
Research
/Security News
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
A command-line tool to collect and report code coverage of a JavaScript program
A command-line tool to collect and report code coverage of a JavaScript program
$ coverage test.js
✔ write a file
✔ create directories as needed
✔ validate arguments
3 of 3 passed.
----------|----------|----------|----------|----------|-------------------|
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s |
----------|----------|----------|----------|----------|-------------------|
All files | 95.15 | 79.52 | 100 | 95.09 | |
index.js | 90.6 | 75.38 | 100 | 90.52 |... 44,148,152,156 |
lib.js | 100 | 94.44 | 100 | 100 | 107 |
----------|----------|----------|----------|----------|-------------------|
This is an opinionated wrapper of c8, different in the following points:
html
and text
reporter by default.mjs
filesnpm install coverage
Once this package is installed to the project directory, users can execute coverage
command inside npm scripts.
coverage [options] <file|command> [args]
Execute the command, print code coverage to the stdout and write HTML reports under the ./coverage
directory.
<file|command>
can be either a JavaScript file path or a command. If a path is provided, the file is run with the node
command.
$ coverage /path/to/entry-point.js # is the same as ↓
$ coverage node /path/to/entry-point.js
If the provided JavaScript path ends with .mjs
,
--es-module-specifier-resolution
is automatically set to node
.Users can override the default format of reports with --reporter
option.
$ coverage example.js
------------|----------|----------|----------|----------|-------------------|
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s |
------------|----------|----------|----------|----------|-------------------|
All files | 100 | 100 | 100 | 100 | |
example.js | 100 | 100 | 100 | 100 | |
------------|----------|----------|----------|----------|-------------------|
$ coverage --reporter=text-summary example.js
=============================== Coverage summary ===============================
Statements : 100% ( 1/1 )
Branches : 100% ( 1/1 )
Functions : 100% ( 0/0 )
Lines : 100% ( 1/1 )
================================================================================
$ coverage --reporter=none example.js # No reports
When the execution exits with code 0
on a CI service or GitHub Actions, it automatically uploads the generated coverage to Codecov. Whether CODECOV_TOKEN
environment variable is required or not varies between services.
$ coverage test.js
[... test results and coverage ...]
==> Travis CI detected.
==> Reading reports
+ /home/travis/build/shinnn/coverage/coverage/lcov.info bytes=1399
==> Gzipping contents
==> Uploading reports
-> Uploading
-> View reports at https://codecov.io/github/shinnn/coverage/commit/e4f5880b8ec5885e6a0b79030df5871e19d6de1d
c8
command-line options are supported. Run npx coverage --help
to show the detailed reference for them.
coverage report
Output a report in the format specified in --reporter
option.
This subcommand is only available after coverage
has already been run.
ISC License © 2019 Shinnosuke Watanabe
FAQs
A command-line tool to collect and report code coverage of a JavaScript program
The npm package coverage receives a total of 2,485 weekly downloads. As such, coverage popularity was classified as popular.
We found that coverage demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.