mountebank
Mountebank is an open-source service virtualization and mocking tool that lets you create lightweight test doubles for HTTP, TCP, SMTP, gRPC, WebSockets, and other protocols. It supports stubbing, mock verification, and record-playback, making it useful for testing microservices and APIs without hitting real external dependencies.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | mountebank-testing/mountebank |
| Owner | mountebank-testing |
| Primary language | JavaScript |
| License | MIT — OSI-approved |
| Stars | 2.1k |
| Forks | 292 |
| Open issues | 90 |
| Latest release | v2.9.4 (2026-04-15) |
| Last updated | 2026-06-30 |
| Source | https://github.com/mountebank-testing/mountebank |
What mountebank is
Node.js-based service virtualization platform offering protocol-agnostic stubbing via predicates, JavaScript injection for dynamic responses, and proxying for record-playback. Implements 12+ protocols natively or via community extensions; performance-tested at scale by Capital One for high-volume load testing.
Get the mountebank source
Clone the repository and explore it locally.
git clone https://github.com/mountebank-testing/mountebank.gitcd mountebank# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Node.js runtime; plan for npm dependency management and security scanning of transitive deps.
- Mock predicates use JavaScript evaluation; sanitize or restrict custom predicate logic in multi-tenant scenarios.
- Protocol support varies—HTTP/HTTPS are native; gRPC, WebSockets, SMTP etc. may be community extensions (verify maintenance status).
- Configuration via API or JSON; design IaC/GitOps workflows to manage stub definitions as code for reproducibility.
- Learning curve for advanced features (JavaScript injection, proxying); budget time for team training on mountebank DSL and REST API.
When to avoid it — and what to weigh
- Production Request Routing — Mountebank is designed for testing and development; do not use as a production traffic proxy or API gateway. No mention of HA, clustering, or SLA guarantees.
- Project in Organizational Transition — README explicitly states the project is migrating CI/CD infrastructure and that 'don't expect anything to be merged until CI/CD infrastructure is up and running.' Risk of slow review cycles and delayed bug fixes.
- Requirement for Commercial Support & SLA — No commercial support offering evident. MIT license permits use but provides no warranty, indemnification, or SLA backing.
- Enterprise Compliance & Audit Trails — No mention of audit logging, RBAC, encryption at rest, or compliance reporting. Verify security posture separately before use in regulated environments.
License & commercial use
MIT License (OSI-approved, permissive). Allows commercial use, modification, and distribution with minimal restrictions; requires preservation of copyright and license notice.
MIT license permits commercial use without royalties or attribution demands. However, the project is under organizational transition with review/merge delays; no official commercial support, warranty, or indemnification. Assess risk tolerance for production test infrastructure dependency.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Moderate |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
No explicit security audit, threat model, or vulnerability disclosure policy mentioned. JavaScript injection feature poses code-execution risk if predicates are user-supplied or untrusted. No encryption, RBAC, or audit logging evident. Use in isolated test environments only; assume no production-grade hardening. Verify transitive npm dependencies for known CVEs before deployment.
Alternatives to consider
Wiremock
Java-based HTTP mocking, simpler learning curve for web-only testing; mature commercial support option (Wiremock Cloud); Docker-native deployment.
Prism / Stoplight
OpenAPI-native mocking; lower-code setup from API specs; Stoplight offers commercial SaaS option with compliance features.
Mockoon
Desktop/CLI HTTP mockserver; zero dependencies; lightweight; good for quick local development; no multi-protocol or advanced stubbing.
Build on mountebank with DEV.co software developers
Mountebank is a mature, MIT-licensed option for mocking microservices—but assess transition risk. If you need hands-on architecture review, compliance vetting, or custom integration guidance, let's discuss fit.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
mountebank FAQ
Can mountebank be used in production?
Does mountebank support gRPC and WebSockets?
What if the project stalls during the organizational transition?
Can I use mountebank with Docker/Kubernetes?
Software development & web development with DEV.co
DEV.co helps companies turn open-source tools like mountebank into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source testing stack.
Evaluate Mountebank for Your Testing Stack
Mountebank is a mature, MIT-licensed option for mocking microservices—but assess transition risk. If you need hands-on architecture review, compliance vetting, or custom integration guidance, let's discuss fit.