Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Simple yet powerful file-based mock server with recording abilities
Just drop a bunch of (JSON) files in a folder and you're ready to go!
smoke
get_api#hello.json
:
{
"message": "hello world!"
}
curl http://localhost:3000/api/hello
Smoke is a file-based, convention over configuration mock server that can fill your API mocking needs without any complex setup. Yet, it supports many advanced features and dynamic mocks for almost any situation:
npm install -g smoke
See some example mocks to quickly get a grasp of the syntax and possibilities.
CLI usage is quite straightforward you can just run smoke
unless you want to add some options:
Usage: smoke [<mocks_folder>] [options]
Base options:
-p, --port <num> Server port [default: 3000]
-h, --host <host> Server host [default: "localhost"]
-s, --set <name> Mocks set to use [default: none]
-n, --not-found <glob> Mocks for 404 errors [default: "404.*"]
-i, --ignore <glob> Files to ignore [default: none]
-k, --hooks <file> Middleware hooks [default: none]
-x, --proxy <host> Fallback proxy if no mock found
-l, --logs Enable server logs
-v, --version Show version
--help Show help
Mock recording:
-r, --record <host> Proxy & record requests if no mock found
-d, --depth <N> Folder depth for mocks [default: 1]
-a, --save-headers Save response headers
-q, --save-query Save query parameters
General format: methods_api#route#:routeParam$queryParam=value.__et.extension
The path and file name of the mock is used to determinate:
Optionally prefix your file by the HTTP method supported followed by an underscore (for example get_
).
You can specify multiple methods at once using a +
to separate them (for example post+put_
);
If no method is specified, the mock will be used for any HTTP method.
Use any combination of folders or hash-separated components to specify the server route.
For example api/example/get_hello.json
is equivalent to get_api#example#hello.json
and will repond to
GET api/example/hello
requests.
Additionaly, any route component can be defined as a route parameter by prefixing the name with :
, for example
api#resource#:id.json
will match GET api/resource/1
and expose 1
as the value for the id
parameter that can be
used in dynamic mocks (templates or JavaScript).
You can further discriminate mocks by adding query parameters to match after defining the route, using a $
(instead
of the regular ?
) like you would specify them in a request.
For example get_api#hello?who=john.json
will match the request api/get_hello?who=john.json
.
Multiple query parameters to match can be added with &
, for example get_api#hello?who=john&greet=hi.json
.
Any specified query parameter in the file name must be matched (in any order) by the request, but the opposite is not
needed.
Note that special characters must be URL-encoded, for example use get_api#hello?who=john%20doe.json
to set the
parameter who
with the value john doe
.
Tip: If you need to URL-encode a string, just run
node -p "encodeURIComponent('some string')"
in a terminal.
The file extension will determine the content type of the response if it's not already specified in a custom header.
Files with no extension will use the default MIME type application/octet-stream
.
You can have multiple mocks with the same API route and different file extensions, the server will then use the best
mock depending of the Accept
header of the
request.
You can optionally specify a mock set before the file extension by using a __set-name
suffix after the file name.
For example get_api#hello__error.json
will only be used if you start the server with the error
set enabled:
smoke --set error
.
If you do not specify a mock set on your file name, it will be considered as the default mock for the specified route and will be used as a fallback if no mock with this set matched.
If you add an underscore _
after the file extension, the mock will be processed as a template before being sent to
the client. Templates works only on text-based formats.
For example get_hello.html_
or get_hello.json_
will be treated as templates.
Every template can use an implicit context object that have these properties defined:
method
: the HTTP method of the request (ex: 'GET'
, 'POST'
)query
: map with query parameters that were part of the request URL. For example, matched URL
http://server/hello?who=world
will result in the query value: { who: 'world' }
.params
: map containing matched route parameters. For example the mock resource#:id.json
with the matched URL
http://server/resource/123
will result in the params value: { id: '123' }
.headers
: map containing request headersbody
: the request body. JSON bodies are automatically parsed.files
: if the request includes multipart/form-data
, this will be the array of uploaded files (see
multer documentation for more details){{ }}
interpolates data in place
For example, create get_hello.txt_ with this:
Hello {{query.name}}!
Then curl "http://localhost:3000/hello?name=John"
returns Hello John!
{{{ }}}
escapes HTML special chars from interpolated string
For example, create get_hello.html_ with this:
<h1>Hello {{{query.name}}}!</h1>
Then curl "http://localhost:3000/hello?name=%3CJack%26Jones%3E"
returns:
<h1>Hello <Jack&Jones>!</h1>
<{ }>
evaluates JavaScript to generate data
For example, create get_hello.html_ with this:
Hello to:
<ul>
<{ query.name.forEach(name => { }><li>{{name}}</li><{ }); }>
</ul>
Then curl "http://localhost:3000/hello?name=Jack&name=Jones"
returns:
Hello to:
<ul>
<li>Jack</li><li>Jones</li>
</ul>
By default all mocks responses are sent with a status code 200
(OK), or 204
(No content) if a mock file is empty.
You can customize the response status and (optionally) headers with JSON and JavaScript files, using this syntax:
{
"statusCode": 400,
"body": {
"error": "Bad request"
},
// headers can be omitted, only use if you want to customize them
"headers": {
"Content-Type": "text/plain"
}
}
You can also use non-string content type if you encode the content as a base64 string in the body
property and add
the property "buffer": true
to the mock:
{
"statusCode": 200,
"body": "U21va2Ugcm9ja3Mh",
"buffer": true,
"headers": {
"Content-Type": "application/octet-stream"
}
}
Any file format is supported for mocks, and the file extension will be used to determine the response content type.
Files with no extension will use the default MIME type application/octet-stream
.
Text formats (for example .json
, .html
, .txt
...) can be processed as templates by adding an
underscore to the file extension.
Note that JSON files and templates must use UTF-8
encoding.
In addition, you can define dynamic mocks using JavaScript by using the .js
extension, that will be loaded as a regular
Node.js module.
In that case, your JS module is expected to export a function that take an input data object with the same properties as for templates and must returns the response body or an object containing the status code, headers and body.
Example:
module.exports = (data) => `Your user agent is: ${data.headers['user-agent']}`;
Note that by default, JS mocks use application/json
for the response content type. If you want to use another type,
you must set the Content-Type
header yourself, for example:
module.exports = data => ({
statusCode: 200,
headers: {
'Content-Type': 'text/plain'
},
body: `Your user agent is: ${data.headers['user-agent']}`
});
If you want to override responses of an existing server, you can use the --proxy <host>
option. This will proxy
every request for which a mock does not exist to the specified host.
This can also be useful for mocking yet-to-be-implemented APIs and keep using real implemented APIs.
To quickly create a mock set of an existing server (to allow working offline for example), you can use the
--record <host>
option. This will proxy every request for which a mock does not exist to the specified host, and
record the resulting response as a mock file.
You can change the maximum folder depth for mock files created this way using the --depth
option.
The recorded mock set can also be changed using the --set
option.
Note that by default response headers and request query parameters are not saved. To change this behavior, you can
use the --save-headers
and --save-query
options.
For more advanced usages, you can hook on any standard Express middleware to modify the request and/or the response returned by the server.
To hook on your own middlewares, use the --hooks
to specify a JavaScript module with exports setup like this:
module.exports = {
before: [], // middlewares to be executed before the request is processed
after: [] // middlewares to be executed after the request has been processed
};
Middlewares executed before the request is processed can be used to bypass regular mock response, for example to randomly simulate a server failure with an early error 500 response.
On the other hand, middlewares executed after the request have been processed can be used to augment or modify the
response, for example by adding header or changing the response status. You can also access and modify the response
body by using the special res.body
property.
Remember that once you have used .send()
, .sendStatus
or .json()
in a middleware the response cannot be altered
anymore, that's why you should use the res.body
property instead if you plan to alter the response later on.
See some example hooks.
You can regroup multiple mocks in a special single file with the extension .mocks.js
, using this format:
module.exports = {
'<file_name>': '<file_content>' // can be a string, an object (custom response) or a function (JavaScript mock)
};
See this example mock collection to get an idea of all possibilities.
The format of file name is the same as for individual mock files, and will be used to match the request using the same rules. As for the mock content, the format is also the same as what you would put in single file mock. If a request matches both a mock file and a mock within a collection with the same specificity, the mock file will always be used over the collection.
As the format is the same, you can convert a bunch of files to a single file mock collection and conversely. To convert separate mock files to a collection:
smoke-conv <glob> <output_file> // Will create <output_file>.mocks.js from all mocks found
To convert a mock collection to separate files:
smoke-conv <file> <output_folder> // Will extract separate mocks into <output_folder>
Note that only text-based file content will be inserted directly, other file content will be converted to a base64 string.
:warning: There is a limitation regarding JavaScript mocks: only the exported function will be converted for a given mock, meaning that if you have non-exported functions, variables or imports they will be lost during the conversion.
If you cannot find what you need here, you might want to check out one of these other Node.js mock servers:
2.1.0
--collection
option to allow recording to a mock collection--save-query
option to save query parameters when recording--depth
option for mock conversion--ignore
from -g
to -i
--ignore
param for smoke-conv
toolFAQs
Simple yet powerful file-based mock server with recording abilities
The npm package smoke receives a total of 638 weekly downloads. As such, smoke popularity was classified as not popular.
We found that smoke demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.