Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
test-exclude
Advanced tools
The test-exclude npm package is used to filter out files that should not be included in test coverage calculations. It allows developers to specify patterns for files to be excluded from coverage reports, typically when using a coverage tool like Istanbul.
Exclude files from coverage
This feature allows developers to define patterns for files that should be excluded from test coverage. The code sample shows an example configuration where files in the node_modules and test directories, as well as files ending with .spec.js, are excluded.
{"exclude": ["**/node_modules/**", "test/**", "**/*.spec.js"]}
Include files in coverage
In contrast to excluding files, this feature allows developers to specify which files should be included in the coverage report. The code sample demonstrates how to include all JavaScript files in the src directory.
{"include": ["src/**/*.js"]}
Use with coverage tools
This feature integrates with coverage tools to determine if a file should be instrumented for coverage. The code sample shows how to use test-exclude to check if a file, in this case './src/index.js', should be included in the coverage report.
const testExclude = require('test-exclude');
const exclude = testExclude({
exclude: ['**/node_modules/**', 'test/**']
});
console.log(exclude.shouldInstrument('./src/index.js')); // true or false
nyc is a command-line-interface for Istanbul, a popular JavaScript test coverage tool. It includes functionality similar to test-exclude for specifying which files to include or exclude from coverage reports. nyc provides a more comprehensive set of features for handling test coverage.
c8 is a test coverage tool that uses V8's built-in code-coverage rather than instrumenting the code like Istanbul. It also allows for excluding files from coverage reports. c8 is built to work well with modern JavaScript features and provides a simpler setup compared to Istanbul and test-exclude.
The file include/exclude logic used by nyc and babel-plugin-istanbul.
const TestExclude = require('test-exclude');
const exclude = new TestExclude();
if (exclude().shouldInstrument('./foo.js')) {
// let's instrument this file for test coverage!
}
The test-exclude constructor accepts an options object. The defaults are taken from @istanbuljs/schema.
This is the base directory by which all comparisons are performed. Files outside cwd
are not included.
Default: process.cwd()
Array of path globs to be ignored. Note this list does not include node_modules
which
is added separately. See @istanbuljs/schema/default-excludes.js for default list.
By default node_modules
is excluded. Setting this option true
allows node_modules
to be included.
Array of path globs that can be included. By default this is unrestricted giving a result
similar to ['**']
but more optimized.
Array of extensions that can be included. This ensures that nyc only attempts to process files which it might understand. Note use of some formats may require adding parser plugins to your nyc or babel configuration.
Default: ['.js', '.cjs', '.mjs', '.ts', '.tsx', '.jsx']
Test if filename
matches the rules of this test-exclude instance.
const exclude = new TestExclude();
exclude.shouldInstrument('index.js'); // true
exclude.shouldInstrument('test.js'); // false
exclude.shouldInstrument('README.md'); // false
exclude.shouldInstrument('node_modules/test-exclude/index.js'); // false
In this example code:
index.js
is true because it matches the default options.extension
list
and is not part of the default options.exclude
list.test.js
is excluded because it matches the default options.exclude
list.README.md
is not matched by the default options.extension
node_modules/test-exclude/index.js
is excluded because options.excludeNodeModules
is true by default.This synchronously retrieves a list of files within cwd
which should be instrumented.
Note that setting cwd
to a parent of options.cwd
is ineffective, this argument can
only be used to further restrict the result.
This function does the same as TestExclude#globSync
but does so asynchronously. The
Promise resolves to an Array of strings.
test-exclude
for enterpriseAvailable as part of the Tidelift Subscription.
The maintainers of test-exclude
and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
test for inclusion or exclusion of paths using globs
The npm package test-exclude receives a total of 23,823,943 weekly downloads. As such, test-exclude popularity was classified as popular.
We found that test-exclude demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.