not print to `stderr`

  if an error is encountered, the command-line interface prints an error message to `stderr`

    ✔ Command failed: /Users/therealharshit/.nvm/versions/node/v22.16.0/bin/node /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/bin/cli /Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/lib/factory.js:61 throw new Error( 'invalid argument. Must provide a username or, to rank an authenticated user\'s followers, an access token.' ); ^ Error: invalid argument. Must provide a username or, to rank an authenticated user's followers, an access token. at factory (/Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/lib/factory.js:61:9) at rank (/Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/lib/main.js:40:2) at main (/Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/bin/cli:91:2) at Object.<anonymous> (/Users/therealharshit/Desktop/stdlib/lib/node_modules/@stdlib/_tools/github/rank-followers/bin/cli:173:1) at Module._compile (node:internal/modules/cjs/loader:1730:14) at Object..js (node:internal/modules/cjs/loader:1895:10) at Module.load (node:internal/modules/cjs/loader:1465:32) at Function._load (node:internal/modules/cjs/loader:1282:12) at TracingChannel.traceSync (node:diagnostics_channel:322:14) at wrapModuleLoad (node:internal/modules/cjs/loader:235:24) Node.js v22.16.0 
    ✔ expected exit code
    ✔ does not print to `stdout`
    ✔ prints an error



  Failed Tests: There were 2 failures

    the command-line interface supports specifying a `format`

      ✖ sets option


    the command-line interface supports specifying a `delimiter`

      ✖ sets option


  total:     25
  passing:   23
  failing:   2
  duration:  1.8s


make[1]: *** [test-javascript-files-local] Error 1
make: *** [tools-test-javascript] Error 2