DeepScan for Node.js

DeepScan provides a Node.js package which enables you to see bugs and quality issues in the CLI (command-line interface) or programmatically.

Provided to limited partners only


DeepScan for Node.js helps you to see bugs and quality issues in the CLI (command-line interface). As for the code review, you can check the code by this package on your CI.

  • Report issues by format.
  • Ignore rules or pattern of files.
Node.js packageHTML Report


Requires Oracle JRE 8 or OpenJDK 8.


  • This package depends on 'java' package requiring node-gyp build during installation.
  • node-gyp requires python 2.x, so installation fails when python does not exist.
  • For more details, check out this documentation.


You can analyze the JavaScript and TypeScript files in the project: *.js, *.jsx, *.mjs, *.ts, *.tsx, and *.vue.

DeepScan for Node.js provides the following options.

-f, --format

Use a specific output format. (defaults to stylish)

deepscan . -f json
  • stylish is a color-coded text
  • csv is a CSV string
  • html is a HTML string (a standalone report with analysis results and charts)
  • json is a JSON string

-o, --output-file

Specify file to write report to.

deepscan . -f json -o ./result.txt


Strip color codes from the output.

deepscan . --no-color -o ./result.txt


Specify rules to ignore.

deepscan . --ignore-rules "UNUSED_DECL,UNUSED_VAR_ASSIGN"


Specify pattern of files to ignore. Each pattern follows the gitignore format.

deepscan . --ignore-patterns "lib/,*.jsx"


Run ESLint. You can see the ESLint alarms with DeepScan's.

deepscan . --enable-eslint

eslint package is required in the local or global. Note that NODE_PATH environment variable is necessary to load the eslint module installed in global.

It directly uses the package so your custom configurations and plugins are applied as is.

Below is an example of webpack build using DeepScan command-line tool with ESLint. Both DeepScan alarms (NULL_POINTER) and ESLint alarms (no-unused-vars, ...) are detected and you can control your build process by these alarms or an exit code.

Run Command-line tools with ESLint

Exit Code

  • 0 when no issues are reported
  • 1 when only low-impact issues are reported
  • 2 when high or medium-impact issues are reported

DeepScan API

It’s possible to use DeepScan programmatically through the Node.js API. You can use DeepScan functionality directly through the API.

var deepscan = require('deepscan');

// Initialize DeepScan with license
deepscan.init({ license: '<license_file_path>' });

var results = [];

// For file or directory
results = deepscan.verifyFile('/home/test/hello');

// For source text
results = deepscan.verify('var foo = null; foo.g;');

// For source text (TypeScript)
results = deepscan.verify('export class RuleActionProvider implements vscode.CodeActionProvider { var foo = null; foo.g; }', {
    language: 'ts'

// For source text (TypeScript React)
results = deepscan.verify("abstract class Hello extends Component { render() { var foo = null; foo.g; return <RoleSelect />; }}", {
    language: 'tsx'

const { alarms } = results;
for (const { impact, name, message, filePath, location, codeFragment } of alarms) {