Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
wct-istanbul
Advanced tools
Instanbul coverage reporting for projects being tested by web-component-tester
=============================
A fork of web-component-tester-istanbul Istanbul coverage plugin for @t2ym/web-component-tester.
Use this plugin to collect and report test coverage (via istanbul) for your project on each test run.
npm install --save-dev wct-istanbul
npm install --save-dev @t2ym/web-component-tester
bower install --save-dev t2ym/web-component-tester
npm install -g @t2ym/polymer-cli
# for polymer test
npm install -g wct-istanbul
Add the following configuration to web-component-tester's config file.
module.exports = {
plugins: {
istanbul: {
dir: "./coverage",
reporters: ["text-summary", "lcov"],
include: [
"**/*.js"
],
exclude: [
"/polymer/polymer.js",
"/platform/platform.js"
]
}
}
}
Below are the available configuration options:
The directory to write coverage reports to.
An array of istanbul reporters to use.
Files to include in instrumentation.
Files to exclude from instrumentation (this trumps files 'included' with the option above).
In addition to measuring coverage, this plugin can be used to enforce coverage thresholds. If coverage does not meet the configured thresholds, then the test run will fail, even if all tests passed.
This requires specifying the thresholds
option for the plugin
The following configuration will cause the test run to fail if less than 100% of the statements in instrumented files are covered by tests.
module.exports = {
plugins: {
istanbul: {
dir: "./coverage",
reporters: ["text-summary", "lcov"],
include: [
"**/*.js"
],
exclude: [
"/polymer/polymer.js",
"/platform/platform.js"
],
thresholds: {
global: {
statements: 100
}
}
}
}
}
FAQs
Istanbul coverage reporting for projects being tested by web-component-tester
The npm package wct-istanbul receives a total of 78 weekly downloads. As such, wct-istanbul popularity was classified as not popular.
We found that wct-istanbul demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.