Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
fake-xml-http-request
Advanced tools
This library provide a fake XMLHttpRequest object for testing browser-based libraries. It is partially extracted (and in many places simplified) from Sinon.JS and attempts to match the behavior of XMLHttpRequest specification.
Sinon includes much more than just a fake XHR object which is useful in situations where you may not need mocks, spies, stubs, or fake servers.
In addition to matching the native XMLHttpRequest's API, FakeXMLHttpRequest
adds a respond
function that takes three arguments: a HTTP response status
number, a headers object, and a text response body:
// simulate successful response
import FakeXMLHttpRequest from "fake-xml-http-request";
let xhr = new FakeXMLHttpRequest();
xhr.respond(200, {"Content-Type": "application/json"}, '{"key":"value"}');
xhr.status; // 200
xhr.statusText; // "OK"
xhr.responseText; // '{"key":"value"}'
// simulate failed response
xhr = new FakeXMLHttpRequest();
xhr.abort();
There is no mechanism for swapping the native XMLHttpRequest or for recording, finding, or playing back requests. Libraries using FakeXMLHttpRequest should provide this behavior.
Tests are written in QUnit and run through the Karma test runner.
Run with:
karma start
In order to have a more open and welcoming community this project adheres to a code of conduct adapted from the contributor covenant.
Please adhere to this code of conduct in any interactions you have with this project's community. If you encounter someone violating these terms, please let a maintainer (@trek) know and we will address it as soon as possible.
FAQs
test infrastructure for a fake XMLHttpRequest object
We found that fake-xml-http-request demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.