npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@php-workx/skill-sonarqube

v1.3.2

Published

SonarQube/SonarCloud skill for AI coding agents (Claude, Codex, Cursor). Scan changed files, list findings by severity, or autofix issues autonomously.

Downloads

146

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

php-workxphp-workx

Keywords

skillclaudecodexcursorsonarqubesonarcloudcode-qualityagentai-agentopenskills

Readme

skill-sonarqube

SonarQube/SonarCloud skill package for Codex and Claude.

This repository provides:

  • sonarqube skill definitions for Codex and Claude
  • /sonarqube prompt command for Codex
  • installer script to copy skill files into user skill directories

Features

  • Scan only files changed on the current branch (vs base ref)
  • Local mode auto-starts SonarQube, creates the project, configures the new code period, and persists a generated token in repo-local .env
  • Two actions:
    • list: aggregated findings by severity
    • autofix: iteratively fix findings at/above threshold
  • Two scan modes:
    • local: local SonarQube instance/container
    • cloud: SonarCloud/SonarQube cloud APIs or MCP
  • Reads sonar-project.properties for sonar.projectKey, sonar.host.url, sonar.sources, and sonar.tests
  • Warns when test paths are mixed into sonar.sources without sonar.tests
  • Generates a Rust clippy report automatically when Cargo.toml is present
  • Supports both severity models (high/medium/... and critical/major/...)

Prerequisites

  • python3
  • sonar-scanner (local mode only)
  • docker (local mode only, for SonarQube container workflows)

Cloud mode only requires python3, git, and a SONAR_TOKEN.

Install

Via OpenSkills

# project-local install
npx openskills install php-workx/skill-sonarqube

# global install
npx openskills install -g php-workx/skill-sonarqube

Via skills.sh

# project-local install
npx skills add php-workx/skill-sonarqube

# global install
npx skills add -g php-workx/skill-sonarqube

Via npm (public npmjs)

npm install @php-workx/skill-sonarqube

The npmjs package is published from GitHub Actions using npm trusted publishing, so CI does not require a long-lived npm publish token.

Via npm (GitHub Packages)

npm install @php-workx/skill-sonarqube --registry=https://npm.pkg.github.com

Via installer script

git clone --depth 1 --branch v1.3.0 https://github.com/php-workx/skill-sonarqube.git
cd skill-sonarqube
bash scripts/install-sonarqube-skill.sh

After install, restart Codex/Claude so new skills and slash commands are loaded.

Usage

Codex slash command:

/sonarqube list
/sonarqube autofix local high
/sonarqube autofix cloud medium

Natural language usage also works when sonarqube skill is selected by intent.

Configuration

Runtime environment variables:

  • SONAR_TOKEN (preferred; falls back to repo-local .env in local mode)
  • SONAR_USER, SONAR_PASSWORD (fallback)
  • SONAR_HOST_URL (default http://localhost:9000)

Local mode also reads sonar-project.properties directly before falling back to .sonarqube-skill.yaml for host and source settings.

Installer destination overrides:

  • CLAUDE_SKILLS_DIR
  • CODEX_SKILLS_DIR
  • CODEX_PROMPTS_DIR

See docs/CONFIGURATION.md for details.

Python Tooling

Repo-local Python tooling uses uv for optional development helpers such as skill-creator validation:

uv sync --dev
npm run validate:skill

If the skill-creator validator lives outside the default install locations, set SKILL_CREATOR_VALIDATE_SCRIPT to its quick_validate.py path before running npm run validate:skill.

Repository Layout

  • skills/sonarqube/ — canonical skill source for indexers and installers (SKILL.md, scripts, agents config)
  • prompts/sonarqube.md — Codex slash command dispatcher
  • scripts/install-sonarqube-skill.sh — copies skill to both Claude and Codex directories

Troubleshooting

See docs/TROUBLESHOOTING.md.

Release Process

See docs/RELEASE.md.