Introducing G2.ai, the future of software buying.Try now
Compare SonarQube and npm 
Featured Products
Sponsored
You’re seeing this ad based on the product’s relevance to this page. Sponsored content does not receive preferential treatment in any of G2’s ratings.
Endor Labs
Visit Website
Sponsored
You’re seeing this ad based on the product’s relevance to this page. Sponsored content does not receive preferential treatment in any of G2’s ratings.
CAST Highlight
Visit Website
Sponsored
You’re seeing this ad based on the product’s relevance to this page. Sponsored content does not receive preferential treatment in any of G2’s ratings.
Aikido Security
Visit Website
At a Glance
Market Segments
Enterprise (41.9% of reviews)
Small-Business (62.5% of reviews)
Entry-Level Pricing
Free
No pricing available
SonarQube
Star Rating
(125)4.5 out of 5
Market Segments
Enterprise (41.9% of reviews)
Entry-Level Pricing
Free
Browse all 5 pricing plansnpm
Star Rating
(85)4.7 out of 5
Market Segments
Small-Business (62.5% of reviews)
Entry-Level Pricing
No pricing available
Learn more about npmSonarQube vs npm
When assessing the two solutions, reviewers found npm easier to use and set up. Reviewers also felt that npm was easier to do business with overall. However, reviewers felt that administration of both products was equally easy.
- Reviewers felt that npm meets the needs of their business better than SonarQube.
- When comparing quality of ongoing product support, reviewers felt that npm is the preferred option.
- For feature updates and roadmaps, our reviewers preferred the direction of SonarQube over npm.
Pricing
Entry-Level Pricing
SonarQube
Community Edition
Free
Explore: https://www.sonarsource.com/plans-and-pricing/
- Free
- Popular & classic languages support
- Integration with DevOps platforms
npm
No pricing availableFree Trial
SonarQube
Free Trial is available
npm
No trial information availableRatings
Meets Requirements
8.8
108
8.9
67
Ease of Use
8.5
111
8.9
67
Ease of Setup
8.1
70
9.0
18
Ease of Admin
8.5
63
8.5
16
Quality of Support
8.2
91
8.4
53
Has the product been a good partner in doing business?
8.4
57
9.0
12
Product Direction (% positive)
8.6
105
8.4
64
Features by Category
Administration
7.8
19
Not enough data
6.0
20
Not enough data
Analysis
7.4
21
Not enough data
8.0
20
Not enough data
8.9
22
Not enough data
9.0
22
Not enough data
Testing
6.6
18
Not enough data
5.9
19
Not enough data
6.0
21
Not enough data
6.9
18
Not enough data
6.8
17
Not enough data
8.2
21
Not enough data
6.9
21
Not enough data
Agentic AI - Static Application Security Testing (SAST)
Not enough data
Not enough data
Functionality
8.1
31
Not enough data
8.4
30
Not enough data
8.2
29
Not enough data
Management
7.7
27
Not enough data
7.5
25
Not enough data
7.8
27
Not enough data
Functionality
Not enough data
9.2
58
Not enough data
8.8
54
Not enough data
8.2
51
Not enough data
8.1
52
Management
Not enough data
8.7
51
Not enough data
8.5
51
Not enough data
8.4
48
Not enough data
8.2
49
Bug Reporting
7.7
10
Not enough data
8.0
10
Not enough data
8.3
10
Not enough data
Bug Monitoring
7.8
10
Not enough data
8.2
10
Not enough data
8.5
10
Not enough data
Agentic AI - Bug Tracking
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Functionality - Software Composition Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Effectiveness - Software Composition Analysis
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Documentation
7.7
35
Not enough data
7.6
35
Not enough data
8.2
36
Not enough data
Security
6.9
33
Not enough data
7.0
32
Not enough data
7.9
33
Not enough data
Risk management - Application Security Posture Management (ASPM)
9.3
5
Not enough data
8.7
5
Not enough data
9.0
5
Not enough data
8.9
6
Not enough data
Integration and efficiency - Application Security Posture Management (ASPM)
7.8
6
Not enough data
8.6
6
Not enough data
Reporting and Analytics - Application Security Posture Management (ASPM)
7.8
6
Not enough data
Not enough data
Not enough data
8.3
5
Not enough data
Agentic AI - Application Security Posture Management (ASPM)
Not enough data
Not enough data
Not enough data
Not enough data
Functionality - Software Bill of Materials (SBOM)
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Management - Software Bill of Materials (SBOM)
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
AI Compliance
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Risk Management & Monitoring
Not enough data
Not enough data
Not enough data
Not enough data
AI Lifecycle Management
Not enough data
Not enough data
Access Control and Security
Not enough data
Not enough data
Collaboration and Communication
Not enough data
Not enough data
Agentic AI - AI Governance Tools
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Agentic AI - Static Code Analysis
6.3
8
Not enough data
5.7
7
Not enough data
6.7
8
Not enough data
Cloud Visibility
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Security
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Identity
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Not enough data
Categories
Categories
Shared Categories
SonarQube and npm share no categories
Unique Categories
SonarQube is categorized as Application Security Posture Management (ASPM), Secure Code Review, Software Development Analytics Tools, Static Application Security Testing (SAST), Static Code Analysis, Bug Tracking, Software Composition Analysis, Software Bill of Materials (SBOM), and AI Governance Tools
npm is categorized as Repository Management
Reviews
Reviewers' Company Size
SonarQube
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
npm
Small-Business(50 or fewer emp.)
Mid-Market(51-1000 emp.)
Enterprise(> 1000 emp.)
Small-Business
(50 or fewer emp.)
Mid-Market
(51-1000 emp.)
Enterprise
(> 1000 emp.)
Reviewers' Industry
Information Technology and Services
26.6%
Computer Software
21.8%
Financial Services
6.5%
Hospital & Health Care
3.2%
Computer & Network Security
3.2%
Other
38.7%
Computer Software
40.0%
Information Technology and Services
20.0%
Marketing and Advertising
6.3%
Hospital & Health Care
6.3%
Program Development
3.8%
Other
23.8%
Alternatives
Discussions
SonarQube has no discussions with answers
Is there any way to exclude files that are not in use by project
1 Comment
CA
You should be able to add in packages as a dependencies in your package.json file. Specify which ones are for the project and which are...Read more
What is the best way to name a library.
1 Comment
AS
Without capitalizations, and if it's just a package without any symbols (!.,/@#$%^*&(), etc)
Read more
What is NPM for?
1 Comment
AS
The NPM registry is for uploading packages to their registry for public usage of the package.Read more
Hunting for software insights?
With over 3 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.
