JavaScript scanning now supported in JetBrains IDEs: Intellij IDEA, Webstorm, and more

July 30, 2021 By Sonatype

3 minute read time

The Sonatype Nexus IQ plugin can now evaluate and analyze JavaScript/Node components in your projects. This functionality is now available for IntelliJ IDEA, in use by an estimated 82% of Java developers as of 2020. IntelliJ IDEA is a feature-rich, integrated development environment (IDE) with coding assistance and out-of-box support for a host of tools and services.

The plugin works as follows:

  • If a project/module in IDEA is properly configured as a Node project/module, (i.e. there is a package.json inside the project and there are local installations of Node.js and a package manager visible from IDEA).
  • Then, we can discover the Node components, analyze them, and present all violations or vulnerabilities to the user in real time - the same way we do for Java components.

Screenshot showing IntelliJ IDEA scanning a project and finding issues on Node modules

Check out our full list of supported IDE integrations.

See our Documentation on Plugin IDEs.

Sonatype customers

Sonatype Lifecycle users get the following out of the box:

  • Java component analysis in IDEA Community
  • Java and Node component analysis in IDEA Ultimate
  • Node component analysis in WebStorm

Writing in multiple languages?

We are able to find and help remediate violations in mixed projects, which contain some Java modules and some Node modules. The plugin will discover all the dependencies and show them in a unified view. You can filter what you see in that view by component type and scope.

image crop showing both Java and JS packages in the same list

If there is a fix available, you can easily migrate to a different version of the component directly in the IDE, and the version update itself will be handled automatically by the plugin. This allows you to find and fix violations in no time, without ever leaving your development tool.

2-Jul-30-2021-03-23-32-58-PM

Image crop showing the success message after updating the component

Download the latest version of the Sonatype Nexus IQ for IDEA plugin here.

You can find out more, including installation, configuration and an overview on our help.sonatype.com portal.

Tags: Product, Sonatype Lifecycle

Written by Sonatype