Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Fluent (i.e. chainable) syntax for generating vows tests against RESTful APIs.
A fluent (i.e. chainable) syntax for generating vows tests against RESTful APIs.
$ curl http://npmjs.org/install.sh | sh
$ [sudo] npm install api-easy
APIeasy is designed to be a simple way to test RESTful APIs in node.js and Javascript. The primary design goal was to reduce the number of lines of test code required to fully cover all primary and edge use cases of a given API over HTTP.
Most of the documentation for this library is available through the annotated source code, available here thanks to jashkenas and docco. If you're not feeling up for that, just keep reading here. tldr;? Read how to use APIeasy in your own projects
If you're going to use APIeasy (and I hope you do), it's worth taking a moment to understand the way that vows manages flow control. Read up here on vowsjs.org (Under "Structure of a test suite"), or just remember vows uses this grammatical structure:
Suite → Batch*
Batch → Context*
Context → Topic? Vow* Context*
Got it? Good. There is a 1-to-1 relationship between a APIeasy suite and a vows suite; APIeasy is essentially a simpler syntax to manage a particular set of vows-based tests that conform to this pattern:
Here's a sample of the boilerplate code that APIeasy eliminates:
var request = require('request'),
vows = require('vows'),
assert = require('assert');
vows.describe('your/awesome/api').addBatch({
"When using your awesome api": {
"and your awesome resource": {
"A POST to /awesome": {
topic: function () {
request({
uri: 'http://localhost:8080/awesome',
method: 'POST',
body: JSON.stringify({ test: 'data' }),
headers: {
'Content-Type': 'application/json'
}
}, this.callback)
},
"should respond with 200": function (err, res, body) {
assert.equal(res.statusCode, 200);
},
"should respond with ok": function (err, res, body) {
var result = JSON.parse(body);
assert.equal(result.ok, true);
},
"should respond with x-test-header": function (err, res, body) {
assert.include(res.headers, 'x-test-header');
}
}
}
}
}).export(module);
This same code can be implemented like this using APIeasy:
var APIeasy = require('api-easy'),
assert = require('assert');
var suite = APIeasy.describe('your/awesome/api');
suite.discuss('When using your awesome API')
.discuss('and your awesome resource')
.use('localhost', 8080)
.setHeader('Content-Type', 'application/json')
.post({ test: 'data' })
.expect(200, { ok: true })
.expect('should respond with x-test-header', function (err, res, body) {
assert.include(res.headers, 'x-test-header');
})
.export(module);
## Using APIeasy in your own project
There are two ways to use APIeasy in your own project:
If you've used the npm test
command in npm before, this should be nothing new. You can read more about the npm test command here. All you need to do is add the following to your package.json
file:
{
"dependencies": {
"api-easy": "0.2.x"
},
"scripts": {
"test": "vows test/*-test.js"
}
}
Note: test/*-test.js
is at your discretion. It's just an expression for all test files in your project.
After adding this to your package.json
file you can run the following to execute your tests:
$ cd path/to/your/project
$ npm install
$ npm test
There is also a full working sample of how to use this approach here.
When you install APIeasy or take it as a dependency in your package.json
file it will not install vows globally, so to use vows you must install it globally.
$ [sudo] npm install vows -g
After installing vows you can simply run it from inside your project:
$ cd /path/to/your/project
$ vows
npm test
FAQs
Fluent (i.e. chainable) syntax for generating vows tests against RESTful APIs.
The npm package api-easy receives a total of 54 weekly downloads. As such, api-easy popularity was classified as not popular.
We found that api-easy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.