Skip to end of metadata
Go to start of metadata

By SonarSource and Eriks Nukis – GNU LGPL 3 – Issue TrackerSources – Supported by SonarSource
More versions
SonarJS 4.2.1 – Aug 10, 2018 – SonarQube 6.7+ (Compatible with LTS)
Fix a bug related to custom rules and introduced in 4.2.
DownloadRelease notes

Description

Enables the powerful SonarJS analyzer.

First Analysis of a JavaScript Project

  1. Install SonarQube Server (see Setup and Upgrade for more details)
  2. Install SonarQube Scanner and be sure your can call sonar-scanner from the directory where you have your source code
  3. Install SonarJS (see Installing a Plugin for more details)
  4. Run your analysis with the SonarQube Scanner by executing the following command from the root directory of the project:

    sonar-scanner -Dsonar.projectKey=xxx -Dsonar.sources=.
  5. Follow the link provided at the end of the analysis to browse your project's quality in SonarQube UI

Further Analyses

Assuming steps 1-3 above have already been completed, you'll want to encapsulate your analysis parameters in a sonar-project.properties file at the root of your project (see a sample project on GitHub: https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner). Then subsequent analyses can simply be run with:

sonar-scanner

Configuring Quality Profiles

SonarJS provides 2 Quality Profiles out of the box: "Sonar way" (default) and "Sonar way Recommended".

"Sonar way" Profile

The "Sonar way" Quality Profile is activated by default. It defines a trimmed list of high-value/low-noise rules useful in almost any JS development context. You can check out the list of rules belonging to "Sonar way" on SonarCloud.

"Sonar way Recommended" Profile SINCE 3.0

"Sonar way Recommended" contains all rules from "Sonar way" (bugs and pitfall detection), plus more rules that mandate high code readability and long-term project evolution. You can check out the list of rules belonging to "Sonar way Recommended" on SonarCloud.

Above Predefined Rule Profiles

By using SonarQube UI you can create your own Quality Profiles and activate even more rules which are valuable in your development context. We recommend that you look at the following rules, which are highly valuable but whose activation depends on your environment and coding principles or which require some configuration.

  • "Non-existent properties should not be read" S3759 (should be activated if you don't use monkey patching)
  • "Non-existent variables should not be referenced" S3827 (requires configuration)
  • "Objects should not be created to be dropped immediately without being used" ConstructorFunctionsForSideEffects (activate, if you agree that constructors should not have side effects)
  • "Variables should be declared with "let" or "const"" S3504. Activate, if you use ES2015. Find more rules with tag "es2015".
  • "Variables should be defined in the blocks where they are used" S2392 (forces you to declare variables in the most narrow scope)
  • "Variables should not be shadowed" VariableShadowing (forces you to not shadow variables declared in outer scope)

Advanced Usage

With SonarJS, you can also:

Advanced Configuration

 

Property

Scope

Example

Description

sonar.javascript.jQueryObjectAliases

Project-wide$, jQuery, jQ

SINCE 2.5

Comma-separated list of names used to address jQuery object. Default value is "$, jQuery".

NOTE These names are used only to detect jQuery usages, they are not used to build the list of globals.

sonar.javascript.environments

Project-widebrowser, jquery, amd

SINCE 2.20

Comma-separated list of environments names. The analyzer automatically adds global variables based on that list.

Available environment names: amd, applescript, atomtest, browser, commonjs, couch, embertest, greasemonkey, jasmine, jest, jquery, meteor, mocha, mongo, nashorn, node, phantomjs, prototypejs, protractor, qunit, rhino, serviceworker, shared-node-browser, shelljs, webextensions, worker, wsh, yui. By default all environments are included.

sonar.javascript.globals

Project-wideBackbone, IS_DEBUG

SINCE 2.20

Comma-separated list of global variables. Default value is "angular,goog,google,OpenLayers,d3,dojo,dojox,dijit,Backbone,moment,casper".

sonar.javascript.exclusionsProject-widelibs/**

SINCE 3.3

List of file path patterns to be excluded from analysis of JavaScript files. Default value is `**/node_modules/**,**/bower_components/**`

  • No labels