Need advice about which tool to choose?Ask the StackShare community!

JSHint

921
58
+ 1
0
Snyk

470
378
+ 1
20
Add tool

JSHint vs Snyk: What are the differences?

JSHint: A Static Code Analysis Tool for JavaScript. It is a community-driven tool to detect errors and potential problems in JavaScript code. It is open source and can easily adjust in the environment you expect your code to execute; Snyk: Fix vulnerabilities in Node & npm dependencies with a click. Fix vulnerabilities in Node & npm dependencies with a click.

JSHint can be classified as a tool in the "Code Review" category, while Snyk is grouped under "Dependency Monitoring".

According to the StackShare community, Snyk has a broader approval, being mentioned in 21 company stacks & 43 developers stacks; compared to JSHint, which is listed in 4 company stacks and 5 developer stacks.

Advice on JSHint and Snyk
Bryan Dady
SRE Manager at Subsplash · | 5 upvotes · 450.2K views

I'm beginning to research the right way to better integrate how we achieve SCA / shift-left / SecureDevOps / secure software supply chain. If you use or have evaluated WhiteSource, Snyk, Sonatype Nexus, SonarQube or similar, I would very much appreciate your perspective on strengths and weaknesses and how you selected your ultimate solution. I want to integrate with GitLab CI.

See more
Replies (1)
Moises Figueroa
DevOps Engineer at Ingenium Code · | 2 upvotes · 35.6K views
Recommends

I'd recommend Snyk since it provides an IDE extension for Developers, SAST, auto PR security fixes, container, IaC and includes open source scanning as well. I like their scoring method as well for better prioritization. I was able to remove most of the containers and cli tools I had in my pipelines since Snyk covers secrets, vulns, security and some code cleaning. SAST has false positives but the scoring helps. Also had to spend time putting some training docs but their engineers helped out with content.

See more
Manage your open source components, licenses, and vulnerabilities
Learn More
Pros of JSHint
Pros of Snyk
    Be the first to leave a pro
    • 10
      Github Integration
    • 5
      Free for open source projects
    • 4
      Finds lots of real vulnerabilities
    • 1
      Easy to deployed

    Sign up to add or upvote prosMake informed product decisions

    Cons of JSHint
    Cons of Snyk
    • 1
      Non-intuitive configuration
    • 2
      Does not integrated with SonarQube
    • 1
      No malware detection
    • 1
      No surface monitoring
    • 1
      Complex UI
    • 1
      False positives

    Sign up to add or upvote consMake informed product decisions

    What is JSHint?

    It is a community-driven tool to detect errors and potential problems in JavaScript code. It is open source and can easily adjust in the environment you expect your code to execute.

    What is Snyk?

    Automatically find & fix vulnerabilities in your code, containers, Kubernetes, and Terraform

    Need advice about which tool to choose?Ask the StackShare community!

    What companies use JSHint?
    What companies use Snyk?
    Manage your open source components, licenses, and vulnerabilities
    Learn More

    Sign up to get full access to all the companiesMake informed product decisions

    What tools integrate with JSHint?
    What tools integrate with Snyk?

    Sign up to get full access to all the tool integrationsMake informed product decisions

    Blog Posts

    What are some alternatives to JSHint and Snyk?
    ESLint
    A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.
    JSLint
    It is a static code analysis tool used in software development for checking if JavaScript source code complies with coding rules. It is provided primarily as a browser-based web application accessible through their domain, but there are also command-line adaptations.
    Flow
    Flow is an online collaboration platform that makes it easy for people to create, organize, discuss, and accomplish tasks with anyone, anytime, anywhere. By merging a sleek, intuitive interface with powerful functionality, we're out to revolutionize the way the world's productive teams get things done.
    SonarQube
    SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.
    TypeScript
    TypeScript is a language for application-scale JavaScript development. It's a typed superset of JavaScript that compiles to plain JavaScript.
    See all alternatives