'Sonar Secrets JavaScript' is missing dependency 'javascript'

  • Operating system: Windows 10
  • SonarLint plugin version: 7.8.0.63129
  • Eclipse IDE: 2023-03 (4.27.0), Build id: 20230309-1520
  • Programming language you’re coding in: Java
  • Connected to SonarQube Version 8.9 (build 43852)

When I start my Eclipse IDE, I always see the following warning:

SonarLint - Rules not available
Some rules are not available until some requirements are satisfied

If I click on “More details…” button, I see the following text:

Some analyzers from connection ‘sonar.mycompany.com’ can not be loaded.
‘Sonar Secrets JavaScript’ is missing dependency ‘javascript’

Could you please help me to disable this warning?
(we don’t have anything related to JavaScript, we have only Java code)

Hi @yuriypalych

Our JavaScript analyzer requires you to have node.js installed on your computer. I admit the user experience is not great for people like you that are not interested by JavaScript analysis.
I have created a ticket to track the issue, but we don’t know yet how to properly handle that:
https://sonarsource.atlassian.net/browse/SLE-606

Thanks for the feedback

Thanks, Julien, for your feedback and the ticket.
Yes, we don’t have anything related to JS, and I don’t have node.js installed on my laptop.

I see that SLE-606 is closed (with Fix versions = 9.1), but the issue is still reproducible in SonarLint 9.2.0.81471

Hi @yuriypalych,

thanks for getting back to us. Since the initial creation of the thread was some time ago, did any of the information provided at the beginning (OS, SL plugin version, Eclipse IDE version/flavor, programming language, SQ version) change in the meantime?

The issue you have, is it a pop-up/notification that is coming up or is it just in the logs?
I’m going to check in the meantime if the security scanner is causing this on our side or the JavaScript scanner.

Best,
Tobias

Hi @tobias.hahnen

Thank you for your questions.

did any of the information provided at the beginning change in the meantime?

Yes, I use the latest version of Eclipse and SonarLint now. No changes in SonarQube (v.8.9) or my OS.

Old versions:

  • SonarLint plugin version: 7.8.0.63129
  • Eclipse IDE: 2023-03 (4.27.0), Build id: 20230309-1520

New versions:

  • SonarLint plugin version: 9.2.0.81471
  • Eclipse IDE: 2023-12 (4.30.0) Build id: 20231201-2043

The issue you have, is it a pop-up/notification that is coming up or is it just in the logs?

When I open/start my Eclipse IDE, I always see the following popup message:

image

More details:

image

Best regards,
Yuriy

Hi @yuriypalych,

Now I see the root cause of the issue. It seems that you have installed THIS sonar-secrets community plugin (which seems to be abandoned) installed on your SQ instance.

It extends the SonarJS analyzer to be loaded into SonarLint and that is causing the issue. Sadly due to it being a third-party plug-in, we don’t offer support in this case for the issue you’re facing here (it is causing incompatibilities, not SonarLint).

On the other hand, as this third-party plug-in is abandoned - we have our own scanner for secrets (that is already built-in) in SonarLint and SonarQube. It contains even more rules for additional passwords/tokens and other secrets, when using SonarLint you already make use of it (because it is also used in connected mode, not the one from SonarQube).

Also, the third-party plug-in won’t work when you upgrade SonarQube to 9.9 LTS at some point as it requires Java 11 - so maybe reach out to your SQ admin regarding this third-party plug-in. The issue you’re facing will go away once the plug-in is removed from your SQ instance.

If you have any further questions, feel free to reach out.

Best,
Tobias

1 Like

Hello Tobias

Thank you for the hint.

Indeed, our SonarQube admins found the installed sonar-secrets community plugin. They uninstalled the plugin and and SonarQube service was restarted. I also restarted my laptop.
Unfortunately, I still see the same warning every time when I start my Eclipse IDE and open Java project.

Any other ideas?

Hi @yuriypalych,

you have to un- and rebind the project in Eclipse as the old information was still cached locally for convenience expecting SonarQube configuration to not change that often.
If after that the issue still persists, then please clear the local cache folders at $HOME/.sonarlint.

Best,
Tobias

1 Like

I rebind my projects and the problem is solved. Many thanks, Tobias!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.