← Home

mocha

npm Repository Homepage

simple, flexible, fun test framework

7
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

voxpellijoshuakgoldbergmark-wiemer

Keywords

mochatestbddtddtaptestingchaiassertionavajesttapejasminekarma

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): joshuakgoldberg is a known mocha maintainer; legitimate transition within the mochajs org. ai
semgrep semgrep:child-process-import AI (semgrep): Mocha's CLI spawns child processes to run tests with node options — core functionality. ai
provenance no-provenance AI (provenance): Informational only; mocha is a well-established package with verified maintainers. ai
semgrep semgrep:env-spread AI (semgrep): Standard pattern for passing env to child worker processes in mocha's parallel execution; present since parallel support was added. ai
semgrep semgrep:dynamic-require AI (semgrep): Mocha is a test runner that dynamically loads configs, test files, reporters, and interfaces by design. ai
semgrep semgrep:eval-usage AI (semgrep): Deserializes options from mocha's own serialize-javascript output in worker IPC; not user-controlled input. ai

Versions (showing 7 of 207)

Show 11 prereleases
Version Deps Published
0.0.7 1 / 1
0.0.6 1 / 1
0.0.5 1 / 1
0.0.4 1 / 1
0.0.3 1 / 1
0.0.2 1 / 1
0.0.1 1 / 1