Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
swc-plugin-coverage-instrument
Advanced tools
Readme
swc-coverage-instrument
is a set of packages to support istanbuljs compatible coverage instrumentation in SWC's transform passes. Instrumentation transform can be performed either via SWC's wasm-based plugin, or using custom passes in rust side transform chains.
This instrumentation will generate a data struct mimics istanbuljs's FileCoverage
object conforms fixture test suite from istanbuljs itself.
However, this doesn't mean instrumentation supports exact same interfaces surrounding coverage object as well as supporting exact same options. There are some fundamental differences between runtime, and ast visitor architecture between different compilers does not allow identical behavior. This package will try best attempt
as possible.
NOTE: Package can have breaking changes without major semver bump
Given SWC's plugin interface itself is under experimental stage does not gaurantee semver-based major bump yet, this package also does not gaurantee semver compliant breaking changes yet. Please refer changelogs if you're encountering unexpected breaking behavior across versions.
First, install package via npm:
npm install --save-dev swc-plugin-coverage-instrument
Then add plugin into swc's configuration:
const pluginOptions: InstrumentationOptions = {...}
jsc: {
...
experimental: {
plugins: [
["swc-plugin-coverage-instrument", pluginOptions]
]
}
}
InstrumentationOptions
is a subset of istanbul's instrumentation options. Refer istanbul's option for the same configuration flags.
interface InstrumentationOptions {
coverageVariable?: String,
compact?: bool,
reportLogic?: bool,
ignoreClassMethods?: Array<String>,
inputSourceMap?: object,
instrumentLog: {
// Currently there aren't logs other than spans.
// Enabling >= info can display span traces.
level: 'trace' | 'warn' | 'error' | 'info'
// Emits spans along with any logs
// Only effective if level sets higher than info.
enableTrace: bool
},
}
There is a single interface exposed to create a visitor for the transform, which you can pass into before_custom_pass
.
let visitor = swc_coverage_instrument::create_coverage_instrumentation_visitor(
source_map: std::sync::Arc<SourceMapper>,
comments: C,
instrument_options: InstrumentOptions,
filename: String,
);
let fold = as_folder(visitor);
This package runs istanbuljs' fixture tests against SWC with its wasm plugin & custom transform both. spec
contains set of the fixtures & unit test to run it, as well as supplimental packages to interop between instrumentation visitor to node.js runtime. swc-coverage-instrument-wasm
exposes FileCoverageInterop
allows to consume FileCoverage
struct inside of js, and swc-coverage-custom-transform
is an example implementation to run before_custom_pass
with swc-coverage-instrument
visitor.
Few npm scripts are supported for wrapping those setups.
build:all
: Build all relative packages as debug build.test
: Runs unit test for wasm plugin & custom transform.test:debug
: Runs unit test, but only for debug-test.yaml
fixture. This is mainly for local dev debugging for individual test fixture behavior.FAQs
SWC coverage instrumentation plugin
We found that swc-plugin-coverage-instrument demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.