Installations
npm install stubsyDeveloper Guide
Typescript
Yes
Module System
CommonJS
Node Version
20.18.0
NPM Version
10.8.2
Releases
Contributors
Languages
TypeScript (95.87%)
JavaScript (3.26%)
HTML (0.57%)
Shell (0.3%)
Developer
MkMan
Download Statistics
Total Downloads
18,615
Last Day
2
Last Week
3
Last Month
14
Last Year
365
GitHub Statistics
4 Stars
88 Commits
1 Forks
3 Watching
6 Branches
3 Contributors
Maintainers
Package Meta Information
Latest Version
1.3.4
Package Id
stubsy@1.3.4
Unpacked Size
544.89 kB
Size
153.52 kB
File Count
13
NPM Version
10.8.2
Node Version
20.18.0
Publised On
19 Oct 2024
Total Downloads
Cumulative downloads
Total Downloads
18,615
Last day
0%
2
Compared to previous day
Last week
0%
3
Compared to previous week
Last month
-86.9%
14
Compared to previous month
Last year
-96.8%
365
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
43
Stubsy
Stubsy is a Node server built using Express. Its main goal is to allow
developers to easily set up the server but more importantly change its
behaviour after launch. This can be useful to test how the UI behaves
when an endpoint's response is 404 instead 200 for example.
Stubsy ships with a UI to show the set up of the server and allow changing endpoint's behaviour.
Installation
1npm install --save-dev stubsy
Usage
Definitions
Endpoint
An Endpoint is REST endpoint, that is set up with a default
behaviour. An endpoint's behaviour is defined as follows.
1type EndpointBehaviour = { 2 path: string; // the route at which the endpoint is accessed 3 responseBody: unknown; 4 status: number; 5 type: 'get' | 'post' | 'put' | 'delete' | 'patch'; 6 delay?: number; 7};
Note: the path field can be any valid
Express path.
Override
An Override is an overriding behaviour for an Endpoint to alter its
response. The override behaviour is defined as follows. The path and
type of the endpoint cannot be changed in an Override.
1type OverrideBehaviour = { 2 responseBody: unknown; 3 status: number; 4 delay?: number; 5};
API
new Stubsy(portNumber)
Creates an instance of Stubsy.
portNumber<Number>: the port for the server to run on
stubsy.app
The underlying Express app. Use this instance variable to add more endpoints if needed and to start the server.
stubsy.registerEndpoint(endpointId, endpointBehaviour)
Registers endpoints to be accessed on the server.
endpointId<String> required: a unique identifier for the endpointendpointBehaviour<EndpointBehaviour> required: the endpoint's behaviour
stubsy.registerOverride(endpointId, overrideId, overrideBehaviour)
Registers override behaviour for a previously defined endpoint.
endpointId<String> required: the id of the endpoint to register an override foroverrideId<String> required: a unique identifier for the overrideoverrideBehaviour<OverrideBehaviour> required: the override's behaviour
stubsy.activateOverride(endpointId, overrideId)
Activates the specified override on the endpoint.
endpointId<String> required: the id of the endpoint to activate the override onoverrideId<String>: the id of the override to activate. If omitted restores the override to the default behaviour.
stubsy.start()
stubsy.start()Starts the server on the port number specified.
Example
1// server.js 2import { Stubsy } from 'stubsy'; 3 4const stubsyPortNumber = 3000; 5const stubsy = new Stubsy(); 6 7stubsy.registerEndpoint('films', { 8 path: '/films', 9 status: 200, 10 type: 'get', 11 responseBody: [{ title: 'Inception' }, { title: 'Tenet' }], 12}); 13 14stubsy.registerOverride('films', 'error', { status: 404, responseBody: {} }); 15stubsy.registerOverride('films', 'outage', { status: 500, responseBody: {} }); 16 17stubsy.activateOverride('films', 'outage'); 18 19stubsy.app.listen(stubsyPortNumber);
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/main.yml:9
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 8 commits out of 14 are checked with a SAST tool
Reason
6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Reason
Found 0/23 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:26
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:27
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/MkMan/stubsy/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/MkMan/stubsy/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/MkMan/stubsy/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/MkMan/stubsy/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/MkMan/stubsy/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/MkMan/stubsy/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/MkMan/stubsy/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/MkMan/stubsy/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/MkMan/stubsy/main.yml/main?enable=pin
- Warn: downloadThenRun not pinned by hash: .github/workflows/main.yml:66
- Warn: downloadThenRun not pinned by hash: .github/workflows/main.yml:68
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 downloadThenRun dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v1.2.4 not signed: https://api.github.com/repos/MkMan/stubsy/releases/61944501
- Warn: release artifact v1.2.3 not signed: https://api.github.com/repos/MkMan/stubsy/releases/56871205
- Warn: release artifact v1.2.2 not signed: https://api.github.com/repos/MkMan/stubsy/releases/56429526
- Warn: release artifact v1.2.1 not signed: https://api.github.com/repos/MkMan/stubsy/releases/45416880
- Warn: release artifact v1.2.0 not signed: https://api.github.com/repos/MkMan/stubsy/releases/45091973
- Warn: release artifact v1.2.4 does not have provenance: https://api.github.com/repos/MkMan/stubsy/releases/61944501
- Warn: release artifact v1.2.3 does not have provenance: https://api.github.com/repos/MkMan/stubsy/releases/56871205
- Warn: release artifact v1.2.2 does not have provenance: https://api.github.com/repos/MkMan/stubsy/releases/56429526
- Warn: release artifact v1.2.1 does not have provenance: https://api.github.com/repos/MkMan/stubsy/releases/45416880
- Warn: release artifact v1.2.0 does not have provenance: https://api.github.com/repos/MkMan/stubsy/releases/45091973
Reason
24 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-f9xv-q969-pqx4
Score
3.6
/10
Last Scanned on 2024-12-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More