didkit VS nyc

We have a CI pipeline for a cross-platform Rust library, and it currently takes an hour across C, Android, iOS, Java, etc. and different combinations of cryptographic libraries. This is probably something we’ll tune over this or next quarter. We also seem to be hitting some GitHub actions limits in terms of storage.

https://github.com/spruceid/didkit/runs/2468746631

Hello HN,

My name is Wayne Chang, co-founder of Spruce Systems, Inc. (https://spruceid.com). Spruce builds open source software that allows for the signed issuance of data to users that can then be verified. For example, transaction histories, educational qualifications, and reputation from online platforms.

I grew up on the Internet like many of you. I spent a lot of time on IRC where people frequently tried to dox others, and grew a profound respect for privacy as a result. When your online identity is a big part of who you are, it means a lot more when someone violates your privacy. Online identities will become a lot more of who everyone is, as we’ve seen especially over the past 12 hectic months. Today, we don’t have the right tools to assert control over our own identities or data, and we’re trying to change that with Spruce.

When you download your data from Google Takeout, you get a big .zip file that can’t really be used for anything but backups. The same is true with Facebook and LinkedIn. Most services don’t have automated data export and are only required to provide data when you ask.

Using new standards from W3C called Verifiable Credentials and Decentralized Identifiers, our software allows statements about people, places, and things to be issued as a package, linked together, digitally signed, and cryptographically verified. For example, employees can receive digital proofs of employment to get a mortgage. Gig economy workers can port their ratings from one system to another in a way they control. Data sets can travel along with signed statements that they have been stripped of personally identifiable information. By allowing data to move out of silos and increasingly into the hands of their owners, we can loosen the grip of a few large companies in owning everything.

These standards are already being adopted by big players open to data portability including Microsoft (issuance via Active Directory), Workday (portable work histories), the Digital Credentials Consortium (MIT/Harvard/UC Berkeley diplomas and coursework), and the World Health Organization (privacy-preserving vaccination records).

This technology could fundamentally change how we interact digitally. Instead of advertisers profiling people behind their backs, people can just present their credit card histories from Yodlee to get better offers at competitors. In web services, users can upgrade their accounts if they prove they belong to certain alumni networks. Businesses can reduce fraud and improve conversion while users regain control of their information, like if 1Password could store structured documents and also demonstrate their authenticity, untampered from their origins.

At Spruce, we’ve built a cross-platform Rust library called DIDKit that supports the use of Verifiable Credentials, Decentralized Identifiers, and many adjacent specifications in a neat bundle. Through customer feedback, we have grown the list of supported platforms to include Java, C/C++, and Node.js, with many more on the way. We further embed DIDKit into a Flutter application called Credible that runs on Android, iOS, and in the browser through WebAssembly/asm.js. It’s all open source under Apache 2.0. We make money by selling commercial tools, project roadmap commitments, and support contracts.

A great place to start is by building the DIDKit CLI tool and running the example credential issuance and verification shell script on your local GNU/Linux or MacOS machine (also works with Windows using WSL 2).

https://spruceid.dev/docs/didkit/#quickstart

https://spruceid.dev/docs/didkit/example--core-functions-in-...

We invite you to leave feedback about our engineering approach, platforms you’d like to see supported, and interesting use cases that would benefit people if their data were more portable and provably authentic.

You can find our repos here:

DIDKit: https://github.com/spruceid/didkit

Credible: https://github.com/spruceid/credible

Docs: https://spruceid.dev/docs/

Native code coverage via v8 or istanbul.

Writing tests is essential, and knowing whether you test all the required cases for your logic is even more critical. The most common testing coverage tool is Istanbul, where you can see how well your tests exercise your code by lines, functions, and branches. Below is an example of how the test coverage report looks in your terminal:

Here is a quote from istanbul, one of the most used code coverage tool:

Unit testing framework was already implemented, using Vitest so I started hacking by setting up a coverage provider to explicitly identify the covered/uncovered lines and mentioned this to the maintainer in the comments. I used Istanbul 🇹🇷 for this purpose.

Your project probably has a coverage report. If you’re using Jest as your unit test runner, generating a coverage report is embedded in it. It is done with Istanbul under the hood, which generates a nice HTML page presenting the entire project unit test coverage.

> This is a rant written by someone with just enough understanding to be dangerous, but not quite enough wisdom to know why things are still the way they are. Most of the complaints raised are subtly inaccurate.

Author seems aware of CAP_NET_BIND_SERVICE: https://source.small-tech.org/site.js/app/-/issues/169 and https://github.com/istanbuljs/nyc/issues/1281 – the "side effects" are NodeJS explicitly checking for it, so that's a NodeJS thing and not a Linux thing.

Yet curiously it's completely unmentioned in this article, in spite that this is probably what started the author's dislike of privileged ports. I guess it was inconvenient as it got in the way of angrily ranting.

This approach will create two json coverage files, which will be merged together by NYC. Therefore the results will be purely local. If You don't mind using online tools like Codecov or Coveralls for merging data from different tests, then go ahead and use them. They will probably also be more accurate. But if You still want to learn how to get coverage from E2E, then please read through

https://istanbul.js.org/ measures how much of your code is covered by tests

Jest uses a package called Istanbul to provide test coverage metrics such as statement, branch, function, and line coverage so that you can understand and enforce the quality of your test suite, providing more confidence in releases.

So let’s see if nyc (the code coverage generator) can help with that. Hmm… this documentation seems interesting! So basically what I understand from it is that I need to collect all the reports from the different packages and then run the nyc report over it. The flow should be like this: