Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
incremental-coverage
Advanced tools
![](https://img.shields.io/github/license/matmanjs/incremental-coverage) ![](https://img.shields.io/github/languages/code-size/matmanjs/incremental-coverage)
本应用结合 lcov.info
与 Git Diff
得到仓库的增量覆盖率数据。
Incremental Coverage 适用于 macOS、Windows 和 Linux。
如果 Incremental Coverage 不能正常工作,请提交 issue。
$ npm install -g incremental-coverage
# or
$ yarn add global incremental-coverage
我们通过一个简单的命令行工具来展示如何使用(必须在 Git 仓库根目录中运行,且指定 lcov 文件)。
$ incremental-coverage -p="./.dwt_output/e2e/coverage/lcov.info" -t="2020-06-01"
./.dwt_output/e2e/coverage/lcov.info
覆盖率文件2020-06-01
增量起始时间output.json
文件,文件示例如下:{
"total": { "increLine": 2, "covLine": 2, "increRate": "100.00%" },
"files": [
{
"increLine": 2,
"covLine": 2,
"increRate": "100.00%",
"detail": [
{ "number": 5, "hits": 73 },
{ "number": 71, "hits": 45 }
],
"name": "/src/datas/action.js"
}
]
}
total
为增量覆盖率的总情况,files
中是各个文件的详细情况。
提供
命令行
与Node.js
调用两种形式
CLI 没有子命令只有最简单的三个选项:
--path、-p
:指定 lcov.info 文件的路径--time、-t
:执行增量计算的开始时间(建议不要太长)--output、-o
:结果的输出方式,可以选择 file 与 stdio
,默认为 fileIncremental Coverage 对外暴露两个 API 与三个 Parser
path
:lcov.info 文件的路径opts
:配置选项
cwd
:String,git 命令运行的路径since
:String,增量起始计算时间output
:Boolean,是否需要输出stream
:Object,针对输出流的配置
name
:file 或者 stdioopts
:包含 type
输出格式,可选 json
、yaml
;filePath
(name 为 file 时生效)指定输出文件路径;ioType
(name 为 stdio 时生效),可选 stdout、stderr格式化后的数据,与上面的示例文件保持一致
与 getIncrease
保持一致,不过为同步方法,不推荐使用
Parser 统一实现 Parser 接口,仅仅暴露一个 run 方法
export declare class DiffParser implements Parser {
constructor(hash: string, opt?: child.ExecOptions);
run(): Promise<File[]>;
}
hash
:需要进行 Diff 的 Commit IDopt
:与子进程接受的参数相同可以 参考File
:本数据结构如下(使用 gitdiff-parser)export interface Change {
content: string;
type: 'insert' | 'delete' | 'normal';
isInsert?: boolean;
isDelete?: boolean;
isNormal?: boolean;
lineNumber?: number;
oldLineNumber?: number;
newLineNumber?: number;
}
export interface Hunk {
content: string;
oldStart: number;
newStart: number;
oldLines: number;
newLines: number;
changes: Change[];
}
export interface File {
hunks: Hunk[];
oldEndingNewLine: boolean;
newEndingNewLine: boolean;
oldMode: string;
newMode: string;
similarity?: number;
oldRevision: string;
newRevision: string;
oldPath: string;
newPath: string;
isBinary?: boolean;
type: 'add' | 'delete' | 'modify' | 'rename';
}
export declare class LogParser implements Parser {
constructor(opt?: GitlogOptions);
run(): Promise<
(Record<'abbrevHash' | 'hash' | 'subject' | 'authorName' | 'authorDate' | 'status', string> & {
files: string[];
})[]
>;
}
opt
以及返回数据都可以 参考export declare class LcovParser implements Parser {
constructor(path: string);
run(): Promise<Info>;
}
path
:lcov 文件的路径Info
:格式化之后的数据,如下// 覆盖率测试报告格式化数据结构
export interface Total {
linesCovered: number;
linesValid: number;
}
export interface DetailLines {
lineRate: number;
lines: {
branch: string;
hits: number;
number: string;
}[];
}
export interface Locv {
detail: Record<string, DetailLines>;
$?: Total;
}
Incremental Coverage 使用 MIT 开源协议。
FAQs
Merge lcov.info and get incremental coverage and full coverage
The npm package incremental-coverage receives a total of 92 weekly downloads. As such, incremental-coverage popularity was classified as not popular.
We found that incremental-coverage demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.