
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
@asaayers/redux-saga-tester
Advanced tools
Expect every 0.x release to break the API. Nothing is settled.
I am releasing this under my namespace because 3LOK already has a
redux-saga-tester
. When the API settles and I want to
release a 1.0.0, I'd like to have a different
name.
For this example I created a toy saga based on 3LOK's comment.
function* addSaga() {
const a = yield select(selectA)
const b = yield select(selectB)
const total = yield call(sum, a, b)
yield put({
type: "RESULT",
payload: total
})
}
I want to verify that this saga uses sum()
to add store.a
and store.b
and
updates store.result
with the total. By default the tester doesn't tell you
about yield select
or yield put
. they happen automatically.
import { addSaga, sum, reducer, selectResult, selectA, selectB } from "./add-saga.js"
test("add-saga", () => {
const tester = SagaTester({
initialState: {
a: 2,
b: 3,
},
reducer,
})
tester.testAgainst(addSaga, function* ({ getState }) {
let actual
// yield gives you the next effect from your saga that you want to test.
// This didn't care about the selectors, they execute normally.
actual = yield
expect(actual).toEqual(call(sum, 2, 3))
const callSumResult = 5
// You need to yield a result back to the saga to continue and pick up
// the next significant effect.
actual = yield callSumResult
// END is a special value automatically emitted when/if your saga ends
expect(actual).toBe(END)
// Instead of verifying the action was fired, now verify the state.
actual = selectResult(getState())
expect(actual).toBe(callSumResult)
})
})
This test and some other variations are available in
src/tests/add-saga.test.js
.
FAQs
Test your sagas by intercepting effects
We found that @asaayers/redux-saga-tester demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.