JavaScript language logo

JavaScript static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your JavaScript code

Get started for free
  • .Bug
  • .Security Vulnerability
  • .Security Hotspot
  • .Code Smell

Language versions

through ECMAScript 2019 (10th Edition)

Frameworks

React JSX, Vue.js, Flow

Web frameworks

Node.js, Express

Database APIs

sequelize, pg, pg-pool, pg-promise, mysql, mysql2, sqlite3, better-sqlite3, knex, MongoDB node.js, Mongoose ODM

JavaScript Coverage of OWASP TOP 10 2017

JavaScript coverage of OWASP TOP 10 2017

Security
Vulnerability 		Security
Hotspot
A1 Injection
A2 Broken Authentication
A3 Sensitive Data Exposure
A4 XML External Entities (XXE)
A5 Broken Access control
A6 Security misconfigurations
A7 Cross Site Scripting (XSS)
A8 Insecure Deserialization
A9 Using Components with known vulnerabilities
A10 Insufficient logging and monitoring
javascript language logo

Get started analyzing
your JavaScript projects
today!

Get started for free
Other languages
Java language logo
C# language logo
C language logo
C++ language logo
JavaScript language logo
TypeScript language
Python language logo
Go language logo
Swift language logo
Cobol language
Apex language logo
PHP language logo
Kotlin language logo
Ruby language logo
Scala language logo
HTML language logo
CSS language logo
ABAP language
Flex language logo
PL/I language
PL/SQL language
RPG language
T-SQL language
VB.NET language logo
VB6 language
XML language

Product announcements delivered directly to your inbox!

We will never share your email address or spam you

A SonarSource™ Product

Get Started

Features

Get Involved

About SonarQube

© 2008-2019, SonarSource S.A, Switzerland. All content is copyright protected. SONARQUBE and SONARSOURCE are trademarks of SonarSource SA.

All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.

Privacy Policy | Distributed under LGPL v3