184 Rules

Offering a set of powerful rules, SonarJS is all you need to find bugs, vulnerabilities, and code smells in your JavaScript code. With SonarJS, monitoring your code quality is no longer a daunting task.



Code Smell

Bug Detection Rules

Rule ID Name Sonar way Tags In Action
S2189 Loops should not be infinitecert~28 issues
S3828 "yield" expressions should not be used outside generatorses2015
S3827 Non-existent variables should not be referenced~8,937 issues
S3834 "Symbol" should not be used as a constructores2015
S3854 super() must be invoked appropriately~3 issues
S3796 Callbacks of array methods should have return statements~7 issues
S3812 Results of "in" and "instanceof" should be negated rather than operands~7 issues
S3785 "in" should not be used with primitive types~68 issues
S3686 Functions should not be called both with and without "new"~170 issues
S2549 The "changed" property should not be manipulated directlybackbone
S930 Function calls should not pass extra argumentscert, cwe, misra~685 issues
Duplicat. Property names should not be duplicated within a class or object literalpitfall~27 issues
S1154 Results of operations on strings should not be ignoredcert~1 issue
S3799 Destructuring patterns should not be empty
S1751 Jump statements should not be used unconditionallycert, misra, unused~33 issues
S2201 Return values should not be ignored when function calls don't have any side effectscert, misra~104 issues
S1764 Identical expressions should not be used on both sides of a binary operatorcert~706 issues
S3786 Template literal placeholder syntax should not be used in regular strings
S3782 Arguments to built-in functions should match documented types~67 issues
S3403 Strict equality operators should not be used with dissimilar types~191 issues
S905 Non-empty statements should change control flow or have at least one side-effectcert, cwe, misra, unused~56 issues
S1143 Jump statements should not occur in "finally" blockscert, cwe, error-handling~35 issues
S2757 "=+" should not be used instead of "+="~1 issue
S3758 Values not convertible to numbers should not be used in numeric comparisons~203 issues
S3759 Non-existent properties shouldn't be accessed for reading~2,847 issues
S3757 Arithmetic operations should not result in "NaN"~274 issues
BoundOrA. "eval" and "arguments" should not be bound or assignedpitfall~2 issues
S2688 "NaN" should not be used in comparisonscert~12 issues
Construc. Objects should not be created to be dropped immediately without being used~58 issues
S3699 The output of functions that don't return anything should not be used~161 issues
S2583 Conditions should not unconditionally evaluate to "true" or to "false"cert, cwe, misra, pitfall~2,629 issues
S1656 Variables should not be self-assignedcert~130 issues
S2234 Parameters should be passed in the correct order~103 issues
S1145 Useless "if(true) {...}" and "if(false){...}" blocks should be removedcwe, misra~1 issue
S2873 Calls should not be made to non-callable values~2,432 issues
S2870 "delete" should not be used on arrays~53 issues
S2999 "new" operators should be used with functions~6 issues
S878 Comma operator should not be usedmisra
S1994 "for" loop incrementers should modify the variable being tested in the loop's stop conditionsuspicious~187 issues
S3531 Generators should "yield" somethinges2015, suspicious
S2681 Multiline blocks should be enclosed in curly bracescert, cwe~9 issues
Duplicat. Function argument names should be unique~3 issues
ForIn "" loops should filter properties before acting on them~4,948 issues
S2692 "indexOf" checks should not be for positive numberssuspicious~162 issues
S1697 Short-circuit logic should be used to prevent null pointer dereferences in conditionals
S2424 Built-in objects should not be overriddenconfusing
S1219 "switch" statements should not contain non-case labelsmisra, suspicious~1 issue
EqEqEq "===" and "!==" should be used instead of "==" and "!="suspicious~3,864 issues
S1854 Dead stores should be removedcert, cwe, suspicious, unused~11,207 issues
S1862 Related "if/else if" statements and "cases" in a "switch" should not have the same conditioncert, pitfall, unused~9 issues
S2432 Setters should not return values
S3003 Comparison operators should not be used with stringssuspicious~16 issues
S2550 "defaults" should be a function when objects or arrays are usedbackbone
S2715 "find" should be used to select the children of an element known by idjquery, performance, user-experience
S2716 Universal selectors should not be usedjquery, performance, user-experience
S2714 Element type selectors should not be used with class selectorsjquery, performance, user-experience
S2762 Selections should be storedjquery, performance, user-experience
S2123 Values should not be uselessly incrementedunused
S3616 Comma operators should not be used in switch cases
NonEmpty. Switch cases should end with an unconditional "break" statementcert, cwe, misra, suspicious~653 issues
Unreacha. Jump statements should not be followed by other statementscert, cwe, misra, unused~2,274 issues
S2259 Properties of variables with "null" or "undefined" values should not be accessedcert, cwe~1,050 issues
S3500 Attempts should not be made to update "const" variableses2015
S2814 Variables and functions should not be redeclared~7,536 issues
S2898 "[type=...]" should be used to select elements by typejquery, performance
Function. Functions should not be defined inside loopssuspicious~2,316 issues
S2251 A "for" loop update clause should move the counter in the right directioncert~8 issues
FailedUn. Failed unit tests should be fixed
S1226 Function parameters, caught exceptions and foreach variables should not be reassignedmisra, pitfall
S2508 The names of model properties should not contain spacesbackbone
S1116 Empty statements should be removedcert, misra, unused~3,908 issues
S2990 The global "this" object should not be used~78 issues
S1871 Two branches in the same conditional structure should not have exactly the same implementationdesign, suspicious~3,218 issues
S1472 Function call arguments should not start on new linespitfall~588 issues
Function. Function declarations should not be made within blockscross-browser, user-experience~252 issues
S2427 The base should be provided to "parseInt"user-experience
S3402 Strings and non-strings should not be addedsuspicious~61 issues
ArrayAnd. Array and Object constructors should not be usedpitfall~2,483 issues
S3002 Unary operators "+" and "-" should not be used with objects~3 issues
S3001 "delete" should be used only with object properties~10 issues
Trailing. Trailing commas should not be usedcross-browser
Multilin. Multiline string literals should not be usedbad-practice~346 issues
NamedFun. Named function expressions should not be usedcross-browser, user-experience~1,105 issues
S2769 Selection results should be tested with "length"jquery
WithStat. "with" statements should not be used~128 issues
BitwiseO. Bitwise operators should not be usedpitfall~35,438 issues

Vulnerability Detection Rules

Rule ID Name Sonar way Tags In Action
S2817 Web SQL databases should not be usedhtml5, owasp-a6, owasp-a9
S3271 Local storage should not be usedowasp-a6
S2611 Untrusted content should not be includedcwe, sans-top25-risky
Eval Code should not be dynamically injected and executedcwe, owasp-a3~307 issues
S2819 Cross-document messaging domains should be carefully restrictedhtml5, owasp-a3
S3523 Function constructors should not be usedclumsy~500 issues
S2228 Console logging should not be usedowasp-a6, user-experience~4,848 issues
Debugger. Debugger statements should not be usedcwe, user-experience~12 issues
S1442 "alert(...)" should not be usedcwe, user-experience~401 issues

Code Smell Detection Rules

Rule ID Name Sonar way Tags In Action
S2137 Local variables should not shadow "undefined"~70 issues
Variable. Variables should be declared before they are usedpitfall~8,883 issues
FutureRe. "future reserved words" should not be used as identifierslock-in, pitfall~17 issues
S3513 "arguments" should not be accessed directlyapi-design, es2015
S1451 Track lack of copyright and license headers
OctalNum. Octal values should not be usedcert, misra, pitfall~475 issues
S2703 Variables should be declared explicitlypitfall~2,375 issues
S3509 Default parameters should not cause side effectses2015, pitfall
S3776 Cognitive Complexity of functions should not be too highbrain-overload~6,225 issues
S1186 Functions should not be emptysuspicious~7,847 issues
Function. Functions should not be too complexbrain-overload~18,243 issues
S3735 "void" should not be usedconfusing~5,533 issues
Conditio. Internet Explorer's conditional comments should not be usedcross-browser~10 issues
StrictMo. "strict" mode should be used with cautioncross-browser, user-experience~1,117 issues
S2208 Wildcard imports should not be usedes2015, pitfall
Variable. Variables should not be shadowedcert, misra, suspicious~1,465 issues
S3353 Unchanged variables should be marked "const"es2015~621 issues
CurlyBra. Control structures should use curly bracescert, misra, pitfall~1,605 issues
S1067 Expressions should not be too complexbrain-overload~10,126 issues
S2310 Loop counters should not be assigned to from within the loop bodypitfall~1,404 issues
S3525 Class methods should be used instead of "prototype" assignmentses2015
S3579 Array indexes should be numericbad-practice~10 issues
SwitchWi. "switch" statements should end with "default" clausescert, cwe, misra~3,316 issues
ElseIfWi. "if ... else if" constructs should end with "else" clausescert, misra
S888 Equality operators should not be used in "for" loop termination conditionscert, cwe, misra, suspicious~2 issues
NestedIf. Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeplybrain-overload~19,121 issues
S3504 Variables should be declared with "let" or "const"bad-practice, es2015
S3358 Ternary operators should not be nestedconfusing~5,544 issues
S3798 Variables and functions should not be declared in the global scope
S3800 Functions should always return the same typeconfusing~1,138 issues
S3801 Functions should use "return" consistentlyapi-design, confusing
S2376 Property getters and setters should come in pairspitfall~850 issues
Insuffic. Lines should have sufficient coverage by testsbad-practice
Insuffic. Branches should have sufficient coverage by testsbad-practice
S1134 Track uses of "FIXME" tagscwe~805 issues
S1119 Labels should not be usedconfusing~618 issues
S3760 Arithmetic operators should only have numbers as operandsconfusing
S2392 Variables should be defined in the blocks where they are usedpitfall
ParsingE. JavaScript parser failuresuspicious
LineLeng. Lines should not be too longconvention
TooManyB. Loops should not contain more than a single "break" or "continue" statementbrain-overload~1,548 issues
S104 Files should not have too many linesbrain-overload~30 issues
S881 Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expressioncert, misra
S1788 Function parameters with default values should be lastes2015~4 issues
S2685 "arguments.caller" and "arguments.callee" should not be usedobsolete~151 issues
Collapsi. Collapsible "if" statements should be mergedclumsy~3,911 issues
Assignme. Assignments should not be made from within sub-expressionscert, cwe, misra, suspicious~1,145 issues
UnusedFu. Unused function parameters should be removedcert, misra, unused~26,344 issues
LabelPla. Only "while", "do" and "for" statements should be labelledpitfall~1 issue
EmptyBlo. Nested blocks of code should not be left emptysuspicious~3,604 issues
Excessiv. Functions should not have too many parametersbrain-overload~1,301 issues
OneState. Statements should be on separate linesconvention~79,531 issues
CommentR. Track comments matching a regular expression
Commente. Sections of code should not be "commented out"misra, unused~12,245 issues
Conditio. The ternary operator should not be usedbrain-overload
S2770 Deprecated jQuery methods should not be usedjquery, obsolete
S138 Functions should not have too many linesbrain-overload~1,175 issues
Duplicat. Source files should not have any duplicated blockspitfall~10,997 issues
Insuffic. Source files should have a sufficient density of comment linesconvention
SkippedU. Skipped unit tests should be either removed or fixedpitfall
S1105 An open curly brace should be located at the end of a lineconvention
S1488 Local Variables should not be declared and then immediately returned or thrownclumsy~1,065 issues
S3723 Trailing commas should be usedconvention
SingleQu. Single quotes should be used for string literalsconvention
Trailing. Comments should not be located at the end of lines of codeconvention
MissingN. Files should contain an empty new line at the endconvention
S3317 Default export names and file names should matchconfusing, convention, es2015~126 issues
S1301 "switch" statements should have at least 3 "case" clausesbad-practice, misra~674 issues
Parenthe. Useless parentheses around expressions should be removed to prevent any misunderstandingconfusing~688 issues
S1264 A "while" loop should be used instead of a "for" loopclumsy~459 issues
S3499 Shorthand object properties should be grouped at the beginning or end of an object declarationconvention, es2015~32 issues
S3533 "import" should be used to include external codeconvention, es2015, obsolete
S3498 Object literal shorthand syntax should be usedconvention, es2015
S1126 Return of boolean expressions should not be wrapped into an "if-then-else" statementclumsy~143 issues
S1125 Boolean literals should not be redundantclumsy~530 issues
S100 Function names should comply with a naming conventionconvention
TabChara. Tabulation characters should not be usedconvention
S3512 Template strings should be used instead of concatenationclumsy, es2015
HtmlComm. HTML-style comments should not be usedbad-practice~3 issues
S3514 Destructuring syntax should be used for assignmentsclumsy, es2015
Semicolo. Statements should end with semicolonsconvention~7,243 issues
Primitiv. Wrapper objects should not be used for primitive typespitfall~480 issues
UnusedVa. Unused local variables and functions should be removedunused~8,376 issues
Continue. "continue" should not be usedbad-practice, misra
S3524 Braces and parentheses should be used consistently with arrow functionsconvention, es2015
S2713 JQuery cache variables should comply with a convention nameconvention, jquery
S2138 "undefined" should not be assignedsuspicious
Trailing. Lines should not end with trailing whitespacesconvention
S1135 Track uses of "TODO" tagscwe~7,100 issues

Back to the top