Gathering detailed insights and metrics for jest-sinon
Gathering detailed insights and metrics for jest-sinon
Collection of assertions for using the mocking library Sinon.js with Jest
Installations
npm install jest-sinonDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
16.16.0
NPM Version
8.11.0
Score
64.5
Supply Chain
30.5
Quality
70.7
Maintenance
100
Vulnerability
97
License
Releases
4
Languages
1
JavaScript
JavaScript (100%)
Developer
djkf
Download Statistics
Total Downloads
2,925,303
Last Day
631
Last Week
11,796
Last Month
46,423
Last Year
443,618
GitHub Statistics
MIT License
15 Stars
74 Commits
4 Forks
1 Watchers
5 Branches
2 Contributors
Updated on Mar 31, 2024
Bundle Size
81.96 kB
Minified
23.60 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
1.1.0
Package Id
jest-sinon@1.1.0
Unpacked Size
50.82 kB
Size
5.54 kB
File Count
5
NPM Version
8.11.0
Node Version
16.16.0
Total Downloads
Cumulative downloads
Total Downloads
2,925,303
Last Day
-35.8%
631
Compared to previous day
Last Week
-8.4%
11,796
Compared to previous week
Last Month
28%
46,423
Compared to previous month
Last Year
-42.2%
443,618
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Jest-Sinon
Jest-Sinon is a collection of assertions for using the mocking library Sinon.js with Jest.
Example
1const bar = () => {}; 2const foo = sinon.spy(); 3 4foo(bar); 5 6// instead of: 7expect(foo.calledWith(bar)).toBeTruthy; 8 9// we can write: 10expect(foo).toHaveBeenCalledWith(bar);
The assertions: toHaveBeenCalledTimes, toThrow, toReturnWith, toHaveBeenCalled and toHaveBeenCalledWith clash with the in-built Jest mocking framework. Jest-Sinon will try and detect which type of spy is being used and use the correct assertion. You should be able to use both mocking libraries in parallel.
1const foo = sinon.spy(); 2const bar = jest.fn(); 3 4foo(); 5bar(); 6 7expect(foo).toHaveBeenCalled(); // true 8expect(bar).toHaveBeenCalled(); // true
Why?
There are a number of reasons why you might want to use Sinon.js instead of (or as well as) the in-built mocking assertions. Some of the use cases include:
- Developer preference/familiarity to Sinon.js
- Migrating a code base from Mocha/Chai/Sinon to Jest
- To be difficult
Ultimately, it usually comes down to your own preferences and needs.
Installation
With npm:
npm install --save-dev jest-sinon
With yarn:
yarn add -D jest-sinon
Setup
Jest 24+
Add Jest-Sinon to your Jest setupFilesAfterEnv configuration.
1"jest": { 2 "setupFilesAfterEnv": ["jest-sinon"] 3}
Jest 23 or below
1"jest": { 2 "setupTestFrameworkScriptFile": "./testSetup.js" 3}
1// testSetup.js 2 3require('jest-sinon');
Usage
Jest-Sinon adds a number of assertions to help test Sinon.js Spies, Mocks and Stubs. Below is a list of currently implemented assertions.
.toHaveBeenAlwaysCalledOn(obj)
Also under the alias:
.toBeAlwaysCalledOn()
.toHaveBeenAlwaysCalledWith(args1, arg2, ...)
Also under the alias:
.toBeAlwaysCalledWith()
.toHaveBeenAlwaysCalledWithExactly(args1, arg2, ...)
Also under the alias:
.toBeAlwaysCalledWithExactly()
.toHaveBeenAlwaysCalledWithMatch(arg1, arg2, ...)
Also under the alias:
.toBeAlwaysCalledWithMatch()
.toHaveBeenAlwaysCalledWithNew()
Also under the alias:
.toBeAlwaysCalledWithNew()
.toHaveBeenCalled()
Also under the alias:
.toBeCalled()
.toHaveBeenCalledAfter(anotherSpy)
Also under the alias:
.toBeCalledAfter()
.toHaveBeenCalledBefore(anotherSpy)
Also under the alias:
.toBeCalledBefore()
.toHaveBeenCalledImmediatelyAfter(anotherSpy)
Also under the alias:
.toBeCalledImmediatelyAfter()
.toHaveBeenCalledImmediatelyBefore(anotherSpy)
Also under the alias:
.toBeCalledImmediatelyBefore()
.toHaveBeenCalledOn(obj)
Also under the alias:
.toBeCalledOn()
.toHaveBeenCalledOnce()
Also under the alias:
.toBeCalledOnce()
.toHaveBeenCalledOnceWith(arg1, arg2, ...)
Also under the alias:
.toBeCalledOnceWith()
.toHaveBeenCalledOnceWithExactly(arg1, arg2, ...)
Also under the alias:
.toBeCalledOnceWithExactly()
.toHaveBeenCalledThrice()
Also under the alias:
.toBeCalledThrice()
.toHaveBeenCalledTwice()
Also under the alias:
.toBeCalledTwice()
.toHaveBeenCalledWith(arg1, arg2, ...)
Also under the alias:
.toBeCalledWith()
.toHaveBeenCalledWithExactly(arg1, arg2, ...)
Also under the alias:
.toBeCalledWithExactly()
.toHaveBeenCalledWithMatch(arg1, arg2, ...)
Also under the alias:
.toBeCalledWithMatch()
.toHaveBeenCalledWithNew()
Also under the alias:
.toBeCalledWithNew()
.toHaveCallCount(number)
Also under the alias:
.toHaveBeenCalledTimes()and.toBeCalledTimes()
.toHaveReturnedWith(obj)
Also under the alias:
.toReturnWith(),.toHaveReturned()and.toReturn()
.toHaveAlwaysReturnedWith(obj)
Also under the alias:
.toAlwaysReturnWith()
.toHaveThrown(error?)
Also under the alias:
.toHaveThrownError(),.toThrow(), and.toThrowError()
.toHaveAlwaysThrown(error?)
Also under the alias:
.toHaveAlwaysThrownError(),.toAlwaysThrow()and.toAlwaysThrowError()
For more information about what these do, you can visit Sinon.js.
Contributing
Pull requests for new features, bug fixes, and suggestions are welcome!
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/djkf/jest-sinon/node.js.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/djkf/jest-sinon/node.js.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/djkf/jest-sinon/npm-publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/djkf/jest-sinon/npm-publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/djkf/jest-sinon/npm-publish.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/djkf/jest-sinon/npm-publish.yml/main?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/node.js.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm-publish.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v1.0.4-beta.1 not signed: https://api.github.com/repos/djkf/jest-sinon/releases/24870548
- Warn: release artifact v1.0.3 not signed: https://api.github.com/repos/djkf/jest-sinon/releases/24594685
- Warn: release artifact v1.0.3-beta.1 not signed: https://api.github.com/repos/djkf/jest-sinon/releases/23859771
- Warn: release artifact v1.0.4-beta.1 does not have provenance: https://api.github.com/repos/djkf/jest-sinon/releases/24870548
- Warn: release artifact v1.0.3 does not have provenance: https://api.github.com/repos/djkf/jest-sinon/releases/24594685
- Warn: release artifact v1.0.3-beta.1 does not have provenance: https://api.github.com/repos/djkf/jest-sinon/releases/23859771
Reason
12 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-f9xv-q969-pqx4
Score
2.7
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More