Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Rewire is a testing utility for Node.js that allows you to modify the behavior of a module by overriding its private variables and functions. This is particularly useful for unit testing, as it enables you to test private functions and mock dependencies.
Accessing Private Variables
This feature allows you to access private variables within a module. In the code sample, `privateVar` is a private variable in `myModule` that is accessed using `__get__`.
const rewire = require('rewire');
const myModule = rewire('./myModule');
const privateVar = myModule.__get__('privateVar');
console.log(privateVar);
Mocking Private Functions
This feature allows you to mock private functions within a module. In the code sample, `privateFunction` is a private function in `myModule` that is mocked using `__set__`.
const rewire = require('rewire');
const myModule = rewire('./myModule');
myModule.__set__('privateFunction', function() { return 'mocked'; });
console.log(myModule.somePublicFunction());
Mocking Dependencies
This feature allows you to mock dependencies of a module. In the code sample, `dependency` is a dependency of `myModule` that is mocked using `__set__`.
const rewire = require('rewire');
const myModule = rewire('./myModule');
myModule.__set__('dependency', { someMethod: () => 'mocked' });
console.log(myModule.somePublicFunction());
Proxyquire is a module that allows you to override dependencies during testing. Unlike Rewire, which focuses on accessing and modifying private variables and functions, Proxyquire is more about replacing entire dependencies with mocks or stubs.
Sinon is a testing library that provides standalone test spies, stubs, and mocks. While it doesn't allow you to access private variables directly like Rewire, it is very powerful for creating mocks and stubs for functions and objects.
Testdouble is a library for creating test doubles (mocks, stubs, etc.). It focuses on providing a clean and simple API for creating test doubles, but it doesn't provide the ability to access or modify private variables like Rewire.
Easy monkey-patching for node.js unit tests
rewire adds a special setter and getter to modules so you can modify their behaviour for better unit testing. You may
process
Please note: The current version of rewire is only compatible with CommonJS modules. See Limitations.
npm install rewire
Imagine you want to test this module:
// lib/myModule.js
// With rewire you can change all these variables
var fs = require("fs"),
path = "/somewhere/on/the/disk";
function readSomethingFromFileSystem(cb) {
console.log("Reading from file system ...");
fs.readFile(path, "utf8", cb);
}
exports.readSomethingFromFileSystem = readSomethingFromFileSystem;
Now within your test module:
// test/myModule.test.js
var rewire = require("rewire");
var myModule = rewire("../lib/myModule.js");
rewire acts exactly like require. With just one difference: Your module will now export a special setter and getter for private variables.
myModule.__set__("path", "/dev/null");
myModule.__get__("path"); // = '/dev/null'
This allows you to mock everything in the top-level scope of the module, like the fs module for example. Just pass the variable name as first parameter and your mock as second.
var fsMock = {
readFile: function (path, encoding, cb) {
expect(path).to.equal("/somewhere/on/the/disk");
cb(null, "Success!");
}
};
myModule.__set__("fs", fsMock);
myModule.readSomethingFromFileSystem(function (err, data) {
console.log(data); // = Success!
});
You can also set multiple variables with one call.
myModule.__set__({
fs: fsMock,
path: "/dev/null"
});
You may also override globals. These changes are only within the module, so you don't have to be concerned that other modules are influenced by your mock.
myModule.__set__({
console: {
log: function () { /* be quiet */ }
},
process: {
argv: ["testArg1", "testArg2"]
}
});
__set__
returns a function which reverts the changes introduced by this particular __set__
call
var revert = myModule.__set__("port", 3000);
// port is now 3000
revert();
// port is now the previous value
For your convenience you can also use the __with__
method which reverts the given changes after it finished.
myModule.__with__({
port: 3000
})(function () {
// within this function port is 3000
});
// now port is the previous value again
The __with__
method is also aware of promises. If a thenable is returned all changes stay until the promise has either been resolved or rejected.
myModule.__with__({
port: 3000
})(function () {
return new Promise(...);
}).then(function () {
// now port is the previous value again
});
// port is still 3000 here because the promise hasn't been resolved yet
Babel's ES module emulation
During the transpilation step from ESM to CJS modules, Babel renames internal variables. Rewire will not work in these cases (see #62). Other Babel transforms, however, should be fine. Another solution might be switching to babel-plugin-rewire.
Variables inside functions
Variables inside functions can not be changed by rewire. This is constrained by the language.
// myModule.js
(function () {
// Can't be changed by rewire
var someVariable;
})()
Modules that export primitives
rewire is not able to attach the __set__
- and __get__
-method if your module is just exporting a primitive. Rewiring does not work in this case.
// Will throw an error if it's loaded with rewire()
module.exports = 2;
Globals with invalid variable names
rewire imports global variables into the local scope by prepending a list of var
declarations:
var someGlobalVar = global.someGlobalVar;
If someGlobalVar
is not a valid variable name, rewire just ignores it. In this case you're not able to override the global variable locally.
Special globals
Please be aware that you can't rewire eval()
or the global object itself.
Returns a rewired version of the module found at filename
. Use rewire()
exactly like require()
.
Sets the internal variable name
to the given value
. Returns a function which can be called to revert the change.
Takes all enumerable keys of obj
as variable names and sets the values respectively. Returns a function which can be called to revert the change.
Returns the private variable with the given name
.
Returns a function which - when being called - sets obj
, executes the given callback
and reverts obj
. If callback
returns a promise, obj
is only reverted after the promise has been resolved or rejected. For your convenience the returned function passes the received promise through.
Difference to require()
Every call of rewire() executes the module again and returns a fresh instance.
rewire("./myModule.js") === rewire("./myModule.js"); // = false
This can especially be a problem if the module is not idempotent like mongoose models.
Globals are imported into the module's scope at the time of rewiring
Since rewire imports all gobals into the module's scope at the time of rewiring, property changes on the global
object after that are not recognized anymore. This is a problem when using sinon's fake timers after you've called rewire()
.
Dot notation
Although it is possible to use dot notation when calling __set__
, it is strongly discouraged in most cases. For instance, writing myModule.__set__("console.log", fn)
is effectively the same as just writing console.log = fn
. It would be better to write:
myModule.__set__("console", {
log: function () {}
});
This replaces console
just inside myModule
. That is, because rewire is using eval()
to turn the key expression into an assignment. Hence, calling myModule.__set__("console.log", fn)
modifies the log
function on the global console
object.
See rewire-webpack
MIT
7.0.0
FAQs
Easy dependency injection for node.js unit testing
The npm package rewire receives a total of 340,684 weekly downloads. As such, rewire popularity was classified as popular.
We found that rewire demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.