Sonar with node v10.16.3-linux-64 shows new security hotspots

Sonar Version: * Community Edition

  • Version 9.0.1 (build 46107)

When using sonar with NODE_HOME node js version v10.16.3-linux-64, sonar dashboard shows additonal security hotspots like Code Injection but when not using NODE_HOME it doesn’t show Code Injection. I am not sure why?
anyone has insight on this?

NodeJS is necessary for the analysis of Javascript/Typescript, as noted in the documentation.

v9.0.1 is also pretty old at this point, you should upgrade to v9.7.