You might want to consult some security best practices about building docker images, as a reference: https://snyk.io/blog/10-docker-image-security-best-practices/
One of the items is about using the built-in node user to own the source files and spawn as the Node.js process. There are other mentions of good practices to follow as well.
Agree with all of that. I would say that getting everyone on board to join you on this effort and having teams open to collaboration and prioritize it high for them (because they understand the importance) is key to making this work.
Like with everything else you can’t really “force” developers/teams to write tests and you…
That’s a good question. No, never. The point with using the Pact framework and CDC is to completely de-couple the Consumer and the Provider. Neither of them is ever required in the other.
A verify() call will just evaluate with the local Pact mock service that all the expectations were set correctly.
Thanks for the snyk mention Alberto!
FYI that Node’s VM module is not a security sandbox and globals and variables passing to it can manipulate external state and objects.
Hope you’re snyked-care-of and would be happy to hear how is it going for you and if there’s any feedback you’d like to pass on.
p.s goodluck with LogRocket!
Oh thanks for letting me know, I’ll update the article.
The correct link is: https://www.linkedin.com/pulse/wiring-up-avajs-integration-tests-express-gulp-supertest-liran-tal/
Thanks for sharing the post. However, sadly as it is, prettier-standard doesn’t lint errors but only formats them, so it doesn’t marry all of the functionality of standard into prettier-standard. For example, if you have unused variables then while with standard it would complain, with prettier-standard nothing will…
I’m the author for npq (https://github.com/lirantal/npq), an Open Source Node.js module that essentially does everything that Kat had mentioned here and it’s been out for almost a year.
I’ll be more than happy for any feedback and contributors interesting in joining the project to further…