Testing & Assurance

Keythings Wallet ships with a comprehensive set of tests and security suites. This page explains how they fit together and where to find deeper docs.

Core test commands

From the monorepo root, the README documents the main commands:

  • bun run test — runs unit, integration, e2e, manifest validation, and all security suites together.
  • bun run test:unit — fast unit tests.
  • bun run test:integration — integration tests for cross-module behavior.
  • bun run test:e2e — Playwright-based end-to-end tests for the extension.
  • bun run lint — static analysis and linting.
  • bun run build — production build (run once per change set).
  • bun run security — primary security entrypoint; runs all security suites (viasecurity:all) followed by bun audit for dependency vulnerabilities.
  • bun run security:all — runs security:comprehensive, security:advanced,security:crypto, security:ui, and security:fuzz without the audit step.
  • bun run security:comprehensive — comprehensive fuzzing, secret input, and wallet property-based security suites.
  • bun run security:advanced — advanced differential, mutation, chaos, timing, and side-channel tests for wallet internals.

Security-focused suites

The docs in this section go into detail on specialized security testing. See the following pages for full breakdowns, code excerpts, and example findings:

Who should use these suites?

  • dApp developers — run unit, integration, and e2e tests when you integrate with the extension.
  • Enterprise integrators — run the full bun run test flow before rolling out to production fleets. Use bun run security when you want a dedicated security pass that includes all suites and the dependency audit, or the more granular security:* commands for focused runs.
  • Security auditors — review the specialized testing docs and the latest security report for evidence and coverage.
17 of 27