Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/pact-foundation/pact-go
:zap: New beta for the 2.x.x release |
---|
If you are interested in testing out the new new beta package that supports all of the V3 and V4 spec, synchronous messages, plugins and more, please head to v2.x.x and also let us know on slack. |
Golang version of Pact. Pact is a contract testing framework for HTTP APIs and non-HTTP asynchronous messaging systems.
Enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for the service Provider project.
From the Pact website:
The Pact family of frameworks provide support for Consumer Driven Contracts testing.
A Contract is a collection of agreements between a client (Consumer) and an API (Provider) that describes the interactions that can take place between them.
Consumer Driven Contracts is a pattern that drives the development of the Provider from its Consumers point of view.
Pact is a testing tool that guarantees those Contracts are satisfied.
Read Getting started with Pact for more information for beginners.
Version | Stable | Spec Compatibility | Install |
---|---|---|---|
2.x.x | Beta | 2, 3 | See v2.x.x |
1.0.x | Yes | 2, 3* | See installation |
0.x.x | Yes | Up to v2 | 0.x.x stable |
* v3 support is limited to the subset of functionality required to enable language inter-operable Message support.
PATH
:pact
and other binaries in the bin
directory are on the PATH
.go get github.com/pact-foundation/pact-go@v1
to install the source packagesSee below for how to automate this:
Since 1.x.x
Pact is go-gettable, and uses tags for versioning, so dep ensure --add github.com/pact-foundation/pact-go@1.0.0
or go get gopkg.in/pact-foundation/pact-go.v1
is now possible.
See the Changelog for versions to pin to and their history.
The following will install pact binaries into /opt/pact/bin
:
cd /opt
curl -fsSL https://raw.githubusercontent.com/pact-foundation/pact-ruby-standalone/master/install.sh | bash
export PATH=$PATH:/opt/pact/bin
go get github.com/pact-foundation/pact-go@v1
Test the installation:
pact help
NOTE: the above script installs the latest standalone tools at the time it was ran. It is recommended you pin the installation to a specific version of a release so that you may control the upgrade cycle, as shown below with tag=v1.92.0
curl -fsSL https://raw.githubusercontent.com/pact-foundation/pact-ruby-standalone/master/install.sh | tag=v2.0.3 bash
Pact supports synchronous request-response style HTTP interactions and has support for asynchronous interactions with JSON-formatted payloads.
Pact Go runs as part of your regular Go tests.
We'll run through a simple example to get an understanding the concepts:
go get github.com/pact-foundation/pact-go
cd $GOPATH/src/github.com/pact-foundation/pact-go/examples/
go test -v -run TestConsumer
.The simple example looks like this:
func TestConsumer(t *testing.T) {
type User struct {
Name string `json:"name" pact:"example=billy"`
LastName string `json:"lastName" pact:"example=sampson"`
}
// Create Pact connecting to local Daemon
pact := &dsl.Pact{
Consumer: "MyConsumer",
Provider: "MyProvider",
Host: "localhost",
}
defer pact.Teardown()
// Pass in test case. This is the component that makes the external HTTP call
var test = func() (err error) {
u := fmt.Sprintf("http://localhost:%d/foobar", pact.Server.Port)
req, err := http.NewRequest("GET", u, strings.NewReader(`{"name":"billy"}`))
if err != nil {
return
}
// NOTE: by default, request bodies are expected to be sent with a Content-Type
// of application/json. If you don't explicitly set the content-type, you
// will get a mismatch during Verification.
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer 1234")
_, err = http.DefaultClient.Do(req)
return
}
// Set up our expected interactions.
pact.
AddInteraction().
Given("User foo exists").
UponReceiving("A request to get foo").
WithRequest(dsl.Request{
Method: "GET",
Path: dsl.String("/foobar"),
Headers: dsl.MapMatcher{"Content-Type": dsl.String("application/json"), "Authorization": dsl.String("Bearer 1234")},
Body: map[string]string{
"name": "billy",
},
}).
WillRespondWith(dsl.Response{
Status: 200,
Headers: dsl.MapMatcher{"Content-Type": dsl.String("application/json")},
Body: dsl.Match(&User{}),
})
// Run the test, verify it did what we expected and capture the contract
if err := pact.Verify(test); err != nil {
log.Fatalf("Error on Verify: %v", err)
}
return nil
}
go get github.com/pact-foundation/pact-go
cd $GOPATH/src/github.com/pact-foundation/pact-go/examples/
go test -v -run TestProvider
.Here is the Provider test process broker down:
You need to be able to first start your API in the background as part of your tests
before you can run the verification process. Here we create startServer
which can be
started in its own goroutine:
var lastName = "" // User doesn't exist
func startServer() {
mux := http.NewServeMux()
mux.HandleFunc("/users", func(w http.ResponseWriter, req *http.Request) {
w.Header().Add("Content-Type", "application/json")
fmt.Fprintf(w, fmt.Sprintf(`{"lastName":"%s"}`, lastName))
})
log.Fatal(http.ListenAndServe(":8000", mux))
}
You can now tell Pact to read in your Pact files and verify that your API will satisfy the requirements of each of your known consumers:
func TestProvider(t *testing.T) {
// Create Pact connecting to local Daemon
pact := &dsl.Pact{
Provider: "MyProvider",
}
// Start provider API in the background
go startServer()
// Verify the Provider using the locally saved Pact Files
pact.VerifyProvider(t, types.VerifyRequest{
ProviderBaseURL: "http://localhost:8000",
PactURLs: []string{filepath.ToSlash(fmt.Sprintf("%s/myconsumer-myprovider.json", pactDir))},
StateHandlers: types.StateHandlers{
// Setup any state required by the test
// in this case, we ensure there is a "user" in the system
"User foo exists": func() error {
lastName = "crickets"
return nil
},
},
})
}
The VerifyProvider
will handle all verifications, treating them as subtests
and giving you granular test reporting. If you don't like this behaviour, you may call VerifyProviderRaw
directly and handle the errors manually.
Note that PactURLs
may be a list of local pact files or remote based
urls (e.g. from a
Pact Broker).
When validating a Provider, you have 3 options to provide the Pact files:
PactURLs
to specify the exact set of pacts to be replayed:pact.VerifyProvider(t, types.VerifyRequest{
ProviderBaseURL: "http://myproviderhost",
PactURLs: []string{"http://broker/pacts/provider/them/consumer/me/latest/dev"},
BrokerUsername: os.Getenv("PACT_BROKER_USERNAME"),
BrokerPassword: os.Getenv("PACT_BROKER_PASSWORD"),
BrokerToken: os.Getenv("PACT_BROKER_TOKEN"),
})
BrokerURL
to automatically find all of the latest consumers:pact.VerifyProvider(t, types.VerifyRequest{
ProviderBaseURL: "http://myproviderhost",
BrokerURL: "http://brokerHost",
BrokerUsername: os.Getenv("PACT_BROKER_USERNAME"),
BrokerPassword: os.Getenv("PACT_BROKER_PASSWORD"),
BrokerToken: os.Getenv("PACT_BROKER_TOKEN"),
})
BrokerURL
and Tags
to automatically find all of the latest consumers given one or more tags:pact.VerifyProvider(t, types.VerifyRequest{
ProviderBaseURL: "http://myproviderhost",
BrokerURL: "http://brokerHost",
Tags: []string{"master", "prod"},
BrokerUsername: os.Getenv("PACT_BROKER_USERNAME"),
BrokerPassword: os.Getenv("PACT_BROKER_PASSWORD"),
BrokerToken: os.Getenv("PACT_BROKER_TOKEN"),
})
Options 2 and 3 are particularly useful when you want to validate that your Provider is able to meet the contracts of what's in Production and also the latest in development.
See this article for more on this strategy.
If you have defined any states (as denoted by a Given()
) in your consumer tests, the Verifier
can put the provider into the correct state prior to sending the actual request for validation. For example, the provider can use the state to mock away certain database queries. To support this, set up a StateHandler
for each state using hooks on the StateHandlers
property. Here is an example:
pact.VerifyProvider(t, types.VerifyRequest{
...
StateHandlers: types.StateHandlers{
"User jmarie exists": func() error {
userRepository = jmarieExists
return nil
},
"User jmarie is unauthenticated": func() error {
userRepository = jmarieUnauthorized
token = "invalid"
return nil
},
"User jmarie does not exist": func() error {
userRepository = jmarieDoesNotExist
return nil
},
...
},
})
As you can see, for each state ("User jmarie exists"
etc.) we configure the local datastore differently. If this option is not configured, the Verifier
will ignore the provider states defined in the pact and log a warning.
Note that if the State Handler errors, the test will exit early with a failure.
Read more about Provider States.
Sometimes, it's useful to be able to do things before or after a test has run, such as reset a database, log a metric etc. A BeforeEach
runs before any other part of the Pact test lifecycle, and a AfterEach
runs as the last step before returning the verification result back to the test.
You can add them to your Verification as follows:
pact.VerifyProvider(t, types.VerifyRequest{
...
BeforeEach: func() error {
fmt.Println("before hook, do something")
return nil
},
AfterEach: func() error {
fmt.Println("after hook, do something")
return nil
},
})
If the Hook errors, the test will fail.
Sometimes you may need to add things to the requests that can't be persisted in a pact file. Examples of these are authentication tokens with a small life span. e.g. an OAuth bearer token: Authorization: Bearer 0b79bab50daca910b000d4f1a2b675d604257e42
.
For these cases, we have two facilities that should be carefully used during verification:
CustomProviderHeaders
.RequestFilter
.Read on for more.
Custom Headers:
This header will always be sent for each and every request, and can't be dynamic. For example:
pact.VerifyProvider(t, types.VerifyRequest{
...
CustomProviderHeaders: []string{"Authorization: Bearer 0b79bab50daca910b000d4f1a2b675d604257e42"},
})
As you can see, this is your opportunity to modify\add to headers being sent to the Provider API, for example to create a valid time-bound token.
Request Filters
WARNING: This should only be attempted once you know what you're doing!
Request filters are custom middleware, that are executed for each request, allowing token
to change between invocations. Request filters can change the request coming in, and the response back to the verifier. It is common to pair this with StateHandlers
as per above, that can set/expire the token
for different test cases:
pact.VerifyProvider(t, types.VerifyRequest{
...
RequestFilter: func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
r.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token))
next.ServeHTTP(w, r)
})
}
})
Important Note: You should only use this feature for things that can not be persisted in the pact file. By modifying the request, you are potentially modifying the contract from the consumer tests!
NOTE: This feature is currently only available on PactFlow
Pending pacts is a feature that allows consumers to publish new contracts or changes to existing contracts without breaking Provider's builds. It does so by flagging the contract as "unverified" in the Pact Broker the first time a contract is published. A Provider can then enable a behaviour (via EnablePending: true
) that will still perform a verification (and thus share the results back to the broker) but not fail the verification step itself.
This enables safe introduction of new contracts into the system, without breaking Provider builds, whilst still providing feedback to Consumers as per before.
See the docs and this article for more background.
NOTE: This feature is currently only available on PactFlow
WIP Pacts builds upon pending pacts, enabling provider tests to pull in any contracts applicable to the provider regardless of the tag
it was given. This is useful, because often times consumers won't follow the exact same tagging convention and so their workflow would be interrupted. This feature enables any pacts determined to be "work in progress" to be verified by the Provider, without causing a build failure. You can enable this behaviour by specifying a valid time.Time
field for IncludeWIPPactsSince
. This sets the start window for which new WIP pacts will be pulled down for verification, regardless of the tag.
See the docs and this article for more background.
For each interaction in a pact file, the order of execution is as follows:
BeforeEach
-> StateHandler
-> RequestFilter (pre)
-> Execute Provider Test
-> RequestFilter (post)
-> AfterEach
If any of the middleware or hooks fail, the tests will also fail.
Using a Pact Broker is recommended for any serious workloads, you can run your own one or use a hosted broker.
By integrating with a Broker, you get much more advanced collaboration features and can take advantage of automation tools, such as the can-i-deploy tool, which can tell you at any point in time, which component is safe to release.
See the Pact Broker documentation for more details on the Broker.
p := Publisher{}
err := p.Publish(types.PublishRequest{
PactURLs: []string{"./pacts/my_consumer-my_provider.json"},
PactBroker: "http://pactbroker:8000",
ConsumerVersion: "1.0.0",
Tags: []string{"master", "dev"},
})
If you're using a Pact Broker (e.g. a hosted one at pactflow.io), you can publish your verification results so that consumers can query if they are safe to release.
It looks like this:
You need to specify the following:
PublishVerificationResults: true,
ProviderVersion: "1.0.0",
NOTE: You need to be already pulling pacts from the broker for this feature to work.
Use a cURL request like the following to PUT the pact to the right location, specifying your consumer name, provider name and consumer version.
curl -v \
-X PUT \
-H "Content-Type: application/json" \
-d@spec/pacts/a_consumer-a_provider.json \
http://your-pact-broker/pacts/provider/A%20Provider/consumer/A%20Consumer/version/1.0.0
The following flags are required to use basic authentication when publishing or retrieving Pact files with a Pact Broker:
BrokerUsername
- the username for Pact Broker basic authentication.BrokerPassword
- the password for Pact Broker basic authentication.The following flags are required to use bearer token authentication when publishing or retrieving Pact files with a Pact Broker:
BrokerToken
- the token to authenticate with (excluding the "Bearer"
prefix)Modern distributed architectures are increasingly integrated in a decoupled, asynchronous fashion. Message queues such as ActiveMQ, RabbitMQ, SQS, Kafka and Kinesis are common, often integrated via small and frequent numbers of microservices (e.g. lambda).
Furthermore, the web has things like WebSockets which involve bidirectional messaging.
Pact now has experimental support for these use cases, by abstracting away the protocol and focussing on the messages passing between them.
For further reading and introduction into this topic, see this article and our example for a more detailed overview of these concepts.
A Consumer is the system that will be reading a message from a queue or some intermediary - like a Kinesis stream, websocket or S3 bucket - and be able to handle it.
From a Pact testing point of view, Pact takes the place of the intermediary and confirms whether or not the consumer is able to handle a request.
The following test creates a contract for a Dog API handler:
// 1 Given this handler that accepts a User and returns an error
userHandler := func(u User) error {
if u.ID == -1 {
return errors.New("invalid object supplied, missing fields (id)")
}
// ... actually consume the message
return nil
}
// 2 We write a small adapter that will take the incoming dsl.Message
// and call the function with the correct type
var userHandlerWrapper = func(m dsl.Message) error {
return userHandler(*m.Content.(*User))
}
// 3 Create the Pact Message Consumer
pact := dsl.Pact {
Consumer: "PactGoMessageConsumer",
Provider: "PactGoMessageProvider",
}
// 4 Write the consumer test, and call VerifyMessageConsumer
// passing through the function
func TestMessageConsumer_Success(t *testing.T) {
message := pact.AddMessage()
message.
Given("some state").
ExpectsToReceive("some test case").
WithMetadata(commonHeaders).
WithContent(map[string]interface{}{
"id": like(127),
"name": "Baz",
"access": eachLike(map[string]interface{}{
"role": term("admin", "admin|controller|user"),
}, 3),
}).
AsType(&User{}) // Optional
pact.VerifyMessageConsumer(t, message, userHandlerWrapper)
}
Explanation:
The API - a contrived API handler example. Expects a User object and throws an Error
if it can't handle it.
Creates the MessageConsumer class
Setup the expectations for the consumer - here we expect a User
object with three fields
Pact will send the message to your message handler. If the handler does not error, the message is saved, otherwise the test fails. There are a few key things to consider:
dsl.Message
object along with other context, so the body must be retrieved via Content
attribute. If you set Message.AsType(T)
this object will be mapped for you. If you don't want Pact to perform the conversion, you may do so on the object (dsl.Message.Content
) or on the raw JSON (dsl.Message.ContentRaw
).func(dsl.Message) error
- that is, they must accept a Message
and return an error
. This is how we get around all of the various protocols, and will often require a lightweight adapter function to convert it.userHandler
with userHandlerWrapper
provided by Pact.A Provider (Producer in messaging parlance) is the system that will be putting a message onto the queue.
As per the Consumer case, Pact takes the position of the intermediary (MQ/broker) and checks to see whether or not the Provider sends a message that matches the Consumer's expectations.
functionMappings := dsl.MessageProviders{
"some test case": func(m dsl.Message) (interface{}, error) {
fmt.Println("Calling provider function that is responsible for creating the message")
res := User{
ID: 44,
Name: "Baz",
Access: []AccessLevel{
{Role: "admin"},
{Role: "admin"},
{Role: "admin"}},
}
return res, nil
},
}
// Verify the Provider with local Pact Files
pact.VerifyMessageProvider(t, types.VerifyMessageRequest{
PactURLs: []string{filepath.ToSlash(fmt.Sprintf("%s/pactgomessageconsumer-pactgomessageprovider.json", pactDir))},
}, functionMappings)
Explanation:
Our API client contains a single function createDog
which is responsible for generating the message that will be sent to the consumer via some message queue
We configure Pact to stand-in for the queue. The most important bit here is the handlers
block
description
field. In this case, a request for a dog
, maps to the createDog
handler. Notice how this matches the original Consumer test.We can now run the verification process. Pact will read all of the interactions specified by its consumer, and invoke each function that is responsible for generating that message.
As per HTTP APIs, you can publish contracts and verification results to a Broker.
In addition to verbatim value matching, we have 3 useful matching functions
in the dsl
package that can increase expressiveness and reduce brittle test
cases.
Rather than use hard-coded values which must then be present on the Provider side, you can use regular expressions and type matches on objects and arrays to validate the structure of your APIs.
Matchers can be used on the Body
, Headers
, Path
and Query
fields of the dsl.Request
type, and the Body
and Headers
fields of the dsl.Response
type.
dsl.Like(content)
tells Pact that the value itself is not important, as long
as the element type (valid JSON number, string, object etc.) itself matches.
dsl.EachLike(content, min)
- tells Pact that the value should be an array type,
consisting of elements like those passed in. min
must be >= 1. content
may
be a valid JSON value: e.g. strings, numbers and objects.
dsl.Term(example, matcher)
- tells Pact that the value should match using
a given regular expression, using example
in mock responses. example
must be
a string. *
NOTE: One caveat to note, is that you will need to use valid Ruby regular expressions and double escape backslashes.
Example:
Here is a more complex example that shows how all 3 terms can be used together:
body :=
Like(map[string]interface{}{
"response": map[string]interface{}{
"name": Like("Billy"),
"type": Term("admin", "admin|user|guest"),
"items": EachLike("cat", 2)
},
})
This example will result in a response body from the mock server that looks like:
{
"response": {
"name": "Billy",
"type": "admin",
"items": ["cat", "cat"]
}
}
Often times, you find yourself having to re-write regular expressions for common formats. We've created a number of them for you to save you the time:
method | description |
---|---|
Identifier() | Match an ID (e.g. 42) |
Integer() | Match all numbers that are integers (both ints and longs) |
Decimal() | Match all real numbers (floating point and decimal) |
HexValue() | Match all hexadecimal encoded strings |
Date() | Match string containing basic ISO8601 dates (e.g. 2016-01-01) |
Timestamp() | Match a string containing an RFC3339 formatted timestapm (e.g. Mon, 31 Oct 2016 15:21:41 -0400) |
Time() | Match string containing times in ISO date format (e.g. T22:44:30.652Z) |
IPv4Address() | Match string containing IP4 formatted address |
IPv6Address() | Match string containing IP6 formatted address |
UUID() | Match strings containing UUIDs |
Furthermore, if you isolate your Data Transfer Objects (DTOs) to an adapters package so that they exactly reflect the interface between you and your provider, then you can leverage dsl.Match
to auto-generate the expected response body in your contract tests. Under the hood, Match
recursively traverses the DTO struct and uses Term, Like, and EachLike
to create the contract.
This saves the trouble of declaring the contract by hand. It also maintains one source of truth. To change the consumer-provider interface, you only have to update your DTO struct and the contract will automatically follow suit.
Example:
type DTO struct {
ID string `json:"id"`
Title string `json:"title"`
Tags []string `json:"tags" pact:"min=2"`
Date string `json:"date" pact:"example=2000-01-01,regex=^\\d{4}-\\d{2}-\\d{2}$"`
}
then specifying a response body is as simple as:
// Set up our expected interactions.
pact.
AddInteraction().
Given("User foo exists").
UponReceiving("A request to get foo").
WithRequest(dsl.Request{
Method: "GET",
Path: "/foobar",
Headers: map[string]string{"Content-Type": "application/json"},
}).
WillRespondWith(dsl.Response{
Status: 200,
Headers: map[string]string{"Content-Type": "application/json"},
Body: Match(DTO{}), // That's it!!!
})
The pact
struct tags shown above are optional. By default, dsl.Match just asserts that the JSON shape matches the struct and that the field types match.
See dsl.Match for more information.
See the matcher tests for more matching examples.
Learn everything in Pact Go in 60 minutes: https://github.com/pact-foundation/pact-workshop-go
There are number of examples we use as end-to-end integration test prior to releasing a new binary, including publishing to a Pact Broker. To enable them, set the following environment variables
make pact
Once these variables have been exported, cd into one of the directories containing a test and run go test -v .
:
Pact tests tend to be quite long, due to the need to be specific about request/response payloads. Often times it is nicer to be able to split your tests across multiple files for manageability.
You have two options to achieve this feat:
Set PactFileWriteMode
to "merge"
when creating a Pact
struct:
This will allow you to have multiple independent tests for a given Consumer-Provider pair, without it clobbering previous interactions.
See this PR for background.
NOTE: If using this approach, you must be careful to clear out existing pact files (e.g. rm ./pacts/*.json
) before you run tests to ensure you don't have left over requests that are no longer relevent.
Create a Pact test helper to orchestrate the setup and teardown of the mock service for multiple tests.
In larger test bases, this can reduce test suite time and the amount of code you have to manage.
Pact Go uses a simple log utility (logutils) to filter log messages. The CLI already contains flags to manage this, should you want to control log level in your tests, you can set it like so:
pact := Pact{
...
LogLevel: "DEBUG", // One of TRACE, DEBUG, INFO, ERROR, NONE
}
TRACE
level logging will print the entire request/response cycle.
Pact ships with a CLI that you can also use to check if the tools are up to date. Simply run pact-go install
, exit status 0
is good, 1
or higher is bad.
Pact relies on a number of CLI tools for successful operation, and it performs some pre-emptive checks
during test runs to ensure that everything will run smoothly. This check, unfortunately, can add up
if spread across a large test suite. You can disable the check by setting the environment variable PACT_DISABLE_TOOL_VALIDITY_CHECK=1
or specifying it when creating a dsl.Pact
struct:
dsl.Pact{
...
DisableToolValidityCheck: true,
}
You can then check if the CLI tools are up to date as part of your CI process once up-front and speed up the rest of the process!
Sometimes you want to target a specific test for debugging an issue or some other reason.
This is easy for the consumer side, as each consumer test can be controlled
within a valid *testing.T
function, however this is not possible for Provider verification.
But there is a way! Given an interaction that looks as follows (taken from the message examples):
message := pact.AddMessage()
message.
Given("user with id 127 exists").
ExpectsToReceive("a user").
WithMetadata(commonHeaders).
WithContent(map[string]interface{}{
"id": like(127),
"name": "Baz",
"access": eachLike(map[string]interface{}{
"role": term("admin", "admin|controller|user"),
}, 3),
}).
AsType(&types.User{})
and the function used to run provider verification is go test -run TestMessageProvider
, you can test the verification of this specific interaction by setting two environment variables PACT_DESCRIPTION
and PACT_PROVIDER_STATE
and re-running the command. For example:
cd examples/message/provider
PACT_DESCRIPTION="a user" PACT_PROVIDER_STATE="user with id 127 exists" go test -v .
Supply your own TLS configuration to customise the behaviour of the runtime:
_, err := pact.VerifyProvider(t, types.VerifyRequest{
ProviderBaseURL: "https://localhost:8080",
PactURLs: []string{filepath.ToSlash(fmt.Sprintf("%s/consumer-selfsignedtls.json", pactDir))},
CustomTLSConfig: &tls.Config{
RootCAs: getCaCertPool(), // Specify a custom CA pool
// InsecureSkipVerify: true, // Disable SSL verification altogether
},
})
See self-signed certificate for an example.
AWS changed their certificate authority last year, and not all OSs have the latest CA chains. If you can't update to the latest certificate bunidles, see "Verifying APIs with a self-signed certificate" for how to work around this.
or
Additional documentation can be found at the main Pact website.
The current focus is on moving to the Rust shared core, the project can be followed here.
The general roadmap for Pact is available on the Pact website.
See CONTRIBUTING.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.