SuperTest

HTTP assertion library for Node.js that enables testing Express, Koa, Fastify, and other Node.js HTTP servers without starting a real server. SuperTest wraps superagent (HTTP client) with test assertion capabilities — make HTTP requests to your server in tests and assert on response status, headers, and body in a fluent API. The standard choice for Node.js API integration testing with Jest or Mocha.

Evaluated Mar 06, 2026 (0d ago) v6+
Homepage ↗ Repo ↗ Developer Tools testing http api-testing express node integration-testing
⚙ Agent Friendliness
67
/ 100
Can an agent use this?
🔒 Security
86
/ 100
Is it safe for agents?
⚡ Reliability
81
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
85
Error Messages
82
Auth Simplicity
95
Rate Limits
100

🔒 Security

TLS Enforcement
90
Auth Strength
85
Scope Granularity
85
Dep. Hygiene
82
Secret Handling
88

Testing library — no production security concerns. In-process testing doesn't expose server to external network.

⚡ Reliability

Uptime/SLA
85
Version Stability
80
Breaking Changes
78
Error Recovery
82
AF Security Reliability

Best When

You're writing Node.js API integration tests and want to make real HTTP requests against your Express/Fastify server in tests without network round-trips.

Avoid When

You need to test browser behavior, load test APIs, or mock external HTTP calls — those are different tools.

Use Cases

  • Write integration tests for Express/Fastify REST APIs that make real HTTP requests against the server without network overhead
  • Test API authentication flows — login endpoints, token refresh, protected route responses — in Node.js integration tests
  • Assert on HTTP response status codes, headers, and JSON bodies in CI pipelines for backend agent APIs
  • Test file upload endpoints with multipart form data using SuperTest's field/attach API
  • Validate API contract compliance in automated agent test suites that run against the full server stack

Not For

  • Browser-based API testing — SuperTest is Node.js only; use Playwright or Cypress for browser HTTP testing
  • Load testing or performance benchmarking — use k6 or Artillery for load testing
  • Testing third-party APIs — SuperTest tests your own server; use nock for mocking external HTTP calls

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

No authentication — testing library. Auth headers passed per-request in test: .set('Authorization', 'Bearer token').

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

MIT-licensed open source library.

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • SuperTest creates an in-process HTTP server from your app — don't call app.listen() in tests; pass the app directly to request(app)
  • Database state persists between tests unless explicitly reset — use beforeEach hooks to clear test data; shared state causes test ordering dependencies
  • Async tests must return the promise or use done() callback — forgetting return or async/await causes tests to pass silently without executing assertions
  • Cookie-based auth requires agent() to persist session across requests: const agent = request.agent(app) — stateless request() doesn't persist cookies
  • SuperTest v7 moved to ESM — CommonJS require() patterns may fail; check version compatibility with your test runner setup
  • Response body parsing depends on Content-Type header — server must return correct Content-Type for .body to be parsed as JSON; plain text response with JSON body won't auto-parse

Alternatives

vitest-api jest-api playwright-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for SuperTest.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5208
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered