
Security News
Meet Socket at Black Hat and DEF CON 2025 in Las Vegas
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
solidity-coverage
Advanced tools
[](https://badge.fury.io/js/solidity-coverage) [](https://circleci.com/gh/sc-forks/solidity-coverage) [;
module.exports = {
networks: {
development: {
host: '127.0.0.1',
port: 8545,
network_id: '*',
},
},
plugins: ['solidity-coverage'],
};
Integration with Truffle
solidity-coverage integrates seamlessly with the Truffle framework, allowing you to run your tests and generate coverage reports without additional setup. This integration simplifies the process of ensuring your smart contracts are thoroughly tested.
const coverage = require('solidity-coverage');
module.exports = {
networks: {
development: {
host: '127.0.0.1',
port: 8545,
network_id: '*',
},
},
plugins: ['solidity-coverage'],
};
Command Line Interface
You can use the command line interface to run solidity-coverage directly from your terminal. This command will execute your tests and generate a coverage report, making it easy to incorporate into your CI/CD pipeline.
npx solidity-coverage
Truffle is a development environment, testing framework, and asset pipeline for Ethereum. While it does not provide code coverage out of the box, it can be used in conjunction with solidity-coverage to achieve similar functionality. Truffle focuses more on the overall development and deployment process of smart contracts.
Hardhat is a development environment for Ethereum software. It provides a flexible and extensible way to manage and automate the recurring tasks inherent to developing smart contracts and dApps. Hardhat has its own coverage plugin, hardhat-coverage, which offers similar functionality to solidity-coverage but is designed to work specifically with the Hardhat environment.
Embark is a framework for serverless Decentralized Applications using Ethereum, IPFS, and other platforms. It includes a testing framework and can be extended with plugins to provide code coverage. Embark is more comprehensive in scope, covering the entire dApp development lifecycle.
For more details about what this is, how it works and potential limitations, see the accompanying article.
solidity-coverage is a stand-alone fork of Solcover
$ npm install --save-dev solidity-coverage
$ ./node_modules/.bin/solidity-coverage
Tests run signficantly slower while coverage is being generated. A 1 to 2 minute delay between the end of Truffle compilation and the beginning of test execution is possible if your test suite is large. Large solidity files can also take a while to instrument.
By default, solidity-coverage generates a stub truffle.js
that accomodates its special gas needs and
connects to a modified version of testrpc on port 8555. If your tests will run on the development network
using a standard truffle.js
and a testrpc instance with no special options, you shouldn't have to
do any configuration. If your tests depend on logic added to truffle.js
- for example:
zeppelin-solidity
uses the file to expose a babel polyfill that its suite requires - you can override the
default behavior by declaring a coverage network in truffle.js
. solidity-coverage will use your 'truffle.js'
instead of a dynamically generated one.
Example coverage network config
module.exports = {
networks: {
development: {
host: "localhost",
port: 8545,
network_id: "*" // Match any network id
},
coverage: {
host: "localhost",
network_id: "*",
port: 8555, // <-- Use port 8555
gas: 0xfffffffffff, // <-- Use this high gas value
gasPrice: 0x01 // <-- Use this low gas price
}
}
};
You can also create a .solcover.js
config file in the root directory of your project and specify
some additional options:
--secure --port 8555 --unlock "0x1234..." --unlock "0xabcd..."
.port
option.truffle test
. This option lets
you run an arbitrary test command instead, like: mocha --timeout 5000
.
contracts
and test
folders in your root
directory. dir
allows you to define a relative path from the root directory to those assets.
dir: "./<dirname>"
would tell solidity-coverage to look for ./<dirname>/contracts/
and ./<dirname>/test/
node_modules
into the coverage environment. False by default, and may significantly increase the time for coverage to complete if enabled. Only enable if required.Example .solcover.js config file
module.exports = {
port: 6545,
testrpcOptions: '-p 6545 -u 0x54fd80d6ae7584d8e9a19fe1df43f04e5282cc43',
testCommand: 'mocha --timeout 5000',
norpc: true,
dir: './secretDirectory'
};
Hardcoded gas costs: If you have hardcoded gas costs into your tests some of them may fail when using solidity-coverage.
This is because the instrumentation process increases the gas costs for using the contracts, due to
the extra events. If this is the case, then the coverage may be incomplete. To avoid this, using
estimateGas
to estimate your gas costs should be more resilient in most cases.
Using require
in migrations.js
files: Truffle overloads Node's require
function but
implements a simplified search algorithm for node_modules packages
(see Truffle issue #383).
Because solidity-coverage copies an instrumented version of your project into a temporary folder, require
statements handled by Truffle internally won't resolve correctly.
Using HDWalletProvider in truffle.js
: See Truffle issue #348.
HDWalletProvider crashes solidity-coverage, so its constructor shouldn't be invoked while running this tool.
A workaround can be found at the zeppelin-solidity project
here, where a
shell script is used to set an environment variable which truffle.js
checks before instantiating the wallet.
WARNING: This utility is in development and its accuracy is unknown. If you find discrepancies between the coverage report and your suite's behavior, please open an issue.
Contributions are welcome! If you're opening a PR that adds features please consider writing some
unit tests for them. You could
also lint your submission with npm run lint
. Bugs can be reported in the
issues.
FAQs
Code coverage for Solidity testing
The npm package solidity-coverage receives a total of 140,888 weekly downloads. As such, solidity-coverage popularity was classified as popular.
We found that solidity-coverage demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Security News
Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.