Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
io-ts-fuzzer
Advanced tools
io-ts-fuzzer
lets you generate examples of a given
io-ts
type.
Please note: API elements marked @experimental
may be changed in breaking ways
(including removal) without a major version release. Don't use such APIs if
that's not acceptable for you.
After yarn add fp-ts io-ts io-ts-fuzzer
...
import * as t from 'io-ts';
import * as fuzz from 'io-ts-fuzzer';
// Fuzzers for common types
const r = fuzz.createCoreRegistry();
// Type to fuzz
const target = t.union([t.string, t.type({ n: t.number, b: t.boolean })]);
// Builds a particular fuzzer from the registry.
const fuzzer = fuzz.exampleGenerator(r, target);
// Make examples. The input number and context
// fully determines the output example.
for (const n of new Array(10).keys()) {
console.log(JSON.stringify(fuzzer.encode([n, fuzz.fuzzContext()])));
}
See examples/quickstart/index.ts.
Currently supports (along with their closure under composition):
t.array
t.boolean
t.exact
t.Int
t.intersection
t.keyof
t.literal
t.null
t.number
t.partial
t.readonly
t.readonlyArray
t.recursive
t.string
t.tuple
t.type
(interface)t.undefined
t.union
t.unknown
t.UnknownArray
t.void
If you yarn add monocle-ts io-ts-types
and register the
io-ts-types
extra fuzzers via
r.register(...await loadIoTsTypesFuzzers())
, the following additional types
will be supported:
date
BooleanFromString
DateFromISOString
DateFromNumber
DateFromUnixTime
IntFromString
NonEmptyString
NumberFromString
UUID
regexp
The following io-ts-types
are composed of core types and you do not need to
loadIoTsTypesFuzzers
to fuzz them:
either
option
Given a d = t.Decoder<I,A>
(aka a t.Type
), fuzz.exampleGenerator
will
build a t.Encoder<[number,FuzzContext],I>
that will give example instances of
I
. The example instances should all pass on d.decode
(which should return an
identical example in the case of basic types). No exceptions should be thrown.
The FluentRegistry
interface lets you easily configure certain core fuzzers,
currently:
array
, readonlyArray
, UnknownArray
)partial
and type
(interface) objectsunknown
typesWhen fuzzing recursive types, you can provide to the context a
maxRecursionHint
which specifies the requested maximum instantiations of any
recursive type in a single path. Note that this is the maximum depth of
recursive types, not all types. If the recursive depth has been reached,
fuzzers that have a choice of which child(ren) to instantiate (like unions,
partials, or arrays) will attempt to choose children that won't recurse.
Note this is only a hint -- sometimes the type definition won't allow the fuzzer to choose such a non-recursive path (and you'll get a stack limit error when attempting to generate the actual example from the generator).
TODO
TODO
Read the LICENSE for details.
The entire NOTICE file serves as the NOTICE that must be included
under Section 4d of the License.
# io-ts-fuzzer
This product contains software originally developed by Holvonix LLC.
Original Repository: https://github.com/holvonix-open/io-ts-fuzzer
Copyright (c) 2019 Holvonix LLC. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this software except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Third-party dependencies may have their own licenses.
4.0.1 (2019-08-10)
FAQs
Fuzzing for io-ts codecs and types
The npm package io-ts-fuzzer receives a total of 1 weekly downloads. As such, io-ts-fuzzer popularity was classified as not popular.
We found that io-ts-fuzzer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.