eslint-plugin-sonarjs

4.0.3 verified Sat Apr 25 auth: no javascript

ESLint plugin maintained by Sonar that provides original JS/TS rules from the SonarJS analyzer, including code smell, bug detection, testing, accessibility, and security rules. Version 4.0.3 supports ESLint 8/9/10 and ships TypeScript types. Release cadence is frequent with regular bug fixes and rule additions. Key differentiator: direct integration of SonarQube/SonarCloud rules into ESLint, offering a single recommended config for ESLint 9 and a legacy config for ESLint 8.

Common errors

error Error: Cannot find module 'eslint-plugin-sonarjs' ↓

cause Plugin not installed or not in node_modules.

fix

Run 'npm install eslint-plugin-sonarjs --save-dev' or the equivalent yarn command.

error Configuration for rule "sonarjs/no-identical-functions" is invalid ↓

cause Using an incorrect rule configuration format or missing the plugin declaration.

fix

Ensure the plugin is properly declared in plugins field (ESLint 9) or in .eslintrc plugins array (ESLint 8). Check rule options are valid.

Warnings

breaking ESLint 8 users must use the recommended-legacy config, not the flat config recommended. ↓

fix If using ESLint 8, use .eslintrc with extends: ['plugin:sonarjs/recommended-legacy'] instead of the flat config import.

gotcha The plugin only includes original SonarJS rules, not all rules from SonarQube JS/TS analyzer. Some popular rules (e.g., S3776 cognitive complexity) may have different behavior. ↓

fix Check the rule list in the plugin documentation or SonarQube documentation for differences.

deprecated The legacy ESLint 8 config (recommended-legacy) may be removed in a future major version. ↓

fix Migrate to ESLint 9 flat config when possible.

gotcha Node.js version requirements differ per ESLint version: ESLint 8 needs Node >=16, ESLint 9 needs Node ^18.18.0 || ^20.9.0 || >=21. ↓

fix Ensure your Node.js version matches the requirement for your ESLint version.

gotcha Rules enabled in recommended config have error severity by default, which may fail CI pipelines if not expected. ↓

fix Override rule severity in your config, e.g., 'sonarjs/cognitive-complexity': 'warn'.

Install

npm install eslint-plugin-sonarjs

yarn add eslint-plugin-sonarjs

pnpm add eslint-plugin-sonarjs

Imports

plugin
wrong
```
const sonarjs = require('eslint-plugin-sonarjs')
```
correct
```
import sonarjs from 'eslint-plugin-sonarjs'
```
Default import for ESLint 9 flat config. For ESLint 8 use require or the legacy config.
recommended config
wrong
```
module.exports = { extends: ['plugin:sonarjs/recommended'] }
```
correct
```
export default [sonarjs.configs.recommended]
```
Recommended config for ESLint 9 flat config. For ESLint 8 use recommended-legacy.

rules

wrong

rules: { 'sonarjs/no-implicit-dependencies': 2 }

correct

rules: { 'sonarjs/no-implicit-dependencies': 'error' }

Rules are prefixed with sonarjs/. Use string severity values like 'error' or 'warn'.

Quickstart

Shows usage with ESLint 9 flat config, importing plugin and enabling recommended config plus custom rules.

import sonarjs from 'eslint-plugin-sonarjs';

export default [
  sonarjs.configs.recommended,
  {
    rules: {
      'sonarjs/cognitive-complexity': 'warn',
      'sonarjs/no-identical-functions': 'error',
    },
  },
];