Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@pact-foundation/pact-core
Advanced tools
Core of @pact-foundation/pact. You almost certainly don't want to depend on this directly.
@pact-foundation/pact-core is a core library for the Pact framework, which is used for consumer-driven contract testing. It allows developers to define the interactions between services in a contract, ensuring that both the consumer and provider adhere to the agreed-upon contract. This helps in catching integration issues early in the development cycle.
Creating a Pact
This code sample demonstrates how to create a Pact between a consumer and a provider. It sets up the provider, defines an interaction, and verifies that the interaction occurs as expected.
const { Pact } = require('@pact-foundation/pact-core');
const provider = new Pact({
consumer: 'ConsumerService',
provider: 'ProviderService',
});
provider.setup().then(() => {
// Define interactions
provider.addInteraction({
state: 'provider has data',
uponReceiving: 'a request for data',
withRequest: {
method: 'GET',
path: '/data',
},
willRespondWith: {
status: 200,
body: { key: 'value' },
},
});
// Verify the interactions
return provider.verify();
}).then(() => provider.finalize());
Verifying a Pact
This code sample shows how to verify a Pact file against a running provider service. It uses the Verifier class to ensure that the provider adheres to the contract defined in the Pact file.
const { Verifier } = require('@pact-foundation/pact-core');
const verifier = new Verifier({
providerBaseUrl: 'http://localhost:8080',
pactUrls: ['path/to/pact.json'],
});
verifier.verifyProvider().then(output => {
console.log('Pact Verification Complete!');
console.log(output);
}).catch(error => {
console.error('Pact Verification Failed:', error);
});
Publishing Pacts
This code sample demonstrates how to publish Pact files to a Pact Broker. The Publisher class is used to upload the Pact files, making them available for other services to verify.
const { Publisher } = require('@pact-foundation/pact-core');
const publisher = new Publisher({
pactFilesOrDirs: ['path/to/pacts'],
pactBroker: 'http://pact-broker-url',
consumerVersion: '1.0.0',
});
publisher.publishPacts().then(() => {
console.log('Pacts published successfully!');
}).catch(error => {
console.error('Failed to publish pacts:', error);
});
The 'pact' npm package is another implementation of the Pact framework for JavaScript. It provides similar functionalities for consumer-driven contract testing, including creating, verifying, and publishing Pacts. It is more user-friendly and higher-level compared to @pact-foundation/pact-core, which is more low-level and provides core functionalities.
The 'pact-node' package is a Node.js wrapper for the Pact CLI, providing functionalities to create, verify, and publish Pacts. It is similar to @pact-foundation/pact-core but offers a more integrated experience with Node.js, making it easier to use in Node.js environments.
:information_source: Usage notice |
---|
This is a core library, designed for use in the bowels of another package. Unless you are wanting to develop tools for the pact ecosystem, you almost certainly want to install @pact-foundation/pact instead |
A wrapper for the Pact Reference Core Library.
npm install @pact-foundation/pact-core --save-dev
In order to get better statistics as to who is using Pact, we have an anonymous tracking event that triggers when Pact installs for the first time. To respect your privacy, anyone can turn it off by simply adding a 'do not track' flag within their package.json file:
{
"name": "some-project",
...
"config": {
"pact_do_not_track": true
},
...
}
TL;DR - you almost always want Pact JS.
Purpose | Library | Comments |
---|---|---|
Synchronous / HTTP APIs | Pact JS | |
Asynchronous APIs | Pact JS | |
Node.js | Pact JS | |
Browser testing | Pact Web | You probably still want Pact JS. See Using Pact in non-Node environments * |
Isomorphic testing | Pact Web | You probably still want Pact JS. See Using Pact in non-Node environments * |
Publishing to Pact Broker | Pact CLI |
* The "I need to run it in the browser" question comes up occasionally. The question is this - for your JS code to be able to make a call to another API, is this dependent on browser-specific code? In most cases, people use tools like React/Angular which have libraries that work on the server and client side, in which case, these tests don't need to run in a browser and could instead be executed in a Node.js environment.
var pact = require("@pact-foundation/pact-core");
pact.logLevel("debug");
Read more about Verify Pacts.
var pact = require('@pact-foundation/pact-core');
pact.verifyPacts({
...
});
Options:
Parameter | Required? | Type | Description |
---|---|---|---|
providerBaseUrl | true | string | Running API provider host endpoint. |
pactBrokerUrl | false | string | Base URL of the Pact Broker from which to retrieve the pacts. Required if pactUrls not given. |
provider | false | string | Name of the provider if fetching from a Broker |
consumerVersionSelectors | false | ConsumerVersionSelector|array | Use Selectors to is a way we specify which pacticipants and versions we want to use when configuring verifications. |
consumerVersionTags | false | string|array | Retrieve the latest pacts with given tag(s) |
providerVersionTags | false | string|array | Tag(s) to apply to the provider application |
includeWipPactsSince | false | string | Includes pact marked as WIP since this date. String in the format %Y-%m-%d or %Y-%m-%dT%H:%M:%S.000%:z |
pactUrls | false | array | Array of local pact file paths or HTTP-based URLs. Required if not using a Pact Broker. |
providerStatesSetupUrl | false | string | URL to send PUT requests to setup a given provider state |
pactBrokerUsername | false | string | Username for Pact Broker basic authentication |
pactBrokerPassword | false | string | Password for Pact Broker basic authentication |
pactBrokerToken | false | string | Bearer token for Pact Broker authentication |
publishVerificationResult | false | boolean | Publish verification result to Broker (NOTE: you should only enable this during CI builds) |
providerVersion | false | string | Provider version, required to publish verification result to Broker. Optional otherwise. |
enablePending | false | boolean | Enable the pending pacts feature. |
timeout | false | number | The duration in ms we should wait to confirm verification process was successful. Defaults to 30000. |
logLevel | false | LogLevel (string) | Log level. One of "TRACE", "DEBUG", "ERROR", "WARN", "INFO", can be set by LOG_LEVEL env var |
The consumer version selector looks like this:
ConsumerVersionSelector {
tag?: string;
latest?: boolean;
consumer?: string;
deployedOrReleased?: boolean;
deployed?: boolean;
released?: boolean;
environment?: string;
fallbackTag?: string;
branch?: string;
mainBranch?: boolean;
matchingBranch?: boolean;
}
See the Pact Broker documentation on selectors for more information.
To develop this project, simply install the dependencies with npm install --ignore-scripts
, and run npm run watch
to for continual development, linting and testing when a source file changes.
Running npm test
will execute the tests that has the *.spec.js
pattern.
Please search for potential answers or post question on our official Pact StackOverflow.
FAQs
Core of @pact-foundation/pact. You almost certainly don't want to depend on this directly.
We found that @pact-foundation/pact-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.