PMD - An extensible cross-language static code analyzer

  •        4531

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Apex and Visualforce, PLSQL, Apache Velocity, XML, XSL.

Additionally it includes CPD, the copy-paste-detector. CPD finds duplicated code in Java, C, C++, C#, Groovy, PHP, Ruby, Fortran, JavaScript, PLSQL, Apache Velocity, Scala, Objective C, Matlab, Python, Go, Swift and Apex and Visualforce.



Related Projects

awesome-static-analysis - A curated list of static analysis tools, linters and code quality checkers for various programming languages


This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome! Note: ©️ stands for proprietary software. All other tools are Open Source. To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work. Title image Designed by Freepik.

Checkstyle - Checks Java coding standard

  •    Java

Checkstyle is a tool to help programmers write Java code that adheres to a coding standard. Checkstyle is highly configurable and can be made to support almost any coding standard. Checkstyle provides checks that find class design problems, duplicate code, or bug patterns like double checked locking. This tool could be integrated as Ant task.

codeclimate - Code Climate CLI

  •    Ruby

codeclimate is a command line interface for the Code Climate analysis platform. It allows you to run Code Climate engines on your local machine inside of Docker containers. The Code Climate CLI is distributed and run as a Docker image. The engines that perform the actual analyses are also Docker images. To support this, you must have Docker installed and running locally. We also require that the Docker daemon supports connections on the default Unix socket /var/run/docker.sock.

pylint - It's not just a linter that annoys you!

  •    Python

Pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions. It's highly configurable, having special pragmas to control its errors and warnings from within your code, as well as from an extensive configuration file. It is also possible to write your own plugins for adding your own checks or for extending pylint in one way or another.

FindBugs - Static Analysis Tool for Java

  •    Java

FindBugs uses static analysis to look for bugs in Java code. it can analyze programs compiled for any version of Java. Eclipse and Maven plugins are available. FindBugs has been downloaded more than 700,000 times.

HTMLHint - ⚙️ The Static Code Analysis Tool you need for your HTML

  •    Javascript

HTMLHint is a Static Code Analysis Tool for HTML, you can use it with IDE or in build system. Prerequisites: Node.js (>=6.14), npm version 3+.

csslint - Automated linting of Cascading Stylesheets

  •    Javascript

CSSLint is an open source CSS code quality tool originally written by Nicholas C. Zakas and Nicole Sullivan. It was released in June 2011 at the Velocity conference.A lint tool performs static analysis of source code and flags patterns that might be errors or otherwise cause problems for the developer.

SpotBugs - FindBugs' successor, A tool for static analysis to look for bugs in Java code.

  •    Java

SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community. SpotBugs is a program which uses static analysis to look for bugs in Java code.

PhpDependencyAnalysis - Static code analysis to find violations in a dependency graph

  •    PHP

PhpDependencyAnalysis is an extendable static code analysis for object-oriented PHP-Projects to generate dependency graphs from abstract datatypes (Classes, Interfaces and Traits) based on namespaces. Dependencies can be aggregated to build graphs for several levels, like Package-Level or Layer-Level. Each dependency can be verified to a defined architecture. Read the Introduction-Chapter for further informations.

credo - A static code analysis tool for the Elixir language with a focus on code consistency and teaching

  •    Elixir

Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency. It implements its own style guide.

languagetool - Style and Grammar Checker for 25+ Languages

  •    Java

LanguageTool is an Open Source proofreading software for English, French, German, Polish, Russian, and more than 20 other languages. It finds many errors that a simple spell checker cannot detect. LanguageTool is freely available under the LGPL 2.1 or later.

CodeNarc - Static Analysis for Groovy

  •    Groovy

CodeNarc analyzes Groovy code for defects, bad practices, inconsistencies, style issues, coding standards, best practices and more. CodeNarc triggers violations based on rules which are predefined or custom rules. The static analysis report is generated in XML or HTML format. It is well integrated with the Ant Task and plugins exist for Maven, Gradle, Grails, Griffon, Sonar and Hudson.

phpinspectionsea - A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

  •    Java

This project is an OSS Static Code Analysis tool for PhpStorm (2016.2+) and Idea Ultimate. Some of inspections are expecting conditional statements (e.g. "if") to use group statement for wrapping body expressions. If this requirement is met then additional inspections are applied to the source code.

JSHint - A Static Code Analysis Tool for JavaScript

  •    Javascript

JSHint is a community-driven tool to detect errors in JavaScript code and enforce your team's coding conventions.

oclint - A static source code analysis tool to improve quality and reduce defects for C, C++ and Objective-C

  •    C++

OCLint is a static code analysis tool for improving quality and reducing defects by inspecting C, C++ and Objective-C code.

PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!

  •    PHP

PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code.PHPStan moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

android-check - Static code analysis plugin for Android project. (Checkstyle, PMD)

  •    Groovy

Static code analysis plugin for Android project. Recommended configuration is a default one (empty).

rubycritic - A Ruby code quality reporter

  •    Javascript

RubyCritic is a gem that wraps around static analysis gems such as Reek, Flay and Flog to provide a quality report of your Ruby code.

JLint - static analysis for Java

  •    C++

Jlint will check your Java code and find bugs, inconsistencies and synchronization problems by doing data flow analysis and building the lock graph. Jlint is extremely fast. It is easy to learn and requires no changes to the class files. Jlint has been used in an industrial environment and successfully uncovered faults with little effort.

Codelyzer - Static analysis for Angular projects.

  •    TypeScript

A set of tslint rules for static code analysis of Angular TypeScript projects.You can run the static code analyzer over web apps, NativeScript, Ionic, etc.