Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
mocha-jshint
Advanced tools
Run jshint as Mocha tests.
To install in your node.js project as devDependency, run this command, in the root of your project
npm install mocha-jshint --save-dev
Mocha defaults to looking for your test specs in the test
folder of your project.
Add this file as test/jshint.spec.js
in your project, with the following content:
require('mocha-jshint')();
That is it you are done.
To grep only the jshint test, just do
mocha --grep jshint
If you are using git as version control you can do the following in your test:
require('mocha-jshint')({
git: {
modified: true,
commits: 2,
exec: {
maxBuffer: 20*1024*1024
}
}
});
This means that jshint will only lint the files that are modified on disk according to git, and the files modified in the last two git commits.
There is also the masterDiff
option:
require('mocha-jshint')({
git: {
modified: true,
commits: 2,
masterDiff:true
}
});
This means that if we are on any other branch than master
, only the files changed compared to the master
branch
will be linted.
If we are on the master
branch, only the files that are modified on disk according to git, and the files modified in the last
two git commits will be linted.
Normally I would recommend configuring what to lint with .jshintignore
described in
configuring jshint.
And just lint the working directory.
But if you want to specify specific paths to lint, you can do the following in your test:
require('mocha-jshint')({
paths: [
'/some/path/',
'/some/other/path'
]
});
Each path may be either a file path or a directory path, and should yield a valid file or directory when passed
through path.resolve()
. Each path listed in the array will be linted on a separate test.
The default name for the test suite generated by mocha-jshint is jshint, but it may be overridden in the following manner:
require('mocha-jshint')({
title: 'My custom test suite name'
});
For pretty-printed output, with errors grouped by filename, enable the pretty
option:
require('mocha-jshint')({
pretty: true
});
Sample output:
$ npm test
1) jshint should pass for working directory:
Found 3 jshint error(s) in 2 file(s):
/tmp/abc.js
1:1 Missing semicolon. (W033)
18:0 Identifier 'good_times' is not in camel case. (W106)
/tmp/xyz.js
3:5 '_' is defined but never used. (W098)
In the root of your project you can add a .jshintignore
file, where each line is a file or directory for jshint to ignore
and not check for errors. (see this project for an example)
At the root of your project you can add a .jshintrc
file, that specifies what options you want jshint to run with
(see this project for an example)
You can also add a .jshintrc
file to any subdirectory of your project, to override the .jshintrc settings in the root.
For example in this project I allow some global variables in the test
folder. Global variables that are set when I
run mocha tests. Global variables that are only allowed to be used, in the .js files in the test folder
This module was created to:
2.2: Added paths
and title
options.
2.1: Added git masterDiff
option.
2.0: Added git features. Removed old undocumented paths feature.
MIT
FAQs
run JSHint as mocha tests
The npm package mocha-jshint receives a total of 355 weekly downloads. As such, mocha-jshint popularity was classified as not popular.
We found that mocha-jshint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.