Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Professor X: For someone who hates mutants... you certainly keep some strange company.
William Stryker: Oh, they serve their purpose... as long as they can be controlled.
Stryker is a mutation testing framework for JavaScript. It allows you to test your tests by temporarily inserting bugs.
To install Stryker, execute the command:
$ npm install stryker stryker-api --save-dev
Note: During installation you may run into errors caused by node-gyp. It is safe to ignore them.
To test if Stryker is installed correctly, execute the command:
$ node_modules/.bin/stryker --version
This should print the latest version of Stryker.
$ node_modules/.bin/stryker <command> [options] [stryker.conf.js]
The only command
currently available is run
, which kicks off mutation testing.
By default, we expect a stryker.conf.js
file in the current working directory. This can be overridden by specifying a different file as the last parameter.
The following is an example stryker.conf.js
file:
module.exports = function(config){
config.set({
files: ['test/helpers/**/*.js', 'test/unit/**/*.js', { pattern: 'src/**/*.js', included: false, mutated: true }],
testFramework: 'mocha',
testRunner: 'mocha',
reporter: ['progress', 'clear-text', 'dots', 'html', 'event-recorder'],
coverageAnalysis: 'perTest',
plugins: ['stryker-mocha-runner', 'stryker-html-reporter']
});
}
As you can see, the config file is not a simple JSON file, it should be a common js (a.k.a. npm) module.
You might recognize this way of working from the karma test runner.
Make sure you at least specify the files
and the testRunner
options when mixing the config file and/or command line options.
See our website for the list of currently supported mutators.
All configuration options can either be set via the command line or via the stryker.conf.js
config file.
files
and mutate
both support globbing expressions using node glob.
This is the same globbing format you might know from Grunt or Karma.
You can ignore files by adding an exclamation mark (!
) at the start of an expression.
Command line: [--files|-f] node_modules/a-lib/**/*.js,src/**/*.js,a.js,test/**/*.js
Config file: files: ['{ pattern: 'src/**/*.js', mutated: true }, '!src/**/index.js', 'test/**/*.js']
Default value: none
Mandatory: yes
Description:
With files
you specify all files needed to run your tests. If the test runner you use already provides the test framework (Jasmine, Mocha, etc.),
you should not include those files here as well.
The files will be loaded in the other in which they are specified.
When using the command line, the list can only contain a comma separated list of globbing expressions.
When using the config file you can provide an array with string
s or InputFileDescriptor
objects, like so:
string
: The globbing expression used for selecting the files needed to run the tests.InputFileDescriptor
object: { pattern: 'pattern', included: true, mutated: false }
:
pattern
property is mandatory and contains the globbing expression used for selecting the files. Using !
to ignore files is not supported here.included
property is optional and determines whether or not this file should be loaded initially by the test-runner (default: true)mutated
property is optional and determines whether or not this file should be targeted for mutations (default: false)Note: To include a file/folder which start with an exclamation mark (!
), use the InputFileDescriptor
syntax.
Command line: [--mutate|-m] src/**/*.js,a.js
Config file: mutate: ['src/**/*.js', 'a.js']
Default value: none
Mandatory: no
Description:
With mutate
you configure the subset of files to use for mutation testing. Generally speaking, these should be your own source files.
This is optional, as you can also use the mutated
property with the files
parameter or not mutate any files at all to perform a dry-run (test-run).
We expect a comma separated list of globbing expressions, which will be used to select the files to be mutated.
Command line: --testRunner karma
Config file: testRunner: 'karma'
Default value: none
Mandatory: yes
Description:
With testRunner
you specify the test runner to run your tests. This option is required.
Make sure the test runner plugin for Stryker is installed. E.g. we need the stryker-karma-runner
to use karma
as a test runner.
See the list of plugins for an up-to-date list of supported test runners and plugins.
Command line: --testFramework jasmine
Config file: testFramework: 'jasmine'
Default value: none
Mandatory: yes
Description:
With testFramework
you configure which test framework your tests are using. This value is directly consumed by the test runner and therefore
depends what framework that specific test runner supports. By default, this value is also used for testFramework
.
Full notation: --coverageAnalysis perTest
Config file key: coverageAnalysis: 'perTest'
Default value: perTest
Mandatory: no
Description:
With coverageAnalysis
you specify which coverage analysis strategy you want to use.
Stryker can analyse code coverage results. This can potentially speed up mutation testing a lot, as only the tests covering a
particular mutation are tested for each mutant.
This does not influence the resulting mutation testing score. It only improves performance, so we enable it by default.
The possible values are:
off: Stryker will not determine the code covered by tests during the initial test run phase. All tests will be executed for each mutant during the mutation testing phase.
all: Stryker will determine the code covered by all tests during the initial test run phase. Only mutants actually covered by your
test suite are tested during the mutation testing phase. This setting requires your test runner to be able to report the code coverage back to Stryker.
Currently, only the stryker-mocha-runner
and the stryker-karma-runner
do this.
perTest: Stryker will determine the code covered by your test per executed test during the initial test run phase. Only mutants actually covered by your
test suite are tested during the mutation testing phase.
Only the tests that cover a particular mutant are tested for each one. This requires your tests to be able to run independently of each other and in random order.
In addition to requiring your test runner to be able to report the code coverage back to Stryker, your chosen testFramework
also needs to support running code
before and after each test, as well as test filtering.
Currently, stryker-mocha-runner
as well as stryker-karma-runner
support this. However, stryker-karma-runner
support is limited to using it with Jasmine
as the test framework
(Mocha
is not yet supported).
Command line: --reporter clear-text,progress,dots
Config file: reporter: ['clear-text', 'progress', 'dots']
Default value: ['clear-text', 'progress']
Mandatory: no
Description:
With reporter
you can set a reporter or group of reporters for stryker to use.
These reporters can be used out of the box: clear-text
, progress
and event-recorder
.
By default clear-text
and progress
are active if no reporter is configured.
You can load additional plugins to get more reporters. See stryker-mutator.github.io
for an up-to-date list of supported reporter plugins and a description on each reporter.
The clear-text
reporter supports an additional config option to show more tests that were executed to kill a mutant. The config for your config file is: clearTextReporter: { maxTestsToLog: 3 },
Command line: --plugins stryker-html-reporter,stryker-karma-runner
Config file: plugins: ['stryker-html-reporter', 'stryker-karma-runner']
Default value: ['stryker-*']
Mandatory: no
Description:
With plugins
you can add additional Node modules for Stryker to load (or require
).
By default, all node_modules
starting with stryker-
will be loaded, so you would normally not need to specify this option.
These modules should be installed right next to stryker. For a current list of plugins,
you can consult npm or
stryker-mutator.github.io.
Command line: --port 9234
Config file: port: 9234
Default value: 9234
Mandatory: no
Description:
With port
you specify the first port to pass on to the test runner to use. Any additional test runners will be spawned using ports n+1, n+2, etc.
For example, when you set to use port 9234 and Stryker decides to start four test runner processes, ports 9234, 9235, 9236 and 9237 will be passed to the test runner.
If the test runner decides to use the port it should be available for use.
Command line: --timeoutMs 5000
Config file: timeoutMs: 5000
Default value: 5000
Mandatory: no
Description:
When Stryker is mutating code, it cannot determine indefinitely whether or not a code mutation results in an infinite loop (see Halting problem).
In order to battle infinite loops, a test run gets killed after a certain period. This period is configurable with two settings: timeoutMs
and timeoutFactor
.
To calculate the actual timeout in milliseconds the, following formula is used:
timeoutForTestRunMs = timeOfTheInitialTestRunMs * timeoutFactor + timeoutMs
With timeoutFactor
you can configure the allowed deviation relative to the time of a normal test run. Tweak this if you notice that mutants are prone to creating slower code, but not infinite loops.
timeoutMs
let's you configure an absolute deviation. Use it, if you run Stryker on a busy machine and you need to wait longer to make sure that the code indeed entered an infinite loop.
Command line: --timeoutFactor 1.5
Config file: timeoutFactor: 1.5
Default value: 1.5
Mandatory: no
Description:
See Timeout in milliseconds.
Command line: --maxConcurrentTestRunners 3
Config file: maxConcurrentTestRunners: 3
Default value: number of CPU cores
Mandatory: no
Description:
Specifies the maximum number of concurrent test runners to spawn.
Mutation testing is time consuming. By default Stryker tries to make the most of your CPU, by spawning as many test runners as you have CPU cores.
This setting allows you to override this default behavior.
Reasons you might want to lower this setting:
Command line: --logLevel info
Config file: logLevel: 'info'
Default value: info
Mandatory: no
Description:
Set the log4js
log level that Stryker uses (default is info
). Possible values: fatal
, error
, warn
, info
, debug
, trace
, all
and off
.
Note: Test runners are run as child processes of the Stryker Node process. All output (stdout) of the testRunner
is logged as trace
.
Thus, to see logging output from the test runner set the logLevel
to all
or trace
.
FAQs
The extendable JavaScript mutation testing framework
The npm package stryker receives a total of 387 weekly downloads. As such, stryker popularity was classified as not popular.
We found that stryker demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.