SonarCloud scanner environment for JS/TS projects will require Node.js 10+ starting 16th of November

Martin_Bednorz · January 14, 2021, 9:59am

Hello SonarCloud community,

The scanner environment is going to require at least Node.js version 10 starting from the 16th of November for all JavaScript / TypeScript projects. Node.js versions below 10 are no longer officially supported. One benefit of this is that we will be able to deliver significant improvements to the analysis of your projects.

If you are affected by this change you are going to receive an email notification and a warning in the SonarCloud user interface as well as in the pull request decoration.

You can find more information and guidance on how to upgrade on our documentation. All users of the Automatic Analysis feature are already set and don’t need to take an action.

The SonarCloud Team

Update 2021-01-14:
We changed the end of support date to the 1st of February 2021. You can find updated information on our documentation page.

MisterPi · November 19, 2020, 11:36pm

Hope you’ll forgive my newbie Q: which machine requires node.js? I use Maven on one machine (something like “mvn clean package sonar:sonar …” connecting to a SonarQube server on a different machine. So which machine requires node.js: the one running Maven or the one running SonarQube?

Joe · November 20, 2020, 3:24am

Hi @MisterPi,

Welcome to the SonarSource community!

Martin’s announcement is about SonarCloud, so he’s saying that if you have a JavaScript/TypeScript project, then your project will require at least Node.js version 10.

You mentioned you have a Maven/Java project on SonarQube, so this announcement does not affect you although in the future, for SonarQube, if you need to scan a JavaScript/TypeScript project, then you’ll need Node.js also. See our JavaScript/TypeScript Analyzer documentation here.

Joe

MisterPi · November 20, 2020, 4:26pm

Thanks. The same question applies though. The doc you linked to says: “you need to have Node.js >= 10 installed on the machine running the scan.” Which machine does this mean in the scenario I described (Maven running on one machine but connecting to a SonarQube server on another machine)? Does it mean the machine running Maven, or the machine running SonarQube, or both?

Joe · November 20, 2020, 6:47pm

Hi @MisterPi,

In your case, since you did not mention scanning any JavaScript/TypeScript project, then you do not need Node.js at all, so that means neither machine. Node.js is required if you are scanning JS/TS projects on your own machine (you have Maven running on your machine, no JS/TS projects so Node.js not required) and SonarQube only needs Node.js on its own machine if it needs to scan JS/TS projects.

Let’s look at the opposite case:

You have JS/TS project on your own machine => Then you need Node.js on your machine
Your SonarQube server needs to scan JS/TS project => ~~Then you need Node.js on SonarQube machine~~ EDIT: this is not true, you only need Node.js on the machine doing the scan

Joe

MisterPi · November 20, 2020, 6:10pm

Yes, I’m scanning a JS project (actually multilanguage; includes Java and HTML). So we have node.js installed; it’s just a question of which version is required and where.

For Java, my machine running Maven has Java8 installed, as that is what the source and target use. But I had to install 11 on the SQ server as it is post-7.7. This combo seems to work fine.

From that, I would infer that to scan JS, I can have an older version of node.js on the Maven machine (assuming I don’t use any newer JS features) as long as the SQ server has node.js 10+. Is my inference correct?

The source of my confusion is my (lack of) understanding of where the scanning actually occurs. It seems that a lot of it happens on the machine running Maven, based on its output, but then it halts (successfully) and the SonarQube server continues for some time. So perhaps Maven is just sending everything off to the SQ server, which is doing the actual scan, and just outputting status messages returned by SQ?

Joe · November 20, 2020, 6:45pm

Let me check my understanding, this is your setup:

“local machine”: Maven (Java), JS, HTML project
- this machine will require Node.js >= 10 as stated in the JavaScript / TypeScript analyzer documentation
- this is the machine running your Sonar scan
- If standard node is not available, you have to set property sonar.nodejs.executable to an absolute path to Node.js executable.
“SonarQube server”
- remote server processing your Sonar scans
- this machine does not require Node.js

My apologies for the confusion. I will amend my mistake from earlier as a correction.

Joe

MisterPi · November 25, 2020, 7:21pm

OK, I got it working by making sure the system PATH variable includes the location of the node executable.

If I want to specify this in the sonar.nodejs.executable property as recommended in the doc, is that something that would go in the Maven settings.xml file?

Joe · December 8, 2020, 10:56pm

I’m not sure the best place, so you can try 3 ways since it will depend on your build and if you use the sonar-scanner CLI or sonar-scanner for Maven plugin.

If you are using the sonar-maven-plugin, set sonar.nodejs.executable in your Maven pom.xml within the element: <sonar.nodejs.executable>put-your-path-here</sonar.node.js.executable>.
If you using sonar-scanner CLI, set sonar.nodejs.executable at the command line: -Dsonar.nodejs.executable=path-to-nodejs.
If you want to consolidate your sonar properties, put the sonar.nodejs.executable property in the sonar-project.properties file.