{"id":13483589,"url":"https://github.com/bcoe/c8","last_synced_at":"2026-02-22T23:35:38.881Z","repository":{"id":27001590,"uuid":"108371904","full_name":"bcoe/c8","owner":"bcoe","description":"output coverage reports using Node.js' built in coverage","archived":false,"fork":false,"pushed_at":"2026-02-06T18:32:48.000Z","size":1735,"stargazers_count":2086,"open_issues_count":118,"forks_count":96,"subscribers_count":17,"default_branch":"main","last_synced_at":"2026-02-18T17:49:02.630Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bcoe.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-10-26T06:40:38.000Z","updated_at":"2026-02-13T12:24:50.000Z","dependencies_parsed_at":"2024-01-12T19:28:44.731Z","dependency_job_id":"e410c28e-c828-4eb0-86ad-b0e6121d9480","html_url":"https://github.com/bcoe/c8","commit_stats":{"total_commits":275,"total_committers":43,"mean_commits":6.395348837209302,"dds":0.6254545454545455,"last_synced_commit":"1ec3cc41ff1aeb59bb040ee9c143a09054ac413b"},"previous_names":[],"tags_count":68,"template":false,"template_full_name":null,"purl":"pkg:github/bcoe/c8","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcoe%2Fc8","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcoe%2Fc8/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcoe%2Fc8/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcoe%2Fc8/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bcoe","download_url":"https://codeload.github.com/bcoe/c8/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcoe%2Fc8/sbom","scorecard":{"id":228585,"data":{"date":"2025-08-11","repo":{"name":"github.com/bcoe/c8","commit":"ec4c5e4bb172f90f06b7a84ba42d6c89b145a8cc"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.5,"checks":[{"name":"Code-Review","score":5,"reason":"Found 10/17 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yaml:1","Warn: no topLevel permission defined: .github/workflows/release-please.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/release-please.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/release-please.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bcoe/c8/release-please.yml/main?enable=pin","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   2 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: ISC License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T04:21:18.100Z","repository_id":27001590,"created_at":"2025-08-17T04:21:18.101Z","updated_at":"2025-08-17T04:21:18.101Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29730793,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-22T20:09:16.275Z","status":"ssl_error","status_checked_at":"2026-02-22T20:09:13.750Z","response_time":110,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T17:01:13.110Z","updated_at":"2026-02-22T23:35:38.864Z","avatar_url":"https://github.com/bcoe.png","language":"JavaScript","readme":"# c8 - native V8 code-coverage\n\n[![ci](https://github.com/bcoe/c8/actions/workflows/ci.yaml/badge.svg)](https://github.com/bcoe/c8/actions/workflows/ci.yaml)\n![nycrc config on GitHub](https://img.shields.io/nycrc/bcoe/c8)\n[![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-yellow.svg)](https://www.conventionalcommits.org/)\n\nCode-coverage using [Node.js' built in functionality](https://nodejs.org/dist/latest-v10.x/docs/api/cli.html#cli_node_v8_coverage_dir)\nthat's compatible with [Istanbul's reporters](https://istanbul.js.org/docs/advanced/alternative-reporters/).\n\nLike [nyc](https://github.com/istanbuljs/nyc), c8 just magically works:\n\n```sh\nnpm i c8 -g\nc8 node foo.js\n```\n\nThe above example will output coverage metrics for `foo.js`.\n\n## CLI Options / Configuration\n\nc8 can be configured via command-line flags, a `c8` section in `package.json`, or a JSON configuration file on disk.\n\nA configuration file can be specified by passing its path on the command line with `--config` or `-c`. If no config option is provided, c8 searches for files named `.c8rc`, `.c8rc.json`, `.nycrc`, or `.nycrc.json`, starting from\n`cwd` and walking up the filesystem tree.\n\nWhen using `package.json` configuration or a dedicated configuration file, omit the `--` prefix from the long-form of the desired command-line option.\n\nHere is a list of common options. Run `c8 --help` for the full list and documentation.\n\n| Option | Description | Type | Default |\n| ------ | ----------- | ---- | ------- |\n| `-c`, `--config` | path to JSON configuration file | `string` | See above |\n| `-r`, `--reporter` | coverage reporter(s) to use | `Array\u003cstring\u003e` | `['text']` |\n| `-o`, `--reports-dir`, `--report-dir` | directory where coverage reports will be output to | `string` | `./coverage` |\n| `--all` | see [section below](#checking-for-full-source-coverage-using---all) for more info | `boolean` | `false` |\n| `--src` | see [section below](#checking-for-full-source-coverage-using---all) for more info | `Array\u003cstring\u003e` | `[process.cwd()]`|\n| `-n`, `--include` | see [section below](#checking-for-full-source-coverage-using---all) for more info | `Array\u003cstring\u003e` | `[]` (include all files) |\n| `-x`, `--exclude` | see [section below](#checking-for-full-source-coverage-using---all) for more info | `Array\u003cstring\u003e` | [list](https://github.com/istanbuljs/schema/blob/master/default-exclude.js) |\n| `--exclude-after-remap` | see [section below](#exclude-after-remap) for more info | `boolean` | `false` |\n| `-e`, `--extension` | only files matching these extensions will show coverage | `string \\| Array\u003cstring\u003e` | [list](https://github.com/istanbuljs/schema/blob/master/default-extension.js) |\n| `--skip-full` | do not show files with 100% statement, branch, and function coverage | `boolean` | `false` |\n| `--check-coverage` | check whether coverage is within thresholds provided | `boolean` | `false` |\n| `--per-file` | check thresholds per file | `boolean` | `false` |\n| `--temp-directory` | directory V8 coverage data is written to and read from | `string` | `process.env.NODE_V8_COVERAGE` |\n| `--clean` | should temp files be deleted before script execution | `boolean` | `true` |\n| `--experimental-monocart` | see [section below](#using-monocart-coverage-reports-experimental) for more info | `boolean` | `false` |\n\n## Checking for \"full\" source coverage using `--all`\n\nBy default v8 will only give us coverage for files that were loaded by the engine. If there are source files in your\nproject that are flexed in production but not in your tests, your coverage numbers will not reflect this. For example,\nif your project's `main.js` loads `a.js` and `b.js` but your unit tests only load `a.js` your total coverage\ncould show as `100%` for `a.js` when in fact both `main.js` and `b.js` are uncovered.\n\nBy supplying `--all` to c8, all files in directories specified with `--src` (defaults to `cwd`) that pass the `--include`\nand `--exclude` flag checks, will be loaded into the report. If any of those files remain uncovered they will be factored\ninto the report with a default of 0% coverage.\n\n## SourceMap Support\n\n`c8` can handle source-maps, for remapping coverage from generated code to original source files (_useful for TypeScript, JSX, etc_).\n\n### Source map files versus inline source maps\n\nJust-in-time instrumented codebases will often insert source maps inline with the `.js` code they generate at runtime (e.g, `@babel/register` can be configured to insert a source map footer).\n\nPre-instrumented codebases, e.g., running `tsc` to generate `.js` in a build folder, may generate either inline source maps, or a separate `.map` file stored on disk.\n\n`c8` can handle loading both types of source maps.\n\n### Exclude after remap\n\nDepending on the size and configuration of your project, it may be preferable to apply exclusion logic either before or after source-maps are used to remap compiled to original source files.\n\n`--exclude-after-remap` is used to control this behaviour.\n\n## c8 report\n\nrun `c8 report` to regenerate reports after `c8` has already been run.\n\n## Checking coverage\n\nc8 can fail tests if coverage falls below a threshold.\nAfter running your tests with c8, simply run:\n\n```sh\nc8 check-coverage --lines 95 --functions 95 --branches 95\n```\n\nc8 also accepts a `--check-coverage` shorthand, which can be used to\nboth run tests and check that coverage falls within the threshold provided:\n\n```sh\nc8 --check-coverage --lines 100 npm test\n```\n\nThe above check fails if coverage falls below 100%.\n\nTo check thresholds on a per-file basis run:\n\n```sh\nc8 check-coverage --lines 95 --per-file\n```\n\nIf you want to check for 100% coverage across all dimensions, use `--100`:\n\n```sh\nc8 --100 npm test\n```\n\nIs equivalent to\n\n```sh\nc8 --check-coverage --lines 100 --functions 100 --branches 100 --statements 100  npm test\n```\n\nThe `--100` flag can be set for the `check-coverage` as well:\n\n```sh\nc8 check-coverage --100\n```\n\n## Using Monocart coverage reports (experimental)\nMonocart is an alternate library for outputting [v8 code coverage](https://v8.dev/blog/javascript-code-coverage) data as Istanbul reports.\n\nMonocart also provides reporters based directly on v8's byte-offset-based output. Such as, `console-details` and `v8`. This removes a complex transformation step and may be less bug prone for some environments.\n\n**Example usage:**\n\n```sh\nc8 --experimental-monocart --reporter=v8 --reporter=console-details node foo.js\n```\n\nNOTE: Monocart requires additional `monocart-coverage-reports` to be installed:\n\n```sh\nnpm i monocart-coverage-reports@2 --save-dev\n```\n\n## Ignoring Uncovered Lines, Functions, and Blocks\n\nSometimes you might find yourself wanting to ignore uncovered portions of your\ncodebase. For example, perhaps you run your tests on Linux, but\nthere's some logic that only executes on Windows.\n\nTo ignore lines, blocks, and functions, use the special comment:\n\n`/* c8 ignore next */`.\n\n### Ignoring the next line\n\n```js\nconst myVariable = 99\n/* c8 ignore next */\nif (process.platform === 'win32') console.info('hello world')\n```\n\n### Ignoring the next N lines\n\n```js\nconst myVariable = 99\n/* c8 ignore next 3 */\nif (process.platform === 'win32') {\n  console.info('hello world')\n}\n```\n\n### Ignoring all lines until told\n\n```js\n/* c8 ignore start */\nfunction dontMindMe() {\n  // ...\n}\n/* c8 ignore stop */\n```\n\n### Ignoring a block on the current line\n\n```js\nconst myVariable = 99\nconst os = process.platform === 'darwin' ? 'OSXy' /* c8 ignore next */ : 'Windowsy'\n```\n\n## Supported Node.js Versions\n\nc8 uses [native V8 coverage](https://github.com/nodejs/node/pull/22527),\nmake sure you're running Node.js `\u003e= 12`.\n\n## Contributing to `c8`\n\nSee the [contributing guide here](./CONTRIBUTING.md).\n","funding_links":[],"categories":["JavaScript","Repository","others","Packages"],"sub_categories":["Testing","Testing \u0026 Coverage"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbcoe%2Fc8","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbcoe%2Fc8","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbcoe%2Fc8/lists"}