Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Chakram is an API testing framework designed to test JSON REST endpoints. The library offers a BDD testing style and fully exploits javascript promises
Chakram is an API testing framework designed to perform end to end tests on JSON REST endpoints.
The library offers a BDD testing style and fully exploits javascript promises - the resulting tests are simple, clear and expressive. Chakram is built on node.js, mocha and chai.
This readme offers an introduction to the library. For more information, visit Chakram's documentation and tests which demonstrate all of Chakram's capabilities. In addition, example tests of publicly accessible APIs are available in the examples directory. If required, assistance can be found in the project's gitter chat room.
Awesome plugins from the community:
We would love to see more plugins! If you have a plugin, please add it to the list.
Chakram requires Node.js and npm to be installed. It is available as an npm module. Ideally, Chakram should be added to your testing project's devDependencies. This can be achieved with the following command:
npm install chakram --save-dev
Chakram builds on top of the mocha testing framework. As such, the tests follow mocha's BDD style. The following sections introduce the various aspects of writing a Chakram test.
Chakram makes use of the request library and as such boasts a comprehensive request capability. Chakram exposes helper methods for the most common HTTP request verbs. The methods typically require the URL as the first parameter, the request body (if applicable) as the second parameter and any request options as an optional last parameter. For full documentation of the request methods see here. The request methods return a promise which resolves to a Chakram response object.
Below is an example of making a HTTP GET request:
var chakram = require('chakram');
describe("Chakram", function() {
it("should offer simple HTTP request capabilities", function () {
return chakram.get("http://httpbin.org/get");
});
});
Chakram offers a range of HTTP specific assertions which can test the information returned from API requests. Chakram offers a BDD testing style through Chakram's expect
interface.
When testing API responses, pass the request promise as an argument into chakram.expect. This will return an object which exposes the Chakram and Chai assertions. Perform an assertion by calling the desired Chakram assertion method. Chai properties can be used as a prefix to the assertion, improving the test's readability.
The assertion is performed once the response is received (i.e. the request promise is fulfilled). Chakram assertions return a promise which resolve to a Chakram response object once the test has been performed.
Below is an example of testing the status code of a HTTP GET request:
var chakram = require('chakram'),
expect = chakram.expect;
describe("Chakram", function() {
it("should provide HTTP specific assertions", function () {
var response = chakram.get("http://httpbin.org/get");
return expect(response).to.have.status(200);
});
});
In addition to the HTTP specific assertions, chakram.expect exposes all of Chai's BDD properties and methods. Documentation for the HTTP specific assertions can be seen here.
As this library focuses on testing REST APIs, the tests are naturally asynchronous. Mocha has native support for promises, which Chakram exploits. Returning a promise from an it
callback will cause the test to wait until the promise resolves before continuing. Chakram's requests and expectations return promises which fulfill to Chakram response objects. These promises can be returned to ensure the test waits for them to complete (as can be seen in the previous two examples).
It is important that tests wait for all requests and assertions to be completed. To help, chakram includes a wait method. This returns a promise which will be fulfilled once all assertions have been performed. Furthermore, Chakram will fail any tests which do not wait for assertions to complete. Below is a test using the wait method.
var chakram = require('chakram'),
expect = chakram.expect;
describe("Chakram", function() {
it("should provide a simple async testing framework", function () {
var response = chakram.get("http://httpbin.org/get");
expect(response).to.have.status(200);
expect(response).not.to.have.header('non-existing-header');
return chakram.wait();
});
});
Due to the use of promises, complex tests can be written requiring chains of requests and assertions. An example can be seen below:
describe("Chakram", function () {
it("should support sequential API interaction", function () {
var artist = "Notorious B.I.G.";
return chakram.get("https://api.spotify.com/v1/search?q="+artist+"&type=artist")
.then(function (searchResponse) {
var bigID = searchResponse.body.artists.items[0].id;
return chakram.get("https://api.spotify.com/v1/artists/"+bigID+"/top-tracks?country=GB");
})
.then(function (topTrackResponse) {
var topTrack = topTrackResponse.body.tracks[0];
expect(topTrack.name).to.contain("Old Thing Back");
});
});
});
Chakram exposes three promise related methods:
To run Chakram tests, install the Mocha testing framework globally (or as a dev dependency):
npm install -g mocha
Once installed, run the tests using the Mocha command line, which in its simplest form is:
mocha path/to/tests
Test results can be exported in multiple formats, Mocha's builtin formats are described here and export plugins for Mocha are available on NPM.
New assertions can be easily added to Chakram. The plugin tests demonstrate how properties and methods can be added. Further information is available in Chai's plugin documentation.
Issues, pull requests and questions are welcomed.
npm test
)1.5.0
responsetime
assertion #58responseTime
to ChakramResponseObject
#60del
alias #61FAQs
Chakram is an API testing framework designed to test JSON REST endpoints. The library offers a BDD testing style and fully exploits javascript promises
We found that chakram demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.