{"id":15552184,"url":"https://github.com/bahmutov/check-code-coverage","last_synced_at":"2025-09-29T00:33:10.442Z","repository":{"id":37981389,"uuid":"254703843","full_name":"bahmutov/check-code-coverage","owner":"bahmutov","description":"Utilities for checking the coverage produced by NYC against extra or missing files","archived":false,"fork":false,"pushed_at":"2025-09-15T06:08:53.000Z","size":942,"stargazers_count":25,"open_issues_count":7,"forks_count":36,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-20T22:44:27.042Z","etag":null,"topics":["code-coverage","code-coverage-checker","nyc"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bahmutov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-04-10T18:12:11.000Z","updated_at":"2025-09-15T06:08:29.000Z","dependencies_parsed_at":"2024-06-18T15:15:54.371Z","dependency_job_id":"96ba9a79-76ea-4bcf-828a-be736f093a9b","html_url":"https://github.com/bahmutov/check-code-coverage","commit_stats":{"total_commits":66,"total_committers":5,"mean_commits":13.2,"dds":0.5,"last_synced_commit":"da81b7373e011e7e8c5e46457a255422337f73e7"},"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/bahmutov/check-code-coverage","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bahmutov%2Fcheck-code-coverage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bahmutov%2Fcheck-code-coverage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bahmutov%2Fcheck-code-coverage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bahmutov%2Fcheck-code-coverage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bahmutov","download_url":"https://codeload.github.com/bahmutov/check-code-coverage/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bahmutov%2Fcheck-code-coverage/sbom","scorecard":{"id":223301,"data":{"date":"2025-08-11","repo":{"name":"github.com/bahmutov/check-code-coverage","commit":"7933f948a77ac46a93b3fbb170481fa3051cbe6c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/28 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":8,"reason":"10 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/bahmutov/check-code-coverage/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/bahmutov/check-code-coverage/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/bahmutov/check-code-coverage/ci.yml/master?enable=pin","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":1,"reason":"9 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T03:06:57.935Z","repository_id":37981389,"created_at":"2025-08-17T03:06:57.935Z","updated_at":"2025-08-17T03:06:57.935Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276280104,"owners_count":25615571,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-21T02:00:07.055Z","response_time":72,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-coverage","code-coverage-checker","nyc"],"created_at":"2024-10-02T14:11:26.485Z","updated_at":"2025-09-29T00:33:10.435Z","avatar_url":"https://github.com/bahmutov.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# check-code-coverage [![ci status][ci image]][ci url] ![check-code-coverage](https://img.shields.io/badge/code--coverage-100%25-brightgreen)\n\n\u003e Utilities for checking the coverage produced by NYC against extra or missing files\n\n## Use\n\n```shell\nnpm i -D check-code-coverage\n# check if .nyc_output/out.json has files foo.js and bar.js covered and nothing else\nnpx only-covered foo.js bar.js\n```\n\nWatch these short videos to see these tools in action:\n\n- [Check code coverage robustly using 3rd party tool](https://youtu.be/dwU5gUG2-EM)\n- [Adding code coverage badge to your project](https://youtu.be/bNVRxb-MKGo)\n- [Show code coverage in commit status check](https://youtu.be/AAl4HmJ3YuM)\n\n## check-coverage\n\nChecks if the file is present in the output JSON file and has 100% statement coverage\n\n```shell\n# check if .nyc_output/out.json has 100% code coverage for main.js\nnpx check-coverage main.js\n# read coverage report from particular JSON file\ncheck-coverage --from examples/exclude-files/coverage/coverage-final.json main.js\n```\n\nThe file has to end with \"main.js\". You can specify part of the path, like this\n\n```shell\nnpx check-coverage src/app/main.js\n```\n\nYou can pass multiple filenames\n\n```shell\nnpx check-coverage main.js src/person.js\n```\n\n## only-covered\n\nCheck if the coverage JSON file only the given list of files and nothing else. By default `only-covered` script reads `.nyc_output/out.json` file from the current working directory. You can specify a different file using `--from` parameter.\n\n```shell\n# check if coverage has info about two files and nothing else\nonly-covered src/lib/utils.ts src/main.js\n# read coverage from another file and check if it only has info on \"main.js\"\nonly-covered --from examples/exclude-files/coverage/coverage-final.json main.js\n```\n\n## check-total\n\nIf you generate coverage report using reporter `json-summary`, you can check the total statements percentage\n\n```shell\ncheck-total\n# with default options\ncheck-total --from coverage/coverage-summary.json --min 80\n```\n\nThe command exits with 0 if the total is above or equal to the minimum number. If the code coverage is below the minimum, the command exits with code 1. On most CIs any command exiting with non-zero code fails the build.\n\n## update-badge\n\nIf your README.md includes Shields.io badge, like this\n\n    ![check-code-coverage](https://img.shields.io/badge/code--coverage-80%-brightgreen)\n\nYou can update it using statements covered percentage from `coverage/coverage-summary.json` by running\n\n```shell\nupdate-badge\n```\n\nIf the coverage summary has 96%, then the above badge would be updated to\n\n    ![check-code-coverage](https://img.shields.io/badge/code--coverage-96%-brightgreen)\n\n- The badges will have different colors, depending on the coverage, see [bin/update-badge.js](bin/update-badge.js)\n- If the code coverage badge is not found, a new badge is inserted on the first line.\n\nYou can change the JSON summary filename to read coverage from:\n\n```shell\nupdate-badge --from path/to/json/summary/file.json\n```\n\nYou can also skip reading file and set the coverage number directly\n\n```shell\nupdate-badge --set 78\nupdate-badge --set 78%\n```\n\nRelated project: [dependency-version-badge](https://github.com/bahmutov/dependency-version-badge)\n\n## set-gh-status\n\nIf you run your tests on [GitHub Actions](https://glebbahmutov.com/blog/trying-github-actions/), there is an easy way to add commit status with code coverage percentage. From your CI workflow use command:\n\n```yaml\n- name: Set code coverage commit status 📫\n  run: npx -p check-code-coverage set-gh-status\n  env:\n    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n```\n\nWhich should show a commit status message like:\n\n![Commit status check](images/commit-status.png)\n\nThis script reads the code coverage summary from `coverage/coverage-summary.json` by default (you can specific a different file name using `--from` option) and posts the commit status, always passing for now.\n\n**Note:** to write the commit status, the GitHub token needs \"write\" permission, so set it in your workflow file:\n\n```yml\npermissions:\n  statuses: write\n```\n\nIf there is a coverage badge in the README file, you can add 2nd status check. This check will read the code coverage from the README file (by parsing the badge text), then will set a failing status check if the coverage dropped more than 1 percent. **Tip:** use this check on pull requests to ensure tests and code are updated together before merging.\n\n```yaml\n- name: Ensure coverage has not dropped 📈\n  run: npx -p check-code-coverage set-gh-status --check-against-readme\n  env:\n    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n```\n\n![Coverage diff](images/coverage-diff.png)\n\n### Pull requests\n\nWhen setting a status on a GitHub pull request, you need to use SHA of the merged commit. You can pass it as `GH_SHA` environment variable.\n\n```yaml\n- name: Ensure coverage has not dropped 📈\n  run: npx -p check-code-coverage set-gh-status --check-against-readme\n  env:\n    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n    GH_SHA: ${{ github.event.after }}\n```\n\n## Debug\n\nTo see verbose log messages, run with `DEBUG=check-code-coverage` environment variable\n\n[ci image]: https://github.com/bahmutov/check-code-coverage/workflows/ci/badge.svg?branch=master\n[ci url]: https://github.com/bahmutov/check-code-coverage/actions\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbahmutov%2Fcheck-code-coverage","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbahmutov%2Fcheck-code-coverage","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbahmutov%2Fcheck-code-coverage/lists"}