Blog post

Why SonarQube Server 9.9 LTS is a must-have for JavaScript and TypeScript Developers

Colin Mueller photo

Colin Mueller

Community Manager

Date

  • SonarQube Server
  • JavaScript
  • TypeScript
javascript and typsescript working together with sonarqube

The growing demand for Clean Code in the software development world is more urgent than ever. SonarQube Server steps in to help you meet this demand, providing a solution that enables developers to craft Clean Code suitable for both development and production environments.


SonarQube Server 9.9 LTS includes an advanced analyzer equipped with over 350 rules tailored specifically for JavaScript and TypeScript developers. These rules ensure developers write Clean Code that is both fit for development and fit for production.


Join us as we explore why SonarQube Server 9.9 LTS is an indispensable tool for your development toolkit, particularly with its substantial improvements to JavaScript and TypeScript analysis which build upon the capabilities already delivered in SonarQube Server 8.9 LTS.

Updates to the Analysis Engine

Supercharged Analysis Speed 


SonarQube Server relies on open-source parsers to generate the information needed to perform analysis. It wasn’t always like this, however, and for a long time, we have been trying to move away from the homegrown Java-based parser we started writing many years ago.


Two parsers meant that on each analysis, code was sometimes being parsed twice. With SonarQube Server 9.9 LTS there's no more waiting for Java parsers to do the job – now that just the single parser is running, this update is all about getting you the results, fast!


This performance improvement is further enhanced for commercial SonarQube Server users through the introduction of incremental analysis for pull requests. This feature focuses on analyzing only the changes introduced in a pull request instead of the entire codebase. 


In our tests, this leads to an average 40% performance improvement for JavaScript/TypeScript PRs, with an up to 80% improvement on large projects. You can learn more about this in the SonarQube Server 9.9 LTS announcement.


All of these speed boosts will ensure that you spend less time waiting and more time merging.

Support for TypeScript 4.2 - 4.9


A new SonarQube Server LTS means support for new language versions, which means we’ve updated parsing to understand any new syntax and to update rules for how they apply to the new language elements.


Keeping up with the evolving TypeScript ecosystem, SonarQube Server 9.9 LTS now extends its support to TypeScript versions 4.2 - 4.9.


Looking for TypeScript 5 support? Look no further than SonarQube Server 10.1.

No TypeScript files left behind


SonarQube Server 9.9 LTS changes its approach in determining which files to analyze in a TypeScript project.


SonarQube Server 8.9 LTS relied on the list of files referenced in a project’s tsconfig.json file to determine which files to analyze. This worked well but wasn’t always comprehensive enough. Consider a tsconfig.json file that lists the files to analyze as:

{
  "files": ["root.ts"]
}

where root.ts imports another file module.ts, which is not referenced in tsconfig.json however it is part of the project build

import * as m from './module'


Now, SonarQube Server 9.9 LTS actually builds the TypeScript program to provide the list of files to be analyzed, meaning that module.ts will be analyzed, unlike before.


Depending on the project, more files may be analyzed. SonarQube Server is analyzing your project more thoroughly, ensuring no code slips through the cracks.

Analyze JS/TS code embedded in AWS Lambdas


Projects are more complicated than raw .js and .ts files, and sometimes JavaScript/TypeScript code ends up embedded in other files, like those which describe AWS Lambdas. SonarQube Server 9.9 LTS now analyses the embedded JavaScript and TypeScript code inside AWS Lambda files.

These aren’t just basic checks either but include the advanced vulnerability detection rules available in commercial editions of SonarQube Server. 


Now you can be sure that the business-critical code in your Lambdas code can be as clean as the rest of your JavaScript and TypeScript code.

Fewer False-Positives and False-Negatives


Sonar puts in a significant amount of effort to make sure only true issues are raised, and our developers are always reviewing issues raised by JavaScript and TypeScript rules to make sure they are accurate and relevant. They also receive reports from our community and through commercial support channels.


Not counting all of the FPs fixed incidentally by updates to the analysis engine, there were 75 specific false-positives (and false-negatives) our developers addressed in SonarQube Server 9.9 LTS!

New Rules

Write better unit tests


Maintaining clean test code is just as crucial as having clean product code. High-quality test code ensures that your tests are reliable, maintainable, and easy to understand. This paves the way for more effective debugging and enables faster identification of issues in the product code, thus accelerating the development process. 


If you're using the Mocha or Chai frameworks to write your JavaScript/TypeScript unit tests, you’re in luck, because SonarQube Server 9.9 LTS adds rules specifically related to analyzing your test code. 


See all the rules here.

React-Specific Rules


React is still the most popular JavaScript library for building user interfaces, particularly for single-page applications. React allows developers to create large web applications that can change data without reloading the page.


SonarQube Server 9.9 LTS ships with 7 new rules especially designed to catch React-specific bugs and code smells


See the list of rules here.


Taking SonarQube Server’s support for React even further, SonarQube Server 9.9 LTS comes with better support for React among a number of existing rules, including a fix for one of the most hotly voted upon issues on SonarSource/SonarJS: Add exception to Cognitive Complexity for React functional components.

Power to the Regex


Regular expressions (regex) are sequences of symbols and characters expressing a string or pattern to be searched for within. Regex is an incredible tool to express conditions that would otherwise require many lines of code to catch the same pattern.


While using regex is quite typical for developers these days, that does not make it easy to handle. Writing regexes is error-prone and time-consuming, and they're difficult to document well. Once they are written, identifying errors in them can be extremely difficult.


Not only are they difficult to write, but due to their size and complexity, they are often difficult to read and understand.


Consider the following regular expression that tests whether or not a string of text is written in camel case (writtenLikeThis)

const CAMEL_CASE_REG_EXP = /^[a-z]{1}([a-zA-Z0-9]{1,})$/;

This regular expression can be made simpler in two ways while functioning exactly the same: removing the meaningless quantifier {1} and replacing {1,} (match the previous token between one and unlimited times) with a simple `+` which means the exact same thing. This gives us a somewhat simpler:

const CAMEL_CASE_REG_EXP = /^[a-z]([a-zA-Z0-9]+)$/;


SonarQube Server 9.9 LTS raises issues on regular expressions like these, making it a breeze to fix up existing regular expressions and write new regular expressions with confidence.

Let SonarQube Server 9.9 LTS be your guide to writing simpler, more efficient regular expressions with 19 new rules. See the full list of rules implemented here.


Enhancing AWS Infrastructure Security with rules for AWS CDK


Managing AWS infrastructure is simplified with the AWS Cloud Development Kit (AWS CDK), which combines the flexibility of a programming language with the complexity of cloud infrastructure. However, even with its robust features, security misconfigurations can occur. Such misconfigurations can pose significant risks to your infrastructure's security, leading to potential vulnerabilities.


To address this, the latest SonarQube Server 9.9 LTS release introduces 20+ security rules targeted at AWS CDK code in JavaScript and TypeScript. These rules aim to bring your Infrastructure as Code (IaC) security scrutiny to the same level as your source code.


Check out the full list of rules here. 

Just an upgrade away from it all


SonarQube Server is made by developers, for developers. Our goal is to help all developers be able to write Clean Code. The enhancements in SonarQube Server 9.9 LTS reflect our ongoing commitment to providing you with an analytical tool that tackles this goal head-on.


If you haven’t tried SonarQube Server 9.9 LTS yet, I hope you now have even more reasons to prepare this upgrade with your team. Like all SonarQube Server releases, this is a free version upgrade, and you can get the LTS in just a few clicks at SonarQube Server Downloads. You won't just be upgrading your SonarQube Server instance – you'll be upgrading your entire coding experience.


Need more help getting started? Check the following resources:



Remember, these improvements aren't just limited to SonarQube Server. If you're using SonarQube Cloud, you'll find all these enhancements there too.


Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles. 

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.