43  

I agree that JSLint is the best place to start. Note that JavaScript Lint is distinct from JSLint. I’d also suggest checking out JSure, which in my limited testing did better than either of them, though with some rough edges in the implementation—the Intel Mac version crashed on startup for me, though the PowerPC version ran fine even on Intel, and the Linux version ran fine as well. (The developer, Berke Durak, said he'd get back to me when this was fixed, but I haven't heard from him.)

我同意JSLint是最好的起点。请注意，JavaScript Lint与JSLint不同。我还建议检查一下JSure，在我有限的测试中，它比任何一个都好，尽管在实现过程中有一些粗糙的边缘——Intel的Mac版本在我的启动时崩溃了，尽管PowerPC版本在Intel上运行良好，Linux版本也运行良好。(开发商伯克·杜兰克(Berke Durak)说，修好后他会再找我，但我还没有他的消息。)

Don’t expect as much from JavaScript static analysis as you get from a good C checker. As Durak told me, “any non-trivial analysis is very difficult due to Javascript's dynamic nature.”

不要期望从JavaScript静态分析中得到的东西比从优秀的C检查器中得到的要多。正如Durak告诉我的，“由于Javascript的动态特性，任何重要的分析都非常困难。”

(Another, even more obscure Mac-only bug, this time with JSLint’s Konfabulator widget: Dragging a BBEdit document icon onto the widget moves the document to the trash. The developer, Douglas Crockford, hadn’t tried the widget on a Mac.)

(另一个，更模糊的mac bug，这一次使用JSLint的Konfabulator小部件:将一个BBEdit文档图标拖到小部件上，将文档移动到垃圾中。开发人员道格拉斯·克罗克福德(Douglas Crockford)没有在Mac上试用这个小部件。

10 August 2009: Today at the Static Analysis Symposium, Simon Holm Jensen presented a paper on TAJS: Type Analyzer for JavaScript, written with Anders Møller and Peter Thiemann. The paper doesn’t mention the above tools, but Jensen told me he’d looked at some of them and wasn’t impressed. The code for TAJS should be available sometime this summer.

2009年8月10日:今天在静态分析研讨会,西蒙河中沙洲Jensen发表了一篇论文在泰姬:类型为JavaScript分析仪,用安德斯Møller和彼得Thiemann。论文中没有提到上述工具，但Jensen告诉我他看过其中的一些，并没有留下什么印象。TAJS的代码将在今年夏天的某个时候发布。

56  

UPDATED ANSWER, 2017: Yes. Use ESLint. http://eslint.org

更新答案,2017:是的。使用ESLint。http://eslint.org

In addition to JSLint (already mentioned in Flash Sheridan's answer) and the Closure compiler (previously mentioned in awhyte's answer) I have have also gotten a lot of benefit from running JSHint and PHP CodeSniffer. As of 2012, all four tools are free open-source and have a large and active developer community behind them. They're each a bit different (and I think, complementary) in the kinds of checks they perform:

除了JSLint(在Flash Sheridan的答案中已经提到过)和闭包编译器(在awhyte的答案中已经提到过)之外，我还从运行JSHint和PHP CodeSniffer中获得了很多好处。截至2012年，这四种工具都是免费的开源工具，背后有一个活跃的开发社区。他们的检查方式各有不同(我认为是互补的):

JSLint was designed to be, and still is Douglas Crockford's personal linting tool. It ships with a great default ruleset -- Crockford's own, constantly updated as he continues to learn about JavaScript and its pitfalls. JSLint is highly opinionated and this is generally seen as a good thing. Thus there's (intentionally) a limited amount you can do to configure or disable individual rules. But this can make it tough to apply JSLint to legacy code.

JSLint被设计成，现在仍然是Douglas Crockford的个人linting工具。它附带了一个很棒的默认规则集——Crockford自己的规则集，在他继续学习JavaScript及其缺陷时不断更新。JSLint非常固执己见，这通常被视为一件好事。因此，(故意)您可以对单个规则进行配置或禁用。但是这可能使将JSLint应用到遗留代码变得困难。

JSHint is very similar to JSLint (in fact it began life as JSLint fork) but it is easier/possible to configure or disable all of JSLint's checks via command line options or via a .jshintrc file.

JSHint与JSLint非常相似(实际上它最初是作为JSLint fork出现的)，但是通过命令行选项或.jshintrc文件配置或禁用JSLint的所有检查是更容易的/可能的。

I particularly like that I can tell JSHint to report all of the errors in a file, even if there are hundreds of errors. By contrast, although JSLint does have a maxerr configuration option, it will generally bail out relatively early when attempting to process files that contain large numbers of errors.

我特别喜欢让JSHint报告文件中的所有错误，即使有数百个错误。相比之下，尽管JSLint确实有maxerr配置选项，但在尝试处理包含大量错误的文件时，它通常会在相对较早的时候退出。

The Closure compiler is extremely useful in that, if code won't compile with Closure, you can feel very certain said code is deeply hosed in some fundamental way. Closure compilation is possibly the closest thing that there is in the JS world to an "interpreter" syntax check like php -l or ruby -c

闭包编译器在这方面非常有用，如果代码不能使用闭包进行编译，那么您可以非常肯定地认为，说过的代码是以某种基本的方式被深入挖掘的。闭包编译可能是JS世界中最接近“解释器”语法检查的东西，比如php -l或ruby -c

Closure also warns you about potential issues such as missing parameters and undeclared or redefined variables. If you aren't seeing the warnings you expect, try increasing the warning level by invoking Closure with an option of --warning_level VERBOSE

Closure警告您可能出现的问题，比如丢失参数和未声明或重新定义的变量。如果您没有看到预期的警告，请尝试通过使用一个选项——warning_level VERBOSE)调用Closure来提高警告级别

PHP CodeSniffer can parse JavaScript as well as PHP and CSS. CodeSniffer ships with several different coding standards, (say phpcs -i to see them) which include many useful sniffs for JavaScript code including checks against inline control structures and superfluous whitespace.

PHP CodeSniffer可以解析JavaScript以及PHP和CSS。CodeSniffer提供了几个不同的编码标准(比如phpcs -i - see它们)，其中包括许多有用的JavaScript代码嗅探，包括检查内联控制结构和多余的空格。

Here is a list of JavaScript sniffs available in PHP CodeSniffer as of version 1.3.6 and here is a custom ruleset that would allow you to run them all at once. Using custom rulesets, it's easy to pick and choose the rules you want to apply. And you can even write your own sniffs if you want to enforce a particular "house style" that isn't supported out of the box. Afaik CodeSniffer is the only tool of the four mentioned here that supports customization and creation of new static analysis rules. One caveat though: CodeSniffer is also the slowest-running of any of the tools mentioned.

这里有一个PHP CodeSniffer版本1.3.6中可用的JavaScript嗅探列表，这里有一个自定义规则集，允许您一次运行它们。使用自定义规则集，很容易选择要应用的规则。你甚至可以写你自己的嗅探，如果你想执行一个特定的“房子风格”，不支持从盒子里出来。Afaik CodeSniffer是这里提到的四个工具中唯一支持定制和创建新的静态分析规则的工具。不过有一点需要注意:CodeSniffer也是所有提到的工具中运行速度最慢的一个。

20  

Google's "Closure" JS compiler produces configurable warnings and errors at compile-time. It definitely finds misspelled variables and methods, plus arity mistakes. If you're willing to write JsDoc the Closure way, it can do a lot with type information, too.

谷歌的“闭包”JS编译器在编译时生成可配置的警告和错误。它明确地发现了拼写错误的变量和方法，以及错误。如果您愿意以闭包的方式编写JsDoc，那么它也可以对类型信息进行大量处理。

The YUI "Compressor" tool can produce warnings too, but haven't tried it yet.

YUI“压缩器”工具也可以产生警告，但还没有尝试过。

I haven't had much luck with the Aptana IDE, built on Eclipse, but other people like it. See Stack Overflow discussion of JS IDEs.

我对构建在Eclipse上的Aptana IDE不太感冒，但其他人喜欢它。参见JS ide的堆栈溢出讨论。

The IntelliJ IDE, which isn't free last I checked, has frickin' excellent JS support. It will detect and highlight misspelled vars and methods as you type, and more. It's got autocomplete, too.

IntelliJ IDE，它不是免费的，我检查过了，它有很棒的JS支持。它将在您输入时检测并突出显示拼写错误的vars和方法，等等。它有自动完成。

11  

In summary, JSLint, JSHint, Plato, ESLint, Google Closure-Linter are the tools available. I faced installation issues while trying out Google Closure-Linter for Windows. But, it does mention on the web page that its support for Windows is experimental. I found and tried another tool which works well. Here is the link for it: http://esprima.org/

总之，JSLint, JSHint, Plato, ESLint，谷歌Closure-Linter是可用的工具。我在为Windows试用谷歌Closure-Linter时遇到了安装问题。但是，它在网页上确实提到它对Windows的支持是实验性的。我发现并尝试了另一种有效的工具。这里是它的链接:http://esprima.org/

Also, this is the github link for the tool Esprima: https://github.com/ariya/esprima

此外，这是工具Esprima的github链接:https://github.com/ariya/esprima

6  

I tried out ESlint and found it good..you can also add custom rules there..Here is the github repo: https://github.com/nzakas/eslint and here is the introduction to it: http://www.nczonline.net/blog/2013/07/16/introducing-eslint/

我试用了ESlint，发现它很好。您还可以在那里添加自定义规则。以下是github的回复:https://github.com/nzakas/eslint，这里是它的介绍:http://www.nczonline.net/blog/3/07/16 / introduction -eslint/

5  

You can see some tools for JavaScript static code analysis in this Wiki.

您可以在这个Wiki中看到一些用于JavaScript静态代码分析的工具。

A tool in the Wiki, but not mentioned in this post, is DeepScan. Its focus is to find runtime errors and quality issues rather than coding conventions of linters. It covers also TypeScript and React.

Wiki中的一个工具是DeepScan。它的重点是查找运行时错误和质量问题，而不是查找linter的编码约定。它还包括打字稿和反应。

You can try it out for your GitHub project.

您可以在GitHub项目上试用它。

4  

More security focused than general purpose list can be found on the Mozilla Wiki at Security/B2G/JavaScript code analysis

在安全/B2G/JavaScript代码分析中，可以在Mozilla Wiki上找到比一般用途列表更多的安全性。

The purpose of this document is to collect JavaScript code analysis tools suitable for including in coming Mozilla projects or for internal use.

本文的目的是收集适用于未来Mozilla项目或内部使用的JavaScript代码分析工具。

Also there is at least one commercial product that does security analysis: Burp gets new JavaScript analysis capabilities

此外，至少有一个商业产品进行安全性分析:Burp获得了新的JavaScript分析功能。

The latest release of Burp includes a new engine for static analysis of JavaScript code. This enables Burp Scanner to report a range of new vulnerabilities, including:

最新的Burp版本包括一个用于静态分析JavaScript代码的新引擎。这使得Burp扫描器能够报告一系列新的漏洞，包括:

• DOM-based XSS
• 基于dom的XSS
• JavaScript injection
• JavaScript注入
• Client-side SQL injection
• 客户端SQL注入
• WebSocket hijacking
• WebSocket劫持
• Local file path manipulation
• 本地文件路径操作
• DOM-based open redirection
• 基于dom的开放重定向
• Cookie manipulation
• Cookie操作
• Ajax request header manipulation
• Ajax请求头操作
• DOM-based denial of service
• 基于dom的拒绝服务
• Web message manipulation
• 网络信息处理
• HTML5 storage manipulation
• HTML5存储操作

3  

I like Jslint for this sort of thing...

我喜欢Jslint做这种事……

3  

In the commercial realm, Coverity Static Analysis supports analysis of JavaScript as of version 7.7 (mid-2015). Regarding your specific inquiry about typos, my pet project appearing in the latest release (8.0, beginning of 2016) does find typos in names of program elements.

在商业领域，Coverity静态分析支持7.7版本(2015年年中)的JavaScript分析。关于您对拼写错误的具体查询，我的宠物项目出现在最新的版本(8.0,2016年初)中，确实在程序元素的名称中发现了拼写错误。

As a key developer on the project, please accept my shameless plug: Though not yet as mature as the venerated C/C++ analysis, Coverity's JavaScript analysis shares much of the same engine, with the same focus on finding high-value defects with a low rate of false positive defect reports. We are increasing our focus on finding security defects in JavaScript (and other languages), in addition to finding general programming errors.

作为项目的关键开发人员，请接受我的厚颜无耻的建议:尽管还没有像备受推崇的C/ c++分析那样成熟，但Coverity的JavaScript分析与大多数相同的引擎是相同的，同样关注的是寻找高价值的缺陷，并且错误的正确率很低。除了查找一般的编程错误之外，我们还增加了对在JavaScript(和其他语言)中查找安全缺陷的关注。

Now, here are some typos it finds (exact typo left as an exercise for the reader, to emphasize how easily these can be overlooked):

现在，它发现了一些拼写错误(准确的拼写错误留给读者作为练习，以强调这些错误是多么容易被忽略):

merge.js: (stable link) (latest revision)

合并。(稳定链接)(最新修订)

commands-packages-query.js: (stable link) (latest revision)

commands-packages-query。(稳定链接)(最新修订)

series-pie-tests.js: (stable link) (latest revision)

series-pie-tests。(稳定链接)(最新修订)

outline_case.js: (stable link) (latest revision)

outline_case。(稳定链接)(最新修订)

2  

JSAnalyse has just been published on codeplex. It is a tool which analyses the dependencies between javascript files. You can even define the allowed dependencies and JSAnalysis checks whether the defined rules are fulfilled or not. That allows to keep track about the javascript dependencies even in big projects and have a clean architecture.

jsanalysis刚刚发布在codeplex上。它是一个分析javascript文件之间依赖关系的工具。您甚至可以定义允许的依赖项，然后JSAnalysis检查所定义的规则是否已完成。这样就可以跟踪javascript依赖项，甚至在大型项目中也是如此，并且有一个干净的体系结构。

JSAnalyse can be executed as a command line tool or configured via the Visual Studio Layer Diagramm. It is also easy to integrate into the build. With gated check-ins you can keep the dependencies under control.

jsanalysis可以作为命令行工具执行，也可以通过Visual Studio层Diagramm配置。集成到构建中也很容易。使用门控检查，您可以控制依赖项。

http://jsanalyse.codeplex.com/

http://jsanalyse.codeplex.com/

2  

Flow does static analysis with and without annotations.

Flow使用和不使用注解进行静态分析。

If you need annotations, the syntax is compatible to TypeScript.

如果需要注释，则语法与打字稿兼容。

Install the package with :

安装包时:

npm install --global flow-bin

There's also some tooling. Have a look at gulp-flowtype and perhaps SublimeLinter-flow

也有一些工具。看看沟流型和升华流

1  

Our SD ECMAScript CloneDR is a tool for finding exact and near-miss copies of duplicated code across large JavaScript source code bases.

我们的SD ECMAScript CloneDR是一种工具，用于在大型JavaScript源代码库中查找复制代码的精确副本和几乎缺失的副本。

It uses the language syntax to guide the detection, so it will find clones in spite of format changes, inserted/deleted comments, renamed variables and even some inserted/deleted statements.

它使用语言语法来指导检测，因此它将找到克隆，尽管格式改变、插入/删除注释、重命名变量甚至插入/删除语句。

The site has a sample CloneDR run on Google's Closure library.

该站点有一个在谷歌的闭包库上运行的示例CloneDR。

0  

Full disclosure, I'm behind this: http://www.toptensoftware.com/minime which does minification, obfuscation and a reasonable set of lint style checks.

完全公开的是，我支持的是:http://www.toptensoftware.com/minime，它负责缩小、混淆和一组合理的lint样式检查。