Testing your website with sonarwhal

Yesterday I was watching a great Pluralsight course called Play by Play: Javascript Security by Troy Hunt and Aaron Powell.  In this course they discuss a number of security related things, including auth tokens, caching, service workers, third-party library vulnerabilities and client-side validation.  Aaron also introduced me to a tool that I hadn’t heard of before, called sonarwhal.

If you’re not familiar with Pluralsight then you really should be, especially if you’re a developer.  It’s a technology learning platform with great courses…

Keep up with technology with expert-led courses, assessments and tools that help you build the skills you need, when you need them.

But coming back to the main topic of this post, sonarwhal, it looks like a really great dynamic analysis tool for improving your website.

sonarwhal is a linting tool that will help you with your site’s accessibility, speed, security and more, by checking your code for best practices and common errors.

Having run it on my own website, it came up with quite a few issues…!

  • Accessibility – 1 error
  • Interoperability – 15 errors
  • Performance – 50 errors
  • PWA – 1 warning
  • Security – 66 errors

A total of 132 errors and 1 warning, discovered in precisely 2 minutes 52 seconds, and with loads of information about why they’re issues and how to resolve them.

Over the next few weeks, I plan to work my way through and investigate these issues, fixing them where it’s appropriate, and I’ll write a post about each one as I go.

Updating npm to latest version

Recently I had some trouble updating npm to the latest version on Windows, which was driving me crazy until a StackOverflow thread pointed me in the right direction.  Unfortunately I can’t find the thread again, but as this was just a passing comment and not an answer, I thought it would be worth immortalising it here. By…

HTTP is dead

I really should stop with the clickbait headlines!  A couple of months ago I posted about how SEO is dead and now I’m doing it again. Well, this time I can safely say that HTTP is not in fact dead.  But it is losing out to HTTPS, as more and more websites are going secure. There are…

SEO is dead

Ok ok, so it’s not exactly dead… or is it?  No, it’s not.  Well, depends on what you really mean, I guess. Search Engine Optimisation has always been big business, ever since there were search engines.  And ever since then, people have been saying that SEO has been dead. For me, SEO is an evolution,…


I’ve recently received some really positive feedback for some work I’ve done, and I was chuffed to bits.  I’m not massively good at bragging, even the artful humble brag, but I think I really should add a testimonials page to my site when I get the chance, so I can look back and try to…

Caching php files on Cloudflare

Oh dear, I’ve definitely broken my New Year’s resolution now – it’s been 16 days since my last confession… I mean blog post! I’ve spoken before about how I use Cloudflare to improve both security and performance.  In short, they have an ever increasing number of edge nodes, which they cache content at and then return results directly,…