Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

Dart static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your DART code

Tags

Impact

Clean code attribute

Parameter names should match base declaration
Code Smell
Allowing unrestricted navigation in WebViews is security-sensitive
Security Hotspot
Processing persistent unique identifiers is security-sensitive
Security Hotspot
Exposing native code through JavaScript interfaces is security-sensitive
Security Hotspot
"child" properties should be placed last in widget instantiation
Code Smell
Literal constructors parameters of @immutable classes should be const
Code Smell
Unnecessary widget containers should be removed
Code Smell
Widget constructors should have a key parameter
Code Smell
"SizedBox" should be used to add a whitespace to a layout
Code Smell
"mounted" should be checked before using a "BuildContext " after an async operation
Bug
Flutter widget "createState" should only return a new "State"
Code Smell
@immutable classes should only have const constructors
Code Smell
Const constructors should be invoked with const
Code Smell
"part of" directives should be used with strings
Code Smell
Unnecessary getters and setters should be removed
Code Smell
Web-only libraries should only be used in Flutter web plugins
Code Smell
"void" variables should not be assigned a value
Bug
Super parameters should be preferred to forwarding parameters to super
Code Smell
If-null operator shouldn't be used with "null"
Code Smell
Generic function type syntax should be preferred for parameters
Code Smell
Unnecessary nullable in final declaration should be removed
Code Smell
Null-aware assignments should make sense
Code Smell
"new" keyword shouldn't be used
Code Smell
Unnecessary use of "toList" with spread operator
Code Smell
Unnecessary string interpolations
Code Smell
"late" modifier should be necessary
Code Smell
Unnamed constructor should be used instead of `.new`
Code Smell
Initialization formals shouldn't be unnecessarily type annotated
Code Smell
Unnecessary braces in string interpolation should be removed
Code Smell
Constant patterns should not be used with type literals
Bug
Triple slash should be used for documentation comments
Code Smell
Initializing formals should be used
Code Smell
Spread collections should be preferred to chaining list insertions
Code Smell
Inline list literals should be preferred to chains of insertions
Code Smell
Pubspec urls should be secure
Vulnerability
Referenced packages should be listed as dependencies
Code Smell
Dependencies should be sorted
Code Smell
For elements should be preferred to Map.fromIterable
Code Smell
Adjacent string concatenation should be preferred
Code Smell
Fields should not be overridden
Code Smell
Non-constant names should comply with a naming convention
Code Smell
Library prefixes shouldn't start with underscore
Code Smell
Private types shouldn't be exposed in public API
Code Smell
Library prefixes should comply with naming conventions
Code Smell
Library annotations should be attached to library directive
Code Smell
Library doc comments should be attached to library directive
Code Smell
Implementation imports shouldn't be used
Code Smell
Implicit tearoff of "call" shouldn't be used
Code Smell
Single cascade shouldn't be used
Code Smell
Function literals shouldn't be used in foreach calls
Code Smell
Wildcard variable shouldn't be used
Code Smell
"is!" should be used instead of "!is"
Bug
Relative lib imports should not be used
Code Smell
Uninitialized variables and fields should be explicitly typed
Code Smell
Types should not be used as parameter names
Code Smell
Void functions should not return null
Code Smell
Getters should not be recursive
Bug
Function declarations should be preferred over variables
Code Smell
Nullable type parameter values should not be null checked with `!`
Bug
Extension identifiers should comply with a naming convention
Code Smell
Local identifiers should not start with underscore
Code Smell
Null checks in equality operators should be avoided
Code Smell
If-null operator should be preferred
Code Smell
Null-aware operators should be preferred
Code Smell
Unnecessary character escapes should be removed
Code Smell
Redundant type casts should be removed
Code Smell
Enabling JavaScript support for WebViews is security-sensitive
Security Hotspot
Empty constructor bodies should be replaced with a semicolon
Code Smell
Regular expressions should be syntactically valid
Bug
Cipher algorithms should be robust
Vulnerability
Encryption algorithms should be used with secure mode and padding scheme
Vulnerability
Generic function type aliases should be preferred
Code Smell
Using clear-text protocols is security-sensitive
Security Hotspot
Accessing Android external storage is security-sensitive
Security Hotspot
Type parameters should not shadow other type parameters
Code Smell
Server certificates should be verified during SSL/TLS connections
Vulnerability
Using weak hashing algorithms is security-sensitive
Security Hotspot
Color definitions should be valid
Bug
"await" should only be used with futures
Code Smell
"static final" declarations should be "const" instead
Code Smell
Cognitive Complexity of functions should not be too high
Code Smell
"const" modifier should not be redundant
Bug
"switch" statements should cover all cases
Code Smell
Interpolation should be used instead of String concatenation
Code Smell
Ternary operators should not be nested
Code Smell
Collection literals should be preferred
Code Smell
Conditional assignment should be preferred
Code Smell
Iterable "whereType" should be used to filter by type
Code Smell
"this" should only be used when required
Code Smell
Fields that are only assigned in the constructor should be "readonly"
Code Smell
Exceptions should not be ignored
Code Smell
Variables should not be initialized with "null"
Code Smell
Setters should not declare return types
Bug
"is!" should be used instead of "!(. is .)"
Code Smell
Dart build, compiler, or analyzer configuration errors
Code Smell
Using pseudorandom number generators (PRNGs) is security-sensitive
Security Hotspot
Inappropriate collection calls should not be made
Bug
Unnecessary equality checks should not be made
Bug
Code annotated as deprecated should not be used
Code Smell
Unused assignments should be removed
Code Smell
The original exception object should be rethrown
Bug
File names should comply with a naming convention
Code Smell
Cyclomatic Complexity of functions should not be too high
Code Smell
Unused local variables should be removed
Code Smell
Control structures should use curly braces
Code Smell
"==" operator and "hashCode()" should be overridden in pairs
Bug
Package names should comply with a naming convention
Code Smell
String literals should not be duplicated
Code Smell
Overriding methods should do more than simply call the same method in the super class
Code Smell
"@override" should be used on overriding members
Code Smell
"isEmpty" or "isNotEmpty" should be used to test for emptiness
Code Smell
Constant names should comply with a naming convention
Code Smell
Jump statements should not occur in "finally" blocks
Bug
Track uses of "TODO" tags
Code Smell
Track uses of "FIXME" tags
Code Smell
Deprecated code should be removed
Code Smell
Files should end with a newline
Code Smell
Unnecessary imports should be removed
Code Smell
Deprecated elements should include explanation
Code Smell
Utility classes should not have public constructors
Code Smell
Empty statements should be removed
Code Smell
Functions should not have too many parameters
Code Smell
Unused "private" fields should be removed
Code Smell
Unused labels should be removed
Code Smell
Standard outputs should not be used directly to log anything
Code Smell
Class names should comply with a naming convention
Code Smell

Implementation imports shouldn't be used

consistency - conventional

maintainability

Code Smell

Why is this an issue?

How can I fix it?

More Info

In Dart, there’s a convention to distinguish between public API and the implementation details. It states:

Files inside lib/src are considered internal implementation detail, and shouldn’t be referenced
Other files inside the lib directory are publicly accessible and are safe to be imported

Introducing the dependency on the internal implementation of other packages is not recommended as it is the subject to change and may introduce maintainability issues and break your code unexpectedly.

Exceptions

It is still safe to reference libraries from lib/src within the same package.

Available In:

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
10.7

In-IDE

SaaS

Self-Hosted