Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
jest-plugin-must-assert
Advanced tools
jest-plugin-must-assert
A plugin extending the default Jest behavior to fail any tests which do not perform a runtime assertion.
Asynchronous tests could be challenging to get right, particulrary for junior developers or engineers new to async JavaScript. The most common mistake is an async test which does not fire any assertions, either due to logic or even syntax errors. Static analysis(linters) gets close to pointing out the issues, but is not enough to catch logic mistakes. For this, we require a runtime check that some assertion was ran during the test.
Jest, unfortunately, has no "failWithoutAssertions" configuration options, so this plugin aims to remedy that. The plugin patches the Jest API to force tests without any assertions to fail. In addition to failing tests without assertions this plugin also patches a bug in Jest which leads to assertions "leaking" accross different tests.
npm i -D jest-plugin-must-assert
For default behavior, add the plugin to your setup files.
...
setupFilesAfterEnv: ['jest-plugin-must-assert'],
...
You may also extend the default behavior with the following, manual configuration.
// <rootDir>/must-assert-setup.js
const patchJestAPI = require('jest-plugin-must-assert/manual');
patchJestAPI({
/**
* Control the task execution during a test. You may log a custom warning message
* from here, throw an error etc.
*
* Default: The default behavior is that mismatched testIds result in ignoring of the task
* and a warning message.
*
* @param {Object} options Options for the handler (see below)
*
* Options:
* @param {Number} originTestId The unique ID of the test where the task is oginating from
* @param {Number} currentTestId The unique ID of the currently executing test
* @param {String} testName The name of the test which triggered this event
* @param {String} taskType The type of task being invoked (micro/macro task)
* @param {String} taskSource The source of the taks ("promise.then", "setTimeout" etc)
* @param {Object} logger The logger object (defaults to console)
*
* @return {Boolean} true/false for whether or not the task should execute
*/
onInvokeTask(originTestId, currentTestId, log) {
return false;
}
/**
* Logger DI. Used by the internal methods to log warnings/errors. Should match console API.
*/
logger,
});
Then in your config file:
...
setupFilesAfterEnv: [
'<rootDir>/must-assert-setup'
],
...
There is some performance implications of using this plugin as it does add a bit of overhead, but from testing it's a trivial increase. This plugin has been tested within a project with 1600+ test suites and over 10k individual tests, with only a negligble slow-down.
FAQs
Jest plugin for async tests
The npm package jest-plugin-must-assert receives a total of 3,043 weekly downloads. As such, jest-plugin-must-assert popularity was classified as popular.
We found that jest-plugin-must-assert demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.