SonarJS

184 Rules

Offering a set of powerful rules, SonarJS is all you need to find bugs, vulnerabilities, and code smells in your JavaScript code. With SonarJS, monitoring your code quality is no longer a daunting task.


Bug
86

Vulnerability
9

Code Smell
89

Bug Detection Rules

Rule ID Name Sonar way Tags In Action
S3796 Callbacks of array methods should have return statements~64 issues
S2189 Loops should not be infinitecert~56 issues
S3828 "yield" expressions should not be used outside generatorses2015
S3827 Non-existent variables should not be referenced~18,065 issues
S3834 "Symbol" should not be used as a constructores2015
S3854 super() must be invoked appropriately~4 issues
S3812 Results of "in" and "instanceof" should be negated rather than operands~16 issues
S3785 "in" should not be used with primitive types~104 issues
S3686 Functions should not be called both with and without "new"~282 issues
S2549 The "changed" property should not be manipulated directlybackbone
S930 Function calls should not pass extra argumentscert, cwe, misra~1,248 issues
S2873 Calls should not be made to non-callable values~3,377 issues
S1764 Identical expressions should not be used on both sides of a binary operatorcert~1,324 issues
S3616 Comma and logical OR operators should not be used in switch cases
Duplicat. Property names should not be duplicated within a class or object literalpitfall~336 issues
S1154 Results of operations on strings should not be ignoredcert~1 issue
S3799 Destructuring patterns should not be empty~1 issue
S1751 Jump statements should not be used unconditionallycert, misra, unused~87 issues
S2201 Return values should not be ignored when function calls don't have any side effectscert, misra~322 issues
S3786 Template literal placeholder syntax should not be used in regular strings
S3782 Arguments to built-in functions should match documented types~305 issues
S3403 Strict equality operators should not be used with dissimilar types~369 issues
S905 Non-empty statements should change control flow or have at least one side-effectcert, cwe, misra, unused~68 issues
S1143 Jump statements should not occur in "finally" blockscert, cwe, error-handling~245 issues
S2757 "=+" should not be used instead of "+="~1 issue
S3758 Values not convertible to numbers should not be used in numeric comparisons~441 issues
S3759 Non-existent properties shouldn't be accessed for reading~4,010 issues
S3757 Arithmetic operations should not result in "NaN"~469 issues
BoundOrA. "eval" and "arguments" should not be bound or assignedpitfall~3 issues
S2688 "NaN" should not be used in comparisonscert~27 issues
Construc. Objects should not be created to be dropped immediately without being used~58 issues
S3699 The output of functions that don't return anything should not be used~243 issues
S2583 Conditions should not unconditionally evaluate to "true" or to "false"cert, cwe, misra, pitfall~4,632 issues
S1656 Variables should not be self-assignedcert~224 issues
S2234 Parameters should be passed in the correct order~142 issues
S1145 Useless "if(true) {...}" and "if(false){...}" blocks should be removedcwe, misra~1 issue
S2870 "delete" should not be used on arrays~62 issues
S2999 "new" operators should be used with functions~9 issues
S878 Comma operator should not be usedmisra
S1994 "for" loop incrementers should modify the variable being tested in the loop's stop conditionsuspicious~388 issues
S3531 Generators should "yield" somethinges2015, suspicious~5 issues
S2681 Multiline blocks should be enclosed in curly bracescert, cwe~22 issues
Duplicat. Function argument names should be unique~3 issues
ForIn "for...in" loops should filter properties before acting on them~7,789 issues
S2692 "indexOf" checks should not be for positive numberssuspicious~327 issues
S1697 Short-circuit logic should be used to prevent null pointer dereferences in conditionals
S2424 Built-in objects should not be overriddenconfusing
S1219 "switch" statements should not contain non-case labelsmisra, suspicious~2 issues
EqEqEq "===" and "!==" should be used instead of "==" and "!="suspicious~3,864 issues
S1854 Dead stores should be removedcert, cwe, suspicious, unused~17,561 issues
S1862 Related "if/else if" statements and "cases" in a "switch" should not have the same conditioncert, pitfall, unused~310 issues
S2432 Setters should not return values
S3003 Comparison operators should not be used with stringssuspicious~34 issues
S2550 "defaults" should be a function when objects or arrays are usedbackbone
S2715 "find" should be used to select the children of an element known by idjquery, performance, user-experience
S2716 Universal selectors should not be usedjquery, performance, user-experience
S2714 Element type selectors should not be used with class selectorsjquery, performance, user-experience
S2762 Selections should be storedjquery, performance, user-experience
S2123 Values should not be uselessly incrementedunused
NonEmpty. Switch cases should end with an unconditional "break" statementcert, cwe, misra, suspicious~1,279 issues
Unreacha. Jump statements should not be followed by other statementscert, cwe, misra, unused~3,704 issues
S2259 Properties of variables with "null" or "undefined" values should not be accessedcert, cwe~1,821 issues
S3500 Attempts should not be made to update "const" variableses2015~2 issues
S2814 Variables and functions should not be redeclared~15,081 issues
S2898 "[type=...]" should be used to select elements by typejquery, performance
Function. Functions should not be defined inside loopssuspicious~3,738 issues
S2251 A "for" loop update clause should move the counter in the right directioncert~15 issues
FailedUn. Failed unit tests should be fixed
S1226 Function parameters, caught exceptions and foreach variables should not be reassignedmisra, pitfall
S2508 The names of model properties should not contain spacesbackbone
S1116 Empty statements should be removedcert, misra, unused~7,557 issues
S2990 The global "this" object should not be used~803 issues
S1871 Two branches in the same conditional structure should not have exactly the same implementationdesign, suspicious~5,435 issues
S1472 Function call arguments should not start on new linespitfall~986 issues
Function. Function declarations should not be made within blockscross-browser, user-experience~529 issues
S2427 The base should be provided to "parseInt"user-experience
S3402 Strings and non-strings should not be addedsuspicious~83 issues
ArrayAnd. Array and Object constructors should not be usedpitfall~4,102 issues
S3002 Unary operators "+" and "-" should not be used with objects~5 issues
S3001 "delete" should be used only with object properties~12 issues
Trailing. Trailing commas should not be usedcross-browser
Multilin. Multiline string literals should not be usedbad-practice~672 issues
NamedFun. Named function expressions should not be usedcross-browser, user-experience~1,105 issues
S2769 Selection results should be tested with "length"jquery
WithStat. "with" statements should not be used~180 issues
BitwiseO. Bitwise operators should not be usedpitfall~71,089 issues

Vulnerability Detection Rules

Rule ID Name Sonar way Tags In Action
S2817 Web SQL databases should not be usedhtml5, owasp-a6, owasp-a9
S3271 Local storage should not be usedowasp-a6
S2611 Untrusted content should not be includedcwe, sans-top25-risky
Eval Code should not be dynamically injected and executedcwe, owasp-a3~841 issues
S2819 Cross-document messaging domains should be carefully restrictedhtml5, owasp-a3
S3523 Function constructors should not be usedclumsy~967 issues
S2228 Console logging should not be usedowasp-a6, user-experience~8,729 issues
Debugger. Debugger statements should not be usedcwe, user-experience~23 issues
S1442 "alert(...)" should not be usedcwe, user-experience~757 issues

Code Smell Detection Rules

Rule ID Name Sonar way Tags In Action
S2137 Local variables should not shadow "undefined"~99 issues
Variable. Variables should be declared before they are usedpitfall~13,163 issues
FutureRe. "future reserved words" should not be used as identifierslock-in, pitfall~69 issues
S3513 "arguments" should not be accessed directlyapi-design, es2015
S1451 Track lack of copyright and license headers
OctalNum. Octal values should not be usedcert, misra, pitfall~541 issues
S2703 Variables should be declared explicitlypitfall~4,041 issues
S3509 Default parameters should not cause side effectses2015, pitfall
S3776 Cognitive Complexity of functions should not be too highbrain-overload~18,237 issues
S1186 Functions should not be emptysuspicious~13,306 issues
Function. Functions should not be too complexbrain-overload~17,201 issues
S3735 "void" should not be usedconfusing~7,941 issues
Conditio. Internet Explorer's conditional comments should not be usedcross-browser~15 issues
StrictMo. "strict" mode should be used with cautioncross-browser, user-experience~1,117 issues
S2208 Wildcard imports should not be usedes2015, pitfall
Variable. Variables should not be shadowedcert, misra, suspicious~1,465 issues
S3353 Unchanged variables should be marked "const"es2015~7,776 issues
CurlyBra. Control structures should use curly bracescert, misra, pitfall~1,605 issues
S1067 Expressions should not be too complexbrain-overload~17,594 issues
S2310 Loop counters should not be assigned to from within the loop bodypitfall~2,503 issues
S3525 Class methods should be used instead of "prototype" assignmentses2015
S3579 Array indexes should be numericbad-practice~63 issues
SwitchWi. "switch" statements should end with "default" clausescert, cwe, misra~5,584 issues
ElseIfWi. "if ... else if" constructs should end with "else" clausescert, misra
S888 Equality operators should not be used in "for" loop termination conditionscert, cwe, misra, suspicious~2 issues
NestedIf. Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeplybrain-overload~34,294 issues
S3504 Variables should be declared with "let" or "const"bad-practice, es2015
S3358 Ternary operators should not be nestedconfusing~17,850 issues
S3798 Variables and functions should not be declared in the global scope
S3800 Functions should always return the same typeconfusing~2,268 issues
S3801 Functions should use "return" consistentlyapi-design, confusing
S2376 Property getters and setters should come in pairspitfall~1,536 issues
Insuffic. Lines should have sufficient coverage by testsbad-practice
Insuffic. Branches should have sufficient coverage by testsbad-practice
S1134 Track uses of "FIXME" tagscwe~1,042 issues
S1119 Labels should not be usedconfusing~1,142 issues
S3760 Arithmetic operators should only have numbers as operandsconfusing
S2392 Variables should be defined in the blocks where they are usedpitfall
ParsingE. JavaScript parser failuresuspicious
LineLeng. Lines should not be too longconvention
TooManyB. Loops should not contain more than a single "break" or "continue" statementbrain-overload~3,215 issues
S104 Files should not have too many linesbrain-overload~30 issues
S881 Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expressioncert, misra
S1788 Function parameters with default values should be lastes2015~173 issues
S2685 "arguments.caller" and "arguments.callee" should not be usedobsolete~285 issues
Collapsi. Collapsible "if" statements should be mergedclumsy~6,262 issues
Assignme. Assignments should not be made from within sub-expressionscert, cwe, misra, suspicious~1,145 issues
UnusedFu. Unused function parameters should be removedcert, misra, unused~43,130 issues
LabelPla. Only "while", "do" and "for" statements should be labelledpitfall~1 issue
EmptyBlo. Nested blocks of code should not be left emptysuspicious~6,062 issues
Excessiv. Functions should not have too many parametersbrain-overload~1,761 issues
OneState. Statements should be on separate linesconvention~153,845 issues
CommentR. Track comments matching a regular expression
Commente. Sections of code should not be "commented out"misra, unused~21,787 issues
Conditio. The ternary operator should not be usedbrain-overload
S2770 Deprecated jQuery methods should not be usedjquery, obsolete
S138 Functions should not have too many linesbrain-overload~1,175 issues
Duplicat. Source files should not have any duplicated blockspitfall~20,601 issues
Insuffic. Source files should have a sufficient density of comment linesconvention
SkippedU. Skipped unit tests should be either removed or fixedpitfall
S1105 An open curly brace should be located at the end of a lineconvention
S1488 Local Variables should not be declared and then immediately returned or thrownclumsy~2,185 issues
S3723 Trailing commas should be usedconvention
SingleQu. Single quotes should be used for string literalsconvention
Trailing. Comments should not be located at the end of lines of codeconvention
MissingN. Files should contain an empty new line at the endconvention
S3317 Default export names and file names should matchconfusing, convention, es2015~450 issues
S1301 "switch" statements should have at least 3 "case" clausesbad-practice, misra~1,210 issues
Parenthe. Useless parentheses around expressions should be removed to prevent any misunderstandingconfusing~688 issues
S1264 A "while" loop should be used instead of a "for" loopclumsy~1,166 issues
S3499 Shorthand object properties should be grouped at the beginning or end of an object declarationconvention, es2015~385 issues
S3533 "import" should be used to include external codeconvention, es2015, obsolete
S3498 Object literal shorthand syntax should be usedconvention, es2015
S1126 Return of boolean expressions should not be wrapped into an "if-then-else" statementclumsy~220 issues
S1125 Boolean literals should not be redundantclumsy~1,385 issues
S100 Function names should comply with a naming conventionconvention
TabChara. Tabulation characters should not be usedconvention
S3512 Template strings should be used instead of concatenationclumsy, es2015
HtmlComm. HTML-style comments should not be usedbad-practice~3 issues
S3514 Destructuring syntax should be used for assignmentsclumsy, es2015
Semicolo. Statements should end with semicolonsconvention~7,243 issues
Primitiv. Wrapper objects should not be used for primitive typespitfall~811 issues
UnusedVa. Unused local variables and functions should be removedunused~11,912 issues
Continue. "continue" should not be usedbad-practice, misra
S3524 Braces and parentheses should be used consistently with arrow functionsconvention, es2015
S2713 JQuery cache variables should comply with a convention nameconvention, jquery
S2138 "undefined" should not be assignedsuspicious
Trailing. Lines should not end with trailing whitespacesconvention
S1135 Track uses of "TODO" tagscwe~9,856 issues

Back to the top