The plugin works as follows:
- If a project/module in IDEA is properly configured as a Node project/module, (i.e. there is a package.json inside the project and there are local installations of Node.js and a package manager visible from IDEA).
- Then, we can discover the Node components, analyze them, and present all violations or vulnerabilities to the user in real time - the same way we do for Java components.
Check out our full list of supported IDE integrations.
See our Documentation on Plugin IDEs.
Sonatype Lifecycle users get the following out of the box:
- Java component analysis in IDEA Community
- Java and Node component analysis in IDEA Ultimate
- Node component analysis in WebStorm
Writing in multiple languages?
We are able to find and help remediate violations in mixed projects, which contain some Java modules and some Node modules. The plugin will discover all the dependencies and show them in a unified view. You can filter what you see in that view by component type and scope.
If there is a fix available, you can easily migrate to a different version of the component directly in the IDE, and the version update itself will be handled automatically by the plugin. This allows you to find and fix violations in no time, without ever leaving your development tool.
You can find out more, including installation, configuration and an overview on our help.sonatype.com portal.