npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

get-sonar-feedback

v0.4.1

Published

A CLI tool to fetch SonarCloud feedback for pull requests

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

chaspychaspy

Keywords

sonarcloudcode-qualityclipull-request

Readme

get-sonar-feedback

release-on-version npm version

A CLI tool to fetch SonarCloud feedback for pull requests and project-wide analysis directly from your terminal.

Features

🔴 PR Analysis

  • 🎯 Quality Gate status checking
  • 🐛 Code issues detection
  • 🔒 Security hotspots analysis
  • 🔄 Code duplication metrics
  • 📊 Test coverage reporting
  • 🔍 Auto-detect PR number from current git branch

📊 Project-wide Analysis

  • 📊 Project metrics: Get comprehensive quality metrics for any branch
  • 🐛 All issues: Analyze all issues with severity breakdown and detailed reporting
  • 🎆 Maintenance audits: Regular quality checks beyond PR reviews

Installation

npm install -g get-sonar-feedback

Or clone and build locally:

git clone https://github.com/chaspy/get-sonar-feedback.git
cd get-sonar-feedback
npm install
npm run build

Usage

PR Analysis

# Analyze specific pull request
get-sonar-feedback pr 123

# Auto-detect PR from current branch
get-sonar-feedback pr

Project Metrics

# Get metrics for main branch
get-sonar-feedback metrics

# Get metrics for specific branch
get-sonar-feedback metrics -b develop

Issues Analysis

# Get all issues for main branch
get-sonar-feedback issues

# Get all issues for specific branch
get-sonar-feedback issues -b feature-branch

# Show only the first N detailed issues
get-sonar-feedback issues --limit 50

# Show all detailed issues
get-sonar-feedback issues --all

Configuration

Required Environment Variables

  • SONAR_TOKEN: Your SonarCloud authentication token
  • SONAR_PROJECT_KEY: Your SonarCloud project key (e.g., my-org_my-project)
  • SONAR_ORGANIZATION: Your SonarCloud organization key

Optional Environment Variables

  • GITHUB_TOKEN: GitHub personal access token (required for PR auto-detection if not using GitHub CLI)
  • DEBUG: Set to true to enable debug output (see Debug Mode section below)
  • NODE_ENV: Set to debug to enable debug output

Alternatively, you can authenticate with GitHub CLI:

gh auth login

Debug Mode

When encountering issues like 404 errors from SonarCloud API, you can enable debug mode to see detailed information about API calls and responses:

# Using DEBUG environment variable
DEBUG=true get-sonar-feedback pr

# Or using NODE_ENV
NODE_ENV=debug get-sonar-feedback pr

Debug mode will display:

  • SonarCloud configuration (Project Key, Organization)
  • Complete API URLs being called
  • Response status codes and error messages
  • Response body content for failed requests

This is particularly useful for troubleshooting authentication issues or misconfigured project keys.

Release & Publish

  • Merging a PR into main triggers an automated minor version bump, creates a Git tag and a GitHub Release, then publishes to npm.
  • Requirements:
    • Add NPM_TOKEN in GitHub Actions Secrets with publish permission.
    • The package.json name must be available on npm, and the next version must be unused.

Workflows involved:

  • .github/workflows/auto-minor-release.yml: bump minor on merge/push to main and create a GitHub Release.
  • .github/workflows/publish-npm.yml: publish to npm when a GitHub Release is published.

Example Output

PR Analysis Output

==========================================
SonarCloud Analysis for PR #123
==========================================

🎯 Quality Gate Status
--------------------------------------------------
Overall Status: OK

🐛 Issues
--------------------------------------------------
Total Issues: 2
Effort Total: 10min
Debt Total: 10min

Issue Key: AY1234567890
Rule: typescript:S1234
Severity: MINOR
File: src/index.ts
Line: 42
Message: Remove this unused variable
Effort: 5min
Tags: unused

🔒 Security Hotspots
--------------------------------------------------
Total Security Hotspots: 0
✅ No security hotspots found.

🔄 Code Duplication
--------------------------------------------------
Duplication Density: 0.0%
Duplicated Lines: 0
Duplicated Blocks: 0

📊 Test Coverage
--------------------------------------------------
Coverage: 85.5%
Lines to Cover: 200
Uncovered Lines: 29

==========================================
Analysis Complete
==========================================

Project Metrics Output

==========================================
Project Metrics for branch: main
==========================================

📊 Project Metrics
--------------------------------------------------
🐛 Bugs: 0
🔓 Vulnerabilities: 1
💨 Code Smells: 21
📊 Coverage: 85.2%
🔄 Duplicated Lines Density: 2.5%
🎯 Cyclomatic Complexity: 3642
🧠 Cognitive Complexity: 2102
⚡ Reliability Rating: A
🔒 Security Rating: E
🏗️  Maintainability Rating: A
📄 Lines of Code: 33025
⏱️  Technical Debt: 9h 12min

==========================================
Metrics Complete
==========================================

Development

# Install dependencies
npm install

# Run in development mode
npm run dev

# Build for production
npm run build

License

MIT