December 13 2021
* added Codehawk, Codemodel-Rifle, Insider
December 15 2020
* added Nocuous, JScent, JSDeodorant, Semgrep
* added Codelyzer, CodeClimmate-Duplication, NodeJsScan, SourceCodeSniffer
* updated ESLint (description)
May 9 2018:
* added Iroh.js, SonarJS, ts-simple-ast, twly
* Codehawk CLI
Codelyzer is an open source project that provides a set of tslint rules for static code analysis of Angular TypeScript projects. You can run the static code analyzer over web apps, NativeScript, Ionic, etc.
Web site: http://eslint.org/
Web site: http://esprima.org/
JScent is a program analyzer that detects code smells. Code smells are potential issues with source code that can correspond to a deeper problem in the program. For example, JScent can detect issues such as long methods, too many comments, feature envy, message chains, dead code and more. JScent produces a report that summarizes all the code smells found in a concise and usable way – easily accessible in the console. The JScent analysis can be classified both as a value-agnostic static analysis and a meta-properties analysis, as some code smells lean more toward syntax and others more toward semantics and high-level software engineering principles. JScent is aimed at developers and teams who are trying to build code that is maintainable, extensible, and well structured. The reports generated are not intended to be prescriptive but rather point out areas that may be cause for concern as a project grows in size and scope. JScent is structured in a way that it is easily extensible to add new code smells in the future. Next steps for the team include adding more nuanced, difficult to spot smells to the analysis report.
NodeJsScan is a static security code scanner for Node.js applications.
Figure source: http://es-analysis.github.io/plato/examples/jquery/
Website: https://semgrep.dev/, https://github.com/returntocorp/semgrep
Web site: https://github.com/frizb/SourceCodeSniffer
Web site: https://srclib.org
Web site: http://ternjs.net/
Web site: https://github.com/dsherret/ts-simple-ast
twly (pronounced “towel-E”) is an open source static analysis tool which can help you keep your code DRY (Don’t Repeat Yourself) by letting you know where you have copy and pasted entire files or portions of them. Run twly on a directory, and twly will magically generate a report for you indicating what has been repeated and in which files. twly is language agnostic and can be used on any text document.
Web site: https://github.com/rdgd/twly
List of tools for static code analysis in Wikipedia
Source Code Analysis Tools by OWASP Foundation
Awesome Static Analysis A curated list of static analysis tools, linters and code quality checkers for various programming languages
Source Code Analysis Tools
How toxic is your code?
srclib: a hackable, polyglot code analysis library