Auto-detect package name and version from package.json

Suggest new features
#1

It would be great if sonnar-scanner-cli picks up the JS project name and version from package.json automatically. Currently, in the CI we have to do:

  - export PACKAGE_NAME=$(cat package.json | grep name | head -1 | awk -F: '{ print $2 }' | sed 's/[",]//g' | tr -d '[[:space:]]')
  - export PACKAGE_VERSION=$(cat package.json | grep version | head -1 | awk -F: '{ print $2 }' | sed 's/[",]//g' | tr -d '[[:space:]]')
  - sonar-scanner -Dsonar.login=$SONAR_TOKEN -Dsonar.host.url=$SONAR_URL -Dsonar.projectName=$PACKAGE_NAME -Dsonar.projectVersion=$PACKAGE_VERSION

but that could be either done automatically via JS parser or even the sonnar-scanner startup script.
I’m happy to contribute if someone suggests where.

#2

Hey there.

This probably does what you’re looking for.

1 Like
#3

No, that’s an NPM package that is a wrapper around the scanner. I prefer to use a cross-project standardised approach with sonar-scanner-cli.

#4

The Scanner CLI is pretty agnostic towards what it’s scanning, while more specialised wrappers for the scanner like the Scanner for Maven (which picks up details from a pom.xml file) or the community-supported package for NPM (picking up details from a package.json file) are able to integrate well into a given language/build framework. :slight_smile:

And still, this is the place to suggest new features! Good luck.

1 Like
#5

Well, I agree that specialised scanners are good, but the generic scanner is anyway detecting frameworks/quality gates to use, so it should also support version and package detection just by switching to the correct scanner that it auto-detected.

Also, the reason behind it is that I can use then a standardised CI approach between multiple components, instead of modifying dependencies of each of the components.

@Colin_SonarSource is it possible to contribute somewhere?

#6

Contribution is possible (albeit rare, usually a :white_check_mark: feature enters the backlog and is handled. by SonarSourcers) after a feature has been vetted – so you’re better off waiting for more votes / some decision to be made.