Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
var v = verity("http://localhost:8080/path/");
v.jsonMode();
v.method("POST");
v.body({"some" : "json"});
v.expectStatus(200);
v.expectBody({"success" : true});
v.test(function(err, result) {
// err is present if any assertions failed.
// result contains assertion errors, body, headers, status, and cookies
});
or using the chained interface:
var v = verity("http://localhost:8080/path/")
.jsonMode()
.method("POST")
.body({"some" : "json"})
.expectStatus(200)
.expectBody({"success" : true})
.test(function(err, result) {
// ...
});
Call jsonMode()
to allow json request and response bodies to be automatically serialized and deserialized into javascript objects.
Call body()
to set the contents of the request body. This should be a string unless jsonMode()
has been called.
Call method()
with an HTTP method to set the HTTP request method.
Call header()
with a header name and value to set a single http
request header.
Call setCookieFromString()
to pass a cookie string to set the cookie values of the request.
Call expectStatus()
to declare the HTTP status code that you expect the reponse to have.
Call expectHeaders()
expect certain headers. Unspecified headers will be ignored. Further calls will merge the two expectations.
Call expectCookie()
expect certain cookies. Unspecified cookies will be ignored. Further calls will merge the two expectations.
####expectBody(String/Object)
Call expectBody()
to declare what bopdy to expect in the response. This should be a string unless jsonMode()
has been called.
Call expectPartialBody()
to expect certain response fields. Unspecified fields will be ignored. This method will error if JSON mode is not enabled.
Call expect()
to make your own assertions on the response. You must provide a function that takes the node response object, and throws an error if any expectations are violated. You may decorate the error with additional properties that will be logged.
Call test()
to actually execute the specified request, and test your expectations. test()
takes a callback that expects error
and result
arguments. The error
parameter is truthy if the expectations were not met. The result
parameter will contain an object detailing the errors, along with the response.
Call authStrategy with a function that takes a credentials object and a callback. This function should log a user into your app and return a cookie with proper session credentials.
After authStrategy has been set, call login
with a set of credentials to log a user in before running a test.
Asserts that two objects are deeply-equal, and to throw an assertion error if they're not, along with logging the diffs.
Register your own expect helper, which you will be able to use in a manner similar to expectBody, expectHeaders, etc. Should return a function that takes the response object and throws an error if any assertions are not met. Attach your own properties to the thrown error object to add details.
TODO document use in mocha. document use in other test frameworks.
TODO document changing the url
FAQs
a lib for testing for http request/response
We found that verity demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 24 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.