After not-installing NPM anymore scanning of TypeScript projects fail

[mallwang]

Hi,

we are using the sonar-scanner-cli Docker image during our CI pipeline for scanning TypeScript projects. By default, TypeScript is not installed on the image so that we initially received an error "Cannot find module typescript" (see https://community.sonarsource.com/t/error-cannot-find-module-typescript/4396). We could solve it via installing the current TypeScript version we are really using (npm i typescript@$(node -p "require('./package.json').devDependencies.typescript")).

This worked well until you dont install NPM anymore (#142), since then this command cannot be executed and throws an error (npm: command not found). Our workaround now would be to install npm ourselves (apk add 'npm>7') but this means that we also need to maintain it ourselves.

I am just asking: is there a chance that you revert these changes again or are you concerned about potential security issues when npm is installed or what was the reason for the removal? For us its not a big deal to install npm but I could imagine that sometime in the future when the image will not run as root anymore our solution would not be possible anymore.

Anyway, many thanks for providing this great software, we really appreciate it and cannot imaging a world without it 😍