@ramnalawade1986/comprehensive-code-analyzer
v0.0.2
Published
A comprehensive TypeScript/JavaScript code analyzer with SonarQube-style quality analysis, security scanning, and GDPR compliance checking
Downloads
7
Maintainers
amit201952Readme
Comprehensive Code Analyzer
A powerful, extensible TypeScript/JavaScript code analyzer that provides SonarQube-style quality analysis, security scanning, and GDPR compliance checking.
Features
🔍 Quality Analysis
- Cyclomatic & Cognitive Complexity - Advanced complexity metrics with configurable thresholds
- Maintainability Index - Halstead-based maintainability scoring
- Technical Debt Assessment - Quantified technical debt in minutes
- Code Duplication Detection - AST-based duplication analysis with refactoring suggestions
- Documentation Coverage - JSDoc analysis with quality scoring
- Naming Convention Validation - Configurable naming rules for functions, classes, variables
🛡️ Security Analysis
- Vulnerability Scanning - Detection of common security vulnerabilities
- Secret Detection - API keys, passwords, and sensitive data detection
- Cryptographic Analysis - Weak encryption and hashing algorithm detection
- Input Validation - SQL injection, XSS, and other injection vulnerabilities
📋 Compliance Checking
- GDPR Compliance - Personal data handling and privacy compliance analysis
- Security Standards - OWASP Top 10 compliance checking
- Industry Standards - Configurable compliance framework support
📊 Quality Gates
- SonarQube-style Gates - Configurable quality thresholds
- Rating System - A-E ratings for complexity, maintainability, and reliability
- Metrics Dashboard - Comprehensive project health metrics
Installation
Global Installation
npm install -g @aitek/comprehensive-code-analyzerProject Installation
npm install --save-dev @aitek/comprehensive-code-analyzerQuick Start
Command Line Usage
# Analyze current directory
code-analyzer analyze .
# Analyze specific files
code-analyzer analyze src/components/*.ts
# Generate HTML report
code-analyzer analyze . --format html --output report.html
# Run specific analyzers only
code-analyzer analyze . --analyzers quality-analyzer,security-analyzer
# Initialize configuration file
code-analyzer initProgrammatic Usage
import { ComprehensiveCodeAnalyzer } from '@aitek/comprehensive-code-analyzer';
const analyzer = new ComprehensiveCodeAnalyzer();
// Analyze files
const report = await analyzer.analyze(['src/**/*.ts'], {
analyzers: ['quality-analyzer', 'security-analyzer'],
format: 'json',
includeMetrics: true
});
console.log(`Found ${report.summary.totalIssues} issues`);
console.log(`Quality Rating: ${report.summary.qualityRating}`);
console.log(`Technical Debt: ${report.summary.technicalDebt} minutes`);Configuration
Create a .code-analyzer.json file in your project root:
{
"analyzers": [
"quality-analyzer",
"security-analyzer",
"vulnerability-scanner",
"gdpr-compliance-analyzer"
],
"include": ["**/*.{ts,js,tsx,jsx}"],
"exclude": ["node_modules/**", "dist/**", "*.test.{ts,js}"],
"thresholds": {
"cyclomaticComplexity": 10,
"cognitiveComplexity": 15,
"maintainabilityIndex": 20,
"technicalDebtRatio": 5,
"duplicatedLinesThreshold": 3
},
"qualityGates": {
"coverage": 80,
"duplicatedLines": 3,
"maintainabilityRating": "C",
"reliabilityRating": "B"
},
"reporting": {
"format": "json",
"includeMetrics": true,
"includeSuggestions": true
}
}Available Analyzers
| Analyzer | Description |
|----------|-------------|
| quality-analyzer | Code quality, complexity, and maintainability analysis |
| security-analyzer | General security vulnerability detection |
| vulnerability-scanner | Known vulnerability and dependency scanning |
| cryptographic-analyzer | Cryptographic implementation analysis |
| secret-detector | Sensitive data and credential detection |
| gdpr-compliance-analyzer | GDPR and privacy compliance checking |
Output Formats
JSON (Default)
code-analyzer analyze . --format json --output report.jsonHTML Report
code-analyzer analyze . --format html --output report.htmlMarkdown
code-analyzer analyze . --format markdown --output report.mdSARIF (Static Analysis Results Interchange Format)
code-analyzer analyze . --format sarif --output report.sarifQuality Metrics
The analyzer provides comprehensive metrics including:
- Cyclomatic Complexity - Measure of code complexity
- Cognitive Complexity - Human-perceived complexity
- Maintainability Index - Overall maintainability score
- Technical Debt - Estimated time to fix issues
- Code Coverage - Test coverage analysis
- Duplication Percentage - Code duplication metrics
- Quality Ratings - A-E ratings for different aspects
Integration
CI/CD Integration
# GitHub Actions
- name: Code Analysis
run: |
npm install -g @aitek/comprehensive-code-analyzer
code-analyzer analyze . --format sarif --output results.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarifPre-commit Hook
{
"husky": {
"hooks": {
"pre-commit": "code-analyzer analyze --analyzers quality-analyzer"
}
}
}VS Code Integration
Add to your VS Code tasks:
{
"version": "2.0.0",
"tasks": [
{
"label": "Analyze Code Quality",
"type": "shell",
"command": "code-analyzer",
"args": ["analyze", ".", "--format", "json"],
"group": "build",
"presentation": {
"echo": true,
"reveal": "always"
}
}
]
}Custom Analyzers
Extend the analyzer with custom rules:
import { BaseAnalyzer, AnalysisResult, ParsedFile } from '@aitek/comprehensive-code-analyzer';
class CustomAnalyzer extends BaseAnalyzer {
readonly id = 'custom-analyzer';
readonly name = 'Custom Rules Analyzer';
readonly description = 'Custom business logic analysis';
async analyze(files: ParsedFile[]): Promise<AnalysisResult> {
const issues = [];
for (const file of files) {
// Your custom analysis logic
if (this.violatesBusinessRule(file)) {
issues.push(this.createIssue(
'Business Rule Violation',
'Custom business rule violated',
file.path,
'Fix according to business requirements'
));
}
}
return this.createAnalysisResult(issues);
}
private violatesBusinessRule(file: ParsedFile): boolean {
// Your custom logic here
return false;
}
}
// Register custom analyzer
const analyzer = new ComprehensiveCodeAnalyzer();
analyzer.registerAnalyzer(new CustomAnalyzer());API Reference
ComprehensiveCodeAnalyzer
Main analyzer class for running analysis.
Methods
analyze(paths: string[], options?: AnalysisOptions): Promise<AnalysisReport>getAvailableAnalyzers(): string[]registerAnalyzer(analyzer: Analyzer): void
AnalysisOptions
Configuration options for analysis.
interface AnalysisOptions {
analyzers?: string[];
filePatterns?: string[];
format?: 'json' | 'html' | 'markdown' | 'sarif';
outputPath?: string;
includeMetrics?: boolean;
includeSuggestions?: boolean;
}AnalysisReport
Analysis results structure.
interface AnalysisReport {
summary: {
totalFiles: number;
totalIssues: number;
criticalIssues: number;
highIssues: number;
mediumIssues: number;
lowIssues: number;
technicalDebt: number;
qualityRating: 'A' | 'B' | 'C' | 'D' | 'E';
};
results: AnalysisResult[];
metrics?: Record<string, any>;
timestamp: string;
version: string;
}Examples
Basic Quality Analysis
# Analyze TypeScript project
code-analyzer analyze src/ --analyzers quality-analyzer
# Generate detailed HTML report
code-analyzer analyze . --format html --output quality-report.htmlSecurity Focused Analysis
# Run security analyzers only
code-analyzer analyze . --analyzers security-analyzer,vulnerability-scanner,secret-detector
# SARIF output for security tools
code-analyzer analyze . --format sarif --output security.sarifGDPR Compliance Check
# Check GDPR compliance
code-analyzer analyze . --analyzers gdpr-compliance-analyzer --format markdown --output gdpr-report.mdCI/CD Pipeline
# Fail build on high-priority issues
code-analyzer analyze . --analyzers quality-analyzer,security-analyzer || exit 1Contributing
- Fork the repository
- Create a feature branch
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
License
MIT License - see LICENSE file for details.
Support
Made with ❤️ by the Aitek Development Team