Gathering detailed insights and metrics for http-assert-plus
Gathering detailed insights and metrics for http-assert-plus
Installations
npm install http-assert-plusDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>= 12.0.0
Node Version
16.19.1
NPM Version
8.19.3
Score
71.1
Supply Chain
99.3
Quality
75.4
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Languages
2
JavaScript
TypeScript
JavaScript (50.33%)
TypeScript (49.67%)
Developer
Download Statistics
Total Downloads
11,880
Last Day
17
Last Week
73
Last Month
173
Last Year
5,186
GitHub Statistics
MIT License
48 Commits
2 Watchers
1 Branches
1 Contributors
Updated on May 10, 2023
Maintainers
1
Package Meta Information
Latest Version
2.0.1
Package Id
http-assert-plus@2.0.1
Unpacked Size
20.84 kB
Size
5.32 kB
File Count
5
NPM Version
8.19.3
Node Version
16.19.1
Published on
May 10, 2023
Total Downloads
Cumulative downloads
Total Downloads
11,880
Last Day
-37%
17
Compared to previous day
Last Week
55.3%
73
Compared to previous week
Last Month
-23.8%
173
Compared to previous month
Last Year
150.3%
5,186
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
http-assert-plus
More assertions with status codes.
1import assert from 'http-assert-plus'; 2// or 3const assert = require('http-assert-plus'); 4 5const username = 'jdrydn'; 6assert(username === 'not-jdrydn', 403, 'Authorization failed', { 7 code: 'NOT_AUTHORIZED', 8 username, 9}); 10 11// Error: Authorization failed 12// at http-assert-plus/README.md:22:1 { 13// code: 'NOT_AUTHORIZED', 14// statusCode: 403, 15// status: 403, 16// statusText: 'Forbidden', 17// username: 'jdrydn' 18// }
Install
$ npm install --save http-assert-plus
API
This API matches the built-in assert module, and builds upon the success of http-assert, with a few differences:
- Each function throws an instance of
Errorwhen the assertion fails. - Zero dependencies.
assert(value, [status], [message], [props])
Tests if value is truthy, and throws an Error if falsey.
assert.ok(value, [status], [message], [props])
Alias for above, tests if value is truthy, and throws an Error if falsey.
assert.fail([status], [message], [props])
Always throws an Error with the provided status/message/props.
assert.equal(a, b, [status], [message], [props])
Tests shallow, coercive equality between a & b using ==.
assert.notEqual(a, b, [status], [message], [props])
Tests shallow, coercive inequality between a & b using !=.
assert.strictEqual(a, b, [status], [message], [props])
Tests strict equality between a & b using ===.
assert.notStrictEqual(a, b, [status], [message], [props])
Tests strict inequality between a & b using !==.
assert.includes(a, b, [status], [message], [props])
Tests whether a includes b - where a has a method call includes.
assert.notIncludes(a, b, [status], [message], [props])
Tests whether a does not include b - where a has a method includes.
What about deep equality?
If you're looking for deep equality checks, check out deep-equal:
1import assert from 'http-assert-plus';
2import deepEqual from 'deep-equal';
3
4assert(deepEqual(a, b), 400, 'These two are not entirely equal');
5assert(deepEqual(a, b, { strict: true }), 400, 'These two are not entirely equal');
6// Error: Array does not strict-equal
7// at http-assert-plus/README.md:72:1 {
8// statusCode: 400,
9// status: 400,
10// statusText: 'Bad Request'
11// }Browser supported?
Yes! Not all browsers support Error.captureStackTrace so this library checks if it is present in the current environment - if it isn't available the only behaviour you'll likely want to change is to pre-construct Error arguments to preserve a proper stack trace, like so:
1const { origin } = window.location; 2 3// In browsers, do this: 4assert(origin.startsWith('https://'), new Error('Expected origin to start with https://'), { origin }); 5// Error: Expected origin to start with https:// 6// at http-assert-plus/README.md:99:39 { 7// origin: 'http://localhost:4000', 8// } 9 10// Not this 11assert(origin.startsWith('https://'), 'Expected origin to start with https://'); 12// Error: Expected origin to start with https:// 13// at node_modules/http-assert-plus/index.cjs:56:38 { 14// at http-assert-plus/README.md:107:1 { 15// origin: 'http://localhost:4000', 16// }
If you don't use a construct such as new Error, when reading stacktraces just ignore the first line as it'll always be the assert function :wink:
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/someimportantcompany/http-assert-plus/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/someimportantcompany/http-assert-plus/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/someimportantcompany/http-assert-plus/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/someimportantcompany/http-assert-plus/ci.yml/master?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/28 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 2 are checked with a SAST tool
Score
2.8
/10
Last Scanned on 2025-05-05
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More