Open Source JavaScript Code Analysis

The quality of the JavaScript code is often verified with the traditional activities of unit and functional testing. There are however tools that allow to check code before ot during its execution to assess its quality and its adherence to coding standards using a process called code analysis. This article presents a list of open source tools to perform static and dynamic code analysis on JavaScript programs.

If static code analysis can be performed individually on each piece of code, modern software development organizations will integrate these tools in their continuous integration or delivery process. This automated approach prevents code that is bad or doesn’t respect the coding standards to reach the production stage. Dynamic code analysis the software when it is performed by executing programs on a real or virtual processor.

The two main know open source tools used for JavaScript code analysis are JSLint and JSHint, the second being a fork of the first one. Developed by the famous Douglas Crockford, JSLint can be considered as the main inspiration of the JavaScript open source code analysis tools family. There are however many different tools that try to achieve the same goal and you might find something more suited to your own needs in the list below, especially if you work in specific JavaScript contexts like Node.js or TypeScript.

Updates
May 9 2018:
* added Iroh.js, SonarJS, ts-simple-ast, twly

* Crawljax

Crawljax is an open source Java tool for automatically crawling and testing modern web applications. Crawljax explores JavaScript-based Ajax web application through an event-driven dynamic crawling engine. It automatically creates a state-flow graph of the dynamic DOM states and the event-based transitions between them. This inferred state-flow graph forms a very powerful vehicle for automating many types of web analysis and testing techniques.

Web site: http://crawljax.com/

* ESLint

ESLint is an open source tool static analysis tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. In many ways, it is similar to JSLint and JSHint with a few exceptions.

Web site: http://eslint.org/

* Esprima

Esprima is a high performance, standard-compliant JavaScript parser. Once the full syntax tree is obtained, various static code analysis can be applied to give an insight to the code: syntax visualization, code validation, editing autocomplete with type inferencing and many others.

Web site: http://esprima.org/

* Flow

Flow is an open source static type checker developed by Facebook, designed to find type errors in JavaScript program. Flow adds static typing to JavaScript to improve developer productivity and code quality. In particular, static typing offers benefits like early error checking, which helps you avoid certain kinds of runtime failures, and code intelligence, which aids code maintenance, navigation, transformation, and optimization.

Flow JavaScript Static Analysis

Web site: http://flowtype.org/

* Iroh.js

Iroh is an open source dynamic code analysis tool for JavaScript. Iroh allows to record your code flow in realtime, intercept runtime information and manipulate program behavior on the fly. In contrast to static analysis (e.g. used in Babel and ESlint), dynamic analysis allows to collect data which is only available at runtime. Iroh makes it possible to collect type information of your running program, analyze it’s behavior, capture and manipulate runtime values like parameters or variables – and all this while your code is actually running!

Iroh.js open source javascript code analyis

Web site: https://maierfelix.github.io/Iroh/

* JavaScript Lint

JavaScript Lint is an open source tool to check all your JavaScript source code for common mistakes without actually running the script or opening the web page. JavaScript Lint is based on JSLint. JavaScript Lint holds an advantage over competing lints because it is based on the JavaScript engine for the Firefox browser. This provides a robust framework that can not only check JavaScript syntax but also examine the coding techniques used in the script and warn against questionable practices.

Web site: http://www.javascriptlint.com/

* JSCS JavaScript Code Style

JSCS (JavaScript Code Style) is an open source code style linter/formatter for programmatically enforcing your style guide. You can configure JSCS for your project/company using over 150 validation rules. It includes presets from popular JavaScript style guides like jQuery, Airbnb or Google.

JSCS JavaScript Code Style

Web site: http://jscs.info/

* JSHint

JSHint is an open source tool to detect errors in JavaScript code and enforce your team’s coding conventions. It was forked from Douglas Crockford’s JSLint project JavaScript code can be analyzed online on the JSHint web site. There is also an Eclipse plugin at http://github.eclipsesource.com/jshint-eclipse/.

JSHint javascript static analysis

Web site: http://jshint.com

* JSLint

JSLint is an open source JavaScript code quality tool that looks for problems in JavaScript programs. JavaScript code can be analyzed online on the JSLint web site.

JSLint javavscript static analysis

Web site: http://www.jslint.com/

* JSPrime

JSPrime is an open source JavaScript static security analysis tool. It’s a very lightweight and very easy to use point-and-click tool based on the popular Esprima ECMAScript parser.

Web site: https://github.com/dpnishant/jsprime

* PHP_CodeSniffer

PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.

Web site: http://pear.php.net/package/PHP_CodeSniffer/

* Plato

Plato is an open source tool that allows JavaScript source code visualization, static and complexity analysis.

Plato is an open source tool that allows JavaScript source code visualization

Figure source: http://es-analysis.github.io/plato/examples/jquery/

Web site: https://github.com/es-analysis/plato

* SonarJS

SonarJS is an open source static code analyser for the JavaScript language. It will allow you to produce stable and easily supported code by helping you to find and to correct bugs, vulnerabilities and smells in your code.

Web site: https://github.com/SonarSource/SonarJS

* srclib

srclib is a polyglot code analysis library, built for hackability. It consists of language analysis toolchains (currently for Go, Java, Python, JavaScript, Ruby, and Haskell) with a common output format, and developer tools (such as editor plugins) that consume this format.

Web site: https://srclib.org

* Tern

Tern is a stand-alone open source code-analysis engine for JavaScript. It is intended to be used with a code editor plugin to enhance the editor’s support for intelligent JavaScript editing.

Web site: http://ternjs.net/

* ts-simple-ast

ts-simple-ast is an open source TypeScript compiler API wrapper. It provides a simple way to navigate and manipulate TypeScript and JavaScript code.

Web site: https://github.com/dsherret/ts-simple-ast

* twly

twly (pronounced “towel-E”) is an open source static analysis tool which can help you keep your code DRY (Don’t Repeat Yourself) by letting you know where you have copy and pasted entire files or portions of them. Run twly on a directory, and twly will magically generate a report for you indicating what has been repeated and in which files. twly is language agnostic and can be used on any text document.

Web site: https://github.com/rdgd/twly

References

List of tools for static code analysis in Wikipedia

Awesome Static Analysis A curated list of static analysis tools, linters and code quality checkers for various programming languages

Source Code Analysis Tools

Videos

Breakthroughs in JavaScript Code Analysis

Static Analysis of Event-Driven Node.js JavaScript Applications

JavaScript Static Security Analysis made easy with JSPrime

PHP_CodeSniffer Static Analysis of PHP and JavaScript

JavaScript Code Analysis with Esprima

srclib: a hackable, polyglot code analysis library

JavaScript Testing and Code Analysis at Facebook

2 Comments on Open Source JavaScript Code Analysis

Comments are closed.