DEV.co
Open-Source Testing · mountebank-testing

mountebank

Mountebank is an open-source service virtualization and mocking tool that lets you create lightweight test doubles for HTTP, TCP, SMTP, gRPC, WebSockets, and other protocols. It supports stubbing, mock verification, and record-playback, making it useful for testing microservices and APIs without hitting real external dependencies.

Source: GitHub — github.com/mountebank-testing/mountebank
2.1k
GitHub stars
292
Forks
JavaScript
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorymountebank-testing/mountebank
Ownermountebank-testing
Primary languageJavaScript
LicenseMIT — OSI-approved
Stars2.1k
Forks292
Open issues90
Latest releasev2.9.4 (2026-04-15)
Last updated2026-06-30
Sourcehttps://github.com/mountebank-testing/mountebank

What mountebank is

Node.js-based service virtualization platform offering protocol-agnostic stubbing via predicates, JavaScript injection for dynamic responses, and proxying for record-playback. Implements 12+ protocols natively or via community extensions; performance-tested at scale by Capital One for high-volume load testing.

Quickstart

Get the mountebank source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/mountebank-testing/mountebank.gitcd mountebank# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Microservices Integration Testing

Mock external HTTP/gRPC/TCP services in CI/CD pipelines to isolate unit and integration tests from live dependencies, reducing flakiness and test duration.

Performance & Load Testing

Use mountebank as a lightweight, scalable mock server to simulate high-volume traffic scenarios without provisioning real downstream services, as Capital One did for cloud migration testing.

Multi-Protocol Service Stubbing

Test systems communicating over diverse protocols (HTTP, HTTPS, TCP, SMTP, LDAP, gRPC, WebSockets) from a single virtualization platform, reducing tool sprawl.

Implementation considerations

  • Requires Node.js runtime; plan for npm dependency management and security scanning of transitive deps.
  • Mock predicates use JavaScript evaluation; sanitize or restrict custom predicate logic in multi-tenant scenarios.
  • Protocol support varies—HTTP/HTTPS are native; gRPC, WebSockets, SMTP etc. may be community extensions (verify maintenance status).
  • Configuration via API or JSON; design IaC/GitOps workflows to manage stub definitions as code for reproducibility.
  • Learning curve for advanced features (JavaScript injection, proxying); budget time for team training on mountebank DSL and REST API.

When to avoid it — and what to weigh

  • Production Request Routing — Mountebank is designed for testing and development; do not use as a production traffic proxy or API gateway. No mention of HA, clustering, or SLA guarantees.
  • Project in Organizational Transition — README explicitly states the project is migrating CI/CD infrastructure and that 'don't expect anything to be merged until CI/CD infrastructure is up and running.' Risk of slow review cycles and delayed bug fixes.
  • Requirement for Commercial Support & SLA — No commercial support offering evident. MIT license permits use but provides no warranty, indemnification, or SLA backing.
  • Enterprise Compliance & Audit Trails — No mention of audit logging, RBAC, encryption at rest, or compliance reporting. Verify security posture separately before use in regulated environments.

License & commercial use

MIT License (OSI-approved, permissive). Allows commercial use, modification, and distribution with minimal restrictions; requires preservation of copyright and license notice.

MIT license permits commercial use without royalties or attribution demands. However, the project is under organizational transition with review/merge delays; no official commercial support, warranty, or indemnification. Assess risk tolerance for production test infrastructure dependency.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceModerate
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

No explicit security audit, threat model, or vulnerability disclosure policy mentioned. JavaScript injection feature poses code-execution risk if predicates are user-supplied or untrusted. No encryption, RBAC, or audit logging evident. Use in isolated test environments only; assume no production-grade hardening. Verify transitive npm dependencies for known CVEs before deployment.

Alternatives to consider

Wiremock

Java-based HTTP mocking, simpler learning curve for web-only testing; mature commercial support option (Wiremock Cloud); Docker-native deployment.

Prism / Stoplight

OpenAPI-native mocking; lower-code setup from API specs; Stoplight offers commercial SaaS option with compliance features.

Mockoon

Desktop/CLI HTTP mockserver; zero dependencies; lightweight; good for quick local development; no multi-protocol or advanced stubbing.

Software development agency

Build on mountebank with DEV.co software developers

Mountebank is a mature, MIT-licensed option for mocking microservices—but assess transition risk. If you need hands-on architecture review, compliance vetting, or custom integration guidance, let's discuss fit.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

mountebank FAQ

Can mountebank be used in production?
Not recommended. Mountebank is designed for testing and development. No SLA, HA, or production hardening documented. Use for mocking external services in test environments only.
Does mountebank support gRPC and WebSockets?
Yes, both are listed in the README. gRPC may be implemented natively or via community extension; verify the specific mountebank version for feature support.
What if the project stalls during the organizational transition?
Risk is real given the stated CI/CD migration in progress. Monitor GitHub releases and issue response time. Consider vendoring the code (MIT permits this) if production dependency is critical.
Can I use mountebank with Docker/Kubernetes?
Not explicitly documented in the provided data. Likely possible (Node.js app), but deployment configs, Helm charts, or container guidance are not mentioned; requires review.

Software development & web development with DEV.co

DEV.co helps companies turn open-source tools like mountebank into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source testing stack.

Evaluate Mountebank for Your Testing Stack

Mountebank is a mature, MIT-licensed option for mocking microservices—but assess transition risk. If you need hands-on architecture review, compliance vetting, or custom integration guidance, let's discuss fit.