Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
istanbul-coverage-enforcer
Advanced tools
A Nodejs package and cli tool to enforce code coverage
A Nodejs package and cli tool to enforce global code coverage
Most of the coverage tools available do not provide an option to enforce the coverage and flag exception in case the coverage threshold is not met. This is one of the very frequently faced use cases I came across for most applications I work along with other team members. Due to struct deadlines we tend to miss out on tests and manually enforcing the test coverage to be maintained is not a scalable option.
This package solves the issue of manually maintaning the global code coverage above a given threshold
Use it with npm
as
npm install istanbul-coverage-enforcer
or with yarn as
yarn add istanbul-coverage-enforcer
istanbul stable (0.4.5
or below) is needed to get the required interface of the coverage.json
file
You can use the istanbul-coverage-enforcer both as a node package and as a CLI tool
These are the options available currently with the CLI tool
enforce --help
Usage: enforce [options]
Options:
-c, --coverage-path The path to coverage JSON file
-t, --threshold-path The path to the threshold JSON file
-h, --help output usage information
package.json
to call the package with the path to the code-coverage file. By default this is at coverage/coverage.json
"enforce-coverage": "enforce -c coverage/coverage.json -t coverage-threshold.json",
npm run enforce-covergage
Output
Create a coverage-threshold.json
in the root of your project. Optionally this can be also passed as the second parameter to the function
In your script import and call the enforce
function as below:
const enforce = require('../index');
enforce('./examples/packages/coverage.json', './examples/packages/coverage-threshold.json');
Refer the examples folder for basic use case examples as node package and cli
istanbul-threshold-checker for getting the grunt work to compare and generate the result
FAQs
A Nodejs package and cli tool to enforce code coverage
The npm package istanbul-coverage-enforcer receives a total of 38 weekly downloads. As such, istanbul-coverage-enforcer popularity was classified as not popular.
We found that istanbul-coverage-enforcer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.