test express dependency tree

[mcollina]

Forked from https://github.com/nodejs/node/issues/24586#issuecomment-443229311.

For the CTIGM: after I tracked this down, I noticed the ultimate issue is that lots of Express's dependencies are missing from the CITGM. Express's direct test suite doesn't re-test everything that each of it's dependencies are responsible for: it makes the assumption that by using a given dependency, it is getting the behavior that the dependency promises without needed to copy that dependency's entire test suite into it's own. This may be a missing on the CITGM process, though.

It seems we are lacking quite a bit of testing.

cc @dougwilson

[targos]

Current list of express' direct dependencies:

{ accepts: '~1.3.5',
  'array-flatten': '1.1.1',
  'body-parser': '1.18.3',
  'content-disposition': '0.5.2',
  'content-type': '~1.0.4',
  cookie: '0.3.1',
  'cookie-signature': '1.0.6',
  debug: '2.6.9',
  depd: '~1.1.2',
  encodeurl: '~1.0.2',
  'escape-html': '~1.0.3',
  etag: '~1.8.1',
  finalhandler: '1.1.1',
  fresh: '0.5.2',
  'merge-descriptors': '1.0.1',
  methods: '~1.1.2',
  'on-finished': '~2.3.0',
  parseurl: '~1.3.2',
  'path-to-regexp': '0.1.7',
  'proxy-addr': '~2.0.4',
  qs: '6.5.2',
  'range-parser': '~1.2.0',
  'safe-buffer': '5.1.2',
  send: '0.16.2',
  'serve-static': '1.13.2',
  setprototypeof: '1.1.0',
  statuses: '~1.4.0',
  'type-is': '~1.6.16',
  'utils-merge': '1.0.1',
  vary: '~1.1.2' }

Currently tested in citgm:

• body-parser (latest=1.18.3)
• path-to-regexp (latest=2.4.0)

[targos]

I already have an open PR for debug in https://github.com/nodejs/citgm/pull/626

[targos]

citgm results on all dependencies with Node.js 11.3.0

``` info: starting | accepts info: lookup | accepts info: lookup-notfound | accepts info: lookup-githead | https://github.com/jshttp/accepts/archive/c38d0e968cdc1526f7cc7a718977ee76655c84f5.tar.gz info: accepts npm: | Downloading project: https://github.com/jshttp/accepts/archive/c38d0e968cdc1526f7cc7a718977ee76655c84f5.tar.gz info: accepts npm: | Project downloaded accepts-1.3.5.tgz info: accepts npm: | npm install started warn: accepts npm-install:| npm warn: accepts npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: accepts npm-install:| npm WARN warn: accepts npm-install:| deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: accepts npm-install:| npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: accepts npm-install:| npm warn: accepts npm-install:| notice created a lockfile as package-lock.json. You should commit this file. warn: accepts npm-install:| npm WARN ajv-keywords@3.2.0 requires a peer of ajv@^6.0.0 but none is installed. You must install peer dependencies yourself. info: accepts npm: | npm install successfully completed info: accepts npm: | test suite started info: passing module(s) | info: module name: | accepts info: version: | 1.3.5 info: done | The smoke test has passed. info: duration | test duration: 7496ms info: starting | array-flatten info: lookup | array-flatten info: lookup-notfound | array-flatten info: lookup-githead | https://github.com/blakeembrey/array-flatten/archive/b5619025bfb5d624fc2106ec81f9fdecf5419e04.tar.gz info: array-flatten npm: | Downloading project: https://github.com/blakeembrey/array-flatten/archive/b5619025bfb5d624fc2106ec81f9fdecf5419e04.tar.gz info: array-flatten npm: | Project downloaded array-flatten-2.1.1.tgz info: array-flatten npm: | npm install started warn: array-flatten npm-install:| npm notice warn: array-flatten npm-install:| created a lockfile as package-lock.json. You should commit this file. info: array-flatten npm: | npm install successfully completed info: array-flatten npm: | test suite started info: passing module(s) | info: module name: | array-flatten info: version: | 2.1.1 info: done | The smoke test has passed. info: duration | test duration: 9081ms info: starting | body-parser info: lookup | body-parser info: lookup-found | body-parser info: body-parser lookup-replace| https://github.com/expressjs/body-parser/archive/e6ccf98015fece0851c0c673fc2776c30ad79e5d.tar.gz info: body-parser npm: | Downloading project: https://github.com/expressjs/body-parser/archive/e6ccf98015fece0851c0c673fc2776c30ad79e5d.tar.gz info: body-parser npm: | Project downloaded body-parser-1.18.3.tgz info: body-parser npm: | npm install started warn: body-parser npm-install:| npm WARN warn: body-parser npm-install:| deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: body-parser npm-install:| npm WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead. warn: body-parser npm-install:| npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: body-parser npm-install:| npm warn: body-parser npm-install:| notice created a lockfile as package-lock.json. You should commit this file. info: body-parser npm: | npm install successfully completed info: body-parser npm: | test suite started info: passing module(s) | info: module name: | body-parser info: version: | 1.18.3 info: done | The smoke test has passed. info: duration | test duration: 7322ms info: starting | content-disposition info: lookup | content-disposition info: lookup-notfound | content-disposition info: lookup-githead | https://github.com/jshttp/content-disposition/archive/2a08417377cf55678c9f870b305f3c6c088920f3.tar.gz info: content-disposition npm:| Downloading project: https://github.com/jshttp/content-disposition/archive/2a08417377cf55678c9f870b305f3c6c088920f3.tar.gz info: content-disposition npm:| Project downloaded content-disposition-0.5.2.tgz info: content-disposition npm:| npm install started warn: content-disposition npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: content-disposition npm-install:| npm warn: content-disposition npm-install:| WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: content-disposition npm-install:| npm WARN warn: content-disposition npm-install:| deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: content-disposition npm-install:| npm warn: content-disposition npm-install:| notice created a lockfile as package-lock.json. You should commit this file. info: content-disposition npm:| npm install successfully completed info: content-disposition npm:| test suite started info: passing module(s) | info: module name: | content-disposition info: version: | 0.5.2 info: done | The smoke test has passed. info: duration | test duration: 6018ms info: starting | content-type info: lookup | content-type info: lookup-notfound | content-type info: lookup-githead | https://github.com/jshttp/content-type/archive/d22f8ac6c407789c906bd6fed137efde8f772b09.tar.gz info: content-type npm: | Downloading project: https://github.com/jshttp/content-type/archive/d22f8ac6c407789c906bd6fed137efde8f772b09.tar.gz info: content-type npm: | Project downloaded content-type-1.0.4.tgz info: content-type npm: | npm install started warn: content-type npm-install:| npm warn: content-type npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: content-type npm-install:| npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: content-type npm-install:| npm WARN warn: content-type npm-install:| deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: content-type npm-install:| npm warn: content-type npm-install:| notice created a lockfile as package-lock.json. You should commit this file. info: content-type npm: | npm install successfully completed info: content-type npm: | test suite started info: passing module(s) | info: module name: | content-type info: version: | 1.0.4 info: done | The smoke test has passed. info: duration | test duration: 6673ms info: starting | cookie info: lookup | cookie info: lookup-notfound | cookie info: lookup-githead | https://github.com/jshttp/cookie/archive/e3c77d497d66c8b8d4b677b8954c1b192a09f0b3.tar.gz info: cookie npm: | Downloading project: https://github.com/jshttp/cookie/archive/e3c77d497d66c8b8d4b677b8954c1b192a09f0b3.tar.gz info: cookie npm: | Project downloaded cookie-0.3.1.tgz info: cookie npm: | npm install started warn: cookie npm-install: | npm warn: cookie npm-install: | WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: cookie npm-install: | npm warn: cookie npm-install: | WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: cookie npm-install: | npm warn: cookie npm-install: | WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: cookie npm-install: | npm warn: cookie npm-install: | WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: cookie npm-install: | npm notice created a lockfile as package-lock.json. You should commit this file. info: cookie npm: | npm install successfully completed info: cookie npm: | test suite started info: passing module(s) | info: module name: | cookie info: version: | 0.3.1 info: done | The smoke test has passed. info: duration | test duration: 5105ms info: starting | cookie-signature info: lookup | cookie-signature info: lookup-notfound | cookie-signature info: lookup-githead | https://github.com/visionmedia/node-cookie-signature/archive/1e5f40d6c1f631a7fa43992e82918c1d78dbdb89.tar.gz info: cookie-signature npm:| Downloading project: https://github.com/visionmedia/node-cookie-signature/archive/1e5f40d6c1f631a7fa43992e82918c1d78dbdb89.tar.gz info: cookie-signature npm:| Project downloaded cookie-signature-1.1.0.tgz info: cookie-signature npm:| npm install started warn: cookie-signature npm-install:| npm notice warn: cookie-signature npm-install:| created a lockfile as package-lock.json. You should commit this file. info: cookie-signature npm:| npm install successfully completed info: cookie-signature npm:| test suite started info: passing module(s) | info: module name: | cookie-signature info: version: | 1.1.0 info: done | The smoke test has passed. info: duration | test duration: 5170ms info: starting | debug info: lookup | debug info: lookup-notfound | debug info: lookup-githead | https://github.com/visionmedia/debug/archive/e30e8fdbc92c4cf6b3007cd1c3ad2c3cbb82be85.tar.gz info: debug npm: | Downloading project: https://github.com/visionmedia/debug/archive/e30e8fdbc92c4cf6b3007cd1c3ad2c3cbb82be85.tar.gz info: debug npm: | Project downloaded debug-4.1.0.tgz info: debug npm: | npm install started warn: debug npm-install: | npm warn: debug npm-install: | WARN deprecated circular-json@0.5.9: CircularJSON is in maintenance only, flatted is its successor. warn: debug npm-install: | npm notice created a lockfile as package-lock.json. You should commit this file. warn: debug npm-install: | npm warn: debug npm-install: | WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules/fsevents): warn: | npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"}) info: debug npm: | npm install successfully completed info: debug npm: | test suite started info: passing module(s) | info: module name: | debug info: version: | 4.1.0 info: done | The smoke test has passed. info: duration | test duration: 30587ms info: starting | depd info: lookup | depd info: lookup-notfound | depd info: lookup-githead | https://github.com/dougwilson/nodejs-depd/archive/6d59c85d093092e65ec77033576417d743079fa0.tar.gz info: depd npm: | Downloading project: https://github.com/dougwilson/nodejs-depd/archive/6d59c85d093092e65ec77033576417d743079fa0.tar.gz info: depd npm: | Project downloaded depd-2.0.0.tgz info: depd npm: | npm install started warn: depd npm-install: | npm notice created a lockfile as package-lock.json. You should commit this file. info: depd npm: | npm install successfully completed info: depd npm: | test suite started info: passing module(s) | info: module name: | depd info: version: | 2.0.0 info: done | The smoke test has passed. info: duration | test duration: 7545ms info: starting | encodeurl info: lookup | encodeurl info: lookup-notfound | encodeurl info: lookup-githead | https://github.com/pillarjs/encodeurl/archive/1a7301e330bf20fd7c8c173102315e45cd1f5d1e.tar.gz info: encodeurl npm: | Downloading project: https://github.com/pillarjs/encodeurl/archive/1a7301e330bf20fd7c8c173102315e45cd1f5d1e.tar.gz info: encodeurl npm: | Project downloaded encodeurl-1.0.2.tgz info: encodeurl npm: | npm install started warn: encodeurl npm-install:| npm warn: encodeurl npm-install:| WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead. warn: encodeurl npm-install:| npm warn: encodeurl npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: encodeurl npm-install:| npm warn: encodeurl npm-install:| WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: encodeurl npm-install:| npm warn: encodeurl npm-install:| notice created a lockfile as package-lock.json. You should commit this file. info: encodeurl npm: | npm install successfully completed info: encodeurl npm: | test suite started info: passing module(s) | info: module name: | encodeurl info: version: | 1.0.2 info: done | The smoke test has passed. info: duration | test duration: 6476ms info: starting | escape-html info: lookup | escape-html info: lookup-notfound | escape-html info: lookup-githead | https://github.com/component/escape-html/archive/7ac2ea3977fcac3d4c5be8d2a037812820c65f28.tar.gz info: escape-html npm: | Downloading project: https://github.com/component/escape-html/archive/7ac2ea3977fcac3d4c5be8d2a037812820c65f28.tar.gz info: escape-html npm: | Project downloaded escape-html-1.0.3.tgz info: escape-html npm: | npm install started warn: escape-html npm-install:| npm notice warn: escape-html npm-install:| created a lockfile as package-lock.json. You should commit this file. info: escape-html npm: | npm install successfully completed info: escape-html npm: | test suite started error: failure | Module does not support npm-test! error: failing module(s) | error: module name: | escape-html error: version: | 1.0.3 error: error: | Module does not support npm-test! error: error: | undefinedadded 2 packages from 2 contributors and audited 2 packages in 1.229s error: | found 0 vulnerabilities error: | error: | error: | npm notice created a lockfile as package-lock.json. You should commit this file. error: done | The smoke test has failed. info: duration | test duration: 4052ms info: starting | etag info: lookup | etag info: lookup-notfound | etag info: lookup-githead | https://github.com/jshttp/etag/archive/9b1e3e41df31cda4080833c187120b91a7ce8327.tar.gz info: etag npm: | Downloading project: https://github.com/jshttp/etag/archive/9b1e3e41df31cda4080833c187120b91a7ce8327.tar.gz info: etag npm: | Project downloaded etag-1.8.1.tgz info: etag npm: | npm install started warn: etag npm-install: | npm warn: etag npm-install: | WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: etag npm-install: | npm WARN warn: etag npm-install: | deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: etag npm-install: | npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: etag npm-install: | npm notice warn: etag npm-install: | created a lockfile as package-lock.json. You should commit this file. info: etag npm: | npm install successfully completed info: etag npm: | test suite started info: passing module(s) | info: module name: | etag info: version: | 1.8.1 info: done | The smoke test has passed. info: duration | test duration: 6812ms info: starting | finalhandler info: lookup | finalhandler info: lookup-notfound | finalhandler info: lookup-githead | https://github.com/pillarjs/finalhandler/archive/024f493418f62a59592a98f07b23b265092c1006.tar.gz info: finalhandler npm: | Downloading project: https://github.com/pillarjs/finalhandler/archive/024f493418f62a59592a98f07b23b265092c1006.tar.gz info: finalhandler npm: | Project downloaded finalhandler-1.1.1.tgz info: finalhandler npm: | npm install started warn: finalhandler npm-install:| npm warn: finalhandler npm-install:| WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead. warn: finalhandler npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: finalhandler npm-install:| npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: finalhandler npm-install:| npm notice created a lockfile as package-lock.json. You should commit this file. warn: finalhandler npm-install:| npm warn: finalhandler npm-install:| WARN ajv-keywords@3.2.0 requires a peer of ajv@^6.0.0 but none is installed. You must install peer dependencies yourself. info: finalhandler npm: | npm install successfully completed info: finalhandler npm: | test suite started info: passing module(s) | info: module name: | finalhandler info: version: | 1.1.1 info: done | The smoke test has passed. info: duration | test duration: 7200ms info: starting | fresh info: lookup | fresh info: lookup-notfound | fresh info: lookup-githead | https://github.com/jshttp/fresh/archive/02df6303ff260b6b7da0b479f3e42222e8157b47.tar.gz info: fresh npm: | Downloading project: https://github.com/jshttp/fresh/archive/02df6303ff260b6b7da0b479f3e42222e8157b47.tar.gz info: fresh npm: | Project downloaded fresh-0.5.2.tgz info: fresh npm: | npm install started warn: fresh npm-install: | npm warn: fresh npm-install: | WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: fresh npm-install: | npm warn: fresh npm-install: | WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: fresh npm-install: | npm warn: fresh npm-install: | WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: fresh npm-install: | npm notice created a lockfile as package-lock.json. You should commit this file. info: fresh npm: | npm install successfully completed info: fresh npm: | test suite started info: passing module(s) | info: module name: | fresh info: version: | 0.5.2 info: done | The smoke test has passed. info: duration | test duration: 6812ms info: starting | merge-descriptors info: lookup | merge-descriptors info: lookup-notfound | merge-descriptors info: lookup-githead | https://github.com/component/merge-descriptors/archive/f26c49c3b423b0b2ac31f6e32a84e1632f2d7ac2.tar.gz info: merge-descriptors npm:| Downloading project: https://github.com/component/merge-descriptors/archive/f26c49c3b423b0b2ac31f6e32a84e1632f2d7ac2.tar.gz info: merge-descriptors npm:| Project downloaded merge-descriptors-1.0.1.tgz info: merge-descriptors npm:| npm install started warn: merge-descriptors npm-install:| npm warn: merge-descriptors npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: merge-descriptors npm-install:| npm warn: merge-descriptors npm-install:| WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: merge-descriptors npm-install:| npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: merge-descriptors npm-install:| npm warn: merge-descriptors npm-install:| WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: merge-descriptors npm-install:| npm warn: merge-descriptors npm-install:| notice created a lockfile as package-lock.json. You should commit this file. info: merge-descriptors npm:| npm install successfully completed info: merge-descriptors npm:| test suite started error: failure | The canary is dead: error: failing module(s) | error: module name: | merge-descriptors error: version: | 1.0.1 error: error: | The canary is dead: error: error: | undefinedadded 68 packages from 137 contributors and audited 83 packages in 1.641s error: | found 6 vulnerabilities (1 low, 1 moderate, 3 high, 1 critical) error: | run `npm audit fix` to fix them, or `npm audit` for details error: | error: | > merge-descriptors@1.0.1 test /tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors error: | > mocha --reporter spec --bail --check-leaks test/ error: | error: | error: | error: | merge(dest, src) error: | arguments error: | dest error: | 1) should be required error: | src error: | when merging objects error: | when property exists in src error: | error: | error: | 0 passing (6ms) error: | error: | error: | npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade error: | npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue error: | npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js error: | npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue error: | npm notice created a lockfile as package-lock.json. You should commit this file. error: | (node:18424) [DEP0006] DeprecationWarning: child_process: options.customFds option is deprecated. Use options.stdio instead. error: | 1 failing error: | error: | 1) merge(dest, src) arguments dest should be required: error: | TypeError [ERR_AMBIGUOUS_ARGUMENT]: The "error/message" argument is ambiguous. The error message "argument dest is required" is identical to the message. error: | at expectsError (assert.js:627:15) error: | at Function.throws (assert.js:694:3) error: | at context. (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/test/merge.js:19:16) error: | at callFn (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runnable.js:250:21) error: | at Test.Runnable.run (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runnable.js:243:7) error: | at Runner.runTest (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:373:10) error: | at /tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:451:12 error: | at next (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:298:14) error: | at /tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:308:7 error: | at next (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:246:23) error: | at Immediate. (/tmp/f6e53132-2520-47dc-946e-f635feec29f3/merge-descriptors/node_modules/mocha/lib/runner.js:275:5) error: | at processImmediate (timers.js:632:19) error: | error: | error: | npm ERR! Test failed. See above for more details. error: done | The smoke test has failed. info: duration | test duration: 5130ms info: starting | methods info: lookup | methods info: lookup-notfound | methods info: lookup-githead | https://github.com/jshttp/methods/archive/25d257d913f1b94bd2d73581521ff72c81469140.tar.gz info: methods npm: | Downloading project: https://github.com/jshttp/methods/archive/25d257d913f1b94bd2d73581521ff72c81469140.tar.gz info: methods npm: | Project downloaded methods-1.1.2.tgz info: methods npm: | npm install started warn: methods npm-install:| npm warn: methods npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: methods npm-install:| npm WARN warn: methods npm-install:| deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: methods npm-install:| npm warn: methods npm-install:| WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: methods npm-install:| npm WARN warn: methods npm-install:| deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: methods npm-install:| npm notice warn: methods npm-install:| created a lockfile as package-lock.json. You should commit this file. info: methods npm: | npm install successfully completed info: methods npm: | test suite started info: passing module(s) | info: module name: | methods info: version: | 1.1.2 info: done | The smoke test has passed. info: duration | test duration: 5085ms info: starting | on-finished info: lookup | on-finished info: lookup-notfound | on-finished info: lookup-githead | https://github.com/jshttp/on-finished/archive/34babcb58126a416fcf5205768204f2e12699dda.tar.gz info: on-finished npm: | Downloading project: https://github.com/jshttp/on-finished/archive/34babcb58126a416fcf5205768204f2e12699dda.tar.gz info: on-finished npm: | Project downloaded on-finished-2.3.0.tgz info: on-finished npm: | npm install started warn: on-finished npm-install:| npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: on-finished npm-install:| npm WARN warn: on-finished npm-install:| deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: on-finished npm-install:| npm WARN warn: on-finished npm-install:| deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: on-finished npm-install:| npm WARN warn: on-finished npm-install:| deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: on-finished npm-install:| npm warn: on-finished npm-install:| WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: on-finished npm-install:| npm notice warn: on-finished npm-install:| created a lockfile as package-lock.json. You should commit this file. info: on-finished npm: | npm install successfully completed info: on-finished npm: | test suite started error: failure | The canary is dead: error: failing module(s) | error: module name: | on-finished error: version: | 2.3.0 error: error: | The canary is dead: error: error: | undefinedadded 49 packages from 104 contributors and audited 62 packages in 2.574s error: | found 9 vulnerabilities (3 low, 1 moderate, 4 high, 1 critical) error: | run `npm audit fix` to fix them, or `npm audit` for details error: | error: | > on-finished@2.3.0 test /tmp/e2c04234-10a1-4a44-aaf7-4164bcca4d47/on-finished error: | > mocha --reporter spec --bail --check-leaks test/ error: | error: | error: | error: | onFinished(res, listener) error: | ✓ should invoke listener given an unknown object error: | when the response finishes error: | ✓ should fire the callback error: | ✓ should include the response object error: | ✓ should fire when called after finish error: | when using keep-alive error: | ✓ should fire for each response (47ms) error: | when requests pipelined error: | ✓ should fire for each request error: | when response errors error: | 1) should fire with error error: | when the response aborts error: | when calling many times on same response error: | error: | isFinished(res) error: | when requests pipelined error: | when response errors error: | when the response aborts error: | error: | onFinished(req, listener) error: | when the request finishes error: | when using keep-alive error: | when request errors error: | when the request aborts error: | when calling many times on same request error: | when CONNECT method error: | when Upgrade request error: | error: | isFinished(req) error: | when request data buffered error: | when request errors error: | when the request aborts error: | when CONNECT method error: | when Upgrade request error: | error: | error: | 6 passing (2s) error: | 1 failing error: | error: | 1) onFinished(res, listener) when response errors should fire with error: error: | Error: timeout of 2000ms exceeded. Ensure the done() callback is being called in this test. error: | error: | error: | error: | error: | error: | npm WARN deprecated minimatch@0.4.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue error: | npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade error: | npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue error: | npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue error: | npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js error: | npm notice created a lockfile as package-lock.json. You should commit this file. error: | npm ERR! Test failed. See above for more details. error: done | The smoke test has failed. info: duration | test duration: 7868ms info: starting | parseurl info: lookup | parseurl info: lookup-notfound | parseurl info: lookup-githead | https://github.com/pillarjs/parseurl/archive/0022a009d0973a44ae3849e83112ea4d12ad5b49.tar.gz info: parseurl npm: | Downloading project: https://github.com/pillarjs/parseurl/archive/0022a009d0973a44ae3849e83112ea4d12ad5b49.tar.gz info: parseurl npm: | Project downloaded parseurl-1.3.2.tgz info: parseurl npm: | npm install started warn: parseurl npm-install:| npm warn: parseurl npm-install:| WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead. warn: parseurl npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: parseurl npm-install:| npm WARN warn: parseurl npm-install:| deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: parseurl npm-install:| npm notice created a lockfile as package-lock.json. You should commit this file. info: parseurl npm: | npm install successfully completed info: parseurl npm: | test suite started info: passing module(s) | info: module name: | parseurl info: version: | 1.3.2 info: done | The smoke test has passed. info: duration | test duration: 6350ms info: starting | path-to-regexp info: lookup | path-to-regexp info: lookup-found | path-to-regexp info: path-to-regexp lookup-replace| https://github.com/pillarjs/path-to-regexp/archive/bcba87cbd47d8aa3f826a88a7f6ef5a77072c71a.tar.gz info: path-to-regexp npm: | Downloading project: https://github.com/pillarjs/path-to-regexp/archive/bcba87cbd47d8aa3f826a88a7f6ef5a77072c71a.tar.gz info: path-to-regexp npm: | Project downloaded path-to-regexp-2.4.0.tgz info: path-to-regexp npm: | npm install started info: path-to-regexp npm: | npm install successfully completed info: path-to-regexp npm: | test suite started info: passing module(s) | info: module name: | path-to-regexp info: version: | 2.4.0 info: done | The smoke test has passed. info: duration | test duration: 9321ms info: starting | proxy-addr info: lookup | proxy-addr info: lookup-notfound | proxy-addr info: lookup-githead | https://github.com/jshttp/proxy-addr/archive/0942626d371d6d4e4cd5c59f4be7e55c81efd357.tar.gz info: proxy-addr npm: | Downloading project: https://github.com/jshttp/proxy-addr/archive/0942626d371d6d4e4cd5c59f4be7e55c81efd357.tar.gz info: proxy-addr npm: | Project downloaded proxy-addr-2.0.4.tgz info: proxy-addr npm: | npm install started warn: proxy-addr npm-install:| npm notice created a lockfile as package-lock.json. You should commit this file. info: proxy-addr npm: | npm install successfully completed info: proxy-addr npm: | test suite started info: passing module(s) | info: module name: | proxy-addr info: version: | 2.0.4 info: done | The smoke test has passed. info: duration | test duration: 9448ms info: starting | qs info: lookup | qs info: lookup-notfound | qs info: lookup-githead | https://github.com/ljharb/qs/archive/34af57edde61639054ea7b38fdfce050cffdab29.tar.gz info: qs npm: | Downloading project: https://github.com/ljharb/qs/archive/34af57edde61639054ea7b38fdfce050cffdab29.tar.gz info: qs npm: | Project downloaded qs-6.6.0.tgz info: qs npm: | npm install started warn: qs npm-install: | npm warn: qs npm-install: | WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: qs npm-install: | npm WARN warn: qs npm-install: | deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: qs npm-install: | npm WARN warn: qs npm-install: | deprecated es6-collections@0.5.6: not actively maintained anymore warn: qs npm-install: | npm WARN prepublish-on-install As of npm@5, `prepublish` scripts are deprecated. warn: | npm WARN warn: qs npm-install: | prepublish-on-install Use `prepare` for build steps and `prepublishOnly` for upload-only. warn: | npm WARN prepublish-on-install See the deprecation note in `npm help scripts` for more information. info: qs npm: | npm install successfully completed info: qs npm: | test suite started info: passing module(s) | info: module name: | qs info: version: | 6.6.0 info: done | The smoke test has passed. info: duration | test duration: 23225ms info: starting | range-parser info: lookup | range-parser info: lookup-notfound | range-parser info: lookup-githead | https://github.com/jshttp/range-parser/archive/0665aca31639d799dee1d35fb10970799559ec48.tar.gz info: range-parser npm: | Downloading project: https://github.com/jshttp/range-parser/archive/0665aca31639d799dee1d35fb10970799559ec48.tar.gz info: range-parser npm: | Project downloaded range-parser-1.2.0.tgz info: range-parser npm: | npm install started warn: range-parser npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: range-parser npm-install:| npm WARN deprecated warn: range-parser npm-install:| minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: range-parser npm-install:| npm warn: range-parser npm-install:| WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: range-parser npm-install:| npm WARN warn: range-parser npm-install:| deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: range-parser npm-install:| npm warn: range-parser npm-install:| notice created a lockfile as package-lock.json. You should commit this file. info: range-parser npm: | npm install successfully completed info: range-parser npm: | test suite started info: passing module(s) | info: module name: | range-parser info: version: | 1.2.0 info: done | The smoke test has passed. info: duration | test duration: 14083ms info: starting | safe-buffer info: lookup | safe-buffer info: lookup-notfound | safe-buffer info: lookup-githead | https://github.com/feross/safe-buffer/archive/649435cc8e2d1f3ecdc7caf323f1cb1187307a16.tar.gz info: safe-buffer npm: | Downloading project: https://github.com/feross/safe-buffer/archive/649435cc8e2d1f3ecdc7caf323f1cb1187307a16.tar.gz info: safe-buffer npm: | Project downloaded safe-buffer-5.1.2.tgz info: safe-buffer npm: | npm install started warn: safe-buffer npm-install:| npm notice warn: safe-buffer npm-install:| created a lockfile as package-lock.json. You should commit this file. info: safe-buffer npm: | npm install successfully completed info: safe-buffer npm: | test suite started info: passing module(s) | info: module name: | safe-buffer info: version: | 5.1.2 info: done | The smoke test has passed. info: duration | test duration: 7640ms info: starting | send info: lookup | send info: lookup-notfound | send info: lookup-githead | https://github.com/pillarjs/send/archive/c378e25a4212eb0fff2c869cbf5d0d6606bbc389.tar.gz info: send npm: | Downloading project: https://github.com/pillarjs/send/archive/c378e25a4212eb0fff2c869cbf5d0d6606bbc389.tar.gz info: send npm: | Project downloaded send-0.16.2.tgz info: send npm: | npm install started warn: send npm-install: | npm warn: send npm-install: | WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead. warn: send npm-install: | npm warn: send npm-install: | WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: send npm-install: | npm warn: send npm-install: | WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: send npm-install: | npm notice created a lockfile as package-lock.json. You should commit this file. info: send npm: | npm install successfully completed info: send npm: | test suite started info: passing module(s) | info: module name: | send info: version: | 0.16.2 info: done | The smoke test has passed. info: duration | test duration: 11266ms info: starting | serve-static info: lookup | serve-static info: lookup-notfound | serve-static info: lookup-githead | https://github.com/expressjs/serve-static/archive/f287bd6c26ad2bfd0422c533b0358f2f4b16f7db.tar.gz info: serve-static npm: | Downloading project: https://github.com/expressjs/serve-static/archive/f287bd6c26ad2bfd0422c533b0358f2f4b16f7db.tar.gz info: serve-static npm: | Project downloaded serve-static-1.13.2.tgz info: serve-static npm: | npm install started warn: serve-static npm-install:| npm warn: serve-static npm-install:| WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead. warn: serve-static npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: serve-static npm-install:| npm warn: serve-static npm-install:| WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: serve-static npm-install:| npm warn: serve-static npm-install:| notice created a lockfile as package-lock.json. You should commit this file. info: serve-static npm: | npm install successfully completed info: serve-static npm: | test suite started error: failure | The canary is dead: error: failing module(s) | error: module name: | serve-static error: version: | 1.13.2 error: error: | The canary is dead: error: error: | undefinedadded 282 packages from 599 contributors and audited 603 packages in 3.56s error: | found 5 vulnerabilities (2 low, 1 moderate, 1 high, 1 critical) error: | run `npm audit fix` to fix them, or `npm audit` for details error: | error: | > serve-static@1.13.2 test /tmp/fb823eb7-a2d5-4f8e-8fff-ce1783afdfeb/serve-static error: | > mocha --reporter spec --bail --check-leaks test/ error: | error: | error: | error: | serveStatic() error: | basic operations error: | ✓ should require root path error: | ✓ should require root path to be string error: | ✓ should serve static files error: | ✓ should support nesting error: | ✓ should set Content-Type error: | ✓ should set Last-Modified error: | ✓ should default max-age=0 error: | ✓ should support urlencoded pathnames error: | ✓ should not choke on auth-looking URL error: | ✓ should support index.html error: | ✓ should support ../ error: | ✓ should support HEAD error: | ✓ should skip POST requests error: | ✓ should support conditional requests error: | ✓ should support precondition checks error: | ✓ should serve zero-length files error: | ✓ should ignore hidden files error: | current dir error: | ✓ should be served with "." error: | acceptRanges error: | when false error: | ✓ should not include Accept-Ranges error: | ✓ should ignore Rage request header error: | when true error: | ✓ should include Accept-Ranges error: | ✓ should obey Rage request header error: | cacheControl error: | when false error: | ✓ should not include Cache-Control error: | ✓ should ignore maxAge error: | when true error: | ✓ should include Cache-Control error: | extensions error: | ✓ should be not be enabled by default error: | ✓ should be configurable error: | ✓ should support disabling extensions error: | ✓ should support fallbacks error: | ✓ should 404 if nothing found error: | fallthrough error: | ✓ should default to true error: | when true error: | ✓ should fall-through when OPTIONS request error: | ✓ should fall-through when URL malformed error: | ✓ should fall-through when traversing past root error: | 1) should fall-through when URL too long error: | error: | error: | 34 passing (100ms) error: | 1 failing error: | error: | 1) serveStatic() fallthrough when true should fall-through when URL too long: error: | Error: expected 404 "Not Found", got 400 "Bad Request" error: | at Test._assertStatus (node_modules/supertest/lib/test.js:232:12) error: | at Test._assertFunction (node_modules/supertest/lib/test.js:247:11) error: | at Test.assert (node_modules/supertest/lib/test.js:148:18) error: | at Server.assert (node_modules/supertest/lib/test.js:127:12) error: | at emitCloseNT (net.js:1637:8) error: | at process.internalTickCallback (internal/process/next_tick.js:72:19) error: | error: | error: | error: | error: | npm WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead. error: | npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade error: | npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue error: | npm notice created a lockfile as package-lock.json. You should commit this file. error: | npm ERR! Test failed. See above for more details. error: done | The smoke test has failed. info: duration | test duration: 15086ms info: starting | setprototypeof info: lookup | setprototypeof info: lookup-notfound | setprototypeof info: lookup-githead | https://github.com/wesleytodd/setprototypeof/archive/8fc2c260d8b7da91133edefde49a3df461f220c8.tar.gz info: setprototypeof npm: | Downloading project: https://github.com/wesleytodd/setprototypeof/archive/8fc2c260d8b7da91133edefde49a3df461f220c8.tar.gz info: setprototypeof npm: | Project downloaded setprototypeof-1.1.0.tgz info: setprototypeof npm: | npm install started warn: setprototypeof npm-install:| npm warn: setprototypeof npm-install:| notice created a lockfile as package-lock.json. You should commit this file. info: setprototypeof npm: | npm install successfully completed info: setprototypeof npm: | test suite started error: failure | The canary is dead: error: failing module(s) | error: module name: | setprototypeof error: version: | 1.1.0 error: error: | The canary is dead: error: error: | undefinedup to date in 1.28s error: | found 0 vulnerabilities error: | error: | error: | > setprototypeof@1.1.0 test /tmp/86db1e7c-c5f3-42e7-b008-69b168282dbb/setprototypeof error: | > echo "Error: no test specified" && exit 1 error: | error: | Error: no test specified error: | error: | npm notice created a lockfile as package-lock.json. You should commit this file. error: | npm ERR! Test failed. See above for more details. error: done | The smoke test has failed. info: duration | test duration: 6826ms info: starting | statuses info: lookup | statuses info: lookup-notfound | statuses info: lookup-githead | https://github.com/jshttp/statuses/archive/4fcf6fb80ef50e8f0603b87946b0fa7868c815e7.tar.gz info: statuses npm: | Downloading project: https://github.com/jshttp/statuses/archive/4fcf6fb80ef50e8f0603b87946b0fa7868c815e7.tar.gz info: statuses npm: | Project downloaded statuses-1.5.0.tgz info: statuses npm: | npm install started warn: statuses npm-install:| npm WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: statuses npm-install:| npm warn: statuses npm-install:| WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: statuses npm-install:| npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: statuses npm-install:| npm notice warn: statuses npm-install:| created a lockfile as package-lock.json. You should commit this file. info: statuses npm: | npm install successfully completed info: statuses npm: | test suite started info: passing module(s) | info: module name: | statuses info: version: | 1.5.0 info: done | The smoke test has passed. info: duration | test duration: 7305ms info: starting | type-is info: lookup | type-is info: lookup-notfound | type-is info: lookup-githead | https://github.com/jshttp/type-is/archive/dc723b95e2c52c689cf9d4cefbc5d91e74f7524a.tar.gz info: type-is npm: | Downloading project: https://github.com/jshttp/type-is/archive/dc723b95e2c52c689cf9d4cefbc5d91e74f7524a.tar.gz info: type-is npm: | Project downloaded type-is-1.6.16.tgz info: type-is npm: | npm install started warn: type-is npm-install:| npm warn: type-is npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: type-is npm-install:| npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: type-is npm-install:| npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: type-is npm-install:| npm warn: type-is npm-install:| notice created a lockfile as package-lock.json. You should commit this file. info: type-is npm: | npm install successfully completed info: type-is npm: | test suite started info: passing module(s) | info: module name: | type-is info: version: | 1.6.16 info: done | The smoke test has passed. info: duration | test duration: 6465ms info: starting | utils-merge info: lookup | utils-merge info: lookup-notfound | utils-merge info: lookup-githead | https://github.com/jaredhanson/utils-merge/archive/680a65305312a990751fd32b83bd2c12d67809d4.tar.gz info: utils-merge npm: | Downloading project: https://github.com/jaredhanson/utils-merge/archive/680a65305312a990751fd32b83bd2c12d67809d4.tar.gz info: utils-merge npm: | Project downloaded utils-merge-1.0.1.tgz info: utils-merge npm: | npm install started warn: utils-merge npm-install:| npm warn: utils-merge npm-install:| WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: utils-merge npm-install:| npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: utils-merge npm-install:| npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js warn: utils-merge npm-install:| npm warn: utils-merge npm-install:| notice created a lockfile as package-lock.json. You should commit this file. info: utils-merge npm: | npm install successfully completed info: utils-merge npm: | test suite started info: passing module(s) | info: module name: | utils-merge info: version: | 1.0.1 info: done | The smoke test has passed. info: duration | test duration: 5372ms info: starting | vary info: lookup | vary info: lookup-notfound | vary info: lookup-githead | https://github.com/jshttp/vary/archive/4067e646233fbc8ec9e7a9cd78d6f063c6fdc17e.tar.gz info: vary npm: | Downloading project: https://github.com/jshttp/vary/archive/4067e646233fbc8ec9e7a9cd78d6f063c6fdc17e.tar.gz info: vary npm: | Project downloaded vary-1.1.2.tgz info: vary npm: | npm install started warn: vary npm-install: | npm warn: vary npm-install: | WARN deprecated to-iso-string@0.0.2: to-iso-string has been deprecated, use @segment/to-iso-string instead. warn: vary npm-install: | npm warn: vary npm-install: | WARN deprecated jade@0.26.3: Jade has been renamed to pug, please install the latest version of pug instead of jade warn: vary npm-install: | npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue warn: vary npm-install: | npm notice created a lockfile as package-lock.json. You should commit this file. info: vary npm: | npm install successfully completed info: vary npm: | test suite started info: passing module(s) | info: module name: | vary info: version: | 1.1.2 info: done | The smoke test has passed. info: duration | test duration: 7480ms ```

TLDR

• accepts: ✔️
• array-flatten: ✔️
• body-parser: ✔️
• content-disposition: ✔️
• content-type: ✔️
• cookie: ✔️
• cookie-signature: ✔️
• debug: ✔️
• depd: ✔️
• encodeurl: ✔️
• escape-html: ❌ (no npm test script)
• etag: ✔️
• finalhandler: ✔️
• fresh: ✔️
• merge-descriptors: ❌ (wrong usage of assert.throws)
• methods: ✔️
• on-finished: ❌ (timeout at onFinished(res, listener) when response errors should fire with error)
• parseurl: ✔️
• path-to-regexp: ✔️
• proxy-addr: ✔️
• qs: ✔️
• range-parser: ✔️
• safe-buffer: ✔️
• send: ✔️
• serve-static: ❌ (Error: expected 404 "Not Found", got 400 "Bad Request" at serveStatic() fallthrough when true should fall-through when URL too long)
• setprototypeof: ❌ (no npm test script)
• statuses: ✔️
• type-is: ✔️
• utils-merge: ✔️
• vary: ✔️

[mcollina]

I think we should start adding the passing ones immediately, and then add the other ones as soon as they pass.