* added Hegel, Lizard, MegaLinter
December 13 2021
* added Codehawk, Codemodel-Rifle, Insider
December 15 2020
* added Nocuous, JScent, JSDeodorant, Semgrep
* added Codelyzer, CodeClimmate-Duplication, NodeJsScan, SourceCodeSniffer
* updated ESLint (description)
May 9 2018:
* added Iroh.js, SonarJS, ts-simple-ast, twly
* Codehawk CLI
Codelyzer is an open source project that provides a set of tslint rules for static code analysis of Angular TypeScript projects. You can run the static code analyzer over web apps, NativeScript, Ionic, etc.
Web site: http://eslint.org/
Web site: http://esprima.org/
* No Runtime Type Errors. Hegel has a strong type system and soundness checks. This means that he finds any TypeError that may be thrown in runtime.
* Optional Type Annotation. Hegel has a high-level type inference which gives you the ability to drop a type annotation.
* Typed Errors. Hegel has a mechanism to inference and annotates which errors should be thrown by functions.
* Using d.ts as libraries definitions. Hegel has not a custom language for library typings description. We use a lot of existed .d.ts files as the source of typings for any libraries.
Website: https://hegel.js.org/, https://github.com/JSMonk/hegel
JScent is a program analyzer that detects code smells. Code smells are potential issues with source code that can correspond to a deeper problem in the program. For example, JScent can detect issues such as long methods, too many comments, feature envy, message chains, dead code and more. JScent produces a report that summarizes all the code smells found in a concise and usable way – easily accessible in the console. The JScent analysis can be classified both as a value-agnostic static analysis and a meta-properties analysis, as some code smells lean more toward syntax and others more toward semantics and high-level software engineering principles. JScent is aimed at developers and teams who are trying to build code that is maintainable, extensible, and well structured. The reports generated are not intended to be prescriptive but rather point out areas that may be cause for concern as a project grows in size and scope. JScent is structured in a way that it is easily extensible to add new code smells in the future. Next steps for the team include adding more nuanced, difficult to spot smells to the analysis report.
Lizard is an open source extensible Cyclomatic Complexity Analyzer for many programming languages including C/C++ (doesn’t require all the header files or Java imports). It also does copy-paste detection (code clone detection/code duplicate detection) and many other forms of static code analysis. Lizard actually calculates how complex the code ‘looks’ rather than how complex the code really ‘is’. People will need this tool because it’s often very hard to get all the included folders and files right when they are complicated. But we don’t really need that kind of accuracy for cyclomatic complexity. It requires python2.7 or above
MegaLinter is an Open-Source tool for CI/CD workflows that analyzes the consistency of your code, IAC, configuration, and scripts in your repository sources, to ensure all your projects sources are clean and formatted whatever IDE/toolbox is used by their developers. MegaLinter supports 53 languages, 24 formats, 22 tooling formats and ready to use out of the box, as a GitHub action or any CI system.
NodeJsScan is a static security code scanner for Node.js applications.
Figure source: http://es-analysis.github.io/plato/examples/jquery/
Website: https://semgrep.dev/, https://github.com/returntocorp/semgrep
Web site: https://github.com/frizb/SourceCodeSniffer
Web site: https://srclib.org
Web site: http://ternjs.net/
Web site: https://github.com/dsherret/ts-simple-ast
twly (pronounced “towel-E”) is an open source static analysis tool which can help you keep your code DRY (Don’t Repeat Yourself) by letting you know where you have copy and pasted entire files or portions of them. Run twly on a directory, and twly will magically generate a report for you indicating what has been repeated and in which files. twly is language agnostic and can be used on any text document.
Web site: https://github.com/rdgd/twly
List of tools for static code analysis in Wikipedia
Source Code Analysis Tools by OWASP Foundation
Awesome Static Analysis A curated list of static analysis tools, linters and code quality checkers for various programming languages
srclib: a hackable, polyglot code analysis library
Reflux is an open source code analyser for a React.js/Fluxible app https://github.com/slidewiki/reflux-analysis
Yes, but… it is not an open source tool itself! ;O)