Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
istanbul-instrumenter-loader
Advanced tools
The 'istanbul-instrumenter-loader' is a webpack loader that instruments JavaScript files with Istanbul coverage, which is useful for generating code coverage reports for your tests.
Instrumenting JavaScript files
This feature allows you to instrument JavaScript files for code coverage. The code sample shows how to configure webpack to use 'istanbul-instrumenter-loader' for all JavaScript files in the 'src/' directory.
module.exports = {
module: {
rules: [
{
test: /\.js$/,
include: path.resolve('src/'),
loader: 'istanbul-instrumenter-loader',
options: { esModules: true }
}
]
}
};
Using with Babel
This feature demonstrates how to use 'istanbul-instrumenter-loader' in conjunction with 'babel-loader' to transpile and instrument JavaScript files. The code sample shows the configuration for webpack to use both loaders.
module.exports = {
module: {
rules: [
{
test: /\.js$/,
include: path.resolve('src/'),
use: [
'babel-loader',
{
loader: 'istanbul-instrumenter-loader',
options: { esModules: true }
}
]
}
]
}
};
The 'babel-plugin-istanbul' is a Babel plugin that instruments your code with Istanbul coverage. It is similar to 'istanbul-instrumenter-loader' but is used as a Babel plugin instead of a webpack loader. This can be more convenient if you are already using Babel for transpilation.
The 'nyc' package is a command-line interface for Istanbul. It provides a more comprehensive solution for code coverage, including running tests and generating reports. Unlike 'istanbul-instrumenter-loader', which is a webpack loader, 'nyc' can be used independently of webpack.
Instrument JS files with istanbul-lib-instrument for subsequent code coverage reporting
npm i -D istanbul-instrumenter-loader
References
Structure
├─ src
│ |– components
│ | |– bar
│ | │ |─ index.js
│ | |– foo/
│ |– index.js
|– test
| |– src
| | |– components
| | | |– foo
| | | | |– index.js
To create a code coverage report for all components (even for those for which you have no tests yet) you have to require all the 1) sources and 2) tests. Something like it's described in "alternative usage" of karma-webpack
test/index.js
// requires all tests in `project/test/src/components/**/index.js`
const tests = require.context('./src/components/', true, /index\.js$/);
tests.keys().forEach(tests);
// requires all components in `project/src/components/**/index.js`
const components = require.context('../src/components/', true, /index\.js$/);
components.keys().forEach(components);
ℹ️ This file will be the only
entry
point forkarma
karma.conf.js
config.set({
...
files: [
'test/index.js'
],
preprocessors: {
'test/index.js': 'webpack'
},
webpack: {
...
module: {
rules: [
// instrument only testing sources with Istanbul
{
test: /\.js$/,
use: { loader: 'istanbul-instrumenter-loader' },
include: path.resolve('src/components/')
}
]
}
...
},
reporters: [ 'progress', 'coverage-istanbul' ],
coverageIstanbulReporter: {
reports: [ 'text-summary' ],
fixWebpackSourcePaths: true
}
...
});
Babel
You must run the instrumentation as a post step
webpack.config.js
{
test: /\.js$|\.jsx$/,
use: {
loader: 'istanbul-instrumenter-loader',
options: { esModules: true }
},
enforce: 'post',
exclude: /node_modules|\.spec\.js$/,
}
The loader supports all options supported by istanbul-lib-instrument
Name | Type | Default | Description |
---|---|---|---|
debug | {Boolean} | false | Turn on debugging mode |
compact | {Boolean} | true | Generate compact code |
autoWrap | {Boolean} | false | Set to true to allow return statements outside of functions |
esModules | {Boolean} | false | Set to true to instrument ES2015 Modules |
coverageVariable | {String} | __coverage__ | Name of global coverage variable |
preserveComments | {Boolean} | false | Preserve comments in output |
produceSourceMap | {Boolean} | false | Set to true to produce a source map for the instrumented code |
sourceMapUrlCallback | {Function} | null | A callback function that is called when a source map URL is found in the original code. This function is called with the source filename and the source map URL |
webpack.config.js
{
test: /\.js$/,
use: {
loader: 'istanbul-instrumenter-loader',
options: {...options}
}
}
Kir Belevich |
Juho Vepsäläinen |
Joshua Wiens |
Michael Ciniawsky |
Matt Lewis |
FAQs
Istanbul instrumenter loader for webpack
We found that istanbul-instrumenter-loader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.