contracts-js
Advanced tools
Contracts.js is a contract library for JavaScript that allows you to specify invariants between parts of your code and have them checked at runtime for violations. It's heavily inspired by the contract system found in Racket and tracks blame correctly for higher-order values.
For example, you can specify the that following function takes two
arguments, one that is an object with a string name field and the
other that is an array filled with objects that have a loc number
field, and returns a string.
import @ from "contracts.js"
@ ({name: Str}, [...{loc: Num}]) -> Str
function calcAverageLoc(person, locArr) {
var sum = locArr.reduce(function (l1, l2) {
return l1.loc + l2.loc;
});
return "Average lines of code for " +
person.name + " was " +
sum / locArr.length;
}
If you call the function with a bad argument:
var typoPerson = {nam: "Bob"};
calcAverageLoc(typoPerson, [{loc: 1000}, {loc: 789}, {loc: 9001}]);
you will get a helpful error message pin pointing what went wrong:
calcAverageLoc: contract violation
expected: Str
given: undefined
in: the name property of
the 1st argument of
({name: Str}, [....{loc: Num}]) -> Str
function calcAverageLoc guarded at line: 4
blaming: (calling context for calcAverageLoc)
You can play around with this and other examples on the homepage.
Uses sweet.js which you can install via npm:
npm install -g sweet.js
npm install contracts-js
At the top of your file you will need to use some special syntax to import contracts.js:
import @ from "contracts.js"
// rest of your code goes here...
This looks like ES6 modules but it's not really and will work with whatever module system you are using (if any). See here for details.
Compile your JavaScript file with sweet.js using the contracts.js module:
sjs --module contracts-js/macros -o output.js input.js
Then run your output.js file in any JavaScript environment. Some
features of contracts.js (eg. proxied objects and arrays) require ES6
features which not every JavaScript engine supports right now (any
recent version of Firefox is fine along with node.js/V8 with the
--harmony flag enabled).
Contracts.js is documented here.
FAQs
A contract library for JavaScript
The npm package contracts-js receives a total of 2 weekly downloads. As such, contracts-js popularity was classified as not popular.
We found that contracts-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.