Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Stop mocking HTTP Requests. Just record and then play them back. See vcr/vcr for the main idea.
After setting up (see below), the basics are:
VCR_MODE=cache
environment variable before running your testsThis will record (and load) all the HTTP responses into the ./_fixtures/
directory.
And when you run the steps again, viola! no network traffic happens.
playback
: (default) only uses the local fixture filescache
: tries to use the recorded response and if not found then it is fetched and then saved (useful when adding new tests)record
: forces HTTP requests and responses are saved to the filesystem (useful for regenerating all the fixtures)You can set the mode either by:
VCR_MODE=record
environment variable when running tests (NodeJS)fetch.configure({mode: 'record'})
(NodeJS or browser)There are separate examples for NodeJS, Jest, and in a browser (PhantomJS or Selenium)
Here is how you would use it in a typical NodeJS app:
// import fetch from 'fetch';
import fetch from 'fetch-vcr';
// Configure where the recordings should be loaded/saved to.
// The path is relative to `process.cwd()` but can be absolute.
fetch.configure({
fixturePath: './_fixtures',
// mode: 'record' <-- This is optional
})
// Use fetch like you would normally
fetch('http://openstax.org')
.then(response => {
console.log(response.ok)
})
Just add the following to package.json
:
"jest": {
"moduleNameMapper": {
"hack-node-fetch": "node-fetch",
"node-fetch": "fetch-vcr"
}
}
Many apps use jsdom
for testing which makes it really easy to add fetch-vcr
. Just replace the global fetch
function with fetchVCR
and you can record/play back the cassettes. See below for an example:
var fs = require('fs')
var jsdom = require('jsdom')
var fetchVCR = require('fetch-vcr')
// Configure the path to find cassettes
fetchVCR.configure({
fixturePath: './_fixtures/'
})
var dom = new jsdom.JSDOM(fs.readFileSync('./jsdom-example.html'), {
runScripts: 'dangerously',
beforeParse: (window) => {
// This changes the fetch global to be fetchVCR
window.fetch = fetchVCR
}
})
It is easy to record HTTP requests in NodeJS and play them back in the browser.
To play them back in a browser, just run fetchVCR.configure({fixturePath: './path/to/_fixtures'})
and fetchVCR
will use that path to load the files via AJAX requests.
To record HTTP requests in a browser you will need to do a little bit of work. Loading fixture files is relatively painless (using XMLHTTPRequest
) but saving them to disk is non-trivial.
In order to save the fixture files to disk you will need to override fetchVCR.saveFile(rootPath, filename, contents) => Promise
.
If you are using PhantomJS you will likely need to use the alert(msg)
to get data out of PhantomJS and then save it to the filesystem (using fs.writeFile(...)
)
FAQs
Stop mocking HTTP Requests. Just record and then play them back
The npm package fetch-vcr receives a total of 4,842 weekly downloads. As such, fetch-vcr popularity was classified as popular.
We found that fetch-vcr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.