Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Secrets
ABAP
Apex
AzureResourceManager
C
C++
CloudFormation
COBOL
C#
CSS
Docker
Flex
Go
HTML
Java
JavaScript
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML

JavaScript static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your JAVASCRIPT code

Tags

Function returns should not be invariant
Code Smell
Assertions should be complete
Code Smell
Variables should be declared explicitly
Code Smell
Tests should include assertions
Code Smell
Future reserved words should not be used as identifiers
Code Smell
Octal values should not be used
Code Smell
Switch cases should end with an unconditional "break" statement
Code Smell
"switch" statements should not contain non-case labels
Code Smell
Equality operators should not be used in "for" loop termination conditions
Code Smell
Tests should not execute any code after "done()" is called
Code Smell
"default" clauses should be last
Code Smell
"await" should only be used with promises
Code Smell
Conditionals should start on new lines
Code Smell
Cognitive Complexity of functions should not be too high
Code Smell
"void" should not be used
Code Smell
Variables should be declared with "let" or "const"
Code Smell
Constructor names should start with an upper case letter
Code Smell
Loop counters should not be assigned within the loop body
Code Smell
"for" loop increment clauses should modify the loops' counters
Code Smell
Functions should not be empty
Code Smell
Comma operator should not be used
Code Smell
If statements should not be the only statement in else blocks
Code Smell
Octal escape sequences should not be used
Code Smell
Prototypes of builtin objects should not be modified
Code Smell
Optional chaining should be preferred
Code Smell
Ends of strings should be checked with "startsWith()" and "endsWith()"
Code Smell
Unnecessary character escapes should be removed
Code Smell
Import variables should not be reassigned
Code Smell
JSX list components keys should match up between renders
Code Smell
React Context Provider values should have stable identities
Code Smell
JSX list components should not use array indexes as key
Code Smell
React components should not be nested
Code Smell
JSX list components should have a key property
Code Smell
Unused methods of React components should be removed
Code Smell
Character classes in regular expressions should not contain only one character
Code Smell
Regular expressions should not contain empty groups
Code Smell
Regular expressions should not contain multiple spaces
Code Smell
Chai assertions should have only one reason to succeed
Code Smell
Single-character alternations in regular expressions should be replaced with character classes
Code Smell
Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string
Code Smell
Tests should check which exception is thrown
Code Smell
Character classes in regular expressions should not contain the same character twice
Code Smell
Names of regular expressions named groups should be used
Code Smell
Regular expressions should not be too complicated
Code Smell
Shorthand promises should be used
Code Smell
Template literals should not be nested
Code Smell
"in" should not be used on arrays
Code Smell
Assignments should not be redundant
Code Smell
Functions should not have identical implementations
Code Smell
Sparse arrays should not be created with extra commas
Code Smell
Array-mutating methods should not be used misleadingly
Code Smell
Collection contents should be used
Code Smell
Functions should always return the same type
Code Smell
Arguments to built-in functions should match documented types
Code Smell
Literals should not be thrown
Code Smell
Functions should be called consistently with or without "new"
Code Smell
Array indexes should be numeric
Code Smell
Assertion arguments should be passed in the correct order
Code Smell
Ternary operators should not be nested
Code Smell
"delete" should not be used on arrays
Code Smell
Variables and functions should not be redeclared
Code Smell
"indexOf" checks should not be for positive numbers
Code Smell
"arguments.caller" and "arguments.callee" should not be used
Code Smell
Multiline blocks should be enclosed in curly braces
Code Smell
Boolean expressions should not be gratuitous
Code Smell
Variables should be used in the blocks where they are declared
Code Smell
Parameters should be passed in the correct order
Code Smell
Two branches in a conditional structure should not have exactly the same implementation
Code Smell
Unused assignments should be removed
Code Smell
Function parameters with default values should be last
Code Smell
Functions should not be defined inside loops
Code Smell
"switch" statements should not have too many "case" clauses
Code Smell
Only "while", "do", "for" and "switch" statements should be labelled
Code Smell
Sections of code should not be commented out
Code Smell
Track uses of "FIXME" tags
Code Smell
Assignments should not be made from within sub-expressions
Code Smell
Labels should not be used
Code Smell
Nested blocks of code should not be left empty
Code Smell
Functions should not have too many parameters
Code Smell
Unused private class members should be removed
Code Smell
"Number.isNaN()" should be used to check for "NaN" value
Code Smell
Calls to ".call()" and ".apply()" methods should not be redundant
Code Smell
Literals should not be used for promise rejection
Code Smell
Spread syntax should be used instead of "apply()"
Code Smell
Object spread syntax should be used instead of "Object.assign"
Code Smell
__proto__ property should not be used
Code Smell
Use Object.hasOwn static method instead of hasOwnProperty
Code Smell
Renaming import, export, and destructuring assignments should not be to the same name
Code Smell
Unnecessary constructors should be removed
Code Smell
Variables should not be initialized to undefined
Code Smell
Ternary operator should not be used instead of simpler alternatives
Code Smell
Unnecessary calls to ".bind()" should not be used
Code Smell
Constructors should not return values
Code Smell
"RegExp.exec()" should be preferred over "String.match()"
Code Smell
Objects and classes converted or coerced to strings should define a "toString()" method
Code Smell
Extra boolean casts should be removed
Code Smell
Regular expression quantifiers and character classes should be used concisely
Code Smell
Regular expression literals should be used when possible
Code Smell
"for of" should be used with Iterables
Code Smell
Imports from the same module should be merged
Code Smell
Jump statements should not be redundant
Code Smell
The global "this" object should not be used
Code Smell
"catch" clauses should do more than rethrow
Code Smell
Exceptions should not be ignored
Code Smell
Classes should not be empty
Code Smell
Boolean checks should not be inverted
Code Smell
Deprecated APIs should not be used
Code Smell
Wrapper objects should not be used for primitive types
Code Smell
Multiline string literals should not be used
Code Smell
Unused local variables and functions should be removed
Code Smell
Function call arguments should not start on new lines
Code Smell
"switch" statements should have at least 3 "case" clauses
Code Smell
A "while" loop should be used instead of a "for" loop
Code Smell
Nested code blocks should not be used
Code Smell
Unnecessary imports should be removed
Code Smell
Return of boolean expressions should not be wrapped into an "if-then-else" statement
Code Smell
Boolean literals should not be used in comparisons
Code Smell
Class names should comply with a naming convention
Code Smell
Track uses of "TODO" tags
Code Smell
Variables declared with "var" should be declared before they are used
Code Smell
Track lack of copyright and license headers
Code Smell
A conditionally executed single line should be denoted by indentation
Code Smell
Class methods should be used instead of "prototype" assignments
Code Smell
Function constructors should not be used
Code Smell
Unchanged variables should be marked "const"
Code Smell
Wildcard imports should not be used
Code Smell
"switch" statements should not be nested
Code Smell
Cyclomatic Complexity of functions should not be too high
Code Smell
"strict" mode should be used with caution
Code Smell
Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeply
Code Smell
"switch" statements should have "default" clauses
Code Smell
"if ... else if" constructs should end with "else" clauses
Code Smell
Control structures should use curly braces
Code Smell
String literals should not be duplicated
Code Smell
Expressions should not be too complex
Code Smell
Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expression
Code Smell
Disallow `.bind()` and arrow functions in JSX props
Code Smell
"for in" should not be used with iterables
Code Smell
Functions should use "return" consistently
Code Smell
Variables and functions should not be declared in the global scope
Code Smell
Arithmetic operators should only have numbers as operands
Code Smell
Values not convertible to numbers should not be used in numeric comparisons
Code Smell
Arithmetic operations should not result in "NaN"
Code Smell
"arguments" should not be accessed directly
Code Smell
Comparison operators should not be used with strings
Code Smell
Property getters and setters should come in pairs
Code Smell
JavaScript parser failure
Code Smell
The ternary operator should not be used
Code Smell
"===" and "!==" should be used instead of "==" and "!="
Code Smell
Functions should not have too many lines of code
Code Smell
Track comments matching a regular expression
Code Smell
Statements should be on separate lines
Code Smell
Unused function parameters should be removed
Code Smell
Variables should not be shadowed
Code Smell
Redundant pairs of parentheses should be removed
Code Smell
Magic numbers should not be used
Code Smell
Collapsible "if" statements should be merged
Code Smell
Standard outputs should not be used directly to log anything
Code Smell
Files should not have too many lines of code
Code Smell
Lines should not be too long
Code Smell
"continue" should not be used
Code Smell
"await" should not be used redundantly
Code Smell
Trailing commas should be used
Code Smell
"import" should be used to include external code
Code Smell
Braces and parentheses should be used consistently with arrow functions
Code Smell
Destructuring syntax should be used for assignments
Code Smell
Template strings should be used instead of concatenation
Code Smell
Shorthand object properties should be grouped at the beginning or end of an object declaration
Code Smell
Object literal shorthand syntax should be used
Code Smell
Strings and non-strings should not be added
Code Smell
Default export names and file names should match
Code Smell
Object literal syntax should be used
Code Smell
"undefined" should not be assigned
Code Smell
Trailing commas should not be used
Code Smell
Array constructors should not be used
Code Smell
Local variables should not be declared and then immediately returned or thrown
Code Smell
Quotes for string literals should be used consistently
Code Smell
Statements should end with semicolons
Code Smell
Comments should not be located at the end of lines of code
Code Smell
Loops should not contain more than a single "break" or "continue" statement
Code Smell
Variable, property and parameter names should comply with a naming convention
Code Smell
Lines should not end with trailing whitespaces
Code Smell
Files should contain an empty newline at the end
Code Smell
Extra semicolons should be removed
Code Smell
An open curly brace should be located at the end of a line
Code Smell
Tabulation characters should not be used
Code Smell
Function and method names should comply with a naming convention
Code Smell

Standard outputs should not be used directly to log anything

Code Smell

MajorSonarSource default severity
click to learn more

bad-practice
user-experience

Why is this an issue?

Debug statements are always useful during development. But include them in production code - particularly in code that runs client-side - and you run the risk of inadvertently exposing sensitive information, slowing down the browser, or even erroring-out the site for some users.

Noncompliant code example

console.log(password_entered); // Noncompliant

Resources

OWASP Top 10 2021 Category A9 - Security Logging and Monitoring Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

© 2008-2023 SonarSource S.A., Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, and SONARCLOUD are trademarks of SonarSource S.A. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.
Privacy Policy | Cookie Policy

In-IDE

SaaS

Self-Hosted