Start Free
Latest | Analyzing source code | Scanners | SonarScanner for NPM | Installing the SonarScanner for NPM

Was this page helpful?

Installing the SonarScanner for NPM

On this page

Depending on how you want to start the SonarScanner for NPM, you will use a different installation method:

  • To start the scanner by adding the analysis to your build files: add the package to your project devDependencies.
  • To start the scanner from the command line: install the package in global mode.
  • To run analyses with npx: no installation is required.

Prerequisites

See General requirements on scanner environment.

Adding the scanner to your project devDependencies

Use the following command:

npm install -D sonarqube-scanner

Installing the scanner in global mode

Use the following command:

npm install -g sonarqube-scanner

Performing advanced setup

Changing the scanner cache folder 

By default, the scanner binaries are cached into $HOME/.sonar/native-sonar-scanner folder. To use a custom cache folder instead of $HOME, set $SONAR_BINARY_CACHE.

Example:

export SONAR_BINARY_CACHE=/Users/myaccount/cache

or alternatively, set the variable in .npmrc:

sonar_binary_cache=/Users/myaccount/cache

 Setting up the connection to a proxy server

In case the CI/CD host is behind a proxy, you must define the proxy-related analysis parameters required to connect to your proxy server to allow the scanner to download the scanner binaries. For more information, see Analysis parameters > Proxy. You may also use the HTTP_PROXY or HTTPS_PROXY environment variable.

Examples:

  • sonar.scanner.proxyHost=mycompanyproxy.com
    sonar.scanner.proxyPort=4254
    sonar.scanner.proxyUser=sys
    sonar.scanner.proxyPassword=e12iUp!
  • HTTP_PROXY=http://user:password@mycompanyproxy.com:PORT

If your SonarQube server is secured

If your SonarQube server is configured with HTTPS and a self-signed certificate then you must add the self-signed certificate to the trusted CA certificates of the SonarScanner. In addition, if mutual TLS is used then you must define the access to the client certificate at the SonarScanner level.

See Managing the TLS certificates on the client side.

Troubleshooting the installation

Docker container: the scanner fails with ".../jre/bin/java: not found"

You are probably relying on Alpine for your Docker image, and Alpine does not include glibc by default. It needs to be installed manually.

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License