We have recently tried to switch to yarn Plug’n’Play nodeLinker configuration, however once this setting is enabled in yarn, we start to get a lot of false positives for 2 specific rules (typescript:S6671
and typescript:S4325
). If we change the yarn configuration back to node-modules
, the false positives will not appear.
- ALM used : GitHub
- CI system used : GitHub Actions
- Scanner command used when applicable (private details masked):
using the github actionsonarsource/sonarcloud-github-action@v2.0.2
with configuration
- name: Sonar PR scan
uses: sonarsource/sonarcloud-github-action@v2.0.2
if: github.event_name == 'pull_request'
env:
GITHUB_TOKEN: ${{ inputs.github_token }}
SONAR_TOKEN: ${{ inputs.project_login }}
with:
args: >
-Dsonar.exclusions=${{ inputs.exclusions }}
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.javascript.lcov.reportPaths=${{ inputs.report_path }}
-Dsonar.go.coverage.reportPaths=${{ inputs.report_path }}
-Dsonar.javascript.node.maxspace=8192
-Dsonar.organization=${{ inputs.organization }}
-Dsonar.projectKey=${{ inputs.project_key }}
-Dsonar.pullrequest.github.summary_comment=true
-Dsonar.pullrequest.key=${{ github.event.number }}
-Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
-Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }}
-Dsonar.scm.disabled=true
-Dsonar.sources=${{ inputs.source }}
projectBaseDir: ${{ steps.app-path.outputs.path }}
- Languages of the repository: Typescript
- Error observed (wrap logs/code around with triple quotes ``` for proper formatting)
2 Rules trigger false positives when yarn Plu’n’Play nodeLinker is enabled
-
In the observed cases, the assertion is necessary, and compilation will fail without it.This assertion is unnecessary since the receiver accepts the original type of the expression. Redundant casts and non-null assertions should be avoided typescript:S4325
-
In this case, the returned type does extend from Error. Changing the nodeLinker configuration of yarn to be node-modules will correctly identify this.Expected the Promise rejection reason to be an Error. Literals should not be used for promise rejection typescript:S6671
- Steps to reproduce
- Use yarn as package manager, with nodeLinker : pnp
- Set up a monorepo structure, with a reference to another workspace project
eg. in mainApp → package.json, add a dependency “some-library”: “workspace:*” - Add a custom error type in “some-library”
eg.export class MyError extends Error {}
- reject a promise using MyError
- Scan the project, will fail the sonar rule
typescript:S6671
- Potential workaround
We need to add// NOSONAR
to all the affected lines