JSPM

@kitiumai/npm-package-tester

3.1.1
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 37
  • Score
    100M100P100Q54895F
  • License MIT

AI-powered CLI testing tool for npm packages with Docker isolation, private package support, and automated test generation using Claude, GPT-4, Gemini

Package Exports

  • @kitiumai/npm-package-tester
  • @kitiumai/npm-package-tester/ai
  • @kitiumai/npm-package-tester/ai/library-scenario-generator
  • @kitiumai/npm-package-tester/ai/provider
  • @kitiumai/npm-package-tester/ai/scenario-generator
  • @kitiumai/npm-package-tester/analyzer
  • @kitiumai/npm-package-tester/docker
  • @kitiumai/npm-package-tester/domain
  • @kitiumai/npm-package-tester/formatter
  • @kitiumai/npm-package-tester/package.json
  • @kitiumai/npm-package-tester/runner
  • @kitiumai/npm-package-tester/utils

Readme

npm-package-tester

npm version License: MIT TypeScript Node.js Version PRs Welcome GitHub issues GitHub stars

๐Ÿงช Automatically test npm packages (CLI and libraries) by discovering their commands and exports, running them in isolated Docker environments

๐Ÿค– AI-Powered: Generate realistic test scenarios using Claude, GPT-4, Gemini, or Groq ๐Ÿ” Private Packages: Full support for private npm packages and custom registries โšก Fast & Reliable: Run tests in parallel across multiple Node versions ๐Ÿ“š Library Testing: Validate exported functions, classes, and utilities with automatic API testing


Table of Contents


The Problem

When you publish an npm package, you need to verify:

For CLI packages:

  • โœ… Does it install correctly?
  • โœ… Do all CLI commands work?
  • โœ… Does it work across different Node versions?
  • โœ… Does the --help flag work?
  • โœ… Does the --version flag work?
  • โœ… Does it run without crashing?

For library packages:

  • โœ… Can the package be imported correctly?
  • โœ… Do exported functions/classes work as expected?
  • โœ… Do all main APIs function properly?
  • โœ… Are exports correctly exposed?
  • โœ… Does it work across different Node versions?

Manual testing is tedious and error-prone. Testing scope expands exponentially with multiple Node versions.

The Solution

npm-package-tester automatically:

For CLI packages:

  1. ๐Ÿ“ฆ Analyzes your package.json to detect CLI commands (from bin field)
  2. ๐Ÿณ Creates fresh Docker containers with specified Node versions
  3. ๐Ÿ“ฅ Installs your package
  4. ๐Ÿงช Runs each CLI command with common flags (--help, --version, etc.)
  5. โœ… Reports which commands work and which don't

For library packages:

  1. ๐Ÿ“ฆ Analyzes your package.json to detect exports (main, exports, module fields)
  2. ๐Ÿณ Creates fresh Docker containers with specified Node versions
  3. ๐Ÿ“ฅ Installs your package
  4. ๐Ÿงช Tests package imports and API calls (with AI-powered scenario generation)
  5. โœ… Reports which exports work and validates their functionality

Features

CLI Testing:

  • ๐Ÿ” Auto-Discovery: Automatically detects all CLI commands from package.json bin field
  • ๐ŸŽฏ Smart Testing: Automatically tries --help, --version, and no-args
  • ๐Ÿค– AI-Powered Scenarios: Generate realistic test scenarios using Claude, GPT-4, Gemini, or Groq
  • ๐Ÿ“Š Custom Tests: Define your own test cases with setup and validation

Library Testing:

  • ๐Ÿ” Export Detection: Automatically detects and analyzes all exported functions, classes, and constants
  • ๐Ÿ“š Import Testing: Validates that exports can be imported and used correctly
  • ๐Ÿค– AI-Powered Library Tests: Generate realistic usage scenarios for library APIs
  • โœจ Type Support: Detects TypeScript type definitions and validates type compatibility

General Features:

  • ๐Ÿณ Docker Isolation: Tests run in isolated, clean environments
  • ๐Ÿ”„ Multi-Version: Test across Node 16, 18, 20, etc. simultaneously
  • โšก Parallel Testing: Run tests concurrently for speed
  • ๐Ÿ“Š Detailed Reports: Clear pass/fail results with complete test breakdown
  • ๐Ÿ” Private Packages: Full support for private npm packages with authentication
  • ๐Ÿ“ฆ Custom Registries: Works with private npm registries (npm, GitHub, GitLab, etc.)
  • ๐Ÿ›ก๏ธ Enterprise Governance: Policy gates for registries/base images and compliance add-ons (SBOM, audit, license checks)
  • ๐Ÿ’จ Lightweight: Minimal dependencies, fast execution

Quick Start

# Install globally
npm install -g npm-package-tester

# Test a package from npm
npt test eslint

# Test your local package
npt test ./my-package

# Test across multiple Node versions
npt test prettier --node 16,18,20

# AI-powered intelligent testing (generates realistic scenarios)
npt test env-type-generator --ai-provider anthropic --ai-token YOUR_API_KEY

# Use OpenAI instead
npt test my-package --ai-provider openai --ai-token YOUR_OPENAI_KEY

# Test private packages
npt test @your-org/private-package --npm-token YOUR_NPM_TOKEN

# Test from custom registry
npt test @company/package --npm-registry https://npm.company.com --npm-token YOUR_TOKEN

# Keep containers for debugging
npt test --keep-containers

Example Output

Default Testing

๐Ÿ“ฆ Package: eslint
   Version: 8.50.0

๐Ÿณ Node 20
  โœ“ eslint --help (125ms)
  โœ“ eslint --version (98ms)
  โœ“ eslint [no args] (102ms)

๐Ÿ“Š Summary
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
  Total: 3 tests
  Passed: 3
  Failed: 0
  Duration: 325ms

๐Ÿ“‹ Test Details
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

  ๐ŸŽฏ Default Tests
    โœ“ eslint --help (125ms)
    โœ“ eslint --version (98ms)
    โœ“ eslint (no args) (102ms)

โœ… All tests passed!

AI-Powered Testing

๐Ÿ“ฆ Package: env-type-generator
   Version: 1.0.0
   Auto-generate TypeScript types from .env files with zero config

๐Ÿณ Node 20
  โœ“ env-type-gen (1512ms)
  โœ“ env-type-gen (4871ms)
  โœ“ env-type-gen (1307ms)

๐Ÿ“Š Summary
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
  Total: 3 tests
  Passed: 3
  Failed: 0
  Duration: 7690ms

๐Ÿ“‹ Test Details
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

  ๐Ÿค– AI-Generated Tests
    โœ“ basic-type-generation (1512ms)
    โœ“ multiple-env-files-with-parsing -e .env .env.local -p (4871ms)
    โœ“ strict-mode-all-required -e .env.example -o ./types/env.d.ts (1307ms)

โœ… All tests passed!

Library Testing (Default)

When testing a library package without AI:

๐Ÿ“ฆ Package: lodash
   Version: 4.17.21
   JavaScript utility library

๐Ÿณ Node 20
  โœ“ import-default (102ms)
  โœ“ import-named (98ms)

๐Ÿ“Š Summary
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
  Total: 2 tests
  Passed: 2
  Failed: 0
  Duration: 200ms

๐Ÿ“‹ Test Details
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

  ๐Ÿ“š Library Tests
    ๐ŸŽฏ Default Tests
      โœ“ import-default (102ms)
      โœ“ import-named (98ms)

โœ… All tests passed!

Library Testing (AI-Powered)

When testing a library package with AI:

๐Ÿ“ฆ Package: axios
   Version: 1.4.0
   Promise based HTTP client for the browser and node.js

๐Ÿณ Node 20
  โœ“ basic-get-request (245ms)
  โœ“ post-with-data (312ms)
  โœ“ error-handling (198ms)

๐Ÿ“Š Summary
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
  Total: 3 tests
  Passed: 3
  Failed: 0
  Duration: 755ms

๐Ÿ“‹ Test Details
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€

  ๐Ÿ“š Library Tests
    ๐Ÿค– AI-Generated Tests
      โœ“ basic-get-request (245ms)
      โœ“ post-with-data (312ms)
      โœ“ error-handling (198ms)

โœ… All tests passed!

How It Works

1. Command Detection

// Reads package.json
{
  "name": "my-cli-tool",
  "bin": {
    "mycli": "./dist/cli.js",      // Primary command
    "my": "./dist/cli.js"           // Alias
  }
}

// Detects: mycli, my

2. Docker Environment

# Spins up for each Node version
FROM node:20-alpine
RUN npm install -g my-cli-tool
RUN mycli --help
RUN mycli --version

3. Smart Testing

For each command, automatically tests:

  • command --help (should show help)
  • command --version (should show version)
  • command (no args - should not crash)
  • Custom scenarios you define

Use Cases

1. Pre-Publish Validation

# Before publishing
npm run build
npt test .
npm publish

2. CI/CD Integration

# .github/workflows/test.yml
- name: Test CLI
  run: |
    npm install -g npm-package-tester
    npt test . --node 16,18,20

3. Testing Published Packages

# Verify your package works after publishing
npt test your-package-name@latest

4. Debugging Installation Issues

# Keep containers to inspect
npt test . --keep-containers
docker exec -it <container-id> sh

Configuration

Create .npmtestrc.json:

{
  "nodeVersions": ["16", "18", "20"],
  "parallel": true,
  "timeout": 30000,
  "baseImage": "node:20-alpine3.19",
  "policy": {
    "allowedRegistries": ["https://registry.npmjs.org"],
    "allowedNodeVersions": ["18", "20"]
  },
  "compliance": {
    "enabled": true,
    "sbom": true,
    "audit": true,
    "licenseCheck": true,
    "artifactDir": "/artifacts/security"
  },
  "customTests": [
    {
      "name": "Generate help",
      "command": "mycli generate --help",
      "expect": {
        "exitCode": 0,
        "stdout": "Usage:"
      }
    }
  ]
}

API Usage

import { testPackage } from 'npm-package-tester';

const results = await testPackage('eslint', {
  nodeVersions: ['20'],
  baseImage: 'node:20-bookworm',
  policy: { allowedRegistries: ['https://registry.npmjs.org'] },
  compliance: { audit: true, sbom: true },
  parallel: false,
});

console.log(`Passed: ${results.passed}/${results.total}`);

Tree-Shaking and Subpath Exports

The package is fully tree-shakable with granular subpath exports. Import only what you need:

// Import only specific modules - reduces bundle size
import { PackageAnalyzer } from '@kitiumai/npm-package-tester/analyzer';
import { TestRunner } from '@kitiumai/npm-package-tester/runner';
import { DockerManager } from '@kitiumai/npm-package-tester/docker';
import { ResultFormatter } from '@kitiumai/npm-package-tester/formatter';

// AI utilities (optional)
import { AIProvider } from '@kitiumai/npm-package-tester/ai/provider';
import { ScenarioGenerator } from '@kitiumai/npm-package-tester/ai/scenario-generator';

// Types only (zero runtime cost)
import type { PackageInfo, TestConfig } from '@kitiumai/npm-package-tester/domain';

// Full API (includes everything)
import { testPackage, analyzePackage } from '@kitiumai/npm-package-tester';

Available Subpath Exports:

  • @kitiumai/npm-package-tester - Main API with convenience functions
  • @kitiumai/npm-package-tester/domain - TypeScript types and interfaces
  • @kitiumai/npm-package-tester/analyzer - Package analysis utilities
  • @kitiumai/npm-package-tester/runner - Test execution engine
  • @kitiumai/npm-package-tester/docker - Docker container management
  • @kitiumai/npm-package-tester/formatter - Result formatting utilities
  • @kitiumai/npm-package-tester/ai - All AI utilities (barrel export)
  • @kitiumai/npm-package-tester/ai/provider - AI provider interface
  • @kitiumai/npm-package-tester/ai/scenario-generator - Scenario generation
  • @kitiumai/npm-package-tester/utils - Error utilities

Benefits:

  • โœ… Smaller bundles - Only import what you use
  • โœ… Faster builds - Modern bundlers can eliminate unused code
  • โœ… Better IDE autocomplete - Clearer import paths
  • โœ… Zero side effects - Safe for tree-shaking ("sideEffects": false)

CLI Options

Usage: npt test [options] <package>

Options:
  -n, --node <versions>        Node versions (comma-separated)
  -p, --parallel               Run tests in parallel
  -k, --keep-containers        Keep containers after test
  -t, --timeout <ms>           Timeout per test (default: 30000)
  --npm-token <token>          npm authentication token for private packages
  --npm-registry <url>         Custom npm registry URL
  --ai-provider <provider>     AI provider (anthropic, openai, google, groq)
  --ai-token <token>           AI API token/key
  --ai-model <model>           AI model name (optional, auto-detects best)
  --base-image <image>         Custom Docker base image (e.g., node:20-bookworm)
  --allowed-registry <url>     Enforce a single allowed registry (policy gate)
  --compliance-artifacts <dir> Directory to persist audit/SBOM artifacts
  --no-audit                   Disable vulnerability scanning
  --no-sbom                    Disable SBOM generation
  --no-license-check           Disable license checks
  --no-help                    Skip --help tests
  --no-version                 Skip --version tests
  -v, --verbose                Verbose output

Enterprise Compliance & Governance

  • Policy gates: Deny unapproved registries, enforce allowed Node versions/base images for deterministic builds.
  • SBOM generation: Lightweight dependency inventory via npm list --json (persist with --compliance-artifacts).
  • Security auditing: npm audit --json runs inside the isolated container so tokens never leave the sandbox.
  • License capture: Fetches the published license for the tested package for audit trails.

Example: locked-down registry and artifacts

npt test @your-scope/package \
  --allowed-registry https://registry.npmjs.org \
  --base-image node:20-bookworm \
  --compliance-artifacts /audit

The compliance report is written to /audit/compliance-report.json inside the container, alongside SBOM and audit findings.

AI-Powered Testing

Instead of just testing --help and --version, use AI to generate realistic test scenarios:

npt test env-type-generator --ai-provider anthropic --ai-token YOUR_TOKEN

The AI will:

  1. ๐Ÿ“– Analyze the package README and CLI help
  2. ๐Ÿง  Understand what the package does
  3. ๐ŸŽฏ Generate realistic test scenarios with:
    • Appropriate input files
    • Realistic command arguments
    • Expected output validation
  4. โœ… Validate file creation, content, and exit codes

Example AI-Generated Scenarios:

๐Ÿค– Generating test scenarios with AI...
โœจ Generated 4 AI test scenarios

๐Ÿณ Node 20
  โœ“ basic-env-file-generation (1400ms)
  โœ“ env-with-comments (1706ms)
  โœ“ nested-env-variables (5040ms)
  โœ“ strict-mode-with-custom-output (1517ms)

๐Ÿ“Š 4/4 tests passed โœ…

Supported AI Providers

Provider Model Setup
Anthropic Claude Sonnet 4.5 Get key from console.anthropic.com
OpenAI GPT-4o Get key from platform.openai.com
Google Gemini 2.0 Flash Get key from ai.google.dev
Groq Llama 3.3 70B Get key from console.groq.com

The best model for each provider is automatically selected.

Testing Private Packages

npm-package-tester fully supports private npm packages with authentication:

Using npm Token

# Test private package from npm registry
npt test @your-org/private-package --npm-token YOUR_NPM_TOKEN

# Get your npm token from ~/.npmrc or create one with:
# npm token create --read-only

Using Custom Registry

# Test from private registry (like Verdaccio, Artifactory, GitHub Packages)
npt test @company/package \
  --npm-registry https://npm.company.com \
  --npm-token YOUR_REGISTRY_TOKEN

How it Works

  1. The tool creates a .npmrc file in the Docker container
  2. Configures authentication with your token
  3. Installs the package securely
  4. Runs all tests normally

Security Note: Tokens are only used within isolated Docker containers and are not stored or logged.

Supported Registries

  • โœ… npm (private packages)
  • โœ… GitHub Packages
  • โœ… GitLab Package Registry
  • โœ… Verdaccio
  • โœ… JFrog Artifactory
  • โœ… Azure Artifacts
  • โœ… Any npm-compatible registry

Architecture

npm-package-tester
โ”œโ”€โ”€ PackageAnalyzer      # Reads package.json, detects commands
โ”œโ”€โ”€ CommandDetector      # Identifies CLI binaries
โ”œโ”€โ”€ DockerManager        # Creates/manages containers
โ”œโ”€โ”€ TestRunner           # Executes commands in containers
โ”œโ”€โ”€ ScenarioRunner       # Runs AI-generated test scenarios
โ”œโ”€โ”€ ScenarioGenerator    # Generates scenarios using AI
โ”œโ”€โ”€ AIProvider           # Multi-provider AI abstraction (Claude, GPT-4, Gemini, Groq)
โ”œโ”€โ”€ ResultFormatter      # Pretty output
โ””โ”€โ”€ CLI                  # User interface

Clean Architecture

  • Domain: Types, interfaces (no dependencies)
  • Application: Business logic (PackageAnalyzer, TestRunner, ScenarioRunner)
  • AI: AI providers and scenario generation
  • Infrastructure: Docker, file system (external concerns)
  • CLI: User interface (commander, chalk)

Requirements

  • Docker installed and running
  • Node.js >= 16
  • npm or yarn
  • (Optional) AI provider API key for intelligent test generation

Limitations

  • Docker Required: Requires Docker (no Windows native support yet, WSL2 works)
  • No Interactive Testing: Can't test interactive prompts automatically
  • Network-Dependent: Pulls Docker images on demand
  • AI Costs: AI features require API credits (optional, but recommended for best results)
  • Static Analysis: Export detection uses regex-based parsing, not full AST analysis

Roadmap

Completed โœ…

  • AI-powered test scenario generation
  • Multi-provider AI support (Anthropic, OpenAI, Google, Groq)
  • Library/Module Export Testing - Automatically detect and test npm package exports
  • Export API Analysis - Analyze exported functions, classes, and constants
  • AI Library Scenarios - Generate realistic library usage test patterns
  • CLI export detection and analysis

High Priority (Next)

  • Type Validation - Validate TypeScript type definitions and JSDoc comments
  • Enhanced Export Detection - Use AST parsing for more accurate export analysis
  • Custom Library Tests - Allow users to define custom library test scenarios
  • Performance Benchmarking - Test and report library function performance

Future Enhancements

  • Support testing interactive CLIs
  • Cloud runners (no local Docker needed)
  • Screenshot/visual testing for TUI apps
  • Windows native support (WSL2 improvements)
  • Custom Docker images
  • CI/CD badges and GitHub Actions integration
  • Historical test tracking and trend analysis
  • Podman support (Docker alternative)
  • Local execution mode (without Docker)
  • Snapshot testing for library output

Contributing

We welcome contributions! Here's how you can help:

Ways to Contribute

  • ๐Ÿ› Report Bugs: Create a bug report
  • ๐Ÿ’ก Suggest Features: Request a feature
  • ๐Ÿ“ Improve Documentation: Fix typos, add examples, clarify instructions
  • ๐Ÿงช Add Tests: Increase test coverage
  • ๐Ÿ”ง Fix Issues: Check out good first issues

Development Setup

# Clone the repository
git clone https://github.com/kitium-ai/npm-package-tester.git
cd npm-package-tester

# Install dependencies
npm install

# Build the project
npm run build

# Run tests
npm test

# Run linting
npm run lint

Guidelines

  • Follow the existing code style
  • Write tests for new features
  • Update documentation as needed
  • Ensure all tests pass before submitting PR
  • Keep PRs focused on a single feature or bug fix

Code of Conduct

Be respectful, inclusive, and constructive. We're all here to learn and build great tools together!

License

MIT ยฉ Ashish Yadav

Support


Made with โค๏ธ for npm package authors

โญ Star us on GitHub if you find this useful!