Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
node-mocks-http
Advanced tools
Mock 'http' objects for testing Express, Next.js and Koa routing functions
The node-mocks-http package is a tool for creating mock HTTP objects for testing purposes in Node.js applications. It allows developers to simulate HTTP requests and responses, making it easier to test Express.js middleware and route handlers without needing a real HTTP server.
Mocking HTTP Requests
This feature allows you to create a mock HTTP request object. You can specify the method, URL, and parameters to simulate different types of requests.
const httpMocks = require('node-mocks-http');
const request = httpMocks.createRequest({
method: 'GET',
url: '/user/42',
params: {
id: '42'
}
});
console.log(request.method); // 'GET'
console.log(request.url); // '/user/42'
console.log(request.params.id); // '42'
Mocking HTTP Responses
This feature allows you to create a mock HTTP response object. You can set the status code and send data, and then inspect the response to verify its properties.
const httpMocks = require('node-mocks-http');
const response = httpMocks.createResponse();
response.status(200).send('OK');
console.log(response._getStatusCode()); // 200
console.log(response._getData()); // 'OK'
Mocking HTTP Headers
This feature allows you to create a mock HTTP request with specific headers. You can then inspect the headers to ensure they are set correctly.
const httpMocks = require('node-mocks-http');
const request = httpMocks.createRequest({
headers: {
'content-type': 'application/json'
}
});
console.log(request.headers['content-type']); // 'application/json'
Mocking HTTP Cookies
This feature allows you to create a mock HTTP request with cookies. You can then inspect the cookies to ensure they are set correctly.
const httpMocks = require('node-mocks-http');
const request = httpMocks.createRequest({
cookies: {
token: '12345'
}
});
console.log(request.cookies.token); // '12345'
Supertest is a popular library for testing HTTP endpoints. It provides a high-level abstraction for testing HTTP, making it easy to send requests and assert responses. Unlike node-mocks-http, Supertest actually sends HTTP requests to a server, which can be useful for end-to-end testing.
Nock is a library for HTTP mocking and expectations. It allows you to intercept HTTP requests and provide predefined responses. Nock is more focused on mocking external HTTP requests, whereas node-mocks-http is more focused on creating mock request and response objects for internal testing.
Sinon is a versatile library for creating spies, stubs, and mocks. While it is not specifically designed for HTTP mocking, it can be used in conjunction with other libraries to mock HTTP requests and responses. Sinon provides more general-purpose mocking capabilities compared to node-mocks-http.
Mock 'http' objects for testing Express, Next.js and Koa routing functions,
but could be used for testing any Node.js web server applications that have code that requires mockups of the request
and response
objects.
This project is available as a NPM package.
$ npm install node-mocks-http --save-dev
$ npm install @types/node @types/express --save-dev # when using TypeScript
or
$ yarn add node-mocks-http --dev
$ yarn add @types/node @types/express --dev # when using TypeScript
After installing the package include the following in your test files:
const httpMocks = require('node-mocks-http');
Suppose you have the following Express route:
app.get('/user/:id', routeHandler);
And you have created a function to handle that route's call:
const routeHandler = function( request, response ) { ... };
You can easily test the routeHandler
function with some code like
this using the testing framework of your choice:
exports['routeHandler - Simple testing'] = function (test) {
const request = httpMocks.createRequest({
method: 'GET',
url: '/user/42',
params: {
id: 42
}
});
const response = httpMocks.createResponse();
routeHandler(request, response);
const data = response._getJSONData(); // short-hand for JSON.parse( response._getData() );
test.equal('Bob Dog', data.name);
test.equal(42, data.age);
test.equal('bob@dog.com', data.email);
test.equal(200, response.statusCode);
test.ok(response._isEndCalled());
test.ok(response._isJSON());
test.ok(response._isUTF8());
test.done();
};
The typings for TypeScript are bundled with this project. In particular, the .createRequest()
, .createResponse()
and .createMocks()
methods are typed and are generic. Unless specified explicitly, they will be return an Express-based request/response object:
it('should handle expressjs requests', () => {
const mockExpressRequest = httpMocks.createRequest({
method: 'GET',
url: '/user/42',
params: {
id: 42
}
});
const mockExpressResponse = httpMocks.createResponse();
routeHandler(request, response);
const data = response._getJSONData();
test.equal('Bob Dog', data.name);
test.equal(42, data.age);
test.equal('bob@dog.com', data.email);
test.equal(200, response.statusCode);
test.ok(response._isEndCalled());
test.ok(response._isJSON());
test.ok(response._isUTF8());
test.done();
});
The expected type parameter in the mock request and response expects any type that extends the NodeJS
http.IncomingRequest
interface or Fetch API Request
class. This means you can also mock requests
coming from other frameworks too. An example for NextJS request will look like this:
it('should handle nextjs requests', () => {
const mockExpressRequest = httpMocks.createRequest<NextApiRequest>({
method: 'GET',
url: '/user/42',
params: {
id: 42
}
});
const mockExpressResponse = httpMocks.createResponse<NextApiResponse>();
// ... the rest of the test as above.
});
It is also possible to mock requests from the NextJS new AppRouter:
it('should handle nextjs app reouter requests', () => {
const mockExpressRequest = httpMocks.createRequest<NextRequest>({
method: 'GET',
url: '/user/42',
params: {
id: 42
}
});
const mockExpressResponse = httpMocks.createResponse<NextResponse>();
// ... the rest of the test as above.
});
httpMocks.createRequest(options)
Where options is an object hash with any of the following values:
option | description | default value |
---|---|---|
method | request HTTP method | 'GET' |
url | request URL | '' |
originalUrl | request original URL | url |
baseUrl | request base URL | url |
path | request path | '' |
params | object hash with params | {} |
session | object hash with session values | undefined |
cookies | object hash with request cookies | {} |
socket | object hash with request socket | {} |
signedCookies | object hash with signed cookies | undefined |
headers | object hash with request headers | {} |
body | object hash with body | {} |
query | object hash with query values | {} |
files | object hash with values | {} |
The object returned from this function also supports the Express request functions (.accepts()
, .is()
, .get()
, .range()
, etc.). Please send a PR for any missing functions.
httpMocks.createResponse(options);
Where options is an object hash with any of the following values:
option | description | default value |
---|---|---|
locals | object that contains response local variables | {} |
eventEmitter | event emitter used by response object | mockEventEmitter |
writableStream | writable stream used by response object | mockWritableStream |
req | Request object being responded to | null |
NOTE: The out-of-the-box mock event emitter included with
node-mocks-http
is not a functional event emitter and as such does not actually emit events. If you wish to test your event handlers you will need to bring your own event emitter.
Here's an example:
const httpMocks = require('node-mocks-http');
const res = httpMocks.createResponse({
eventEmitter: require('events').EventEmitter
});
// ...
it('should do something', function(done) {
res.on('end', function() {
assert.equal(...);
done();
});
});
// ...
This is an example to send request body and trigger it's 'data' and 'end' events:
const httpMocks = require('node-mocks-http');
const req = httpMocks.createRequest();
const res = httpMocks.createResponse({
eventEmitter: require('events').EventEmitter
});
// ...
it('should do something', function (done) {
res.on('end', function () {
expect(response._getData()).to.equal('data sent in request');
done();
});
route(req, res);
req.send('data sent in request');
});
function route(req, res) {
let data = [];
req.on('data', (chunk) => {
data.push(chunk);
});
req.on('end', () => {
data = Buffer.concat(data);
res.write(data);
res.end();
});
}
// ...
httpMocks.createMocks(reqOptions, resOptions);
Merges createRequest
and createResponse
. Passes given options object to each
constructor. Returns an object with properties req
and res
.
We wanted some simple mocks without a large framework.
We also wanted the mocks to act like the original framework being mocked, but allow for setting of values before calling and inspecting of values after calling.
We are looking for more volunteers to bring value to this project, including the creation of more objects from the HTTP module.
This project doesn't address all features that must be mocked, but it is a good start. Feel free to send pull requests, and a member of the team will be timely in merging them.
If you wish to contribute please read our Contributing Guidelines.
Most releases fix bugs with our mocks or add features similar to the
actual Request
and Response
objects offered by Node.js and extended
by Express.
See the Release History for details.
Licensed under MIT.
v 1.16.1
FAQs
Mock 'http' objects for testing Express, Next.js and Koa routing functions
The npm package node-mocks-http receives a total of 1,256,954 weekly downloads. As such, node-mocks-http popularity was classified as popular.
We found that node-mocks-http demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.