Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
chai-spies
Advanced tools
This is an addon plugin for the chai assertion library. It provides the most basic function spy ability and tests.
This library is primarily meant to serve as a starting point for anyone interested in developing chai plugins. If developing a module, you are welcome to use this as a starting point. I also encourage the use of the compile tools to allow modules to work both in node.js and the browser.
Chai spies are available on npm.
$ npm install chai-spies
Include chai-spies.js
after including chai.js
.
<script src="chai-spies.js"></script>
If you are using chai-spies
in the browser, there is nothing you need to do. It will detect chai
in the global
namespace and automatically get used.
If you are using node, here is a useful bit.
const chai = require('chai')
, spies = require('chai-spies');
chai.use(spies);
const should = chai.should()
, expect = chai.expect;
If using TypeScript, this is how you can import chai-spies
.
import { expect } from 'chai';
import spies from 'chai-spies';
chai.use(spies);
Currently this package uses rollup to bundle source code. Just use npm run build
to build browser version.
In this module, a spy is either an empty function, or a wrapped named function. Once chai has been extended, you can create a spy through chai's own interface.
function original () {
// do something cool
}
const spy = chai.spy(original);
// then use in place of original
ee.on('some event', spy);
// or use without original
const spyAgain = chai.spy();
ee.on('some other event', spyAgain);
spy.on
allows to add spy on existing method of an object
const array = [1, 2, 3];
chai.spy.on(array, 'push');
// or multiple spies
chai.spy.on(array, ['push', 'pop']);
It's also possible to provide custom implementation of spied method:
chai.spy.on(array, 'push', function (...items) {
// custom implementation of `push` method
});
Using arrow functions, it's also easy to replace method implementation with constant:
chai.spy.on(array, 'push', () => 5);
// or more readable :)
chai.spy.on(array, 'push', returns => 5);
This method creates a mock (or spy object): an interface with spies on each of the object's methods. The object's methods have either fake implementations or no implementation.
// with no implementation
const arrayLike = chai.spy.interface('arrayLike', ['push', 'pop', 'filter']);
// with fake implementation
const arrayLike = chai.spy.interface({
push(item) {
this.__items = this.__items || [];
return this.__items.push(item)
},
// other method implementations
});
arrayLike.push(5);
chai.spy.returns
is just a simple helper which creates a function that returns constant:
const returnTrue = chai.spy.returns(true);
returnTrue(); // true
Better to use arrow function:
const returnTrue = chai.spy(returns => true);
Sandbox is a set of spies. Sandbox allows to track methods on objects and restore original methods with on restore
call.
To create sandbox:
const sandbox = chai.spy.sandbox();
describe('Array', () => {
let array;
beforeEach(() => {
array = [];
sandbox.on(array, ['push', 'pop']);
});
afterEach(() => {
sandbox.restore(); // restores original methods on `array`
})
it('allows to add items', () => {
array.push(1);
expect(array.push).to.have.been.called.with(1);
});
});
chai.spy.on
and chai.spy.restore
are bound to default sandbox.
So to restore all methods spied by chai.spy.on
, just call chai.spy.restore()
(without arguments).
restore
method accepts 2 optional arguments: object to restore and method or methods to restore. So, this calls are also valid:
const array = [1, 2, 3];
chai.spy.on(array, ['push', 'pop']);
chai.spy.restore(array) // restores all methods on object
chai.spy.restore(array, 'push') // restores only `push` method
Asserts that object is a spy.
expect(spy).to.be.spy;
spy.should.be.spy;
Assert that a spy has been called. Negation passes through.
expect(spy).to.have.been.called();
spy.should.have.been.called();
Note that called
can be used as a chainable method.
Assert that a spy has been called with a given argument at least once, even if more arguments were provided.
spy('foo');
expect(spy).to.have.been.called.with('foo');
spy.should.have.been.called.with('foo');
Will also pass for spy('foo', 'bar')
and spy(); spy('foo')
.
If used with multiple arguments, assert that a spy has been called with all the given arguments at least once.
spy('foo', 'bar', 1);
expect(spy).to.have.been.called.with('bar', 'foo');
spy.should.have.been.called.with('bar', 'foo');
Similar to .with, but will pass only if the list of arguments is exactly the same as the one provided.
spy();
spy('foo', 'bar');
expect(spy).to.have.been.called.with.exactly('foo', 'bar');
spy.should.have.been.called.with.exactly('foo', 'bar');
Will not pass for spy('foo')
, spy('bar')
, spy('bar'); spy('foo')
, spy('foo'); spy('bar')
, spy('bar', 'foo')
or
spy('foo', 'bar', 1)
.
Can be used for calls with a single argument too.
Assert that every time the spy has been called the argument list contained the given arguments.
spy('foo');
spy('foo', 'bar');
spy(1, 2, 'foo');
expect(spy).to.have.been.called.always.with('foo');
spy.should.have.been.called.always.with('foo');
Assert that the spy has never been called with a different list of arguments than the one provided.
spy('foo');
spy('foo');
expect(spy).to.have.been.called.always.with.exactly('foo');
spy.should.have.been.called.always.with.exactly('foo');
Asserts that the nth call of the spy has been made with the list of arguments provided. This assertion comes with other three flavors:
spy('foo');
spy('bar');
spy('baz');
spy('foobar');
expect(spy).to.have.been.first.called.with('foo');
spy.should.have.been.first.called.with('foo');
expect(spy).on.nth(5).be.called.with('foobar');
spy.should.on.nth(5).be.called.with('foobar');
These assertions requires the spy to be called at least the number of times required, for example
spy('foo');
spy('bar');
expect(spy).to.have.been.third.called.with('baz');
spy.should.have.been.third.called.with('baz');
Won't pass because the spy has not been called a third time.
Assert that a spy has been called exactly once.
expect(spy).to.have.been.called.once;
expect(spy).to.not.have.been.called.once;
spy.should.have.been.called.once;
spy.should.not.have.been.called.once;
Assert that a spy has been called exactly twice.
expect(spy).to.have.been.called.twice;
expect(spy).to.not.have.been.called.twice;
spy.should.have.been.called.twice;
spy.should.not.have.been.called.twice;
Assert that a spy has been called exactly n
times.
expect(spy).to.have.been.called.exactly(3);
expect(spy).to.not.have.been.called.exactly(3);
spy.should.have.been.called.exactly(3);
spy.should.not.have.been.called.exactly(3);
Assert that a spy has been called minimum of n
times.
expect(spy).to.have.been.called.min(3);
expect(spy).to.not.have.been.called.at.least(3);
spy.should.have.been.called.at.least(3);
spy.should.not.have.been.called.min(3);
Assert that a spy has been called maximum of n
times.
expect(spy).to.have.been.called.max(3);
expect(spy).to.not.have.been.called.at.most(3);
spy.should.have.been.called.at.most(3);
spy.should.not.have.been.called.max(3);
Assert that a spy has been called more than n
times.
expect(spy).to.have.been.called.above(3);
expect(spy).to.not.have.been.called.gt(3);
spy.should.have.been.called.gt(3);
spy.should.not.have.been.called.above(3);
Assert that a spy has been called fewer than n
times.
expect(spy).to.have.been.called.below(3);
expect(spy).to.not.have.been.called.lt(3);
spy.should.have.been.called.lt(3);
spy.should.not.have.been.called.below(3);
Tests are written using mocha in the BDD interface.
Node tests can be executed using npm test
. Browser tests can be seen by opening test/browser/index.html
.
project : chai-spies
repo age : 3 years, 2 months
active : 26 days
commits : 77
files : 12
authors :
48 Jake Luer 62.3%
7 Glenn Jorde 9.1%
4 Keith Cirkel 5.2%
3 = 3.9%
3 Sergiy Stotskiy 3.9%
2 JamesMaroney 2.6%
2 PG Herveou 2.6%
2 Ryckes 2.6%
1 Veselin Todorov 1.3%
1 Steffen 1.3%
1 Daniel Walker 1.3%
1 Domenic Denicola 1.3%
1 Andre Jaenisch 1.3%
1 PG 1.3%
(The MIT License)
Copyright (c) 2012 Jake Luer jake@alogicalparadox.com
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Spies for the Chai assertion library.
The npm package chai-spies receives a total of 66,371 weekly downloads. As such, chai-spies popularity was classified as popular.
We found that chai-spies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.