Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
BDD assertion library.
Lead Maintainer - Colin Ihrig
const Code = require('code');
const expect = Code.expect;
expect(true).to.be.a.boolean().and.to.not.equal(false);
expect('this string').to.only.include(['this', 'string']);
code was created as a direct rewrite of the powerful chai assertions
library. This virtual fork was created for a few reasons. First, chai mixed usage of methods and
properties creates a problematic environment in which it is too easy to forget a method ()
and result
in an assertion that is never executed (and therefor passes incorrectly). This observation was noted by
the must author.
The second reason is that similar to lab, our test runner, we wanted an assertion library that is small, simple, and intuitive - without plugins, extensions, or the overhead of having to support testing in the browser. code provides much of the same functionality in about 300 lines of code that are trivial to read in a few minutes.
And last, we wanted to experiment with some new features that allow deeper integration between the test
runner and assertions library. The first of which are two methods exported (and used by lab) for getting
the total assertions count (which is a measure of the tests comprehensiveness), and by verifying that every
assertion created (e.g. every expect()
call) is also executed. This will alert when a statement like
expect(5).to.be.a.string
is not allowed to remain unnoticed (and fail to throw due to the missing ()
).
Like lab, the goal is to keep this module small and simple. If you need extensibility or other functionality, we recommend looking at the many other excellent assertions libraries available.
See the API Reference.
FAQs
assertion library
We found that code demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.