Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@stylable/core-test-kit
Advanced tools
@stylable/core-test-kit
is a collection of utilities aimed at making testing Stylable core behavior and functionality easier.
An assortment of Chai
matchers used by Stylable.
flat-match
- flattens and matches passed argumentsresults
- test Stylable transpiled style rules outputA collection of tools used for testing Stylable diagnostics messages (warnings and errors).
expectWarnings
- processes a Stylable input and checks for diagnostics during processingexpectWarningsFromTransform
- checks for diagnostics after a full transformationshouldReportNoDiagnostics
- helper to check no diagnostics were reportedUsed for setting up Stylable instances (processor
/transformer
) and their infrastructure:
generateInfra
- create Stylable basic in memory infrastructure (resolver
, requireModule
, fileProcessor
)generateStylableResult
- genetare transformation results from in memory configurationgenerateStylableRoot
- helper over generateStylableResult
that returns the outputAst
generateStylableExports
- helper over generateStylableResult
that returns the exports
mappingtestInlineExpects
utilityExposes testInlineExpects
for testing transformed stylesheets that include inline expectation comments. These are the most common type of core tests and the recommended way of testing the core functionality.
Rule checking (place just before rule) supporting multi-line declarations and multiple @checks
statements
LABEL: <string>
- label for the test expectationOFFEST: <number>
- offest for the tested rule after the @check
SELECTOR: <string>
- output selectorDECL: <string>
- declaration nameVALUE: <string>
- declaration valueFull options:
/* @check(LABEL)[OFFEST] SELECTOR {DECL: VALUE} */
Basic - @check SELECTOR
/* @check header::before */
header::before {}
With declarations - @check SELECTOR {DECL1: VALUE1; DECL2: VALUE2;}
This will check full match and order.
.my-mixin {
color: red;
}
/* @check .entry__container {color: red;} */
.container {
-st-mixin: my-mixin;
}
Target generated rules (mixin) - @check[OFFEST] SELECTOR
.my-mixin {
color: blue;
}
/*
@check[1] .entry__container:hover {color: blue;}
*/
.container {
-st-mixin: my-mixin;
}
Support atrule params (anything between the @atrule and body or semicolon):
/* @check screen and (min-width: 900px) */
@media value(smallScreen) {}
Here we are generating a Stylable AST which lncludes the /* @check SELECTOR */
comment to test the root class selector target.
The testInlineExpects
function performs that actual assertions to perform the test.
it('...', ()=>{
const root = generateStylableRoot({
entry: `/style.st.css`,
files: {
'/style.st.css': {
namespace: 'ns',
content: `
/* @check .ns__root */
.root {}
`
},
});
testInlineExpects(root, 1);
})
Exposes two utility functions (matchRuleAndDeclaration
and matchAllRulesAndDeclarations
) used for testing Stylable generated AST representing CSS rules and declarations.
Copyright (c) 2019 Wix.com Ltd. All Rights Reserved. Use of this source code is governed by a MIT license.
FAQs
Stylable core test-kit
The npm package @stylable/core-test-kit receives a total of 227 weekly downloads. As such, @stylable/core-test-kit popularity was classified as not popular.
We found that @stylable/core-test-kit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.