sonarqube-scanner
Advanced tools
@sonar/scan makes it very easy to trigger SonarQube Server
and Cloud analyses on a JavaScript code base, without needing
to install any specific tool or (Java) runtime.
This module is analyzed on SonarQube Cloud.
This is the documentation for v4. If you are using v3, refer to the v3 documentation.
Prerequisite: Node v18+ (for v4 and above)
Prerequisite: Node v16+ (for v3, otherwise use sonarqube-scanner v2.9.1)
This package is available on npm as: @sonar/scan
To install the scanner globally and be able to run analyses on the command line:
npm install -g @sonar/scan
If you want to run an analysis without having to configure anything in the first place, simply run the sonar command. The following
example assumes that you have installed SonarQube Server locally:
cd my-project
sonar
or you can use npx without installing:
cd my-project
npx @sonar/scan
For the extended information, please refer to its documentation.
@sonar/scan is licensed under the LGPL v3 License.
ESLint is a widely-used tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. It is highly configurable and can be extended with custom rules. Unlike sonarqube-scanner, ESLint focuses solely on linting JavaScript code and does not provide the comprehensive static analysis features of SonarQube.
JSHint is another popular static code analysis tool for JavaScript. It helps detect errors and potential problems in your JavaScript code. While it is similar to ESLint, JSHint is less configurable and has fewer features compared to ESLint and sonarqube-scanner.
TSLint is a linter for TypeScript code, providing static analysis and code quality checks. It is similar to ESLint but specifically designed for TypeScript. TSLint is now deprecated in favor of ESLint with TypeScript support, and it does not offer the extensive analysis capabilities of sonarqube-scanner.
FAQs
SonarQube/SonarCloud Scanner for the JavaScript world
The npm package sonarqube-scanner receives a total of 497,868 weekly downloads. As such, sonarqube-scanner popularity was classified as popular.
We found that sonarqube-scanner demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 17 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.
Security News
NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.