Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@refinableco/synpress
Advanced tools
Synpress in an wrapper around Cypress test runner which extends its capabilities with conjunction of Puppeteer. It's used used across Synthetix projects.
Synpress is a wrapper around Cypress.io with metamask support thanks to puppeteer.
Synpress makes sure to always use latest version of metamask before tests are ran.
It also provides an easy way to use metamask straight from your e2e tests.
For usage examples, feel free to take a look at kwenta, staking or synpress repository.
For additional custom commands and their examples, check here.
To see in which direction Synpress is headed to, take a look at this planning board.
Features:
Project structure:
project_dir
└── src
└── tests
└── e2e
└── .eslintrc.js
└── tsconfig.json
└── specs
└── example-spec.js
└── pages
└── example-page.js
.eslintrc.js
inside your tests folder (/project_dir/tests/e2e
):const path = require('path');
const synpressPath = path.join(process.cwd(), '/node_modules/@synthetixio/synpress');
module.exports = {
extends: `${synpressPath}/.eslintrc.js`,
};
tsconfig.json
inside your tests folder (/project_dir/tests/e2e
):{
"compilerOptions": {
"allowJs": true,
"baseUrl": "../../node_modules",
"types": ["cypress", "@types/puppeteer-core", "@synthetixio/synpress/support", "cypress-wait-until", "@testing-library/cypress"],
"outDir": "./output"
},
"include": ["**/*.*"]
}
If you would like to use custom paths for your tests and configs, feel free to mirror default synpress config and modify it for your needs. Then you can direct synpress to use it with --configFile
flag.
For example: synpress run --configFile __tests__/e2e/customConfig.json
Synpress doesn't seem to communicate with metamask properly if "chromeWebSecurity": false
flag is set. More about it here.
Tests work only in headed mode because extensions are not supported in headless mode in puppeteer and Cypress. It's intended to be used in conjunction with xvfb
on CI.
There is a global before()
which runs metamask setup before all tests:
kovan
) or creates custom network and changes to it (depending on your setup)It requires environmental variable called SECRET_WORDS
to be present in following format => 'word1, word2, etc..'
or private key in an environmental variable called PRIVATE_KEY
.
To change default network (kovan
), you can use NETWORK_NAME
environmental variable, for example: NETWORK_NAME=rinkeby
.
Available choices are: mainnet
, ropsten
, kovan
, rinkeby
, goerli
and localhost
.
To create and switch to custom network at metamask setup phase, use these:
NETWORK_NAME
=> ex: synthetix
RPC_URL
=> ex: https://synthetix-node.io
CHAIN_ID
=> ex: 123
SYMBOL
(optional) => ex: SNX
BLOCK_EXPLORER
(optional) => ex: https://synthetix-explorer.io
IS_TESTNET
(optional) => ex: false
Metamask version is hardcoded and frequently updated under supervision to avoid a case when e2e tests break because of CSS classes changes in new version, so all you need is to keep synpress updated in your project. However, you can still override metamask with METAMASK_VERSION
environmental variable, for example: METAMASK_VERSION=9.3.0
or METAMASK_VERSION=latest
.
If you don't want to use environmental variables, you can modify setupMetamask()
to following:
setupMetamask(secretWordsOrPrivateKey, network, password)
, for example: setupMetamask('word1, word2, etc..', 'mainnet', 'password')
.
You can also add and switch to custom network by passing an object
instead of string
inside setupMetamask(secretWordsOrPrivateKey, network, password)
function for network
parameter.
If you want to use Etherscan API helpers, you will have to provide Etherscan API key using ETHERSCAN_KEY
enironmental variable.
To fail a test if there are any browser console errors, set FAIL_ON_ERROR
to 1
or true
.
Automatic waiting for XHR requests to finish before tests start can be turned off with CYPRESS_SKIP_RESOURCES_WAIT
environmental variable, set it to 1
or true
.
If you want to skip metamask extension installation or metamask setup, you can use SKIP_METAMASK_INSTALL
and SKIP_METAMASK_SETUP
separately. Both variables accept 1
or true
.
synpress run
to run testssynpress open
to open Cypress UI (may be bugged in some cases because it doesn't clear metamask state before each e2e test, please use synpress run
)Command line interface (synpress help
):
Usage: synpress run [options]
launch tests
Options:
-b, --browser <name> run on specified browser (default: "chrome")
-c, --config <config> set configuration values, separate multiple values with a comma
-cf, --configFile <path> specify a path to a JSON file where configuration values are set
-e, --env <env=val> set environment variables, separate multiple values with comma
-s, --spec <path or glob> run only provided spec files
-ne, --noExit keep runner open after tests finish
-pr, --project <path> run with specific project path
-q, --quiet only test runner output in console
-r, --reporter <reporter> specify mocha reporter
-ro, --reporterOptions <options> specify mocha reporter options, separate multiple values with comma
-r, --record [dashboard] record video of tests running after setting up your project to record
-k, --key <key> [dashboard] set record key
-p, --parallel [dashboard] run recorded specs in parallel across multiple machines
-g, --group <name> [dashboard] group recorded tests together under a single run
-t, --tag <name> [dashboard] add tags to dashboard for test run
-h, --help display help for command
Usage: synpress open [options]
launch test runner UI
Options:
-cf, --configFile <path> specify a path to a JSON file where configuration values are set
-h, --help display help for command
dev
branch to master
branch-beta
version is automatically released)patch|minor|major
depending on your needs to promote your build.Alternatively, instead of running GitHub Action for release, you can move on with manual release process:
master
branch and pull latest changesnpm run release:patch/minor/major
commanddev
branch up to date with master
Above actions will lead to:
FAQs
Synpress in an wrapper around Cypress test runner which extends its capabilities with conjunction of Puppeteer. It's used used across Synthetix projects.
We found that @refinableco/synpress demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.