{"id":13681177,"url":"https://github.com/willhlaw/firestore-security-tests","last_synced_at":"2026-01-21T03:06:50.659Z","repository":{"id":57236829,"uuid":"113773062","full_name":"willhlaw/firestore-security-tests","owner":"willhlaw","description":"Setup and run tests to verify Firestore security rules","archived":false,"fork":false,"pushed_at":"2018-10-01T08:48:34.000Z","size":80,"stargazers_count":38,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-05T21:45:05.187Z","etag":null,"topics":["firebaserules","firestore","google-apis","rules","security","testing"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/willhlaw.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-12-10T18:26:04.000Z","updated_at":"2021-06-08T19:59:24.000Z","dependencies_parsed_at":"2022-08-26T15:10:10.270Z","dependency_job_id":null,"html_url":"https://github.com/willhlaw/firestore-security-tests","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/willhlaw/firestore-security-tests","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willhlaw%2Ffirestore-security-tests","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willhlaw%2Ffirestore-security-tests/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willhlaw%2Ffirestore-security-tests/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willhlaw%2Ffirestore-security-tests/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/willhlaw","download_url":"https://codeload.github.com/willhlaw/firestore-security-tests/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willhlaw%2Ffirestore-security-tests/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28624343,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T02:47:06.670Z","status":"ssl_error","status_checked_at":"2026-01-21T02:45:44.886Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firebaserules","firestore","google-apis","rules","security","testing"],"created_at":"2024-08-02T13:01:27.411Z","updated_at":"2026-01-21T03:06:50.644Z","avatar_url":"https://github.com/willhlaw.png","language":"JavaScript","readme":"# firestore-security-tests\n\n[![standard-readme compliant](https://img.shields.io/badge/standard--readme-OK-green.svg?style=flat-square)](https://github.com/RichardLitt/standard-readme)\n\n\u003e Setup and run tests to verify Firestore security rules\n\nThis library provides programmatic access to test Firestore security rules.\n\n## Table of Contents\n\n* [Background](#background)\n* [Install](#install)\n* [Usage](#usage)\n* [Maintainers](#maintainers)\n* [Contribute](#contribute)\n* [License](#license)\n\n## Background\n\nFirebase Real Time DataBase has an interactive UI for testing rules, but Firestore does not. Furthermore, the community have built libraries to programmatically test security rules Firebase RTDB, but nothing exists for Firestore. See [this issue](https://github.com/firebase/bolt/issues/216) that gives additional background and inspired this library.\n\n## Install\n\n```sh\n  npm install firestore-security-tests --save-dev\n```\n\n## Usage\n\n### 1. CREDENTIALS\n\nYou need to set **GOOGLE_APPLICATION_CREDENTIALS** enviroment variables to the path of your project's credentials JSON path.\n\nTo get a credentials JSON file, read the **Add Firebase to your app** section of the [Firebase Admin setup page](https://firebase.google.com/docs/admin/setup):\n\nTo use the Firebase Admin SDKs, you'll need a Firebase project, a service account to communicate with the Firebase service, and a configuration file with your service account's credentials.\n\n1. Navigate to the [Service Accounts](https://console.firebase.google.com/project/_/settings/serviceaccounts/adminsdk) tab in your project's settings page.\n1. Select your Firebase project. If you don't already have one, click **Create New Project**. If you already have an existing Google project associated with your app, click **Import Google Project** instead.\n1. Click the **Generate New Private Key** button at the bottom of the **Firebase Admin SDK** section of the **Service Accounts** tab.\n\nAfter you click the button, a JSON file containing your service account's credentials will be downloaded. The environment variable **GOOGLE_APPLICATION_CREDENTIALS** will need to be the path to this JSON file.\n\n### 2. Create a testResource object\n\nThere are two top-level objects [source](https://www.any-api.com/googleapis_com/firebaserules/docs/Definitions/Source) and [testSuite](https://www.any-api.com/googleapis_com/firebaserules/docs/Definitions/TestSuite). _source_ contains information about the Rules you want to test (copy and paste your current Firestore/Storage rules here), while _testSuite_ contains an array of test cases to run against the provided source.\n\nBelow is a contrived example you can use:\n\n```js\nvar testResourceObj = {\n  source: {\n    files: [\n      {\n        name: 'firestore.rules',\n        content: `service cloud.firestore {\n              match /databases/{database}/documents {match /{document=**} {allow read: if request.auth.uid != '7QLCpgSZ5CdaVhj52GC50jhe1o02-INVALID' allow write: if false\n                }\n              }\n            }`\n      }\n    ]\n  },\n  testSuite: {\n    testCases: [\n      {\n        expectation: 'ALLOW', // Can be 'ALLOW' or 'DENY'\n        request: {\n          auth: {\n            uid: '7QLCpgSZ5CdaVhj52GC50jhe1o02'\n          },\n          path: '/databases/(default)/documents/licenses/abcd',\n          method: 'get'\n        },\n        functionMocks: [\n          {\n            function: 'get',\n            args: [{ exact_value: '/databases/(default)/documents/users/123' }],\n            result: { value: { data: { accountId: 'abcd' } } }\n          }\n        ]\n      }\n    ]\n  }\n};\n```\n\n### 3. Create a _test.js_ file\n\n```js\nvar testSecurityRules = require('firestore-security-tests').testSecurityRules;\n\nvar testResourceObj = {\n  source: {\n    files: [\n      {\n        name: 'firestore.rules',\n        content: `service cloud.firestore {\n              match /databases/{database}/documents {match /{document=**} {allow read: if request.auth.uid != '7QLCpgSZ5CdaVhj52GC50jhe1o02-INVALID' allow write: if false\n                }\n              }\n            }`\n      }\n    ]\n  },\n  testSuite: {\n    testCases: [\n      {\n        expectation: 'ALLOW',\n        request: {\n          auth: {\n            uid: '7QLCpgSZ5CdaVhj52GC50jhe1o02'\n          },\n          path: '/databases/(default)/documents/licenses/abcd',\n          method: 'get'\n        },\n        functionMocks: [\n          {\n            function: 'get',\n            args: [{ exact_value: '/databases/(default)/documents/users/123' }],\n            result: { value: { data: { accountId: 'abcd' } } }\n          }\n        ]\n      }\n    ]\n  }\n};\n\ntestSecurityRules(printResults, testResourceObj, { verbose: true });\n\nfunction printResults(resultsObj) {\n  var projectId = resultsObj.projectId,\n    testResults = resultsObj.testResults,\n    error = resultsObj.error,\n    errMsg = resultsObj.errMsg;\n\n  if (error) {\n    return console.error('\\n\\ntestSecurityRules ERRORED:\\n\\n', errMsg, error);\n  }\n\n  console.log('\\nTest results for '.concat(projectId, ':\\n'));\n  testResults.forEach(function(testResult) {\n    return console.log(testResult.toString());\n  });\n}\n```\n\n### 4. Run it\n\n```sh\n$\u003e GOOGLE_APPLICATION_CREDENTIALS=path/to/credential/file.json node ./test.js\n```\n\n## Maintainers\n\n[@willhlaw](https://github.com/willhlaw)\n\n## Versioning\n\nWe use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/willhlaw/firestore-security-rules/tags).\n\n## Contribute\n\nPRs accepted.\n\nSmall note: If editing the README, please conform to the [standard-readme](https://github.com/RichardLitt/standard-readme) specification.\n\n## License\n\nMIT © 2017 Will Lawrence\n","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillhlaw%2Ffirestore-security-tests","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwillhlaw%2Ffirestore-security-tests","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillhlaw%2Ffirestore-security-tests/lists"}