30 open-source projects similar to csslint/csslint, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Csslint alternative.
Stylelint is a static code analysis tool and linter for CSS and style-like languages. It identifies errors, enforces coding conventions, and operates as a PostCSS plugin to validate stylesheets during build pipelines. The project distinguishes itself through support for non-standard syntaxes, including preprocessor parsing for SCSS and Less, and the ability to extract and lint embedded styles from JavaScript, HTML, and template literals. It features an automated fixing system that programmatically corrects repairable styling violations to ensure consistency. The system provides a plugin arch
axe-core is an automated accessibility testing engine and compliance auditor designed to scan web and mobile interfaces for violations of industry accessibility standards. It functions as a programmatic scanner and linter that analyzes HTML and source code to identify barriers and verify compliance with accessibility guidelines. The project distinguishes itself by combining a DOM-based rule engine with computer vision and machine learning to detect complex violations that evade traditional analysis, such as visual heading discrepancies and informative images. It provides specialized capabilit
TSLint is an extensible static analysis tool that checks TypeScript source files against a configurable set of lint rules. It scans code by walking the parsed TypeScript abstract syntax tree, applying rule objects to detect readability, maintainability, and functionality errors. The tool supports rule severity configuration, inline suppression through comment directives, and automatic attachment of fix objects for correcting violations. The project provides a framework for developing custom lint rules and formatters, allowing teams to enforce project-specific coding conventions beyond the bui
scss-lint is a static analysis tool and configurable style validator for SCSS stylesheets. It identifies syntax errors and enforces coding style consistency in CSS preprocessor files before they are compiled. The project provides an extensibility system for loading custom linting rules from local directories or external libraries. It allows for the definition of project-specific style standards and supports the creation of baseline configurations to facilitate incremental code cleanup. The tool includes capabilities for source control management hook integration and source preprocessing via
JSHint is a JavaScript static analysis tool and linter designed to detect errors and enforce coding standards. It functions as a syntax validator that scans source code to identify potential logic problems and programming mistakes before the code is executed. The tool provides a command line interface for analyzing files and directories. It supports the export of analysis results into standardized formats such as Checkstyle for integration with external build tools. Analysis is managed through a system of linting rule management and environment global configuration. This includes the ability
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks. The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypt
tfsec is a static analysis tool and security scanner for Terraform configuration files. It functions as an infrastructure as code security scanner and compliance linter designed to detect misconfigurations and vulnerabilities across multiple cloud providers before resources are deployed. The tool identifies security risks by analyzing infrastructure code and variable files to evaluate the final state of the environment. It supports custom policy enforcement and allows for the suppression of specific security warnings through inline comments. Its capabilities cover cloud security posture mana
Revive is a configurable static analysis linter and code quality tool for Go. It analyzes source code to detect common coding mistakes, identify style violations, and enforce language standards without executing the program. The project functions as both a command line tool and an embeddable analysis engine. This allows the core linting logic to be integrated as a library into other Go applications for programmatic code inspection. The tool supports custom rule sets and severity levels managed through a structured configuration file. It provides capabilities for suppressing specific warnings
Pylint is a static code analysis tool for Python that checks source code for errors, coding standard violations, and code smells without executing the program. It parses code into an abstract syntax tree and walks the tree to detect issues, enforces configurable style rules and naming conventions, and identifies duplicate code blocks by comparing tokenised source sequences. The tool also includes an inference engine that deduces variable types by simulating code paths, enabling deeper analysis even in untyped code. What distinguishes Pylint is its plugin-based checker architecture, which allo
Phan is a static analyzer and type checker for PHP that identifies bugs and type incompatibilities without executing the code. It serves as a quality gate for continuous integration pipelines and a tool for verifying type safety, specifically checking union types, generics, and array shapes. The project is distinguished by its use of a background daemon and Language Server Protocol implementation, which provide real-time diagnostics and navigation within editors. It also features a baseline-based suppression system that allows developers to record existing errors in a snapshot file to focus e
SonarQube is a static code analysis platform used to scan source code and infrastructure scripts across multiple languages. It detects bugs, security vulnerabilities, and maintainability issues to ensure software meets reliability and security standards. The platform implements automated quality gates for continuous integration and delivery pipelines, verifying code against defined rules during merge or pull requests. It also integrates directly with code editors to provide real-time analysis results and quick-fix guidance during development. The system covers broad functional areas includin
Sass-lint is a static analysis engine designed to enforce coding standards and maintain consistent syntax across Sass and SCSS codebases. As a command-line utility, it integrates into development workflows and build pipelines to automate the validation of stylesheets, ensuring that formatting and best practices are applied consistently throughout a project. The tool distinguishes itself through a flexible configuration system that supports recursive rule inheritance and custom overrides, allowing for the management of complex, large-scale project requirements. It provides granular control ove
This project is a static analysis tool and linter for Ruby on Rails designed to identify architectural smells and violations of best practices. It serves as a code quality linter, architectural auditor, security scanner, and performance analyzer for Rails applications. The tool evaluates the separation of concerns between controllers, models, and view templates to reduce technical debt. It identifies suboptimal coding patterns and enforces stylistic consistency, while specifically scanning for security vulnerabilities such as unprotected mass assignment in models. The analysis surface covers
Pyre is a high-performance static type checker and analysis tool for Python. It identifies type errors and ensures type safety without executing the program, utilizing a static type inference engine to maintain consistency across functions. The project is distinguished by an incremental type analysis engine that operates as a background daemon. This system monitors filesystem changes to re-validate only modified parts of a project, reducing the time required for repeated analysis. It also includes a static analysis security tool that uses taint analysis to track untrusted data flows and ident
Bandit is a static analysis security testing tool and vulnerability detection scanner for Python source code. It functions as a security-focused linter and static analyzer that identifies common vulnerabilities and architectural flaws without executing the program. The tool utilizes an abstract syntax tree to analyze code patterns and identifies risky function calls or insecure configurations. It employs a plugin-based rule engine to decouple scanning logic from individual security checks and supports configuration-driven filtering to exclude specific files or ignore certain warnings. The sy
tfsec is a static analysis tool and security scanner for infrastructure as code, specifically designed to detect misconfigurations and compliance violations in Terraform and cloud infrastructure definitions before deployment. It functions as a cloud security policy engine that identifies vulnerabilities across multiple cloud platforms. The tool provides capabilities for cloud compliance auditing and scanning of Cloud Development Kit code. It supports custom security policy enforcement and allows for the definition of organization-specific security requirements. The scanner includes features
React Doctor is a static analysis tool for React codebases designed to identify security, performance, and architectural issues. It functions as a codebase health diagnostic engine that produces numeric health scores and structured diagnostics to improve maintainability. The tool features an incremental code scanner that evaluates only the files changed between branches or staged in the working tree to provide fast feedback. It is designed to operate as a quality gate within CI pipelines, allowing for the enforcement of codebase health standards by failing builds on critical errors. The anal
Ruff is a high-performance static analysis and code formatting tool designed for Python. Built in Rust, it functions as a comprehensive engine that scans source code to detect programming errors, security vulnerabilities, and deviations from established coding standards. By parsing source code into a structured tree representation, it provides both automated linting and style enforcement across entire projects. The tool distinguishes itself through its speed and deep integration into the development lifecycle. It utilizes parallelized file processing to maximize throughput on large codebases
Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc
grunt-uncss is a CSS dead code eliminator and static analysis build tool. It functions as a Grunt CSS optimization plugin that identifies and deletes redundant style rules to reduce stylesheet file sizes and improve frontend performance. The tool analyzes HTML files and headless browser DOM states to detect styles that do not match any elements in the markup. It supports the protection of specific selectors through whitelists to ensure that styles for dynamically injected elements are preserved during the cleanup process. The project covers frontend asset minification by compressing cleaned
Cppcheck is a static analysis tool and linter for C and C++ source code designed to detect programming errors, memory leaks, and security violations without executing the program. It functions as a bug detection engine and quality assurance tool to identify concurrency issues, type cast errors, and compliance with secure coding standards. The project provides a graphical user interface for selecting files and reviewing errors, alongside a linter for enforcing naming conventions and coding standards. It supports the creation of custom analysis rules using regular expressions to identify specif
Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best practices. It functions as a code quality auditor and Javadoc validation tool, checking source code against configurable rulesets to ensure structural and stylistic consistency. The project allows for the creation of custom linting rules by extending a core API to inspect the abstract syntax tree. It further enables specialized validation through the use of XPath expressions to query the syntax tree for specific code patterns and violations. Capability areas include the enforcement
Sorbet is a static analysis tool and type checker designed for Ruby codebases. It identifies type inconsistencies, potential bugs, and logic errors by examining source code without execution, helping to improve software reliability and maintainability in large-scale projects. The system employs a constraint-based type inference engine that evaluates expressions against defined annotations to validate data structures. To support rapid development, it utilizes incremental analysis and caching to provide feedback by processing only modified files and their dependencies. Beyond static analysis,
Pa11y is an automated web accessibility auditor and WCAG compliance scanner. It functions as a headless browser testing tool and a Node.js accessibility API that identifies barriers for users with disabilities using automated rules and industry standards. The project provides a programmable interface for triggering audits and retrieving structured result objects within JavaScript applications. It distinguishes itself through capabilities such as user interaction simulation, page state synchronization, and the ability to restrict test scopes using CSS selectors to audit specific page regions.
This project is a language server implementation and code editor extension designed to provide intelligence for Svelte components. It functions as a static analysis tool that parses source code to deliver real-time feedback, automated formatting, and code navigation within development environments. The tool distinguishes itself by utilizing a virtual file system mapping that translates component files into modules, allowing standard language tools to process non-standard syntax. It integrates directly with the TypeScript compiler to perform type checking and static analysis across mixed scrip
Hint is a web development linter and static analysis tool that audits HTML, CSS, and JavaScript. It provides a suite of specialized validators designed to ensure compliance with accessibility standards, web security header requirements, and general development best practices. The project distinguishes itself by analyzing a wide range of web quality metrics, including browser compatibility for CSS and JavaScript features and PWA configuration validation. It also includes an analyzer for measuring page load speeds, caching, and compression strategies to optimize web performance. The system is
Mobile Security Framework is an automated security testing platform designed for the analysis of Android, iOS, and Windows mobile application binaries. It functions as a comprehensive suite for identifying security vulnerabilities, privacy risks, and malicious code within mobile software packages. The framework distinguishes itself by combining static and dynamic analysis techniques to evaluate application behavior. It performs static inspection of source code and binaries to detect insecure patterns, while simultaneously utilizing dynamic instrumentation and containerized sandboxing to monit
This project is a web accessibility checklist and inclusive design framework. It serves as a digital inclusion guide and audit tool for verifying that web content is perceivable, operable, and welcoming to a diverse global audience. The project provides a structured review process for WCAG compliance, focusing on auditing HTML structure, ARIA roles, keyboard navigation, and visual accessibility. It includes specific standards for reviewing language, typography, and color contrast to ensure inclusive content design. The framework covers broader capability areas including device compatibility
Semistandard is a static analysis tool and automated code formatter designed to enforce consistent JavaScript syntax and formatting standards across a codebase. It functions as a linter that identifies deviations from established style rules and provides automated corrections to resolve formatting errors without manual intervention. The tool is distinguished by its specific focus on semicolon usage, ensuring that all statements adhere to a uniform syntax standard. It provides comprehensive style management by verifying code against predefined rules and blocking non-compliant submissions withi