Start Free
10.6 | Analyzing source code | Languages | JavaScript/TypeScript/CSS

Was this page helpful?


On this page

Requirements and recommendations

This section describes requirements or recommendations regarding the machine running the scanner that are specific to the analysis of JavaScript/TypeScript/CSS. For general requirements, see General requirements on scanner environment.


A minimum of 4GB memory is recommended.

To allow the analysis to use more memory, see Slow or unresponsive analysis in the Troubleshooting section below.


The scanner performs the analysis using the Node.js runtime environment. No Node.js installation is required if your architecture is Linux x64, Windows x64, or Apple ARM64. 

Otherwise, you will need to provide the Node.JS runtime yourself on the scanner machine. The scanner will retrieve the Node.js runtime according to the following options and in the following order:

  1. The Node.js defined through the parameter sonar.nodejs.executable (absolute path to Node.js) if the runtime version is compatible.
  2. The Node.js downloaded by the scanner from the SonarQube server during analysis if the detected architecture is one of the supported ones: Linux x64, Windows x64, and Apple ARM64.
  3. The Node.js defined with node in the PATH if the runtime version is compatible.

If your architecture is neither Linux x64, Windows x64, nor Apple ARM64 then you must set up option 1 or 3 (to know how to set up option 1, see Analysis parameters). In that case, we recommend using the active LTS of Node.js, currently v20. Otherwise, Node.js v18.17.0 is the minimum supported version.


If you have a community plugin for CSS analysis installed on your SonarQube instance it will conflict with analysis of CSS, so it should be removed.

Language-specific properties

Discover and update the JavaScript/TypeScript properties in Administration > General Settings > Languages > JavaScript/TypeScript.

Discover and update the CSS properties in Administration > General Settings > CSS.


Slow or unresponsive analysis

On a big project, more memory may need to be allocated to analyze the project. This would be manifested by analysis getting stuck and the following stack trace might appear in the logs

ERROR: Failed to get response while analyzing [file].ts timeout

You can use sonar.javascript.node.maxspace property to allow the analysis to use more memory. Set this property to 4096 or 8192 for big projects. This property should be set in file or on command line for scanner (with -Dsonar.javascript.node.maxspace=4096).

File encoding errors

If you encounter file encoding errors, use sonar.sourceEncoding=UTF-8 configuration. To know how to perform this configuration, see Analysis parameters.

Default exclusions for JS/TS

By default, analysis will exclude files from dependencies in usual directories, such as node_modulesbower_componentsdistvendor, and external. It will also ignore .d.ts files. If for some reason analysis of files in these directories is desired, it can be configured by setting sonar.javascript.exclusions property to empty value, i.e. sonar.javascript.exclusions="", or to comma separated list of paths to be excluded. This property will exclude only JavaScript/TypeScript files, while sonar.exclusions property will exclude all files. sonar.exclusions property should be preferred to configure general exclusions for the project.

By default, analysis will exclude all files whose size is greater than 1000 KB. To change this limit, set the sonar.javascript.maxFileSize property on scanner side, or change the limit in the UI (Maximum size of analyzed files field under Project Settings > General Settings > Languages>JavaScript / TypeScript (at project level) or Administration> General Settings > Languages>JavaScript / TypeScript (at global level)).

Detection of code bundles

The analyzer will attempt to detect bundled code or generated code. This means code that was automatically transformed and optimized with tools such as Webpack and similar. We consider generated code out of scope of the analysis since developers are not able to act upon the findings in such code. Whenever generated code is detected, the analysis will print a log message: once per the whole project on INFO level, and for each file on the DEBUG level. If you want to opt-in for analyzing the generated code or in case the detection is incorrect, you can disable it by setting sonar.javascript.detectBundles=false.

Custom rules for JS/TS

Custom rules are not supported by the analyzer. As an alternative we suggest you to have a look at ESLint. It provides custom rules that you can then import thanks to the External issues feature.

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License