Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@hedia/test
Advanced tools
Tools for testing and reporting.
This package should always be installed as a development dependency wherever it is used.
FetchMocker is a class that helps to mock fetch requests in tests.
After creating an instance of FetchMocker, you can add any number of resources that it should intercept using the addMock
method.
If a fetch request is made to a resource that has been added to the FetchMocker, the fetch request will be intercepted and the fetch implementation provided in the mock will be used instead.
If a fetch request is made to a resource that has not been added to the FetchMocker, the fetch request will be passed through to the real fetch implementation.
FetchMocker's constructor accepts two optional arguments:
verbose
is set to true
, the mock will log information about the fetch requests it intercepts and the fetch requests it passes through to the real fetch implementation.
This can be useful when first setting up a test to see which fetch requests are being made and which are being intercepted.
Verbose mode should generally be turned off in the final test, as it can make the test output difficult to read.The addMock
method takes an object with the following properties:
import { FetchMocker } from "@hedia/test/fetchMocker";
it("should fetch data", async (testContext) => {
// When passing a TestContext to the FetchMocker constructor, the mock will be automatically removed after the test.
const fetchMocker = new FetchMocker(testContext)
.addMock({
resource: "https://api.example.com/data?param1=value1¶m2=value2",
fetchImplementation: () => Response(JSON.stringify({ data: "test" })),
})
.addMock({
resource: "https://api.example.com/data",
method: "POST", // Optional. By default any method will be matched.
fetchImplementation: () => Response(JSON.stringify({ error: "not allowed" }), { status: 403 }),
});
// Note that the order of search query parameters does not matter.
// Furthermore, extra query parameters will be ignored.
const response = await fetch("https://api.example.com/data?param2=value2¶m1=value1¶m3=value3");
await fetch("https://api.example.com/data", { method: "POST" });
// The underlying mock object can be accessed to make assertions about the calls to fetch.
assert.equal(fetchMocker.mockedFetch.mock.calls, 2);
// FetchMocker keeps track of which mocks have been used, so we can check if all mocks have been used.
assert(fetchMocker.allMocksUsed());
});
Generates a random string of a given length.
import { randomString } from "@hedia/test";
const nameOfThing: string = randomString(10); // "dKS3ThyMAA"
The matchObject function is used to compare two objects. It will throw an error if the object in the first argument does not match the object in the second argument, meaning that it has at least the same properties.
import { matchObject } from "@hedia/test";
matchObject([{ a: 1, b: 2 }], [{ a: 1 }]); // Won't throw an error
matchObject([{ a: 1, b: 2 }], [{ a: 1, b: 2 }]); // Won't throw an error
matchObject([{ a: 1 }], [{ a: 1, b: 2 }]); // Will throw an error
Format and send test output to the test-service
.
node --test --experimental-test-coverage --test-reporter @hedia/test/reporters/test
Format and save a test report for use by other services, for example Confluence
node --test --experimental-test-coverage --test-reporter @hedia/test/reporters/json
Use Node 22 and lcov
instead.
node --test --experimental-test-coverage --test-reporter lcov
FAQs
Tools for testing and reporting
The npm package @hedia/test receives a total of 1,439 weekly downloads. As such, @hedia/test popularity was classified as popular.
We found that @hedia/test demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.