npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@jonathan0823/pi-sonarqube

v0.7.0

Published

SonarQube extension for Pi — run local analysis and browse issues.

Readme

pi-sonarqube

A Pi extension to run local SonarQube analysis and browse the resulting issues — all from within Pi.

Requirements

  • Pi installed
  • A running SonarQube server (e.g. http://localhost:9000)
  • sonar-scanner available in $PATH

Install

pi install npm:@jonathan0823/pi-sonarqube

Or add it to your settings.json:

{
  "packages": ["npm:@jonathan0823/pi-sonarqube"]
}

Then /reload in Pi.

Quick start

1. Init project config

Inside a project directory, run:

/sonarqube init

For monorepos, you can point at a path directly:

/sonarqube init apps/web
/sonarqube init apps/api

Pi will ask you for:

  • SonarQube server URL (prefilled with http://localhost:9000)
  • Project key (default: derived from directory name)
  • Token (optional, used when your server requires auth)

The config is saved to <project>/.pi/sonarqube.json.

2. Run analysis

/sonarqube analyze
/sonarqube analyze apps/web
/sonarqube analyze apps/api

Pi will:

  1. Run sonar-scanner against your server
  2. Wait for the analysis to complete
  3. Fetch the latest issues
  4. Return a concise summary with issues and duplication metrics

3. Browse issues

/sonarqube issues
/sonarqube issues apps/web

Use Up/Down to move, Enter to preview the affected source code, Esc to close, and type to search by file, rule, severity, status, or message.

Tip: Tab-complete /sonarqube subcommands and filters in the editor.

4. View project metrics

/sonarqube metrics
/sonarqube metrics apps/web

Shows coverage percentage, duplicated lines, and issue severity breakdown — no scanner needed.

5. Browse duplicated files

/sonarqube duplications
/sonarqube duplications apps/web

Use Up/Down to move, Enter for block locations and line ranges, and type to search by file path or duplication stats. Pass a file number directly to skip the browser: /sonarqube duplications 1.

6. Open a specific issue

/sonarqube open 3
/sonarqube open apps/web 3

Commands

| Command | Description | | -------------------------------- | ----------------------------------------------- | | /sonarqube init [path] | Set up project config for a path | | /sonarqube analyze [target] | Run analysis and show issues + duplication metrics | | /sonarqube issues [target] | Browse the latest analysis results for a target | | /sonarqube metrics [target] | Show project metrics (coverage %, duplication %, issue counts, no scanner) | | /sonarqube duplications [target] | Browse duplicated files and blocks with drill-down | | /sonarqube open [target] <n> | Preview source at issue #n |

Tool (for the LLM)

The extension also registers a sonarqube tool that the LLM can call with actions:

  • analyze — run analysis
  • issues — list issues
  • metrics — show project-level coverage, duplication & issue counts
  • duplications — list duplicated files and block details
  • open — open an issue with its index

The tool accepts optional issue filters (severities, statuses, types, rules, softwareQualities, impactSeverities) so the agent can fetch just the most relevant issues.

Filter families

SonarQube supports two filter families depending on the server mode:

  • Standard Experience (legacy): type (BUG, VULNERABILITY, CODE_SMELL) and severity (BLOCKER, CRITICAL, MAJOR, MINOR, INFO)
  • MQR mode: quality (MAINTAINABILITY, RELIABILITY, SECURITY) and impactSeverity (BLOCKER, HIGH, MEDIUM, LOW, INFO)

Both families can be used from the /sonarqube issues command:

/sonarqube issues type:BUG
/sonarqube issues severity:CRITICAL status:OPEN
/sonarqube issues quality:RELIABILITY
/sonarqube issues quality:SECURITY impactSeverity:HIGH

Important: Legacy filters and MQR filters cannot be combined in the same query. If you mix them (e.g., type:BUG quality:SECURITY), you'll see an error telling you to pick one family.

The server mode is auto-detected via the api/v2/clean-code-policy/mode endpoint and cached per session.

Use paths directly.

Configuration sources (precedence order)

  1. Environment variables (highest)
    • SONARQUBE_URL / SONAR_HOST_URL
    • SONARQUBE_TOKEN / SONAR_TOKEN
    • SONAR_PROJECT_KEY
  2. Project config.pi/sonarqube.json (set via /sonarqube init)
  3. Scan propertiessonar-project.properties
  4. Defaultshttp://localhost:9000, project key from directory slug

Project structure

packages/pi-sonarqube/
├── src/
│   └── index.ts          # Extension source + init command + config
├── dist/
│   ├── index.js          # Compiled output
│   ├── index.d.ts        # Type declarations
│   └── index.js.map      # Source map
├── fixtures/
│   ├── issue-project/    # Test project with known issues
│   └── clean-project/    # Test project with no issues
├── README.md
├── LICENSE
├── package.json
└── tsconfig.json

Contributing

See CONTRIBUTING.md.

License

MIT