Gathering detailed insights and metrics for coverage-node
Gathering detailed insights and metrics for coverage-node
A simple CLI to run Node.js and report code coverage.
Installations
npm install coverage-nodeDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
^14.17.0 || ^16.0.0 || >= 18.0.0
Node Version
18.7.0
NPM Version
8.15.0
Releases
16
Languages
1
JavaScript
JavaScript (100%)
Developer
Download Statistics
Total Downloads
187,500
Last Day
650
Last Week
2,303
Last Month
6,527
Last Year
55,797
GitHub Statistics
MIT License
56 Stars
119 Commits
3 Forks
3 Watchers
1 Branches
2 Contributors
Updated on Jan 03, 2025
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
8.0.0
Package Id
coverage-node@8.0.0
Unpacked Size
20.06 kB
Size
6.72 kB
File Count
11
NPM Version
8.15.0
Node Version
18.7.0
Total Downloads
Cumulative downloads
Total Downloads
187,500
Last Day
30.3%
650
Compared to previous day
Last Week
41.4%
2,303
Compared to previous week
Last Month
20.6%
6,527
Compared to previous month
Last Year
-13.4%
55,797
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
coverage-node
A simple CLI to run Node.js and report code coverage.
- ✨ Zero config.
- 🏁 Tiny source, written from scratch to use code coverage features built into Node.js.
- 📦 Lean install size, compared to 1.94 MB for
c8v7.11.1 or 8.84 MB fornycv15.1.0. - 🖱 Displays ignored or uncovered source code ranges as paths, clickable in IDEs such as VS Code.
Installation
To install coverage-node with npm, run:
1npm install coverage-node --save-dev
In a package.json script, replace the node command with coverage-node:
1 { 2 "scripts": { 3- "test": "node test.mjs" 4+ "test": "coverage-node test.mjs" 5 } 6 }
Requirements
Supported operating systems:
- Linux
- macOS
Supported runtime environments:
- Node.js versions
^14.17.0 || ^16.0.0 || >= 18.0.0.
Projects must configure TypeScript to use types from the ECMAScript modules that have a // @ts-check comment:
compilerOptions.allowJsshould betrue.compilerOptions.maxNodeModuleJsDepthshould be reasonably large, e.g.10.compilerOptions.moduleshould be"node16"or"nodenext".
Ignored files
Code coverage analysis ignores:
node_modulesdirectory files, e.g.node_modules/foo/index.mjs.testdirectory files, e.g.test/index.mjs.- Files with
.testprefixed before the extension, e.g.foo.test.mjs. - Files named
test(regardless of extension), e.g.test.mjs.
Ignored lines
In source code, a comment (case insensitive) can be used to ignore code coverage ranges that start on the the next line:
1// coverage ignore next line 2if (false) console.log("Never runs.");
CLI
Command coverage-node
Substitutes the normal node command; any node CLI options can be used to run a test script. If the script doesn’t error a code coverage analysis is reported to the console, and if coverage is incomplete and there isn’t a truthy ALLOW_MISSING_COVERAGE environment variable the process exits with code 1.
Examples
npx can be used to quickly check code coverage for a script:
1npx coverage-node test.mjs
1{ 2 "scripts": { 3 "test": "coverage-node test.mjs" 4 } 5}
A package.json script that allows missing coverage:
1{ 2 "scripts": { 3 "test": "ALLOW_MISSING_COVERAGE=1 coverage-node test.mjs" 4 } 5}
Exports
The npm package coverage-node features optimal JavaScript module design. It doesn’t have a main index module, so use deep imports from the ECMAScript modules that are exported via the package.json field exports:
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license.md:0
- Info: FSF or OSI recognized license: MIT License: license.md:0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/26 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jaydenseric/coverage-node/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jaydenseric/coverage-node/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:19
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 5 are checked with a SAST tool
Score
3.4
/10
Last Scanned on 2025-05-05
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More