Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Unit-testing for those hard to reach places.
Uses Electron to provide a Mocha unit-testing environment which can be run headlessly or to debugged with DevTools. This was largely inspired by the electron-mocha and mocha-electron projects but didn't quite have the debugging features needed to develop tests.
Install globally:
npm install -g floss electron
Install locally within a project:
npm install floss electron --save-dev
Open tests in an Electron window where test can can be debugged with debugger
and dev tools.
await floss({
path: 'test/*.js',
debug: true
});
The reporter
and reporterOptions
are pass-through options for Mocha to specify a different reporter when running Floss in non-debug mode.
await floss({
path: 'test/*.js',
reporter: 'xunit',
reporterOptions: {
filename: 'report.xml'
}
});
Additional properties can be passed to the test code by adding more values to the run options.
await floss({
path: 'test/*.js',
customUrl: 'http://localhost:8080' // <- custom
});
The test code and use the global options
property to have access to the run options.
console.log(options.customUrl); // logs: http://localhost:8080
Commandline arguments can be passed to Electron directly by using args
. In the example below, you may wan to disable Electron's user-gesture policy if you are testing HTML video or audio playback.
await floss({
path: 'test/index.js',
args: ['--autoplay-policy=no-user-gesture-required']
});
false
.stdout
.spec
.ts-node/register
).--
Command Line usage when installed globally:
floss --path "test/*.js"
Or installed locally:
node node_modules/.bin/floss --path "test/*.js"
Alernatively, within the package.json's' scripts:
{
"scripts": {
"test": "floss --path \"test/*.js\""
}
}
Open tests in an Electron window where test can can be debugged with debugger
and dev tools.
floss --path "test/*.js" --debug
Support can easily be added for writing tests in TypeScript using ts-node.
floss --path "test/*.ts" --require ts-node/register
Floss supports nyc
. To use it, just use floss as you would mocha:
nyc floss --path "test/*.js"
Can use the same reporter options as the API mentioned above. The reporterOptions
are expressed as a querystring, for instance varname=foo&another=bar
.
floss --path "test/*.js" \
--reporter=xunit \
--reporterOptions output=report.xml
Supports passing additional arguments to Electron after --
.
floss --path "test/*.js" -- --autoplay-policy=no-user-gesture-required
Some application may require a specific version of Electron. Floss uses Electron 10.0.0+, but you can specific the path to your own version. The custom version can be used either through the commandline argument --electron
, by setting the Node environmental variable ELECTRON_PATH
or by setting the run option electron
.
floss --path "test/.js" \
--electron /usr/local/bin/electron
ELECTRON_PATH=/usr/local/bin/electron floss --path "test/*.js"
name: Node.js CI
on:
push:
branches: [ '**' ]
tags: [ '**' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: '12'
- run: npm install
- uses: GabrielBB/xvfb-action@v1.0
with:
run: npm test
FAQs
Unit-testing for those hard to reach places
We found that floss demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.