Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
SuperDiff is a Ruby gem which is designed to display the differences between two objects of any type in a familiar and intelligent fashion.
📢 See what's changed in recent versions.
The primary motivation behind this gem
is to vastly improve upon RSpec's built-in diffing capabilities.
RSpec has many nice features,
and one of them is that whenever you use a matcher such as eq
, match
, include
, or have_attributes
,
you will get a diff of the two data structures you are trying to match against.
This is great if all you want to do is compare multi-line strings.
But if you want to compare other, more "real world" kinds of values such as API or database data,
then you are out of luck.
Since RSpec merely runs your expected
and actual
values through Ruby's PrettyPrinter library
and then performs a diff of these strings,
the output it produces leaves much to be desired.
For instance, let's say you wanted to compare these two hashes:
actual = {
customer: {
person: SuperDiff::Test::Person.new(name: "Marty McFly, Jr.", age: 17),
shipping_address: {
line_1: "456 Ponderosa Ct.",
city: "Hill Valley",
state: "CA",
zip: "90382"
}
},
items: [
{ name: "Fender Stratocaster", cost: 100_000, options: %w[red blue green] },
{ name: "Mattel Hoverboard" }
]
}
expected = {
customer: {
person: SuperDiff::Test::Person.new(name: "Marty McFly", age: 17),
shipping_address: {
line_1: "123 Main St.",
city: "Hill Valley",
state: "CA",
zip: "90382"
}
},
items: [
{ name: "Fender Stratocaster", cost: 100_000, options: %w[red blue green] },
{ name: "Chevy 4x4" }
]
}
If, somewhere in a test, you were to say:
expect(actual).to eq(expected)
You would get output that looks like this:
What this library does is to provide a diff engine that knows how to figure out the differences between any two data structures and display them in a sensible way. So, using the example above, you'd get this instead:
📘 For more on how to install and use SuperDiff, read the user documentation.
My goal for this library is to improve your development experience. If this is not the case, and you encounter a bug or have a suggestion, feel free to create an issue. I'll try to respond to it as soon as I can!
Any code contributions to improve this library are welcome! Please see the contributing document for more on how to do that.
super_diff
is tested to work with
Ruby >= 3.x,
RSpec 3.x,
and Rails >= 6.x.
In developing this gem I made use of or was heavily inspired by these libraries:
Thank you to the authors of these libraries!
SuperDiff was created by Elliot Winkler and is maintained by Splitwise, Inc. It is released under the MIT license.
FAQs
Unknown package
We found that super_diff demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.