Gathering detailed insights and metrics for supertest-session
Gathering detailed insights and metrics for supertest-session
Installations
npm install supertest-sessionDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
20.4.0
NPM Version
9.7.2
Releases
Unable to fetch releases
Languages
1
JavaScript
JavaScript (100%)
Developer
rjz
Download Statistics
Total Downloads
6,123,079
Last Day
855
Last Week
25,383
Last Month
103,397
Last Year
1,113,363
GitHub Statistics
NOASSERTION License
88 Stars
124 Commits
21 Forks
6 Watchers
10 Branches
9 Contributors
Updated on Jul 01, 2025
Bundle Size
6.45 kB
Minified
2.49 kB
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
5.0.1
Package Id
supertest-session@5.0.1
Unpacked Size
13.37 kB
Size
5.01 kB
File Count
12
NPM Version
9.7.2
Node Version
20.4.0
Published on
Aug 01, 2023
Total Downloads
Cumulative downloads
Total Downloads
6,123,079
Last Day
-44.8%
855
Compared to previous day
Last Week
-4.6%
25,383
Compared to previous week
Last Month
-5.4%
103,397
Compared to previous month
Last Year
-0.5%
1,113,363
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Supertest sessions
Session wrapper around supertest.
References:
- https://gist.github.com/joaoneto/5152248
- https://github.com/visionmedia/supertest/issues/46
- https://github.com/visionmedia/supertest/issues/26
Installation
$ npm install --save-dev supertest supertest-session
Test
$ npm test
Usage
Require supertest-session and pass in the test application:
1var session = require('supertest-session'); 2var myApp = require('../../path/to/app'); 3 4var testSession = null; 5 6beforeEach(function () { 7 testSession = session(myApp); 8});
And set some expectations:
1it('should fail accessing a restricted page', function (done) { 2 testSession.get('/restricted') 3 .expect(401) 4 .end(done) 5}); 6 7it('should sign in', function (done) { 8 testSession.post('/signin') 9 .send({ username: 'foo', password: 'password' }) 10 .expect(200) 11 .end(done); 12});
You can set preconditions:
1describe('after authenticating session', function () { 2 3 var authenticatedSession; 4 5 beforeEach(function (done) { 6 testSession.post('/signin') 7 .send({ username: 'foo', password: 'password' }) 8 .expect(200) 9 .end(function (err) { 10 if (err) return done(err); 11 authenticatedSession = testSession; 12 return done(); 13 }); 14 }); 15 16 it('should get a restricted page', function (done) { 17 authenticatedSession.get('/restricted') 18 .expect(200) 19 .end(done) 20 }); 21 22}); 23
Accessing cookies
The cookies attached to the session may be retrieved from session.cookies:
1var sessionCookie = testSession.cookies.find(function (cookie) { 2 return cookie.name === connect.sid; 3});
If you're using
Request hooks
By default, supertest-session authenticates using session cookies. If your app
uses a custom strategy to restore sessions, you can provide before and after
hooks to adjust the request and inspect the response:
1var testSession = session(myApp, { 2 before: function (req) { 3 req.set('authorization', 'Basic aGVsbG86d29ybGQK'); 4 } 5});
Cookie Jar Access Options
By default supertest-session will derive the CookieAccessInfo config of the cookie jar from the agent configuration. There might be cases where you want to override this, e.g. if you're testing a service which is configured to run behind a proxy but which sets secure cookies. To have supertest-session expose these secure cookies you can provide an override config to the internal call to CookieAccessInfo:
1var cookieAccess = { 2 domain: 'example.com', 3 path: '/testpath', 4 secure: true, 5 script: true, 6}; 7var testSession = session(myApp, { cookieAccess: cookieAccess });
By default the underlying supertest agent will still determine the CookieAccessInfo from the URL.
If you want supertest-session to instead send cookies according to this cookieAccess config you
can make use of the before hook:
1var cookieAccess = { 2 domain: 'example.com', 3 path: '/testpath', 4 secure: true, 5 script: true, 6}; 7var testSession = session(myApp, { 8 cookieAccess: cookieAccess, 9 before: function (req) { 10 req.cookies = this.cookies.toValueString(); 11 }, 12});
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 4/16 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/rjz/supertest-session/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/rjz/supertest-session/test.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:25
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 21 are checked with a SAST tool
Reason
15 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Score
2.9
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More