Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@types/sinon
Advanced tools
The @types/sinon package provides TypeScript type definitions for Sinon.js, a standalone test spies, stubs, and mocks for JavaScript. It enables developers using TypeScript to get compile-time type checking and IntelliSense support when working with Sinon.js, ensuring that they use the Sinon.js API correctly.
Spies
Spies are functions that record arguments, return value, the value of this, and exception thrown (if any) for all its calls. Useful for testing your functions are called correctly.
const spy = sinon.spy();
spy('Hello', 'World');
console.log(spy.firstCall.args); // Logs: ['Hello', 'World']
Stubs
Stubs are like spies, but they can replace the target function. They can be used to control a method's behavior without affecting the rest of your code's execution.
const stub = sinon.stub().returns('Hello World');
console.log(stub()); // Logs: 'Hello World'
Mocks
Mocks combine spies and stubs. They are fake methods (like stubs) with pre-programmed behavior (like spies) as well as pre-programmed expectations. A mock will fail your test if it is not used as expected.
const myAPI = { method: function () {} };
const mock = sinon.mock(myAPI);
mock.expects('method').once().returns('Hello World');
myAPI.method(); // Satisfies the expectation
mock.verify();
Jest is a delightful JavaScript Testing Framework with a focus on simplicity. It works out of the box for any React project and supports features like Mock Functions similar to Sinon but integrated into its test runner. Jest's mocking capabilities are built-in, which means you don't need to install additional packages for mocking.
Chai is a BDD / TDD assertion library for node and the browser that can be delightfully paired with any javascript testing framework. It's similar to Sinon in that it's often used in testing environments, but Chai focuses more on assertions whereas Sinon provides tools for spies, stubs, and mocks. Chai can be used alongside Sinon for a more complete testing setup.
Jasmine is a behavior-driven development framework for testing JavaScript code. It does not require a DOM, and it has a clean, obvious syntax so that you can easily write tests. Jasmine comes with spies and support for stubs and mocks, similar to Sinon, but it is a full testing framework rather than just a mocking library.
npm install --save @types/sinon
This package contains type definitions for sinon (https://sinonjs.org).
Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon.
These definitions were written by William Sears, Nico Jansen, James Garbutt, Greg Jednaszewski, John Wood, Alec Flett, Simon Schick, and Mathias Schreck.
FAQs
TypeScript definitions for sinon
The npm package @types/sinon receives a total of 2,494,693 weekly downloads. As such, @types/sinon popularity was classified as popular.
We found that @types/sinon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.