The Best Node.js Static Analysis Tools (Linters/Formatters)
We rank 15 Node.js linters, code analyzers, formatters, and more. Find and compare tools like Mega-Linter, Semgrep, ThreatMapper, and more. Please rate and review tools that you've used. This helps others find the best tools for their projects.
2 Node.js Tools
NodeJSScan
A static security code scanner for Node.js applications powered by libsast and semgrep that builds on the njsscan cli tool. It features a UI with various dashboards about an application's security status.
13 Multi-Language Tools
Mega-Linter
Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes
ThreatMapper
Vulnerability Scanner and Risk Evaluation for containers, serverless and hosts at runtime. ThreatMapper generates runtime BOMs from dependencies and operating system packages, matches against multiple threat feeds, scans for unprotected secrets, and scores issues based on severity and risk-of-exploit.
trivy
A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems.
Offensive 360
Commercial Static Code Analysis system doesn't require building the source code or pre-compilation.
WhiteHat Application Security Platform
WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10.
Help make this list better
Suggest Tools
Frequently Asked Questions
What are Node.js tools?
Node.js is a runtime environment and library for running JavaScript applications outside of the browser. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.
What are the best Node.js static analysis tools and linters?
The most popular Node.js tools ranked by user votes are: Mega-Linter, Semgrep, ThreatMapper, Sigrid, trivy.
Which Node.js services are free for open source projects?
Commercial services with a free plan for open source include Mega-Linter, Semgrep, ThreatMapper, trivy, njsscan, NodeJSScan, standard, lockfile-lint, ShiftLeft Scan.