![Maven Central Adds Sigstore Signature Validation](https://cdn.sanity.io/images/cgdhsj6q/production/7da3bc8a946cfb5df15d7fcf49767faedc72b483-1024x1024.webp?w=400&fit=max&auto=format)
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
inductive.js
Advanced tools
This is an experimental library which uses unit tests to autogenerate working code.
Example:
specify('myFunc',
given(2, shouldReturn(4)),
given(3, shouldReturn(9)),
use('*'));
/* This code is autogenerated:
function myFunc(arg0) {
return (arg0 * arg0)
}
*/
As the unit tests change, the output code automatically changes:
specify('myFunc',
given(2, shouldReturn(8)), // 4 changed to 8
given(3, shouldReturn(27)), // 9 changed to 27
use('*'))
/* This code is autogenerated:
function myFunc(arg0) {
return (arg0 * (arg0 * arg0))
}
*/
It works by doing a breadth-first, brute force search over strongly typed abstract syntax trees and returns the first one that satisfies the unit tests.
The use
function gives inductive.js building blocks to choose from
as it searches for a solution.
In this case we've given it the multiplication operator.
It combines these building blocks
with the function's arguments
to create candidate test programs.
Ideally, we wouldn't need a use
function,
but the search space of all possible JavaScript programs
is too large to be practical.
Still, even with this limitation, inductive.js has benefits over conventional unit tests:
We only need to write and maintain one version of the code, instead of having to simultaneously update code and tests whenever we make a change.
Inductively generated code is generally more reliable because we have a programmatic guarantee that we haven't included code that isn't related to a test.
Inductive.js can handle non-toy problems as well. For example, I/O operations like AJAX are handled using mocks. Additionally, specifications are composable, so inductive.js can generate programs of any size or complexity.
The main value of inductive.js is software verification. The solver uses a strong type system that all programs runs through as they are generated.
Additionally, inductive.js code is immutable by default, which decreases the likelihood of software errors.
Finally, all code is tied programmatically to unit tests. This provides a much stronger guarantee than conventionally-tested code.
First:
npm install inductive.js
Then create a file called helloworld.i.js:
// Load the DSL:
require('inductive.js').globals()
// Specify our program:
var helloWorld = specify('helloWorld',
givenNoArgs(
shouldReturn(undefined),
mock('console.log',
verify('hello world'))),
use(
'console.log',
value('hello world')))
run(helloWorld)
// Generate the .js file:
saveAll()
Run the spec:
node helloworld.i.js
This autogenerates the code:
function helloWorld() {
return console.log('hello world');
}
helloWorld();
We can now run the auto-generated program:
node helloworld.js
Docs are forthcoming.
In the meantime, the testSolves.i.js
file contains many examples.
The buildingBlocks.js
file contains the default list of building blocks
that you can include with the use
command.
MIT
FAQs
Inductive programming for JavaScript
The npm package inductive.js receives a total of 0 weekly downloads. As such, inductive.js popularity was classified as not popular.
We found that inductive.js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.