Open Source Source Code Analysis Tools

ShellCheck is a GPLv3 tool that provides warnings and possible suggestions for bash/sh shell scripts. ShellCheck finds bugs in your shell scripts. You can cabal, apt, dnf, pkg or brew install it locally right now. ShellCheck highlights and clarifies typical beginner's syntax mistakes and issues that cause a shell to give a cryptic error message. It shows typical intermediate level semantic problems that cause a shell to behave in a abnormally and counter-intuitively. It can also discover ssubtle caveats, corner cases and pitfalls that may cause an user's working script to fail under probable future circumstances. ShellCheck.net is always synchronized to the latest git version, and is the simplest way to give ShellCheck a go.

Static security code scanner (SAST) for Node.js applications powered by libsast and semgrep. nodejsscan is a static security code scanner for Node.js applications.

Static code analysis tool you need for your HTML. By default, htmlhint looks for a .htmlhintrc file in the current directory and all parent directories and applies its rules when parsing a file.

Infer is a static analysis tool - if you give Infer some Java or C/C++/Objective-C code it produces a list of potential bugs. Anyone can use Infer to intercept critical bugs before they have shipped to users, and help prevent crashes or poor performance. Infer checks for null pointer exceptions, resource leaks, annotation reachability, missing lock guards, and concurrency race conditions in Android and Java code. Infer checks for null pointer dereferences, memory leaks, coding conventions and unavailable API’s. Start with the Getting Started guide and our other docs to download and try Infer yourself. Infer is still evolving, and we want to continue to develop it in the open. We hope it will be useful for other projects, so please try it out or contribute to it, join the community and give us feedback!

Tiny 500b fetch "barely-polyfill". With a module bundler like rollup or webpack, you can import unfetch to use in your code without modifying any globals. While one of Unfetch's goals is to provide a familiar interface, its API may differ from other fetch polyfills/ponyfills. One of the key differences is that Unfetch focuses on implementing the fetch() API, while offering minimal (yet functional) support to the other sections of the Fetch spec, like the Headers class or the Response class. Uses simple arrays instead of iterables, since arrays are iterables. No streaming, just Promisifies existing XMLHttpRequest response bodies. Use in Node.JS is handled by isomorphic-unfetch.