By
SonarSource and Eriks Nukis
–
GNU LGPL 3
–
Issue Tracker
–
Sources
–
Supported by SonarSource
More versions
SonarJS 5.0
– Oct 04, 2018
– SonarQube 6.7+ (Compatible with LTS)
5 new rules Download – Release notes |
Description
Enables the powerful SonarJS analyzer.
Prerequisites
- Node.js >=6
First Analysis of a JavaScript Project
- Install SonarQube Server (see Setup and Upgrade for more details)
- Install SonarQube Scanner and be sure your can call sonar-scanner from the directory where you have your source code
- Install SonarJS (see Installing a Plugin for more details)
Run your analysis with the SonarQube Scanner by executing the following command from the root directory of the project:
sonar-scanner -Dsonar.projectKey=xxx -Dsonar.sources=.
- Follow the link provided at the end of the analysis to browse your project's quality in SonarQube UI
Further Analyses
Assuming steps 1-3 above have already been completed, you'll want to encapsulate your analysis parameters in a sonar-project.properties file at the root of your project (see a sample project on GitHub: https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner). Then subsequent analyses can simply be run with:
sonar-scanner
Configuring Quality Profiles
SonarJS provides 2 Quality Profiles out of the box: "Sonar way" (default) and "Sonar way Recommended".
"Sonar way" Profile
The "Sonar way" Quality Profile is activated by default. It defines a trimmed list of high-value/low-noise rules useful in almost any JS development context. You can check out the list of rules belonging to "Sonar way" on SonarCloud.
"Sonar way Recommended" Profile SINCE 3.0
"Sonar way Recommended" contains all rules from "Sonar way" (bugs and pitfall detection), plus more rules that mandate high code readability and long-term project evolution. You can check out the list of rules belonging to "Sonar way Recommended" on SonarCloud.
Above Predefined Rule Profiles
By using SonarQube UI you can create your own Quality Profiles and activate even more rules which are valuable in your development context. We recommend that you look at the following rules, which are highly valuable but whose activation depends on your environment and coding principles or which require some configuration.
- "Non-existent properties should not be read" S3759 (should be activated if you don't use monkey patching)
- "Non-existent variables should not be referenced" S3827 (requires configuration)
- "Objects should not be created to be dropped immediately without being used" ConstructorFunctionsForSideEffects (activate, if you agree that constructors should not have side effects)
- "Variables should be declared with "let" or "const"" S3504. Activate, if you use ES2015. Find more rules with tag "es2015".
- "Variables should be defined in the blocks where they are used" S2392 (forces you to declare variables in the most narrow scope)
- "Variables should not be shadowed" VariableShadowing (forces you to not shadow variables declared in outer scope)
Advanced Usage
With SonarJS, you can also:
- import Coverage Results
- import ESLint issues reports
- use Grunt to run your analysis
- create your own Custom Rules BETA
Advanced Configuration
Property | Scope | Example | Description |
---|---|---|---|
sonar.javascript.jQueryObjectAliases | Project-wide | $, jQuery, jQ | SINCE 2.5 Comma-separated list of names used to address jQuery object. Default value is "$, jQuery". NOTE These names are used only to detect jQuery usages, they are not used to build the list of globals. |
sonar.javascript.environments | Project-wide | browser, jquery, amd | SINCE 2.20 Comma-separated list of environments names. The analyzer automatically adds global variables based on that list. Available environment names: amd, applescript, atomtest, browser, commonjs, couch, embertest, greasemonkey, jasmine, jest, jquery, meteor, mocha, mongo, nashorn, node, phantomjs, prototypejs, protractor, qunit, rhino, serviceworker, shared-node-browser, shelljs, webextensions, worker, wsh, yui. By default all environments are included. |
sonar.javascript.globals | Project-wide | Backbone, IS_DEBUG | SINCE 2.20 Comma-separated list of global variables. Default value is "angular,goog,google,OpenLayers,d3,dojo,dojox,dijit,Backbone,moment,casper". |
sonar.javascript.exclusions | Project-wide | libs/** | SINCE 3.3 List of file path patterns to be excluded from analysis of JavaScript files. Default value is `**/node_modules/**,**/bower_components/**` |
sonar.nodejs.executable | Project-wide | /Users/John/bin/node | SINCE 5.0 Set this property to absolute path to Node.js executable, if standard `node` is not available. |