Bright is now integrated with GitHub Copilot

Check it out! →
Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.


Connecting your security stack & resolution processes seamlessly.


Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.


Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.


Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.


Download whitepapers & research on hot topics in the security field.

About us

Who we are, where we came from, and our Bright vision for the future.


Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Resources > Blog >
Unit Testing in Javascript: DIY vs. Test Framework

Unit Testing in Javascript: DIY vs. Test Framework

Admir Dizdar

What is Unit Testing in Javascript?

JavaScript unit testing allows you to test small, self-contained units of JavaScript code, which are part of a web page or web application. There are two key concepts in JavaScript unit testing:

  • Test framework—can import some JavaScript code, invoke it, and test if it works properly. 
  • Test case—a specific test that checks if a unit of code is working properly. Tests are organized into test suites. 
  • Test runner—runs test cases in the browser to see how the unit under test behaves.

Popular JavaScript unit testing frameworks include Jest, Mocha, and Jasmine. We’ll show how to run a simple unit test without a full framework, and how to test your code using Jest.

In this article:

Quick Tutorial #1: JavaScript Unit Testing Without a Framework [DIY]

While there are many JavaScript unit testing frameworks, it is useful to build a unit test yourself, without any framework, to get a good grasp of the mechanisms involved. Our discussion below is based on the excellent tutorial by Amit Gupta.

Step 1: Create simple test framework

Create a test.js file and implement the it function. 

In test frameworks like Jasmine, the it function allows you to run a piece of code, observe its output, and see if it matches the expected output. Here we will implement this function ourselves. It takes two parameters:

  • desc—description of the test case
  • fn—function to test

Here is the code:

  'use strict';

   function it(desc, fn) {
    try {
    } catch (error) {

Add a simple test assertion. This assertion checks if an expression is true, and if not, throws an error:

 function assert(isTrue) {
    if (!isTrue) {
      throw new Error();

Step 2: Create test runner

Next, we’ll create a test.html file which will be our test runner. All it does is run test.js.

<!DOCTYPE html>
<html lang="en">
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Test Runner</title>
  <div id="selector"></div>
  <script src="test.js"></script>

Step 3: Running a test

In the test.js file, we’ll add the following test:

it('should fail', function() {
  assert(1 !== 1);

Because 1 is equal to 1, this test will always fail. To see that our assertion works properly, run test.html in your Chrome browser, open Developer Tools and switch to the Console tab. You should see the message should fail and immediately after it, an error. In a real test, this will allow you to see what caused the code to fail and debug the issue.

Now add the following test, which should always pass:

it('should pass', function() {
  assert(1 === 1);

Refresh the test runner in the browser, and look at the console. It will show the message should pass.

Related content: Read our guide to unit testing examples

Quick Tutorial #2: JavaScript Unit Testing Tutorial with Jest

Jest is an open-source JavaScript-based testing framework primarily used for React and React Native-based web applications. It can be difficult to run unit tests in a software front end, due to complex, time-consuming configuration. The Jest framework can greatly reduce this complexity.

Jest also provides a package assertion library, a test runner, and a built-in mock library. It can be used with a variety of JavaScript frameworks including Angular, Vue.js, Node.js, Babel, and TypeScript. Apart from unit testing you can also use Jest to: 

  • Validate almost anything against JavaScript, especially browser rendering of web applications. 
  • Run automated browser testing.

Related content: Read our guide to unit testing frameworks (coming soon)

Let’s see how to run a simple unit test with Jest.

Step 1: Set Up the Environment

To set up a simple test environment, create a new project using npm init -y and install Jest as a development dependency for npm:

npm install --save-dev jest

Add this script to package.json to be able to run your tests from the command line:

"scripts": {
  "test": "jest"

Step 2: Create Sample File

Create a new file under src/example.js and set it to export the function:

function example(a, b) {
  return a + b;

module.exports = example;

Learn more in our detailed guide to unit testing best practices.

Step 3: Create a Test File

Save this file and open test/example.js. Jest automatically finds the test you want to run in the test/ directory. This file serves as a companion to the example.js file and defines a set of tests to verify that all functions are working correctly. 

A basic Jest test looks like this:

test('Description', () => {

By default, the test() function wraps all the code in the test. Each expect() block calls a function (a unit) and passes its value to a “matcher”. In this case, the matcher is a toBe() function that checks for equality.

Jest has a variety of matchers, all of which you can read about in the documentation.

Step 4: Try a Test on the Example Function

The following block runs two basic tests on our example function:

const example = require('../src/example');

test('testing simple additions', () => {
  expect(doSomeMath(1, 1)).toBe(2);
  expect(doSomeMath(2, 2)).toBe(4);

Step 5: Run the Test

To execute your test, run this command:

npm run test

This will run all test suites and print the results of each test suite.

If the math works, everything should pass. If it fails, Jest will provide a detailed description of the problem and help track it down.

Step 6: Use a Loop to Test Multiple Values

Here is how to use a for loop to call expect multiple times by iterating over the input. If the expected execution fails, the test itself also fails:

test('checking multiple addition values', () => {
  for (let a = 1; a < 10; a++) {
   expect(doSomeMath(a, 5)).toBe(a + 5)

Related content: Read our guide to unit testing in angular.

Security Unit Testing with Bright

Bright is a developer-first Dynamic Application Security Testing (DAST) scanner, the first of its kind to integrate into unit testing, revolutionizing the ability to shift security testing even further left. You can now start to test every component / function at the speed of unit tests, baking security testing across development and CI/CD pipelines to minimize security and technical debt, by scanning early and often, spearheaded by developers. With NO false positives, start trusting your scanner when testing your applications and APIs (SOAP, REST, GraphQL), built for modern technologies and architectures. Sign up now for a free account and read our docs to learn more.


IASTless IAST – The SAST to DAST Bridge

Streamline appsec with IASTless IAST. Simplify deployment, enhance accuracy, and boost your security posture by combining SAST and Bright’s DAST.

Bringing DAST security to AI-generated code

AI-generated code is basically the holy grail of developer tools of this decade. Think back to just over two years ago; every third article discussed how there weren’t enough engineers to answer demand; some companies even offered coding training for candidates wanting to make a career change. The demand for software and hardware innovation was

5 Examples of Zero Day Vulnerabilities and How to Protect Your Organization

A zero day vulnerability refers to a software security flaw that is unknown to those who should be mitigating it, including the vendor of the target software.

Get our newsletter

Bright Security is a leader in Dynamic Application Security Testing (DAST) on G2 Bright Security is a leader in Dynamic Application Security Testing (DAST) on G2