Skip to main content

Track Record

Some examples of key projects with bugs detected by fast-check


There is no doubt about the efficiency of bug-detection capabilities provided by fast-check when it comes to critical open-source projects. It has successfully identified bugs in key projects within the JavaScript ecosystem, including utility libraries like underscore.js and test runners such as jest and jasmine.

Here is a non-exhaustive list of issues linked to identified and confirmed bugs opened thanks to fast-check: adobe/react-spectrum#2065, devongovett/regexgen#33, facebook/react#18661, gcanti/io-ts#214, HdrHistogram/HdrHistogramJS#9, jashkenas/underscore#2815, jasmine/jasmine#1764, jestjs/jest#7937, jestjs/jest#7941, jestjs/jest#7975, jestjs/jest#8403, jestjs/jest#11055, jestjs/jest#11056, jezen/is-thirteen#558, left-pad/left-pad#58, manishsaraan/email-validator#40, numpy/numpy#15394, streamich/react-use#788, trekhleb/javascript-algorithms#102, trekhleb/javascript-algorithms#129, trekhleb/javascript-algorithms#305, trekhleb/javascript-algorithms#306, trekhleb/javascript-algorithms#307, trekhleb/javascript-algorithms#308

It also found back most of the CVEs related to prototype poisoning reported on lodash.

Detailed examples


GitHub stars

Issue detected: counting sort algorithm was really badly handling negative integer values [more]

Code example: sort([-1]) produces [null]

Issue detected: knutt morris pratt implementation considered "" was not a substring of "" [more]

Code example:

knuthMorrisPratt('', ''); //=> -1
knuthMorrisPratt('a', 'a'); //=> 0

Issue detected: integer overflows and rounding issues in the implementation of rabin karp [more][+]

Code example:

rabinKarp("^ !/'#'pp", " !/'#'pp") //=> -1
// expected to be 2

rabinKarp("a\u{10000}", "\u{10000}") //=> -1
// After 1st fix: issues with unicode characters outside BMP plan
rabinKarp("a耀a","耀a")) //=> 1
rabinKarp("\u0000耀\u0000","耀\u0000")) //=> -1
// After 2nd fix

Issue detected: longest common substring algorithm not properly handling unicode characters outside BMP plan [more]

Code example:

longestCommonSubstr('𐌵𐌵**ABC', '𐌵𐌵--ABC'); //=> "𐌵𐌵"
// expected to be "ABC"


GitHub stars monthly downloads

Issue detected: toStrictEqual fails to distinguish 0 from 5e-324 [more]

Code example: expect(0).toStrictEqual(5e-324) succeeds

Issue detected: toEqual not symmetric for Set [more]

Code example:

const s1 = new Set([false, true]);
const s2 = new Set([new Boolean(true), new Boolean(true)]);

expect(s1).not.toEqual(s2); // success
expect(s2).not.toEqual(s1); // failure


GitHub stars monthly downloads

Issue detected: enabling !!int: binary style when dumping negative integers produces invalid content [more]

Code example: yaml.dump({toto: -10}, {styles:{'!!int':'binary'}}) produces toto: 0b-1010 not toto: -0b1010


GitHub stars monthly downloads

Issue detected: enabling the bracket setting when exporting arrays containing null values produces an invalid output for the parser [more]

Code example:

m.stringify({ bar: ['a', null, 'b'] }, { arrayFormat: 'bracket' }); //=> "bar[]=a&bar&bar[]=b"
m.parse('bar[]=a&bar&bar[]=b', { arrayFormat: 'bracket' }); //=> {bar: [null, 'b']}


GitHub stars monthly downloads

Issue detected: unicode characters outside of the BMP plan are not handled consistently [more]

Code example:

leftPad('a\u{1f431}b', 4, 'x'); //=> 'a\u{1f431}b'  -- in: 3 code points, out: 3 code points
leftPad('abc', 4, '\u{1f431}'); //=> '\u{1f431}abc' -- in: 3 code points, out: 4 code points


GitHub stars monthly downloads

Issue detected: unability to parse string values starting by :, [more]

Code example:

YAML.stringify([[':,']]); //=> '- - :,\n'
YAML.parse('- - :,\n'); //=> YAMLSyntaxError: Document is not valid YAML (bad indentation?)

Issue detected: some extra spaces added or removed during the parsing [more]

Code example:

YAML.parse(YAML.stringify([{ k: `!""""""""""""""""""""""""""""""""""#"\\ '` }]));
//=> [{k: `!""""""""""""""""""""""""""""""""""#"\\'`}]


GitHub stars monthly downloads

Issue detected: -0 was not stringified correctly [more]

Code example: stringify(-0) produces "0" instead of "-0"


GitHub stars monthly downloads

Issue detected: signing an object with specific keys (toString, valueOf, hasOwnProperty, __proto__...) crashes with an error [more]

Code example:

jwt.sign({ valueOf: 0 }, 'some-key');
//=> throws TypeError `validator.isValid is not a function`