JavaScript scanning now supported in JetBrains IDEs: Intellij IDEA, Webstorm, and more

Written by Sonatype | July 30, 2021

The Sonatype Nexus IQ plugin can now evaluate and analyze JavaScript/Node components in your projects. This functionality is now available for IntelliJ IDEA, in use by an estimated 82% of Java developers as of 2020. IntelliJ IDEA is a feature-rich, integrated development environment (IDE) with coding assistance and out-of-box support for a host of tools and services.

The plugin works as follows:

If a project/module in IDEA is properly configured as a Node project/module, (i.e. there is a package.json inside the project and there are local installations of Node.js and a package manager visible from IDEA).
Then, we can discover the Node components, analyze them, and present all violations or vulnerabilities to the user in real time - the same way we do for Java components.

Check out our full list of supported IDE integrations.

See our Documentation on Plugin IDEs.

Sonatype customers

Sonatype Lifecycle users get the following out of the box:

Java component analysis in IDEA Community
Java and Node component analysis in IDEA Ultimate
Node component analysis in WebStorm

Writing in multiple languages?

We are able to find and help remediate violations in mixed projects, which contain some Java modules and some Node modules. The plugin will discover all the dependencies and show them in a unified view. You can filter what you see in that view by component type and scope.

If there is a fix available, you can easily migrate to a different version of the component directly in the IDE, and the version update itself will be handled automatically by the plugin. This allows you to find and fix violations in no time, without ever leaving your development tool.

Download the latest version of the Sonatype Nexus IQ for IDEA plugin here.

You can find out more, including installation, configuration and an overview on our help.sonatype.com portal.

View full post