npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

deslopper

v2.1.0

Published

Detect and remove AI-generated code patterns (slop) from your branches or any directory, powered by Claude

Downloads

164

Readme

deslopper

Detect and remove AI-generated code patterns (slop) from your git branches — or any file or directory — powered by Claude.

AI coding assistants often introduce patterns that experienced developers recognize immediately: obvious comments, excessive try-catch blocks, verbose variable names, dead abstractions, and defensive programming overkill. deslopper scans your git diffs (or whole files you point it at) and flags this slop before it accumulates into technical debt — then optionally has Claude clean it up for you.

How it works

deslopper uses a hybrid engine:

  1. Regex pre-pass — a fast, free, offline scan for ~20 well-known slop patterns (debug logs, triple null checks, obvious comments, …). Instant and runs with zero setup.
  2. Claude pass (multi-pass) — deslopper reviews each changed file in its own parallel claude -p call (so attention stays on one file and large diffs aren't truncated), then runs one cross-file integration pass to catch systemic slop a per-file view misses (copy-pasted patterns, duplicated helpers, inconsistent handling). Each per-file pass confirms the regex hits, drops false positives, and finds semantic slop the regex can't see: over-engineering, dead code, awkward naming, swallowed errors, needless indirection.

The per-file passes run with bounded --concurrency (default 4). The Claude pass reuses your existing Claude Code login — no API key or extra dependency required. Don't have Claude Code, or want a pure-regex run? Add --no-ai.

The same engine runs in two modes: against a git diff (default — judges only the changed lines) or over the whole contents of any files/directories you pass (path mode — no git history needed). See Two scan modes.

Installation

npm install -g deslopper

Or use directly with npx:

npx deslopper

Requirements: Node 18+. The Claude pass additionally needs the Claude Code CLI installed and logged in (claude on your PATH). Without it, deslopper automatically falls back to the regex-only engine.

Quick Start

# Hybrid scan of current branch vs main (regex + Claude)
deslopper

# Scan whole files under a path — no diff, no git history needed
deslopper src/
deslopper path/to/file.ts

# Instant regex-only scan — no model call, no cost, works offline
deslopper --no-ai

# Scan against a different base branch
deslopper -b develop

# Detect, then have Claude remove the slop it found
deslopper --fix

# Use a stronger model for deeper analysis
deslopper --model sonnet

# Just the slop score
deslopper score

# Output as JSON for CI integration
deslopper -j

What It Detects

The regex pre-pass catches known stylistic tells:

High Severity

  • Debug console.log statements left in code
  • Function entry/exit logging patterns

Medium Severity

  • Generic TODO placeholders without context
  • Triple null/undefined checks
  • Empty catch blocks that only log errors
  • Excessive function entry/exit logging

Low Severity

  • Verbose obvious comments ("Initialize the variable")
  • Section divider comments
  • Redundant return undefined
  • Explicit boolean comparisons (=== true)
  • Unnecessary try-catch wrappers
  • Promise.all with single promise

The Claude pass goes further, judging the diff in context to catch slop no regex can: unused variables, dead abstractions, over-engineering, bloated naming, error swallowing, and boilerplate a human would write far more tersely — while filtering out the regex pass's false positives.

Run deslopper patterns to see all regex detection rules.

Commands

| Command | Description | |---------|-------------| | deslopper or deslopper scan | Scan changed files for slop (hybrid by default) | | deslopper <path...> | Scan whole files under one or more files/directories | | deslopper patterns | List all regex detection patterns | | deslopper score | Show slop score only (0-100) |

Two scan modes

  • Diff mode (default)deslopper (optionally with -b <base>) reviews only what changed between your branch and the base, judging just the added lines. Best for catching slop before merge.
  • Path modedeslopper <path...> reviews the full contents of every analyzable file under the given files/directories, regardless of git history. Directories are walked recursively, skipping node_modules, dist, .git and the other build dirs. Best for auditing existing code or a repo you didn't write. All other flags (--no-ai, --fix, --model, --max-cost, --concurrency, score) work the same; in path mode --fix edits files in their own repo. Cost scales with the number of files, so --max-cost is handy for large trees.

Options

| Option | Description | |--------|-------------| | -b, --base <branch> | Base branch to compare against (default: main) | | -a, --all | Scan all lines, not just diff additions | | --ai | Force the Claude pass on (errors if claude is missing) | | --no-ai | Regex only — skip Claude (fast, free, offline) | | --fix | Have Claude remove the detected slop (edits files in place) | | --model <model> | Model for the Claude pass (default: haiku; try sonnet for depth) | | --max-cost <usd> | Cap total spend for the scan (stops launching per-file passes once reached) | | --concurrency <n> | Parallel per-file Claude passes (default: 4) | | -j, --json | Output as JSON | | -v, --verbose | Show all matches including low severity, with fix suggestions | | -q, --quiet | Only show summary |

The default model is configurable via the DESLOP_MODEL environment variable.

Cost & Authentication

The Claude pass shells out to claude -p and reuses whatever authentication Claude Code already has — a Pro/Max subscription login, or ANTHROPIC_API_KEY. Nothing extra to configure if you already use Claude Code.

Because each changed file is its own call (plus one cross-file pass), cost scales with the number of files — roughly a few cents per file on the default haiku model. --max-cost caps the total spend for a scan (deslopper stops launching new per-file passes once the budget is reached and tells you which files it skipped); --no-ai spends nothing. --fix runs an additional pass.

Fixing slop

deslopper --fix

deslopper detects the slop, then asks Claude to remove it from the changed files — deleting obvious comments, dead code and debug logging, and simplifying defensive overkill — while preserving behavior and skipping anything risky to change automatically. Edits are applied to your working tree:

git diff                       # review what changed
git checkout -- <file>         # undo a file if you disagree

--fix only acts on Claude-confirmed findings, edits are scoped to the changed files (anything else Claude touches is reverted automatically), and it warns if your tree is dirty so its edits stay easy to review. Commit or stash first for the cleanest diff.

Security

deslopper runs a model over your diff, which may include code from untrusted branches or pull requests. The trust model:

  • Detection is read-only. The Claude pass runs with file-editing and shell tools disabled, so analyzing an untrusted diff cannot modify your machine.
  • --fix is sandboxed. It grants Claude only Read/Edit; Bash, Write, and other tools are explicitly denied (an allow-list alone is not a sandbox in headless mode), edits are confined to the flagged files, and the prompt instructs the model to treat all file content as data, never instructions.

Treat --fix like any tool that edits source: review the diff before committing.

Slop Score

The slop score ranges from 0 to 100:

  • 0-19: Clean code
  • 20-49: Some cleanup needed
  • 50+: Significant slop detected

The score weights issues by severity (high: 10, medium: 5, low: 1) and normalizes per analyzed file so larger PRs don't automatically score worse.

CI Integration

Add deslopper to your pipeline to catch slop before merge.

Fast, deterministic regex gate (no model call, no secrets):

# GitHub Actions example
- name: Check for AI slop
  run: npx deslopper --no-ai --json > slop-report.json

- name: Fail if high severity
  run: |
    if [ $(cat slop-report.json | jq '.bySeverity.high') -gt 0 ]; then
      echo "High severity slop detected"
      exit 1
    fi

Deeper semantic review (set ANTHROPIC_API_KEY as a secret and add --ai):

- name: AI slop review
  env:
    ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
  run: npx deslopper --ai --json > slop-report.json

The CLI exits with code 1 if high severity issues are found.

Programmatic Usage

import { analyzeChangesWithAI, calculateSlopScore, fixSlop } from 'deslopper';

// Hybrid analysis (regex + Claude)
const results = await analyzeChangesWithAI({
  baseBranch: 'main',
  diffOnly: true,
  model: 'haiku',        // optional
});

console.log(`Slop score: ${calculateSlopScore(results)}`);
console.log(`Claude: ${results.ai.summary}`);

for (const file of results.files) {
  for (const match of file.matches) {
    console.log(`${file.filePath}:${match.lineNumber} [${match.source}] ${match.name}`);
    if (match.suggestion) console.log(`  → ${match.suggestion}`);
  }
}

// Or remove the slop
await fixSlop(results, { model: 'sonnet' });

To scan whole files under a path instead of a diff, use analyzePathsWithAI({ paths: ['src'] }) (or the synchronous regex-only analyzePaths({ paths: ['src'] })); both return the same result shape. Prefer the regex-only diff engine (synchronous, no model call)? Import analyzeChanges instead. The low-level runClaude / isClaudeAvailable helpers are also exported.

Patterns Reference

Verbose Obvious Comments

AI often adds comments that state the obvious:

// Bad (AI slop)
// Initialize the result variable
const result = [];

// Good (human style)
const result = [];

Triple Null Checks

AI tends to be overly defensive:

// Bad (AI slop)
if (value !== null && value !== undefined && value !== '') {
  // ...
}

// Good (human style)
if (value) {
  // ...
}

Debug Logging

AI frequently leaves debug statements:

// Bad (AI slop)
console.log('DEBUG: entering function');
console.log('TEMP: value is', value);

// Good (human style)
// No debug logs in production code

Empty Catch Blocks

AI wraps everything in try-catch:

// Bad (AI slop)
try {
  const data = JSON.parse(str);
} catch (error) {
  console.error('Error parsing JSON:', error);
}

// Good (human style - if you need try-catch)
try {
  const data = JSON.parse(str);
} catch (error) {
  throw new ParseError(`Invalid JSON: ${error.message}`);
}

Why "Slop"?

The term "slop" emerged in developer communities to describe AI-generated code that technically works but has telltale signs of non-human origin: over-engineered, overly defensive, excessively commented, and stylistically inconsistent with human-written code.

Slop isn't necessarily buggy - it's just... sloppy. It clutters codebases, obscures intent, and creates maintenance burden. This tool helps you catch it early — and now, with Claude in the loop, it understands the code well enough to tell real slop from the false alarms.

Contributing

Found a slop pattern that should be detected? Open an issue or PR with:

  1. Example of the slop pattern
  2. Why it's typically AI-generated
  3. Suggested regex or detection logic (for the pre-pass), or a description of the semantic signal (for the Claude pass)

Credits

deslopper builds on the original deslop by Nader Dabit — its regex slop-detection engine and CLI scaffold. deslopper adds the hybrid Claude pass, whole-file/directory scanning, the --fix workflow, and budget controls.

License

MIT — © 2026 Nader Dabit (original deslop), © 2026 Ivor Padilla (deslopper).