Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
jest-coverage-badges
Advanced tools
Create a group of coverage badge
Creates a group of code coverage badges like the following:
Currently just reads from Istanbul's JSON summary reporter and downloads a badge from https://shields.io/ for each jest coverage type (statement
, branch
, functions
, lines
). Like this:
This package is an extension of make-coverage-badge, but this one creates all the types of coverage.
Install jest-coverage-badges in your project or global
Project (in your project folder):
npm install --save jest-coverage-badges
Global:
npm install --global jest-coverage-badges
Configure Jest (in package.json
):
(optional: "text" and "lcov")
"jest": {
"coverageReporters": [
"json-summary",
"text",
"lcov"
]
}
If you installed in your project, you can create a script to run it, for example:
"scripts": {
"test:coverage": "npm test -- --coverage",
"test:badges": "npm run test:coverage && jest-coverage-badges"
}
Run npm test -- --coverage
Run jest-coverage-badges
(or just run: npm run test:badges
)
Resulting in badges:
./coverage/badge-statements.svg
./coverage/badge-lines.svg
./coverage/badge-functions.svg
./coverage/badge-branches.svg
Example:
$ jest-coverage-badges input "./cov" output "./badges"
After this you can add into Github readme (for example) :smiley:
We have great companies like coveralls and codecov, but it's paid for private repositories. If this package we can add badges in our readme by creating the badges (this can be run at your build, upload to a store and consume in the readme or the website).
© 2018 [Main Author of Adaptations] Pamela Peixinho git@pamepeixinho.com (https://pamepeixinho.github.io)
FAQs
Create a group of coverage badges from jest
We found that jest-coverage-badges demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.