jest-native icon indicating copy to clipboard operation
jest-native copied to clipboard
verified publisher icon testing-library

Replace Chalk with Colorette; fix to-have-style to use named red import

Open h-labushkina opened this issue 2 months ago • 1 comments

What:

Replace Chalk with Colorette; fix to-have-style to use named red import

Why: Security/supply-chain risk: Chalk has had ecosystem concerns and frequent transitive dependency changes. To reduce exposure, we removed Chalk and opted for a simpler library with fewer moving parts. Size and performance: Chalk is feature-rich but heavier. Colorette is tiny, dependency-free, and fast. Switching trims our dependency tree and improves startup/formatting overhead in test runs.

How:

  • Removed malicious dependency chalk due to security concerns.
  • Switched to colorette and updated to-have-style to import red as a named export.
  • Adjusted expectedDiff to strip the “+ Received” annotation using red('+ Received'). ## Security:
  • Chalk removal mitigates risk from supply-chain compromise. Consider auditing the lockfile and running npm audit.

Checklist:

  • [x] Documentation added to the docs
  • [x] Typescript definitions updated
  • [x] Tests
  • [x] Ready to be merged

h-labushkina avatar Nov 26 '25 22:11 h-labushkina

This library is deprecated. Pls migrate to RN Testing Library built in matchers.

mdjastrzebski avatar Nov 27 '25 10:11 mdjastrzebski