node package manager



npm build windows coverage code climate

Tasty helps test fully assembled web applications in nearly-production environment on real clients as real users.

npm install -g tasty

Tasty supports both multiple and single page applications (with server rendering too) and code coverage. It respects Content Security Policy and SSL/TLS.

How it works

Tasty server controls connected clients to run your tests against your application. console

Client can emulate real user: navigate, fill forms, check content. browser

  1. Add tasty.js module to your assembly or markup.
  2. Assemble and serve your application from staging server.
  3. Provide CSP directives for Tasty and use test certificates, if needed.
  4. Write tests for your preferred test framework using Tasty async tools.
  5. Run Tasty server. Open application in any of your clients.
  6. For each client Tasty will run your tests and return all output.
  7. Edit tests, Tasty will re-run them automatically, if needed.

Is Selenium server needed?

No. Tasty is intended to run inside browser environment without WebDriver.

However, you can use Selenium-driven clients and headless browsers like PhantomJS or SlimerJS to work with Tasty.

Why Tasty?

The main purposes are:

  1. Emulate real user experience.
  2. Support any client without WebDriver.

Tasty gives you only high-level tools to help treat your application as a black box, just like real user does. Interact with text and graphics, not with heartless HTML elements. Try not to use knowledge of your application's markup, assume you're helping a real person to achieve some goals.

Similar tools

Protractor and WebdriverIO are Selenium-based end-to-end test frameworks useful for intergration testing. Also take a look at Appium, CasperJS and Selendroid.

Karma and Testee are great tools for cross-browser unit testing.


Serve your application.

        <script src="//localhost:8765/tasty.js"></script> 
        <form action="/dashboard">
            <input placeholder="Username" type="text" />
            <input placeholder="Password" type="password" />
            <input value="Log in" type="submit" />

Write a test (this one uses Mocha).

describe('login form', function() {
    it('logs user in', function() {
        click('Log in');
        return now();

Run Tasty server.

tasty test.js --username 'John Doe' --password 'secret!'

Open your application in your client. Tasty will run the test, print all output and exit.


Tasty server is a bridge between the clients and the test runner, it controls each client and runs tests written using Tasty tools.

Use --url flag to configre server's own URL.


Tasty client is a small extendable UMD module that connects to the server and executes its commands.


Tasty supports any test frameworks that support asynchronous tests.

There are built-in runners for Mocha, Jasmine and QUnit. Provide --runner <name> flag to use one of them. For other frameworks, use Tasty programmatically from your runner.

Chai, its plugins and other helper libraries are supported by providing --addon <name>,<name>... flag. For example, --addon chai,chai-as-promised,chai-http works fine.

Use --watch flag to watch for changes or run on several clients. See tasty --help for more information.

Static server

You can run built-in static server on the same URL by passing --static <path/to/root> flag.

Code coverage

When serving application from its own server, you should instrument JavaScript code for coverage by yourself. Tasty's static server has built-in support for Istanbul and NYC (aka Istanbul 2) to automatically do it for you.


For Tasty server running on localhost:8765/path you should add the following CSP directives for Tasty client to work properly:

connect-src localhost:8765/path ws://localhost:8765/path wss://localhost:8765/path
script-src localhost:8765/path/*.js

Unfortunately, both Istanbul and NYC instrumenters use new Function() to get top-level scope. To use one of them, you have to add the following directive:

script-src 'unsafe-eval'

Remember, CSP allows consequently applied directives to only restrict the resulting set, i.e. meta tags can't expand/loose header directives and vice versa.

Check out a great tool for generating and validating CSP directives.

Browser support

sauce labs

browser support

Known issues


Tasty client runs inside JavaScript sandbox, so it simply can't emulate real interaction, as debugging protocols or WebDriver can.

Highly fragmented text

Currently Tasty can't find text +1 123 456-78-90 in the following case:

+1 <input type="tel" placeholder="123 456-78-90" />

In other words, it's too hard to join text fragments of textContent, value/placeholder, :before/:after etc.


Work is in progress.

Search cannot detect alt attribute yet.

Auto-focus elements

When using auto-focus elements (such as input), you could encounter cannot type into active node <body /> error when window loses its focus, which causes type and paste tools to fail.

If you don't want to focus such elements explicitly (using click or something else), make sure that client window remain focused during tests. For WebDriver clients you could maximize window or use alert() workaround to focus reliably.

Additionally, Chrome DevTools could force current tab to lose focus, with the same results.

Browser UI

Some elements of browser itself, such as tooltips from title attribute or HTML5 Form validation messages, could be potentially detected, but currently aren't supported.



Each tool adds corresponding action to the runner queue instead of performing that action immediately. This allows to write tests in synchronous manner.

type('John Doe');

Queue is executed after now() call without arguments, which returns Promise instance.

it('does something', function() {
    return now();

Your testing framework may prefer callback for async tests.

it('works', function(done) {

Ready state

For testing SPA (or rich MPA) you can provide a method for Tasty to ensure that client is ready for the next action.

The simpliest way is to just wait after using some tools.

ready('delay', 1000);

You may override the list of tools to wait after.

ready('delay', 1000, [

You always can manually add a delay into queue.


There could be enough to just check if DOM is ready...

ready('document'); // 'DOMContentLoaded' aka 'interactive' readyState 
ready('window'); // 'load' aka 'complete' readyState 

...and maybe wait a little bit.

ready('document', 500);
ready('window', 500);

Another way is to provide some application-specific code.

    // This function is executed on client, test will continue when it will return true. 
    function() {
        return !document.getElementsByClassName('progress').length;
    // This function is executed on client, test will continue when promise will be resolved. 
    function(tasty) {
        // tasty.thenable is a built-in Promise for non-supporting browsers. 
        return tasty.thenable(
            function(resolve, reject) {

Note that built-in methods cannot be combined.

Data from client

Some tools could be called without arguments to get data from client.

it('reads', function() {
    return now();
it('remembers', function() {
    return now();
it('remembers', function() {
                (value) => value + 'blah'
    return now();

Custom logic

The now(...) call with function(s) allows you to add some custom logic into test, but you should use now.* namespace for tools.

it('chooses', function() {
        () => now.text('Welcome back')
                () =>'Log in'),
                () =>'Sign up')
    return now();

The now.smth() is the same as just smth(), but runs immediately. You should use now.* tools only inside now(...) call if you don't want to break execution order.

it('searches', function() {
            () => now.text('Chapter 42', 'h1')
                    () =>'Next')
    return now();

API reference

Security recommendations

On staging or other near-production environment, Tasty can't pass (re)CAPTCHA or two-factor authentication for you.

Permanent secrets

Store passwords in CIS and pass credentials into command line. All arguments will be available in tasty.config object.

One-off secrets

Get two-factor nonces from backdoor or use paid services to mock real mobile phones.


Use reCAPTCHA testing sitekey and secret for testing environment.

Instead of trying to click on iframed content, simply fake reCAPTCHA response with some suitable string, e.g.

exec(function() {
    document.querySelector('[name="g-recaptcha-response"]').value = '03AHJ_VuvHyNQjrLnMZ6eGbmdDZQ3Qma4CBrMSWSOzTcqB8rdl3tbIN1gzAWkB4jPi1qCE-aEw-hx7ns9DuzwNe7bW4E5rCc23SDFs9fQJGqAM27AeNKeg0q6ByJEC3ig3ydkrEzwVd56fi1oyDTVAvwpGCTtg8rjBRYqwn7qDnCp8Fw6Iq6h5vQKc7KtX4mW33QUL8Y5HzJReMDqZio8Rf6zmyqGGcOurvo6Gw4_exJfwcnK0CcnQUpbjlr3-9Mm-1fKeUq_q6s6plM7-2Rc2WNgYdguvp6yxZyyxr5IUKZk1eCvwgxu97zdbM3bPjfuuccrvie4LTGjasRYobPF51H5TbSm3-FacdHJ5usgMSjII6Cba7IaH4NQDPJqyO7ltWH1uPPRybuJmJk1AWALebHTiM-4loixaiI-47JCrBUeJGPPR9A8Q1UfduaZmzP0CrDj5YfFbVzHncDh4ac_KghXgehxbEQ2eD2Qwo18wlc87U-aQQqJLBkvlRUABHDGeWcyRvEzTPnpXfsmbK7Y2WlU4_zbCqtVAdR-pmp3MALqA-njyDtRZmtHsvsVVGvtVXy9UMlGRc4YwmvSyxg0fRegX13K7lMfnY9qqoNV23ZtB3fiQTUwjZnAe0F3KKArRTAt4XFjOJKIaz6-8TxHtqcPfejehTpkOJ0M7cDB3wi9_7BxNu758D6CfqgAXGKqH-kV42K6SJ69S50Lhl3t1l7rEWXmJi5vCEvQ2yHReL1XGtNygpt-WM0qlDiGswUITnUSire2c0JU84vTQCQ3AFZLWXX3eypwRHmyWXvUQAho9LqHZuV_qXoyiyK0SbCZW6lSW4CucElsy5XOpNAFCTgxtY4gTZgnR9uB_JHCjF69ibMeQeUPGNWahECJiRp49TpZi928wvGY_';

For testing sitekey and secret, reCAPTCHA server should accept the same g-recaptcha-response unlimited number of times.

If example above doesn't work (e.g. response format is changed), get new fake g-recaptcha-response string:

  • manually click on testing reCAPTCHA,
  • inspect XHR response or value property of <textarea name="g-recaptcha-response" /> on the page.

For other CAPTCHA implementations, get answers from backdoor.


Do not use production certificates with Tasty: server is not intended to be accessible from external networks.

Use Let's encrypt, self-signed non-CA certificates or set up your own CA.


npm run prepublish


npm test

Main tests use SlimerJS which requires Firefox to be installed.

Real-browser support tests are automated for SauceLabs environment and require TRAVIS_JOB_NUMBER, SAUCE_USERNAME and SAUCE_ACCESS_KEY environment variables, which are kindly provided by TravisCI.



Everything works fine, yay!