Testing your website with sonarwhal

Yesterday I was watching a great Pluralsight course called Play by Play: Javascript Security by Troy Hunt and Aaron Powell.  In this course they discuss a number of security related things, including auth tokens, caching, service workers, third-party library vulnerabilities and client-side validation.  Aaron also introduced me to a tool that I hadn’t heard of before, called sonarwhal.

If you’re not familiar with Pluralsight then you really should be, especially if you’re a developer.  It’s a technology learning platform with great courses…

Keep up with technology with expert-led courses, assessments and tools that help you build the skills you need, when you need them.

But coming back to the main topic of this post, sonarwhal, it looks like a really great dynamic analysis tool for improving your website.

sonarwhal is a linting tool that will help you with your site’s accessibility, speed, security and more, by checking your code for best practices and common errors.

Having run it on my own website, it came up with quite a few issues…!

  • Accessibility – 1 error
  • Interoperability – 15 errors
  • Performance – 50 errors
  • PWA – 1 warning
  • Security – 66 errors

A total of 132 errors and 1 warning, discovered in precisely 2 minutes 52 seconds, and with loads of information about why they’re issues and how to resolve them.

Over the next few weeks, I plan to work my way through and investigate these issues, fixing them where it’s appropriate, and I’ll write a post about each one as I go.