Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Mocha is a feature-rich JavaScript test framework running on Node.js and in the browser, making asynchronous testing simple and fun. Mocha tests run serially, allowing for flexible and accurate reporting, while mapping uncaught exceptions to the correct test cases.
Test Organization
Organize tests in suites and sub-suites using describe() and context(), and specify test cases using it().
"use strict";\nconst assert = require('assert');\ndescribe('Array', function() {\n describe('#indexOf()', function() {\n it('should return -1 when the value is not present', function() {\n assert.equal([1, 2, 3].indexOf(4), -1);\n });\n });\n});
Asynchronous Testing
Support for testing asynchronous code with ease, using callbacks, promises, or async/await.
"use strict";\nconst assert = require('assert');\ndescribe('User', function() {\n describe('#save()', function() {\n it('should save without error', function(done) {\n const user = new User('Luna');\n user.save(function(err) {\n if (err) done(err);\n else done();\n });\n });\n });\n});
Hooks
Lifecycle hooks such as before(), after(), beforeEach(), and afterEach() for setting up preconditions and clean-up after tests.
"use strict";\ndescribe('Connection', function() {\n before(function() {\n // runs once before the first test in this block\n });\n\n after(function() {\n // runs once after the last test in this block\n });\n\n beforeEach(function() {\n // runs before each test in this block\n });\n\n afterEach(function() {\n // runs after each test in this block\n });\n\n // test cases\n});
Jest is a delightful JavaScript Testing Framework with a focus on simplicity. It works out of the box for any React project and is often compared to Mocha for its comprehensive feature set including a built-in assertion library and mock functions.
Jasmine is a behavior-driven development framework for testing JavaScript code. It does not rely on browsers, DOM, or any JavaScript framework. Thus, it's suited for websites, Node.js projects, or anywhere that JavaScript can run. It's compared to Mocha for its clean syntax and testing capabilities.
AVA is a test runner for Node.js with a concise API, detailed error output, and process isolation that lets you develop with confidence. It is often compared to Mocha for its modern, concurrent testing features, but differs in its approach to running tests in parallel by default.
āļø Simple, flexible, fun JavaScript test framework for Node.js & The Browser āļø
Become a backer and show your support to our open source project on our site.
Does your company use Mocha? Ask your manager or marketing team if your company would be interested in supporting our project. Support will allow the maintainers to dedicate more time for maintenance and new features for everyone. Also, your company's logo will show on GitHub and on our site - who doesn't want a little extra exposure? Here's the info.
You might want to know that:
You might want to help:
Finally, come chat with the maintainers on Discord if you want to help with:
Copyright 2011-2024 OpenJS Foundation and contributors. Licensed MIT.
FAQs
simple, flexible, fun test framework
The npm package mocha receives a total of 8,951,859 weekly downloads. As such, mocha popularity was classified as popular.
We found that mocha demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Ā It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.