output coverage reports using Node.js' built in coverage
Installations
npm install c8Developer Guide
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=18
Node Version
16.20.2
NPM Version
8.19.4
Releases
Contributors
Languages
JavaScript (100%)
Developer
bcoe
Download Statistics
Total Downloads
520,342,050
Last Day
161,184
Last Week
943,802
Last Month
7,792,932
Last Year
132,505,281
GitHub Statistics
2,008 Stars
276 Commits
94 Forks
19 Watching
30 Branches
38 Contributors
Bundle Size
161.36 kB
Minified
49.59 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
10.1.3
Package Id
c8@10.1.3
Unpacked Size
41.29 kB
Size
12.55 kB
File Count
11
NPM Version
8.19.4
Node Version
16.20.2
Publised On
10 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
520,342,050
Last day
-12%
161,184
Compared to previous day
Last week
-44.1%
943,802
Compared to previous week
Last month
-16.8%
7,792,932
Compared to previous month
Last year
-36%
132,505,281
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
11
Peer Dependencies
1
c8 - native V8 code-coverage
Code-coverage using Node.js' built in functionality that's compatible with Istanbul's reporters.
Like nyc, c8 just magically works:
1npm i c8 -g 2c8 node foo.js
The above example will output coverage metrics for foo.js.
CLI Options / Configuration
c8 can be configured via command-line flags, a c8 section in package.json, or a JSON configuration file on disk.
A configuration file can be specified by passing its path on the command line with --config or -c. If no config option is provided, c8 searches for files named .c8rc, .c8rc.json, .nycrc, or .nycrc.json, starting from
cwd and walking up the filesystem tree.
When using package.json configuration or a dedicated configuration file, omit the -- prefix from the long-form of the desired command-line option.
Here is a list of common options. Run c8 --help for the full list and documentation.
| Option | Description | Type | Default |
|---|---|---|---|
-c, --config | path to JSON configuration file | string | See above |
-r, --reporter | coverage reporter(s) to use | Array<string> | ['text'] |
-o, --reports-dir, --report-dir | directory where coverage reports will be output to | string | ./coverage |
--all | see section below for more info | boolean | false |
--src | see section below for more info | Array<string> | [process.cwd()] |
-n, --include | see section below for more info | Array<string> | [] (include all files) |
-x, --exclude | see section below for more info | Array<string> | list |
--exclude-after-remap | see section below for more info | boolean | false |
-e, --extension | only files matching these extensions will show coverage | string | Array<string> | list |
--skip-full | do not show files with 100% statement, branch, and function coverage | boolean | false |
--check-coverage | check whether coverage is within thresholds provided | boolean | false |
--per-file | check thresholds per file | boolean | false |
--temp-directory | directory V8 coverage data is written to and read from | string | process.env.NODE_V8_COVERAGE |
--clean | should temp files be deleted before script execution | boolean | true |
--experimental-monocart | see section below for more info | boolean | false |
Checking for "full" source coverage using --all
By default v8 will only give us coverage for files that were loaded by the engine. If there are source files in your
project that are flexed in production but not in your tests, your coverage numbers will not reflect this. For example,
if your project's main.js loads a.js and b.js but your unit tests only load a.js your total coverage
could show as 100% for a.js when in fact both main.js and b.js are uncovered.
By supplying --all to c8, all files in directories specified with --src (defaults to cwd) that pass the --include
and --exclude flag checks, will be loaded into the report. If any of those files remain uncovered they will be factored
into the report with a default of 0% coverage.
SourceMap Support
c8 can handle source-maps, for remapping coverage from generated code to original source files (useful for TypeScript, JSX, etc).
Source map files versus inline source maps
Just-in-time instrumented codebases will often insert source maps inline with the .js code they generate at runtime (e.g, @babel/register can be configured to insert a source map footer).
Pre-instrumented codebases, e.g., running tsc to generate .js in a build folder, may generate either inline source maps, or a separate .map file stored on disk.
c8 can handle loading both types of source maps.
Exclude after remap
Depending on the size and configuration of your project, it may be preferable to apply exclusion logic either before or after source-maps are used to remap compiled to original source files.
--exclude-after-remap is used to control this behaviour.
c8 report
run c8 report to regenerate reports after c8 has already been run.
Checking coverage
c8 can fail tests if coverage falls below a threshold. After running your tests with c8, simply run:
1c8 check-coverage --lines 95 --functions 95 --branches 95
c8 also accepts a --check-coverage shorthand, which can be used to
both run tests and check that coverage falls within the threshold provided:
1c8 --check-coverage --lines 100 npm test
The above check fails if coverage falls below 100%.
To check thresholds on a per-file basis run:
1c8 check-coverage --lines 95 --per-file
If you want to check for 100% coverage across all dimensions, use --100:
1c8 --100 npm test
Is equivalent to
1c8 --check-coverage --lines 100 --functions 100 --branches 100 --statements 100 npm test
The --100 flag can be set for the check-coverage as well:
1c8 check-coverage --100
Using Monocart coverage reports (experimental)
Monocart is an alternate library for outputting v8 code coverage data as Istanbul reports.
Monocart also provides reporters based directly on v8's byte-offset-based output. Such as, console-details and v8. This removes a complex transformation step and may be less bug prone for some environments.
Example usage:
1c8 --experimental-monocart --reporter=v8 --reporter=console-details node foo.js
NOTE: Monocart requires additional monocart-coverage-reports to be installed:
1npm i monocart-coverage-reports@2 --save-dev
Ignoring Uncovered Lines, Functions, and Blocks
Sometimes you might find yourself wanting to ignore uncovered portions of your codebase. For example, perhaps you run your tests on Linux, but there's some logic that only executes on Windows.
To ignore lines, blocks, and functions, use the special comment:
/* c8 ignore next */.
Ignoring the next line
1const myVariable = 99 2/* c8 ignore next */ 3if (process.platform === 'win32') console.info('hello world')
Ignoring the next N lines
1const myVariable = 99 2/* c8 ignore next 3 */ 3if (process.platform === 'win32') { 4 console.info('hello world') 5}
Ignoring all lines until told
1/* c8 ignore start */ 2function dontMindMe() { 3 // ... 4} 5/* c8 ignore stop */
Ignoring a block on the current line
1const myVariable = 99 2const os = process.platform === 'darwin' ? 'OSXy' /* c8 ignore next */ : 'Windowsy'
Supported Node.js Versions
c8 uses native V8 coverage,
make sure you're running Node.js >= 12.
Contributing to c8
See the contributing guide here.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: ISC License: LICENSE.txt:0
Reason
0 existing vulnerabilities detected
Reason
Found 9/16 approved changesets -- score normalized to 5
Reason
3 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/release-please.yml/main?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yaml:1
- Warn: no topLevel permission defined: .github/workflows/release-please.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
5.1
/10
Last Scanned on 2025-01-13
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to c8
@vitest/coverage-c8
C8 coverage provider for Vitest
tsds-c8
Development stack for TypeScript libraries
@defx/c8
## []()
c8-as-nyc
This package simulates the [nyc package](https://www.npmjs.com/package/nyc) by linking [c8](https://www.npmjs.com/package/c8) at the position of [nyc](https://www.npmjs.com/package/nyc).