Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
codacy-coverage
Advanced tools
Credits to David for creating this! Codacy support for Node.js. Get coverage reporting and code analysis for Node.js from Codacy.
Add the latest version of codacy-coverage
to your package.json:
npm install codacy-coverage --save
If you're using mocha, add mocha-lcov-reporter
to your package.json:
npm install mocha-lcov-reporter --save
To send coverage in the enterprise version you should specify your Codacy installation URL with the option -e
:
codacy-coverage -e <YOUR-CODACY-ENTERPRISE-URL>:16006
This cli can take standard input from any tool that emits the lcov data format (including mocha's LCov reporter) and send it to Codacy to report your code coverage there.
Once your app is instrumented for coverage, and building, you need to pipe the lcov output to codacy-coverage
.
You'll need to provide the secret Project API token from Codacy Project > Settings > Integrations > Project API
via:
--token
Note: You should keep your any API token well protected, as it grants owner permissions to your projects.
"scripts": {
"test-with-coverage": "NODE_ENV=test YOURPACKAGE_COVERAGE=1 mocha --require blanket --reporter mocha-lcov-reporter | codacy-coverage"
}
npm run test-with-coverage
Instrumenting your app for coverage is probably harder than it needs to be (read here), but that's also a necessary step.
"scripts": {
"test-with-coverage": "YOURPACKAGE_COVERAGE=1 mocha test -R mocha-lcov-reporter | codacy-coverage"
}
npm run test-with-coverage
"scripts": {
"test-with-coverage": "istanbul cover _mocha --report lcovonly -- -R spec && cat ./coverage/lcov.info | codacy-coverage && rm -rf ./coverage"
}
npm run test-with-coverage
"scripts": {
"test-with-coverage": "istanbul cover jasmine-node --captureExceptions spec/ && cat ./coverage/lcov.info | codacy-coverage && rm -rf ./coverage"
}
npm run test-with-coverage
Client-side JS code coverage using PhantomJS, Mocha and Blanket:
data-cover
html-attribute"scripts": {
"test-with-coverage": "poncho -R lcov test/test.html | codacy-coverage"
}
npm run test-with-coverage
Note: jest might return exit code 1 if you defined a coverage threshold and the threshold is not met
"scripts": {
"test-with-coverage": "jest --coverage && cat ./coverage/lcov.info | codacy-coverage"
}
npm run test-with-coverage
As an alternative to the Project API token you can also send coverage using your account/api token by following steps:
"scripts": {
"test-with-coverage": "cat ./coverage/lcov.info | codacy-coverage --accountToken <account-token> --username <username> --projectName <project-name>"
}
npm run test-with-coverage
You'll need to provide the secret Account API token from Codacy Account > API Tokens
via:
--accountToken
--language typescript
or --language coffeescript
.If you are running coverage in a windows machine without Unix tools,
you need to change the command to codacy-coverage < ./test/unit/coverage/lcov.info
.
The paths in your coverage file should be relative,
if you are having problems with absolute paths,
you can run our plugin with -p .
to strip the current path from the paths in your coverage file:
"scripts": {
"test-with-coverage": "cat ./coverage/lcov.info | codacy-coverage -p ."
}
To send coverage in the enterprise version you should specify your Codacy installation URL followed by the port 16006 using the -e option, example:
"scripts": {
"test-with-coverage": "cat ./coverage/lcov.info | codacy-coverage -e <YOUR-CODACY-ENTERPRISE-URL>:16006"
}
Options:
-V, --version output the version number
-f, --format [value] Coverage input format
-t, --token [value] Codacy Project API Token
-a, --accountToken [value] Codacy Account Token
-u, --username [value] Codacy Username/Organization
-n, --projectName [value] Codacy Project Name
-c, --commit [value] Commit SHA hash
-l, --language [value Project Language
-e, --endpoint [value] Codacy API Endpoint
-p, --prefix [value] Project path prefix
-v, --verbose Display verbose output
-d, --debug Display debug output
-h, --help output usage information
Codacy is an Automated Code Review Tool that monitors your technical debt, helps you improve your code quality, teaches best practices to your developers, and helps you save time in Code Reviews.
Codacy also helps keep track of Code Coverage, Code Duplication, and Code Complexity.
Codacy supports PHP, Python, Ruby, Java, JavaScript, and Scala, among others.
Codacy is free for Open Source projects.
FAQs
Code Coverage reporter for Codacy.com
We found that codacy-coverage demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.