Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
RSpec is a testing framework of choice for many Ruby developers. But at the same time is highly dynamic and heavily relying on metaprogramming making it hard to provide accurate code completion and type inference.
This gem aims to provide better support for RSpec in Solargraph and it supports the following features (completion, jump to definition and type inference 🚀):
describe
and it
methodslet
and let!
methodsdescribed_class
with appropriate type inferencesubject
methodsis_expected
, should
and should_not
linked to the appropriate subject
solargraph
and solargraph-rspec
Install the gems from the command line:
gem install solargraph solargraph-rspec
Or add it to your Gemfile:
group :development do
gem 'solargraph', require: false
gem 'solargraph-rspec', require: false
end
If you add them to your Gemfile, you'll have to tell your IDE plugin to use bundler to load the right version of solargraph.
Add solargraph-rspec
to your .solargraph.yml
as a plugin.
[!CAUTION] To avoid performance issues, please keep the
spec/**/*
directory in exclude list in the Solargraph configuration. That does not actually exclude the specs, but rather avoids pre-indexing the specs when Solargraph boots up, and only parses the specs on demand when opened in the editor, which is what we usually want.
(if you don't have a .solargraph.yml
in your project root, you can run solargraph config
to add one)
@@ -2,7 +2,6 @@
include:
- "**/*.rb"
exclude:
+- spec/**/*
- test/**/*
- vendor/**/*
- ".bundle/**/*"
@@ -18,5 +17,6 @@ formatter:
only: []
extra_args: []
require_paths: []
-plugins: []
+plugins:
+ - solargraph-rspec
max_files: 5000
If you have your own custom let
-like memoized methods, you can add them to your .solargraph.yml
file like this:
# .solargraph.yml
# ...
rspec:
let_methods:
- let_it_be
If you have your own custom example
-like methods like it
, you can add them to your .solargraph.yml
file like this:
# .solargraph.yml
# ...
rspec:
example_methods:
- my_it
This is useful if you use gems like rspec-given which introduces its own let
and example
methods.
Solargraph utilizes the YARD documentation to provide code completion. If you want to have completion for gems in your project, you can generate YARD documentation for them (Read more).
Run yard gems
to generate documentation for your installed gems.
Run yard config --gem-install-yri
to generate YARD documentation automatically when you install new gems.
This gem is inspired by the solargraph-rails which gave me an idea of how to extend Solargraph with custom features and provided me with simple and very understandable test suite which helped me to get started with playing around with Solargraph.
In fact, most of the code I initially wrote on a fork of it, but then I realized that it would make more sense to extract it into a separate gem where it could be used by non-Rails projects as well.
It also goes without saying that the Solargraph gem itself is a great tool that it has helped me a lot in my daily work and I'm very grateful to @castwide for creating it and maintaining it. :heart:
It's codebase IMO is an exemplary of how Ruby code written in a very simple POROs without any wild metaprogramming magic and supplemented with YARDocs, for such a complex tools can be very readable and understandable even for a total newbie like me in this domain!
GitHub Issues are the best place to ask questions, report problems, and suggest improvements.
Code contributions are always appreciated. Feel free to fork the repo and submit pull requests. Check for open issues that could use help. Start new issues to discuss changes that have a major impact on the code or require large time commitments.
Contributing is easy:
bundle install
to install dependenciesyard gems
to generate YARD documentation for your installed gemsbundle exec spec
to run the testsThe gem is available as open source under the terms of the MIT License.
FAQs
Unknown package
We found that solargraph-rspec demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.