Gathering detailed insights and metrics for find-related-tests-js
Installations
npm install find-related-tests-jsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
10.15.3
NPM Version
6.4.1
Score
61.2
Supply Chain
91.9
Quality
71.4
Maintenance
50
Vulnerability
97.3
License
Releases
3
Contributors
2
Unable to fetch Contributors
Languages
2
TypeScript
JavaScript
TypeScript (76.41%)
JavaScript (23.59%)
Developer
tak2siva
Download Statistics
Total Downloads
3,846
Last Day
22
Last Week
23
Last Month
68
Last Year
339
GitHub Statistics
2 Stars
14 Commits
1 Forks
2 Watching
9 Branches
2 Contributors
Bundle Size
3.89 MB
Minified
1.01 MB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
1.3.0
Package Id
find-related-tests-js@1.3.0
Unpacked Size
148.51 kB
Size
57.35 kB
File Count
24
NPM Version
6.4.1
Node Version
10.15.3
Total Downloads
Cumulative downloads
Total Downloads
3,846
Last day
0%
22
Compared to previous day
Last week
-46.5%
23
Compared to previous week
Last month
1,260%
68
Compared to previous month
Last year
-36.5%
339
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
find-related-tests-js 
Sometimes we need not run all unit tests in our project. This library will try to find the related files(i.e import files) of all files changed in current branch.
This library can be an alternate for jest findRelatedTests or jest changedSince with much more flexibility. Here consumers are responsible to map test file for each related source file.
npm install --save find-related-tests-js
Usage
- Provide changeSet i.e files modified in git as input stream.
- This library will load and process dependency graph for the application and provide the following three callbacks to identify related test files.
Callbacks:
- sourceFileModifiedCb(fileName, accumulator) => This will be called if a file name found in changeSet. Use this to map test file for modified source file.
- directDependencyModifiedCb(fileName, accumulator) => This will be called if any of the imports of a file is modified.
- transitiveDependencyModifiedCb(fileName, accumulator) => This will be called if one of transitive dependency is modified.
Accumulator:
- Every callback provides this to add test file name for give source file like
accumulator.add(testFileName). The result will be unique so need to not worry about duplicates.
// config.js
// mandatory parameters
function mapSourceToTestFiles(sourceFile, accumulator) {
if (sourceFile.indexOf('.test.js') >= 1) {
// Add if this is already a test file
accumulator.add(sourceFile)
return
}
if (sourceFile.indexOf('.js') >= 1) {
// Map multiple test files for single source file
accumulator.add(sourceFile.replace(/\.js/, '.test.js'));
accumulator.add(sourceFile.replace(/\.js/, '.snapshot.js'));
}
}
module.exports = {
entryPoint: '/react/sample/App.js',
searchDir: '/react/sample',
dependencyExcludeFilter: path => path.indexOf('node_modules') === -1, // Ignore node module from dep graph
// It is okay to add same file name in multiple callback
// result will be unique
sourceFileModifiedCb: mapSourceToTestFiles,
directDependencyModifiedCb: mapSourceToTestFiles,
transitiveDependencyModifiedCb: (sourceFile, accumulator) => {
// This will be called if any transitive dependency is modified
// A -> B -> C -> D
// C & D are transitive dependency for A
},
outputFile: '/react/temp.txt',
}
Run via command line
To findRelatedTests for staged files in Git
git diff --name-only | xargs printf -- "$PWD/%s\n" | find-related-tests-js --configPath $PWD/config.js --entryPoint $PWD/App.js --searchDir $PWD/src --outputFile temp.txt
To findRelatedTests for files committed but not pushed
git diff --name-only origin..head | xargs printf -- "$PWD/%s\n" | find-related-tests-js --configPath $PWD/config.js --entryPoint $PWD/App.js --searchDir $PWD/src --outputFile temp.txt
If you have not installed this package globally then use ./node_modules/find-related-tests-js/dist/cli.js as executable.
Test Runner
Above command will find all related test files and write their path to configured output file. Run test candidates with required runner
yarn jest $(cat temp.txt)
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
Found 0/14 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/tak2siva/find-related-tests-js/actions.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/tak2siva/find-related-tests-js/actions.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/actions.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tak2siva/find-related-tests-js/actions.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tak2siva/find-related-tests-js/actions.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/actions.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/tak2siva/find-related-tests-js/actions.yml/master?enable=pin
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/actions.yml:1
- Info: no jobLevel write permissions found
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 1.2.80 not signed: https://api.github.com/repos/tak2siva/find-related-tests-js/releases/26660717
- Warn: release artifact 1.2.60 not signed: https://api.github.com/repos/tak2siva/find-related-tests-js/releases/26653319
- Warn: release artifact v1.2.02 not signed: https://api.github.com/repos/tak2siva/find-related-tests-js/releases/26652360
- Warn: release artifact 1.2.80 does not have provenance: https://api.github.com/repos/tak2siva/find-related-tests-js/releases/26660717
- Warn: release artifact 1.2.60 does not have provenance: https://api.github.com/repos/tak2siva/find-related-tests-js/releases/26653319
- Warn: release artifact v1.2.02 does not have provenance: https://api.github.com/repos/tak2siva/find-related-tests-js/releases/26652360
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
23 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-2j2x-2gpw-g8fm
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-x3m3-4wpv-5vgc
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Score
2
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More