Installing the SonarScanner for NPM

Depending on how you want to start the SonarScanner for NPM, you will use a different installation method:

• To start the scanner by adding the analysis to your build files: add the package to your project devDependencies.
• To start the scanner from the command line: install the package in global mode.
• To run analyses with npx: no installation is required.

Prerequisites

To analyze JavaScript, TypeScript, or CSS code, the SonarScanner for NPM requires that your Node.js must be at least 18.20.0.

See also the Scanner environment page for additional requirements.

Adding the scanner to your project devDependencies

Use the following command:

npm install -D @sonar/scan

Installing the scanner in global mode

Use the following command:

npm install -g @sonar/scan

Performing advanced setup

Changing the scanner cache folder 

By default, the scanner binaries are cached into $HOME/.sonar/native-sonar-scanner folder. To use a custom cache folder instead of $HOME, set $SONAR_BINARY_CACHE.

Example:

export SONAR_BINARY_CACHE=/Users/myaccount/cache

or alternatively, set the variable in .npmrc:

sonar_binary_cache=/Users/myaccount/cache

Setting up the connection to a proxy server

In case the CI/CD host is behind a proxy, you must define the proxy-related analysis parameters required to connect to your proxy server to allow the scanner to download the scanner binaries. For more information, see Analysis parameters > Proxy. You may also use the HTTP_PROXY or HTTPS_PROXY environment variable.

Examples:

• sonar.scanner.proxyHost=mycompanyproxy.com
sonar.scanner.proxyPort=4254
sonar.scanner.proxyUser=sys
sonar.scanner.proxyPassword=e12iUp!
• HTTP_PROXY=http://user:password@mycompanyproxy.com:PORT

Troubleshooting the installation

Docker container: the scanner fails with ".../jre/bin/java: not found"

You are probably relying on Alpine for your Docker image, and Alpine does not include glibc by default. It needs to be installed manually.