Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
test-exclude
Advanced tools
Package description
The test-exclude npm package is used to filter out files that should not be included in test coverage calculations. It allows developers to specify patterns for files to be excluded from coverage reports, typically when using a coverage tool like Istanbul.
Exclude files from coverage
This feature allows developers to define patterns for files that should be excluded from test coverage. The code sample shows an example configuration where files in the node_modules and test directories, as well as files ending with .spec.js, are excluded.
{"exclude": ["**/node_modules/**", "test/**", "**/*.spec.js"]}
Include files in coverage
In contrast to excluding files, this feature allows developers to specify which files should be included in the coverage report. The code sample demonstrates how to include all JavaScript files in the src directory.
{"include": ["src/**/*.js"]}
Use with coverage tools
This feature integrates with coverage tools to determine if a file should be instrumented for coverage. The code sample shows how to use test-exclude to check if a file, in this case './src/index.js', should be included in the coverage report.
const testExclude = require('test-exclude');
const exclude = testExclude({
exclude: ['**/node_modules/**', 'test/**']
});
console.log(exclude.shouldInstrument('./src/index.js')); // true or false
nyc is a command-line-interface for Istanbul, a popular JavaScript test coverage tool. It includes functionality similar to test-exclude for specifying which files to include or exclude from coverage reports. nyc provides a more comprehensive set of features for handling test coverage.
istanbuljs is the monorepo for the core Istanbul libraries. It provides a set of tools for JavaScript test coverage, including functionality to exclude files from coverage reports. It is more complex and feature-rich compared to test-exclude, which is more focused on exclusion patterns.
c8 is a test coverage tool that uses V8's built-in code-coverage rather than instrumenting the code like Istanbul. It also allows for excluding files from coverage reports. c8 is built to work well with modern JavaScript features and provides a simpler setup compared to Istanbul and test-exclude.
Readme
The file include/exclude logic used by nyc.
const exclude = require('test-exclude')
if (exclude().shouldInstrument('./foo.js')) {
// let's instrument this file for test coverage!
}
you can load configuration from a key in package.json:
package.json
{
"name": "awesome-module",
"test": {
"include": ["**/index.js"]
}
}
app.js
const exclude = require('test-exclude')
if (exclude({configKey: 'test'}).shouldInstrument('./index.js')) {
// let's instrument this file for test coverage!
}
by default the node_modules
folder is added to all groups of
exclude rules. In the rare case that you wish to instrument files
stored in node_modules
, a negative glob can be used:
const exclude = require('test-exclude')
const e = exclude({
exclude: ['!**/node_modules/**']
})
ISC
FAQs
test for inclusion or exclusion of paths using globs
We found that test-exclude demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.