Many improvements for JS/TS/CSS and two new rules for security and tests

Hello everyone,

We have two new rules for JavaScript and TypeScript, along with many improvements. Also, some improvements for CSS!

JavaScript and TypeScript

New rules:

  • S4036: :sparkles: Helps detect unsafe command execution when the path is not specified explicitly. It is common to forget the path, and there is a real risk of executing something unexpected!
  • S6426: :sparkles: Never forget a .only instruction in one of your tests. It happens to the best of us. We can detect it when using Jest and Mocha.


  • S1138: Better handling of VueJS components that have hyphens in their names.
  • S1172: Now knows about TypeScript’s declaration of this in function arguments, so we won’t raise an issue if the argument is not used.
  • S1186: Now allows empty constructors in TypeScript as long as they are private because they are used to disable class instantiation.
  • S3001: Deleting optional object properties no longer raises an issue. This is actually a proper pattern when you are not sure if the property has been set or not.
  • S3403: Symbol comparisons are no longer raised as an issue.
  • S3504: Disabling the use of var is now part of the Sonar Way profile.
  • We now exclude JavaScript require statements from copy-paste detection.
  • We now detect and remove spaces from the default value of JavaScript execution environments.
  • Upgraded ESLint to 8.16.0 and typescript-eslint to 5.26.0.


  • S4661: Now supports display-mode in CSS media queries.
  • S4650: Is more tolerant of missing spaces in operators that are not likely to produce errors.
  • We are now using StyleLint to 14.8.4!

We updated our documentation to reflect that we do support Angular!

The update is available now in SonarCloud and will be part of SonarQube 9.5 upcoming release!

Enjoy, and do give us some feedback!

1 Like