test express dependency tree

[mcollina]

Forked from nodejs/node#24586 (comment).

For the CTIGM: after I tracked this down, I noticed the ultimate issue is that lots of Express's dependencies are missing from the CITGM. Express's direct test suite doesn't re-test everything that each of it's dependencies are responsible for: it makes the assumption that by using a given dependency, it is getting the behavior that the dependency promises without needed to copy that dependency's entire test suite into it's own. This may be a missing on the CITGM process, though.

It seems we are lacking quite a bit of testing.

cc @dougwilson

[targos]

Current list of express' direct dependencies:

{ accepts: '~1.3.5',
  'array-flatten': '1.1.1',
  'body-parser': '1.18.3',
  'content-disposition': '0.5.2',
  'content-type': '~1.0.4',
  cookie: '0.3.1',
  'cookie-signature': '1.0.6',
  debug: '2.6.9',
  depd: '~1.1.2',
  encodeurl: '~1.0.2',
  'escape-html': '~1.0.3',
  etag: '~1.8.1',
  finalhandler: '1.1.1',
  fresh: '0.5.2',
  'merge-descriptors': '1.0.1',
  methods: '~1.1.2',
  'on-finished': '~2.3.0',
  parseurl: '~1.3.2',
  'path-to-regexp': '0.1.7',
  'proxy-addr': '~2.0.4',
  qs: '6.5.2',
  'range-parser': '~1.2.0',
  'safe-buffer': '5.1.2',
  send: '0.16.2',
  'serve-static': '1.13.2',
  setprototypeof: '1.1.0',
  statuses: '~1.4.0',
  'type-is': '~1.6.16',
  'utils-merge': '1.0.1',
  vary: '~1.1.2' }

Currently tested in citgm:

• body-parser (latest=1.18.3)
• path-to-regexp (latest=2.4.0)

[targos]

I already have an open PR for debug in #626

[targos]

citgm results on all dependencies with Node.js 11.3.0

info:    starting            | accepts
info:    lookup              | accepts
info:    lookup-notfound     | accepts
info:    lookup-githead      | https://github.com/jshttp/accepts/archive/c38d0e968cdc1526f7cc7a718977ee76655c84f5.tar.gz
info:    accepts npm:        | Downloading project: https://github.com/jshttp/accepts/archive/c38d0e968cdc1526f7cc7a718977ee76655c84f5.tar.gz
info:    accepts npm:        | Project downloaded accepts-1.3.5.tgz
info:    accepts npm:        | npm install started
warn:    accepts npm-install:| npm
warn:    accepts npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    accepts npm-install:| npm WARN
warn:    accepts npm-install:| deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    accepts npm-install:| npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    accepts npm-install:| npm
warn:    accepts npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
warn:    accepts npm-install:| npm WARN ajv-keywords@3.2.0 requires a peer of ajv@^6.0.0 but none is installed. You must install peer dependencies yourself.
info:    accepts npm:        | npm install successfully completed
info:    accepts npm:        | test suite started
info:    passing module(s)   |
info:    module name:        | accepts
info:    version:            | 1.3.5
info:    done                | The smoke test has passed.
info:    duration            | test duration: 7496ms
info:    starting            | array-flatten
info:    lookup              | array-flatten
info:    lookup-notfound     | array-flatten
info:    lookup-githead      | https://github.com/blakeembrey/array-flatten/archive/b5619025bfb5d624fc2106ec81f9fdecf5419e04.tar.gz
info:    array-flatten npm:  | Downloading project: https://github.com/blakeembrey/array-flatten/archive/b5619025bfb5d624fc2106ec81f9fdecf5419e04.tar.gz
info:    array-flatten npm:  | Project downloaded array-flatten-2.1.1.tgz
info:    array-flatten npm:  | npm install started
warn:    array-flatten npm-install:| npm notice
warn:    array-flatten npm-install:| created a lockfile as package-lock.json. You should commit this file.
info:    array-flatten npm:  | npm install successfully completed
info:    array-flatten npm:  | test suite started
info:    passing module(s)   |
info:    module name:        | array-flatten
info:    version:            | 2.1.1
info:    done                | The smoke test has passed.
info:    duration            | test duration: 9081ms
info:    starting            | body-parser
info:    lookup              | body-parser
info:    lookup-found        | body-parser
info:    body-parser lookup-replace| https://github.com/expressjs/body-parser/archive/e6ccf98015fece0851c0c673fc2776c30ad79e5d.tar.gz
info:    body-parser npm:    | Downloading project: https://github.com/expressjs/body-parser/archive/e6ccf98015fece0851c0c673fc2776c30ad79e5d.tar.gz
info:    body-parser npm:    | Project downloaded body-parser-1.18.3.tgz
info:    body-parser npm:    | npm install started
warn:    body-parser npm-install:| npm WARN
warn:    body-parser npm-install:| deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    body-parser npm-install:| npm WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead.
warn:    body-parser npm-install:| npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    body-parser npm-install:| npm
warn:    body-parser npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
info:    body-parser npm:    | npm install successfully completed
info:    body-parser npm:    | test suite started
info:    passing module(s)   |
info:    module name:        | body-parser
info:    version:            | 1.18.3
info:    done                | The smoke test has passed.
info:    duration            | test duration: 7322ms
info:    starting            | content-disposition
info:    lookup              | content-disposition
info:    lookup-notfound     | content-disposition
info:    lookup-githead      | https://github.com/jshttp/content-disposition/archive/2a08417377cf55678c9f870b305f3c6c088920f3.tar.gz
info:    content-disposition npm:| Downloading project: https://github.com/jshttp/content-disposition/archive/2a08417377cf55678c9f870b305f3c6c088920f3.tar.gz
info:    content-disposition npm:| Project downloaded content-disposition-0.5.2.tgz
info:    content-disposition npm:| npm install started
warn:    content-disposition npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    content-disposition npm-install:| npm
warn:    content-disposition npm-install:| WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    content-disposition npm-install:| npm WARN
warn:    content-disposition npm-install:| deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    content-disposition npm-install:| npm
warn:    content-disposition npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
info:    content-disposition npm:| npm install successfully completed
info:    content-disposition npm:| test suite started
info:    passing module(s)   |
info:    module name:        | content-disposition
info:    version:            | 0.5.2
info:    done                | The smoke test has passed.
info:    duration            | test duration: 6018ms
info:    starting            | content-type
info:    lookup              | content-type
info:    lookup-notfound     | content-type
info:    lookup-githead      | https://github.com/jshttp/content-type/archive/d22f8ac6c407789c906bd6fed137efde8f772b09.tar.gz
info:    content-type npm:   | Downloading project: https://github.com/jshttp/content-type/archive/d22f8ac6c407789c906bd6fed137efde8f772b09.tar.gz
info:    content-type npm:   | Project downloaded content-type-1.0.4.tgz
info:    content-type npm:   | npm install started
warn:    content-type npm-install:| npm
warn:    content-type npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    content-type npm-install:| npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    content-type npm-install:| npm WARN
warn:    content-type npm-install:| deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    content-type npm-install:| npm
warn:    content-type npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
info:    content-type npm:   | npm install successfully completed
info:    content-type npm:   | test suite started
info:    passing module(s)   |
info:    module name:        | content-type
info:    version:            | 1.0.4
info:    done                | The smoke test has passed.
info:    duration            | test duration: 6673ms
info:    starting            | cookie
info:    lookup              | cookie
info:    lookup-notfound     | cookie
info:    lookup-githead      | https://github.com/jshttp/cookie/archive/e3c77d497d66c8b8d4b677b8954c1b192a09f0b3.tar.gz
info:    cookie npm:         | Downloading project: https://github.com/jshttp/cookie/archive/e3c77d497d66c8b8d4b677b8954c1b192a09f0b3.tar.gz
info:    cookie npm:         | Project downloaded cookie-0.3.1.tgz
info:    cookie npm:         | npm install started
warn:    cookie npm-install: | npm
warn:    cookie npm-install: | WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    cookie npm-install: | npm
warn:    cookie npm-install: | WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    cookie npm-install: | npm
warn:    cookie npm-install: | WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    cookie npm-install: | npm
warn:    cookie npm-install: | WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    cookie npm-install: | npm notice created a lockfile as package-lock.json. You should commit this file.
info:    cookie npm:         | npm install successfully completed
info:    cookie npm:         | test suite started
info:    passing module(s)   |
info:    module name:        | cookie
info:    version:            | 0.3.1
info:    done                | The smoke test has passed.
info:    duration            | test duration: 5105ms
info:    starting            | cookie-signature
info:    lookup              | cookie-signature
info:    lookup-notfound     | cookie-signature
info:    lookup-githead      | https://github.com/visionmedia/node-cookie-signature/archive/1e5f40d6c1f631a7fa43992e82918c1d78dbdb89.tar.gz
info:    cookie-signature npm:| Downloading project: https://github.com/visionmedia/node-cookie-signature/archive/1e5f40d6c1f631a7fa43992e82918c1d78dbdb89.tar.gz
info:    cookie-signature npm:| Project downloaded cookie-signature-1.1.0.tgz
info:    cookie-signature npm:| npm install started
warn:    cookie-signature npm-install:| npm notice
warn:    cookie-signature npm-install:| created a lockfile as package-lock.json. You should commit this file.
info:    cookie-signature npm:| npm install successfully completed
info:    cookie-signature npm:| test suite started
info:    passing module(s)   |
info:    module name:        | cookie-signature
info:    version:            | 1.1.0
info:    done                | The smoke test has passed.
info:    duration            | test duration: 5170ms
info:    starting            | debug
info:    lookup              | debug
info:    lookup-notfound     | debug
info:    lookup-githead      | https://github.com/visionmedia/debug/archive/e30e8fdbc92c4cf6b3007cd1c3ad2c3cbb82be85.tar.gz
info:    debug npm:          | Downloading project: https://github.com/visionmedia/debug/archive/e30e8fdbc92c4cf6b3007cd1c3ad2c3cbb82be85.tar.gz
info:    debug npm:          | Project downloaded debug-4.1.0.tgz
info:    debug npm:          | npm install started
warn:    debug npm-install:  | npm
warn:    debug npm-install:  | WARN deprecated circular-json@0.5.9: CircularJSON is in maintenance only, flatted is its successor.
warn:    debug npm-install:  | npm notice created a lockfile as package-lock.json. You should commit this file.
warn:    debug npm-install:  | npm
warn:    debug npm-install:  | WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules/fsevents):
warn:                        | npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
info:    debug npm:          | npm install successfully completed
info:    debug npm:          | test suite started
info:    passing module(s)   |
info:    module name:        | debug
info:    version:            | 4.1.0
info:    done                | The smoke test has passed.
info:    duration            | test duration: 30587ms
info:    starting            | depd
info:    lookup              | depd
info:    lookup-notfound     | depd
info:    lookup-githead      | https://github.com/dougwilson/nodejs-depd/archive/6d59c85d093092e65ec77033576417d743079fa0.tar.gz
info:    depd npm:           | Downloading project: https://github.com/dougwilson/nodejs-depd/archive/6d59c85d093092e65ec77033576417d743079fa0.tar.gz
info:    depd npm:           | Project downloaded depd-2.0.0.tgz
info:    depd npm:           | npm install started
warn:    depd npm-install:   | npm notice created a lockfile as package-lock.json. You should commit this file.
info:    depd npm:           | npm install successfully completed
info:    depd npm:           | test suite started
info:    passing module(s)   |
info:    module name:        | depd
info:    version:            | 2.0.0
info:    done                | The smoke test has passed.
info:    duration            | test duration: 7545ms
info:    starting            | encodeurl
info:    lookup              | encodeurl
info:    lookup-notfound     | encodeurl
info:    lookup-githead      | https://github.com/pillarjs/encodeurl/archive/1a7301e330bf20fd7c8c173102315e45cd1f5d1e.tar.gz
info:    encodeurl npm:      | Downloading project: https://github.com/pillarjs/encodeurl/archive/1a7301e330bf20fd7c8c173102315e45cd1f5d1e.tar.gz
info:    encodeurl npm:      | Project downloaded encodeurl-1.0.2.tgz
info:    encodeurl npm:      | npm install started
warn:    encodeurl npm-install:| npm
warn:    encodeurl npm-install:| WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead.
warn:    encodeurl npm-install:| npm
warn:    encodeurl npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    encodeurl npm-install:| npm
warn:    encodeurl npm-install:| WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    encodeurl npm-install:| npm
warn:    encodeurl npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
info:    encodeurl npm:      | npm install successfully completed
info:    encodeurl npm:      | test suite started
info:    passing module(s)   |
info:    module name:        | encodeurl
info:    version:            | 1.0.2
info:    done                | The smoke test has passed.
info:    duration            | test duration: 6476ms
info:    starting            | escape-html
info:    lookup              | escape-html
info:    lookup-notfound     | escape-html
info:    lookup-githead      | https://github.com/component/escape-html/archive/7ac2ea3977fcac3d4c5be8d2a037812820c65f28.tar.gz
info:    escape-html npm:    | Downloading project: https://github.com/component/escape-html/archive/7ac2ea3977fcac3d4c5be8d2a037812820c65f28.tar.gz
info:    escape-html npm:    | Project downloaded escape-html-1.0.3.tgz
info:    escape-html npm:    | npm install started
warn:    escape-html npm-install:| npm notice
warn:    escape-html npm-install:| created a lockfile as package-lock.json. You should commit this file.
info:    escape-html npm:    | npm install successfully completed
info:    escape-html npm:    | test suite started
error:   failure             | Module does not support npm-test!
error:   failing module(s)   |
error:   module name:        | escape-html
error:   version:            | 1.0.3
error:   error:              | Module does not support npm-test!
error:   error:              | undefinedadded 2 packages from 2 contributors and audited 2 packages in 1.229s
error:                       | found 0 vulnerabilities
error:                       |
error:                       |
error:                       | npm notice created a lockfile as package-lock.json. You should commit this file.
error:   done                | The smoke test has failed.
info:    duration            | test duration: 4052ms
info:    starting            | etag
info:    lookup              | etag
info:    lookup-notfound     | etag
info:    lookup-githead      | https://github.com/jshttp/etag/archive/9b1e3e41df31cda4080833c187120b91a7ce8327.tar.gz
info:    etag npm:           | Downloading project: https://github.com/jshttp/etag/archive/9b1e3e41df31cda4080833c187120b91a7ce8327.tar.gz
info:    etag npm:           | Project downloaded etag-1.8.1.tgz
info:    etag npm:           | npm install started
warn:    etag npm-install:   | npm
warn:    etag npm-install:   | WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    etag npm-install:   | npm WARN
warn:    etag npm-install:   | deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    etag npm-install:   | npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    etag npm-install:   | npm notice
warn:    etag npm-install:   | created a lockfile as package-lock.json. You should commit this file.
info:    etag npm:           | npm install successfully completed
info:    etag npm:           | test suite started
info:    passing module(s)   |
info:    module name:        | etag
info:    version:            | 1.8.1
info:    done                | The smoke test has passed.
info:    duration            | test duration: 6812ms
info:    starting            | finalhandler
info:    lookup              | finalhandler
info:    lookup-notfound     | finalhandler
info:    lookup-githead      | https://github.com/pillarjs/finalhandler/archive/024f493418f62a59592a98f07b23b265092c1006.tar.gz
info:    finalhandler npm:   | Downloading project: https://github.com/pillarjs/finalhandler/archive/024f493418f62a59592a98f07b23b265092c1006.tar.gz
info:    finalhandler npm:   | Project downloaded finalhandler-1.1.1.tgz
info:    finalhandler npm:   | npm install started
warn:    finalhandler npm-install:| npm
warn:    finalhandler npm-install:| WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead.
warn:    finalhandler npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    finalhandler npm-install:| npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    finalhandler npm-install:| npm notice created a lockfile as package-lock.json. You should commit this file.
warn:    finalhandler npm-install:| npm
warn:    finalhandler npm-install:| WARN ajv-keywords@3.2.0 requires a peer of ajv@^6.0.0 but none is installed. You must install peer dependencies yourself.
info:    finalhandler npm:   | npm install successfully completed
info:    finalhandler npm:   | test suite started
info:    passing module(s)   |
info:    module name:        | finalhandler
info:    version:            | 1.1.1
info:    done                | The smoke test has passed.
info:    duration            | test duration: 7200ms
info:    starting            | fresh
info:    lookup              | fresh
info:    lookup-notfound     | fresh
info:    lookup-githead      | https://github.com/jshttp/fresh/archive/02df6303ff260b6b7da0b479f3e42222e8157b47.tar.gz
info:    fresh npm:          | Downloading project: https://github.com/jshttp/fresh/archive/02df6303ff260b6b7da0b479f3e42222e8157b47.tar.gz
info:    fresh npm:          | Project downloaded fresh-0.5.2.tgz
info:    fresh npm:          | npm install started
warn:    fresh npm-install:  | npm
warn:    fresh npm-install:  | WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    fresh npm-install:  | npm
warn:    fresh npm-install:  | WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    fresh npm-install:  | npm
warn:    fresh npm-install:  | WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    fresh npm-install:  | npm notice created a lockfile as package-lock.json. You should commit this file.
info:    fresh npm:          | npm install successfully completed
info:    fresh npm:          | test suite started
info:    passing module(s)   |
info:    module name:        | fresh
info:    version:            | 0.5.2
info:    done                | The smoke test has passed.
info:    duration            | test duration: 6812ms
info:    starting            | merge-descriptors
info:    lookup              | merge-descriptors
info:    lookup-notfound     | merge-descriptors
info:    lookup-githead      | https://github.com/component/merge-descriptors/archive/f26c49c3b423b0b2ac31f6e32a84e1632f2d7ac2.tar.gz
info:    merge-descriptors npm:| Downloading project: https://github.com/component/merge-descriptors/archive/f26c49c3b423b0b2ac31f6e32a84e1632f2d7ac2.tar.gz
info:    merge-descriptors npm:| Project downloaded merge-descriptors-1.0.1.tgz
info:    merge-descriptors npm:| npm install started
warn:    merge-descriptors npm-install:| npm
warn:    merge-descriptors npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    merge-descriptors npm-install:| npm
warn:    merge-descriptors npm-install:| WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    merge-descriptors npm-install:| npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    merge-descriptors npm-install:| npm
warn:    merge-descriptors npm-install:| WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    merge-descriptors npm-install:| npm
warn:    merge-descriptors npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
info:    merge-descriptors npm:| npm install successfully completed
info:    merge-descriptors npm:| test suite started
error:   failure             | The canary is dead:
error:   failing module(s)   |
error:   module name:        | merge-descriptors
error:   version:            | 1.0.1
error:   error:              | The canary is dead:
error:   error:              | undefinedadded 68 packages from 137 contributors and audited 83 packages in 1.641s
error:                       | found 6 vulnerabilities (1 low, 1 moderate, 3 high, 1 critical)
error:                       | run `npm audit fix` to fix them, or `npm audit` for details
error:                       |
error:                       | > merge-descriptors@1.0.1 test /tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors
error:                       | > mocha --reporter spec --bail --check-leaks test/
error:                       |
error:                       |
error:                       |
error:                       |   merge(dest, src)
error:                       |     arguments
error:                       |       dest
error:                       |   1) should be required
error:                       |       src
error:                       |     when merging objects
error:                       |       when property exists in src
error:                       |
error:                       |
error:                       |   0 passing (6ms)
error:                       |
error:                       |
error:                       | npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
error:                       | npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
error:                       | npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
error:                       | npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
error:                       | npm notice created a lockfile as package-lock.json. You should commit this file.
error:                       | (node:18424) [DEP0006] DeprecationWarning: child_process: options.customFds option is deprecated. Use options.stdio instead.
error:                       |   1 failing
error:                       |
error:                       |   1) merge(dest, src) arguments dest should be required:
error:                       |      TypeError [ERR_AMBIGUOUS_ARGUMENT]: The "error/message" argument is ambiguous. The error message "argument dest is required" is identical to the message.
error:                       | at expectsError (assert.js:627:15)
error:                       | at Function.throws (assert.js:694:3)
error:                       | at context.<anonymous> (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/test/merge.js:19:16)
error:                       | at callFn (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runnable.js:250:21)
error:                       | at Test.Runnable.run (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runnable.js:243:7)
error:                       | at Runner.runTest (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:373:10)
error:                       | at /tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:451:12
error:                       | at next (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:298:14)
error:                       | at /tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:308:7
error:                       | at next (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:246:23)
error:                       | at Immediate.<anonymous> (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:275:5)
error:                       | at processImmediate (timers.js:632:19)
error:                       |
error:                       |
error:                       | npm ERR! Test failed.  See above for more details.
error:   done                | The smoke test has failed.
info:    duration            | test duration: 5130ms
info:    starting            | methods
info:    lookup              | methods
info:    lookup-notfound     | methods
info:    lookup-githead      | https://github.com/jshttp/methods/archive/25d257d913f1b94bd2d73581521ff72c81469140.tar.gz
info:    methods npm:        | Downloading project: https://github.com/jshttp/methods/archive/25d257d913f1b94bd2d73581521ff72c81469140.tar.gz
info:    methods npm:        | Project downloaded methods-1.1.2.tgz
info:    methods npm:        | npm install started
warn:    methods npm-install:| npm
warn:    methods npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    methods npm-install:| npm WARN
warn:    methods npm-install:| deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    methods npm-install:| npm
warn:    methods npm-install:| WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    methods npm-install:| npm WARN
warn:    methods npm-install:| deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    methods npm-install:| npm notice
warn:    methods npm-install:| created a lockfile as package-lock.json. You should commit this file.
info:    methods npm:        | npm install successfully completed
info:    methods npm:        | test suite started
info:    passing module(s)   |
info:    module name:        | methods
info:    version:            | 1.1.2
info:    done                | The smoke test has passed.
info:    duration            | test duration: 5085ms
info:    starting            | on-finished
info:    lookup              | on-finished
info:    lookup-notfound     | on-finished
info:    lookup-githead      | https://github.com/jshttp/on-finished/archive/34babcb58126a416fcf5205768204f2e12699dda.tar.gz
info:    on-finished npm:    | Downloading project: https://github.com/jshttp/on-finished/archive/34babcb58126a416fcf5205768204f2e12699dda.tar.gz
info:    on-finished npm:    | Project downloaded on-finished-2.3.0.tgz
info:    on-finished npm:    | npm install started
warn:    on-finished npm-install:| npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    on-finished npm-install:| npm WARN
warn:    on-finished npm-install:| deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    on-finished npm-install:| npm WARN
warn:    on-finished npm-install:| deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    on-finished npm-install:| npm WARN
warn:    on-finished npm-install:| deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    on-finished npm-install:| npm
warn:    on-finished npm-install:| WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    on-finished npm-install:| npm notice
warn:    on-finished npm-install:| created a lockfile as package-lock.json. You should commit this file.
info:    on-finished npm:    | npm install successfully completed
info:    on-finished npm:    | test suite started
error:   failure             | The canary is dead:
error:   failing module(s)   |
error:   module name:        | on-finished
error:   version:            | 2.3.0
error:   error:              | The canary is dead:
error:   error:              | undefinedadded 49 packages from 104 contributors and audited 62 packages in 2.574s
error:                       | found 9 vulnerabilities (3 low, 1 moderate, 4 high, 1 critical)
error:                       | run `npm audit fix` to fix them, or `npm audit` for details
error:                       |
error:                       | > on-finished@2.3.0 test /tmp/e2c04234-10a1-4a44-aaf7-4164bcca4d47/on-finished
error:                       | > mocha --reporter spec --bail --check-leaks test/
error:                       |
error:                       |
error:                       |
error:                       | onFinished(res, listener)
error:                       | ✓ should invoke listener given an unknown object
error:                       | when the response finishes
error:                       | ✓ should fire the callback
error:                       | ✓ should include the response object
error:                       | ✓ should fire when called after finish
error:                       | when using keep-alive
error:                       | ✓ should fire for each response (47ms)
error:                       | when requests pipelined
error:                       | ✓ should fire for each request
error:                       | when response errors
error:                       | 1) should fire with error
error:                       | when the response aborts
error:                       | when calling many times on same response
error:                       |
error:                       | isFinished(res)
error:                       | when requests pipelined
error:                       | when response errors
error:                       | when the response aborts
error:                       |
error:                       | onFinished(req, listener)
error:                       | when the request finishes
error:                       | when using keep-alive
error:                       | when request errors
error:                       | when the request aborts
error:                       | when calling many times on same request
error:                       | when CONNECT method
error:                       | when Upgrade request
error:                       |
error:                       | isFinished(req)
error:                       | when request data buffered
error:                       | when request errors
error:                       | when the request aborts
error:                       | when CONNECT method
error:                       | when Upgrade request
error:                       |
error:                       |
error:                       | 6 passing (2s)
error:                       | 1 failing
error:                       |
error:                       | 1) onFinished(res, listener) when response errors should fire with error:
error:                       | Error: timeout of 2000ms exceeded. Ensure the done() callback is being called in this test.
error:                       |
error:                       |
error:                       |
error:                       |
error:                       |
error:                       | npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
error:                       | npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
error:                       | npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
error:                       | npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
error:                       | npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
error:                       | npm notice created a lockfile as package-lock.json. You should commit this file.
error:                       | npm ERR! Test failed.  See above for more details.
error:   done                | The smoke test has failed.
info:    duration            | test duration: 7868ms
info:    starting            | parseurl
info:    lookup              | parseurl
info:    lookup-notfound     | parseurl
info:    lookup-githead      | https://github.com/pillarjs/parseurl/archive/0022a009d0973a44ae3849e83112ea4d12ad5b49.tar.gz
info:    parseurl npm:       | Downloading project: https://github.com/pillarjs/parseurl/archive/0022a009d0973a44ae3849e83112ea4d12ad5b49.tar.gz
info:    parseurl npm:       | Project downloaded parseurl-1.3.2.tgz
info:    parseurl npm:       | npm install started
warn:    parseurl npm-install:| npm
warn:    parseurl npm-install:| WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead.
warn:    parseurl npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    parseurl npm-install:| npm WARN
warn:    parseurl npm-install:| deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    parseurl npm-install:| npm notice created a lockfile as package-lock.json. You should commit this file.
info:    parseurl npm:       | npm install successfully completed
info:    parseurl npm:       | test suite started
info:    passing module(s)   |
info:    module name:        | parseurl
info:    version:            | 1.3.2
info:    done                | The smoke test has passed.
info:    duration            | test duration: 6350ms
info:    starting            | path-to-regexp
info:    lookup              | path-to-regexp
info:    lookup-found        | path-to-regexp
info:    path-to-regexp lookup-replace| https://github.com/pillarjs/path-to-regexp/archive/bcba87cbd47d8aa3f826a88a7f6ef5a77072c71a.tar.gz
info:    path-to-regexp npm: | Downloading project: https://github.com/pillarjs/path-to-regexp/archive/bcba87cbd47d8aa3f826a88a7f6ef5a77072c71a.tar.gz
info:    path-to-regexp npm: | Project downloaded path-to-regexp-2.4.0.tgz
info:    path-to-regexp npm: | npm install started
info:    path-to-regexp npm: | npm install successfully completed
info:    path-to-regexp npm: | test suite started
info:    passing module(s)   |
info:    module name:        | path-to-regexp
info:    version:            | 2.4.0
info:    done                | The smoke test has passed.
info:    duration            | test duration: 9321ms
info:    starting            | proxy-addr
info:    lookup              | proxy-addr
info:    lookup-notfound     | proxy-addr
info:    lookup-githead      | https://github.com/jshttp/proxy-addr/archive/0942626d371d6d4e4cd5c59f4be7e55c81efd357.tar.gz
info:    proxy-addr npm:     | Downloading project: https://github.com/jshttp/proxy-addr/archive/0942626d371d6d4e4cd5c59f4be7e55c81efd357.tar.gz
info:    proxy-addr npm:     | Project downloaded proxy-addr-2.0.4.tgz
info:    proxy-addr npm:     | npm install started
warn:    proxy-addr npm-install:| npm notice created a lockfile as package-lock.json. You should commit this file.
info:    proxy-addr npm:     | npm install successfully completed
info:    proxy-addr npm:     | test suite started
info:    passing module(s)   |
info:    module name:        | proxy-addr
info:    version:            | 2.0.4
info:    done                | The smoke test has passed.
info:    duration            | test duration: 9448ms
info:    starting            | qs
info:    lookup              | qs
info:    lookup-notfound     | qs
info:    lookup-githead      | https://github.com/ljharb/qs/archive/34af57edde61639054ea7b38fdfce050cffdab29.tar.gz
info:    qs npm:             | Downloading project: https://github.com/ljharb/qs/archive/34af57edde61639054ea7b38fdfce050cffdab29.tar.gz
info:    qs npm:             | Project downloaded qs-6.6.0.tgz
info:    qs npm:             | npm install started
warn:    qs npm-install:     | npm
warn:    qs npm-install:     | WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    qs npm-install:     | npm WARN
warn:    qs npm-install:     | deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    qs npm-install:     | npm WARN
warn:    qs npm-install:     | deprecated es6-collections@0.5.6: not actively maintained anymore
warn:    qs npm-install:     | npm WARN prepublish-on-install As of npm@5, `prepublish` scripts are deprecated.
warn:                        | npm WARN
warn:    qs npm-install:     | prepublish-on-install Use `prepare` for build steps and `prepublishOnly` for upload-only.
warn:                        | npm WARN prepublish-on-install See the deprecation note in `npm help scripts` for more information.
info:    qs npm:             | npm install successfully completed
info:    qs npm:             | test suite started
info:    passing module(s)   |
info:    module name:        | qs
info:    version:            | 6.6.0
info:    done                | The smoke test has passed.
info:    duration            | test duration: 23225ms
info:    starting            | range-parser
info:    lookup              | range-parser
info:    lookup-notfound     | range-parser
info:    lookup-githead      | https://github.com/jshttp/range-parser/archive/0665aca31639d799dee1d35fb10970799559ec48.tar.gz
info:    range-parser npm:   | Downloading project: https://github.com/jshttp/range-parser/archive/0665aca31639d799dee1d35fb10970799559ec48.tar.gz
info:    range-parser npm:   | Project downloaded range-parser-1.2.0.tgz
info:    range-parser npm:   | npm install started
warn:    range-parser npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    range-parser npm-install:| npm WARN deprecated
warn:    range-parser npm-install:| minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    range-parser npm-install:| npm
warn:    range-parser npm-install:| WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    range-parser npm-install:| npm WARN
warn:    range-parser npm-install:| deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    range-parser npm-install:| npm
warn:    range-parser npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
info:    range-parser npm:   | npm install successfully completed
info:    range-parser npm:   | test suite started
info:    passing module(s)   |
info:    module name:        | range-parser
info:    version:            | 1.2.0
info:    done                | The smoke test has passed.
info:    duration            | test duration: 14083ms
info:    starting            | safe-buffer
info:    lookup              | safe-buffer
info:    lookup-notfound     | safe-buffer
info:    lookup-githead      | https://github.com/feross/safe-buffer/archive/649435cc8e2d1f3ecdc7caf323f1cb1187307a16.tar.gz
info:    safe-buffer npm:    | Downloading project: https://github.com/feross/safe-buffer/archive/649435cc8e2d1f3ecdc7caf323f1cb1187307a16.tar.gz
info:    safe-buffer npm:    | Project downloaded safe-buffer-5.1.2.tgz
info:    safe-buffer npm:    | npm install started
warn:    safe-buffer npm-install:| npm notice
warn:    safe-buffer npm-install:| created a lockfile as package-lock.json. You should commit this file.
info:    safe-buffer npm:    | npm install successfully completed
info:    safe-buffer npm:    | test suite started
info:    passing module(s)   |
info:    module name:        | safe-buffer
info:    version:            | 5.1.2
info:    done                | The smoke test has passed.
info:    duration            | test duration: 7640ms
info:    starting            | send
info:    lookup              | send
info:    lookup-notfound     | send
info:    lookup-githead      | https://github.com/pillarjs/send/archive/c378e25a4212eb0fff2c869cbf5d0d6606bbc389.tar.gz
info:    send npm:           | Downloading project: https://github.com/pillarjs/send/archive/c378e25a4212eb0fff2c869cbf5d0d6606bbc389.tar.gz
info:    send npm:           | Project downloaded send-0.16.2.tgz
info:    send npm:           | npm install started
warn:    send npm-install:   | npm
warn:    send npm-install:   | WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead.
warn:    send npm-install:   | npm
warn:    send npm-install:   | WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    send npm-install:   | npm
warn:    send npm-install:   | WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    send npm-install:   | npm notice created a lockfile as package-lock.json. You should commit this file.
info:    send npm:           | npm install successfully completed
info:    send npm:           | test suite started
info:    passing module(s)   |
info:    module name:        | send
info:    version:            | 0.16.2
info:    done                | The smoke test has passed.
info:    duration            | test duration: 11266ms
info:    starting            | serve-static
info:    lookup              | serve-static
info:    lookup-notfound     | serve-static
info:    lookup-githead      | https://github.com/expressjs/serve-static/archive/f287bd6c26ad2bfd0422c533b0358f2f4b16f7db.tar.gz
info:    serve-static npm:   | Downloading project: https://github.com/expressjs/serve-static/archive/f287bd6c26ad2bfd0422c533b0358f2f4b16f7db.tar.gz
info:    serve-static npm:   | Project downloaded serve-static-1.13.2.tgz
info:    serve-static npm:   | npm install started
warn:    serve-static npm-install:| npm
warn:    serve-static npm-install:| WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead.
warn:    serve-static npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    serve-static npm-install:| npm
warn:    serve-static npm-install:| WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    serve-static npm-install:| npm
warn:    serve-static npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
info:    serve-static npm:   | npm install successfully completed
info:    serve-static npm:   | test suite started
error:   failure             | The canary is dead:
error:   failing module(s)   |
error:   module name:        | serve-static
error:   version:            | 1.13.2
error:   error:              | The canary is dead:
error:   error:              | undefinedadded 282 packages from 599 contributors and audited 603 packages in 3.56s
error:                       | found 5 vulnerabilities (2 low, 1 moderate, 1 high, 1 critical)
error:                       | run `npm audit fix` to fix them, or `npm audit` for details
error:                       |
error:                       | > serve-static@1.13.2 test /tmp/fb823eb7-a2d5-4f8e-8fff-ce1783afdfeb/serve-static
error:                       | > mocha --reporter spec --bail --check-leaks test/
error:                       |
error:                       |
error:                       |
error:                       | serveStatic()
error:                       | basic operations
error:                       | ✓ should require root path
error:                       | ✓ should require root path to be string
error:                       | ✓ should serve static files
error:                       | ✓ should support nesting
error:                       | ✓ should set Content-Type
error:                       | ✓ should set Last-Modified
error:                       | ✓ should default max-age=0
error:                       | ✓ should support urlencoded pathnames
error:                       | ✓ should not choke on auth-looking URL
error:                       | ✓ should support index.html
error:                       | ✓ should support ../
error:                       | ✓ should support HEAD
error:                       | ✓ should skip POST requests
error:                       | ✓ should support conditional requests
error:                       | ✓ should support precondition checks
error:                       | ✓ should serve zero-length files
error:                       | ✓ should ignore hidden files
error:                       | current dir
error:                       | ✓ should be served with "."
error:                       | acceptRanges
error:                       | when false
error:                       | ✓ should not include Accept-Ranges
error:                       | ✓ should ignore Rage request header
error:                       | when true
error:                       | ✓ should include Accept-Ranges
error:                       | ✓ should obey Rage request header
error:                       | cacheControl
error:                       | when false
error:                       | ✓ should not include Cache-Control
error:                       | ✓ should ignore maxAge
error:                       | when true
error:                       | ✓ should include Cache-Control
error:                       | extensions
error:                       | ✓ should be not be enabled by default
error:                       | ✓ should be configurable
error:                       | ✓ should support disabling extensions
error:                       | ✓ should support fallbacks
error:                       | ✓ should 404 if nothing found
error:                       | fallthrough
error:                       | ✓ should default to true
error:                       | when true
error:                       | ✓ should fall-through when OPTIONS request
error:                       | ✓ should fall-through when URL malformed
error:                       | ✓ should fall-through when traversing past root
error:                       | 1) should fall-through when URL too long
error:                       |
error:                       |
error:                       | 34 passing (100ms)
error:                       | 1 failing
error:                       |
error:                       | 1) serveStatic() fallthrough when true should fall-through when URL too long:
error:                       | Error: expected 404 "Not Found", got 400 "Bad Request"
error:                       | at Test._assertStatus (node_modules/supertest/lib/test.js:232:12)
error:                       | at Test._assertFunction (node_modules/supertest/lib/test.js:247:11)
error:                       | at Test.assert (node_modules/supertest/lib/test.js:148:18)
error:                       | at Server.assert (node_modules/supertest/lib/test.js:127:12)
error:                       | at emitCloseNT (net.js:1637:8)
error:                       | at process.internalTickCallback (internal/process/next_tick.js:72:19)
error:                       |
error:                       |
error:                       |
error:                       |
error:                       | npm WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead.
error:                       | npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
error:                       | npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
error:                       | npm notice created a lockfile as package-lock.json. You should commit this file.
error:                       | npm ERR! Test failed.  See above for more details.
error:   done                | The smoke test has failed.
info:    duration            | test duration: 15086ms
info:    starting            | setprototypeof
info:    lookup              | setprototypeof
info:    lookup-notfound     | setprototypeof
info:    lookup-githead      | https://github.com/wesleytodd/setprototypeof/archive/8fc2c260d8b7da91133edefde49a3df461f220c8.tar.gz
info:    setprototypeof npm: | Downloading project: https://github.com/wesleytodd/setprototypeof/archive/8fc2c260d8b7da91133edefde49a3df461f220c8.tar.gz
info:    setprototypeof npm: | Project downloaded setprototypeof-1.1.0.tgz
info:    setprototypeof npm: | npm install started
warn:    setprototypeof npm-install:| npm
warn:    setprototypeof npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
info:    setprototypeof npm: | npm install successfully completed
info:    setprototypeof npm: | test suite started
error:   failure             | The canary is dead:
error:   failing module(s)   |
error:   module name:        | setprototypeof
error:   version:            | 1.1.0
error:   error:              | The canary is dead:
error:   error:              | undefinedup to date in 1.28s
error:                       | found 0 vulnerabilities
error:                       |
error:                       |
error:                       | > setprototypeof@1.1.0 test /tmp/86db1e7c-c5f3-42e7-b008-69b168282dbb/setprototypeof
error:                       | > echo "Error: no test specified" && exit 1
error:                       |
error:                       | Error: no test specified
error:                       |
error:                       | npm notice created a lockfile as package-lock.json. You should commit this file.
error:                       | npm ERR! Test failed.  See above for more details.
error:   done                | The smoke test has failed.
info:    duration            | test duration: 6826ms
info:    starting            | statuses
info:    lookup              | statuses
info:    lookup-notfound     | statuses
info:    lookup-githead      | https://github.com/jshttp/statuses/archive/4fcf6fb80ef50e8f0603b87946b0fa7868c815e7.tar.gz
info:    statuses npm:       | Downloading project: https://github.com/jshttp/statuses/archive/4fcf6fb80ef50e8f0603b87946b0fa7868c815e7.tar.gz
info:    statuses npm:       | Project downloaded statuses-1.5.0.tgz
info:    statuses npm:       | npm install started
warn:    statuses npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    statuses npm-install:| npm
warn:    statuses npm-install:| WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    statuses npm-install:| npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    statuses npm-install:| npm notice
warn:    statuses npm-install:| created a lockfile as package-lock.json. You should commit this file.
info:    statuses npm:       | npm install successfully completed
info:    statuses npm:       | test suite started
info:    passing module(s)   |
info:    module name:        | statuses
info:    version:            | 1.5.0
info:    done                | The smoke test has passed.
info:    duration            | test duration: 7305ms
info:    starting            | type-is
info:    lookup              | type-is
info:    lookup-notfound     | type-is
info:    lookup-githead      | https://github.com/jshttp/type-is/archive/dc723b95e2c52c689cf9d4cefbc5d91e74f7524a.tar.gz
info:    type-is npm:        | Downloading project: https://github.com/jshttp/type-is/archive/dc723b95e2c52c689cf9d4cefbc5d91e74f7524a.tar.gz
info:    type-is npm:        | Project downloaded type-is-1.6.16.tgz
info:    type-is npm:        | npm install started
warn:    type-is npm-install:| npm
warn:    type-is npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    type-is npm-install:| npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    type-is npm-install:| npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    type-is npm-install:| npm
warn:    type-is npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
info:    type-is npm:        | npm install successfully completed
info:    type-is npm:        | test suite started
info:    passing module(s)   |
info:    module name:        | type-is
info:    version:            | 1.6.16
info:    done                | The smoke test has passed.
info:    duration            | test duration: 6465ms
info:    starting            | utils-merge
info:    lookup              | utils-merge
info:    lookup-notfound     | utils-merge
info:    lookup-githead      | https://github.com/jaredhanson/utils-merge/archive/680a65305312a990751fd32b83bd2c12d67809d4.tar.gz
info:    utils-merge npm:    | Downloading project: https://github.com/jaredhanson/utils-merge/archive/680a65305312a990751fd32b83bd2c12d67809d4.tar.gz
info:    utils-merge npm:    | Project downloaded utils-merge-1.0.1.tgz
info:    utils-merge npm:    | npm install started
warn:    utils-merge npm-install:| npm
warn:    utils-merge npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    utils-merge npm-install:| npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    utils-merge npm-install:| npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warn:    utils-merge npm-install:| npm
warn:    utils-merge npm-install:| notice created a lockfile as package-lock.json. You should commit this file.
info:    utils-merge npm:    | npm install successfully completed
info:    utils-merge npm:    | test suite started
info:    passing module(s)   |
info:    module name:        | utils-merge
info:    version:            | 1.0.1
info:    done                | The smoke test has passed.
info:    duration            | test duration: 5372ms
info:    starting            | vary
info:    lookup              | vary
info:    lookup-notfound     | vary
info:    lookup-githead      | https://github.com/jshttp/vary/archive/4067e646233fbc8ec9e7a9cd78d6f063c6fdc17e.tar.gz
info:    vary npm:           | Downloading project: https://github.com/jshttp/vary/archive/4067e646233fbc8ec9e7a9cd78d6f063c6fdc17e.tar.gz
info:    vary npm:           | Project downloaded vary-1.1.2.tgz
info:    vary npm:           | npm install started
warn:    vary npm-install:   | npm
warn:    vary npm-install:   | WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead.
warn:    vary npm-install:   | npm
warn:    vary npm-install:   | WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade
warn:    vary npm-install:   | npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warn:    vary npm-install:   | npm notice created a lockfile as package-lock.json. You should commit this file.
info:    vary npm:           | npm install successfully completed
info:    vary npm:           | test suite started
info:    passing module(s)   |
info:    module name:        | vary
info:    version:            | 1.1.2
info:    done                | The smoke test has passed.
info:    duration            | test duration: 7480ms

TLDR

• accepts: ✔️
• array-flatten: ✔️
• body-parser: ✔️
• content-disposition: ✔️
• content-type: ✔️
• cookie: ✔️
• cookie-signature: ✔️
• debug: ✔️
• depd: ✔️
• encodeurl: ✔️
• escape-html: ❌ (no npm test script)
• etag: ✔️
• finalhandler: ✔️
• fresh: ✔️
• merge-descriptors: ❌ (wrong usage of assert.throws)
• methods: ✔️
• on-finished: ❌ (timeout at onFinished(res, listener) when response errors should fire with error)
• parseurl: ✔️
• path-to-regexp: ✔️
• proxy-addr: ✔️
• qs: ✔️
• range-parser: ✔️
• safe-buffer: ✔️
• send: ✔️
• serve-static: ❌ (Error: expected 404 "Not Found", got 400 "Bad Request" at serveStatic() fallthrough when true should fall-through when URL too long)
• setprototypeof: ❌ (no npm test script)
• statuses: ✔️
• type-is: ✔️
• utils-merge: ✔️
• vary: ✔️

[mcollina]

I think we should start adding the passing ones immediately, and then add the other ones as soon as they pass.