lsp-mode :heart: sonarlint
SonarLint for Emacs
SonarLintβ’ is a free IDE extension that lets you fix coding issues before they exist!
Like a spell checker,it highlights Bugs and Security Vulnerabilities as you write code, with clear remediation guidance so you can fix them before the code is even committed.
In Emacs supports analysis of JavaScript, TypeScript, Python, Java, HTML, PHP, C/C++, Go, and XML out of the box!
:warning: This is not an official SonarSource extension

How it works
lsp-sonarlint relies on the official vscode extension, which is downloaded and unzipped.
The official VSCode extension typically contains :
- A language server (written in java)
- A Java runtime
- Analysers for 10+ languages
- A VSCode front-end
Requirements
To analyze JavaScript and TypeScript, SonarLint will also need Node.js.To analyse C/C++ projects, SonarLint's CFamily analyzer will need both a working compiler and a compilecommands.json which is typically generated by cmake or bear.
Installation
Source
Download and include the main file lsp-sonarlint.el.Melpa
You can then run the following commands to install lsp-sonarlint:M-x package-refresh-contents RET (to refresh your package database)
M-x package-install RET lsp-sonarlint RET (to install and compile lsp-sonarlint and its dependencies)
Usage
The language server relies on java plugins to properly analyze the selected language source code.By default all are enabled, but you can specify the ones you want.
lisp
(use-package lsp-sonarlint
:custom
;; Allow sonarlint to download and unzip the official VSCode extension
;; If nil, you'll have to do that yourself. See also lsp-sonarlint-download'
;; lsp-sonarlint-download-url' and lsp-sonarlint-download-dir'
(lsp-sonarlint-auto-download t)
;; Choose which analyzers you want enabled. By default all are enabled ;; See command
lsp-sonarlint-available-analyzers' for the full list. (lsp-sonarlint-enabled-analyzers '("java" "cfamily" "python" "text")))
[!WARNING]
On windows, lsp-sonarlint may encounter this issue while unzipping the VSCode extension. If you do, try the following :
(setq lsp-unzip-script lsp-ext-pwsh-script)
Static Analysis Rules
Out of the box, SonarLint automatically checks your code against the following rules:
- JavaScript rules
- TypeScript rules
- Python rules
- Java rules
- HTML rules
- PHP rules
- XML rules
- Go rules
- C rules
- C++ rules
- Bidi (bidirectional unicode characters) + Secrets
Supported settings
lsp-sonarlint-auto-download- Set to t to enable auto-downloading of VSCode's extension on startup.lsp-sonarlint-download-url- Specify another URL for the VSCode extension.lsp-sonarlint-download-dir- Specify where VSCode's extension will be downloaded and unzipped.lsp-sonarlint-use-system-jre- If t, use the system Java runtime instead of the bundled one.lsp-sonarlint-enabled-analyzers- List of analyzers to enable. Defaults to 'all for all analyzers.lsp-sonarlint-modes-enabled- List of major modes where the lsp server will activate.lsp-sonarlint-disable-telemetry- Disable telemetry option (disabled by default).lsp-sonarlint-test-file-pattern- Regex to find test file, most rules are not evaluated on test files.lsp-sonarlint-show-analyzer-logs- Show analyzer logs.lsp-sonarlint-verbose-logs- Make SonarLint logs verbose.lsp-sonarlint-cfamily-compilation-commands-path- Path to compile_commands.json for C/C++ analysis.
Available commands
lsp-sonarlint-download- Download the VSCode extension and unzip it. Called automatically
lsp-sonarlint-auto-downloadis set to t
lsp-sonarlint-available-analyzers- List all available analyzers provided by the downloaded VSCode extension.
Plugins additional info
For most analyzers, lsp-sonarlint provides variables describing additional info.
lsp-sonarlint-LANGUAGE-doc-url- Sonarsource official plugin documentationlsp-sonarlint-LANGUAGE-repository-url- Plugin source code
Plugins not tested yet
Currently, sonarlint's vscode extension also provides omnisharp and Infrastructure As Code (IAC) analyzers. They have not been tested yet, you may expect some additional configuration to make them work. You'll at least need to add the major-modes tolsp-sonarlint-modes-enabled'.
Feel free to try them out and provide feedback.
Data and telemetry
This extension collects anonymous usage data and sends it to SonarSource.
Collection of telemetry is controlled via the setting:
lsp-sonarlint-disable-telemetry, it is disable by default.
Click here to see a sample of the data that are collected.
Additional packages
- lsp-ui : Flycheck, documentation and code actions support.
- company-capf : Completion backend support.
- treemacs : Project viewer.
- lsp-treemacs :
lsp-mode GUI controls implemented using treemacs.
Development
Prerequisites
You will need
make and eask to run lsp-sonarlint tests. See also (Requirements)(#requirements) section.
If you do not have
eask installed, you can install it locally with:
<pre><code class="lang-">shell npm install @emacs-eask/cli export EASK="$PWD/node_modules/@emacs-eask/cli/eask"</code></pre>
Or globally with:
<pre><code class="lang-">shell npm install -g @emacs-eask/cli</code></pre>
Testing
We use Emacs ERT for testing. You can run tests with:
<pre><code class="lang-">shell make package make install make compile make download-sonarlint make test</code></pre>
Interactive Testing
You can also run the tests one-by-one interactively.
Open a test file from tests/*.el in Emacs. Evaluate the file contents (
eval-buffer) to load test definitions into the session. Run ert command to run all or selected tests. To run the integration tests, you will have to shut down all your lsp workspaces to ensure consistent starting state.
Check out
lsp-log, lsp-log: sonarlint:NNNNNNNN, sonarlint, sonarlint:stderr` for logs when troubleshooting a test.
You can start with test/trivial-test.el to check that your testing harness works.
Contributions
Contributions are very much welcome.
Copyright
SONARLINT and SONARSOURCE are trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.