CodeFrog

Code Quality Tools

Code quality tools automate the enforcement of coding standards, catch bugs before they reach production, and keep codebases maintainable as teams grow. They fall into several categories: linters that check for errors and style violations, formatters that enforce consistent code style, static analysis tools that find deeper bugs and security issues, and validators that check markup against official specifications. A well-configured toolchain runs automatically on every save, commit, and pull request, creating a safety net that catches issues at the lowest possible cost.

JavaScript Linting and Formatting

ESLint

Pricing: Free, open-source — Platform: Node.js CLI, IDE plugins for all major editors

ESLint is the standard JavaScript and TypeScript linter. It statically analyzes your code to find problems ranging from syntax errors and unused variables to complex issues like missing dependency arrays in React hooks, incorrect Promise handling, and accessibility violations in JSX. ESLint is fully configurable — you can enable, disable, or customize every rule, and extend shared configurations from the community.

The plugin ecosystem is one of ESLint's greatest strengths. Popular plugins include eslint-plugin-react for React-specific rules, eslint-plugin-jsx-a11y for accessibility checks in JSX, eslint-plugin-import for module import/export validation, and @typescript-eslint/eslint-plugin for TypeScript-specific rules. The flat config format (introduced in ESLint v9) simplifies configuration significantly.

Best use cases

  • Catching JavaScript and TypeScript errors before runtime
  • Enforcing team coding standards consistently
  • Framework-specific rules (React, Vue, Angular, Node.js)
  • IDE integration for real-time feedback while coding
  • CI/CD pipeline quality gates

Prettier

Pricing: Free, open-source — Platform: Node.js CLI, IDE plugins for all major editors

Prettier is an opinionated code formatter that supports JavaScript, TypeScript, HTML, CSS, JSON, Markdown, YAML, and many other languages. Unlike ESLint (which reports issues for you to fix), Prettier automatically rewrites your code to conform to a consistent style. It handles indentation, line length, quote style, trailing commas, semicolons, and dozens of other formatting decisions so your team never has to debate them.

Prettier is intentionally opinionated with minimal configuration options. This is by design — the goal is to end all formatting debates by providing one canonical style. When combined with ESLint (using eslint-config-prettier to disable ESLint's formatting rules), you get both error detection and automatic formatting without conflicts.

Best use cases

  • Automatic code formatting across multiple languages
  • Eliminating formatting debates in code reviews
  • Format-on-save in editors for instant feedback
  • Pre-commit hooks to ensure all committed code is formatted

Static Analysis

Semgrep / OpenGrep

Pricing: Free, open-source (Semgrep OSS / OpenGrep); paid Semgrep Cloud platform — Platform: CLI, CI/CD integrations

Semgrep is a fast, lightweight static analysis tool that supports over 30 programming languages. It finds bugs, security vulnerabilities, and anti-patterns using pattern-matching rules that are much easier to write and understand than traditional AST-based analysis. The Semgrep Registry contains thousands of community-contributed and Semgrep-maintained rules covering security, correctness, and best practices.

What makes Semgrep unique is its pattern syntax — rules look like the code they are trying to match, making them readable by any developer. For example, a rule to find SQL injection in Python looks like: cursor.execute("..." + $USER_INPUT). This accessibility means teams can write custom rules for their own codebase patterns, not just rely on generic rules.

OpenGrep is a community fork of Semgrep's open-source engine that ensures the core pattern-matching technology remains freely available. Both tools use the same rule syntax and registry.

Best use cases

  • Finding security vulnerabilities across multiple languages
  • Enforcing custom code patterns specific to your codebase
  • CI/CD integration for automated code review
  • Teams that want readable, maintainable static analysis rules

SonarQube

Pricing: Community Edition (free, open-source); Developer ($150/year), Enterprise, Data Center editions — Platform: Self-hosted server, SonarCloud (hosted)

SonarQube is a comprehensive code quality platform that performs static analysis on your codebase and tracks quality metrics over time. It detects bugs, vulnerabilities, code smells (maintainability issues), and code duplication across over 30 languages. SonarQube provides a quality gate concept — a set of conditions that must be met before code can be merged, such as "no new bugs," "no new vulnerabilities," and "code coverage above 80%."

The SonarQube dashboard shows trends in code quality over time, making it easy to see whether quality is improving or degrading. The Community Edition is free and covers most needs for smaller teams. SonarCloud provides the same analysis as a hosted service, which is easier to set up but has ongoing costs for private repositories.

Best use cases

  • Tracking code quality metrics and trends across projects
  • Enforcing quality gates in CI/CD pipelines
  • Detecting code duplication and technical debt
  • Organizations with multiple projects that need centralized quality dashboards

HTML and CSS Quality

HTMLHint

Pricing: Free, open-source — Platform: Node.js CLI, IDE plugins

HTMLHint is a linter for HTML that checks for common mistakes including unclosed tags, duplicate IDs, missing alt attributes, deprecated elements, and inline styles. It is configurable via a .htmlhintrc file and can be integrated into editors and CI/CD pipelines. HTMLHint catches issues that can cause rendering problems, accessibility failures, and inconsistent behavior across browsers.

Best use cases

  • Catching HTML errors during development
  • Enforcing HTML coding standards across a team
  • CI/CD integration to prevent malformed HTML from being deployed

Stylelint

Pricing: Free, open-source — Platform: Node.js CLI, IDE plugins

Stylelint is a modern CSS linter that enforces consistent conventions and catches errors in CSS, SCSS, Sass, Less, and CSS-in-JS. It includes over 170 built-in rules covering everything from property ordering to shorthand property usage to color format consistency. Stylelint uses the same configuration pattern as ESLint, making it familiar to JavaScript developers.

Like ESLint, Stylelint supports shared configurations. The stylelint-config-standard package provides a sensible default configuration, and additional plugins add rules for specific methodologies like BEM naming conventions or Order properties.

Best use cases

  • Enforcing CSS coding standards and conventions
  • Catching CSS errors like invalid property values or duplicate selectors
  • Maintaining consistent CSS across large projects
  • Linting SCSS, Sass, Less, and CSS-in-JS

W3C Markup Validation Service

Pricing: Free — Platform: Web, API

W3C Markup Validation Service checks HTML documents against the official HTML specification maintained by the W3C. It catches errors that linters may miss because it validates against the actual spec, not just common rules. This includes checking DOCTYPE declarations, element nesting rules, attribute validity, and character encoding declarations.

The W3C Validator is the authoritative source for HTML validity. While browsers are forgiving of invalid HTML (they have complex error recovery algorithms), valid HTML ensures predictable rendering across all browsers and assistive technologies.

Best use cases

  • Validating HTML against the official W3C specification
  • Catching spec violations that linters and browsers tolerate
  • Ensuring cross-browser rendering consistency
  • Accessibility compliance (valid HTML is a prerequisite for assistive technology compatibility)

Editor and Environment Configuration

EditorConfig

Pricing: Free, open-source — Platform: All major editors and IDEs

EditorConfig defines and maintains consistent coding styles between different editors and IDEs. A simple .editorconfig file in your project root specifies settings like indent style (tabs vs. spaces), indent size, end-of-line characters, character encoding, and trailing whitespace trimming. Most editors support EditorConfig natively or through a plugin.

EditorConfig solves a fundamental team collaboration problem: different developers use different editors with different default settings. Without EditorConfig, a project might have files with mixed tabs and spaces, different indent sizes, and inconsistent line endings. These differences create noisy diffs in version control and can cause formatting issues.

Best use cases

  • Ensuring consistent indentation and line endings across a team
  • Projects where team members use different editors (VS Code, IntelliJ, Vim, etc.)
  • Establishing baseline formatting that applies before Prettier or other formatters run

CodeFrog

Pricing: $99/year — Platform: Desktop app (Mac and Windows)

CodeFrog includes HTML validation and static analysis as part of its comprehensive quality report. It checks for HTML validity issues, identifies potential code quality problems, and presents findings alongside accessibility, security, performance, and SEO results. This integrated approach helps teams understand how code quality issues relate to other quality dimensions.

Best use cases

  • HTML validation integrated into a broader quality audit
  • Identifying code quality issues on localhost before deployment
  • Understanding the relationship between code quality and other quality metrics

Quality Platforms

CodeClimate

Pricing: Free for open-source; paid plans from $15/user/month — Platform: Cloud-hosted, GitHub/GitLab integration

CodeClimate provides automated code review and maintainability metrics. It calculates a maintainability score for your codebase based on code complexity, duplication, and style issues. CodeClimate integrates with GitHub and GitLab to provide inline feedback on pull requests, showing exactly which changes introduce new issues.

The Velocity product tracks engineering team metrics like deployment frequency, cycle time, and throughput. While these metrics should be used carefully (they can be gamed and can create perverse incentives), they provide useful signals about development process health.

Best use cases

  • Tracking maintainability metrics over time
  • Automated code review feedback on pull requests
  • Open-source projects that want free quality monitoring
  • Teams that need engineering metrics dashboards
Tip: The minimum code quality toolchain for any JavaScript project should include ESLint for error detection, Prettier for formatting, and EditorConfig for editor consistency. Add Stylelint if you write CSS directly, HTMLHint for template validation, and Semgrep for security-focused static analysis. Configure all tools to run automatically on save (via editor plugins) and on commit (via Husky and lint-staged).

Resources

  • ESLint Documentation — Official docs covering configuration, rules, and plugin development
  • Semgrep Registry — Searchable database of thousands of static analysis rules for security and code quality