Code Quality and Security for JavaScript

SonarSource delivers what is probably the best static code analysis you can find for JavaScript. It uses the most advanced techniques (pattern matching, dataflow analysis) to find Code Smells, Bugs, and Security Vulnerabilities. As with everything we develop at SonarSource, it was built on the principles of depth, accuracy, and speed.

SonarSource's JavaScript analysis has a great coverage of well-established quality standards. This capability is available in Eclipse and IntelliJ for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or cloud-based SonarCloud.

Samples of Issues Detected
 
Always true condition
Always true condition
Dead code
Dead code
Wrong parameter type
Wrong parameter type
Same branches
Same branches
Always false condition
Always false condition
Unexpected Argument
Unexpected Argument
Supported Frameworks and Language Standards

SonarSource's JavaScript analysis supports

  • ECMAScript 5 / ECMAScript 2015 (ECMAScript 6) / ECMAScript 2016 / ECMAScript 2017
  • React JSX
  • Vue.js
  • Flow
Metrics

SonarSource's JavaScript analysis supports all the standard metrics implemented by SonarQube including Cognitive Complexity. Additionally, it supports the import of LCOV test coverage reports.

Custom Rules

SonarSource's JavaScript analysis supports custom rules written in Java.

Free & Open Source

Github

Issue Tracker

Use in community edition

See all editions


Related Content