Skill

static-code-analysis

Implements static code analysis with linters (ESLint, pylint, mypy), formatters, and security scanners (SonarQube). Use for enforcing standards, detecting vulnerabilities, automating reviews in CI/CD and pre-commit.

Javascript

Typescript

Install

npx claudepluginhub joshuarweaver/cascade-code-languages-misc-1 --plugin aj-geddes-useful-ai-prompts-4

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- [Overview](#overview)

Supporting Assets

references/custom-ast-analysis.mdreferences/eslint-configuration.mdreferences/pre-commit-hooks.mdreferences/python-linting-pylint-mypy.mdreferences/security-scanning.mdreferences/sonarqube-integration.mdscripts/security-checklist.sh

SKILL.md

Similar Skills

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

159.9k

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

159.9k

next-compile

1 file

Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.

vercel-next-js-2

139.2k

Stats

Stars180

Forks28

Last CommitMar 3, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

static-code-analysis

Static Code Analysis

Table of Contents

Overview

Use automated tools to analyze code without executing it, catching bugs, security issues, and style violations early.

When to Use

Enforcing coding standards

Security vulnerability detection

Bug prevention

Code review automation

CI/CD pipelines

Pre-commit hooks

Refactoring assistance

Quick Start

Minimal working example:

// .eslintrc.js module.exports = { extends: [ "eslint:recommended", "plugin:@typescript-eslint/recommended", "plugin:security/recommended", ], plugins: ["@typescript-eslint", "security", "import"], rules: { "no-console": ["warn", { allow: ["error", "warn"] }], "no-unused-vars": "error", "prefer-const": "error", eqeqeq: ["error", "always"], "no-eval": "error", "security/detect-object-injection": "warn", "security/detect-non-literal-regexp": "warn", "@typescript-eslint/no-explicit-any": "warn", "@typescript-eslint/explicit-function-return-type": "error", "import/order": [ "error", { groups: [ "builtin", "external", "internal", // ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide

Contents

ESLint Configuration

Python Linting (pylint + mypy)

Pre-commit Hooks

SonarQube Integration

Custom AST Analysis

Security Scanning

Best Practices

✅ DO

Run linters in CI/CD

Use pre-commit hooks

Configure IDE integration

Fix issues incrementally

Document custom rules

Share configuration across team

Automate security scanning

❌ DON'T

Ignore all warnings

Skip linter setup

Commit lint violations

Use overly strict rules initially

Skip security scans

Disable rules without reason