Technology Evaluation - Mocking library

From wiki.gpii
Jump to: navigation, search

Introduction

In the work to secure /untrusted-settings endpoint, a node.js mocking library is needed to mock up the responses from GPII cloud.

Requirements

The requirements of the mocking library is collected at this discussion:

  1. Must be able to support the mocking of responses for node.js http requests implemented via http.request
  2. Nice to support the mocking of responses for browser http requests
  3. Nice to support the mocking of responses for web socket requests
  4. Nice to support to support for redirects, where an initial request is replied to with a 301 status and the headers indicating the new location, and where a secondary request is presumed to be immediately conducted against the new location.

Note that our immediate requirement is to be able to mockup responses for http requests that are sent and implemented via node.js http.request. Other requirements might be needed in the future but not for the current work.

Candidate Comparison

Solution Node Browser Web Sockets Redirects Vulnerabilities Community Notes
Nock Yes No No No No vulnerabilities at time of writing Reasonably sized community. Frequent releases every 8 days.
Sinon No Yes No No No vulnerabilities at time of writing Reasonably sized community. Frequent releases every month. Justin's use of its stubs feature in fluid-publish tests: https://github.com/fluid-project/fluid-publish/blob/master/tests/publishTests.js#L185

Although Sinon claims its major features are supported on node.js, the experiment shows it at least doesn't support mocking http responses on node: sinon fake server doesn't respond to http requests sent via http.request() and https.request(). This issue report at sinon github confirms this finding. As a reply and solution to this issue, sinon's author recommends to use Nock for this feature.

Mock Socket No No Yes No No vulnerabilities at time of writing Reasonably sized community. Young (3 years old). No active development in the past 3 months.
mockserver Yes No No No Vulnerability is not tracked at snyk.io. Small and inactive community. No active development in the past 5 months Can start a mock server via command lines or from within node code.

Conclusion

Only Nock meets our immediate requirement of mocking up responses for node.js requests.