Gathering detailed insights and metrics for cypress-file-upload
Gathering detailed insights and metrics for cypress-file-upload
Installations
npm install cypress-file-uploadScore
55.1
Supply Chain
80.9
Quality
71.9
Maintenance
100
Vulnerability
96.7
License
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=8.2.1
Typescript Support
Yes
Node Version
14.16.1
NPM Version
7.11.2
Statistics
498 Stars
528 Commits
90 Forks
9 Watching
3 Branches
30 Contributors
Updated on 28 Aug 2024
Languages
JavaScript (91.11%)
HTML (8.89%)
Total Downloads
Cumulative downloads
Total Downloads
194,368,964
Last day
-12.5%
183,941
Compared to previous day
Last week
-0.4%
998,497
Compared to previous week
Last month
7.4%
4,440,608
Compared to previous month
Last year
-10.3%
50,651,652
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
cypress-file-upload
File upload testing made easy.
This package adds a custom Cypress command that allows you to make an abstraction on how exactly you upload files through HTML controls and focus on testing user workflows.
Table of Contents
Installation
The package is distributed via npm and should be installed as one of your project's devDependencies:
1npm install --save-dev cypress-file-upload
If you are using TypeScript, ensure your tsconfig.json contains commands' types:
1"compilerOptions": { 2 "types": ["cypress", "cypress-file-upload"] 3}
To be able to use any custom command you need to add it to cypress/support/commands.js like this:
1import 'cypress-file-upload';
Then, make sure this commands.js is imported in cypress/support/index.js (it might be commented):
1// Import commands.js using ES2015 syntax: 2import './commands';
All set now! :boom:
Usage
Now, let's see how we can actually test something. Exposed command has signature like:
1cySubject.attachFile(fixture, optionalProcessingConfig);
It is a common practice to put all the files required for Cypress tests inside cypress/fixtures folder and call them as fixtures (or a fixture). The command recognizes cy.fixture format, so usually this is just a file name.
HTML5 file input
1cy.get('[data-cy="file-input"]') 2 .attachFile('myfixture.json');
Drag-n-drop component
1cy.get('[data-cy="dropzone"]') 2 .attachFile('myfixture.json', { subjectType: 'drag-n-drop' });
Attaching multiple files
1cy.get('[data-cy="file-input"]') 2 .attachFile(['myfixture1.json', 'myfixture2.json']);
Note: in previous version you could also attach it chaining the command. It brought flaky behavior with redundant multiple event triggers, and was generally unstable. It might be still working, but make sure to use array instead.
Working with file encodings
In some cases you might need more than just plain JSON cy.fixture. If your file extension is supported out of the box, it should all be just fine.
In case your file comes from some 3rd-party tool, or you already observed some errors in console, you likely need to tell Cypress how to treat your fixture file.
1cy.get('[data-cy="file-input"]') 2 .attachFile({ filePath: 'test.shp', encoding: 'utf-8' });
Trying to upload a file that does not supported by Cypress by default? Make sure you pass encoding property (see API).
Working with raw file contents
Normally you do not need this. But what the heck is normal anyways :neckbeard:
If you need some custom file preprocessing, you can pass the raw file content:
1const special = 'file.spss'; 2 3cy.fixture(special, 'binary') 4 .then(Cypress.Blob.binaryStringToBlob) 5 .then(fileContent => { 6 cy.get('[data-cy="file-input"]').attachFile({ 7 fileContent, 8 filePath: special, 9 encoding: 'utf-8', 10 lastModified: new Date().getTime() 11 }); 12 });
You still need to provide filePath in order to get file's metadata and encoding. For sure this is optional, and you can do it manually:
1cy.fixture('file.spss', 'binary') 2 .then(Cypress.Blob.binaryStringToBlob) 3 .then(fileContent => { 4 cy.get('[data-cy="file-input"]').attachFile({ 5 fileContent, 6 fileName: 'whatever', 7 mimeType: 'application/octet-stream', 8 encoding: 'utf-8', 9 lastModified: new Date().getTime(), 10 }); 11 });
Override the file name
1cy.get('[data-cy="file-input"]') 2 .attachFile({ filePath: 'myfixture.json', fileName: 'customFileName.json' });
Working with empty fixture file
Normally you have to provide non-empty fixture file to test something. If your case isn't normal in that sense, here is the code snippet for you:
1cy.get('[data-cy="file-input"]') 2 .attachFile({ filePath: 'empty.txt', allowEmpty: true });
Waiting for the upload to complete
Cypress' cy.wait command allows you to pause code execution until some asyncronous action is finished. In case you are testing file upload, you might want to wait until the upload is complete:
1// start watching the POST requests 2cy.server({ method:'POST' }); 3// and in particular the one with 'upload_endpoint' in the URL 4cy.route({ 5 method: 'POST', 6 url: /upload_endpoint/ 7}).as('upload'); 8 9 10const fileName = 'upload_1.xlsx'; 11 12cy.fixture(fileName, 'binary') 13 .then(Cypress.Blob.binaryStringToBlob) 14 .then(fileContent => { 15 cy.get('#input_upload_file').attachFile({ 16 fileContent, 17 fileName, 18 mimeType: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 19 encoding:'utf8', 20 lastModified: new Date().getTime() 21 }) 22 }) 23 24// wait for the 'upload_endpoint' request, and leave a 2 minutes delay before throwing an error 25cy.wait('@upload', { requestTimeout: 120000 }); 26 27// stop watching requests 28cy.server({ enable: false }) 29 30// keep testing the app 31// e.g. cy.get('.link_file[aria-label="upload_1"]').contains('(xlsx)');
I wanna see some real-world examples
There is a set of recipes that demonstrates some framework setups along with different test cases. Make sure to check it out when in doubt.
API
Exposed command in a nutshell:
1cySubject.attachFile(fixture, processingOpts);
Familiar with TypeScript? It might be easier for you to just look at type definitions.
fixture can be a string path (or array of those), or object (or array of those) that represents your local fixture file and contains following properties:
- {string}
filePath- file path (with extension) - {string}
fileName- the name of the file to be attached, this allows to override the name provided byfilePath - {Blob}
fileContent- the binary content of the file to be attached - {string}
mimeType- file MIME type. By default, it gets resolved automatically based on file extension. Learn more about mime - {string}
encoding- normallycy.fixtureresolves encoding automatically, but in case it cannot be determined you can provide it manually. For a list of allowed encodings, see here - {number}
lastModified- The unix timestamp of the lastModified value for the file. Defaults to current time. Can be generated fromnew Date().getTime()orDate.now()
processingOpts contains following properties:
- {string}
subjectType- target (aka subject) element kind:'drag-n-drop'component or plain HTML'input'element. Defaults to'input' - {boolean}
force- same as forcy.trigger, it enforces the event triggers on HTML subject element. Usually this is necessary when you use hidden HTML controls for your file upload. Defaults tofalse - {boolean}
allowEmpty- when true, do not throw an error iffileContentis zero length. Defaults tofalse
Recipes
There is a set of recipes that demonstrates some framework setups along with different test cases. Make sure to check it out when in doubt.
Any contributions are welcome!
Caveats
During the lifetime plugin faced some issues you might need to be aware of:
- Chrome 73 changes related to HTML file input behavior: #34
- Force event triggering (same as for
cy.trigger) should happen when you use hidden HTML controls: #41 - Binary fixture has a workarounded encoding: #70
- Video fixture has a workarounded encoding: #136
- XML encoded files: #209
- Shadow DOM compatibility: #74
- Reading file content after upload: #104
It isn't working! What else can I try?
Here is step-by-step guide:
- Check Caveats - maybe there is a tricky thing about exactly your setup
- Submit the issue and let us know about you problem
- In case you're using a file with encoding and/or extension that is not yet supported by Cypress, make sure you've tried to explicitly set the
encodingproperty (see API) - Comment your issue describing what happened after you've set the
encoding
I want to contribute
You have an idea of improvement, or some bugfix, or even a small typo fix? That's :cool:
We really appreciate that and try to share ideas and best practices. Make sure to check out CONTRIBUTING.md before start!
Have something on your mind? Drop an issue or a message in Discussions.
Contributors
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 0 commits out of 21 are checked with a SAST tool
Reason
Found 3/15 approved changesets -- score normalized to 2
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/abramenal/cypress-file-upload/publish.yml/main?enable=pin
- Info: 0 out of 14 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 10 third-party GitHubAction dependencies pinned
- Info: 4 out of 4 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Info: no jobLevel write permissions found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
75 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
- Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg
- Warn: Project is vulnerable to: GHSA-2qqx-w9hr-q5gx
- Warn: Project is vulnerable to: GHSA-2vrf-hf26-jrp5
- Warn: Project is vulnerable to: GHSA-4w4v-5hc9-xrr2
- Warn: Project is vulnerable to: GHSA-m2h2-264f-f486
- Warn: Project is vulnerable to: GHSA-m9gf-397r-hwpg
- Warn: Project is vulnerable to: GHSA-mqm9-c95h-x2p6
- Warn: Project is vulnerable to: GHSA-prc3-vjfx-vhm9
- Warn: Project is vulnerable to: GHSA-qwqh-hm9m-p5hr
- Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
- Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
- Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj
- Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2
- Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
- Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
- Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
- Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
- Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
- Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Score
3.6
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More