Run with NPM

The npm packagepromyze-cli allows to compute best practices suggestions on a code base to detect locations where best practices are not followed. It also provides facilities to produce a report file for tools like SonarQube, or in the SARIF format (Static Analysis Results Interchange Format).
npm: promyze-cli
npm
Installation
We recommend installing the promyze-cli tool globally.
npm i -g promyze-cli 
Configuration 
There are two mandatory parameters to set:
PROMYZE_URL: The full URL of your Promyze instance (ex: https://acme.promyze.app)
PROMYZE_API_KEY: A valid user API Key to connect to your Promyze instance.
We recommend setting these values as environment variables, but you can also pass them as command-line arguments. 
You can also use the dotenv package:
npm install dotenv dotenv-cli
Then, create a .env.promyze file and set these two values (add it to your .gitignore to not share sensitive data): 
PROMYZE_URL=
PROMYZE_API_KEY=
Then add a script in your package.json:
{
  "scripts": {
    "promyze-cli": "dotenv -e .env.promyze promyze-cli scan ."
  }
}
And you can finally run it as:
npm run promyze-cli
Run standalone 
Outside a npm script, run the following command to ensure everything works fine:
promyze-cli scan .
//or npm run promyze-cli if you've followed above instructions
If yes, you can check the section below to configure the code analysis.
Configuration 
Usage: Promze scan [options] [sources]
​
Scan the comma-separated list of files/directories to detect negative examples of best practices
​
Options:
  -e, --exclude <value>          Comma-separated list of patterns to exclude files that contain one of them (ex: "Listener"). These are only string patterns, not regular expressions. (default: "dist/,node_modules,.min.,.map.,.git/") 
  
  -ext, --extensions <severity>  Comma-separated list of extensions to exclusively include, ex: ".js,.ts" (default: "")
  
  -m, --mode <mode>              Execution mode:
                                  * "all" : scan all the codebase
                                  * "onlyChanged": Should only scan edited files on SCM (only Git is supported): (default: "all")
                                  
  -g, --grouped <grouped>        For the "console" formatter, group the result by files or practices: ["files", "practices"] (default: "files")
  
  -f, --formatters <formatters>  Comma-separated list of formatters: ["console", "sonarqube", "sarif"] (default: "console")
  
  -o, --output <outputFile>      File output when formatters do not only include "console" (default: "promyze-scan.json")
  
  -s, --severity <severity>      Severity of the issues in the report, such as "WARNING", "MAJOR", "BLOCKER", .... Only relevant when formatter is "sonarqube" or "sarif" (default: "MAJOR")
​
  -u, --url <url>                Indicate the full Promyze URL (ex: https://acme.promyze.app). You can pass it with PROMYZE_URL environment variable."        
                                 (default: "")
​
  -k, --apiKey <url>             Indicate the full Promyze API Key. We recommend to use instead the PROMYZE_API_KEY environment variable. (default: "")       
​
​
  -t, --type <issueType>         Exclude file patterns, such as "CODE_SMELL", "VULNERABILITY", "BUG", ... Only relevant when formatter is "sonarqube" or "sarif" (default: "CODE_SMELL")
​
For any suggestion to improve this package, feel free to submit us your suggestion, and we'd be happy to consider it:
Roadmap · Promyze Feedback
TryNolt
Last modified 27d ago