Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@intuit/judo
Advanced tools
Judo is an easy-to-use Command Line Interface (CLI) integration testing framework, driven from a simple yaml
file that instructs the framework what commands to run and how to assert the outcome. Test your CLI tools in an automated fashion using nothing but stdin, stdout and stderr.
Build Dependencies | |
---|---|
node | >=8.7.0 |
Judo is distributed and installed using npm, the package manager that comes bundled with node.js. In order to be able to install Judo, you will need to first ensure that you have node.js installed on your system (which will also install npm for you). Then you can run the following command:
npm i -D @intuit/judo
Then in package.json
"scripts": {
"test": "judo <tests-dir>"
}
OR if you don't have a package.json
because you're not in a JavaScript project using npm, then you can install Judo globally and just run it from the command line:
# install it globally
npm i -g @intuit/judo
# then run it anywhere from the command line
judo <tests-dir>
If you would like to locally develop Judo:
# clone the judo repository
git clone https://github.com/intuit/judo
# go to the judo directory
cd judo
# then install the dependencies
npm i
# next build the src/ files into dist/
npm run build
# finally link the binary executable
npm link
# and voila, use Judo from CLI!
judo <file>.yml
The Judo framework interacts with CLIs and provides assertions against the output. The framework assumes the CLIs are installed and available for use. Judo can execute commands, respond to stdin
when expected stdout
output occurs, assert the exit code, and assert that the overall output of stdout
and stderr
contains or doesn't contain certain strings.
# point to a "test scenario" file
judo <file>.yml
# point to a "test scenario" JSON file
judo <file>.json
# or point to a "test suite" directory of "test suite" yaml files. See options section for the optional flag to support JSON files.
judo <directory>
--timeout <n>
: sets a max time in milliseconds that a run step can take before being considered a timeout. ex (--timeout 1500
)
--junitreport | -j
: writes the test results to a file called junit.xml
in the current working directory. This report is in xUnit format.
--includejsonfiles | -ij
: include .json
test files in the test directory along with .yml
files.
Judo organizes tests into "test suites", which comprise of "test scenarios", and each test scenario can contain "steps". A typical test directory may look like this:
judo-tests/
|_update/ # the update "test suite", containing all tests around updating
| |_update-download.yml # a "test scenario" that asserts the update command downloads something
| |_update-to-path.yml # a "test scenario" that asserts the updated binary is in the path
|_help/ # the help "test suite", containing all tests around the --help option
|_help-output/ # a "test scenario" that asserts the help output is correct
Within each "test scenario" yaml
file, individual "steps" can be defined which can run commands, run prerequisite setup commands, respond to interactions expected by the command line application, and assert the exit code and stdout
/stderr
output contains certain things. This is a basic example of a "test suite" with a single step named "helloWorld":
# test-examples/simple/hello-world.yml
run:
helloWorld: # a "helloWorld" test suite "step"
command: 'echo "hi!"'
expectCode: 0
outputContains:
- 'hi!'
outputDoesntContain:
- 'bye!'
Running judo test-examples/simple/hello-world.yml
will yield this output:
In this example, a new child process will be spawned which runs echo "hi"
, then the following assertions will be made:
stdout
and stderr
contains "hi!"
stdout
and stderr
does NOT contain "bye!"
If the example helloWorld
test above had expectCode: 1
instead, the test would fail and produce this output:
Judo supports JSON Reference in test scenarios. This means you can create reusable test functionality modules and import them from your main test scenario using the $ref
keyword. Imports can be done from a file, URL or another place within the same document.
# test-examples/fragment-test-suite/hello-world-fragment.yml
run:
testFragment:
prerequisiteCwd: .
prerequisites:
$ref: '#/components/createTempFile'
command: cat /tmp/temp-dir/temp-file.txt
expectCode: 0
outputContains:
- this will be in the temp-file.txt
components:
createTempFile:
- mkdir -p /tmp/temp-dir
- echo "this will be in the temp-file.txt" > /tmp/temp-dir/temp-file.txt
Other examples
$ref: 'judo-tests/_fragments/setup.json'
$ref: 'judo-tests/_fragments/setup.yml#/definitions/prerequisites'
$ref: 'http://example.com/setup.yml#/definitions/prerequisites'
$ref: '#/definitions/prerequisites'
Variable substitution is supported inside value strings using {{variableName}}
syntax. All variables need to be declared inside the vars
section in your test scenario like in the following example:
run:
helloWorld:
command: 'echo "{{hello}}"'
expectCode: 0
outputContains:
- '/hi!/g'
outputDoesntContain:
- '/bye!/g'
vars:
hello: 'hi!'
This is a more complete example, running multiple commands and responding to the stdin
when appropriate:
run:
someCommand:
prerequisiteCwd: /Users/efrancis/devel/DEVGRU/judo/temp/
prerequisites:
- echo "this command will run before the command being tested"
- echo "this will too"
- git clone <some repo>
- cd <some-repo>
command: git checkout -b "some-feature"
cwd: /Users/hansolo/test
when:
- 'What do you fly?': 'Millenium Falcon'
- 'Did you shoot first?' : 'y'
expectCode: 0
outputContains:
- 'This string should be in the complete stdout/stderr output'
- /This is a regex[!]+/g/
outputDoesntContain:
- 'This string should NOT be in the complete stdout/stderr output'
anotherCommand:
command: 'echo "hi!"'
expectCode: 0
outputContains:
- 'hi!'
outputDoesntContain:
- 'bye!'
In this example, a new child process will be spawned which runs all of the commands in the prerequisites
block, inside the prerequisitesCwd
directory if it's provided. Once that's complete, another child process will be spawned to execute git checkout -b "some-feature"
, then:
stdout
or stderr
contains "What do you fly?
", the string "Millenium Falcon \n
" will be sent to the process' stdin
stdout
or stderr
contains "Did you shoot first?
", the string "y\n
" will be sent to the process' stdin
stdout
and stderr
contains hi!
stdout
and stderr
output matches the regular expression /This is a regex[!]+/g/
stdout
and stderr
does NOT contain bye!
After that it will spawn another child process and run the echo "hi!"
command assertion described in the first example.
This is a more complete example using JSON and similar to the above YML example, running multiple commands and responding to the stdin
when appropriate:
{
"run": {
"someCommand": {
"prerequisiteCwd": "/Users/efrancis/devel/DEVGRU/judo/temp/",
"prerequisites": [
"echo \"this command will run before the command being tested\"",
"echo \"this will too\"",
"git clone <some repo>",
"cd <some-repo>"
],
"command": "git checkout -b \"some-feature\"",
"cwd": "/Users/hansolo/test",
"when": [
{
"What do you fly?": "Millenium Falcon"
},
{
"Did you shoot first?": "y"
}
],
"expectCode": 0,
"outputContains": [
"This string should be in the complete stdout/stderr output",
"/This is a regex[!]+/g/"
],
"outputDoesntContain": [
"This string should NOT be in the complete stdout/stderr output"
]
},
"anotherCommand": {
"command": "echo \"hi!\"",
"expectCode": 0,
"outputContains": [
"hi!"
],
"outputDoesntContain": [
"bye!"
]
}
}
}
Judo operates in the following order:
.yml
"test scenario" files.yml
"test scenario", Judo will iterate over each "step" inside that "test scenario"prerequisiteCwd
and execute all prerequisites
at once by combining then with <command1> && <command2> && ...
cwd
specified in the "step", and execute the command
for that "step". This uses the node-pty
package to simulate a full terminal as if a user is executing the commands.when
assertions are specified for the step, Judo will look for them and respond to them when found. Each will only be responded to once, then marked as complete.expectCode
, outputContains
, and outputDoesntContain
properties of the "step"Each when
response will only happen once, in order of their definition in the yaml
file. So if you expect the same input multiple times, you need to write multiple responses to it.
FAQs
Test command line interfaces.
The npm package @intuit/judo receives a total of 28 weekly downloads. As such, @intuit/judo popularity was classified as not popular.
We found that @intuit/judo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.