{"id":22362790,"url":"https://github.com/danmasta/mocha-sonar","last_synced_at":"2026-05-01T15:39:29.258Z","repository":{"id":34295796,"uuid":"174278622","full_name":"danmasta/mocha-sonar","owner":"danmasta","description":"SonarQube XML reporter for Mocha","archived":false,"fork":false,"pushed_at":"2024-06-16T09:54:58.000Z","size":205,"stargazers_count":0,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-21T23:11:29.912Z","etag":null,"topics":["mocha","reporter","sonarqube","xml"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danmasta.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-07T05:36:12.000Z","updated_at":"2024-03-25T19:10:51.000Z","dependencies_parsed_at":"2024-06-20T22:09:01.672Z","dependency_job_id":null,"html_url":"https://github.com/danmasta/mocha-sonar","commit_stats":{"total_commits":36,"total_committers":2,"mean_commits":18.0,"dds":0.02777777777777779,"last_synced_commit":"ddbf34e48d06a4abadf2e77ea35f864435b07fbd"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/danmasta/mocha-sonar","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danmasta%2Fmocha-sonar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danmasta%2Fmocha-sonar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danmasta%2Fmocha-sonar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danmasta%2Fmocha-sonar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danmasta","download_url":"https://codeload.github.com/danmasta/mocha-sonar/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danmasta%2Fmocha-sonar/sbom","scorecard":{"id":321246,"data":{"date":"2025-08-11","repo":{"name":"github.com/danmasta/mocha-sonar","commit":"ddbf34e48d06a4abadf2e77ea35f864435b07fbd"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.3,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 1/21 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 11 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T01:24:45.792Z","repository_id":34295796,"created_at":"2025-08-18T01:24:45.792Z","updated_at":"2025-08-18T01:24:45.792Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32503203,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mocha","reporter","sonarqube","xml"],"created_at":"2024-12-04T17:11:45.056Z","updated_at":"2026-05-01T15:39:29.240Z","avatar_url":"https://github.com/danmasta.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Mocha Sonar Reporter\nSonarQube XML reporter for Mocha\n\nFeatures:\n* Generate xml reports compatible with [SonarQube](https://www.sonarqube.org/)\n* Ability to also write to stdout\n* Ability to define custom reporter for stdout\n* Silent mode to disable output\n* Customize output file path and/or name\n\n## About\nWe needed the ability to generate xml reports for unit tests and import them to [SonarQube](https://www.sonarqube.org/). There are a few libraries that attempt to help with this, but they all were either outdated, generated incompatible xml, or only logged xml to stdout. This library will let you generate unit test execution reports in a format compatible with [sonarqube generic test format](https://docs.sonarqube.org/latest/analysis/generic-test/#header-2) and write them to a file. You can also pipe output to a secondary reporter for a human readable view as well.\n\n## Usage\nAdd mocha-sonar as a dependency for your app and install via npm\n```bash\nnpm install @danmasta/mocha-sonar --save-dev\n```\nUse the reporter for tests\n```bash\nmocha -R @danmasta/mocha-sonar tests\n```\n\n### Options\nOptions can be passed using the `reporterOptions` field in mocha options, or the `--reporter-options` field via command line\n\nname | description\n-----|-------------\n`cwd` | Location to use to generate relative file paths for tests. Default is `process.cwd()`\n`output` | File path where you would like the sonar xml report to be saved. Default is `./coverage/sonar.xml`\n`delimiter` | Delimiter to use to join names for nested tests. Default is `' '`\n`reporter` | Name of the reporter you would like to use for console output. Default is `list`\n`silent` | If `true` disables secondary reporter output. Default is `false`\n`spaces` | Number of spaces to use when formatting xml output. Default is `4`\n\n## Examples\nUse mocha-sonar from command line\n```bash\nmocha -R @danmasta/mocha-sonar ./tests/unit/**/*.js\n```\n\nPass options to npm test command\n```bash\nnpm run test -- --reporter=@danmasta/mocha-sonar --reporter-options --reporter=nyan,delimeter=::\n```\n\nCoverage reports with [nyc](https://github.com/istanbuljs/nyc)\n```bash\nnyc --reporter=lcov mocha -R @danmasta/mocha-sonar ./tests/unit/**/*.js\n```\n\nUse mocha and/or nyc as [gulp](https://github.com/gulpjs/gulp) tasks\n```js\nconst spawn = require('child_process').spawn;\nconst gulp = require('gulp');\n\ngulp.task('test', () =\u003e {\n    return spawn('mocha -R @danmasta/mocha-sonar ./tests/unit/**/*.js', {\n        shell: true,\n        stdio: ['inherit', 'inherit', 'inherit']\n    });\n});\n\ngulp.task('coverage', () =\u003e {\n    return spawn('nyc --reporter=lcov mocha -R @danmasta/mocha-sonar ./tests/unit/**/*.js', {\n        shell: true,\n        stdio: ['inherit', 'inherit', 'inherit']\n    });\n});\n\ngulp.task('default', gulp.series('test', 'build'));\ngulp.task('publish', gulp.series('coverage', 'build', 'deploy'));\n```\n\n## Contact\nIf you have any questions feel free to get in touch\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanmasta%2Fmocha-sonar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanmasta%2Fmocha-sonar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanmasta%2Fmocha-sonar/lists"}