Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
supertest-fetch
Advanced tools
A typescript friendly alternative to Supertest, backed by node-fetch
This is a library heavily influenced by Visionmedia's excellent supertest library. The advantages of this library are:
import http from 'http';
import { makeFetch } from 'supertest-fetch';
const server = http.createServer((req, res) => {
res.setHeader('content-type', 'application/json');
res.end(JSON.stringify({ greeting: 'Hello!' }));
});
// This is a function with an API identical to the WHATWG `fetch()` function,
// except the returned Promise has a bunch of supertest like functions on it.
//
// If the server is not listening, then `fetch()` will call `listen()` on the
// server before each fetch, and close it after each fetch.
const fetch = makeFetch(server);
describe('my server tests', function () {
it('should return a response', async function () {
await fetch('/hello')
.expect(200)
.expect('content-type', 'application/json')
.expect({ greeting: 'Hello!' });
});
it('will work just like fetch if you need to do more advanced things', async function () {
const response = await fetch('/hello')
.expect(200)
.expect('content-type', 'application/json');
expect(await response.json()).to.eql({ greeting: 'Hello!' });
});
it('should post data', async function () {
await fetch('/hello', {
method: 'post',
body: '<message>Hello</message>',
headers: { 'content-type': 'application/xml' },
});
});
});
Returns a new fetch
function. This is identical to the WHAT-WG fetch function, except that the returned object has some extra assertions added to it.
If the server
passed in is not already listening, each call to fetch()
will call listen()
on the server, and close it after each fetch. This will assign a random free port to the server, so you don't need to worry about listening on a well-known port for your tests to work.
If the server
passed in is an instance of tls.Server, then the returned fetch
instance will use HTTPS to connect to the server instead of HTTP. Note that it's up to you to appropriately configure the server, supplying a certificate and key, and if you're using a self-signed certificate you'll need to pass an "agent" to the call to fetch
. See this example for details.
Verify response status code and text.
Verify headerName matches the given value or regex. If value
is null,
verifies that the header is not present.
Verify body is the given string, JSON object, or matches the given regular expression.
Supertest friendly alias for .expectStatus(statusCode)
.
Supertest friendly alias for .expectStatus(statusCode).expectBody(body)
.
Supertest friendly alias for .expectBody(body)
.
Supertest friendly alias for .expectHeader(field, value)
.
Convenience function which returns a Promise which resolves to the JSON content of the response. This:
const result = await fetch('/hello').expect(200).json();
is equivalent to:
const response = await fetch('/hello').expect(200);
const result = await response.json();
FAQs
Supertest with WHATWG fetch like interface.
The npm package supertest-fetch receives a total of 2,090 weekly downloads. As such, supertest-fetch popularity was classified as popular.
We found that supertest-fetch demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.