SonarJS

SonarSource delivers what is probably the best static code analyzer you can find on the market for JavaScript. Based on our own JavaScript compiler front-end, it uses the most advanced techniques (pattern matching, dataflow analysis) to analyze code and find code smells, bugs and security vulnerabilities. As for any product we develop at SonarSource, it was built on the following principles: depth, accuracy and speed.

SonarJS has a great coverage of well-established quality standards. The SonarJS capability is available in Eclipse and IntelliJ for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or on-line SonarCloud.

Samples of Issues Detected
 
Always true condition Always true condition Always true condition
Dead code Dead code Dead code
Wrong parameter type Wrong parameter type Wrong parameter type
Same branches Same branches Same branches
Always false condition Always false condition Always false condition
Unexpected Argument Unexpected Argument Unexpected Argument
Supported Frameworks and Language Standards

SonarJS supports

  • ECMAScript 5 / ECMAScript 2015 (ECMAScript 6) / ECMAScript 2016 / ECMAScript 2017
  • React JSX
  • Vue.js
  • Flow
Metrics

Code Coverage by Tests: SonarJS supports the import of LCOV test coverage reports.

Custom Rules

SonarJS supports custom rules written in Java.

Free & Open Source

Github

Issue Tracker

Use in community edition

See all editions


Related Content