Skip to content

Latest commit

 

History

History
582 lines (534 loc) · 134 KB

README.md

File metadata and controls

582 lines (534 loc) · 134 KB

eslint-plugin-sonarjs npm version

eslint-plugin-sonarjs is an ESLint plugin maintained by Sonar, designed to help developers write Clean Code. This plugin exposes to ESLint users all original JS/TS rules from SonarJS, an analyzer for JavaScript and TypeScript within the Sonar ecosystem. This plugin offers general-purpose rules for detecting code smells and bugs, as well as rules for other aspects of code quality, including testing, accessibility, and more. Additionally, it enhances code security by providing rules to report potential security vulnerabilities.

This ESLint plugin does not contain all the rules from the SonarQube JS/TS analyzer. Aside of the rules available here, SonarQube uses rules from other ESLint plugins (some used as they are, some others have been modified). We recommend installing those ESLint plugins and enabling those rules if you are looking for similar results to SonarQube using ESLint.

If you are a SonarQube or SonarCloud user, to lint your code locally, we suggest using SonarLint IDE extension (available for VSCode, JetBrains IDEs and Eclipse). You can connect SonarLint to your SonarQube/SonarCloud project to synchronize rules configuration, issue statuses, etc.

Table of Contents

Prerequisites

The prerequisites for using this plugin depend on the ESLint version you are using:

  • For ESLint 8, you need Node.js version >= 16.
  • For ESLint 9, you need Node.js version that complies with (^18.18.0 || ^20.9.0 || >=21).

Installation

First, ensure that your project is configured with ESLint. If it is not, please follow the ESLint instructions to set it up.

To install eslint-plugin-sonarjs, use the following npm command (or yarn equivalent):

npm install eslint-plugin-sonarjs --save-dev # locally
npm install eslint-plugin-sonarjs -g         # globally

Usage

The usage of eslint-plugin-sonarjs depends on the ESLint version used by your project.

For ESLint 9

This plugin provides a single configuration named recommended. This configuration enables most of the rules except for a few exceptions, and the rules are enabled with the error severity. You can enable the recommended configuration in your eslint.config.js file:

import sonarjs from 'eslint-plugin-sonarjs';

export default [sonarjs.configs.recommended];

If you don't use the recommended configuration, you need to declare the plugin manually in the plugins field. Enable or disable rules using the rules field:

import sonarjs from 'eslint-plugin-sonarjs';
export default [
  {
    plugins: { sonarjs },
    rules: {
      'sonarjs/no-implicit-dependencies': 'error',
    },
  },
];

For ESLint 8

We include a recommended-legacy configuration to be backward compatible with ESLint v8, equivalent to the recommended configuration for ESLint 9.

Add sonarjs to your .eslintrc file:

{
  "plugins": ["sonarjs"],
  "extends": ["plugin:sonarjs/recommended-legacy"]
}

You can enable some rules manually:

{
  "rules": {
    "sonarjs/cognitive-complexity": "error",
    "sonarjs/no-identical-expressions": "error"
  }
}

TypeScript ESLint parser

Several rules are designed for linting both JavaScript and TypeScript code, and some even rely on type checking through TypeScript. Therefore, you will need to install the @typescript-eslint/parser dependency and instruct ESLint to use this parser through the parserOptions property.

SonarLint

As an alternative to using this ESLint plugin, you can use SonarLint. SonarLint is an IDE extension that helps you detect and fix quality issues as you write code. It provides a broader set of rules compared to the ESLint plugin, improved versions of ESLint rules, and additional features that enhance your linting experience.

Feedback

If you have any questions, encounter any bugs, or have feature requests, please reach out to us through the Sonar Community Forum. Your messages will reach the maintainers of this GitHub repository.

Rules

💼 Configurations enabled in.
✅ Set in the recommended configuration.
🔧 Automatically fixable by the --fix CLI option.
💡 Manually fixable by editor suggestions.
💭 Requires type information.
❌ Deprecated.

Name                                 Description 💼 🔧 💡 💭
anchor-precedence Alternatives in regular expressions should be grouped when used with anchors 💭
argument-type Arguments to built-in functions should match documented types 💭
arguments-order Parameters should be passed in the correct order 💭
arguments-usage "arguments" should not be accessed directly
array-callback-without-return Callbacks of array methods should have return statements 💭
array-constructor Array constructors should not be used 💡
arrow-function-convention Braces and parentheses should be used consistently with arrow functions
assertions-in-tests Tests should include assertions
aws-apigateway-public-api Creating public APIs is security-sensitive
aws-ec2-rds-dms-public Allowing public network access to cloud resources is security-sensitive
aws-ec2-unencrypted-ebs-volume Using unencrypted EBS volumes is security-sensitive
aws-efs-unencrypted Using unencrypted EFS file systems is security-sensitive
aws-iam-all-privileges Policies granting all privileges are security-sensitive
aws-iam-all-resources-accessible Policies granting access to all resources of an account are security-sensitive
aws-iam-privilege-escalation AWS IAM policies should limit the scope of permissions given
aws-iam-public-access Policies authorizing public access to resources are security-sensitive
aws-opensearchservice-domain Using unencrypted Elasticsearch domains is security-sensitive
aws-rds-unencrypted-databases Using unencrypted RDS DB resources is security-sensitive
aws-restricted-ip-admin-access Administration services access should be restricted to specific IP addresses
aws-s3-bucket-granted-access Granting access to S3 buckets to all or authenticated users is security-sensitive
aws-s3-bucket-insecure-http Authorizing HTTP communications with S3 buckets is security-sensitive
aws-s3-bucket-public-access Allowing public ACLs or policies on a S3 bucket is security-sensitive
aws-s3-bucket-server-encryption Disabling server-side encryption of S3 buckets is security-sensitive
aws-s3-bucket-versioning Disabling versioning of S3 buckets is security-sensitive
aws-sagemaker-unencrypted-notebook Using unencrypted SageMaker notebook instances is security-sensitive
aws-sns-unencrypted-topics Using unencrypted SNS topics is security-sensitive
aws-sqs-unencrypted-queue Using unencrypted SQS queues is security-sensitive
bitwise-operators Bitwise operators should not be used in boolean contexts
block-scoped-var Variables should be used in the blocks where they are declared
bool-param-default Optional boolean parameters should have default value
call-argument-line Function call arguments should not start on new lines
certificate-transparency Disabling Certificate Transparency monitoring is security-sensitive
chai-determinate-assertion Chai assertions should have only one reason to succeed
class-name Class names should comply with a naming convention
class-prototype Class methods should be used instead of "prototype" assignments 💭
code-eval Dynamically executing code is security-sensitive
cognitive-complexity Cognitive Complexity of functions should not be too high
comma-or-logical-or-case Comma and logical OR operators should not be used in switch cases
comment-regex Track comments matching a regular expression
concise-regex Regular expression quantifiers and character classes should be used concisely 💭
conditional-indentation A conditionally executed single line should be denoted by indentation
confidential-information-logging Allowing confidential information to be logged is security-sensitive
constructor-for-side-effects Objects should not be created to be dropped immediately without being used
content-length Allowing requests with excessive content length is security-sensitive
content-security-policy Disabling content security policy fetch directives is security-sensitive
cookie-no-httponly Creating cookies without the "HttpOnly" flag is security-sensitive
cookies Writing cookies is security-sensitive
cors Having a permissive Cross-Origin Resource Sharing policy is security-sensitive
csrf Disabling CSRF protections is security-sensitive
cyclomatic-complexity Cyclomatic Complexity of functions should not be too high
declarations-in-global-scope Variables and functions should not be declared in the global scope
deprecation Deprecated APIs should not be used 💭
destructuring-assignment-syntax Destructuring syntax should be used for assignments
different-types-comparison Strict equality operators should not be used with dissimilar types 💡 💭
disabled-auto-escaping Disabling auto-escaping in template engines is security-sensitive 💭
disabled-resource-integrity Using remote artifacts without integrity checks is security-sensitive 💭
disabled-timeout Disabling Mocha timeouts should be explicit
dns-prefetching Allowing browsers to perform DNS prefetching is security-sensitive
duplicates-in-character-class Character classes in regular expressions should not contain the same character twice 💭
elseif-without-else "if ... else if" constructs should end with "else" clauses
empty-string-repetition Repeated patterns in regular expressions should not match the empty string 💭
encryption Encrypting data is security-sensitive
encryption-secure-mode Encryption algorithms should be used with secure mode and padding scheme
enforce-trailing-comma Trailing commas should be used 🔧
existing-groups Replacement strings should reference existing regular expression groups 💭
expression-complexity Expressions should not be too complex
file-header Track lack of copyright and license headers
file-name-differ-from-class Default export names and file names should match
file-permissions Setting loose POSIX file permissions is security-sensitive
file-uploads File uploads should be restricted
fixme-tag Track uses of "FIXME" tags
for-in "for...in" loops should filter properties before acting on them
for-loop-increment-sign A "for" loop update clause should move the counter in the right direction
frame-ancestors Disabling content security policy frame-ancestors directive is security-sensitive
function-inside-loop Functions should not be defined inside loops
function-name Function and method names should comply with a naming convention
function-return-type Functions should always return the same type 💭
future-reserved-words Future reserved words should not be used as identifiers
generator-without-yield Generators should explicitly "yield" a value
hashing Using weak hashing algorithms is security-sensitive
hidden-files Statically serving hidden files is security-sensitive
in-operator-type-error "in" should not be used with primitive types 💭
inconsistent-function-call Functions should be called consistently with or without "new"
index-of-compare-to-positive-number "indexOf" checks should not be for positive numbers 💭
insecure-cookie Creating cookies without the "secure" flag is security-sensitive
insecure-jwt-token JWT should be signed and verified with strong cipher algorithms
inverted-assertion-arguments Assertion arguments should be passed in the correct order 💡
jsx-no-leaked-render React components should not render non-boolean condition values 💡 💭
label-position Only "while", "do", "for" and "switch" statements should be labelled
link-with-target-blank Authorizing an opened window to access back to the originating window is security-sensitive
max-lines Files should not have too many lines of code
max-lines-per-function Functions should not have too many lines of code
max-switch-cases "switch" statements should not have too many "case" clauses
max-union-size Union types should not have too many elements
misplaced-loop-counter "for" loop increment clauses should modify the loops' counters
nested-control-flow Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeply
new-operator-misuse "new" should only be used with functions and classes 💭
no-all-duplicated-branches All branches in a conditional structure should not have exactly the same implementation
no-alphabetical-sort "Array.prototype.sort()" and "Array.prototype.toSorted()" should use a compare function 💡 💭
no-angular-bypass-sanitization Disabling Angular built-in sanitization is security-sensitive
no-array-delete "delete" should not be used on arrays 💭
no-associative-arrays Array indexes should be numeric 💭
no-async-constructor Constructors should not contain asynchronous operations
no-built-in-override Built-in objects should not be overridden
no-case-label-in-switch "switch" statements should not contain non-case labels
no-clear-text-protocols Using clear-text protocols is security-sensitive
no-code-after-done Tests should not execute any code after "done()" is called
no-collapsible-if Mergeable "if" statements should be combined
no-collection-size-mischeck Collection size and array length comparisons should make sense 💡 💭
no-commented-code Sections of code should not be commented out 💡
no-control-regex Regular expressions should not contain control characters 💭
no-dead-store Unused assignments should be removed
no-delete-var "delete" should be used only with object properties
no-duplicate-in-composite Union and intersection types should not include duplicated constituents 💡
no-duplicate-string String literals should not be duplicated
no-duplicated-branches Two branches in a conditional structure should not have exactly the same implementation
no-element-overwrite Collection elements should not be replaced unconditionally
no-empty-after-reluctant Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string 💭
no-empty-alternatives Alternation in regular expressions should not contain empty alternatives 💭
no-empty-character-class Empty character classes should not be used 💭
no-empty-collection Empty collections should not be accessed or iterated
no-empty-group Regular expressions should not contain empty groups 💭
no-empty-test-file Test files should contain at least one test case
no-equals-in-for-termination Equality operators should not be used in "for" loop termination conditions
no-exclusive-tests Exclusive tests should not be commited to version control 💡
no-extra-arguments Function calls should not pass extra arguments
no-fallthrough Switch cases should end with an unconditional "break" statement
no-for-in-iterable "for in" should not be used with iterables 💭
no-function-declaration-in-block Function declarations should not be made within blocks
no-global-this The global "this" object should not be used 💡
no-globals-shadowing Special identifiers should not be bound or assigned
no-gratuitous-expressions Boolean expressions should not be gratuitous
no-hardcoded-ip Using hardcoded IP addresses is security-sensitive
no-hardcoded-passwords Hard-coded passwords are security-sensitive
no-hardcoded-secrets Hard-coded secrets are security-sensitive
no-hook-setter-in-body React's useState hook should not be used directly in the render function or body of a component
no-identical-conditions "if/else if" chains and "switch" cases should not have the same condition
no-identical-expressions Identical expressions should not be used on both sides of a binary operator
no-identical-functions Functions should not have identical implementations
no-ignored-exceptions Exceptions should not be ignored
no-ignored-return Return values from functions without side effects should not be ignored 💭
no-implicit-dependencies Dependencies should be explicit
no-implicit-global Variables should be declared explicitly
no-in-misuse "in" should not be used on arrays 💡 💭
no-incomplete-assertions Assertions should be complete
no-inconsistent-returns Functions should use "return" consistently
no-incorrect-string-concat Strings and non-strings should not be added 💭
no-internal-api-use Users should not use internal APIs
no-intrusive-permissions Using intrusive permissions is security-sensitive
no-invalid-await "await" should only be used with promises 💭
no-invalid-regexp Regular expressions should be syntactically valid 💭
no-invariant-returns Function returns should not be invariant
no-inverted-boolean-check Boolean checks should not be inverted 🔧 💡
no-ip-forward Forwarding client IP address is security-sensitive
no-labels Labels should not be used
no-literal-call Literals should not be used as functions
no-mime-sniff Allowing browsers to sniff MIME types is security-sensitive
no-misleading-array-reverse Array-mutating methods should not be used misleadingly 💡 💭
no-misleading-character-class Unicode Grapheme Clusters should be avoided inside regex character classes 💡 💭
no-mixed-content Allowing mixed-content is security-sensitive
no-nested-assignment Assignments should not be made from within sub-expressions
no-nested-conditional Ternary operators should not be nested
no-nested-functions Functions should not be nested too deeply
no-nested-incdec Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expression
no-nested-switch "switch" statements should not be nested
no-nested-template-literals Template literals should not be nested
no-one-iteration-loop Loops with at most one iteration should be refactored
no-os-command-from-path Searching OS commands in PATH is security-sensitive
no-parameter-reassignment Initial values of parameters, caught exceptions, and loop variables should not be ignored
no-primitive-wrappers Wrapper objects should not be used for primitive types 💡
no-redundant-assignments Assignments should not be redundant
no-redundant-boolean Boolean literals should not be used in comparisons
no-redundant-jump Jump statements should not be redundant 💡
no-redundant-optional Optional property declarations should not use both '?' and 'undefined' syntax 💡 💭
no-redundant-parentheses Redundant pairs of parentheses should be removed 💡
no-reference-error Variables should be defined before being used
no-referrer-policy Disabling strict HTTP no-referrer policy is security-sensitive
no-regex-spaces Regular expressions should not contain multiple spaces 💡 💭
no-require-or-define "import" should be used to include external code 💭
no-return-type-any Primitive return types should be used 💭
no-same-argument-assert Assertions should not be given twice the same argument
no-same-line-conditional Conditionals should start on new lines 💡
no-selector-parameter Methods should not contain selector parameters 💭
no-skipped-tests Tests should not be skipped without providing a reason
no-small-switch "if" statements should be preferred over "switch" when simpler
no-sonar-comments Track uses of "NOSONAR" comments
no-tab Tabulation characters should not be used
no-table-as-layout HTML "<table>" should not be used for layout purposes
no-try-promise Promise rejections should not be caught by "try" blocks 💭
no-undefined-argument "undefined" should not be passed as the value of optional parameters 💡 💭
no-undefined-assignment "undefined" should not be assigned
no-unenclosed-multiline-block Multiline blocks should be enclosed in curly braces
no-uniq-key JSX list components keys should match up between renders
no-unsafe-unzip Expanding archive files without controlling resource consumption is security-sensitive
no-unthrown-error Errors should not be created without being thrown 💡
no-unused-collection Collection contents should be used
no-unused-function-argument Unused function parameters should be removed 💡
no-unused-vars Unused local variables and functions should be removed
no-use-of-empty-return-value The return value of void functions should not be used
no-useless-catch "catch" clauses should do more than rethrow
no-useless-increment Values should not be uselessly incremented
no-useless-intersection Type intersections should use meaningful types 💭
no-useless-react-setstate React state setter function should not be called with its matching state variable
no-variable-usage-before-declaration Variables declared with "var" should be declared before they are used
no-vue-bypass-sanitization Disabling Vue.js built-in escaping is security-sensitive
no-weak-cipher Cipher algorithms should be robust
no-weak-keys Cryptographic keys should be robust
no-wildcard-import Wildcard imports should not be used
non-existent-operator Non-existent operators '=+', '=-' and '=!' should not be used 💡
non-number-in-arithmetic-expression Arithmetic operators should only have numbers as operands 💭
null-dereference Properties of variables with "null" or "undefined" values should not be accessed 💭
object-alt-content "" tags should provide an alternative content
operation-returning-nan Arithmetic operations should not result in "NaN" 💭
os-command Using shell interpreter when executing OS commands is security-sensitive
post-message Origins should be verified during cross-origin communications 💭
prefer-default-last "default" clauses should be last
prefer-immediate-return Local variables should not be declared and then immediately returned or thrown 🔧
prefer-object-literal Object literal syntax should be used
prefer-promise-shorthand Shorthand promises should be used 💡
prefer-read-only-props React props should be read-only 💡 💭
prefer-regexp-exec "RegExp.exec()" should be preferred over "String.match()" 💡 💭
prefer-single-boolean-return Return of boolean expressions should not be wrapped into an "if-then-else" statement 💡
prefer-type-guard Type predicates should be used 💡
prefer-while A "while" loop should be used instead of a "for" loop 🔧
process-argv Using command line arguments is security-sensitive
production-debug Delivering code in production with debug features activated is security-sensitive
pseudo-random Using pseudorandom number generators (PRNGs) is security-sensitive
public-static-readonly Public "static" fields should be read-only 💡
publicly-writable-directories Using publicly writable directories is security-sensitive
reduce-initial-value "Array.reduce()" calls should include an initial value 💭
redundant-type-aliases Redundant type aliases should not be used
regex-complexity Regular expressions should not be too complicated 💭
regular-expr Using regular expressions is security-sensitive
session-regeneration A new session should be created during user authentication
shorthand-property-grouping Shorthand object properties should be grouped at the beginning or end of an object declaration
single-char-in-character-classes Character classes in regular expressions should not contain only one character 💭
single-character-alternation Single-character alternations in regular expressions should be replaced with character classes 💭
slow-regex Using slow regular expressions is security-sensitive 💭
sockets Using Sockets is security-sensitive
sql-queries Formatting SQL queries is security-sensitive
stable-tests Tests should be stable
standard-input Reading the Standard Input is security-sensitive
stateful-regex Regular expressions with the global flag should be used with caution
strict-transport-security Disabling Strict-Transport-Security policy is security-sensitive
strings-comparison Comparison operators should not be used with strings 💭
super-invocation "super()" should be invoked appropriately
table-header Tables should have headers
table-header-reference Table cells should reference their headers
test-check-exception Tests should check which exception is thrown
todo-tag Track uses of "TODO" tags
too-many-break-or-continue-in-loop Loops should not contain more than a single "break" or "continue" statement
unicode-aware-regex Regular expressions using Unicode character classes or property escapes should enable the unicode flag 💭
unused-import Unnecessary imports should be removed 💡 💭
unused-named-groups Names of regular expressions named groups should be used 💭
unverified-certificate Server certificates should be verified during SSL/TLS connections
unverified-hostname Server hostnames should be verified during SSL/TLS connections
updated-const-var "const" variables should not be reassigned
updated-loop-counter Loop counters should not be assigned within the loop body
use-type-alias Type aliases should be used
useless-string-operation Results of operations on strings should not be ignored 💭
values-not-convertible-to-numbers Values not convertible to numbers should not be used in numeric comparisons 💭
variable-name Variable, property and parameter names should comply with a naming convention
void-use "void" should not be used 💭
weak-ssl Weak SSL/TLS protocols should not be used
web-sql-database Web SQL databases should not be used 💭
x-powered-by Disclosing fingerprints from web application technologies is security-sensitive
xml-parser-xxe XML parsers should not be vulnerable to XXE attacks
xpath Executing XPath expressions is security-sensitive

ESLint rules

SonarJS uses some rules are not shipped in this ESLint plugin to avoid duplication with already existing rules from ESLint core and third-party ESLint plugins. The following rules are used directly, without modifying the original behavior:

SonarJS rule ID Rule implemented by
S103 eslint/max-len
S106 eslint/no-console
S108 eslint/no-empty
S113 eslint/eol-last
S121 eslint/curly
S122 eslint/max-statements-per-line
S139 eslint/line-comment-position
S878 eslint/no-sequences
S909 eslint/no-continue
S1090 jsx-a11y/iframe-has-title
S1117 typescript-eslint/no-shadow
S1131 eslint/no-trailing-spaces
S1143 eslint/no-unsafe-finally
S1199 eslint/no-lone-blocks
S1314 eslint/no-octal
S1321 eslint/no-with
S1440 eslint/eqeqeq
S1441 eslint/quotes
S1442 eslint/no-alert
S1516 eslint/no-multi-str
S1525 eslint/no-debugger
S1536 eslint/no-dupe-args
S1537 typescript-eslint/comma-dangle
S1539 eslint/strict
S1656 eslint/no-self-assign
S1774 eslint/no-ternary
S2094 typescript-eslint/no-extraneous-class
S2427 eslint/radix
S2432 eslint/no-setter-return
S2685 eslint/no-caller
S2933 typescript-eslint/prefer-readonly
S2966 typescript-eslint/no-non-null-assertion
S3257 typescript-eslint/no-inferrable-types
S3353 eslint/prefer-const
S3523 eslint/no-new-func
S3786 eslint/no-template-curly-in-string
S3799 eslint/no-empty-pattern
S3812 eslint/no-unsafe-negation
S3834 eslint/no-new-native-nonconstructor
S3863 import/no-duplicates
S4124 typescript-eslint/no-misused-new
S4125 eslint/valid-typeof
S4136 typescript-eslint/adjacent-overload-signatures
S4137 typescript-eslint/consistent-type-assertions
S4140 eslint/no-sparse-arrays
S4157 typescript-eslint/no-unnecessary-type-arguments
S4204 typescript-eslint/no-explicit-any
S4325 typescript-eslint/no-unnecessary-type-assertion
S4326 eslint/no-return-await
S6325 eslint/prefer-regex-literals
S6435 react/require-render-return
S6438 react/jsx-no-comment-textnodes
S6480 react/jsx-no-bind
S6509 eslint/no-extra-boolean-cast
S6522 eslint/no-import-assign
S6523 eslint/no-unsafe-optional-chaining
S6534 eslint/no-loss-of-precision
S6550 typescript-eslint/prefer-literal-enum-member
S6565 typescript-eslint/prefer-return-this-type
S6568 typescript-eslint/no-confusing-non-null-assertion
S6569 typescript-eslint/no-unnecessary-type-constraint
S6578 typescript-eslint/no-duplicate-enum-values
S6583 typescript-eslint/no-mixed-enums
S6590 typescript-eslint/prefer-as-const
S6635 eslint/no-constructor-return
S6637 eslint/no-extra-bind
S6638 eslint/no-constant-binary-expression
S6644 eslint/no-unneeded-ternary
S6645 eslint/no-undef-init
S6650 eslint/no-useless-rename
S6653 eslint/prefer-object-has-own
S6654 eslint/no-proto
S6657 eslint/no-octal-escape
S6671 typescript-eslint/prefer-promise-reject-errors
S6746 react/no-direct-mutation-state
S6748 react/no-children-prop
S6750 react/no-render-return-value
S6756 react/no-access-state-in-setstate
S6757 react/no-this-in-sfc
S6761 react/no-danger-with-children
S6763 react/no-redundant-should-component-update
S6766 react/no-unescaped-entities
S6767 react/no-unused-prop-types
S6770 react/jsx-pascal-case
S6772 react/jsx-child-element-spacing
S6774 react/prop-types
S6775 react/default-props-match-prop-types
S6789 react/no-is-mounted
S6790 react/no-string-refs
S6793 jsx-a11y/aria-proptypes
S6807 jsx-a11y/role-has-required-aria-props
S6811 jsx-a11y/role-supports-aria-props
S6819 jsx-a11y/prefer-tag-over-role
S6821 jsx-a11y/aria-role
S6822 jsx-a11y/no-redundant-roles
S6823 jsx-a11y/aria-activedescendant-has-tabindex
S6824 jsx-a11y/aria-unsupported-elements
S6825 jsx-a11y/no-aria-hidden-on-focusable
S6836 eslint/no-case-declarations
S6840 jsx-a11y/autocomplete-valid
S6841 jsx-a11y/tabindex-no-positive
S6842 jsx-a11y/no-noninteractive-element-to-interactive-role
S6843 jsx-a11y/no-interactive-element-to-noninteractive-role
S6845 jsx-a11y/no-noninteractive-tabindex
S6846 jsx-a11y/no-access-key
S6847 jsx-a11y/no-noninteractive-element-interactions
S6848 jsx-a11y/no-static-element-interactions
S6850 jsx-a11y/heading-has-content
S6851 jsx-a11y/img-redundant-alt
S6852 jsx-a11y/interactive-supports-focus
S6859 import/no-absolute-path
S6861 import/no-mutable-exports

Improved ESLint rules

The following rules are used in SonarJS but not available in this ESLint plugin. These rules have been modified, so your experience using them in your ESLint configuration may differ from the results you may get using SonarQube.

SonarJS rule ID Rules used in the SonarJS implementation
S107 eslint/max-params
S109 typescript-eslint/no-magic-numbers
S131 typescript-eslint/switch-exhaustiveness-check
S905 typescript-eslint/no-unused-expressions
S1068 eslint/no-unused-private-class-members
S1077 jsx-a11y/alt-text
S1082 jsx-a11y/mouse-events-have-key-events
jsx-a11y/click-events-have-key-events
S1105 eslint/brace-style
S1116 typescript-eslint/no-extra-semi
S1186 typescript-eslint/no-empty-function
S1438 typescript-eslint/semi
S1534 eslint/no-dupe-keys
typescript-eslint/no-dupe-class-members
react/jsx-no-duplicate-props
S1763 eslint/no-unreachable
S1788 typescript-eslint/default-param-last
S2189 eslint/no-unmodified-loop-condition
S2376 eslint/accessor-pairs
S2430 eslint/new-cap
S2688 eslint/use-isnan
S2814 typescript-eslint/no-redeclare
S3498 eslint/object-shorthand
S3504 eslint/no-var
S3512 eslint/prefer-template
S3696 eslint/no-throw-literal
S4023 typescript-eslint/no-empty-interface
S4084 jsx-a11y/media-has-caption
S4138 typescript-eslint/prefer-for-of
S4156 typescript-eslint/prefer-namespace-keyword
S4275 eslint/getter-return
S4327 typescript-eslint/no-this-alias
S5254 jsx-a11y/lang
jsx-a11y/html-has-lang
S6440 react-hooks/rules-of-hooks
S6441 react/no-unused-class-component-methods
S6477 react/jsx-key
S6478 react/no-unstable-nested-components
S6479 react/no-array-index-key
S6481 react/jsx-no-constructed-context-values
S6535 eslint/no-useless-escape
eslint/no-nonoctal-decimal-escape
S6544 typescript-eslint/no-misused-promises
eslint/no-async-promise-executor
S6551 typescript-eslint/no-base-to-string
S6557 typescript-eslint/prefer-string-starts-ends-with
S6571 typescript-eslint/no-redundant-type-constituents
S6572 typescript-eslint/prefer-enum-initializers
S6582 typescript-eslint/prefer-optional-chain
S6598 typescript-eslint/prefer-function-type
S6606 typescript-eslint/prefer-nullish-coalescing
S6643 eslint/no-extend-native
S6647 eslint/no-useless-constructor
S6660 eslint/no-lonely-if
S6661 eslint/prefer-object-spread
S6666 eslint/prefer-spread
S6676 eslint/no-useless-call
S6679 eslint/no-self-compare
S6747 react/no-unknown-property
jsx-a11y/aria-props
S6749 react/jsx-no-useless-fragment
S6754 react/hook-use-state
S6788 react/no-find-dom-node
S6791 react/no-unsafe
S6827 jsx-a11y/anchor-has-content
S6844 jsx-a11y/anchor-is-valid
S6853 jsx-a11y/label-has-associated-control
S6957 react/no-deprecated
S7060 import/no-self-import