![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
sinon
Advanced tools
Package description
Sinon is a testing utility that provides functions for spies, stubs, and mocks, which are essential for behavior-driven development and testing in JavaScript. It works with any unit testing framework and is widely used for its versatile API and comprehensive feature set.
Spies
Spies are functions that record their usage, such as how many times they were called, with what arguments, and what was returned. They can be used to wrap existing functions to add this tracking ability.
const sinon = require('sinon');
const myFunction = sinon.spy();
myFunction('Hello', 'World');
console.log(myFunction.calledOnce); // true
Stubs
Stubs are like spies, but they can replace the target function's behavior, either by returning a specific value or by throwing an exception. They are useful for controlling a function's behavior in a test.
const sinon = require('sinon');
const myObj = { myMethod: () => 'original' };
const stub = sinon.stub(myObj, 'myMethod').returns('stubbed');
console.log(myObj.myMethod()); // 'stubbed'
Mocks
Mocks are fake methods (like stubs) with pre-programmed behavior and expectations. They are used to assert that certain methods are called in certain ways.
const sinon = require('sinon');
const myObj = { myMethod: () => 'original' };
const mock = sinon.mock(myObj);
mock.expects('myMethod').once().returns('mocked');
console.log(myObj.myMethod()); // 'mocked'
mock.verify();
Jest is a complete testing framework that comes with spies, mocks, and stubs built-in. It is often compared to Sinon for its mocking capabilities, but Jest provides a more integrated experience with a test runner and assertion library included.
Testdouble.js (npm package 'testdouble') is a minimalistic testing library that provides a similar API to Sinon for creating test doubles like stubs, mocks, and spies. It focuses on providing a more user-friendly experience with better error messages and simpler APIs.
Chai-spies is a plugin for the Chai assertion library that adds spy capabilities. While it doesn't offer as comprehensive a set of features as Sinon, it integrates well with Chai for developers who prefer that assertion style.
Changelog
17.0.0
11a8e3f2
Remove Proxyquire as it did not handle newer syntax (Carl-Erik Kopseng)ec37d634
Drop Node 16, as it is out of maintenance (Carl-Erik Kopseng)75e2b691
Upgrade fake-timers@11.2.2: new Intl mirroring and bugfixes (Carl-Erik Kopseng)Released by Carl-Erik Kopseng on 2023-10-20.
Readme
Standalone and test framework agnostic JavaScript test spies, stubs and mocks (pronounced "sigh-non", named after Sinon, the warrior).
For details on compatibility and browser support, please see COMPATIBILITY.md
via npm
$ npm install sinon
or via sinon's browser builds available for download on the homepage. There are also npm based CDNs one can use.
See the sinon project homepage for documentation on usage.
If you have questions that are not covered by the documentation, you can check out the sinon
tag on Stack Overflow or drop by #sinon.js on irc.freenode.net:6667.
You can also search through the Sinon.JS mailing list archives.
See CONTRIBUTING.md for details on how you can contribute to Sinon.JS
Thank you to all our backers! 🙏 [Become a backer]
Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
Sinon.js was released under BSD-3
FAQs
JavaScript test spies, stubs and mocks.
The npm package sinon receives a total of 4,759,915 weekly downloads. As such, sinon popularity was classified as popular.
We found that sinon demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.