
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
@netflix/x-test
Advanced tools
a simple, tap-compliant test runner for the browser
type="module"
it
, describe
, assert
)The following are exposed in the testing interface:
test
: Creates a sub-test in an iframe
based on given src
html page.it
: The smallest testing unit — can be asynchronous.it.skip
: An it
whose callback is not run and which will pass.it.only
: Skip all other it
tests.it.todo
: An it
whose callback is run and is expected to fail.describe
: Simple grouping functionality.describe.skip
: Skip all it
tests in this group.describe.only
: Skip all other describe
groups and it
tests.describe.todo
: Mark all it
tests within this group as todo.waitFor
: Ensures test registration remains open until given promise settles.assert
: Simple assertion call that throws if the boolean input is false-y.coverage
: Sets a coverage goal for the given href.x-test-client-ping
: root responds (x-test-root-pong
, { status: 'started'|'ended' waiting: true|false })x-test-root-pong
: response to x-test-client-ping
x-test-root-coverage-request
: client should respond (x-test-coverage-result
)x-test-client-coverage-result
: response to x-test-root-coverage-request
x-test-root-end
: all tests have completed or we bailed outx-test-root-run
: all tests have completed or we bailed outx-test-suite-coverage
: signal to test for coverage on a particular filex-test-suite-register
: registers a new test / describe / itx-test-suite-ready
: signal that test suite is done with registrationx-test-suite-result
: marks end of "it" testx-test-suite-bail
: signal to quit test earlyThe following parameters can be passed in via query params on the url:
x-test-no-reporter
: turns off custom reporting tool uix-test-run-coverage
: turns on coverage reporting****See test.js
for an example of how to capture coverage information in
puppeteer and send it to your test to allow your automated test to fail due to
unmet coverage goals.
Both test
and it
calls will execute in order**. test
calls will boot the
given html page in an iframe. Such iframes are run one-at-a-time. All invoked
it
calls await the completion of previously-invoked it
calls.
**This is not the case if you nest it
--but that's an anti-pattern anyhow.
puppeteer
See test.js
for an example of how you can use puppeteer
to run your app's
tests and log the resulting TAP output to the console.
There are many TAP formatters. Importantly, as long as you can pipe the TAP output to another program, the output should be interoperable.
FAQs
a simple, tap-compliant test runner for the browser
The npm package @netflix/x-test receives a total of 19 weekly downloads. As such, @netflix/x-test popularity was classified as not popular.
We found that @netflix/x-test demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.