A babel plugin that adds istanbul instrumentation to ES6 code
Installations
npm install babel-plugin-istanbulScore
50
Supply Chain
96.9
Quality
80.5
Maintenance
100
Vulnerability
98.6
License
Developer
istanbuljs
Developer Guide
Module System
CommonJS
Min. Node Version
>=12
Typescript Support
No
Node Version
14.21.3
NPM Version
6.14.18
Statistics
631 Stars
129 Commits
75 Forks
15 Watching
3 Branches
32 Contributors
Updated on 23 Nov 2024
Bundle Size
1.22 MB
Minified
308.58 kB
Minified + Gzipped
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
4,616,729,157
Last day
-8.7%
5,067,938
Compared to previous day
Last week
0.8%
29,761,130
Compared to previous week
Last month
17.6%
120,197,074
Compared to previous month
Last year
10.3%
1,198,665,031
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
babel-plugin-istanbul
Having problems? want to contribute? join our community slack.
A Babel plugin that instruments your code with Istanbul coverage. It can instantly be used with karma-coverage and mocha on Node.js (through nyc).
Note: This plugin does not generate any report or save any data to any file; it only adds instrumenting code to your JavaScript source code. To integrate with testing tools, please see the Integrations section.
Usage
Install it:
npm install --save-dev babel-plugin-istanbul
Add it to .babelrc in test mode:
1{ 2 "env": { 3 "test": { 4 "plugins": [ "istanbul" ] 5 } 6 } 7}
Optionally, use cross-env to set
NODE_ENV=test:
1{ 2 "scripts": { 3 "test": "cross-env NODE_ENV=test nyc --reporter=lcov --reporter=text mocha test/*.js" 4 } 5}
Integrations
karma
It just works with Karma. First, make sure that the code is already transpiled by Babel (either using karma-babel-preprocessor, karma-webpack, or karma-browserify). Then, simply set up karma-coverage according to the docs, but don’t add the coverage preprocessor. This plugin has already instrumented your code, and Karma should pick it up automatically.
It has been tested with bemusic/bemuse project, which contains ~2400 statements.
mocha on node.js (through nyc)
Configure Mocha to transpile JavaScript code using Babel, then you can run your tests with nyc, which will collect all the coverage report.
babel-plugin-istanbul respects the include/exclude configuration options from nyc,
but you also need to configure NYC not to instrument your code by adding these settings in your package.json:
1 "nyc": { 2 "sourceMap": false, 3 "instrument": false 4 },
Ignoring files
You don't want to cover your test files as this will skew your coverage results. You can configure this by providing plugin options matching nyc's exclude/include rules:
1{ 2 "env": { 3 "test": { 4 "plugins": [ 5 ["istanbul", { 6 "exclude": [ 7 "**/*.spec.js" 8 ] 9 }] 10 ] 11 } 12 } 13}
If you don't provide options in your Babel config, the plugin will look for exclude/include config under an "nyc" key in package.json.
You can also use istanbul's ignore hints to specify specific lines of code to skip instrumenting.
Source Maps
By default, this plugin will pick up inline source maps and attach them to the instrumented code such that code coverage can be remapped back to the original source, even for multi-step build processes. This can be memory intensive. Set useInlineSourceMaps to prevent this behavior.
1{ 2 "env": { 3 "test": { 4 "plugins": [ 5 ["istanbul", { 6 "useInlineSourceMaps": false 7 }] 8 ] 9 } 10 } 11}
If you're instrumenting code programatically, you can pass a source map explicitly.
1import babelPluginIstanbul from 'babel-plugin-istanbul'; 2 3function instrument(sourceCode, sourceMap, filename) { 4 return babel.transform(sourceCode, { 5 filename, 6 plugins: [ 7 [babelPluginIstanbul, { 8 inputSourceMap: sourceMap 9 }] 10 ] 11 }) 12}
Credit where credit is due
The approach used in babel-plugin-istanbul was inspired by Thai Pangsakulyanont's original library babel-plugin-__coverage__.
babel-plugin-istanbul for enterprise
Available as part of the Tidelift Subscription.
The maintainers of babel-plugin-istanbul and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: BSD 3-Clause "New" or "Revised" License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/istanbuljs/.github/SECURITY.md:1
- Info: Found linked content: github.com/istanbuljs/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/istanbuljs/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/istanbuljs/.github/SECURITY.md:1
Reason
Found 6/25 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/istanbuljs/babel-plugin-istanbul/ci.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/istanbuljs/babel-plugin-istanbul/ci.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/istanbuljs/babel-plugin-istanbul/ci.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/istanbuljs/babel-plugin-istanbul/ci.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/istanbuljs/babel-plugin-istanbul/release-please.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/istanbuljs/babel-plugin-istanbul/release-please.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/istanbuljs/babel-plugin-istanbul/release-please.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:21
- Warn: npmCommand not pinned by hash: .github/workflows/release-please.yml:23
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yaml:1
- Warn: no topLevel permission defined: .github/workflows/release-please.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 21 are checked with a SAST tool
Score
4.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More