Start Free
Latest | Analyzing source code | Scanners | SonarScanner for NPM | Introduction

Was this page helpful?

Introduction to the SonarScanner for NPM

On this page

The SonarScanner for NPM makes it very easy to trigger SonarQube analyses on a JavaScript code base, without needing any additional tool or resource.

Analysis process with the SonarScanner for NPM

To start the SonarScanner for NPM, you can:

  • Either add the analysis to your build files.
    In that case, the JS code API of the scanner is used.
  • Or use the scanner start command line (with or without npx).
    In that case, the command line API of the scanner is used.

The analysis process of your project with the SonarScanner for NPM is as follows:

  1. Your build or CI pipeline starts the SonarScanner for NPM. Analysis parameters can be passed to the scanner at this step.
  2. The scanner collects the other analysis parameters set on the CI/CD host.
  3. The scanner downloads the scanner binary files necessary to execute the analysis from the SonarQube Server and adds them to its cache.
  4. The scanner gets the project’s analysis parameters and other settings from the SonarQube Server.
  5. The scanner runs the analysis.
  6. The scanner informs the build or CI pipeline that its analysis is complete.

Installing the SonarScanner for NPM

Using the SonarScanner for NPM

Configuring the analysis parameters for the SonarScanner for NPM

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License