Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@smpx/snap-shot-it
Advanced tools
Smarter snapshot utility for Mocha and BDD test runners + data-driven testing!
This tool makes snapshot testing for Mocha (and other BDD)
frameworks quick and painless. This module spies on global it
function,
which allows it to accurately get test information (beating static code parsing
done in snap-shot); it should work in transpiled code.
This package uses snap-shot-compare to display object and text difference intelligently.
This function also includes data-driven testing mode, similar to sazerac, see Data-driven testing section below.
Requires Node version 4 or above.
npm install --save-dev @smpx/snap-shot-it
Example from spec.js
const snapshot = require('@smpx/snap-shot-it')
describe('example', () => {
it('works', () => {
snapshot(add(10, 20))
snapshot('a text message')
return Promise.resolve(42).then(snapshot)
})
})
Run Mocha tests, then open the created snapshots/spec.js file
exports['example works 1'] = 30
exports['example works 2'] = "a text message"
exports['example works 3'] = 42
Suppose you change the resolved value from 42
to 80
const snapshot = require('@smpx/snap-shot-it')
describe('example', () => {
it('works', () => {
snapshot(add(10, 20))
snapshot('a text message')
return Promise.resolve(80).then(snapshot)
})
})
The test will fail
1) example works:
Error: 42 !== 80
The error message should intelligently handle numbers, objects, arrays, multi-line text, etc.
This is read from package.json. See below for format fo config.
{
"snap-shot-it": {
"useRelativePath": true,
"extension": ".js.snap"
}
}
This is how it is used along with env vars to send to snap-shot-core
const config = require(process.cwd() + '/package.json')['snap-shot-it'] || {}
const EXTENSION = config.extension || '.js'
const opts = {
show: Boolean(process.env.SHOW),
dryRun: Boolean(process.env.DRY),
update: Boolean(process.env.UPDATE),
ci: Boolean(process.env.CI),
useRelativePath: Boolean(config.useRelativePath),
}
You can see the saves snapshot values by running with environment variable
SNAPSHOT_SHOW=1 npm test
You can see snapshot values without writing them into the snapshot file
SNAPSHOT_DRY=1 npm test
You can update snapshot values
SNAPSHOT_UPDATE=1 npm test
By default, the snapshots are saved sorted alphabetically. You can skip sorting using an environment variable
SNAPSHOT_SKIP_SORTING=1 npm test
Renaming tests might lead to confusion and pruning snapshots. You can name the snapshots yourself
const value = 42
snapshot('my name', value)
The snapshots will be saved as
exports['my name'] = 42
Note you should make sure that the name is unique per spec file.
If you have lots of tests in a single file and you want to break down the snapshots into chunks. You can specifiy a chunk
parameter.
// File: specs.test.js
const someIdentifier = 'type1'
snapshot({chunk: someIdentifier}, value)
The snapshots will then be saved in file specs.type1.test.js
in the __snapshots__
dir
You can use named snapshots along with chunked snapshots:
// File: specs.test.js
const someIdentifier = 'type1'
snapshot({title: 'my name', chunk: someIdentifier}, value)
const otherIdentifier = 'type2'
snapshot({title: 'my name', chunk: otherIdentifier}, value)
The snapshots will then be saved as:
// File: __snapshots__/specs.type1.test.js
exports['my name [type1]'] = 42
// File: __snapshots__/specs.type2.test.js
exports['my name [type2]'] = 42
The chunk is automatically added to the title so need to do that.
If the test run is successful and executed all tests (there was no .only
) then snapshots without a test are pruned.
Writing multiple input / output pairs for a function under test quickly becomes tedious. Luckily, you can test a function by providing multiple inputs and a single snapshot of function's behavior will be saved.
// checks if n is prime
const isPrime = n => ...
it('tests prime', () => {
snapshot(isPrime, 1, 2, 3, 4, 5, 6, 7, 8, 9)
})
The saved snapshot file will have clear mapping between given input and produced result
// snapshot file
exports['tests prime 1'] = {
"name": "isPrime",
"behavior": [
{
"given": 1,
"expect": false
},
{
"given": 2,
"expect": true
},
{
"given": 3,
"expect": true
},
{
"given": 4,
"expect": false
},
{
"given": 5,
"expect": true
},
...
]
}
You can also test functions that expect multiple arguments by providing arrays of inputs.
const add = (a, b) => a + b
it('checks behavior of binary function add', () => {
snapshot(add, [1, 2], [2, 2], [-5, 5], [10, 11])
})
Again, the snapshot file gives clear picture of the add
behavior
// snapshot file
exports['checks behavior of binary function add 1'] = {
"name": "add",
"behavior": [
{
"given": [
1,
2
],
"expect": 3
},
{
"given": [
2,
2
],
"expect": 4
},
{
"given": [
-5,
5
],
"expect": 0
},
{
"given": [
10,
11
],
"expect": 21
}
]
}
See src/data-driven-spec.js for more examples.
Run with environment variable DEBUG=snap-shot-it ...
to see log messages.
Because under the hood it uses snap-shot-core you might
want to show messages from both libraries with DEBUG=snap-shot* ...
An example using ts-mocha is shown in folder ts-demo
CoffeeScript example is in coffee-demo folder. Watch mode is working properly.
Came during WorkBar Cambridge Happy Hour on the terrace as I was thinking about
difficulty of adding CoffeeScript / TypeScript support to
snap-shot project. Got the idea of overriding global.it
when
loading snap-shot
because a day before I wrote repeat-it
which overrides it and it is very simple repeat/src/index.js.
This NPM module is part of my experiments with snapshot testing. There are lots of other ones, blog posts and slides on this topic.
Author: Gleb Bahmutov <gleb.bahmutov@gmail.com> © 2017
License: MIT - do anything with the code, but don't blame me if it does not work.
Support: if you find any problems with this module, email / tweet / open issue on Github
Copyright (c) 2017 Gleb Bahmutov <gleb.bahmutov@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Smarter snapshot utility for Mocha and BDD test runners
We found that @smpx/snap-shot-it demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.