Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
BDD assertion library.
Lead Maintainer - Colin Ihrig
const Code = require('code');
const expect = Code.expect;
expect(true).to.be.a.boolean().and.to.not.equal(false);
expect('this string').to.only.include(['this', 'string']);
code was created as a direct rewrite of the powerful chai assertions
library. This virtual fork was created for a few reasons. First, chai mixed usage of methods and
properties creates a problematic environment in which it is too easy to forget a method ()
and result
in an assertion that is never executed (and therefor passes incorrectly). This observation was noted by
the must author.
The second reason is that similar to lab, our test runner, we wanted an assertion library that is small, simple, and intuitive - without plugins, extensions, or the overhead of having to support testing in the browser. code provides much of the same functionality in about 300 lines of code that are trivial to read in a few minutes.
And last, we wanted to experiment with some new features that allow deeper integration between the test
runner and assertions library. The first of which are two methods exported (and used by lab) for getting
the total assertions count (which is a measure of the tests comprehensiveness), and by verifying that every
assertion created (e.g. every expect()
call) is also executed. This will alert when a statement like
expect(5).to.be.a.string
is not allowed to remain unnoticed (and fail to throw due to the missing ()
).
Like lab, the goal is to keep this module small and simple. If you need extensibility or other functionality, we recommend looking at the many other excellent assertions libraries available.
See the API Reference.
FAQs
assertion library
The npm package code receives a total of 4,692 weekly downloads. As such, code popularity was classified as popular.
We found that code demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.