Front-End App: Scan & Instrument

The SeaLights Node.js agent can be used to scan and test the Front-end code as well.

See 'Generating an Agent token' for instructions on how to generate a token prior to executing the commands.

See Generating a session ID for instructions on how to generate a session ID

Prerequisites

In case your front-end Javascript application is minified and/or uglified as part of its build process, you’ll need to ensure the Source Map files (*.js.map) are available to the Sealights agent inside the application folder - next to the application’s JS files -, pointing to the right source folder and including column information (also known as column-mapping). This will allow the Sealights agent to retrieve the real names of your methods from your source code and not their “obfuscated” version. Please refer to the following page for more information: Javascript & Node.js Source Map Files.

Scanning and Instrumentation

First, the front-end code must be scanned and instrumented to provide the needed information to the SeaLights server.

npx slnodejs scan --tokenfile /path/to/sltoken.txt --buildsessionidfile buildSessionId [--labid <Lab ID>] --instrumentForBrowsers --workspacepath dist --outputpath sl_dist --scm git --es6Modules

  • For React applications you should add the flag: --babylonPlugins jsx

  • Most scans should include the following flags:

    • --failbuild true (if scan fails, then it will throw an error that will allow the pipeline to fail, rather than fail silently)

    • --sourceHash true (to link runtime code to source code despite if post-compilation positional differences)

    • --autoResolveProjectRoot true (Automatically detects the correct project root in dynamic build environments (like Azure DevOps).)

  • For "JavaScript heap out of memory" errors while running scan, see: NodeJS - JavaScript heap out of memory

  • In order to ignore specific files or folders during the Scan operation, please refer to Ignoring Files or Folders

This will generate a new folder ('sl_dist' in the command above) with the instrumented code: a few Sealights-specific API calls will be added to your JS file to report coverage dynamically as illustrated in the picture below. The content of this Sealights' generated folder needs to be deployed instead of your original code - on the application server - for the client browser to work against during your testing stages, but not in your production environment.

Note that if Sealights inline scripts are being blocked by CSP (Content-Security-Policy) headers then our dashboard will need to be whitelisted. See Content-Security-Policy (CSP) Header Quick Reference as a good resource to how to handle this In some cases, its possible to add a meta tag to do this as well, see: Content-Security-Policy Meta http-equiv Example

See Scanning a build for full parameter details

Front-end application as part of an Integration Build

If you are reporting a front-end application as part of an integration build, you'll need to add the -labid <string> parameter to your command and ensure the value used is the same across all the components.

For more details, please refer to Integration Build

Running tests

Running the tests is done the same as when running Unit or function tests; just here between the start and end steps you run your Front-end tests - See Running Tests

Last updated

Was this helpful?