Define custom rules for Node.js build tools

Carsten_HB · January 5, 2026, 2:57pm

Hi,

due to the recent NPM attacks we decided to have centralized configuration files for the Node.js build tools like NPM (.npmrc), Yarn (.yarnrc, .yarnrc.yml) and PNPM (pnpm-workspace.yaml). As these may be overridden on project level, we thought about defining custom rules for these files to make sure, certain settings are not changed.

Is there a way to define rules on yml-files? Is there any other way to check for such changes?

We are using SonarQube Server 2025.4.2, soon updating to 2025.6.1.

Thanks!

Regards,

Carsten

ganncamp · January 6, 2026, 2:24pm

Hi Carsten,

There are 3 rules for YAML, but nothing that would be helpful in this context.

I’m going to flag this need for the PMs.

Ann

Topic		Replies	Views
Custom rules for YAML SonarQube Server / Community Build	2	1834	November 15, 2018
Need to create a custom rule for yaml configuration in sonar for maven project SonarQube Server / Community Build	1	54	June 9, 2025
[NEW RELEASE] YAML Plugin 1.5.1 Plugin Development	3	723	February 17, 2020
Our YAML rules are regarded as yml, and they can't be activated in the YAML quality profile Writing rules sonarqube , custom_rules	2	33	August 6, 2025
False positives for rules when using yarn PnP configuration in monorepo SonarQube Cloud typescript , coverage , sonarqube-cloud	6	386	June 7, 2024

Define custom rules for Node.js build tools

Related topics