Great news for JavaScript and TypeScript developers!
You can now use the npm package @sonar/scan to quickly analyze your projects with SonarQube.
Run directly with npx to get started in seconds:
npx @sonar/scan
Or install it to get the sonar command:
npm install -g @sonar/scan # global installation
npm install -D @sonar/scan # dev dependency
Then run the sonar command, for example:
sonar \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.token=YOUR_TOKEN
Learn more in the documentation.
Try it out and let us know what you think!
Wasn’t there an npm scanner before?
Yes! The sonarqube-scanner package started as a community project in 2016, created by @Fabrice_Bellingard. SonarSource later adopted it officially in 2023 and has been maintaining since.
What’s new is that we’re now using the @sonar npm organization and promoting @sonar/scan as the recommended way to analyze JavaScript and TypeScript projects with SonarQube.
This will come with more frequent updates and better support for more use cases.
If you were using the previous package you should swap. It is fully compatible, and the sonarqube-scanner command will continue to work as expected, sonar command being a convenient alias.
We’ll deprecate the previous package once @sonar/scan adoption surpass it.