Installing Vitest and coverage providers adds npm packages to the selected project environment; pin reviewed versions and use project-local installs., Coverage runs execute the project test suite and can use test fixtures, network mocks, databases, or generated artifacts configured by the project., Vitest coverage can clean the configured reports directory before a run; confirm the reports directory is disposable before enabling coverage in shared workflows., Threshold changes can block or unblock CI; review threshold updates separately from test additions., The source ZIP is external and version-pinned for reference; package trust should remain a maintainer decision.
Privacy notes
Coverage output can reveal source paths, module names, uncovered function names, branch structure, report file names, and project layout., HTML, JSON, LCOV, and JUnit artifacts can include snippets, line ranges, and package structure from the reviewed project., Keep public review notes focused on aggregate gaps, file groups, risk areas, and validation commands; omit sensitive implementation details that do not need to be public.
Current risk score 16/100. Use staged verification before broader rollout.
Risk 16
Pre-adoption checks
Validate source and review signals before any execution.
Confirm source provenanceRequired
Source URL/provenance metadata is present.
Done
Confirm metadata review state
Listing has review metadata.
Done
Verify install payload
Install/config payload exists and can be inspected.
Done
Security checks
Confirm safety, privacy, and package integrity signals.
Review safety notesRequired
Safety notes are present.
Done
Review privacy notesRequired
Privacy notes are present.
Done
Verify package integrity metadata
No package verification/checksum metadata.
Pending
Rollout
Adopt in controlled steps based on the selected plan.
Run in isolated sandbox firstRequired
Use a constrained sandbox and observe behavior across multiple tasks.
Pending
Roll out graduallyRequired
Roll out to a small cohort before wider usage.
Pending
Set monitoring and fallback
Define rollback path and monitor errors after adoption.
Pending
Evidence readiness
Evidence readiness matrix · balanced
Required evidence gates are covered (5/6 signals complete).
Risk 15
Source provenance
Present
Source repository/provenance is listed.
Required in this preset
Metadata review
Present
Review metadata is present.
Required in this preset
Safety notes
Present
Safety notes are present.
Required in this preset
Privacy notes
Present
Privacy notes are present.
Optional in this preset
Package integrity
Missing
Package integrity metadata is missing.
Optional in this preset
Install payload
Present
Install payload is available.
Required in this preset
Required evidence gates are covered for this preset.
Decision timeline
Decision timeline · balanced
5/6 steps complete with no blocking gaps for this preset.
Risk 14
triage
Confirm source provenanceRequired
Source/provenance metadata is available.
Done
triage
Check metadata review statusRequired
Review metadata is available.
Done
verify
Review safety notesRequired
Safety notes are available.
Done
verify
Review privacy notes
Privacy notes are available.
Done
verify
Validate package integrity metadata
Package integrity metadata is missing.
Pending
rollout
Verify install payload and commandsRequired
Install payload is available.
Done
No required blockers for this timeline preset.
Prerequisite readiness
Prerequisite readiness
5 prerequisites to line up before setup.
0/5 ready
Configuration1Network & hosting1General3
Safety & privacy surface
Safety & privacy surface
5 safety and 3 privacy notes across 4 risk areas. Review closely: network access, third-party handling.
4 areas
SafetyThird-party handlingInstalling Vitest and coverage providers adds npm packages to the selected project environment; pin reviewed versions and use project-local installs.
SafetyNetwork accessCoverage runs execute the project test suite and can use test fixtures, network mocks, databases, or generated artifacts configured by the project.
SafetyLocal filesVitest coverage can clean the configured reports directory before a run; confirm the reports directory is disposable before enabling coverage in shared workflows.
SafetyGeneralThreshold changes can block or unblock CI; review threshold updates separately from test additions.
SafetyGeneralThe source ZIP is external and version-pinned for reference; package trust should remain a maintainer decision.
PrivacyLocal filesCoverage output can reveal source paths, module names, uncovered function names, branch structure, report file names, and project layout.
PrivacyGeneralHTML, JSON, LCOV, and JUnit artifacts can include snippets, line ranges, and package structure from the reviewed project.
PrivacyLocal filesKeep public review notes focused on aggregate gaps, file groups, risk areas, and validation commands; omit sensitive implementation details that do not need to be public.
Safety notes
Installing Vitest and coverage providers adds npm packages to the selected project environment; pin reviewed versions and use project-local installs.
Coverage runs execute the project test suite and can use test fixtures, network mocks, databases, or generated artifacts configured by the project.
Vitest coverage can clean the configured reports directory before a run; confirm the reports directory is disposable before enabling coverage in shared workflows.
Threshold changes can block or unblock CI; review threshold updates separately from test additions.
The source ZIP is external and version-pinned for reference; package trust should remain a maintainer decision.
Privacy notes
Coverage output can reveal source paths, module names, uncovered function names, branch structure, report file names, and project layout.
HTML, JSON, LCOV, and JUnit artifacts can include snippets, line ranges, and package structure from the reviewed project.
Keep public review notes focused on aggregate gaps, file groups, risk areas, and validation commands; omit sensitive implementation details that do not need to be public.
Prerequisites
JavaScript or TypeScript project using Vitest or evaluating a Vitest coverage gate
Test command, package manager, and `vitest.config` or Vite config
Current coverage report, changed-file context, or uncovered source inventory
Project risk areas, owner expectations, and release policy for test gaps
Agreement on whether coverage is advisory, blocking, per-file, or trend-based
.gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md
cursor
Adapter
.cursor/rules/<skill-name>.mdc
cli
Manual
AGENTS.md or tool-specific context file
Full copyable content
# Trigger
"Apply the Vitest coverage planning capability pack to this test coverage gap."
# Required output
1) Vitest package/source version and coverage provider inventory
2) Coverage scope, include/exclude, reporters, and threshold review
3) Coverage gap findings with prioritized test-plan recommendations
4) Validation plan and merge, hold, or follow-up recommendation
About this resource
Knowledge Freshness
This capability pack is pinned to Vitest 4.1.8, source tag v4.1.8, npm metadata, and coverage documentation verified on 2026-06-03. The reviewed package metadata requires Node ^20.0.0, ^22.0.0, or >=24.0.0.
Prefer current Vitest docs, npm metadata, and pinned source files over model memory for provider behavior, coverage options, thresholds, reporters, and CLI behavior.
Scope Note
This is not a generic TDD rule pack, a stop-hook coverage report, or a test-suite generation command. Use it for human-in-the-loop planning of Vitest coverage scope, provider choice, gap triage, threshold policy, changed-file reports, and release gates.
Core Workflow
Confirm Vitest version, Node runtime, package manager, coverage provider package, source tag, and coverage command used for review.
Inventory test configuration: vitest.config, Vite config, test.coverage, scripts, reporters, output files, and CI command.
Choose or validate provider strategy. Use V8 when fast runtime collection fits the environment; consider Istanbul when instrumentation scope or non-V8 runtime constraints matter.
Review coverage scope: coverage.include, coverage.exclude, uncovered-file inclusion, generated files, test files, fixtures, and package boundaries.
Review report settings: reportsDirectory, reporter list, LCOV/JSON/HTML/JUnit needs, reportOnFailure, and whether the report format supports the reviewer workflow.
Review thresholds: lines, functions, branches, statements, per-file behavior, negative uncovered-item limits, and any auto-update policy.
Triage gaps by product risk rather than percentage alone: core flows, error paths, adapters, edge cases, state transitions, and recent change areas.
Build a coverage plan: tests to add, tests to refactor, low-value files to exclude with rationale, thresholds to ratchet, and checks to run before merge.
Produce a recommendation with blockers, safe follow-ups, threshold proposal, validation commands, and owner decisions.
Capability Scope
Vitest package/source verification
Coverage provider selection
Coverage include/exclude review
Threshold and per-file policy review
Reporter and artifact planning
Changed-file coverage triage
Coverage gap prioritization
Evidence-based merge or follow-up recommendation
Compatibility
Native
Claude Code / Claude: use as a reusable Agent Skill for Vitest coverage planning and test-gap review.
Codex/OpenAI workflows: use as SKILL.md-style instructions for coverage review and release-gate planning.
Manual Adaptation
Windsurf and Gemini: adapt the workflow and output contract into their skill formats.
Cursor and Generic AGENTS files: convert the production rules and validation checklist into repository-level test coverage guidance.
Required Inputs
Vitest version and coverage provider package
Test command and package manager
vitest.config or Vite config
Current coverage output or changed-file context
Project risk areas and release policy
Owner expectations for thresholds, exclusions, and follow-up work
Production Rules
Do not judge test adequacy by aggregate percentage alone; connect gaps to product risk and recent changes.
Do not add broad exclusions without a written reason and owner agreement.
Treat threshold decreases, auto-update changes, and per-file policy changes as release-impacting until reviewed.
Include uncovered source files intentionally; otherwise untouched files can disappear from the report.
Keep generated code, fixtures, and test helpers out of coverage only when the exclusion is deliberate.
Prefer small, risk-based threshold ratchets over unrealistic all-at-once coverage targets.
Keep coverage planning separate from test execution success; passing tests can still leave critical branches uncovered.
Fix: Configure coverage.include with source globs so uncovered files are present in the report.
Issue: V8 coverage is unexpectedly slow
Fix: Check module count and runtime environment. Compare V8 with Istanbul when instrumentation can limit the measured file set.
Issue: Thresholds fail on unrelated files
Fix: Separate global and per-file thresholds, check changed-file scope, and decide whether the failure reflects product risk or stale baseline policy.
Issue: Report artifacts are too noisy for review
Fix: Use targeted reporters such as text-summary, LCOV, JSON, or JUnit depending on whether reviewers need quick triage, CI annotations, or trend ingestion.
Issue: Coverage improves but misses important behavior
Fix: Review branch and function coverage for core workflows, error paths, adapters, and state transitions instead of relying only on line coverage.
Validation Checklist
Vitest version, source tag, npm metadata, and coverage docs verified.
Node runtime requirement checked.
Coverage provider selected and provider package identified.
Include/exclude scope reviewed.
Reports directory and reporter list checked.
Thresholds reviewed for global, per-file, and uncovered-item behavior.
Changed-file and product-risk gaps triaged.
Exclusions documented with rationale.
Validation commands and artifacts recorded.
Merge, hold, request-changes, or follow-up recommendation documented.
Show that Vitest Coverage Planning Capability Pack Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/skills/vitest-coverage-planning-capability-pack)
How it compares
Vitest Coverage Planning Capability Pack Skill side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
✓Installing Vitest and coverage providers adds npm packages to the selected project environment; pin reviewed versions and use project-local installs.
Coverage runs execute the project test suite and can use test fixtures, network mocks, databases, or generated artifacts configured by the project.
Vitest coverage can clean the configured reports directory before a run; confirm the reports directory is disposable before enabling coverage in shared workflows.
Threshold changes can block or unblock CI; review threshold updates separately from test additions.
The source ZIP is external and version-pinned for reference; package trust should remain a maintainer decision.
✓Installing reg-suit adds npm packages to the selected project environment; pin the reviewed package version and avoid global installs for review work.
reg-suit can publish image snapshots and HTML reports through storage plugins such as S3 or Google Cloud Storage; review destination configuration before running in shared CI.
Visual baselines can normalize accidental UI changes if accepted too casually; require owner approval for broad layout, color, text, or viewport changes.
The source ZIP is external and version-pinned for reference; package trust should remain a maintainer decision.
✓Installing Spectral adds npm packages to the selected project environment; pin the reviewed version and avoid global installs for review work.
Spectral can lint local files, globs, and remote contract URLs; review source locations before running checks in shared CI.
Ruleset changes can silently weaken future API gates; review disabled rules, severity changes, and overrides as release-impacting changes.
JavaScript rulesets and custom functions such as `.spectral.js` execute Node.js code; do not run attacker-supplied rulesets from untrusted PRs unless they have been inspected and executed in a sandboxed environment.
The source ZIP is external and version-pinned for reference; package trust should remain a maintainer decision.
✓Installing Renovate adds an npm package to the selected project environment; pin the reviewed version and avoid global installs for review work.
Renovate can update dependency manifests and lockfiles; review generated diffs before approving automerge or grouped updates.
Major upgrades, runtime dependencies, toolchain changes, and lockfile churn should be treated as release-blocking until tests and smoke checks pass.
The source ZIP is external and version-pinned for reference; package trust should remain a maintainer decision.
Privacy notes
✓Coverage output can reveal source paths, module names, uncovered function names, branch structure, report file names, and project layout.
HTML, JSON, LCOV, and JUnit artifacts can include snippets, line ranges, and package structure from the reviewed project.
Keep public review notes focused on aggregate gaps, file groups, risk areas, and validation commands; omit sensitive implementation details that do not need to be public.
✓Rendered UI images and reports can expose environment URLs, branch names, visible UI text, test account data, and product screenshots.
Storage and notification plugins can publish report links to CI systems, pull request comments, chat tools, or cloud buckets.
Keep public review notes focused on changed components, thresholds, artifact links, and summarized findings; omit sensitive rendered content that does not need to be public.
✓OpenAPI files can reveal internal route names, hostnames, example payloads, business object names, and planned endpoints.
Lint reports can include source paths, schema paths, rule names, snippets, and examples from the reviewed contract.
Keep public review notes focused on rule IDs, contract paths, compatibility impact, and summarized examples; omit details that do not need to be public.
✓Dependency metadata can reveal package names, repository layout, branch names, internal registry hosts, and release cadence.
Keep public review notes focused on package names, versions, config keys, and test results; omit operational details that do not need to be public.
Prerequisites
JavaScript or TypeScript project using Vitest or evaluating a Vitest coverage gate
Test command, package manager, and `vitest.config` or Vite config
Current coverage report, changed-file context, or uncovered source inventory
Project risk areas, owner expectations, and release policy for test gaps
UI change, pull request, or release candidate with rendered image artifacts
reg-suit configuration such as `regconfig.json`
Baseline image source, actual image directory, and generated report location
Threshold policy for accepted pixel or rate differences
OpenAPI v2, v3.0, or v3.1 contract file set
Spectral ruleset such as `.spectral.yaml` or an explicit ruleset path
Lint output, CI output, or proposed contract diff
API owner expectations for breaking changes, naming, examples, and release gates
Renovate dependency upgrade PR, config diff, or dependency dashboard item
Dependency manifest and lockfile diff for the reviewed package manager
Renovate config source such as `renovate.json`, package config, or inherited presets
Release notes, changelog, package metadata, or source tag for the updated dependency