add test coverage info

[hereje]

vitest coverage

• add vitest coverage to script
• add dependency related to test coverage

Fixes: #631

┆Issue is synchronized with this Notion page by Unito

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​vitest/​coverage-v8@​3.2.4

View full report

[comfy-pr-bot]

Test Evidence Check

⚠️ Warning: Test Explanation Missing

If this PR modifies behavior that requires testing, a test explanation is required. PRs lacking applicable test explanations may not be reviewed until added. Please add test explanations to ensure code quality and prevent regressions.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added a Vitest coverage script and the V8 coverage provider to package.json to enable test coverage reporting with Vitest (coverage was previously configured via Jest).

Changes

Cohort / File(s)	Summary
Test Coverage Configuration package.json	Added test:coverage script (vitest run --coverage) and added devDependency @vitest/coverage-v8 (3.2.4) to enable V8-based coverage reporting for Vitest.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The PR adds Vitest coverage configuration by introducing a test:coverage script and @vitest/coverage-v8 dependency, addressing the core requirement in issue #631 to restore unit test coverage info.
Out of Scope Changes check	✅ Passed	The PR changes are limited to adding test coverage functionality (script and dependency) which are directly related to the linked issue #631 objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Fix all issues with AI Agents 🤖

In @package.json:
- Line 53: Add a coverage section to the test object in vite.config.ts:
configure provider as "v8", set reporters (e.g., "text", "lcov", "json"), and
define coverage thresholds for lines/branches/functions/statements to enforce
minimums; update the test configuration used by vitest (the test object in
vite.config.ts) so the "test:coverage" npm script uses these settings. Also
align version pinning between vitest and @vitest/coverage-v8 by either removing
the caret from @vitest/coverage-v8 to match a fixed version or changing vitest
to use a caret, ensuring both packages update together.
- Line 83: The dependency "@vitest/coverage-v8" is pinned to "3.2.4" while
"vitest" uses a caret-prefixed version; update the package.json entry for
"@vitest/coverage-v8" to "^3.2.4" so versioning strategy matches "vitest" (keep
the same minor/patch but allow caret-based updates) and run your package manager
install to update lockfile accordingly.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aa394bd and 005c317.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• package.json

🧰 Additional context used

🧠 Learnings (15)

📓 Common learnings

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/integration-testing.mdc:0-0
Timestamp: 2025-11-25T20:49:40.925Z
Learning: Applies to tests/integration/**/*.spec.ts : Add screenshots for visual regression testing in integration tests

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/vitest.mdc:0-0
Timestamp: 2025-11-25T20:50:25.371Z
Learning: Applies to tests/unit/**/*.test.{js,ts} : Use `vitest` for unit testing

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-18T19:46:11.878Z
Learning: Applies to tests/unit/**/*.{test,spec}.ts : Use Vitest for creating unit tests; do not attempt to create custom testing infrastructure

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/vitest.mdc:0-0
Timestamp: 2025-11-25T20:50:25.371Z
Learning: Applies to tests/unit/**/*.test.{js,ts} : Do not build custom testing infrastructure; use Vitest and existing helpers

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/vitest.mdc:0-0
Timestamp: 2025-11-25T20:50:25.371Z
Learning: Applies to tests/unit/**/*.test.{js,ts} : Prefer the use of `test.extend` over loose variables in Vitest tests

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-18T19:46:11.878Z
Learning: Applies to tests/integration/**/*.{test,spec}.ts : Use Playwright for E2E testing; configure tests in `tests/integration/` with subdirectories for `install/`, `post-install/`, and `shared/`

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-18T19:46:11.878Z
Learning: Test changes with both unit tests (Vitest) in `tests/unit/` and E2E tests (Playwright) in `tests/integration/`

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-25T20:49:50.649Z
Learning: Applies to tests/integration/**/*.spec.ts : Prefer imports from `testExtensions.ts` over Playwright defaults in spec files

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/integration-testing.mdc:0-0
Timestamp: 2025-11-25T20:49:40.925Z
Learning: Applies to tests/integration/**/*.spec.ts : Import fixtures from testExtensions.ts, not raw Playwright

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/integration-testing.mdc:0-0
Timestamp: 2025-11-25T20:49:40.925Z
Learning: Applies to tests/integration/**/*.spec.ts : Use Playwright + TypeScript for Electron testing in integration tests

📚 Learning: 2025-11-25T20:50:25.371Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/vitest.mdc:0-0
Timestamp: 2025-11-25T20:50:25.371Z
Learning: Applies to tests/unit/**/*.test.{js,ts} : Use `vitest` for unit testing

Applied to files:

• package.json

📚 Learning: 2025-11-25T20:50:25.371Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/vitest.mdc:0-0
Timestamp: 2025-11-25T20:50:25.371Z
Learning: Applies to tests/unit/**/*.test.{js,ts} : Do not build custom testing infrastructure; use Vitest and existing helpers

Applied to files:

• package.json

📚 Learning: 2025-12-18T19:46:11.878Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-18T19:46:11.878Z
Learning: Applies to tests/unit/**/*.{test,spec}.ts : Use Vitest for creating unit tests; do not attempt to create custom testing infrastructure

Applied to files:

• package.json

📚 Learning: 2025-11-25T20:50:25.371Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/vitest.mdc:0-0
Timestamp: 2025-11-25T20:50:25.371Z
Learning: Run `yarn test:unit` before committing changes

Applied to files:

• package.json

📚 Learning: 2025-11-25T20:50:25.371Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/vitest.mdc:0-0
Timestamp: 2025-11-25T20:50:25.371Z
Learning: Applies to tests/unit/**/*.test.{js,ts} : Prefer the use of `test.extend` over loose variables in Vitest tests

Applied to files:

• package.json

📚 Learning: 2025-12-18T19:46:11.878Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-18T19:46:11.878Z
Learning: Applies to tests/integration/**/*.{test,spec}.ts : Use Playwright for E2E testing; configure tests in `tests/integration/` with subdirectories for `install/`, `post-install/`, and `shared/`

Applied to files:

• package.json

📚 Learning: 2025-11-25T20:49:40.925Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/integration-testing.mdc:0-0
Timestamp: 2025-11-25T20:49:40.925Z
Learning: Organize integration tests using Playwright test projects: install, post-install-setup, post-install, and post-install-teardown

Applied to files:

• package.json

📚 Learning: 2025-11-25T20:49:40.925Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/integration-testing.mdc:0-0
Timestamp: 2025-11-25T20:49:40.925Z
Learning: Applies to tests/integration/**/*.spec.ts : Use Playwright + TypeScript for Electron testing in integration tests

Applied to files:

• package.json

📚 Learning: 2025-12-18T19:46:11.878Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-18T19:46:11.878Z
Learning: Test changes with both unit tests (Vitest) in `tests/unit/` and E2E tests (Playwright) in `tests/integration/`

Applied to files:

• package.json

📚 Learning: 2025-11-25T20:49:50.649Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-25T20:49:50.649Z
Learning: Playwright project uses Playwright for end-to-end testing

Applied to files:

• package.json

📚 Learning: 2025-12-18T19:46:11.878Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-18T19:46:11.878Z
Learning: Always run code quality commands (`yarn lint`, `yarn format`, `yarn typescript`) after making changes

Applied to files:

• package.json

📚 Learning: 2025-12-18T19:46:11.878Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-18T19:46:11.878Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use ESLint and Prettier for code formatting; run `yarn lint` and `yarn format` before committing

Applied to files:

• package.json

📚 Learning: 2025-12-18T19:46:11.878Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-18T19:46:11.878Z
Learning: Use Vite for building and bundling; maintain separate Vite configs for main, preload, and types

Applied to files:

• package.json

📚 Learning: 2025-12-18T19:46:11.878Z

Learnt from: CR
Repo: Comfy-Org/desktop PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-18T19:46:11.878Z
Learning: Run `yarn typescript` to check for type errors before committing

Applied to files:

• package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find vitest configuration files
fd -e ts -e js -e mjs -e config | grep -i vitest | head -20

Repository: Comfy-Org/desktop

Length of output: 43

---

🏁 Script executed:

# Check package.json for relevant dependencies and scripts
cat -n package.json | grep -E '(vitest|coverage|test:)' | head -30

Repository: Comfy-Org/desktop

Length of output: 342

---

🏁 Script executed:

# Search for coverage configuration in the codebase
rg -n "coverage" --type=ts --type=js -g "*vitest*" | head -20

Repository: Comfy-Org/desktop

Length of output: 209

---

🏁 Script executed:

# Search more broadly for vitest config files
find . -type f -name "vitest*" | head -20

Repository: Comfy-Org/desktop

Length of output: 87

---

🏁 Script executed:

# Search for coverage configuration anywhere in the codebase
rg "coverage" --type=ts --type=js -A 2 | head -40

Repository: Comfy-Org/desktop

Length of output: 43

---

🏁 Script executed:

# List all config-related files in the root
ls -la | grep -E "(vitest|config)"

Repository: Comfy-Org/desktop

Length of output: 777

---

🏁 Script executed:

# Check if vitest configuration is in vite.config.ts
cat -n vite.config.ts

Repository: Comfy-Org/desktop

Length of output: 2188

---

🏁 Script executed:

# Check if any vitest configuration exists in package.json
cat -n package.json | grep -A 20 -B 5 "vitest"

Repository: Comfy-Org/desktop

Length of output: 3091

---

Add coverage configuration to vite.config.ts.

The test:coverage script will run but lacks proper coverage configuration. The test object in vite.config.ts needs a coverage section specifying the provider (v8), reporter formats, and coverage thresholds. Without this, the coverage command will use incomplete defaults.

Additionally, consider removing the caret from @vitest/coverage-v8 (currently pinned to 3.2.4) to match the version pinning approach of vitest (^3.2.4), or vice versa, to ensure both packages update together.

🤖 Prompt for AI Agents

In @package.json around line 53, Add a coverage section to the test object in
vite.config.ts: configure provider as "v8", set reporters (e.g., "text", "lcov",
"json"), and define coverage thresholds for lines/branches/functions/statements
to enforce minimums; update the test configuration used by vitest (the test
object in vite.config.ts) so the "test:coverage" npm script uses these settings.
Also align version pinning between vitest and @vitest/coverage-v8 by either
removing the caret from @vitest/coverage-v8 to match a fixed version or changing
vitest to use a caret, ensuring both packages update together.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read package.json to verify vitest and @vitest/coverage-v8 versions
cat -n package.json | sed -n '75,110p'

Repository: Comfy-Org/desktop

Length of output: 1354

---

🌐 Web query:

@vitest/coverage-v8 latest version npm

💡 Result:

The latest published version of @vitest/coverage-v8 is 4.0.16 (tagged latest, published Dec 16, 2025). [1][2]

Install: npm i -D @vitest/coverage-v8@4.0.16.

Sources: [1] Yarn package page (latest: 4.0.16). [2] Snyk/npm metadata showing 4.0.16.

---

🌐 Web query:

@vitest/coverage-v8 3.2.4 security vulnerabilities advisories

💡 Result:

Short answer: No known security advisories specifically affecting @vitest/coverage-v8 version 3.2.4.

Details:

• Snyk and package scanners report no direct vulnerabilities for @vitest/coverage-v8 (v3.2.4). [1]
• A critical Vitest WebSocket RCE (CVE-2025-24964) was disclosed (patched in Vitest 3.0.5+). that advisory affects Vitest core versions up through 3.0.4; it does not apply to @vitest/coverage-v8 3.2.4. [2][3]

If you want, I can:

• search other advisories/databases (GitHub Security Advisories, NVD, OSV) for completeness, or
• scan your project for indirect dependency issues.

Sources:
[1] Snyk — @vitest/coverage-v8 (package page).
[2] NVD — CVE-2025-24964.
[3] OpenCVE / advisory summaries for CVE-2025-24964.

---

🌐 Web query:

@vitest/coverage-v8 4.0.16 vitest version compatibility requirement

💡 Result:

@vitest/coverage-v8@4.0.16 requires the matching Vitest version (i.e., vitest v4 — use the same version as the coverage package, e.g. vitest@4.0.16). [1][2]

Sources:
[1] jsDelivr package listing for @vitest/coverage-v8 (version 4.0.16).
[2] Community guidance / troubleshooting recommending the coverage package and vitest be the same version.

---

Consider using a caret prefix for version consistency.

The version is pinned without a caret (^), which is inconsistent with the vitest dependency on line 100 (^3.2.4). Consider using ^3.2.4 to align versioning strategies.

🔎 Proposed fix

-    "@vitest/coverage-v8": "3.2.4",
+    "@vitest/coverage-v8": "^3.2.4",

Note: Version 3.2.4 has no security advisories. A newer major version (4.0.16) exists but requires vitest@4.x, which would be a breaking upgrade outside the scope of this consistency fix.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"@vitest/coverage-v8": "3.2.4",
	"@vitest/coverage-v8": "^3.2.4",

🤖 Prompt for AI Agents

In @package.json around line 83, The dependency "@vitest/coverage-v8" is pinned
to "3.2.4" while "vitest" uses a caret-prefixed version; update the package.json
entry for "@vitest/coverage-v8" to "^3.2.4" so versioning strategy matches
"vitest" (keep the same minor/patch but allow caret-based updates) and run your
package manager install to update lockfile accordingly.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/vite-plugin-dts@4.5.4 → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm safer-buffer is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: ? → npm/@sentry/wizard@3.38.0 → npm/safer-buffer@2.1.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report