npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@nielspeter/sonarlint-mcp-server

v0.2.1

Published

MCP server providing SonarLint code analysis for Claude Desktop and other MCP clients

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

npstrandbergnpstrandberg

Keywords

mcpsonarlintsonarqubecode-qualitystatic-analysiside-integration

Readme

SonarLint MCP Server

A Model Context Protocol (MCP) server that brings enterprise-grade code analysis to Claude Desktop and other MCP clients using SonarLint's standalone SLOOP backend.

License: MIT Node.js Version

Features

  • 🔍 Real-time Code Analysis - Detect bugs, code smells, and security vulnerabilities
  • 🚀 Fast & Standalone - No IDE or SonarQube server required
  • 📦 Multiple Languages - JavaScript, TypeScript, Python (265+ JS rules)
  • 💾 Session Storage - Results stored in memory for multi-turn conversations
  • 🔧 Quick Fixes - Automated suggestions for common issues
  • 🎯 Batch Analysis - Analyze multiple files efficiently

Quick Start

Prerequisites

  • Node.js 20.0.0 or higher
  • Claude Desktop (or any MCP client)

Installation

No installation required! Use npx to run directly:

npx @nielspeter/sonarlint-mcp-server

The SLOOP backend (~70MB) downloads automatically on first run.

Or install globally:

npm install -g @nielspeter/sonarlint-mcp-server

Or from source (for development):

git clone https://github.com/nielspeter/sonarlint-mcp-server.git
cd sonarlint-mcp-server
npm install  # Auto-downloads SLOOP backend (~70MB)
npm run build

Configure Claude Desktop

Using Claude Code CLI (Recommended)

claude mcp add --transport stdio sonarlint -- npx -y @nielspeter/sonarlint-mcp-server

This automatically updates your Claude Desktop configuration.

Manual Configuration

Add to your claude_desktop_config.json:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Linux: ~/.config/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "sonarlint": {
      "command": "npx",
      "args": ["-y", "@nielspeter/sonarlint-mcp-server"]
    }
  }
}

Restart Claude Desktop and you're ready!

Usage

Once configured, Claude can analyze your code:

Analyze my JavaScript file for code quality issues: /path/to/file.js
Check these files for bugs: src/app.ts, src/utils.ts
Analyze this code snippet:
function process(data) {
  var result = data;  // Issues with 'var'
  return result;
}

Available Tools

| Tool | Description | |------|-------------| | analyze_file | Analyze a single file for issues | | analyze_files | Batch analyze multiple files | | analyze_content | Analyze code snippets (no file needed) | | list_active_rules | Show all active SonarLint rules | | health_check | Check server status and diagnostics |

Example Analysis Output

{
  file: "/path/to/file.js",
  language: "javascript",
  issues: [
    {
      line: 4,
      column: 2,
      severity: "MAJOR",
      rule: "javascript:S3504",
      message: "Unexpected var, use let or const instead.",
      quickFix: {
        message: "Replace with 'const'",
        edits: [...]
      }
    }
  ],
  summary: {
    total: 5,
    critical: 0,
    major: 3,
    minor: 2
  }
}

Supported Languages

| Language | Extensions | Rules | |----------|------------|-------| | JavaScript | .js, .jsx, .mjs, .cjs | 265 | | TypeScript | .ts, .tsx | 265 | | Python | .py | ~100 |

Architecture

Claude Desktop
      ↓ MCP Protocol (stdio)
SonarLint MCP Server (this project)
      ↓ JSON-RPC
SLOOP Backend (SonarLint Local Operations)
      ↓ Plugin API
Language Analyzers (JS/TS, Python)

The server uses SonarLint's standalone SLOOP backend with:

  • Version: 10.32.0.82302 (WebStorm-compatible)
  • Bundled JRE: Java 17
  • Bi-directional RPC: Client request handlers implemented
  • Session Storage: Results stored in memory for multi-turn conversations

Development

# Install dependencies (auto-downloads backend)
npm install

# Build
npm run build

# Run tests
npm test

# Watch mode (auto-rebuild)
npm run dev

# Inspect with MCP Inspector
npm run inspect

Testing

# Run test suite
npm test

# Run with UI
npm run test:ui

# Run with coverage
npm run test:coverage

Tests validate:

  • SLOOP bridge functionality
  • File and content analysis
  • JavaScript and Python plugin detection
  • Quick fix support
  • Error handling

Documentation

Technical Highlights

This project demonstrates several key technical achievements:

  1. Standalone SLOOP - First documented standalone use of SonarLint's SLOOP backend
  2. Bi-directional RPC - Complete client request handler implementation
  3. MCP Integration - Full Model Context Protocol implementation with resources
  4. Session Management - Results storage for multi-turn conversations
  5. Production Ready - Comprehensive testing, error handling, and monitoring

Critical Implementation Details

For anyone using SLOOP programmatically:

  • listFiles must return ClientFileDto with file content (not just URIs)
  • isUserDefined: true is mandatory (SLOOP filters out false values)
  • bundlePath should be parent directory (SLOOP appends /package/bin/server.cjs)
  • Client must implement 4 request handlers (listFiles, getBaseDir, etc.)
  • backendCapabilities required for proper initialization

Why This Approach?

Advantages

  • ✅ No IDE dependency - runs completely standalone
  • ✅ Full API access - all SLOOP services available
  • ✅ Better control - configure for specific needs
  • ✅ More reliable - direct process communication
  • ✅ CI/CD capable - can run in automated environments
  • ✅ Faster - no IDE overhead

Comparison to IDE Integration

We initially investigated connecting to IDE servers (WebStorm port 64120) but discovered:

  • IDE server is only for "Open in IDE" from SonarQube Server/Cloud
  • Limited API access
  • IDE must be running
  • Not suitable for programmatic access

Related Projects

  • SonarQube MCP Server - Official server for SonarQube Server/Cloud APIs
    • Complementary approach requiring server setup
    • This project provides local, standalone analysis

Contributing

Contributions welcome! Areas for improvement:

  • Additional language support (Java, Go, PHP)
  • Custom rule development
  • Advanced rule configuration
  • Performance optimizations
  • CI/CD integrations

License

MIT License - see LICENSE

Acknowledgments

  • SonarSource for building SLOOP and SonarLint
  • Anthropic for the Model Context Protocol
  • Claude Code for enabling this development

Status: ✅ Production Ready - All phases complete with comprehensive testing