Detect usage of nodejs deprecated packages

Hi,

Is there a way to detect in SonarQube the usage of deprecated nodejs packages in a project?
The packages which usage I want to mark as issue have been deprecated using the command “npm deprecate”.

My environment for typescript projects analysis is:

  • SonarQube 7.9.1
  • openjdk version 11.0.2 (to run sonar server)
  • sonar-scanner-3.4.0.1729-windows
  • jdk 1.8.0_202 (to run sonar-scanner)
  • sonar-javascript-plugin-6.1.0.11503
  • sonar-typescript-plugin-2.1.0.4362
  • node v12.13.1
  • npm v6.12.1
  • typescript@3.7.5

The structure of my typescript projects looks like:

image

And the sonar-project.properties used looks like:

sonar.projectName=TestProject
sonar.sourceEncoding=UTF-8
sonar.login=...
sonar.host.url=...
sonar.projectVersion=1.0.0
sonar.sourceEncoding=UTF-8
sonar.projectKey=TestProject
sonar.projectBaseDir=D\:\\ToAnalyze\\TestProject
sonar.sources=src

Is correct the sonar-project.properties file?

Thanks a lot!

Hello,

I need some clarifications before answering.

Do you expect to see in SonarQube an issue for each entry of your package.json that is marked as deprecated?

Thanks
Alex

Hello,

Well, instead of looking for something concrete, first, I want to know all the possibilities, if they exist. But the final goal is to alert developers that they are using deprecated packages through Sonar.

Your suggestion, an issue for each entry of package.json that is marked as deprecated would be nice :slight_smile: Even only one issue listing all deprecated entries would be ok.

Thanks for yout reply,
Irina

Hello,

That’s clear now, thanks for the clarification.

This is not something you will get out of the box with SonarQube. Still, I’m almost sure there is a NPM plugin that can list all the deprecated packages. Once you have that, you can certainly transform its output into the Generic Issue Data format and load it into SonarQube: https://docs.sonarqube.org/latest/analysis/generic-issue/

Alex

Hello,

Ok, thanks a lot for your suggestion, I will try it :wink:

Regards!