Sonar 是由微软 Edge 浏览器团队开源的 linting 工具和网站扫描工具

Sonar 是由微软 Edge 浏览器团队开源的 linting 工具和网站扫描工具,能够帮助站长检查网站潜藏的性能和安全问题,帮助开发者创建更快、更好和更安全的网站。该工具既可以作为网页服务运行,也可以当做命令行工具来深度整合到开发者的工作流程和规则中。

JavaScript 安全处理

访问GitHub主页

共2979Star

详细介绍

sonar

Build Status Build status Greenkeeper badge Gitter

Quick start user guide

Once you have Node.js v8.x on your machine, you can use npx or install sonar globally to use it.

Using npx

Just run the following command:

npx @sonarwhal/sonar https://example.com

This will start the wizard to create a .sonarrc file, and then analyze https://example.com.

Windows users: Currently npx has an issue in this platform.

Installing sonar globally

npm install -g --engine-strict @sonarwhal/sonar

Create a .sonarrc file by running this command and following the instructions:

sonar --init

Scan a website:

sonar https://example.com

For more in depth information on how to get started, configurations, and more, see the online user guide, or the local version for the most recent (and unstable) content.

Quick start developer guide

To know more about the internals of sonar, how to create new rules, collectors, formatters, etc, take a look at the online developer guide (or the local version.

The following are meant only if you are working on sonar's codebase:

  • npm run site <url> will analyze the website with the current configuration and using the latest build available in the dist directory.
  • npm run site -- --debug <url> same as above, but will show all the debug information.
  • npm run lint will lint the code.
  • npm run watch will start watchmode. This is the recommended task to run in the background while developing. It does the following:
    • sync all the resources from src to dist (basically anything that is not a .ts file).
    • compile the typescript files incrementally to dist.
    • run all the tests incrementally.
  • npm run build will do the same as the watch task but only once and without running the tests.
  • npm test will run the tests with code coverage using the code available in dist. It is better to run this task after build.

The initialization of the watch task is a bit especial: it will compile and copy the assets before starting to watch for new files to copy, build, or test. Because of concurrency, it might be that the tests are run twice initially.

Code of Conduct

This project adheres to the JS Foundation's code of conduct. By participating in this project you agree to abide by its terms.

License

The code is available under the Apache 2.0 license.

推荐源码