Sonar 是由微软 Edge 浏览器团队开源的 linting 工具和网站扫描工具
Sonar 是由微软 Edge 浏览器团队开源的 linting 工具和网站扫描工具,能够帮助站长检查网站潜藏的性能和安全问题,帮助开发者创建更快、更好和更安全的网站。该工具既可以作为网页服务运行,也可以当做命令行工具来深度整合到开发者的工作流程和规则中。
JavaScript 安全处理
共2979Star
详细介绍
sonar
Quick start user guide
Once you have Node.js
v8.x on your machine, you can use npx
or install sonar
globally to use it.
npx
Using Just run the following command:
npx @sonarwhal/sonar https://example.com
This will start the wizard to create a .sonarrc
file, and then analyze https://example.com
.
Windows users: Currently npx
has an issue in this platform.
sonar
globally
Installing npm install -g --engine-strict @sonarwhal/sonar
Create a .sonarrc
file by running this command and following the instructions:
sonar --init
Scan a website:
sonar https://example.com
For more in depth information on how to get started, configurations, and more, see the online user guide, or the local version for the most recent (and unstable) content.
Quick start developer guide
To know more about the internals of sonar
, how to create new rules, collectors, formatters, etc, take a look at the online developer guide (or the local version.
The following are meant only if you are working on sonar
's codebase:
npm run site <url>
will analyze the website with the current configuration and using the latest build available in thedist
directory.npm run site -- --debug <url>
same as above, but will show all the debug information.npm run lint
will lint the code.npm run watch
will start watchmode. This is the recommended task to run in the background while developing. It does the following:- sync all the resources from
src
todist
(basically anything that is not a.ts
file). - compile the typescript files incrementally to
dist
. - run all the tests incrementally.
- sync all the resources from
npm run build
will do the same as thewatch
task but only once and without running the tests.npm test
will run the tests with code coverage using the code available indist
. It is better to run this task afterbuild
.
The initialization of the watch
task is a bit especial: it will compile and copy the assets before starting to watch for new files to copy, build, or test. Because of concurrency, it might be that the tests are run twice initially.
Code of Conduct
This project adheres to the JS Foundation's code of conduct. By participating in this project you agree to abide by its terms.
License
The code is available under the Apache 2.0 license.