Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
lcov-parse
Advanced tools
The lcov-parse npm package is a utility for parsing LCOV coverage files. LCOV is a format for code coverage reports, and this package allows you to read and manipulate these reports programmatically.
Parse LCOV file
This feature allows you to parse an LCOV file and get the coverage data in a structured format. The code sample reads an LCOV file and parses it using the lcov-parse package, then logs the parsed result.
const lcovParse = require('lcov-parse');
const fs = require('fs');
fs.readFile('path/to/lcov.info', 'utf8', (err, data) => {
if (err) throw err;
lcovParse(data, (err, result) => {
if (err) throw err;
console.log(result);
});
});
istanbul-lib-coverage is part of the Istanbul toolset for JavaScript code coverage. It provides utilities for manipulating coverage data, including reading and writing coverage information. Compared to lcov-parse, it offers a more comprehensive suite of tools for working with coverage data, but it may be more complex to use for simple LCOV parsing tasks.
coveralls is a package that sends your code coverage reports to Coveralls.io, a web service for tracking code coverage over time. While it does not parse LCOV files directly, it works with various coverage formats and integrates with CI tools to provide a broader coverage reporting solution. It is more focused on reporting and visualization compared to the parsing functionality of lcov-parse.
nyc is a command-line utility for instrumenting code with Istanbul and generating coverage reports. It supports multiple coverage formats, including LCOV. While nyc is more focused on generating coverage reports, it can also read and manipulate existing coverage data, making it a more versatile but also more complex tool compared to lcov-parse.
Simple LCOV file parser
npm install lcov-parse
var parse = require('lcov-parse');
parse('./path/to/file.info', function(err, data) {
//process the data here
});
or
parse(lcovString, function(err, data) {
//process the data here
});
Using this as a guide: http://ltp.sourceforge.net/coverage/lcov/geninfo.1.php
It will return JSON like this:
{
"title": "Test #1",
"file": "anim-base/anim-base-coverage.js",
"functions": {
"hit": 23,
"found": 29,
"details": [
{
"name": "(anonymous 1)",
"line": 7,
"hit": 6
},
{
"name": "(anonymous 2)",
"line": 620,
"hit": 225
},
{
"name": "_end",
"line": 516,
"hit": 228
}
]
}
"lines": {
"found": 181,
"hit": 143,
"details": [
{
"line": 7,
"hit": 6
},
{
"line": 29,
"hit": 6
}
]
}
}
lcov-parse ./lcov.info
or
cat lcov.info | xargs -0 lcov-parse
npm install && npm test
FAQs
Parse lcov results files and return JSON
We found that lcov-parse demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.