npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@tvmt/commit-reporter

v1.1.0

Published

AI-powered code review automation with Google Gemini & OpenAI. Analyze commits and generate comprehensive review reports.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

triettrannpmtriettrannpm

Keywords

code-reviewaiautomationgeminiopenaicommitgitstatic-analysissecurityperformance

Readme

@tvmt/commit-reporter

AI-powered code review automation with Google Gemini & OpenAI. Analyze commits and generate comprehensive review reports.

Features

  • 🤖 Three Specialized AI Agents:

    • Code Review Agent: Analyzes code quality, best practices, and potential bugs
    • Security Agent: Scans for security vulnerabilities (OWASP Top 10)
    • Performance Agent: Detects performance anti-patterns with AST analysis

  • 📊 Comprehensive Reports: Generate both Markdown and HTML reports

  • 🔄 Sequential Pipeline: Agents run in sequence, each building on previous findings

  • 🎯 TypeScript/JavaScript Focus: Filters and analyzes only TS/JS files

  • ⚙️ Flexible Configuration: Environment variables and CLI options

  • 🔌 Multiple LLM Providers: Google Gemini & OpenAI support

🚀 Quick Start

Installation

# Global installation (recommended)
npm install -g @tvmt/commit-reporter

# Or use with npx (no installation needed)
npx @tvmt/commit-reporter review

Setup

  1. Create .env file in your project:
# Choose your LLM provider
LLM_PROVIDER=google-genai

# Add your API key
GEMINI_API_KEY=your-api-key-here
# Or for OpenAI
# OPENAI_API_KEY=sk-...
  1. Run review:
commit-reporter review

Installation from Source

# Clone the repository
git clone https://github.com/tranvuminhtriet/code-reviewer.git
cd code-reviewer

# Install dependencies
npm install

# Build
npm run build

# Link globally
npm link

Quick Start

Review a Git Commit

# Review the latest commit
npm run review

# Review a specific commit
npm run review -- --commit abc123

# Review HEAD~1
npm run review -- --commit HEAD~1

Review from a Diff File

# Use the example diff
npm run review -- --file examples/sample-diff.txt

# Use your own diff file
npm run review -- --file path/to/your.diff

Configuration

Environment Variables (.env)

# LLM Provider
LLM_PROVIDER=openai
OPENAI_API_KEY=your-key-here
OPENAI_MODEL=gpt-4-turbo-preview

# Output
OUTPUT_DIR=./reports
OUTPUT_FORMATS=markdown,html

# Agents (set to false to disable)
ENABLE_CODE_REVIEW=true
ENABLE_SECURITY=true
ENABLE_PERFORMANCE=true

CLI Options

code-review review [options]

Options:
  -c, --commit <hash>      Git commit hash (default: "HEAD")
  -f, --file <path>        Diff file path
  --api-key <key>          OpenAI API key (overrides env)
  --model <name>           Model name
  --output <dir>           Output directory
  --format <formats>       Output formats: markdown,html
  --no-code-review         Disable code review agent
  --no-security            Disable security agent
  --no-performance         Disable performance agent
  -h, --help               Display help

Examples

Basic Usage

# Review latest commit with default settings
npm run review

# Output:
# ✓ Parsed 2 file(s): 2 files changed, 30 insertions(+), 5 deletions(-)
# 🤖 Starting AI code review...
# Running Code Review Agent...
# ✓ Code Review: 5 findings
# Running Security Agent...
# ✓ Security: 3 findings
# Running Performance Agent...
# ✓ Performance: 2 findings
# ✅ Review complete!

Custom Configuration

# Only run security and performance agents
npm run review -- --no-code-review

# Use a different model
npm run review -- --model gpt-4

# Output only markdown
npm run review -- --format markdown

# Custom output directory
npm run review -- --output ./my-reports

Review Specific Files

# Create a diff of specific files
git diff HEAD~1 -- src/api/*.ts > my-changes.diff

# Review the diff
npm run review -- --file my-changes.diff

Report Output

Reports are generated in the specified output directory (default: ./reports):

reports/
├── code-review-2024-02-05T10-30-00.md
└── code-review-2024-02-05T10-30-00.html

Report Structure

  1. Summary: Total findings by severity and agent
  2. Token Usage: LLM token consumption
  3. Code Review Findings: Code quality issues
  4. Security Findings: Security vulnerabilities
  5. Performance Findings: Performance issues

Each finding includes:

  • Severity (Critical, High, Medium, Low)
  • Category
  • Description
  • File and line number
  • Suggestion for fix

Architecture

┌─────────────────┐
│  Git Diff       │
│  Parser         │
└────────┬────────┘
         │
         ▼
┌─────────────────┐
│  Code Review    │
│  Agent          │
└────────┬────────┘
         │ (findings)
         ▼
┌─────────────────┐
│  Security       │
│  Agent          │
│  + ESLint       │
└────────┬────────┘
         │ (findings)
         ▼
┌─────────────────┐
│  Performance    │
│  Agent          │
│  + AST Analysis │
└────────┬────────┘
         │ (findings)
         ▼
┌─────────────────┐
│  Report         │
│  Generator      │
│  (MD + HTML)    │
└─────────────────┘

Development

Build

npm run build

Run in Development Mode

npm run dev review -- --file examples/sample-diff.txt

Project Structure

src/
├── agents/           # AI agents
│   ├── base-agent.ts
│   ├── code-review-agent.ts
│   ├── security-agent.ts
│   └── performance-agent.ts
├── llm/              # LLM provider abstraction
│   ├── types.ts
│   ├── provider.ts
│   └── openai-provider.ts
├── parsers/          # Git diff parser
│   ├── types.ts
│   └── git-diff-parser.ts
├── reporters/        # Report generators
│   ├── types.ts
│   ├── base-reporter.ts
│   ├── markdown-reporter.ts
│   └── html-reporter.ts
├── pipeline/         # Orchestration
│   ├── types.ts
│   └── executor.ts
├── config/           # Configuration
│   └── default.ts
└── cli.ts            # CLI entry point

Future Enhancements

Phase 2: Additional LLM Providers

# Anthropic Claude
npm run review -- --provider anthropic --api-key sk-ant-...

# Local Ollama
npm run review -- --provider ollama --model codellama

Phase 3: CI/CD Integration

# .github/workflows/code-review.yml
name: AI Code Review
on: [pull_request]
jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - run: npm install
      - run: npm run review -- --commit ${{ github.event.pull_request.head.sha }}
      - uses: actions/upload-artifact@v3
        with:
          name: code-review-report
          path: reports/

Phase 4: Migration to LangGraph

For more complex workflows, the architecture can be migrated to LangGraph:

import { StateGraph } from '@langchain/langgraph';

const workflow = new StateGraph({...});
workflow
  .addNode('codeReview', codeReviewAgent)
  .addNode('security', securityAgent)
  .addNode('performance', performanceAgent)
  .addEdge('codeReview', 'security')
  .addEdge('codeReview', 'performance');

Troubleshooting

"API key is required" Error

Make sure you have set OPENAI_API_KEY in your .env file or pass it via CLI:

npm run review -- --api-key sk-...

"No TypeScript/JavaScript files found"

The tool only analyzes .ts, .tsx, .js, and .jsx files. Check that your diff contains these file types.

ESLint Errors

If you encounter ESLint parsing errors, the security agent will skip those files and continue with others.

License

MIT

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.