Gathering detailed insights and metrics for sinon-test
Gathering detailed insights and metrics for sinon-test
Installations
npm install sinon-testDeveloper Guide
BETA
Typescript
No
Module System
CommonJS, UMD
Node Version
20.5.0
NPM Version
9.8.0
Score
95.6
Supply Chain
99
Quality
81.3
Maintenance
100
Vulnerability
99.6
License
Releases
Unable to fetch releases
Contributors
20
Unable to fetch Contributors
Languages
2
JavaScript
Shell
JavaScript (96.75%)
Shell (3.25%)
Developer
sinonjs
Download Statistics
Total Downloads
8,299,870
Last Day
5,508
Last Week
21,300
Last Month
103,428
Last Year
1,205,654
GitHub Statistics
51 Stars
288 Commits
16 Forks
8 Watching
9 Branches
20 Contributors
Bundle Size
1.99 kB
Minified
926.00 B
Minified + Gzipped
Maintainers
4
Package Meta Information
Latest Version
3.1.6
Package Id
sinon-test@3.1.6
Unpacked Size
24.27 kB
Size
5.93 kB
File Count
10
NPM Version
9.8.0
Node Version
20.5.0
Publised On
15 May 2024
Total Downloads
Cumulative downloads
Total Downloads
8,299,870
Last day
-24.2%
5,508
Compared to previous day
Last week
-14.4%
21,300
Compared to previous week
Last month
20.7%
103,428
Compared to previous month
Last year
-1.7%
1,205,654
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Sinon Test
Automatic sandbox setup and teardown for SinonJS
Why?
Instead of writing tedious setup and teardown code for each individual test case you can let Sinon do all the cleanup for you.
So instead of doing this (using Mocha syntax):
1var spy1; 2var spy2; 3 4afterEach(() => { 5 spy1.restore(); 6 spy2.restore(); 7}); 8 9it("should do something", () => { 10 spy1 = sinon.spy(myFunc); 11 spy2 = sinon.spy(myOtherFunc); 12 myFunc(1); 13 myFunc(2); 14 assert(spy1.calledWith(1)); 15 assert(spy1.calledWith(2)); 16});
You could write just this
1it( 2 "should do something", 3 test(function () { 4 var spy1 = this.spy(myFunc); 5 var spy2 = this.spy(myOtherFunc); 6 myFunc(1); 7 myFunc(2); 8 assert(spy1.calledWith(1)); 9 assert(spy1.calledWith(2)); 10 }) 11); //auto-cleanup
Sinon will take care of removing all the spies and stubs
from the wrapped functions for you. It does this by using
sinon.sandbox internally.
Do notice that we use a function and not a arrow function (ES2015)
when wrapping the test with sinon.test as it needs
to be able to access the this pointer used inside
of the function, which using an arrow function would prevent.
See the Usage section for more details.
Installation
via npm (node package manager)
$ npm install sinon-test
Usage
Node and CommonJS build systems
Once initialized, the package creates a context for your test based on a sinon sandbox.
You can use this in a wrapped test function to create sinon spies, stubs, etc.
After your test completes, the sandbox restores anything modified to its original value.
If your test function takes any arguments, pass then to the test wrapper
after the test function. If the last argument is a function, it is assumed to be a callback
for an asynchronous test. The test function may also return a promise.
See the sinon documentation for more documentation on sandboxes.
sinon-test instances need to be configured with a sinon instance (version 2+)
before they can be used.
1var sinon = require("sinon"); 2var sinonTest = require("sinon-test"); 3var test = sinonTest(sinon); 4var assert = require("assert"); 5 6describe("my function", function () { 7 var myFunc = require("./my-func"); 8 9 it( 10 "should do something", 11 test(function () { 12 var spy = this.spy(myFunc); 13 myFunc(1); 14 assert(spy.calledWith(1)); 15 }) 16 ); //auto-cleanup 17});
Direct browser usage
In place of the require statements indicated above, in the
browser, you should simply reference the global sinonTest after
including a script tag in your HTML:
1<script src="dist/sinon-test.js"></script>
Or if you are in an ES6 Modules environment (modern browsers only), you only need to add an import statement:
1<script type="module"> 2 import sinon from "./node_modules/sinon/pkg/sinon-esm.js"; 3 import sinonTest from "./node_modules/sinon-test/dist/sinon-test-es.js"; 4 const test = sinonTest(sinon); 5 6 it( 7 "should work", 8 test(function () { 9 pass(); 10 }) 11 ); 12</script>
API
1const test = require("sinon-test")(sinon);
In order to configure the sandbox that is created, a configuration hash can be passed as a 2nd argument to sinonTest:
1const test = require("sinon-test")(sinon, { useFakeTimers: false });
The only difference to the standard configuration object for Sinon's sandbox is the addition of the injectIntoThis property, which is used to inject the sandbox' props into the context object (this).
Backwards compatibility
Sinon 1.x used to ship with this functionality built-in, exposed as sinon.test(). You can keep all your existing test code by configuring an instance of sinon-test, as done above, and then assigning it to sinon like this in your tests:
1sinon.test = test;
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:6
- Info: no jobLevel write permissions found
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sinonjs/sinon-test/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: test-repos/do-test.sh:41
- Warn: downloadThenRun not pinned by hash: .github/workflows/main.yml:79
- Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
- Info: 4 out of 5 npmCommand dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
Reason
Found 0/26 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 7 are checked with a SAST tool
Reason
22 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-2j2x-2gpw-g8fm
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-f9xv-q969-pqx4
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
3.9
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More