Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More

July 30, 2021 By Kevin Miller

The Sonatype Nexus IQ plugin can now evaluate and analyze Javascript/Node components in your projects. This functionality is now available for IntelliJ IDEA, in use by an estimated 82% of Java developers as of 2020. IntelliJ IDEA is a feature-rich, integrated development environment (IDE) with coding assistance and out-of-box support for a host of tools and services.

The plugin works as follows:

  • If a project/module in IDEA is properly configured as a Node project/module, (i.e. there is a package.json inside the project and there are local installations of Node.js and a package manager visible from IDEA).
  • Then, we can discover the Node components, analyze them, and present all violations or vulnerabilities to the user in real time - the same way we do for Java components.

Screenshot showing IntelliJ IDEA scanning a project and finding issues on Node modules

Other supported IDEs

The Nexus IQ plugin also works with:

  • WebStorm (another Jetbrains IDE)
  • Android Studio
  • DataGrip
  • GoLand
  • MPS
  • PhpStorm
  • Rider
  • RubyMin

Is your IDE not listed? Check out our full list of supported IDE integrations.

Sonatype customers

Nexus Lifecycle users get the following out of the box:

  • Java component analysis in IDEA Community
  • Java and Node component analysis in IDEA Ultimate
  • Node component analysis in WebStorm

Writing in multiple languages?

We are able to find and help remediate violations in mixed projects, which contain some Java modules and some Node modules. The plugin will discover all the dependencies and show them in a unified view. You can filter what you see in that view by component type and scope.

image crop showing both Java and JS packages in the same list

If there is a fix available, you can easily migrate to a different version of the component directly in the IDE, and the version update itself will be handled automatically by the plugin. This allows you to find and fix violations in no time, without ever leaving your development tool.

2-Jul-30-2021-03-23-32-58-PM

Image crop showing the success message after updating the component

Download the latest version of the Nexus IQ for IDEA plugin here.

You can find out more, including installation, configuration and an overview on our help.sonatype.com portal.

Tags: Nexus Lifecycle, featured, Product

Written by Kevin Miller

Kevin Miller is a Product Marketing Manager at Sonatype where he works to empower the development community to shift component choice and security left. He believes that putting the right tools and options in the hands of developers will help accelerate software innovation and minimize open source risk.