Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
q-supertest
Advanced tools
q-supertest
q-supertest supercharges SuperTest with a then method, that returns Q promise.
Instead of layering callbacks on callbacks in your tests:
request(app)
.get("/user")
.expect(200, function (err, res) {
if (err) return done(err);
var userId = res.body.id;
request(app)
.post("/kittens")
.send({ userId: userId, ... })
.expect(201, function (err, res) {
if (err) return done(err);
// ...
});
});
chain your requests like you were promised:
return request(app)
.get("/user")
.expect(200)
.then(function (res) {
return request(app)
.post("/kittens")
.send({ userId: res})
.expect(201);
})
.then(function (res) {
// ...
});
Usage
q-supertest operates just like normal SuperTest, except that the
object returned by .get, .post, etc. is a proper
thenable:
var express = require("express")
, request = require("q-supertest");
var app = express();
request(app)
.get("/kittens")
.expect(200)
.then(function (res) {
// ...
});
If you use a promise-friendly test runner, you can just
return your request chain from the test case rather than messing with a
callback:
describe("GET /kittens", function () {
it("should work", function () {
return request(app).get("/kittens").expect(200);
});
});
Agents
If you use a SuperTest agent to persist cookies, those are thenable too:
var agent = require("q-supertest").agent(app);
agent
.get("/ugly-kitteh")
.expect(404)
.then(function () {
// ...
})
Promisey goodness
To start, only the then method is exposed. But once you've called .then
once, you've got a proper Q promise that supports the whole gamut of
promisey goodness:
request(app)
.get("/kittens")
.expect(201)
.then(function (res) { /* ... */ })
// I'm a real promise now!
.catch(function (err) { /* ... */ })
See the Q API for everything that's available.
Installation
Node
$ npm install q-supertest
q-supertest lists supertest as a
peer dependency, so it'll wrap whatever version of SuperTest
you've asked for in your own package.json. If you don't specify a version of
SuperTest, npm will use the latest.
Do note that q-supertest is a well-behaved citizen and doesn't monkey-patch
SuperTest directly:
// I return thenables!
var request = require("q-supertest");
// I'm lame and force you to use callbacks
var request = require("supertest");
FAQs
Supercharge supertest with the Q promise interface
We found that q-supertest demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 May 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025
Security News
npm Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps
GitHub has revoked npm classic tokens for publishing; maintainers must migrate, but OpenJS warns OIDC trusted publishing still has risky gaps for critical projects.
By Sarah Gooding -  Dec 10, 2025