You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@codecov/bundle-analyzer

Package Overview
Dependencies
Maintainers
5
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@codecov/bundle-analyzer

Official Codecov Bundle Analyzer

1.9.1
latest
npmnpm
Version published
Weekly downloads
1.3K
28.5%
Maintainers
5
Weekly downloads
 
Created
Source

Codecov by Sentry logo

Codecov Bundle Analyzer

The bundle analyzer is an importable library and CLI for Codecov bundle analysis. It is designed for users who operate without a standard bundler that is otherwise supported by Codecov's bundler plugins.

[!NOTE] The plugin does not support code coverage, see our docs to set up coverage today!

Installation

Using npm:

npm install @codecov/bundle-analyzer --save-dev

Using yarn:

yarn add @codecov/bundle-analyzer --dev

Using pnpm:

pnpm add @codecov/bundle-analyzer --save-dev

Example - Custom Script

This example shows how the package can be imported as a library.

// analyze.js
const { createAndUploadReport } = require("@codecov/bundle-analyzer");

const buildDirs = ["/path/to/build"];

const coreOpts = {
  dryRun: true,
  uploadToken: "your-upload-token",
  retryCount: 3,
  apiUrl: "https://api.codecov.io",
  bundleName: "@codecov/example-bundle-analyzer-cjs",
  enableBundleAnalysis: true,
  debug: true,
};

const bundleAnalyzerOpts = {
  beforeReportUpload: async (original) => original,
  ignorePatterns: ["*.map"],
  normalizeAssetsPattern: "[name]-[hash].js",
};

createAndUploadReport(buildDirs, coreOpts, bundleAnalyzerOpts)
  .then((reportAsJson) =>
    console.log(`Report successfully generated and uploaded: ${reportAsJson}`),
  )
  .catch((error) =>
    console.error("Failed to generate or upload report:", error),
  );

Example - CLI

This example shows how the package can be used as a CLI.

npx @codecov/bundle-analyzer ./dist --bundle-name=my-identifier --upload-token=abcd --dry-run

[OPTIONAL] - A config file can be passed for any extended options matching those described here.

npx @codecov/bundle-analyzer ./dist --bundle-name=my-identifier --upload-token=abcd --dry-run --config-file=./config.json

// config.json
{
  "gitService": "github",
  "oidc": {
    "useGitHubOIDC": false
  }
}

Supported Platforms

The CLI tool supports the following operating systems:

  • macOS
  • Linux

More information

Keywords

Codecov
bundle-analyzer
bundler
analyzer
cli
script

FAQs

Package last updated on 19 May 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

npm Adopts OIDC for Trusted Publishing in CI/CD Workflows

Security News

npm Adopts OIDC for Trusted Publishing in CI/CD Workflows

npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.

By Sarah Gooding  -  Aug 08, 2025
60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign

Research

/

Security News

60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign

A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.

By Kirill Boychenko  -  Aug 07, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.