Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
By Sarah Gooding - Jan 09, 2026
Synopsis
Thin request wrapper that enables powerful and intuitive API testing.
Features
- Intuitive and consistent API
- Built-in and custom expectations
- Support for custom parsers and serializers
- Easy to extend
- Middlewares
- Works great with any test runner
Examples
var api = require('hippie');
Hello world
hippie()
.header("User-Agent", "hippie")
.json()
.get('https://api.github.com/users/vesln')
.expectStatus(200)
.end(function(err, res, body) {
if (err) throw err;
});
Expectations
hippie()
.json()
.base('http://localhost:1234')
.get('/users/vesln')
.expectStatus(200)
.expectHeader('Content-Type', 'application/json; charset=utf-8')
.expectKey('username')
.expectValue('username', 'vesln')
.expectValue('repos[0].name', 'jsmd')
.expectBody({
username: 'vesln',
repos: [
{ name: 'jsmd' },
{ name: 'hippie' },
]
})
.expectBody(/vesln/g)
.end(function(err, res, body) {
if (err) throw err;
process.exit(0);
});
Middlewares
hippie()
.json()
.use(function(options, next) {
// modify the options for `request` here
next(options);
})
.get('https://api.github.com/users/vesln')
.end(function(err, res, body) {
if (err) throw err;
});
With middlewares you can modify the options passed to request. Here is an
example how you could persist the cookies across multiple requests:
hippie(app)
.get('/')
.use(persistCookies)
.end(function() {});
function persistCookies(opts, next) {
opts.jar = true;
next(opts);
}
Serializers and parsers
var xml = require('my-xml-library');
hippie()
.serializer(function(params, fn) {
var err = new Error('Things went wrong');
var res = xml.objectToXml(params);
fn(err, res);
})
.parser(function(body, fn) {
var err = new Error('Things went wrong');
var res = xml.xmlToObject(body);
fn(err, res);
})
.get('https://api.github.com/users/vesln.xml')
.expectStatus(200)
.end(function(err, res, body) {
if (err) throw err;
});
AssertionError configurations
Similar to Chai.js and other frameworks, you can enable showDiff.
var hippie = require('hippie');
hippie.assert.showDiff = true;
DRY
Since most of the time your test setup is going to be the same, you can simply create a helper function for your tests that will take care of the repetitive setup:
var hippie = require('hippie');
function api() {
return hippie()
.json()
.serializer(customSerializer)
.parser(customParser)
.use(somethingSpecial)
.base('http://localhost:3000/api/v1')
.auth('user', 'pass')
.expect(somethingRepeatable);
}
Later on:
test('my awesome api', function(done) {
api()
.get('/users')
.expectStatus(200)
.end();
});
API
#timeout
Configure a timeout for the HTTP request.
hippie()
.timeout(1000)
.end(fn);
#time
Configure response time logging for the HTTP request.
hippie()
.time(true)
.end(function(err, res, body) {
console.log('Response elapsed time: ', res.elapsedTime);
});
#qs
Convert an object to query string values:
hippie()
.qs({ foo: 'bar' })
.end(fn);
#base
Configure a base URL, useful when testing the same API endpoint.
hippie()
.base('https://api.github.com')
.get('/users/vesln')
.end(fn);
#url
Set the URL for the HTTP request. Used internally by get, put etc. and
it should be used in combination with method.
hippie()
.url('https://api.github.com')
.method('GET')
.end(fn);
#method
Configure the HTTP method. Used internally by get, put etc.
hippie()
.url('https://api.github.com')
.method('OPTIONS')
.end(fn);
#header
Set a request header.
hippie()
.header('Content-Type', 'application/json')
.send({ some: 'data' })
.end(fn);
#json
Helper method for:
- Content-Type: application/json
- Accept: application/json
- Serializer: json
- Parser: json
hippie()
.json()
.get('https://github.com/vesln.json', fn);
#form
Helper method for:
- Content-Type: application/x-www-form-urlencoded
- Serializer: urlencoded
hippie()
.form()
.patch('https://api.mindbloom.com/users/vesln')
.send({ timezone: 'UTC' })
.end();
#serializer
Configure a request body serializer.
hippie()
.serializer(function(params, fn) {
var err = new Error('Things went wrong');
var res = xml.objectToXml(params);
fn(err, res);
});
#parser
Configure a response body parser.
hippie()
.parser(function(body, fn) {
var err = new Error('Things went wrong');
var res = xml.xmlToObject(body);
fn(err, res);
});
#send
Set request body.
hippie()
.json()
.patch('https://api.mindbloom.com/users/vesln')
.send({ timezone: 'UTC' })
.end();
#auth
Set Basic Auth credentials.
hippie()
.auth('user', 'password')
.patch('https://api.mindbloom.com/users/vesln')
.send({ timezone: 'UTC' })
.end();
#use
Register a middleware that will be executed before the HTTP request.
hippie()
.json()
.use(function(options, next) {
// modify the options for `request` here
// do other suff
next(options);
})
.get('https://api.github.com/users/vesln')
.end(fn);
For example, you can provide a client certificate with your request like so:
var fs = require('fs');
hippie()
.json()
.use(function(options, next) {
options.agentOptions = {
cert: fs.readFileSync('client.crt'),
key: fs.readFileSync('client.key')
};
// Assuming you self-signed the CA
options.strictSSL = false;
next(options);
})
.get('https://localhost:8080/api/some-api-url')
.end(fn);
#get, #del, #post, #put, #patch, #head
Helper method for:
- Method:
method - URL:
url - End:
fn[optional]
hippie()
.get('https://api.github.com/users/vesln')
.end(fn);
Or if you want to execute the test immediately:
hippie()
.get('https://api.github.com/users/vesln', fn);
#expectStatusCode, #expectStatus, #expectCode
Set a response status code expectation.
hippie()
.json()
.get('https://api.github.com/users/vesln')
.expectStatus(200)
.end(fn);
#expectHeader
Set a response header expectation.
hippie()
.json()
.get('https://api.github.com/users/vesln')
.expectHeader('Content-Type', 'application/json; charset=utf-8')
.expectHeader('X-API-LIMIT', 3)
.end(fn);
#expectValue
Register a string path expectation.
hippie()
.json()
.get('https://api.github.com/users/vesln')
.expectValue('details.company', 'Awesome.io')
.expectValue('repos[0].name', 'hippie')
.end(fn);
For more information about string paths visit pathval.
#expectKey
Register a string path expectation for a given key.
hippie()
.json()
.get('https://api.github.com/users/vesln')
.expectKey('details.company')
.expectKey('repos[0].name')
.end(fn);
For more information about string paths visit pathval.
#expectBody
Strict expectations:
hippie()
.get('https://api.github.com/users/vesln')
.expectBody('{ "username": "vesln" }')
.end(fn);
Regular expression expectations:
hippie()
.get('https://api.github.com/users/vesln')
.expectBody(/vesln/)
.end(fn);
Object/array expectations:
hippie()
.get('https://api.github.com/users/vesln')
.expectBody({ username: 'vesln' })
.end(fn);
#expect
Register a custom expectation.
hippie()
.get('https://api.github.com/users/vesln')
.expect(function(res, body, next) {
var err = assertSomething;
next(err);
})
.end(fn);
#end
Execute the HTTP request and the tests.
hippie()
.json()
.get('https://api.github.com/users/vesln')
.expectValue('details.company', 'Awesome.io')
.expectValue('repos[0].name', 'hippie')
.end(fn);
When no callback is provided, end() returns a promise.
hippie()
.json()
.get('https://api.github.com/users/vesln')
.expectValue('details.company', 'Awesome.io')
.expectValue('repos[0].name', 'hippie')
.end()
.then(function(res) {
console.log(res);
})
.catch(function(err) {
console.error(err);
});
#app
Fire up an HTTP app and set its address as a base URL.
Also works with HTTP handler functions function(req res){}.
hippie(expressApp)
.get('/')
.end(fn);
hippie()
.app(function(req, res) {
res.end('Bye');
})
.get('/')
.end(fn);
Installation
npm install hippie
Tests
Running the tests
$ npm test
Test coverage
$ npm run-script coverage
Alternative projects
License
(The MIT License)
Copyright (c) 2013 Veselin Todorov hi@vesln.com
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Simple end-to-end API testing
The npm package hippie receives a total of 316 weekly downloads. As such, hippie popularity was classified as not popular.
We found that hippie demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 28 Jul 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
By Sarah Gooding - Jan 08, 2026
Security News
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
By Sarah Gooding - Jan 08, 2026