Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
jest-sonar
Advanced tools
jest-sonar is a custom test reporter for Jest. It converts the generated report into Sonar's Generic Execution format.
Using yarn:
$ yarn install -D jest-sonar
Using npm:
$ npm i -D jest-sonar
Configure Jest in your jest.config
file and add jest-sonar
to the list of reporters.
module.exports = {
...
reporters: ['default', 'jest-sonar'],
...
}
The following options can be set to customize the reporter:
Option | Description | Default | Accepted values |
---|---|---|---|
outputDirectory | The directory to which the report should be written | The projects root dir | string |
outputName | The name of the report | sonar-report.xml | string |
reportedFilePath | Should the path be relative or absolute | 'relative' | 'relative' or 'absolute' |
You can set these options when defining the reporter in jest.config
:
module.exports = {
...
reporters: ['default', ['jest-sonar', {
outputDirectory: 'my/custom/directory',
outputName: 'my-new-report-name.xml',
reportedFilePath: 'absolute'
}]],
...
}
Contribution guidelines for this project
Contributions to this project are welcome, either by submitting bug reports, submitting feature requests or submitting pull requests.
NOTE: Be sure to merge the latest change from "upstream" before making a pull request!
This project uses the MIT license.
FAQs
A sonar reporter for jest
We found that jest-sonar demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.