Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@tapjs/mock
Advanced tools
@tapjs/mock
A default tap plugin adding t.mockRequire()
, t.mockImport()
,
and t.createMock()
This plugin is installed with tap by default. If you had
previously removed it, you can tap plugin add @tapjs/mock
to
bring it back.
This is the way to do dependency injection at the module level. When the loaded module, or anything it loads, loads something that you've mocked, it'll get your mock instead of the real thing. Useful for getting into those hard to trigger code paths.
// test.mts
import t from 'tap'
t.test('handls stat failure by throwing', async t => {
const mockStatSync = (p: string) => {
t.equal(p, 'filename.txt')
throw Object.assign(new Error('expected error'), { code: 'ENOENT' })
}
// do 'as typeof import(...)' so that TS knows what it returns
const thingThatDoesStat = await t.import(
'../dist/my-statty-thing.js',
{ 'node:fs': { statSync: mockStatSync } }
) as typeof import('../dist/my-statty-thing.js')
t.throws(() => thingThatDoesStat('filename.txt'), {
message: 'expected error',
code: 'ENOENT',
})
})
t.mockImport(module, [mocks]): Promise<any>
Load the module with import()
. If any mocks are provided, then
they'll override the module's imported deps. This works for both
ESM and CommonJS modules.
t.mockRequire(module, [mocks]): any
Same as t.mockImport()
, but synchronously using require()
instead. This only works with CommonJS, and only mocks CommonJS
modules loaded.
t.createMock(originalModule, mockOverrides): mockedModule
Sometimes you only want to override one function or property, perhaps buried deep within a module's exports, but leave all the rest of it intact.
This function makes it easy to do that.
import * from 'tap'
import * as FS from 'node:fs'
t.test('situation where we get a bogus file descriptor', async t => {
const { thing } = await t.mockImport(
'../dist/my-thing.js',
{ 'node:fs': t.createMock(FS, { openSync: () => true }) }
) as typeof import('../dist/my-thing.js')
t.throws(() => thing(), {
// imagine this is the error we get for some reason
message: 'got non-numeric file descriptor: true',
})
})
The t.mockImport()
function relies on the @tapjs/mock/loader
loader being used, which this plugin adds to tap's set of
loaders.
If you run tests directly with node, and they use t.mockImport
then you'll have to include --loader=@tapjs/mock/loader
to the
command line arguments ahead of the main script filename.
FAQs
tap plugin adding t.mockRequire() and t.mockImport()
The npm package @tapjs/mock receives a total of 52,062 weekly downloads. As such, @tapjs/mock popularity was classified as popular.
We found that @tapjs/mock demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.