Codiga has joined Datadog!

Read the Blog·

Interested in our Static Analysis?

Sign up
← All posts
Daniel Strong Saturday, January 28, 2023

Analyze your code with the Codiga CLI tool

Share

AUTHOR

Daniel Strong, Frontend Engineer

Daniel is a Frontend Engineer at Codiga.

He is a passionate frontend engineer, teacher, and learner. He has worked on or led several creative projects where he's grown his leadership, management, design, and programming skills.

See all articles

A new addition to the Codiga CLI tool was released recently: the analyze command. This gives you the ability to analyze a file or your whole project against a set of rules (rulesets).

Getting started with the Codiga CLI

Getting started with the Codiga CLI tool is very simple. We have a separate blog post, The Codiga CLI tool, with a full explanation of getting started and the base commands, but for this post's sake, here's the quickest way to get started analyzing your code.

The Codiga CLI tool is available through NPM, so you'll need to ensure you have Node.js installed.

Open your preferred terminal (Zsh, Fish, or another) and run the following command to check if you have Node.js installed.

node -v

If you don't see a version number appear, you'll need to download Node.js to continue.

In this post, our example commands with be using the npx command, which downloads our package on each invocation.

npx @codiga/cli --help

In this post, we'll be using the npx @codiga/cli base command which temporarily downloads our package from NPM to run the requested command.

How do you analyze your code with the Codiga CLI tool?

How to analyze a single file using the Codiga CLI tool

To analyze a single file named file.js in the current directory you could run either of the following commands.

# with the --ruleset option
npx @codiga/cli analyze file.js --ruleset foo-ruleset

# with the --ruleset option alias -r
npx @codiga/cli analyze file.js -r foo-ruleset -r bar-ruleset

The first command would analyze file.js for violations with the rules found in foo-ruleset. The second would include the rules from both foo-ruleset and bar-ruleset.

When analyzing a single file, a valid ruleset must be set using the --ruleset option. View all options below.

How to analyze an entire directory using the Codiga CLI tool

To analyze a directory and all the files within, you could run any of the following commands to target the directory foo.

# /Users/cool-name/foo
npx @codiga/cli analyze

# /Users/cool-name
npx @codiga/cli analyze foo

# /Users/cool-name
npx @codiga/cli analyze ./foo

# anywhere
npx @codiga/cli analyze /Users/cool-name/foo

When analyzing a directory, our analysis will automatically include all rulesets found in a codiga.yml file within that directory.

However, if you specify a ruleset using the --ruleset option that would override any rulesets found in a codiga.yml file.

If there isn't a codiga.yml in the desired directory and no rulesets were specified with the --ruleset option, the analysis will not proceed as there are no rules to check for violations.

You can use another command, npx @codiga/cli ruleset-add, to create a codiga.yml quickly.

Analysis Command Examples

To quickly begin analyzing your code, we have included some examples below. Additional rulesets are available on the Codiga Hub.

Python

For Python, we recommend the rulesets python-security, python-best-practices, python-code-style, and python-inclusive as they are very common.

npx @codiga/cli analyze -r python-security -r python-best-practices -r python-code-style -r python-inclusive /path/to/project

JavaScript for React

For JavaScript, we recommend the rulesets javascript-best-practices, jsx-a11y, jsx-react, react-best-practices as they are widely used.

npx @codiga/cli analyze -r typescript-best-practices -r jsx-a11y -r jsx-react -r react-best-practices  /path/to/project

TypeScript for React

For TypeScript, we recommend the rulesets typescript-best-practices, jsx-a11y, jsx-react, react-best-practices as they are frequently used.

npx @codiga/cli analyze -r typescript-best-practices -r jsx-a11y -r jsx-react -r react-best-practices  /path/to/project

What options are available to custom the analysis?

There are several options available to customize the behavior of the analyze command.

Analyze option: -r/--ruleset

The ruleset option allows you to specify the rulesets you want to analyze your code with. As mentioned above, if you are analyzing a file, you must specify at least one valid ruleset to continue. When analyzing a directory, if you don't have a codiga.yml present or you want to override the rulesets within, you can use this option.

Analyze option: -f/--format

The format option allows you to control how violations are reported to you. The available options are:

  • text (default)
  • json
  • csv

Analyze option: -o/--output

The output option enables you to specify a file in which you would like the violations to be written. By default, we print any violations to the standard output.

If you've specified an output file and there are no violations, we do not create a file.

Analyze option: --follow-symlinks

If you have symbolic links within your project and you want or need the analysis to follow such links, you must pass in the --follow-symlinks option. By default, we do not follow symlinks.

How can you fix and catch issues?

With Codiga you can check your code at each step of the development lifecycle:

Related Links

Are you interested in Datadog Static Analysis?

Sign up