7.0.0

All rules rely on TypeScript parser.

6.7.0.14237

Update rule metadata (#2346)

6.6.0.13923

Many new rules related to cryptography (see MMF-1894 ) and many rules migrated to ESLint parser

6.5.0.13383

Update rule metadata (#2175)

SonarJS 6.2.2

Bugfix release:

• Fix potential security vulnerability where eslint-bridge component opens http server on all local interface (0.0.0.0) (SSF-122)

SonarJS 6.4.1

Bugfix release:

• Filtering out huge files is now applied only to JS/TS.

SonarJS 6.4

New rules:

• S2598: File uploads should be restricted (formidable)
• S4502: Disabling CSRF protection is security-sensitive
• S4507: Delivering code in production with debug features activated is security-sensitive
• S5689: Recovering fingerprints from web application technologies should not be possible
• S5691: Statically serving hidden files is security-sensitive
• S5693: Allowing requests with excessive content length is security-sensitive

Improved rules:

• S5122: now raised only when permissive CORS policy is obvious; Support for cors middleware.

Deprecated rules:

• S1442 (superseded by S4507)
• S1525 (superseded by S4507)

Changes in the requirements:

• The plugin now requires Node.js 10
• The plugin no longer relies on user-provided TypeScript: TypeScript is now shipped with the analyzer.
• Support for solution-style tsconfigs
• Very large files are now excluded from analysis by default (property sonar.javascript.maxFileSize controls the threshold)

6.3.0.12464

Hardening and bugfixes

Analyzer for JavaScript/TypeScript 6.2.1

Fix bug in SonarLint when analyzing JS file before TS file (#1680)

SonarJS 6.2

Hi,

This release adds 31 rules for TypeScript which were available for JavaScript:

• Rule S1119: Labels should not be used
• Rule S128: Switch cases should end with an unconditional "break" statement
• Rule S1529: Bitwise operators should not be used in boolean contexts
• Rule S134: Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeply
• Rule S3973: A conditionally executed single line should be denoted by indentation
• Rule S2392: Variables should be used in the blocks where they are declared
• Rule S3524: Braces and parentheses should be used consistently with arrow functions
• Rule S3317: Default export names and file names should match
• Rule S3499: Shorthand object properties should be grouped at the beginning or end of an object declaration
• Rule S3514: Destructuring syntax should be used for assignments
• Rule S3513: "arguments" should not be accessed directly
• Rule S2310: Loop counters should not be assigned to from within the loop body
• Rule S2692: "indexOf" checks should not be for positive numbers
• Rule S1994: "for" loop increment clauses should modify the loops' counters
• Rule S2137: Special identifiers should not be bound or assigned
• Rule S1515: Functions should not be defined inside loops
• Rule S2427: The base should be provided to "parseInt"
• Rule S2208: Wildcard imports should not be used
• Rule S888: Equality operators should not be used in "for" loop termination conditions
• Rule S1530: Function declarations should not be made within blocks
• Rule S1848: Objects should not be created to be dropped immediately without being used
• Rule S1539: "strict" mode should be used with caution
• Rule S1128: Unnecessary imports should be removed
• Rule S1472: Function call arguments should not start on new lines
• Rule S1219: "switch" statements should not contain non-case labels
• Rule S100: Function and method names should comply with a naming convention
• Rule S124: Track comments matching a regular expression
• Rule S1134: Track uses of "FIXME" tags
• Rule S1067: Expressions should not be too complex
• Rule S1135: Track uses of "TODO" tags
• Rule S126: "if ... else if" constructs should end with "else" clauses

Finally, this version may also significantly reduce the analysis time for big projects.

We hope you will like this new version.