Gathering detailed insights and metrics for eslint-plugin-sonarjs
Gathering detailed insights and metrics for eslint-plugin-sonarjs
SonarSource Static Analyzer for JavaScript and TypeScript
Installations
npm install eslint-plugin-sonarjsDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
18.20.4
NPM Version
10.7.0
Statistics
1,059 Stars
4,517 Commits
183 Forks
53 Watching
54 Branches
82 Contributors
Updated on 28 Nov 2024
Bundle Size
10.37 MB
Minified
2.41 MB
Minified + Gzipped
Languages
TypeScript (57.13%)
Java (24.11%)
HTML (13.61%)
JavaScript (4.76%)
CSS (0.15%)
Vue (0.07%)
SCSS (0.06%)
Less (0.04%)
Shell (0.02%)
Dockerfile (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
133,122,683
Last day
-4.7%
223,824
Compared to previous day
Last week
0.4%
1,241,788
Compared to previous week
Last month
-0.8%
5,275,163
Compared to previous month
Last year
47.6%
54,551,619
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
23
@babel/core@babel/eslint-parser@babel/plugin-proposal-decorators@babel/preset-env@babel/preset-flow@babel/preset-react@eslint-community/regexpp@typescript-eslint/eslint-plugin@typescript-eslint/utilsbuiltin-modulesbyteseslint-plugin-importeslint-plugin-jsx-a11yeslint-plugin-reacteslint-plugin-react-hookseslint-scopefunctional-red-black-treejsx-ast-utilsminimatchscslresemvertypescriptvue-eslint-parser
Peer Dependencies
1
Versions
This SonarSource project is a static code analyzer for the JavaScript, TypeScript, and CSS languages to produce Clean code.
:arrow_right: Have some feedback?
This repository now hosts eslint-plugin-sonarjs, our plugin for ESLint.
Features
- Advanced rules based on pattern matching and control flow analysis
- 406 JS rules and 411 TS rules
- 26 CSS rules
- Compatible with ECMAScript 2015-2020
- React JSX, Flow, Vue, and AWS lambda functions support for JavaScript and TypeScript
- CSS, SCSS, SASS, Less, also 'style' inside HTML and VueJS files
- Metrics (complexity, number of lines, etc.)
- Import of test coverage reports
- Import of ESLint, TSLint, and Stylelint issues
Documentation
You can find documentation here
Have question or feedback?
SonarSource Community Forum
If you want to report a bug, request a feature, or provide other kind of feedback, please use SonarQube Community Forum. Please do not forget to specify the details of your request, code reproducer, and versions of projects you use.
Contributing
Prerequisites
To work on this project, it is required to have the following tools installed:
How-to
1. Request a new feature
To request a new feature, create a new thread in SonarSource Community Forum. Even if you plan to implement it yourself and submit it back to the community, please create a thread to be sure that we can follow up on it.
2. Pull Request
To submit a contribution, create a pull request for this repository. Please make sure that you follow our code style and that all tests are passing.
Work with us
Would you like to work on this project full-time? We are hiring! Check out https://www.sonarsource.com/hiring
License
Copyright 2011-2024 SonarSource.
SonarQube analyzers released after November 29, 2024, including patch fixes for prior versions, are published under the Sonar Source-Available License Version 1 (SSALv1).
See individual files for details that specify the license applicable to each file. Files subject to the SSALv1 will be noted in their headers.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/PullRequestClosed.yml:13
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/SubmitReview.yml:13
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/releasability.yml:13
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/releasability.yml:12
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:14
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/typedoc.yml:13
- Warn: no topLevel permission defined: .github/workflows/PullRequestClosed.yml:1
- Warn: no topLevel permission defined: .github/workflows/PullRequestCreated.yml:1
- Warn: no topLevel permission defined: .github/workflows/RequestReview.yml:1
- Warn: no topLevel permission defined: .github/workflows/SubmitReview.yml:1
- Warn: no topLevel permission defined: .github/workflows/dogfood.yml:1
- Warn: no topLevel permission defined: .github/workflows/releasability.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/release_eslint_plugin.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/typedoc.yml:7
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/PullRequestClosed.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/PullRequestClosed.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/PullRequestClosed.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/PullRequestClosed.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/PullRequestCreated.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/PullRequestCreated.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/PullRequestCreated.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/PullRequestCreated.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/RequestReview.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/RequestReview.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/RequestReview.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/RequestReview.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/SubmitReview.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/SubmitReview.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/SubmitReview.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/SubmitReview.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dogfood.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/dogfood.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dogfood.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/dogfood.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/releasability.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/releasability.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release_eslint_plugin.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/release_eslint_plugin.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release_eslint_plugin.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/release_eslint_plugin.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release_eslint_plugin.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/release_eslint_plugin.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/typedoc.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/typedoc.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/typedoc.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/typedoc.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/typedoc.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarSource/SonarJS/typedoc.yml/master?enable=pin
- Warn: containerImage not pinned by hash: .cirrus/alpine.Dockerfile:2
- Warn: containerImage not pinned by hash: .cirrus/alpine.Dockerfile:4: pin your Docker image by updating eclipse-temurin:17-alpine to eclipse-temurin:17-alpine@sha256:4708e1a2c3baa0855eb9b3e6ae6285c8640d574c25ba74fddf6b8a17ccc3673f
- Warn: containerImage not pinned by hash: .cirrus/nodejs.Dockerfile:2
- Warn: containerImage not pinned by hash: .cirrus/nodejs16.Dockerfile:2
- Warn: downloadThenRun not pinned by hash: .cirrus/nodejs.Dockerfile:8-10
- Warn: downloadThenRun not pinned by hash: .cirrus/nodejs16.Dockerfile:8-10
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 15 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 containerImage dependencies pinned
- Info: 0 out of 2 downloadThenRun dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
15 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-57j2-w4cx-62h2
- Warn: Project is vulnerable to: GHSA-jjjh-jjxp-wpff
- Warn: Project is vulnerable to: GHSA-rgv9-q543-rqg4
- Warn: Project is vulnerable to: GHSA-3f7h-mf4q-vrm4
- Warn: Project is vulnerable to: GHSA-w33c-445m-f8w7
- Warn: Project is vulnerable to: GHSA-2qp4-g3q3-f92w
- Warn: Project is vulnerable to: GHSA-cqj8-47ch-rvvq
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Score
5.5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More