Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
html-normalizer
Advanced tools
Used to normalize html and jsx to strings so they can be used in assertions.
npm install html-normalizer
Normalizer is designed to help write DOM tests; specifically DOM assertions. Here is an example of HTML requires test coverage.
<div id="testElement"
class='some-class'
style='display: none; background: red'>
<span>Bob</span>
</div>
There are several assertion libraries with matchers designed to inspect DOM elements. Those assertions may look like this:
var dom = document.getElementById("testElement");
expect(dom).toHaveClass("some-class");
expect(dom.children.length).toEqual(1);
expect(dom).toHaveText("Bob");
expect(dom).toBeHidden();
Overtime this becomes difficult to read. Especially when testing large DOM trees. Here is an alternate approach:
var dom = document.getElementById("testElement");
var expectedNode = document.createElement("div");
expectedHTML = "<div style='background: red; display: none' class='some-class'>";
expectedHTML += "<span>Bob</span>";
expectedHTML += "</div>";
expectedNode.innerHTML = expectedHTML;
expect(dom.isNodeEqual(expectedNode)).toBeTruthy();
The test works, but when it fails it's helpful to know how the nodes differ. Here is yet another approach:
var dom = document.getElementById("testElement");
var expectedHTML = "<div style='background: red; display: none' class='some-class'>";
expectedHTML += "<span>Bob</span>";
expectedHTML += "</div>";
expect(dom.outerHTML).toEqual(expectedHTML);
The HTML is equal, but the test still fails since the HTML strings differ. The style and the class properties are in different order. Changing expectedHTML
to match dom.outerHTML
fixes the test, but this solution seems brittle. Furthermore it may be unnecessary to test certain properties and style attributes.
Here is the same test written with Normalizer:
var Normalizer = require("html-normalizer");
var normalizer = new Normalizer();
var dom = document.getElementById("testElement");
var expectedHTML = "<div style='display: none' class='some-class'>";
expectedHTML += "<span>Bob</span>";
expectedHTML += "</div>";
var actual = normalizer.domNode(dom); //method to normalize a DOM node
var expected = = normalizer.domString(dom); //method to normalize a DOM string
expect(actual).toEqual(expected);
Concatenating HTML strings is no fun. Normalizer works with JSX! Non React projects can still leverage Normalizer for testing.
Behold the same test written with JSX and Normalizer:
var Normalizer = require("html-normalizer");
var normalizer = new Normalizer();
var dom = document.getElementById("testElement");
var expectedHTML = (
<div style={{display: 'none'}} className='some-class'>
<span>Bob</span>
</div>
);
var actual = normalizer.domNode(dom); //method to normalize a DOM node
var expected = = normalizer.reactComponent(expectedHTML); //method to normalize a JSX component
expect(actual).toEqual(expected);
Normalizer's constructor Normalizer({})
takes an optional hash with the following optional properties:
["style", "class"]
["display"]
null
.NOTE: For all options use null to include all; use an empty array to include none. For example the Normalizer({attributes: null, styles: null, classNames: null})
will compare all attributes, styles and classes. Normalizer({attributes: [], styles: [], classNames: []})
will only compare the DOM nodes and ignore all attributes, styles and classes.
Normalizer can return a normalized HTML string for 4 types of input (HTML string, DOM node, ReactView and ReactElement).
normalizer.normalize(string|domNode|reactView|reactElement)
The majority of tests written with this util will be functional in nature. There is no substitute for unit tests. Like doughnuts, please use Normalizer in moderation.
Normalizer is best used with a test runner that reports inline string diffs; similar to what a good source control file diff viewer reports.
This util is very useful for adding functional test coverage to legacy code. To start:
FAQs
Used to normalize html and jsx to strings so they can be used in assertions.
The npm package html-normalizer receives a total of 30 weekly downloads. As such, html-normalizer popularity was classified as not popular.
We found that html-normalizer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.