WARN: Using Node.js version 18 to execute analysis is not supported. Please upgrade to a newer LTS v

SonarQube Server / Community Build
1

Hi,

We’re encountering a SonarQube error related to the unsupported Node.js version 18. We’re using the latest sonar-scanner-cli Docker image and SonarQube Community Build: 25.1.0.102122.

I have checked the latest sonar-scanner-cli Docker image, and it appears that it comes with Node.js version 18, which will reach end-of-life at the end of next month. Could you please upgrade the default Node.js version to at least v20?

org.sonar.plugins.javascript.nodejs.NodeCommandException: Failed to determine the version of Node.js, exit value 127. Executed: '/builds/<>/.sonar/js/node-runtime/node -v'
	at org.sonar.plugins.javascript.nodejs.NodeVersion.getVersion(NodeVersion.java:57)
	at org.sonar.plugins.javascript.bridge.EmbeddedNode.deploy(EmbeddedNode.java:197)
	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.deploy(BridgeServerImpl.java:206)
	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.startServerLazily(BridgeServerImpl.java:337)
	at org.sonar.plugins.javascript.analysis.AbstractBridgeSensor.execute(AbstractBridgeSensor.java:70)
	at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)
	at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:226)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:205)
	at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:201)
	at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:197)
	at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:170)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:226)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:205)
	at org.sonar.scanner.bootstrap.SpringScannerContainer.doAfterStart(SpringScannerContainer.java:356)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:226)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:205)
	at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:142)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:226)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:205)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:73)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:67)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at jdk.proxy1/jdk.proxy1.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
	at org.sonarsource.scanner.cli.Main.main(Main.java:62)
INFO: Using Node.js executable: 'node'.
INFO: Memory configuration: OS (15802 MB), Node.js (524 MB).
WARN: Using Node.js version 18 to execute analysis is not supported. Please upgrade to a newer LTS version of Node.js: [^20.9.0, ^22.9.0].
WARN: Access to the multi-values/property set property 'sonar.javascript.file.suffixes' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
1 Like
7

Hello Shirwa,

Thank you for your feedback.

The Node.js runtime is not part of the CLI scanner, but is downloaded by it alongside the analyzers from your SonarQube instance.
The JS/TS/CSS analyzer bundled with SQ 25.1.0.102122 holds a Node.js runtime v22.11.0.

The analyzer has some logic to decide whether it can use the bundled runtime, or if it falls back to the one available on the host machine.
Could you share more logs so that we can see which path it took and where did it pick up that Node.js 18?

1 Like
10

Hi I have same problem :

My gitlab-ci.yaml

sonarqube-check:
  stage: sonarqube-check
  tags:
    - docker
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
  image:
    name: sonarsource/sonar-scanner-cli:latest
    entrypoint: [""]
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  # Tells git to fetch all the branches of the project, required by the analysis task
  script:
    - sonar-scanner
  allow_failure: true

My sonar-project.properties

sonar.projectKey=PROJECT_KEY
sonar.qualitygate.wait=true
sonar.verbose=true
sonar.sourceEncoding=UTF-8
sonar.sources=src,assets,docker,templates
sonar.tests=tests
sonar.exclusions=dependency-check-report.html,src/Kernel.php,src/.preload.php,migrations/**,node_modules/**,vendor/**,var/**,assets/template/adminkit/**,templates/baseEmail.html.twig,templates/basePdf.twig
sonar.php.coverage.reportPaths=cover-tests.xml
sonar.php.tests.reportPath=report-tests.xml
sonar.coverage.exclusions=assets/template/**

# Ignore Issues
sonar.issue.ignore.multicriteria=e100,e200,e201,e202,e300,e301,e302,e303,e304,e400,e500,e600

# Ignore nombre de fonction php dans une classe
sonar.issue.ignore.multicriteria.e100.ruleKey=php:S1448
sonar.issue.ignore.multicriteria.e100.resourceKey=src/Entity/**
# Ignore les repetitions php
sonar.issue.ignore.multicriteria.e200.ruleKey=php:S1192
sonar.issue.ignore.multicriteria.e200.resourceKey=src/Services/ActiveDirectory.php
sonar.issue.ignore.multicriteria.e201.ruleKey=php:S1192
sonar.issue.ignore.multicriteria.e201.resourceKey=src/Controller/Security/Administration/GroupController.php
sonar.issue.ignore.multicriteria.e202.ruleKey=php:S1192
sonar.issue.ignore.multicriteria.e202.resourceKey=src/Controller/Security/Administration/RoleController.php
# Ignore la complexite js
sonar.issue.ignore.multicriteria.e300.ruleKey=javascript:S3776
sonar.issue.ignore.multicriteria.e300.resourceKey=assets/template/extensions/datatables/datatables.js
sonar.issue.ignore.multicriteria.e301.ruleKey=javascript:S3776
sonar.issue.ignore.multicriteria.e301.resourceKey=assets/template/extensions/ban-autocomplete/ban-autocomplete.js
sonar.issue.ignore.multicriteria.e302.ruleKey=javascript:S3776
sonar.issue.ignore.multicriteria.e302.resourceKey=assets/template/extensions/datatables/datatables.js
sonar.issue.ignore.multicriteria.e303.ruleKey=javascript:S3776
sonar.issue.ignore.multicriteria.e303.resourceKey=assets/template/extensions/modal/modal.js
sonar.issue.ignore.multicriteria.e304.ruleKey=javascript:S3776
sonar.issue.ignore.multicriteria.e304.resourceKey=assets/template/extensions/photo/take-file.js
# Ignore les conditions trop complique php
sonar.issue.ignore.multicriteria.e400.ruleKey=php:S1067
sonar.issue.ignore.multicriteria.e400.resourceKey=src/EventSubscriber/TopMessageSubscriber.php
# Ignore les regex js qui ne pose pas de soucis
sonar.issue.ignore.multicriteria.e500.ruleKey=javascript:S5852
sonar.issue.ignore.multicriteria.e500.resourceKey=assets/template/extensions/datatables/datatables.js

# Ignore dockerFile non root
sonar.issue.ignore.multicriteria.e600.ruleKey=docker:S6471
sonar.issue.ignore.multicriteria.e600.resourceKey=docker/php/Dockerfile

My sonar scanner logs

INFO: Sensor JavaScript/TypeScript analysis [javascript]
INFO: Detected os: Linux arch: amd64 alpine: true. Platform: LINUX_X64_MUSL
INFO: Deploy location /builds/myfolder/myproject/.sonar/js/node-runtime, tagetRuntime: /builds/myfolder/myproject/.sonar/js/node-runtime/node,  version: /builds/myfolder/myproject/.sonar/js/node-runtime/version.txt
ERROR: Error relocating /builds/myfolder/myproject/.sonar/js/node-runtime/node: _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE15_M_replace_coldEPcmPKcmm: symbol not found
WARN: Embedded Node.js failed to deploy in /root/.sonar.
You can change the location by setting the option `sonar.userHome` or the environment variable `SONAR_USER_HOME`.
Otherwise, it will default to /builds/myfolder/myproject/.sonar/js/node-runtime.
Will fallback to host Node.js.
org.sonar.plugins.javascript.nodejs.NodeCommandException: Failed to determine the version of Node.js, exit value 127. Executed: '/builds/myfolder/myproject/.sonar/js/node-runtime/node -v'
	at org.sonar.plugins.javascript.nodejs.NodeVersion.getVersion(NodeVersion.java:57)
	at org.sonar.plugins.javascript.bridge.EmbeddedNode.deploy(EmbeddedNode.java:200)
	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.deploy(BridgeServerImpl.java:207)
	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.startServerLazily(BridgeServerImpl.java:320)
	at org.sonar.plugins.javascript.analysis.AbstractBridgeSensor.execute(AbstractBridgeSensor.java:69)
	at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)
	at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:227)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:206)
	at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:212)
	at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:208)
	at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:178)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:227)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:206)
	at org.sonar.scanner.bootstrap.SpringScannerContainer.doAfterStart(SpringScannerContainer.java:339)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:227)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:206)
	at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:142)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:227)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:206)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:73)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:67)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at jdk.proxy1/jdk.proxy1.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
	at org.sonarsource.scanner.cli.Main.main(Main.java:62)
INFO: Using Node.js executable: 'node'.
INFO: Memory configuration: OS (3911 MB), Node.js (2004 MB).
WARN: Using Node.js version 18 to execute analysis is not supported. Please upgrade to a newer LTS version of Node.js: [^20.9.0, ^22.9.0].
INFO: Found 0 tsconfig.json file(s): []
INFO: Creating TypeScript program
INFO: TypeScript configuration file /tmp/tsconfig-sWz4b3.json
INFO: 30 source files to be analyzed
INFO: Starting analysis with current program
ERROR: TypeError: context.getScope is not a function
ERROR: Occurred while linting /builds/myfolder/myproject/assets/template/extensions/theme/theme.js:50
ERROR: Rule: "sonarjs/@creedengo/no-multiple-access-dom-element"

Docker run

docker run --rm -it --entrypoint bash sonarsource/sonar-scanner-cli:latest
Unable to find image 'sonarsource/sonar-scanner-cli:latest' locally
latest: Pulling from sonarsource/sonar-scanner-cli
76cc64d6a248: Pull complete 
24a4d528c221: Pull complete 
a0b8533c7258: Pull complete 
6585b34c8b2c: Pull complete 
5fdc4c1249fc: Pull complete 
4f4fb700ef54: Pull complete 
Digest: sha256:7462f132388135e32b948f8f18ff0db9ae28a87c6777f1df5b2207e04a6d7c5c
Status: Downloaded newer image for sonarsource/sonar-scanner-cli:latest
bash-5.2$ node -v
v18.20.6
bash-5.2$ whereis node
node: /usr/bin/node /usr/share/man/man1/node.1.gz
bash-5.2$

Ask me if I can help more ?

Thank you for your help

1 Like
11

This does not appear to be correct information. The sonarsource/sonar-scanner-cli Docker image does indeed appear to still have node-18 baked into the docker image. You can confirm this by pulling the image and checking:

$ docker run -it --entrypoint /bin/sh sonarsource/sonar-scanner-cli:latest
sh-5.2$ ls /bin/node*
/bin/node  /bin/node-18
sh-5.2$ node --version
v18.20.6
sh-5.2$ npm --version
10.8.2
sh-5.2$

This is still true even with the latest version as of today.

1 Like
14

Hi,
cc: @ilia , @ganncamp

I’m surprised that nobody here is interested in this topic.

Sonarsource provides a Docker image that cannot be used with the current Sonarqube version.

https://hub.docker.com/r/sonarsource/sonar-scanner-cli/tags

docker run -it --entrypoint /bin/sh sonarsource/sonar-scanner-cli:latest
Unable to find image ‘sonarsource/sonar-scanner-cli:latest’ locally
latest: Pulling from sonarsource/sonar-scanner-cli
4f4fb700ef54: Pull complete
5fdc4c1249fc: Pull complete
24a4d528c221: Pull complete
76cc64d6a248: Pull complete
6585b34c8b2c: Pull complete
a0b8533c7258: Pull complete
Digest: sha256:7462f132388135e32b948f8f18ff0db9ae28a87c6777f1df5b2207e04a6d7c5c
Status: Downloaded newer image for sonarsource/sonar-scanner-cli:latest
sh-5.2$ node --version
v18.20.6
sh-5.2$

Error message:
Will fallback to host Node.js.
2025-06-05T08:12:03.565321Z 01O org.sonar.plugins.javascript.nodejs.NodeCommandException: Failed to determine the version of Node.js, exit value 127. Executed: ‘/builds/xxxx/customers/intern/.sonar/js/node-runtime/node -v’
2025-06-05T08:12:03.565363Z 01O at org.sonar.plugins.javascript.nodejs.NodeVersion.getVersion(NodeVersion.java:57)

Update:

RUN
dnf install -y git
&& dnf install -y tar
&& dnf install -y nodejs \ :frowning:

thx

15

Hey all.

It sure seems there is something to fix here, and this should be easy to fix. I’ll ping around!

23

FROM alpine:3.19 AS builder

This is the builder image, used to assemble the final image, that is based on amazoncoretto.

INFO: Detected os: Linux arch: amd64 alpine: true. Platform: LINUX_X64_MUSL

It seems the SonarJS analyzer is detecting alpine, that is unexpected, because the scanner-cli image is based on amazoncoretto. Maybe there is an issue in the detection code.

EDIT: my bad, it seems amazoncoretto is based on alpine. Investigation continues.

27

Waiting for a better option, we are going to update the node.js in the Docker image. I have created a ticket to track this change: